fix: hide password of mongo url (#32)

* Add URL Mask Package * Add URL Mask To Filter Mongo URL * Setup URL Mask Only Filter Password * Add New Feature filterURLPassword /lib/filterURLPassword.js add new .js file /lib/mongoose.js replace the url-mask to filterURLPassword /test/mongoose.test.js add testing * Lint Code * backwards compatibility to node.js v6.13.0 * Add semver Package, Use legacy API url.parse If version less than 6.13.0 * Refactor filterURLPassword
eggjs · May 4, 2019 · 441b6fc · 441b6fc
1 parent 0c15d08
commit 441b6fc
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 5 deletions.
diff --git a/lib/filterURLPassword.js b/lib/filterURLPassword.js
@@ -0,0 +1,23 @@
+'use strict';
+
+const semver = require('semver');
+
+/**
+ * filter the auth of url string
+ * @param {URL} input url
+ * @param {String} version version string from `process.version`
+ * @return {String} filtered url
+ */
+module.exports = function filterURLPassword(input, version) {
+  if (semver.lt(version, '6.13.0')) {
+    const urlTool = require('url');
+    const url = urlTool.parse(input);
+    url.password = '*****';
+    url.auth = url.auth && (url.auth.split(':')[0] + ':*****');
+    return urlTool.format(url);
+  }
+  const { URL } = require('url');
+  const url = new URL(input);
+  url.password = '*****';
+  return url.toString();
+};
diff --git a/lib/mongoose.js b/lib/mongoose.js
@@ -4,6 +4,7 @@ const assert = require('assert');
 const path = require('path');
 const mongoose = require('mongoose');
 const awaitFirst = require('await-first');
+const filterURLPassword = require('./filterURLPassword');
 
 let count = 0;
 
@@ -47,6 +48,7 @@ module.exports = app => {
 
 function createOneClient(config, app) {
   const { url, options } = config;
+  const filteredURL = filterURLPassword(url, process.version);
 
   assert(url, '[egg-mongoose] url is required on config');
 
@@ -56,7 +58,7 @@ function createOneClient(config, app) {
   if (!options.hasOwnProperty('useNewUrlParser')) {
     options.useNewUrlParser = true;
   }
-  app.coreLogger.info('[egg-mongoose] connecting %s', url);
+  app.coreLogger.info('[egg-mongoose] connecting %s', filteredURL);
 
   const db = mongoose.createConnection(url, options);
 
@@ -68,16 +70,16 @@ function createOneClient(config, app) {
 
   /* istanbul ignore next */
   db.on('disconnected', () => {
-    app.coreLogger.error(`[egg-mongoose] ${url} disconnected`);
+    app.coreLogger.error(`[egg-mongoose] ${filteredURL} disconnected`);
   });
 
   db.on('connected', () => {
-    app.coreLogger.info(`[egg-mongoose] ${url} connected successfully`);
+    app.coreLogger.info(`[egg-mongoose] ${filteredURL} connected successfully`);
   });
 
   /* istanbul ignore next */
   db.on('reconnected', () => {
-    app.coreLogger.info(`[egg-mongoose] ${url} reconnected successfully`);
+    app.coreLogger.info(`[egg-mongoose] ${filteredURL} reconnected successfully`);
   });
 
   app.beforeStart(function* () {

diff --git a/package.json b/package.json
@@ -15,7 +15,8 @@
   "dependencies": {
     "@types/mongoose": "^5.3.24",
     "await-first": "^1.0.0",
-    "mongoose": "^5.4.20"
+    "mongoose": "^5.4.20",
+    "semver": "^6.0.0"
   },
   "devDependencies": {
     "autod": "^3.0.1",

diff --git a/test/mongoose.test.js b/test/mongoose.test.js
@@ -79,6 +79,17 @@ describe('test/mongoose.test.js', () => {
       const query = app.model.User.findOne({});
       assert.equal(query.exec().constructor, Promise);
     });
+
+    it('should filter password of url', () => {
+      const filterURLPassword = require('../lib/filterURLPassword');
+      const url = 'https://abc:[email protected]/';
+      const outputV10 = filterURLPassword(url, 'v10.0.0');
+      assert.equal(outputV10, 'https://abc:*****@example.com/');
+      const outputV8 = filterURLPassword(url, 'v8.0.0');
+      assert.equal(outputV8, 'https://abc:*****@example.com/');
+      const outputV6 = filterURLPassword(url, 'v6.0.0');
+      assert.equal(outputV6, 'https://abc:*****@example.com/');
+    });
   });
 
   describe('custom promise', () => {