Function strip_auth_from_url

Source

pub fn strip_auth_from_url(url: &str) -> Result<String>

Expand description

Strips authentication information from a Git URL for safe display or logging.

This function removes sensitive authentication tokens, usernames, and passwords from Git URLs while preserving the repository location information. It’s essential for security when logging or displaying URLs that might contain credentials.

§Arguments

url - The Git URL that may contain authentication information

§Return Value

Returns the URL with authentication components removed:

HTTPS URLs: Removes user:token@ prefix
SSH URLs: Returned unchanged (no embedded auth to strip)
Other formats: Returned unchanged if no auth detected

§Security Purpose

This function prevents accidental credential exposure in:

Log files and console output
Error messages shown to users
Debug information and stack traces
Documentation and examples

§Supported Authentication Formats

§HTTPS with Tokens

https://token@github.com/user/repo.git → https://github.com/user/repo.git
https://user:pass@gitlab.com/repo.git → https://gitlab.com/repo.git
https://oauth2:token@bitbucket.org/repo.git → https://bitbucket.org/repo.git

§Preserved Formats

git@github.com:user/repo.git → git@github.com:user/repo.git (unchanged)
https://github.com/user/repo.git → https://github.com/user/repo.git (no auth)
file:///path/to/repo → file:///path/to/repo (unchanged)

§Examples

use agpm_cli::git::strip_auth_from_url;

// Strip token from HTTPS URL
let clean_url = strip_auth_from_url("https://ghp_token123@github.com/user/repo.git")?;
assert_eq!(clean_url, "https://github.com/user/repo.git");

// Strip user:password authentication
let clean_url = strip_auth_from_url("https://user:secret@gitlab.com/project.git")?;
assert_eq!(clean_url, "https://gitlab.com/project.git");

// URLs without auth are unchanged
let clean_url = strip_auth_from_url("https://github.com/public/repo.git")?;
assert_eq!(clean_url, "https://github.com/public/repo.git");

§Safe Logging Pattern

use agpm_cli::git::strip_auth_from_url;
use anyhow::Result;

fn log_repository_operation(url: &str, operation: &str) -> Result<()> {
    let safe_url = strip_auth_from_url(url)?;
    println!("Performing {} on repository: {}", operation, safe_url);
    // Logs: "Performing clone on repository: https://github.com/user/repo.git"
    // Instead of exposing: "https://token:secret@github.com/user/repo.git"
    Ok(())
}

§Error Context Integration

use agpm_cli::git::strip_auth_from_url;
use agpm_cli::core::AgpmError;

match some_git_operation(url).await {
    Ok(result) => Ok(result),
    Err(e) => {
        let safe_url = strip_auth_from_url(url)?;
        eprintln!("Git operation failed for repository: {}", safe_url);
        Err(e)
    }
}

§Implementation Details

The function uses careful parsing to distinguish between:

Authentication @ symbols (before the hostname)
Email address @ symbols in commit information (preserved)
Path components that might contain @ symbols (preserved)

§Edge Cases Handled

URLs with multiple @ symbols (only strips auth prefix)
URLs with no authentication (returned unchanged)
Malformed URLs (best-effort processing)
Non-HTTP protocols (returned unchanged)

§Security Note

This function is for display/logging safety only. The original authenticated URL should still be used for actual Git operations. Never use the stripped URL for authentication-required operations.

strip_auth_from_url

Function strip_auth_from_url Copy item path