diff --git a/lib/filterURLPassword.js b/lib/filterURLPassword.js new file mode 100644 index 0000000..8e618df --- /dev/null +++ b/lib/filterURLPassword.js @@ -0,0 +1,23 @@ +'use strict'; + +const semver = require('semver'); + +/** + * filter the auth of url string + * @param {URL} input url + * @param {String} version version string from `process.version` + * @return {String} filtered url + */ +module.exports = function filterURLPassword(input, version) { + if (semver.lt(version, '6.13.0')) { + const urlTool = require('url'); + const url = urlTool.parse(input); + url.password = '*****'; + url.auth = url.auth && (url.auth.split(':')[0] + ':*****'); + return urlTool.format(url); + } + const { URL } = require('url'); + const url = new URL(input); + url.password = '*****'; + return url.toString(); +}; diff --git a/lib/mongoose.js b/lib/mongoose.js index 34838a8..bbd4325 100644 --- a/lib/mongoose.js +++ b/lib/mongoose.js @@ -4,6 +4,7 @@ const assert = require('assert'); const path = require('path'); const mongoose = require('mongoose'); const awaitFirst = require('await-first'); +const filterURLPassword = require('./filterURLPassword'); let count = 0; @@ -47,6 +48,7 @@ module.exports = app => { function createOneClient(config, app) { const { url, options } = config; + const filteredURL = filterURLPassword(url, process.version); assert(url, '[egg-mongoose] url is required on config'); @@ -56,7 +58,7 @@ function createOneClient(config, app) { if (!options.hasOwnProperty('useNewUrlParser')) { options.useNewUrlParser = true; } - app.coreLogger.info('[egg-mongoose] connecting %s', url); + app.coreLogger.info('[egg-mongoose] connecting %s', filteredURL); const db = mongoose.createConnection(url, options); @@ -68,16 +70,16 @@ function createOneClient(config, app) { /* istanbul ignore next */ db.on('disconnected', () => { - app.coreLogger.error(`[egg-mongoose] ${url} disconnected`); + app.coreLogger.error(`[egg-mongoose] ${filteredURL} disconnected`); }); db.on('connected', () => { - app.coreLogger.info(`[egg-mongoose] ${url} connected successfully`); + app.coreLogger.info(`[egg-mongoose] ${filteredURL} connected successfully`); }); /* istanbul ignore next */ db.on('reconnected', () => { - app.coreLogger.info(`[egg-mongoose] ${url} reconnected successfully`); + app.coreLogger.info(`[egg-mongoose] ${filteredURL} reconnected successfully`); }); app.beforeStart(function* () { diff --git a/package.json b/package.json index 5e95bf2..c79b019 100644 --- a/package.json +++ b/package.json @@ -15,7 +15,8 @@ "dependencies": { "@types/mongoose": "^5.3.24", "await-first": "^1.0.0", - "mongoose": "^5.4.20" + "mongoose": "^5.4.20", + "semver": "^6.0.0" }, "devDependencies": { "autod": "^3.0.1", diff --git a/test/mongoose.test.js b/test/mongoose.test.js index 99220df..66138c6 100644 --- a/test/mongoose.test.js +++ b/test/mongoose.test.js @@ -79,6 +79,17 @@ describe('test/mongoose.test.js', () => { const query = app.model.User.findOne({}); assert.equal(query.exec().constructor, Promise); }); + + it('should filter password of url', () => { + const filterURLPassword = require('../lib/filterURLPassword'); + const url = 'https://abc:xyz@example.com/'; + const outputV10 = filterURLPassword(url, 'v10.0.0'); + assert.equal(outputV10, 'https://abc:*****@example.com/'); + const outputV8 = filterURLPassword(url, 'v8.0.0'); + assert.equal(outputV8, 'https://abc:*****@example.com/'); + const outputV6 = filterURLPassword(url, 'v6.0.0'); + assert.equal(outputV6, 'https://abc:*****@example.com/'); + }); }); describe('custom promise', () => {