use SecretString for auth fields

worldcoin · Dec 29, 2024 · 748ac03 · 748ac03
1 parent 67ed8d7
commit 748ac03
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 18 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/relay-client/Cargo.toml b/relay-client/Cargo.toml
@@ -9,11 +9,13 @@ clap = { version = "4", features = ["derive"] }
 eyre.workspace = true
 orb-relay-messages.workspace = true
 orb-security-utils = { workspace = true, features = ["reqwest"] }
+orb-telemetry.workspace = true
 rand = "0.8"
 serde_json.workspace = true
+secrecy.workspace = true
 sha2 = "0.10"
 tokio-stream.workspace = true
 tokio-util.workspace = true
 tokio.workspace = true
-tracing-subscriber = "0.3"
+tracing-subscriber.workspace = true
 tracing.workspace = true
diff --git a/relay-client/src/bin/manual-test.rs b/relay-client/src/bin/manual-test.rs
@@ -54,7 +54,9 @@ struct Args {
 
 #[tokio::main]
 async fn main() -> Result<()> {
-    tracing_subscriber::fmt().init();
+    orb_telemetry::TelemetryConfig::new()
+        .with_journald("worldcoin-relay-client")
+        .init();
 
     let args = Args::parse();
 

diff --git a/relay-client/src/client.rs b/relay-client/src/client.rs
@@ -21,6 +21,7 @@ use orb_security_utils::reqwest::{
     GTS_ROOT_R1_CERT, GTS_ROOT_R2_CERT, GTS_ROOT_R3_CERT, GTS_ROOT_R4_CERT,
     SFS_ROOT_G2_CERT,
 };
+use secrecy::{ExposeSecret, SecretString};
 use std::{
     any::type_name,
     collections::{BTreeMap, VecDeque},
@@ -38,15 +39,15 @@ use tokio_util::sync::CancellationToken;
 
 #[derive(Debug, Clone)]
 pub struct TokenAuth {
-    token: String,
+    token: SecretString,
 }
 
 #[derive(Debug, Clone)]
 pub struct ZkpAuth {
-    root: String,
-    signal: String,
-    nullifier_hash: String,
-    proof: String,
+    root: SecretString,
+    signal: SecretString,
+    nullifier_hash: SecretString,
+    proof: SecretString,
 }
 
 #[derive(Debug, Clone)]
@@ -164,7 +165,9 @@ impl Client {
     ) -> Self {
         Self::new(
             url,
-            Auth::Token(TokenAuth { token }),
+            Auth::Token(TokenAuth {
+                token: token.into(),
+            }),
             orb_id,
             session_id,
             Mode::Orb,
@@ -181,7 +184,9 @@ impl Client {
     ) -> Self {
         Self::new(
             url,
-            Auth::Token(TokenAuth { token }),
+            Auth::Token(TokenAuth {
+                token: token.into(),
+            }),
             session_id,
             orb_id,
             Mode::App,
@@ -202,10 +207,10 @@ impl Client {
         Self::new(
             url,
             Auth::ZKP(ZkpAuth {
-                root,
-                signal,
-                nullifier_hash,
-                proof,
+                root: root.into(),
+                signal: signal.into(),
+                nullifier_hash: nullifier_hash.into(),
+                proof: proof.into(),
             }),
             session_id,
             orb_id,
@@ -694,12 +699,14 @@ impl<'a> PollerAgent<'a> {
                     },
                 }),
                 auth_method: Some(match &self.config.auth {
-                    Auth::Token(t) => AuthMethod::Token(t.token.clone()),
+                    Auth::Token(t) => {
+                        AuthMethod::Token(t.token.expose_secret().to_string())
+                    }
                     Auth::ZKP(z) => AuthMethod::ZkpAuthRequest(ZkpAuthRequest {
-                        root: z.root.clone(),
-                        signal: z.signal.clone(),
-                        nullifier_hash: z.nullifier_hash.clone(),
-                        proof: z.proof.clone(),
+                        root: z.root.expose_secret().to_string(),
+                        signal: z.signal.expose_secret().to_string(),
+                        nullifier_hash: z.nullifier_hash.expose_secret().to_string(),
+                        proof: z.proof.expose_secret().to_string(),
                     }),
                 }),
             })),