veil 0.3.0

Rust derive macro for redacting sensitive data in `std::fmt::Debug`
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230

//! The [`Redactor`] allows for redacting arbitrary strings using a pre-defined set of flags.
//!
//! To build a [`Redactor`], use the [`RedactorBuilder`].

use crate::{
    private::{RedactFlags, RedactionContent, RedactionFormatter, RedactionLength, RedactionTarget},
    util::give_me_a_formatter,
};
use std::fmt::{Debug, Display};

/// A wrapped reference to some data that, when formatted as [`Debug`] or [`Display`] (if implemented for `T`), will be redacted.
///
/// See [`Redactor::wrap`] for more information.
#[derive(Clone, Copy)]
pub struct RedactWrapped<'a, T> {
    data: &'a T,
    flags: &'a RedactFlags,
}
impl<T> Display for RedactWrapped<'_, T>
where
    T: Display,
{
    fn fmt(&self, fmt: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        std::fmt::Debug::fmt(
            &RedactionFormatter {
                this: RedactionTarget::Display(self.data),
                flags: *self.flags,
                specialization: None,
            },
            fmt,
        )
    }
}
impl<T> Debug for RedactWrapped<'_, T>
where
    T: Debug,
{
    fn fmt(&self, fmt: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        std::fmt::Debug::fmt(
            &RedactionFormatter {
                this: RedactionTarget::Debug {
                    this: self.data,
                    alternate: fmt.alternate(),
                },
                flags: *self.flags,
                specialization: None,
            },
            fmt,
        )
    }
}

/// The `Redactor` allows for redacting arbitrary strings using a pre-defined set of flags.
///
/// To build a `Redactor`, use the [`RedactorBuilder`].
pub struct Redactor(RedactFlags);
impl Redactor {
    /// Returns a builder ([`RedactorBuilder`]) for this type.
    #[inline(always)]
    pub const fn builder() -> RedactorBuilder {
        RedactorBuilder::new()
    }

    /// Redact the given string.
    ///
    /// # Example
    ///
    /// ```rust
    /// # use veil::redactor::Redactor;
    /// let email = "john.doe@prima.it".to_string();
    /// let name = "John Doe".to_string();
    ///
    /// let redactor = Redactor::builder().char('X').partial().build().unwrap();
    ///
    /// let email = redactor.redact(email);
    /// let name = redactor.redact(name);
    ///
    /// assert_eq!(
    ///     format!("{} <{}>", name, email),
    ///     "JoXX Xoe <johX.XXX@XXXXa.it>"
    /// );
    /// ```
    pub fn redact(&self, data: String) -> String {
        give_me_a_formatter(|fmt| {
            std::fmt::Debug::fmt(
                &RedactionFormatter {
                    this: RedactionTarget::Display(&data.as_str()),
                    flags: self.0,
                    specialization: None,
                },
                fmt,
            )
        })
        .to_string()
    }

    /// Redact the given string in-place.
    //
    /// Can be chained for convenience.
    ///
    /// # Example
    ///
    /// ```rust
    /// # use veil::redactor::Redactor;
    /// let mut email = "john.doe@prima.it".to_string();
    /// let mut name = "John Doe".to_string();
    ///
    /// Redactor::builder()
    ///     .char('X')
    ///     .partial()
    ///     .build()
    ///     .unwrap()
    ///     .redact_in_place(&mut email)
    ///     .redact_in_place(&mut name);
    ///
    /// assert_eq!(
    ///     format!("{} <{}>", name, email),
    ///     "JoXX Xoe <johX.XXX@XXXXa.it>"
    /// );
    /// ```
    pub fn redact_in_place(&self, data: &mut String) -> &Self {
        *data = self.redact(core::mem::take(data));
        self
    }

    /// Wrap the given data in a [`RedactWrapped`], allowing it to be redacted when displayed or debugged.
    ///
    /// Currently, the only supported [`Debug`] formats are `{:?}` and `{:#?}`. Other flags will be ignored.
    ///
    /// # Example
    ///
    /// ```rust
    /// # use veil::redactor::Redactor;
    /// let email = "john.doe@prima.it".to_string();
    /// let name = "John Doe".to_string();
    ///
    /// let redactor = Redactor::builder()
    ///     .char('X')
    ///     .partial()
    ///     .build()
    ///     .unwrap();
    ///
    /// let email = redactor.wrap(&email);
    /// let name = redactor.wrap(&name);
    ///
    /// assert_eq!(
    ///     format!("{} <{}>", name, email),
    ///     "JoXX Xoe <johX.XXX@XXXXa.it>"
    /// );
    ///
    /// assert_eq!(
    ///     format!("{:?} <{:#?}>", name, email),
    ///     "\"JoXX Xoe\" <\"johX.XXX@XXXXa.it\">"
    /// );
    /// ```
    pub const fn wrap<'a, T>(&'a self, data: &'a T) -> RedactWrapped<'a, T> {
        RedactWrapped { flags: &self.0, data }
    }
}

/// A checked builder for [`Redactor`]s.
pub struct RedactorBuilder {
    redact_content: Option<RedactionContent<'static>>,
    partial: bool,
}
impl RedactorBuilder {
    /// Initialize a new redaction flag builder.
    #[inline(always)]
    pub const fn new() -> Self {
        Self {
            redact_content: None,
            partial: false,
        }
    }

    /// Set the character to use for redacting.
    ///
    /// Equivalent to `#[redact(with = '...')]` when deriving.
    #[inline(always)]
    pub const fn char(mut self, char: char) -> Self {
        self.redact_content = Some(RedactionContent::Char(char));
        self
    }

    /// Set the string to use for redacting.
    ///
    /// Equivalent to `#[redact(with = "...")]` when deriving.
    #[inline(always)]
    pub const fn str(mut self, str: &'static str) -> Self {
        self.redact_content = Some(RedactionContent::Str(str));
        self
    }

    /// Whether to only partially redact the data.
    ///
    /// Equivalent to `#[redact(partial)]` when deriving.
    #[inline(always)]
    pub const fn partial(mut self) -> Self {
        self.partial = true;
        self
    }

    /// Build the redaction flags.
    ///
    /// Returns an error if the state of the builder is invalid.
    /// The error will be optimised away by the compiler if the builder is valid at compile time, so it's safe and zero-cost to use `unwrap` on the result if you are constructing this at compile time.
    #[inline(always)]
    pub const fn build(self) -> Result<Redactor, &'static str> {
        let flags = RedactFlags {
            redact_length: if self.partial {
                RedactionLength::Partial
            } else {
                RedactionLength::Full
            },

            redact_content: match self.redact_content {
                Some(style) => style,
                None => RedactionContent::Asterisks,
            },
        };

        Ok(Redactor(flags))
    }
}

impl Default for RedactorBuilder {
    fn default() -> Self {
        Self::new()
    }
}