Skip to content

Commit

Permalink
Removing web credentials from debug log (#2072)
Browse files Browse the repository at this point in the history
* Hashing web credentials

* Fix syntactic error

* Using strong cryptogrpahic primitive

* Entirely removing credentials

* Removing unused constant

* Removing redundant formatting parameters
  • Loading branch information
pkaramol authored Feb 17, 2022
1 parent 60a168d commit 6248472
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions server/middleware.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,12 @@ func (l *RequestLogger) ServeHTTP(rw http.ResponseWriter, r *http.Request, next
user, pass, ok := r.BasicAuth()
if ok {
r.SetBasicAuth(user, pass)
l.logger.Debug("user: %s / pass: %s >> url: %s", user, pass, r.URL.RequestURI())
if user == l.WebUsername && pass == l.WebPassword {
l.logger.Debug("[VALID] user: %s / pass: %s >> url: %s", user, pass, r.URL.RequestURI())
l.logger.Debug("[VALID] log in: >> url: %s", r.URL.RequestURI())
allowed = true
} else {
allowed = false
l.logger.Info("[INVALID] user: %s / pass: %s >> url: %s", user, pass, r.URL.RequestURI())
l.logger.Info("[INVALID] log in attempt: >> url: %s", r.URL.RequestURI())
}
}
}
Expand Down

0 comments on commit 6248472

Please sign in to comment.