From 748ac03992271e905e465ff77174f2e24ca7f03a Mon Sep 17 00:00:00 2001 From: Paul Quinn Date: Sun, 29 Dec 2024 00:37:49 -0800 Subject: [PATCH] use SecretString for auth fields --- Cargo.lock | 2 ++ relay-client/Cargo.toml | 4 ++- relay-client/src/bin/manual-test.rs | 4 ++- relay-client/src/client.rs | 39 +++++++++++++++++------------ 4 files changed, 31 insertions(+), 18 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 08667407..7872515a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4892,7 +4892,9 @@ dependencies = [ "eyre", "orb-relay-messages", "orb-security-utils", + "orb-telemetry", "rand", + "secrecy", "serde_json", "sha2", "tokio", diff --git a/relay-client/Cargo.toml b/relay-client/Cargo.toml index 79dd083c..f04a6258 100644 --- a/relay-client/Cargo.toml +++ b/relay-client/Cargo.toml @@ -9,11 +9,13 @@ clap = { version = "4", features = ["derive"] } eyre.workspace = true orb-relay-messages.workspace = true orb-security-utils = { workspace = true, features = ["reqwest"] } +orb-telemetry.workspace = true rand = "0.8" serde_json.workspace = true +secrecy.workspace = true sha2 = "0.10" tokio-stream.workspace = true tokio-util.workspace = true tokio.workspace = true -tracing-subscriber = "0.3" +tracing-subscriber.workspace = true tracing.workspace = true diff --git a/relay-client/src/bin/manual-test.rs b/relay-client/src/bin/manual-test.rs index 6042387e..22fe8312 100644 --- a/relay-client/src/bin/manual-test.rs +++ b/relay-client/src/bin/manual-test.rs @@ -54,7 +54,9 @@ struct Args { #[tokio::main] async fn main() -> Result<()> { - tracing_subscriber::fmt().init(); + orb_telemetry::TelemetryConfig::new() + .with_journald("worldcoin-relay-client") + .init(); let args = Args::parse(); diff --git a/relay-client/src/client.rs b/relay-client/src/client.rs index 7ae7dc34..9d74a445 100644 --- a/relay-client/src/client.rs +++ b/relay-client/src/client.rs @@ -21,6 +21,7 @@ use orb_security_utils::reqwest::{ GTS_ROOT_R1_CERT, GTS_ROOT_R2_CERT, GTS_ROOT_R3_CERT, GTS_ROOT_R4_CERT, SFS_ROOT_G2_CERT, }; +use secrecy::{ExposeSecret, SecretString}; use std::{ any::type_name, collections::{BTreeMap, VecDeque}, @@ -38,15 +39,15 @@ use tokio_util::sync::CancellationToken; #[derive(Debug, Clone)] pub struct TokenAuth { - token: String, + token: SecretString, } #[derive(Debug, Clone)] pub struct ZkpAuth { - root: String, - signal: String, - nullifier_hash: String, - proof: String, + root: SecretString, + signal: SecretString, + nullifier_hash: SecretString, + proof: SecretString, } #[derive(Debug, Clone)] @@ -164,7 +165,9 @@ impl Client { ) -> Self { Self::new( url, - Auth::Token(TokenAuth { token }), + Auth::Token(TokenAuth { + token: token.into(), + }), orb_id, session_id, Mode::Orb, @@ -181,7 +184,9 @@ impl Client { ) -> Self { Self::new( url, - Auth::Token(TokenAuth { token }), + Auth::Token(TokenAuth { + token: token.into(), + }), session_id, orb_id, Mode::App, @@ -202,10 +207,10 @@ impl Client { Self::new( url, Auth::ZKP(ZkpAuth { - root, - signal, - nullifier_hash, - proof, + root: root.into(), + signal: signal.into(), + nullifier_hash: nullifier_hash.into(), + proof: proof.into(), }), session_id, orb_id, @@ -694,12 +699,14 @@ impl<'a> PollerAgent<'a> { }, }), auth_method: Some(match &self.config.auth { - Auth::Token(t) => AuthMethod::Token(t.token.clone()), + Auth::Token(t) => { + AuthMethod::Token(t.token.expose_secret().to_string()) + } Auth::ZKP(z) => AuthMethod::ZkpAuthRequest(ZkpAuthRequest { - root: z.root.clone(), - signal: z.signal.clone(), - nullifier_hash: z.nullifier_hash.clone(), - proof: z.proof.clone(), + root: z.root.expose_secret().to_string(), + signal: z.signal.expose_secret().to_string(), + nullifier_hash: z.nullifier_hash.expose_secret().to_string(), + proof: z.proof.expose_secret().to_string(), }), }), })),