mirror of
https://github.com/wneessen/go-mail.git
synced 2024-11-15 02:12:55 +01:00
Redact authentication logs
Add a boolean flag `authIsActive` to manage redaction of sensitive authentication information in debug logs. When this flag is true, authentication details are replaced with `<auth redacted>`.
This commit is contained in:
parent
8faac3d101
commit
7acfe8015d
1 changed files with 24 additions and 3 deletions
27
smtp/smtp.go
27
smtp/smtp.go
|
@ -82,7 +82,8 @@ type Client struct {
|
|||
localName string // the name to use in HELO/EHLO
|
||||
|
||||
// logger will be used for debug logging
|
||||
logger log.Logger
|
||||
logger log.Logger
|
||||
authIsActive bool
|
||||
|
||||
// mutex is used to synchronize access to shared resources, ensuring that only one goroutine can access
|
||||
// the resource at a time.
|
||||
|
@ -174,7 +175,12 @@ func (c *Client) Hello(localName string) error {
|
|||
func (c *Client) cmd(expectCode int, format string, args ...interface{}) (int, string, error) {
|
||||
c.mutex.Lock()
|
||||
|
||||
c.debugLog(log.DirClientToServer, format, args...)
|
||||
var logMsg []interface{}
|
||||
logMsg = args
|
||||
if c.authIsActive {
|
||||
logMsg = []interface{}{"<auth redacted>"}
|
||||
}
|
||||
c.debugLog(log.DirClientToServer, format, logMsg...)
|
||||
id, err := c.Text.Cmd(format, args...)
|
||||
if err != nil {
|
||||
c.mutex.Unlock()
|
||||
|
@ -182,7 +188,12 @@ func (c *Client) cmd(expectCode int, format string, args ...interface{}) (int, s
|
|||
}
|
||||
c.Text.StartResponse(id)
|
||||
code, msg, err := c.Text.ReadResponse(expectCode)
|
||||
c.debugLog(log.DirServerToClient, "%d %s", code, msg)
|
||||
|
||||
logMsg = []interface{}{code, msg}
|
||||
if c.authIsActive && code >= 300 {
|
||||
logMsg = []interface{}{code, "<auth redacted>"}
|
||||
}
|
||||
c.debugLog(log.DirServerToClient, "%d %s", logMsg...)
|
||||
c.Text.EndResponse(id)
|
||||
c.mutex.Unlock()
|
||||
return code, msg, err
|
||||
|
@ -256,6 +267,16 @@ func (c *Client) Auth(a Auth) error {
|
|||
if err := c.hello(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
c.mutex.Lock()
|
||||
c.authIsActive = true
|
||||
c.mutex.Unlock()
|
||||
defer func() {
|
||||
c.mutex.Lock()
|
||||
c.authIsActive = false
|
||||
c.mutex.Unlock()
|
||||
}()
|
||||
|
||||
encoding := base64.StdEncoding
|
||||
mech, resp, err := a.Start(&ServerInfo{c.serverName, c.tls, c.auth})
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in a new issue