feat: stop apply command exposing private key over HTTP API

License: MIT Signed-off-by: chenminjian <727180553@qq.com>

feat: stop apply command exposing private key over HTTP API
License: MIT Signed-off-by: chenminjian <727180553@qq.com>
64cdabc8 · chenminjian · Steven Allen · 2e3cbe3e · 64cdabc8 · 64cdabc8
--- a/core/commands/config.go
+++ b/core/commands/config.go
@@ -23,8 +23,8 @@ import (

 // ConfigUpdateOutput is config profile apply command's output
 type ConfigUpdateOutput struct {
-	Old config.Config
-	New config.Config
+	OldCfg map[string]interface{}
+	NewCfg map[string]interface{}
 }

 type ConfigField struct {
@@ -359,9 +359,22 @@ var configProfileApplyCmd = &cmds.Command{
 			res.SetError(err, cmdkit.ErrNormal)
 			return
 		}
+
+		oldCfgMap, err := scrubPrivKey(oldCfg)
+		if err != nil {
+			res.SetError(err, cmdkit.ErrNormal)
+			return
+		}
+
+		newCfgMap, err := scrubPrivKey(newCfg)
+		if err != nil {
+			res.SetError(err, cmdkit.ErrNormal)
+			return
+		}
+
 		res.SetOutput(&ConfigUpdateOutput{
-			Old: *oldCfg,
-			New: *newCfg,
+			OldCfg: oldCfgMap,
+			NewCfg: newCfgMap,
 		})
 	},
 	Marshalers: cmds.MarshalerMap{
@@ -380,7 +393,7 @@ var configProfileApplyCmd = &cmds.Command{
 				return nil, e.TypeErr(apply, v)
 			}

-			diff := jsondiff.Compare(apply.Old, apply.New)
+			diff := jsondiff.Compare(apply.OldCfg, apply.NewCfg)
 			buf := jsondiff.Format(diff)

 			return strings.NewReader(string(buf)), nil
@@ -404,6 +417,21 @@ func buildProfileHelp() string {
 	return out
 }

+// scrubPrivKey scrubs private key for security reasons.
+func scrubPrivKey(cfg *config.Config) (map[string]interface{}, error) {
+	cfgMap, err := config.ToMap(cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	err = scrubValue(cfgMap, []string{config.IdentityTag, config.PrivKeyTag})
+	if err != nil {
+		return nil, err
+	}
+
+	return cfgMap, nil
+}
+
 // transformConfig returns old config and new config instead of difference between they,
 // because apply command can provide stable API through this way.
 // If dryRun is true, repo's config should not be updated and persisted

--- a/test/sharness/t0021-config.sh
+++ b/test/sharness/t0021-config.sh
@@ -262,6 +262,16 @@ test_config_cmd() {
    test `grep "DisableNatPortMap" diff_info | wc -l` = 2
  '

+  test_expect_success "'ipfs config profile apply test --dry-run' doesn't include privkey" '
+    ipfs config profile apply test --dry-run > show_config &&
+    test_expect_code 1 grep PrivKey show_config
+  '
+
+  test_expect_success "'ipfs config profile apply test' doesn't include privkey" '
+    ipfs config profile apply test > show_config &&
+    test_expect_code 1 grep PrivKey show_config
+  '
+
  # won't work as it changes datastore definition, which makes ipfs not launch
  # without converting first
  # test_profile_apply_revert badgerds