Merge pull request netlify#3 from netlify/mask-access-tokens

Mask access tokens

Author: sgirones

api/github.go

@@ -7,15 +7,15 @@ import (
 	"net/url"
 	"regexp"
 	"strings"
+
+	"github.com/netlify/git-gateway/conf"
 )
 
 // GitHubGateway acts as a proxy to GitHub
 type GitHubGateway struct {
 	proxy *httputil.ReverseProxy
 }
 
-const defaultEndpoint = "https://api.github.com"
-
 var pathRegexp = regexp.MustCompile("^/github/?")
 var allowedRegexp = regexp.MustCompile("^/github/(git|contents|pulls|branches)/")
 
@@ -69,7 +69,7 @@ func (gh *GitHubGateway) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if config.GitHub.Endpoint != "" {
 		endpoint = config.GitHub.Endpoint
 	} else {
-		endpoint = defaultEndpoint
+		endpoint = conf.DefaultGitHubEndpoint
 	}
 	var apiURL string
 	if strings.HasSuffix(endpoint, "/") {

conf/configuration.go

@@ -1,13 +1,17 @@
 package conf
 
 import (
+	"encoding/json"
 	"os"
+	"strings"
 
 	"github.com/joho/godotenv"
 	"github.com/kelseyhightower/envconfig"
 	"github.com/netlify/netlify-commons/nconf"
 )
 
+const DefaultGitHubEndpoint = "https://api.github.com"
+
 type GitHubConfig struct {
 	AccessToken string `envconfig:"ACCESS_TOKEN" json:"access_token"`
 	Endpoint    string `envconfig:"ENDPOINT" json:"endpoint"`
@@ -48,6 +52,29 @@ type Configuration struct {
 	Roles  []string         `envconfig:"ROLES" json:"roles"`
 }
 
+func maskAccessToken(token string) string {
+	return strings.Repeat("*", len(token))
+}
+
+func githubEndpoint(endpoint string) string {
+	if endpoint == "" {
+		return DefaultGitHubEndpoint
+	}
+	return endpoint
+}
+
+func (gh *GitHubConfig) MarshalJSON() ([]byte, error) {
+	return json.Marshal(&struct {
+		AccessToken string `json:"access_token"`
+		Endpoint    string `json:"endpoint"`
+		Repo        string `json:"repo"`
+	}{
+		AccessToken: maskAccessToken(gh.AccessToken),
+		Endpoint:    githubEndpoint(gh.Endpoint),
+		Repo:        gh.Repo,
+	})
+}
+
 func loadEnvironment(filename string) error {
 	var err error
 	if filename != "" {