feat: Introduce token redaction utility and apply it to log messages for enhanced security.

Author: TimilsinaBimal

app/api/endpoints/catalogs.py

@@ -3,6 +3,7 @@
 from fastapi import APIRouter, HTTPException, Response
 from loguru import logger
 
+from app.core.security import redact_token
 from app.core.settings import UserSettings, get_default_settings
 from app.services.catalog_updater import refresh_catalogs_for_credentials
 from app.services.recommendation_service import RecommendationService
@@ -40,7 +41,7 @@ async def get_catalog(type: str, id: str, response: Response, token: str):
             ),
         )
 
-    logger.info(f"[{token}] Fetching catalog for {type} with id {id}")
+    logger.info(f"[{redact_token(token)}] Fetching catalog for {type} with id {id}")
 
     credentials = await token_store.get_user_data(token)
     if not credentials:
@@ -88,7 +89,7 @@ async def get_catalog(type: str, id: str, response: Response, token: str):
     except HTTPException:
         raise
     except Exception as e:
-        logger.exception(f"[{token}] Error fetching catalog for {type}/{id}: {e}")
+        logger.exception(f"[{redact_token(token)}] Error fetching catalog for {type}/{id}: {e}")
         raise HTTPException(status_code=500, detail=str(e))
 
 
@@ -100,7 +101,7 @@ async def update_catalogs(token: str):
     # Decode credentials from path
     credentials = await token_store.get_user_data(token)
 
-    logger.info(f"[{token}] Updating catalogs in response to manual request")
+    logger.info(f"[{redact_token(token)}] Updating catalogs in response to manual request")
     updated = await refresh_catalogs_for_credentials(token, credentials)
     logger.info(f"Manual catalog update completed: {updated}")
     return {"success": updated}

app/api/endpoints/tokens.py

@@ -5,6 +5,7 @@
 from redis import exceptions as redis_exceptions
 
 from app.core.config import settings
+from app.core.security import redact_token
 from app.core.settings import CatalogConfig, UserSettings, get_default_settings
 from app.services.stremio_service import StremioService
 from app.services.token_store import token_store
@@ -93,8 +94,6 @@ async def create_token(payload: TokenRequest, request: Request) -> TokenResponse
     # 2. Check if user already exists
     token = token_store.get_token_from_user_id(user_id)
     existing_data = await token_store.get_user_data(token)
-    if not existing_data:
-        raise HTTPException(status_code=401, detail="Invalid or expired token. Please reconfigure the addon.")
 
     # 3. Construct Settings
     default_settings = get_default_settings()
@@ -122,7 +121,7 @@ async def create_token(payload: TokenRequest, request: Request) -> TokenResponse
     # 6. Store user data
     try:
         token = await token_store.store_user_data(user_id, payload_to_store)
-        logger.info(f"[{token}] Account {'created' if is_new_account else 'updated'} for user {user_id}")
+        logger.info(f"[{redact_token(token)}] Account {'created' if is_new_account else 'updated'} for user {user_id}")
     except RuntimeError as exc:
         raise HTTPException(status_code=500, detail="Server configuration error.") from exc
     except (redis_exceptions.RedisError, OSError) as exc:
@@ -199,7 +198,7 @@ async def delete_token(payload: TokenRequest):
 
         # Delete the token
         await token_store.delete_token(token)
-        logger.info(f"[{token}] Token deleted for user {user_id}")
+        logger.info(f"[{redact_token(token)}] Token deleted for user {user_id}")
         return {"detail": "Settings deleted successfully"}
     except HTTPException:
         raise

app/core/security.py

@@ -0,0 +1,10 @@
+def redact_token(token: str | None) -> str:
+    """
+    Redact a token for logging purposes.
+    Shows the first 6 characters followed by ***.
+    """
+    if not token:
+        return "None"
+    if len(token) <= 6:
+        return token
+    return f"{token[:6]}***"

app/services/catalog_updater.py

@@ -8,6 +8,7 @@
 from loguru import logger
 
 from app.core.config import settings
+from app.core.security import redact_token
 from app.core.settings import UserSettings, get_default_settings
 from app.services.catalog import DynamicCatalogService
 from app.services.stremio_service import StremioService
@@ -19,7 +20,7 @@
 
 async def refresh_catalogs_for_credentials(token: str, credentials: dict[str, Any]) -> bool:
     if not credentials:
-        logger.warning(f"[{token}] Attempted to refresh catalogs with no credentials.")
+        logger.warning(f"[{redact_token(token)}] Attempted to refresh catalogs with no credentials.")
         raise HTTPException(status_code=401, detail="Invalid or expired token. Please reconfigure the addon.")
 
     auth_key = credentials.get("authKey")
@@ -49,7 +50,7 @@ async def refresh_catalogs_for_credentials(token: str, credentials: dict[str, An
         catalogs = await dynamic_catalog_service.get_dynamic_catalogs(
             library_items=library_items, user_settings=user_settings
         )
-        logger.info(f"[{token}] Prepared {len(catalogs)} catalogs")
+        logger.info(f"[{redact_token(token)}] Prepared {len(catalogs)} catalogs")
         return await stremio_service.update_catalogs(catalogs, auth_key)
     except Exception as e:
         logger.exception(f"Failed to update catalogs: {e}", exc_info=True)
@@ -118,18 +119,18 @@ async def refresh_all_tokens(self) -> None:
         async def _update_safe(key: str, payload: dict[str, Any]) -> None:
             if not payload.get("authKey"):
                 logger.debug(
-                    f"Skipping token {key} with incomplete credentials",
+                    f"Skipping token {redact_token(key)} with incomplete credentials",
                 )
                 return
 
             async with sem:
                 try:
                     updated = await refresh_catalogs_for_credentials(key, payload)
                     logger.info(
-                        f"Background refresh for {key} completed (updated={updated})",
+                        f"Background refresh for {redact_token(key)} completed (updated={updated})",
                     )
                 except Exception as exc:
-                    logger.error(f"Background refresh failed for {key}: {exc}", exc_info=True)
+                    logger.error(f"Background refresh failed for {redact_token(key)}: {exc}", exc_info=True)
 
         try:
             async for key, payload in token_store.iter_payloads():

app/services/token_store.py

@@ -11,6 +11,7 @@
 from loguru import logger
 
 from app.core.config import settings
+from app.core.security import redact_token
 
 
 class TokenStore:
@@ -20,6 +21,7 @@ class TokenStore:
 
     def __init__(self) -> None:
         self._client: redis.Redis | None = None
+        self._cipher: Fernet | None = None
         # Cache decrypted payloads for 1 day (86400s) to reduce Redis hits
         # Max size 5000 allows many active users without eviction
         self._payload_cache: TTLCache = TTLCache(maxsize=5000, ttl=86400)
@@ -148,7 +150,7 @@ async def iter_payloads(self) -> AsyncIterator[tuple[str, dict[str, Any]]]:
                 try:
                     data_raw = await client.get(key)
                 except (redis.RedisError, OSError) as exc:
-                    logger.warning(f"Failed to fetch payload for {key}: {exc}")
+                    logger.warning(f"Failed to fetch payload for {redact_token(key)}: {exc}")
                     continue
 
                 if not data_raw:
@@ -157,7 +159,7 @@ async def iter_payloads(self) -> AsyncIterator[tuple[str, dict[str, Any]]]:
                 try:
                     payload = json.loads(data_raw)
                 except json.JSONDecodeError:
-                    logger.warning(f"Failed to decode payload for key {key}. Skipping.")
+                    logger.warning(f"Failed to decode payload for key {redact_token(key)}. Skipping.")
                     continue
 
                 yield key, payload