chore: bump app version to v0.5.2 and improve logging by masking sensitive information in API requests and responses

2025-03-15 19:21:00 +01:00 · 2025-03-15 19:21:00 +01:00 · ff26110cff
commit ff26110cff
parent 67882bc3b6
3 changed files with 16 additions and 11 deletions
--- a/ci/metadata.yaml
+++ b/ci/metadata.yaml
@ -1 +1 @@
-appVersion: v0.5.1
+appVersion: v0.5.2
--- a/src/internal/client/domeneshop.go
+++ b/src/internal/client/domeneshop.go
@ -101,7 +101,18 @@ func (c *Client) Request(method string, endpoint string, reqBody []byte, v inter
 	}

 	if logLevel == "debug" {
-		log.Printf("Making request with headers: %v", req.Header)
+		// Make a copy of the headers to mask sensitive information
+		safeHeaders := make(http.Header)
+		for k, v := range req.Header {
+			safeHeaders[k] = v
+		}
+
+		// Remove sensitive headers entirely from logs
+		if _, exists := safeHeaders["Authorization"]; exists {
+			safeHeaders.Set("Authorization", "[REDACTED]")
+		}
+
+		log.Printf("Making request with headers: %v", safeHeaders)
 	}

 	resp, err := c.http.Do(req)
@ -124,11 +135,8 @@ func (c *Client) Request(method string, endpoint string, reqBody []byte, v inter
 	if logLevel == "debug" {
 		log.Printf("API response status: %s", resp.Status)
 		if len(respBody) > 0 {
-			shortBody := respBody
-			if len(shortBody) > 500 {
-				shortBody = shortBody[:500]
-			}
-			log.Printf("API response body (truncated): %s", string(shortBody))
+			// For security, don't log the API response content
+			log.Printf("Received API response (%d bytes)", len(respBody))
 		}
 	}

--- a/src/main.go
+++ b/src/main.go
@ -235,8 +235,5 @@ func main() {

 // Helper function to mask secrets in logs
 func maskSecret(secret string) string {
-	if len(secret) <= 4 {
-		return "****"
-	}
-	return secret[:2] + "****" + secret[len(secret)-2:]
+	return "[REDACTED]"
 }