chore: add masked token in logs for debug purposes

TimilsinaBimal · TimilsinaBimal · commit e1dfb74f5ea4 · 2025-11-23T19:47:11.000+05:45
diff --git a/app/api/endpoints/catalogs.py b/app/api/endpoints/catalogs.py
@@ -4,7 +4,7 @@
 from app.services.catalog_updater import refresh_catalogs_for_credentials
 from app.services.recommendation_service import RecommendationService
 from app.services.stremio_service import StremioService
-from app.utils import resolve_user_credentials
+from app.utils import redact_token, resolve_user_credentials
 
 router = APIRouter()
 
@@ -32,7 +32,7 @@ async def get_catalog(
             detail="Missing credentials token. Please open Watchly from a configured manifest URL.",
         )
 
-    logger.info(f"Fetching catalog for {type} with id {id}")
+    logger.info(f"[{redact_token(token)}] Fetching catalog for {type} with id {id}")
 
     credentials = await resolve_user_credentials(token)
 
@@ -84,7 +84,7 @@ async def get_catalog(
     except HTTPException:
         raise
     except Exception as e:
-        logger.error(f"Error fetching catalog for {type}/{id}: {e}", exc_info=True)
+        logger.error(f"[{redact_token(token)}] Error fetching catalog for {type}/{id}: {e}", exc_info=True)
         raise HTTPException(status_code=500, detail=str(e))
 
 
@@ -96,7 +96,7 @@ async def update_catalogs(token: str):
     # Decode credentials from path
     credentials = await resolve_user_credentials(token)
 
-    logger.info("Updating catalogs in response to manual request")
+    logger.info(f"[{redact_token(token)}] Updating catalogs in response to manual request")
     updated = await refresh_catalogs_for_credentials(credentials)
     logger.info(f"Manual catalog update completed: {updated}")
     return {"success": updated}
diff --git a/app/api/endpoints/tokens.py b/app/api/endpoints/tokens.py
@@ -8,6 +8,7 @@
 from app.services.catalog_updater import refresh_catalogs_for_credentials
 from app.services.stremio_service import StremioService
 from app.services.token_store import token_store
+from app.utils import redact_token
 
 router = APIRouter(prefix="/tokens", tags=["tokens"])
 
@@ -106,6 +107,7 @@ async def create_token(payload: TokenRequest, request: Request) -> TokenResponse
 
     try:
         token, created = await token_store.store_payload(payload_to_store)
+        logger.info(f"[{redact_token(token)}] Token {'created' if created else 'updated'}")
     except RuntimeError as exc:
         logger.error("Token storage failed: {}", exc)
         raise HTTPException(
@@ -123,7 +125,7 @@ async def create_token(payload: TokenRequest, request: Request) -> TokenResponse
         try:
             await refresh_catalogs_for_credentials(payload_to_store, auth_key=verified_auth_key)
         except Exception as exc:  # pragma: no cover - remote dependency
-            logger.error("Initial catalog refresh failed: {}", exc, exc_info=True)
+            logger.error(f"[{redact_token(token)}] Initial catalog refresh failed: {{}}", exc, exc_info=True)
             await token_store.delete_token(token)
             raise HTTPException(
                 status_code=502,
diff --git a/app/core/config.py b/app/core/config.py
@@ -17,13 +17,13 @@ class Settings(BaseSettings):
     PORT: int = 8000
     ADDON_ID: str = "com.bimal.watchly"
     ADDON_NAME: str = "Watchly"
-    APP_VERSION: str = "0.1.1"
-    REDIS_URL: str = "redis://localhost:6379/0"
+    APP_VERSION: str = "0.1.3"
+    REDIS_URL: str = "redis://redis:6379/0"
     TOKEN_SALT: str = "change-me"
     TOKEN_TTL_SECONDS: int = 0  # 0 = never expire
     ANNOUNCEMENT_HTML: str = ""
     AUTO_UPDATE_CATALOGS: bool = True
-    CATALOG_REFRESH_INTERVAL_SECONDS: int = 60  # 6 hours
+    CATALOG_REFRESH_INTERVAL_SECONDS: int = 6 * 60 * 60  # 6 hours
     APP_ENV: Literal["development", "production"] = "development"
     HOST_NAME: str = "https://1ccea4301587-watchly.baby-beamup.club"
 
diff --git a/app/services/catalog_updater.py b/app/services/catalog_updater.py
@@ -8,6 +8,7 @@
 from app.services.catalog import DynamicCatalogService
 from app.services.stremio_service import StremioService
 from app.services.token_store import token_store
+from app.utils import redact_token
 
 # Max number of concurrent updates to prevent overwhelming external APIs
 MAX_CONCURRENT_UPDATES = 5
@@ -26,9 +27,9 @@ async def refresh_catalogs_for_credentials(credentials: dict[str, Any], auth_key
 
         catalogs = await dynamic_catalog_service.get_watched_loved_catalogs(library_items=library_items)
         catalogs += await dynamic_catalog_service.get_genre_based_catalogs(library_items=library_items)
-        logger.info(
-            f"Prepared {len(catalogs)} catalogs for {credentials.get('authKey') or credentials.get('username')}"
-        )
+        auth_key_or_username = credentials.get("authKey") or credentials.get("username")
+        redacted = redact_token(auth_key_or_username) if auth_key_or_username else "unknown"
+        logger.info(f"[{redacted}] Prepared {len(catalogs)} catalogs")
         auth_key = await stremio_service.get_auth_key()
         return await stremio_service.update_catalogs(catalogs, auth_key)
     finally:
diff --git a/app/utils.py b/app/utils.py
@@ -5,6 +5,25 @@
 from app.services.token_store import token_store
 
 
+def redact_token(token: str | None, visible_chars: int = 8) -> str:
+    """
+    Redact a token for logging purposes.
+    Shows first few characters followed by *** for debugging.
+
+    Args:
+        token: The token to redact
+        visible_chars: Number of characters to show before redaction (default: 8)
+
+    Returns:
+        Redacted token string (e.g., "ksfjads***" or "None" if token is None)
+    """
+    if not token:
+        return "None"
+    if len(token) <= visible_chars:
+        return "***"
+    return f"{token[:visible_chars]}***"
+
+
 async def resolve_user_credentials(token: str) -> dict[str, Any]:
     """Resolve credentials from Redis token."""
     if not token:
