oauth2_broker/auth/token/
secret.rs

1//! Secure token secret wrapper that redacts sensitive material.
2
3// self
4use crate::_prelude::*;
5
6/// Redacted token secret wrapper keeping sensitive material out of logs.
7#[derive(Clone, PartialEq, Eq, Serialize, Deserialize)]
8pub struct TokenSecret(String);
9impl TokenSecret {
10	/// Wraps a new secret string.
11	pub fn new(value: impl Into<String>) -> Self {
12		Self(value.into())
13	}
14
15	/// Returns the inner token value. Callers must avoid logging this string.
16	pub fn expose(&self) -> &str {
17		&self.0
18	}
19}
20impl AsRef<str> for TokenSecret {
21	fn as_ref(&self) -> &str {
22		self.expose()
23	}
24}
25impl Debug for TokenSecret {
26	fn fmt(&self, f: &mut Formatter) -> FmtResult {
27		f.debug_tuple("TokenSecret").field(&"<redacted>").finish()
28	}
29}
30impl Display for TokenSecret {
31	fn fmt(&self, f: &mut Formatter) -> FmtResult {
32		f.write_str("<redacted>")
33	}
34}
35
36#[cfg(test)]
37mod tests {
38	// self
39	use super::*;
40
41	#[test]
42	fn secret_formatters_redact() {
43		let secret = TokenSecret::new("super-secret");
44
45		assert_eq!(format!("{secret:?}"), "TokenSecret(\"<redacted>\")");
46		assert_eq!(format!("{secret}"), "<redacted>");
47	}
48}
oauth2_broker/auth/token/secret.rs

oauth2_broker/auth/token/
secret.rs
