refactor(config): update config structures to use strutils.Redacted for sensitive fields

- Modified Config structs in various packages to replace string fields with strutils.Redacted to prevent logging sensitive information. - Updated serialization methods to accommodate new data types. - Adjusted API token handling in Proxmox configuration.
2025-12-05 18:57:34 -06:00 · 2025-12-05 18:26:16 +08:00
parent e41a487371
commit 09caa888ad
7 changed files with 38 additions and 18 deletions
--- a/2
+++ b/2
--- a/internal/autocert/config.go
+++ b/internal/autocert/config.go
@@ -16,16 +16,17 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/yusing/godoxy/internal/common"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )

 type Config struct {
-	Email       string         `json:"email,omitempty"`
-	Domains     []string       `json:"domains,omitempty"`
-	CertPath    string         `json:"cert_path,omitempty"`
-	KeyPath     string         `json:"key_path,omitempty"`
-	ACMEKeyPath string         `json:"acme_key_path,omitempty"`
-	Provider    string         `json:"provider,omitempty"`
-	Options     map[string]any `json:"options,omitempty"`
+	Email       string                       `json:"email,omitempty"`
+	Domains     []string                     `json:"domains,omitempty"`
+	CertPath    string                       `json:"cert_path,omitempty"`
+	KeyPath     string                       `json:"key_path,omitempty"`
+	ACMEKeyPath string                       `json:"acme_key_path,omitempty"`
+	Provider    string                       `json:"provider,omitempty"`
+	Options     map[string]strutils.Redacted `json:"options,omitempty"`

 	Resolvers []string `json:"resolvers,omitempty"`

--- a/internal/autocert/providers.go
+++ b/internal/autocert/providers.go
@@ -4,9 +4,10 @@ import (
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/yusing/godoxy/internal/serialization"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )

-type Generator func(map[string]any) (challenge.Provider, gperr.Error)
+type Generator func(map[string]strutils.Redacted) (challenge.Provider, gperr.Error)

 var Providers = make(map[string]Generator)

@@ -14,10 +15,10 @@ func DNSProvider[CT any, PT challenge.Provider](
 	defaultCfg func() *CT,
 	newProvider func(*CT) (PT, error),
 ) Generator {
-	return func(opt map[string]any) (challenge.Provider, gperr.Error) {
+	return func(opt map[string]strutils.Redacted) (challenge.Provider, gperr.Error) {
 		cfg := defaultCfg()
 		if len(opt) > 0 {
-			err := serialization.MapUnmarshalValidate(opt, &cfg)
+			err := serialization.MapUnmarshalValidate(serialization.ToSerializedObject(opt), &cfg)
 			if err != nil {
 				return nil, err
 			}
--- a/internal/maxmind/maxmind.go
+++ b/internal/maxmind/maxmind.go
@@ -178,7 +178,7 @@ func (cfg *MaxMind) doReq(method string) (*http.Response, error) {
 	if err != nil {
 		return nil, err
 	}
-	req.SetBasicAuth(cfg.AccountID, cfg.LicenseKey)
+	req.SetBasicAuth(cfg.AccountID, cfg.LicenseKey.String())
 	resp, err := doReq(req)
 	if err != nil {
 		return nil, err
--- a/internal/maxmind/types/config.go
+++ b/internal/maxmind/types/config.go
@@ -4,14 +4,15 @@ import (
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )

 type (
 	DatabaseType string
 	Config       struct {
-		AccountID  string       `json:"account_id" validate:"required"`
-		LicenseKey string       `json:"license_key" validate:"required"`
-		Database   DatabaseType `json:"database" validate:"omitempty,oneof=geolite geoip2"`
+		AccountID  string            `json:"account_id" validate:"required"`
+		LicenseKey strutils.Redacted `json:"license_key" validate:"required"`
+		Database   DatabaseType      `json:"database" validate:"omitempty,oneof=geolite geoip2"`
 	}
 )

--- a/internal/proxmox/config.go
+++ b/internal/proxmox/config.go
@@ -11,13 +11,14 @@ import (
 	"github.com/luthermonson/go-proxmox"
 	"github.com/yusing/godoxy/internal/net/gphttp"
 	gperr "github.com/yusing/goutils/errs"
+	strutils "github.com/yusing/goutils/strings"
 )

 type Config struct {
 	URL string `json:"url" validate:"required,url"`

-	TokenID string `json:"token_id" validate:"required"`
-	Secret  string `json:"secret" validate:"required"`
+	TokenID string            `json:"token_id" validate:"required"`
+	Secret  strutils.Redacted `json:"secret" validate:"required"`

 	NoTLSVerify bool `json:"no_tls_verify" yaml:"no_tls_verify,omitempty"`

@@ -48,7 +49,7 @@ func (c *Config) Init() gperr.Error {
 	}

 	opts := []proxmox.Option{
-		proxmox.WithAPIToken(c.TokenID, c.Secret),
+		proxmox.WithAPIToken(c.TokenID, c.Secret.String()),
 		proxmox.WithHTTPClient(&http.Client{
 			Transport: tr,
 		}),
--- a/internal/serialization/serialization.go
+++ b/internal/serialization/serialization.go
@@ -21,6 +21,22 @@ import (

 type SerializedObject = map[string]any

+// ToSerializedObject converts a map[string]VT to a SerializedObject.
+func ToSerializedObject[VT any](m map[string]VT) SerializedObject {
+	so := make(SerializedObject, len(m))
+	for k, v := range m {
+		so[k] = v
+	}
+	return so
+}
+
+func init() {
+	strutils.SetJSONMarshaler(sonic.Marshal)
+	strutils.SetJSONUnmarshaler(sonic.Unmarshal)
+	strutils.SetYAMLMarshaler(yaml.Marshal)
+	strutils.SetYAMLUnmarshaler(yaml.Unmarshal)
+}
+
 type MapUnmarshaller interface {
 	UnmarshalMap(m map[string]any) gperr.Error
 }