redact 0.1.11

A simple library for keeping secrets out of logs.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

use crate::Secret;

use serde::{Deserialize, Deserializer, Serialize, Serializer};

/// *This API requires the following crate features to be activated: `serde`*
impl<'de, T: Deserialize<'de>> Deserialize<'de> for Secret<T> {
    #[inline]
    fn deserialize<D: Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error> {
        T::deserialize(deserializer).map(Self)
    }
}

/// A serializable type that contains a secret.
///
/// This abstraction enables [expose_secret] to be used to serialize both `Secret<T>`, `&Secret<T>`,
/// `Option<Secret<T>>` and `Vec<Secret<T>>`.
pub trait SerializableSecret<T> {
    type Exposed<'a>: Serialize
    where
        Self: 'a;
    /// To reduce the number of functions that are able to expose secrets we require
    /// that the [`Secret::expose_secret`] function is passed in here.
    fn expose_via(&self, expose: impl Fn(&Secret<T>) -> &T) -> Self::Exposed<'_>;
}

impl<T: Serialize> SerializableSecret<T> for &Secret<T> {
    type Exposed<'a>
        = &'a T
    where
        T: 'a,
        Self: 'a;

    fn expose_via(&self, expose: impl Fn(&Secret<T>) -> &T) -> Self::Exposed<'_> {
        expose(self)
    }
}

impl<T: Serialize> SerializableSecret<T> for Secret<T> {
    type Exposed<'a>
        = &'a T
    where
        T: 'a;

    fn expose_via(&self, expose: impl Fn(&Secret<T>) -> &T) -> Self::Exposed<'_> {
        expose(self)
    }
}

impl<T: Serialize> SerializableSecret<T> for Option<Secret<T>> {
    type Exposed<'a>
        = Option<&'a T>
    where
        T: 'a;

    fn expose_via(&self, expose: impl Fn(&Secret<T>) -> &T) -> Self::Exposed<'_> {
        self.as_ref().map(expose)
    }
}

#[cfg(feature = "std")]
impl<T: Serialize> SerializableSecret<T> for Vec<Secret<T>>
where
    for<'a> Vec<&'a T>: Serialize,
{
    type Exposed<'a>
        = Vec<&'a T>
    where
        T: 'a;

    fn expose_via(&self, expose: impl Fn(&Secret<T>) -> &T) -> Self::Exposed<'_> {
        self.iter().map(expose).collect()
    }
}

/// Exposes a [Secret] for serialization.
///
/// For general-purpose secret exposing see [Secret::expose_secret].
///
/// See [module level documentation][crate] for usage example.
///
/// *This API requires the following crate features to be activated: `serde`*
#[cfg(feature = "serde")]
#[inline]
pub fn expose_secret<S: Serializer, T: Serialize>(
    secret: &impl SerializableSecret<T>,
    serializer: S,
) -> Result<S::Ok, S::Error> {
    secret
        .expose_via(Secret::expose_secret)
        .serialize(serializer)
}

/// Serialize a redacted [Secret] without exposing the contained data.
///
/// The secret will be serialized as its [`Debug`] output.
/// Since the data is redacted, it is not possible to deserialize data serialized in this way.
///
/// This function is designed to be used with `#[serde(serialize_with)]` in the same way as
/// [serde::expose_secret][crate::serde::expose_secret].
///
/// *This API requires the following crate features to be activated: `serde`*
#[cfg(feature = "serde")]
#[inline]
pub fn redact_secret<S: Serializer, T>(
    secret: &Secret<T>,
    serializer: S,
) -> Result<S::Ok, S::Error> {
    serializer.collect_str(&format_args!("{secret:?}"))
}

#[cfg(test)]
mod tests {
    use super::*;
    use fake::{Fake, Faker};
    use serde::{Deserialize, Serialize};

    #[test]
    fn deserialize_the_serialized() {
        #[derive(Serialize, Deserialize, fake::Dummy, PartialEq, Debug)]
        struct Test {
            #[serde(serialize_with = "expose_secret")]
            one: Secret<String>,
            #[serde(serialize_with = "expose_secret")]
            two: Option<Secret<String>>,
            #[serde(serialize_with = "expose_secret")]
            three: Vec<Secret<String>>,
        }

        let to_serialize: Test = Faker.fake();

        let serialized = serde_json::to_string(&to_serialize).unwrap();

        let deserialized = serde_json::from_str(&serialized).unwrap();

        assert_eq!(to_serialize, deserialized)
    }
}