SEC-331: cut secrets from logs (#61)

* SEC-331: cut secrets from logs * SEC-331: fix format --------- Co-authored-by: anatoliy.losev <losto@nix>
2024-11-06 02:35:18 +00:00 · 2023-06-14 15:22:59 +03:00 · 2023-06-14 15:22:59 +03:00 · e6be6ad6e3
commit e6be6ad6e3
parent 191f80e41c
21 changed files with 111 additions and 30 deletions
--- a/.gitignore
+++ b/.gitignore
@ -15,3 +15,4 @@ rebar3.crashdump
 # make stuff
 /.image.*
 Makefile.env
+*.iml
--- a/apps/ff_claim/test/ff_claim_SUITE.erl
+++ b/apps/ff_claim/test/ff_claim_SUITE.erl
@ -186,7 +186,7 @@ call_service(Fun, Args) ->
    Request = {Service, Fun, Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022/v1/claim_committer">>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).

--- a/apps/ff_cth/src/ct_eventsink.erl
+++ b/apps/ff_cth/src/ct_eventsink.erl
@ -89,6 +89,6 @@ call_handler(Function, ServiceName, Args) ->
    Request = {Service, Function, Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022", Path/binary>>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).
--- a/apps/ff_cth/src/ct_helper.erl
+++ b/apps/ff_cth/src/ct_helper.erl
@ -91,7 +91,7 @@ start_app(dmt_client = AppName) ->
                memory => 52428800
            }},
            {woody_event_handlers, [
-                {scoper_woody_event_handler, #{}}
+                {ff_woody_event_handler, #{}}
            ]},
            {service_urls, #{
                'Repository' => <<"http://dominant:8022/v1/domain/repository">>,
@ -110,7 +110,7 @@ start_app(party_client = AppName) ->
                cache_mode => safe,
                options => #{
                    woody_client => #{
-                        event_handler => {scoper_woody_event_handler, #{}}
+                        event_handler => {ff_woody_event_handler, #{}}
                    }
                }
            }}
--- a/apps/ff_cth/src/ct_payment_system.erl
+++ b/apps/ff_cth/src/ct_payment_system.erl
@ -123,7 +123,7 @@ start_processing_apps(Options) ->
                        {{binbase_binbase_thrift, 'Binbase'}, {ff_ct_binbase_handler, []}}
                    }
                ],
-                event_handler => scoper_woody_event_handler
+                event_handler => ff_woody_event_handler
            }
        )
    ),
--- a/apps/ff_server/src/ff_server.erl
+++ b/apps/ff_server/src/ff_server.erl
@ -64,7 +64,7 @@ init([]) ->
    {ok, Ip} = inet:parse_address(IpEnv),
    WoodyOpts = maps:with([net_opts, handler_limits], WoodyOptsEnv),
    EventHandlerOpts = genlib_app:env(?MODULE, scoper_event_handler_options, #{}),
-    RouteOpts = RouteOptsEnv#{event_handler => {scoper_woody_event_handler, EventHandlerOpts}},
+    RouteOpts = RouteOptsEnv#{event_handler => {ff_woody_event_handler, EventHandlerOpts}},

    % TODO
    %  - Make it palatable
@ -109,7 +109,7 @@ init([]) ->
                ip => Ip,
                port => Port,
                handlers => WoodyHandlers,
-                event_handler => scoper_woody_event_handler,
+                event_handler => ff_woody_event_handler,
                additional_routes =>
                    get_prometheus_routes() ++
                    machinery_mg_backend:get_routes(MachineHandlers, RouteOpts) ++
--- a/apps/ff_server/src/ff_withdrawal_machinery_schema.erl
+++ b/apps/ff_server/src/ff_withdrawal_machinery_schema.erl
@ -256,7 +256,7 @@ maybe_migrate_route(Route) when is_map_key(adapter, Route) ->
    #{
        adapter := #{
            url := Url,
-            event_handler := scoper_woody_event_handler
+            event_handler := ff_woody_event_handler
        },
        adapter_opts := #{}
    } = Route,
@ -396,7 +396,7 @@ created_v0_0_without_provider_migration_test() ->
                                        {arr, [
                                            {str, <<"map">>},
                                            {obj, #{
-                                                {str, <<"event_handler">>} => {str, <<"scoper_woody_event_handler">>},
+                                                {str, <<"event_handler">>} => {str, <<"ff_woody_event_handler">>},
                                                {str, <<"url">>} =>
                                                    {bin,
                                                        <<"http://proxy-mocketbank:8022/proxy/mocketbank/p2p-credit">>}
--- a/apps/ff_server/src/ff_withdrawal_session_machinery_schema.erl
+++ b/apps/ff_server/src/ff_withdrawal_session_machinery_schema.erl
@ -171,7 +171,7 @@ maybe_migrate({created, #{version := 2} = Session}, Context) when not is_map_key
    } = Session,
    #{
        url := Url,
-        event_handler := scoper_woody_event_handler
+        event_handler := ff_woody_event_handler
    } = Client,
    LegacyUrls = #{
        <<"http://adapter-royalpay:8022/adapter/royalpay/p2p-credit">> => <<"royalpay">>,
@ -788,7 +788,7 @@ created_v0_unknown_with_binary_provider_decoding_test() ->
                                {arr, [
                                    {str, <<"map">>},
                                    {obj, #{
-                                        {str, <<"event_handler">>} => {str, <<"scoper_woody_event_handler">>},
+                                        {str, <<"event_handler">>} => {str, <<"ff_woody_event_handler">>},
                                        {str, <<"url">>} =>
                                            {bin, <<"http://adapter-royalpay:8022/adapter/royalpay/p2p-credit">>}
                                    }}
@ -951,7 +951,7 @@ created_v0_unknown_without_provider_decoding_test() ->
                                {arr, [
                                    {str, <<"map">>},
                                    {obj, #{
-                                        {str, <<"event_handler">>} => {str, <<"scoper_woody_event_handler">>},
+                                        {str, <<"event_handler">>} => {str, <<"ff_woody_event_handler">>},
                                        {str, <<"url">>} =>
                                            {bin, <<"http://proxy-mocketbank:8022/proxy/mocketbank/p2p-credit">>}
                                    }}
--- a/apps/ff_server/src/ff_woody_event_handler.erl
+++ b/apps/ff_server/src/ff_woody_event_handler.erl
@ -0,0 +1,80 @@
+-module(ff_woody_event_handler).
+
+-behaviour(woody_event_handler).
+
+%% woody_event_handler behaviour callbacks
+-export([handle_event/4]).
+
+-spec handle_event(Event, RpcId, Meta, Opts) -> ok when
+    Event :: woody_event_handler:event(),
+    RpcId :: woody:rpc_id() | undefined,
+    Meta :: woody_event_handler:event_meta(),
+    Opts :: woody:options().
+handle_event(Event, RpcID, RawMeta, Opts) ->
+    FilteredMeta = filter_meta(RawMeta),
+    scoper_woody_event_handler:handle_event(Event, RpcID, FilteredMeta, Opts).
+
+filter_meta(RawMeta) ->
+    maps:map(fun do_filter_meta/2, RawMeta).
+
+do_filter_meta(args, Args) ->
+    filter(Args);
+do_filter_meta(_Key, Value) ->
+    Value.
+
+%% common
+filter(L) when is_list(L) ->
+    [filter(E) || E <- L];
+filter(T) when is_tuple(T) ->
+    list_to_tuple(filter(tuple_to_list(T)));
+filter(M) when is_map(M) ->
+    genlib_map:truemap(fun(K, V) -> {filter(K), filter(V)} end, maps:without([<<"api-key">>, <<"secret-key">>], M));
+%% default
+filter(V) ->
+    V.
+
+-ifdef(TEST).
+
+-include_lib("eunit/include/eunit.hrl").
+
+-define(ARG1, {
+    wthd_provider_Withdrawal,
+    <<"1686225855930826">>,
+    <<"1686225855930826/1">>,
+    {wthd_provider_Cash, 4240, {domain_Currency, <<"Russian Ruble">>, <<"RUB">>, 643, 2}},
+    {bank_card,
+        {domain_BankCard, <<"4150399999000900">>, {domain_PaymentSystemRef, <<"VISA">>}, <<"415039">>,
+            <<"****************">>, undefined, undefined, rus, undefined, undefined, undefined,
+            {domain_BankCardExpDate, 12, 2025}, <<"ct_cardholder_name">>, undefined}},
+    undefined,
+    {wthd_domain_Identity, <<"gj9Cn2gOglBQ0aso4jcsiEc38tS">>, undefined, [], [{phone_number, <<"9876543210">>}]},
+    {wthd_domain_Identity, <<"gj9Cn2gOglBQ0aso4jcsiEc38tS">>, undefined, [], [{phone_number, <<"9876543210">>}]},
+    undefined
+}).
+
+-spec test() -> _.
+
+-spec filter_secrets_from_opts_test_() -> _.
+filter_secrets_from_opts_test_() ->
+    [
+        ?_assertEqual(
+            #{
+                args => {?ARG1, {nl, {msgpack_nil}}, #{}},
+                role => client,
+                service => 'Adapter'
+            },
+            filter_meta(
+                #{
+                    args => {
+                        ?ARG1,
+                        {nl, {msgpack_nil}},
+                        #{<<"api-key">> => <<"secret">>, <<"secret-key">> => <<"secret">>}
+                    },
+                    role => client,
+                    service => 'Adapter'
+                }
+            )
+        )
+    ].
+
+-endif.
--- a/apps/ff_server/test/ff_destination_handler_SUITE.erl
+++ b/apps/ff_server/test/ff_destination_handler_SUITE.erl
@ -213,7 +213,7 @@ call_service(Fun, Args) ->
    Request = {Service, Fun, Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022/v1/destination">>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).

--- a/apps/ff_server/test/ff_eventsink_SUITE.erl
+++ b/apps/ff_server/test/ff_eventsink_SUITE.erl
@ -238,7 +238,7 @@ get_shifted_create_identity_events_ok(C) ->
                ip => {0, 0, 0, 0},
                port => 8040,
                handlers => [],
-                event_handler => scoper_woody_event_handler,
+                event_handler => ff_woody_event_handler,
                additional_routes => IdentityRoute
            }
        )
@ -456,7 +456,7 @@ call_handler(Function, ServiceName, Args, Port) ->
    Request = {Service, Function, Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:", Port/binary, Path/binary>>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).

@ -465,7 +465,7 @@ create_sink_route(ServiceName, {Handler, Cfg}) ->
    Path = ff_services:get_service_path(ServiceName),
    NewCfg = Cfg#{
        client => #{
-            event_handler => scoper_woody_event_handler,
+            event_handler => ff_woody_event_handler,
            url => "http://machinegun:8022/v1/event_sink"
        }
    },
@ -477,7 +477,7 @@ create_sink_route(ServiceName, {Handler, Cfg}) ->
    woody_server_thrift_http_handler:get_routes(
        genlib_map:compact(#{
            handlers => [{Path, {Service, {ff_woody_wrapper, WrapperOptions}}}],
-            event_handler => scoper_woody_event_handler
+            event_handler => ff_woody_event_handler
        })
    ).

--- a/apps/ff_server/test/ff_identity_handler_SUITE.erl
+++ b/apps/ff_server/test/ff_identity_handler_SUITE.erl
@ -144,7 +144,7 @@ call_api(Fun, Args) ->
    Request = {Service, Fun, Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022/v1/identity">>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).

--- a/apps/ff_server/test/ff_provider_handler_SUITE.erl
+++ b/apps/ff_server/test/ff_provider_handler_SUITE.erl
@ -95,6 +95,6 @@ call_service(Fun, Args) ->
    Request = {Service, Fun, Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022", Path/binary>>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).
--- a/apps/ff_server/test/ff_source_handler_SUITE.erl
+++ b/apps/ff_server/test/ff_source_handler_SUITE.erl
@ -165,7 +165,7 @@ call_service(Fun, Args) ->
    Request = {Service, Fun, Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022/v1/source">>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).

--- a/apps/ff_server/test/ff_wallet_handler_SUITE.erl
+++ b/apps/ff_server/test/ff_wallet_handler_SUITE.erl
@ -177,7 +177,7 @@ call_service(Fun, Args) ->
    Request = {Service, Fun, Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022/v1/wallet">>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).

--- a/apps/ff_server/test/ff_withdrawal_session_repair_SUITE.erl
+++ b/apps/ff_server/test/ff_withdrawal_session_repair_SUITE.erl
@ -197,6 +197,6 @@ call_repair(Args) ->
    Request = {Service, 'Repair', Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022/v1/repair/withdrawal/session">>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).
--- a/apps/ff_transfer/test/ff_ct_limiter_client.erl
+++ b/apps/ff_transfer/test/ff_ct_limiter_client.erl
@ -36,7 +36,7 @@ call(Function, Args, Client) ->
    Call = {{limproto_limiter_thrift, 'Limiter'}, Function, Args},
    Opts = #{
        url => <<"http://limiter:8022/v1/limiter">>,
-        event_handler => scoper_woody_event_handler,
+        event_handler => ff_woody_event_handler,
        transport_opts => #{
            max_connections => 10000
        }
@ -48,7 +48,7 @@ call_configurator(Function, Args, Client) ->
    Call = {{limproto_configurator_thrift, 'Configurator'}, Function, Args},
    Opts = #{
        url => <<"http://limiter:8022/v1/configurator">>,
-        event_handler => scoper_woody_event_handler,
+        event_handler => ff_woody_event_handler,
        transport_opts => #{
            max_connections => 10000
        }
--- a/apps/ff_transfer/test/ff_transfer_SUITE.erl
+++ b/apps/ff_transfer/test/ff_transfer_SUITE.erl
@ -473,7 +473,7 @@ call_admin(Fun, Args) ->
    Request = {Service, Fun, Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022/v1/admin">>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).

@ -616,7 +616,7 @@ call(Function, {Service, Path}, Args, Port) ->
    Request = {Service, Function, Args},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:", Port/binary, Path/binary>>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).

--- a/apps/ff_transfer/test/ff_withdrawal_SUITE.erl
+++ b/apps/ff_transfer/test/ff_withdrawal_SUITE.erl
@ -1059,7 +1059,7 @@ call_session_repair(SessionID, Scenario) ->
    Request = {Service, 'Repair', {SessionID, Scenario}},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022/v1/repair/withdrawal/session">>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).

@ -1068,7 +1068,7 @@ call_withdrawal_repair(SessionID, Scenario) ->
    Request = {Service, 'Repair', {SessionID, Scenario}},
    Client = ff_woody_client:new(#{
        url => <<"http://localhost:8022/v1/repair/withdrawal">>,
-        event_handler => scoper_woody_event_handler
+        event_handler => ff_woody_event_handler
    }),
    ff_woody_client:call(Client, Request).

--- a/apps/fistful/src/ff_woody_client.erl
+++ b/apps/fistful/src/ff_woody_client.erl
@ -45,7 +45,7 @@ new(Opts = #{url := _}) ->
    EventHandlerOpts = genlib_app:env(ff_server, scoper_event_handler_options, #{}),
    maps:merge(
        #{
-            event_handler => {scoper_woody_event_handler, EventHandlerOpts}
+            event_handler => {ff_woody_event_handler, EventHandlerOpts}
        },
        maps:with([url, event_handler, transport_opts], Opts)
    );
--- a/apps/fistful/test/ff_ct_provider_sup.erl
+++ b/apps/fistful/test/ff_ct_provider_sup.erl
@ -18,7 +18,7 @@ init(Opts) ->
            handlers => [
                {Path, {{dmsl_wthd_provider_thrift, 'Adapter'}, {ff_ct_provider_thrift, []}}}
            ],
-            event_handler => scoper_woody_event_handler,
+            event_handler => ff_woody_event_handler,
            ip => proplists:get_value(ip, Opts, "::"),
            port => proplists:get_value(port, Opts, 8022),
            net_opts => proplists:get_value(net_opts, Opts, [])