fix(security): redact sensitive URL parameters in logs (#853)

Author: s0up4200

internal/api/handlers/jackett.go

@@ -18,6 +18,7 @@ import (
 
 	"github.com/autobrr/qui/internal/models"
 	"github.com/autobrr/qui/internal/services/jackett"
+	"github.com/autobrr/qui/pkg/redact"
 )
 
 const (
@@ -858,7 +859,7 @@ func (h *JackettHandler) DiscoverIndexers(w http.ResponseWriter, r *http.Request
 
 	result, err := jackett.DiscoverJackettIndexers(r.Context(), req.BaseURL, req.APIKey)
 	if err != nil {
-		log.Error().Err(err).Str("base_url", req.BaseURL).Msg("Failed to discover indexers")
+		log.Error().Str("base_url", redact.URLString(req.BaseURL)).Str("error", redact.String(err.Error())).Msg("Failed to discover indexers")
 		RespondError(w, http.StatusInternalServerError, "Failed to discover indexers")
 		return
 	}

internal/api/handlers/torrents.go

@@ -24,6 +24,7 @@ import (
 
 	"github.com/autobrr/qui/internal/qbittorrent"
 	"github.com/autobrr/qui/internal/services/jackett"
+	"github.com/autobrr/qui/pkg/redact"
 	"github.com/autobrr/qui/pkg/torrentname"
 )
 
@@ -561,7 +562,7 @@ func (h *TorrentsHandler) AddTorrent(w http.ResponseWriter, r *http.Request) {
 						if respondIfInstanceDisabled(w, err, instanceID, "torrents:addFromURLs") {
 							return
 						}
-						log.Error().Err(err).Int("instanceID", instanceID).Str("url", url).Msg("Failed to add magnet link")
+						log.Error().Err(err).Int("instanceID", instanceID).Str("url", redact.URLString(url)).Msg("Failed to add magnet link")
 						failedURLs = append(failedURLs, failedURL{URL: url, Error: err.Error()})
 						failedCount++
 						lastError = err
@@ -577,7 +578,7 @@ func (h *TorrentsHandler) AddTorrent(w http.ResponseWriter, r *http.Request) {
 					DownloadURL: url,
 				})
 				if err != nil {
-					log.Error().Err(err).Int("indexerID", indexerID).Int("instanceID", instanceID).Str("url", url).Msg("Failed to download torrent from indexer")
+					log.Error().Err(err).Int("indexerID", indexerID).Int("instanceID", instanceID).Str("url", redact.URLString(url)).Msg("Failed to download torrent from indexer")
 					failedURLs = append(failedURLs, failedURL{URL: url, Error: err.Error()})
 					failedCount++
 					lastError = err
@@ -589,7 +590,7 @@ func (h *TorrentsHandler) AddTorrent(w http.ResponseWriter, r *http.Request) {
 					if respondIfInstanceDisabled(w, err, instanceID, "torrents:add") {
 						return
 					}
-					log.Error().Err(err).Int("instanceID", instanceID).Int("indexerID", indexerID).Str("url", url).Msg("Failed to add downloaded torrent")
+					log.Error().Err(err).Int("instanceID", instanceID).Int("indexerID", indexerID).Str("url", redact.URLString(url)).Msg("Failed to add downloaded torrent")
 					failedURLs = append(failedURLs, failedURL{URL: url, Error: err.Error()})
 					failedCount++
 					lastError = err

internal/api/middleware/logger.go

@@ -10,6 +10,8 @@ import (
 
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/rs/zerolog"
+
+	"github.com/autobrr/qui/pkg/redact"
 )
 
 // Logger logs HTTP requests using a local zerolog logger
@@ -41,7 +43,7 @@ func Logger(logger zerolog.Logger) func(next http.Handler) http.Handler {
 					Timestamp().
 					Fields(map[string]any{
 						"remote_ip":  r.RemoteAddr,
-						"url":        r.URL.Path,
+						"url":        redact.ProxyPath(r.URL.Path),
 						"proto":      r.Proto,
 						"method":     r.Method,
 						"user_agent": r.Header.Get("User-Agent"),

internal/metrics/server.go

@@ -13,6 +13,8 @@ import (
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/rs/zerolog/log"
+
+	"github.com/autobrr/qui/pkg/redact"
 )
 
 type Server struct {
@@ -34,7 +36,7 @@ func NewMetricsServer(manager *MetricsManager, host string, port int, basicAuthU
 			if len(parts) == 2 {
 				s.basicAuthUsers[parts[0]] = parts[1]
 			} else {
-				log.Warn().Msgf("Invalid metrics basic auth credentials: %s", cred)
+				log.Warn().Msgf("Invalid metrics basic auth credentials: %s", redact.BasicAuthUser(cred))
 			}
 		}
 	}

internal/proxy/handler.go

@@ -28,6 +28,7 @@ import (
 	"github.com/autobrr/qui/internal/qbittorrent"
 	"github.com/autobrr/qui/internal/services/reannounce"
 	"github.com/autobrr/qui/pkg/httphelpers"
+	"github.com/autobrr/qui/pkg/redact"
 )
 
 // Handler manages reverse proxy requests to qBittorrent instances
@@ -149,8 +150,7 @@ func (h *Handler) rewriteRequest(pr *httputil.ProxyRequest) {
 	log.Debug().
 		Str("client", clientAPIKey.ClientName).
 		Int("instanceId", instanceID).
-		Str("originalPath", originalPath).
-		Str("strippedPath", strippedPath).
+		Str("strippedPath", redact.ProxyPath(strippedPath)).
 		Str("targetHost", instanceURL.Host).
 		Msg("Rewriting proxy request")
 
@@ -262,11 +262,10 @@ func (h *Handler) errorHandler(w http.ResponseWriter, r *http.Request, err error
 	}
 
 	log.Error().
-		Err(err).
+		Str("error", redact.String(err.Error())).
 		Str("client", clientName).
 		Int("instanceId", instanceID).
 		Str("method", r.Method).
-		Str("path", r.URL.Path).
 		Msg("Proxy request failed")
 
 	h.writeProxyError(w)
@@ -423,7 +422,6 @@ func (h *Handler) prepareProxyContext(r *http.Request) (*proxyContext, error) {
 	logger := log.With().
 		Int("instanceId", instanceID).
 		Str("method", r.Method).
-		Str("path", r.URL.Path).
 		Logger()
 
 	if clientAPIKey != nil {

internal/proxy/middleware.go

@@ -104,20 +104,17 @@ func ClientAPIKeyMiddleware(store *models.ClientAPIKeyStore) func(http.Handler)
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			log.Debug().
-				Str("fullPath", r.URL.Path).
 				Str("method", r.Method).
 				Msg("ClientAPIKeyMiddleware called")
 
 			// Extract API key from URL path parameter
 			apiKey := chi.URLParam(r, "api-key")
 			log.Debug().
-				Str("apiKey", apiKey).
-				Bool("isEmpty", apiKey == "").
-				Msg("Extracted API key from URL parameter")
+				Bool("hasKey", apiKey != "").
+				Msg("Checking API key from URL parameter")
 
 			if apiKey == "" {
 				log.Warn().
-					Str("path", r.URL.Path).
 					Str("user_agent", userAgentOrUnknown(r)).
 					Msg("Missing API key in proxy request")
 				http.Error(w, "Missing API key", http.StatusUnauthorized)
@@ -130,7 +127,6 @@ func ClientAPIKeyMiddleware(store *models.ClientAPIKeyStore) func(http.Handler)
 			if err != nil {
 				if err == models.ErrClientAPIKeyNotFound {
 					log.Warn().
-						Str("key_prefix", apiKey[:min(8, len(apiKey))]).
 						Str("user_agent", userAgentOrUnknown(r)).
 						Msg("Invalid client API key")
 					http.Error(w, "Invalid API key", http.StatusUnauthorized)
@@ -156,7 +152,6 @@ func ClientAPIKeyMiddleware(store *models.ClientAPIKeyStore) func(http.Handler)
 				Str("client", clientAPIKey.ClientName).
 				Int("instanceId", clientAPIKey.InstanceID).
 				Str("method", r.Method).
-				Str("path", r.URL.Path).
 				Msg("Client API key validated successfully")
 
 			// Add client API key and instance ID to request context