-
Notifications
You must be signed in to change notification settings - Fork 249
/
Copy pathsensitive_string.go
58 lines (49 loc) · 1.65 KB
/
sensitive_string.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package security
import (
"encoding/json"
)
const RedactionPlaceholder = "***"
// SensitiveString is a type for handling sensitive information securely.
// This helps to achieve the following goals:
// 1. Prevent accidental logging of sensitive information.
// 2. Provide controlled visibility (e.g., redacted output for String() or MarshalJSON()).
// 3. Enable controlled access to the sensitive value when needed.
type SensitiveString struct {
value string
}
// NewSensitiveString creates a new SensitiveString
func NewSensitiveString(value string) SensitiveString {
return SensitiveString{value: value}
}
// String provides a redacted version of the sensitive string
func (s SensitiveString) String() string {
if s.value == "" {
return ""
}
return RedactionPlaceholder
}
// MarshalJSON ensures that sensitive strings are redacted when marshaled to JSON
// NOTE: It's important to define this method on the value receiver,
// otherwise `json.Marshal` will not call this method.
func (s SensitiveString) MarshalJSON() ([]byte, error) {
return json.Marshal(s.String())
}
// UnmarshalJSON implements unmarshalling a sensitive string from JSON
// NOTE: It's important to define this method on the pointer receiver,
// otherwise `json.Marshal` will not call this method.
func (s *SensitiveString) UnmarshalJSON(data []byte) error {
var value string
if err := json.Unmarshal(data, &value); err != nil {
return err
}
s.value = value
return nil
}
// Reveal exposes the sensitive value (use with caution)
func (s SensitiveString) Reveal() string {
return s.value
}
// Empty checks if the value is empty
func (s SensitiveString) Empty() bool {
return s.value == ""
}