From c219ec33b0c7faab96cc905e50e14fa43728f4eb Mon Sep 17 00:00:00 2001
From: 1ch0 <github1ch0@163.com>
Date: Fri, 26 Aug 2022 09:58:01 +0800
Subject: [PATCH 1/2] fix: store mongodb password incorrectly

---
 server/internal/devops/api/mongo.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/server/internal/devops/api/mongo.go b/server/internal/devops/api/mongo.go
index d1af8471..3e6650cb 100644
--- a/server/internal/devops/api/mongo.go
+++ b/server/internal/devops/api/mongo.go
@@ -9,6 +9,7 @@ import (
 	"mayfly-go/pkg/ctx"
 	"mayfly-go/pkg/ginx"
 	"mayfly-go/pkg/utils"
+	"regexp"
 	"strconv"
 
 	"github.com/gin-gonic/gin"
@@ -34,6 +35,9 @@ func (m *Mongo) Save(rc *ctx.ReqCtx) {
 	form := &form.Mongo{}
 	ginx.BindJsonAndValid(rc.GinCtx, form)
 
+	mongo := new(entity.Mongo)
+	utils.Copy(mongo, form)
+
 	// 密码脱敏记录日志
 	form.Uri = func(str string) string {
 		reg := regexp.MustCompile(`(^mongodb://.+?:)(.+)(@.+$)`)
@@ -41,9 +45,6 @@ func (m *Mongo) Save(rc *ctx.ReqCtx) {
 	}(form.Uri)
 	rc.ReqParam = form
 
-	mongo := new(entity.Mongo)
-	utils.Copy(mongo, form)
-
 	mongo.SetBaseInfo(rc.LoginAccount)
 	m.MongoApp.Save(mongo)
 }

From 61a4d87f59f6de382d4790c39882cbe6eacf13a2 Mon Sep 17 00:00:00 2001
From: 1ch0 <github1ch0@163.com>
Date: Fri, 26 Aug 2022 10:01:08 +0800
Subject: [PATCH 2/2] perf: hide mongodb passwords when printing logs

---
 server/internal/devops/application/mongo_app.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/server/internal/devops/application/mongo_app.go b/server/internal/devops/application/mongo_app.go
index 350fd186..13244fe2 100644
--- a/server/internal/devops/application/mongo_app.go
+++ b/server/internal/devops/application/mongo_app.go
@@ -13,6 +13,7 @@ import (
 	"mayfly-go/pkg/model"
 	"mayfly-go/pkg/utils"
 	"net"
+	"regexp"
 	"time"
 
 	"go.mongodb.org/mongo-driver/mongo"
@@ -95,7 +96,7 @@ func (d *mongoAppImpl) GetMongoCli(id uint64) *mongo.Client {
 
 // -----------------------------------------------------------
 
-//mongo客户端连接缓存，指定时间内没有访问则会被关闭
+// mongo客户端连接缓存，指定时间内没有访问则会被关闭
 var mongoCliCache = cache.NewTimedCache(constant.MongoConnExpireTime, 5*time.Second).
 	WithUpdateAccessTime(true).
 	OnEvicted(func(key interface{}, value interface{}) {
@@ -177,7 +178,10 @@ func connect(me *entity.Mongo) (*MongoInstance, error) {
 		return nil, err
 	}
 
-	global.Log.Infof("连接mongo: %s", me.Uri)
+	global.Log.Infof("连接mongo: %s", func(str string) string {
+		reg := regexp.MustCompile(`(^mongodb://.+?:)(.+)(@.+$)`)
+		return reg.ReplaceAllString(str, `${1}****${3}`)
+	}(me.Uri))
 	mongoInstance.Cli = client
 	return mongoInstance, err
 }