diff --git a/database/db.go b/database/db.go index 60898405..a06bb5c1 100644 --- a/database/db.go +++ b/database/db.go @@ -48,21 +48,6 @@ func Dialect() string { return db.Dialector.Name() } -var sensitiveConflictFields = map[string]struct{}{ - "uuid": {}, - "password": {}, - "auth": {}, - "subId": {}, -} - -// redactConflictValues masks values for credential-bearing merge fields so -// they never reach plain-text logs. Non-sensitive fields pass through. -func redactConflictValues(x model.ClientMergeConflict) (oldV, newV, keptV any) { - if _, sensitive := sensitiveConflictFields[x.Field]; sensitive { - return "", "", "" - } - return x.Old, x.New, x.Kept -} const ( defaultUsername = "admin" @@ -265,9 +250,8 @@ func seedClientsFromInboundJSON() error { } else { conflicts := model.MergeClientRecord(row, incoming) for _, x := range conflicts { - oldV, newV, keptV := redactConflictValues(x) log.Printf("client merge: email=%s conflict on %s old=%v new=%v kept=%v", - email, x.Field, oldV, newV, keptV) + email, x.Field, x.Old, x.New, x.Kept) } if err := tx.Save(row).Error; err != nil { return err diff --git a/database/model/model.go b/database/model/model.go index e0ed73db..7128645e 100644 --- a/database/model/model.go +++ b/database/model/model.go @@ -464,28 +464,30 @@ func MergeClientRecord(existing *ClientRecord, incoming *ClientRecord) []ClientM keep := func(field string, oldV, newV, kept any) { conflicts = append(conflicts, ClientMergeConflict{Field: field, Old: oldV, New: newV, Kept: kept}) } + const redacted = "" + keepSecret := func(field string) { + conflicts = append(conflicts, ClientMergeConflict{Field: field, Old: redacted, New: redacted, Kept: redacted}) + } incomingNewer := incoming.UpdatedAt > existing.UpdatedAt || (incoming.UpdatedAt == existing.UpdatedAt && incoming.CreatedAt > existing.CreatedAt) if existing.UUID != incoming.UUID && incoming.UUID != "" { if incomingNewer || existing.UUID == "" { - keep("uuid", existing.UUID, incoming.UUID, incoming.UUID) existing.UUID = incoming.UUID - } else { - keep("uuid", existing.UUID, incoming.UUID, existing.UUID) } + keepSecret("uuid") } if existing.Password != incoming.Password && incoming.Password != "" { if incomingNewer || existing.Password == "" { - keep("password", existing.Password, incoming.Password, incoming.Password) existing.Password = incoming.Password + keepSecret("password") } } if existing.Auth != incoming.Auth && incoming.Auth != "" { if incomingNewer || existing.Auth == "" { - keep("auth", existing.Auth, incoming.Auth, incoming.Auth) existing.Auth = incoming.Auth + keepSecret("auth") } } if existing.Flow != incoming.Flow && incoming.Flow != "" { @@ -502,8 +504,8 @@ func MergeClientRecord(existing *ClientRecord, incoming *ClientRecord) []ClientM } if existing.SubID != incoming.SubID && incoming.SubID != "" { if incomingNewer || existing.SubID == "" { - keep("subId", existing.SubID, incoming.SubID, incoming.SubID) existing.SubID = incoming.SubID + keepSecret("subId") } } if existing.TotalGB != incoming.TotalGB { diff --git a/web/service/client.go b/web/service/client.go index d8dbb90b..43689d95 100644 --- a/web/service/client.go +++ b/web/service/client.go @@ -6,7 +6,6 @@ import ( "encoding/json" "errors" "fmt" - "math" "strings" "sync" "time" @@ -48,7 +47,8 @@ func (c ClientWithAttachments) MarshalJSON() ([]byte, error) { if len(rec) < 2 || rec[len(rec)-1] != '}' || len(extra) <= 2 { return rec, nil } - if len(extra) > math.MaxInt-len(rec) { + const maxMarshalSize = 256 << 20 + if len(rec) > maxMarshalSize || len(extra) > maxMarshalSize { return rec, nil } out := make([]byte, 0, len(rec)+len(extra))