kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity
Files
75f192fb242a828a2b2e01193af0d27fc32b40dc
baron-sso/backend/internal/utils/masking.go
chan 31d107ff2e feat(user): support fixed UUID registration and enhance bulk import results 
- Added support for fixed UUIDs during bulk registration (Search-first + ExternalID mapping)
- Implemented idempotency and visibility restoration for soft-deleted users
- Enhanced bulk upload UI to show 'New/Updated/Unchanged' status and modified fields
- Added logic to reclaim identifiers (login_id) from colliding records
- Added frontend E2E and backend unit tests for UUID integrity and conflict handling
- Fixed i18n, formatting, and mock tests to satisfy code-check
- Applied 'go fix' for 'omitzero' tags and general Go standards
2026-06-01 15:34:08 +09:00

81 lines
1.6 KiB
Go
Raw Blame History

package utils
import (
"encoding/json"
"strings"
)
var sensitiveKeys = map[string]struct{}{
"password": {},
"currentpassword": {},
"newpassword": {},
"oldpassword": {},
"token": {},
"accesstoken": {},
"access_token": {},
"refreshtoken": {},
"refresh_token": {},
"secret": {},
"clientsecret": {},
"client_secret": {},
"authorization": {},
"cookie": {},
"set-cookie": {},
"verificationcode": {},
"verification_code": {},
"code": {}, // Auth code (sensitive)
}
// MaskSensitiveJSON parses a JSON byte slice and masks values of sensitive keys.
// Returns the original data if it's not valid JSON.
func MaskSensitiveJSON(data []byte) []byte {
if len(data) == 0 {
return data
}
var obj any
if err := json.Unmarshal(data, &obj); err != nil {
// Not a JSON object/array, return as is
return data
}
masked := maskValue(obj)
result, err := json.Marshal(masked)
if err != nil {
return data
}
return result
}
func maskValue(v any) any {
switch val := v.(type) {
case map[string]any:
newMap := make(map[string]any, len(val))
for k, v := range val {
if isSensitive(k) {
newMap[k] = "*****"
} else {
newMap[k] = maskValue(v)
}
}
return newMap
case []any:
newArr := make([]any, len(val))
for i, v := range val {
newArr[i] = maskValue(v)
}
return newArr
default:
return val
}
}
func isSensitive(key string) bool {
// Check case-insensitive
// Remove common separators for looser matching? No, stick to lowercase check for now.
k := strings.ToLower(key)
_, ok := sensitiveKeys[k]
return ok
}
View Git Blame Copy Permalink