From 9d014087f4031061228e1d7e73242a5604142fb7 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Wed, 23 Jun 2021 00:04:11 +0200
Subject: [PATCH] censor passwords in logs

---
 copyparty/authsrv.py | 3 +++
 copyparty/httpcli.py | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py
index ff5bed66..b1081df9 100644
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -693,6 +693,9 @@ class AuthSrv(object):
             self.user = user
             self.iuser = {v: k for k, v in user.items()}
 
+            pwds = [re.escape(x) for x in self.iuser.keys()]
+            self.re_pwd = re.compile("=(" + "|".join(pwds) + ")([]&; ]|$)")
+
         # import pprint
         # pprint.pprint({"usr": user, "rd": mread, "wr": mwrite, "mnt": mount})
 
diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py
index 6b37bc6b..36f747f9 100644
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -54,8 +54,16 @@ class HttpCli(object):
         self.out_headers = {"Access-Control-Allow-Origin": "*"}
 
     def log(self, msg, c=0):
+        ptn = self.asrv.re_pwd
+        if ptn.search(msg):
+            msg = ptn.sub(self.unpwd, msg)
+
         self.log_func(self.log_src, msg, c)
 
+    def unpwd(self, m):
+        a, b = m.groups()
+        return "=\033[7m {} \033[27m{}".format(self.asrv.iuser[a], b)
+
     def _check_nonfatal(self, ex):
         return ex.code < 400 or ex.code in [404, 429]