@@ -1,6 +1,13 @@
|
||||
package settings
|
||||
|
||||
import "testing"
|
||||
import (
|
||||
"bytes"
|
||||
"log/slog"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestRedactDatabaseURL_PostgresURI(t *testing.T) {
|
||||
input := "postgres://vctp_user:Secr3tP%40ss@db-host:5432/vctp?sslmode=disable"
|
||||
@@ -27,3 +34,29 @@ func TestRedactDatabaseURL_UnchangedWhenNoPassword(t *testing.T) {
|
||||
t.Fatalf("expected input to remain unchanged\nwant: %s\ngot: %s", input, got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestReadYMLSettingsRedactsAuthJWTSigningKey(t *testing.T) {
|
||||
tmpDir := t.TempDir()
|
||||
settingsPath := filepath.Join(tmpDir, "vctp.yml")
|
||||
content := `settings:
|
||||
auth_jwt_signing_key: "c2VjcmV0"
|
||||
`
|
||||
if err := os.WriteFile(settingsPath, []byte(content), 0o600); err != nil {
|
||||
t.Fatalf("failed to write settings file: %v", err)
|
||||
}
|
||||
|
||||
var output bytes.Buffer
|
||||
logger := slog.New(slog.NewTextHandler(&output, &slog.HandlerOptions{Level: slog.LevelDebug}))
|
||||
s := New(logger, settingsPath)
|
||||
if err := s.ReadYMLSettings(); err != nil {
|
||||
t.Fatalf("expected settings to load, got error: %v", err)
|
||||
}
|
||||
|
||||
logged := output.String()
|
||||
if strings.Contains(logged, "c2VjcmV0") {
|
||||
t.Fatalf("expected auth_jwt_signing_key to be redacted in logs, got log output: %s", logged)
|
||||
}
|
||||
if !strings.Contains(logged, "REDACTED") {
|
||||
t.Fatalf("expected redacted marker in logs, got log output: %s", logged)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user