log redacted passwords

Closes #48

README.md

@@ -74,7 +74,7 @@ Alternately you can use distro packages:
 
 - Arch Linux PKGBUILD is available on [AUR](https://aur.archlinux.org/packages/sftpgo/ "SFTPGo")
 
-For macOS a `launchd` sample [service](https://github.com/drakkan/sftpgo/tree/master/init/com.github.drakkan.sftpgo.plist "launchd plist") can be found inside the source tree. The `launchd` plist assumes that `sftpgo` has `/usr/local/opt/sftpgo` as base directory. 
+For macOS a `launchd` sample [service](https://github.com/drakkan/sftpgo/tree/master/init/com.github.drakkan.sftpgo.plist "launchd plist") can be found inside the source tree. The `launchd` plist assumes that `sftpgo` has `/usr/local/opt/sftpgo` as base directory.
 
 ## Configuration
 

config/config.go

@@ -104,6 +104,12 @@ func GetProviderConf() dataprovider.Config {
 	return globalConf.ProviderConf
 }
 
+func getRedactedGlobalConf() globalConfig {
+	conf := globalConf
+	conf.ProviderConf.Password = "[redacted]"
+	return conf
+}
+
 // LoadConfig loads the configuration
 // configDir will be added to the configuration search paths.
 // The search path contains by default the current directory and on linux it contains
@@ -116,13 +122,15 @@ func LoadConfig(configDir, configName string) error {
 	viper.AddConfigPath(".")
 	viper.SetConfigName(configName)
 	if err = viper.ReadInConfig(); err != nil {
-		logger.Warn(logSender, "", "error loading configuration file: %v. Default configuration will be used: %+v", err, globalConf)
+		logger.Warn(logSender, "", "error loading configuration file: %v. Default configuration will be used: %+v",
+			err, getRedactedGlobalConf())
 		logger.WarnToConsole("error loading configuration file: %v. Default configuration will be used.", err)
 		return err
 	}
 	err = viper.Unmarshal(&globalConf)
 	if err != nil {
-		logger.Warn(logSender, "", "error parsing configuration file: %v. Default configuration will be used: %+v", err, globalConf)
+		logger.Warn(logSender, "", "error parsing configuration file: %v. Default configuration will be used: %+v",
+			err, getRedactedGlobalConf())
 		logger.WarnToConsole("error parsing configuration file: %v. Default configuration will be used.", err)
 		return err
 	}
@@ -136,6 +144,6 @@ func LoadConfig(configDir, configName string) error {
 		logger.Warn(logSender, "", "Configuration error: %v", err)
 		logger.WarnToConsole("Configuration error: %v", err)
 	}
-	logger.Debug(logSender, "", "config file used: '%v', config loaded: %+v", viper.ConfigFileUsed(), globalConf)
+	logger.Debug(logSender, "", "config file used: '%v', config loaded: %+v", viper.ConfigFileUsed(), getRedactedGlobalConf())
 	return err
 }

dataprovider/mysql.go

@@ -15,25 +15,34 @@ type MySQLProvider struct {
 
 func initializeMySQLProvider() error {
 	var err error
-	var connectionString string
 	logSender = MySQLDataProviderName
-	if len(config.ConnectionString) == 0 {
-		connectionString = fmt.Sprintf("%v:%v@tcp([%v]:%v)/%v?charset=utf8&interpolateParams=true&timeout=10s&tls=%v&writeTimeout=10s&readTimeout=10s",
-			config.Username, config.Password, config.Host, config.Port, config.Name, getSSLMode())
-	} else {
-		connectionString = config.ConnectionString
-	}
-	dbHandle, err := sql.Open("mysql", connectionString)
+	dbHandle, err := sql.Open("mysql", getMySQLConnectionString(false))
 	if err == nil {
-		providerLog(logger.LevelDebug, "mysql database handle created, connection string: %#v, pool size: %v", connectionString, config.PoolSize)
+		providerLog(logger.LevelDebug, "mysql database handle created, connection string: %#v, pool size: %v",
+			getMySQLConnectionString(true), config.PoolSize)
 		dbHandle.SetMaxOpenConns(config.PoolSize)
 		dbHandle.SetConnMaxLifetime(1800 * time.Second)
 		provider = MySQLProvider{dbHandle: dbHandle}
 	} else {
-		providerLog(logger.LevelWarn, "error creating mysql database handler, connection string: %#v, error: %v", connectionString, err)
+		providerLog(logger.LevelWarn, "error creating mysql database handler, connection string: %#v, error: %v",
+			getMySQLConnectionString(true), err)
 	}
 	return err
 }
+func getMySQLConnectionString(redactedPwd bool) string {
+	var connectionString string
+	if len(config.ConnectionString) == 0 {
+		password := config.Password
+		if redactedPwd {
+			password = "[redacted]"
+		}
+		connectionString = fmt.Sprintf("%v:%v@tcp([%v]:%v)/%v?charset=utf8&interpolateParams=true&timeout=10s&tls=%v&writeTimeout=10s&readTimeout=10s",
+			config.Username, password, config.Host, config.Port, config.Name, getSSLMode())
+	} else {
+		connectionString = config.ConnectionString
+	}
+	return connectionString
+}
 
 func (p MySQLProvider) checkAvailability() error {
 	return sqlCommonCheckAvailability(p.dbHandle)

dataprovider/pgsql.go

@@ -14,25 +14,35 @@ type PGSQLProvider struct {
 
 func initializePGSQLProvider() error {
 	var err error
-	var connectionString string
 	logSender = PGSQLDataProviderName
-	if len(config.ConnectionString) == 0 {
-		connectionString = fmt.Sprintf("host='%v' port=%v dbname='%v' user='%v' password='%v' sslmode=%v connect_timeout=10",
-			config.Host, config.Port, config.Name, config.Username, config.Password, getSSLMode())
-	} else {
-		connectionString = config.ConnectionString
-	}
-	dbHandle, err := sql.Open("postgres", connectionString)
+	dbHandle, err := sql.Open("postgres", getPGSQLConnectionString(false))
 	if err == nil {
-		providerLog(logger.LevelDebug, "postgres database handle created, connection string: %#v, pool size: %v", connectionString, config.PoolSize)
+		providerLog(logger.LevelDebug, "postgres database handle created, connection string: %#v, pool size: %v",
+			getPGSQLConnectionString(true), config.PoolSize)
 		dbHandle.SetMaxOpenConns(config.PoolSize)
 		provider = PGSQLProvider{dbHandle: dbHandle}
 	} else {
-		providerLog(logger.LevelWarn, "error creating postgres database handler, connection string: %#v, error: %v", connectionString, err)
+		providerLog(logger.LevelWarn, "error creating postgres database handler, connection string: %#v, error: %v",
+			getPGSQLConnectionString(true), err)
 	}
 	return err
 }
 
+func getPGSQLConnectionString(redactedPwd bool) string {
+	var connectionString string
+	if len(config.ConnectionString) == 0 {
+		password := config.Password
+		if redactedPwd {
+			password = "[redacted]"
+		}
+		connectionString = fmt.Sprintf("host='%v' port=%v dbname='%v' user='%v' password='%v' sslmode=%v connect_timeout=10",
+			config.Host, config.Port, config.Name, config.Username, password, getSSLMode())
+	} else {
+		connectionString = config.ConnectionString
+	}
+	return connectionString
+}
+
 func (p PGSQLProvider) checkAvailability() error {
 	return sqlCommonCheckAvailability(p.dbHandle)
 }