From 64cdabc88fbb88cde5f5bd5056e2d0f6524d11d7 Mon Sep 17 00:00:00 2001
From: chenminjian <727180553@qq.com>
Date: Wed, 10 Oct 2018 11:16:20 +0800
Subject: [PATCH] feat: stop apply command exposing private key over HTTP API

License: MIT
Signed-off-by: chenminjian <727180553@qq.com>
---
 core/commands/config.go       | 38 ++++++++++++++++++++++++++++++-----
 test/sharness/t0021-config.sh | 10 +++++++++
 2 files changed, 43 insertions(+), 5 deletions(-)

diff --git a/core/commands/config.go b/core/commands/config.go
index ee6dfd5ee..6dffa79c2 100644
--- a/core/commands/config.go
+++ b/core/commands/config.go
@@ -23,8 +23,8 @@ import (
 
 // ConfigUpdateOutput is config profile apply command's output
 type ConfigUpdateOutput struct {
-	Old config.Config
-	New config.Config
+	OldCfg map[string]interface{}
+	NewCfg map[string]interface{}
 }
 
 type ConfigField struct {
@@ -359,9 +359,22 @@ var configProfileApplyCmd = &cmds.Command{
 			res.SetError(err, cmdkit.ErrNormal)
 			return
 		}
+
+		oldCfgMap, err := scrubPrivKey(oldCfg)
+		if err != nil {
+			res.SetError(err, cmdkit.ErrNormal)
+			return
+		}
+
+		newCfgMap, err := scrubPrivKey(newCfg)
+		if err != nil {
+			res.SetError(err, cmdkit.ErrNormal)
+			return
+		}
+
 		res.SetOutput(&ConfigUpdateOutput{
-			Old: *oldCfg,
-			New: *newCfg,
+			OldCfg: oldCfgMap,
+			NewCfg: newCfgMap,
 		})
 	},
 	Marshalers: cmds.MarshalerMap{
@@ -380,7 +393,7 @@ var configProfileApplyCmd = &cmds.Command{
 				return nil, e.TypeErr(apply, v)
 			}
 
-			diff := jsondiff.Compare(apply.Old, apply.New)
+			diff := jsondiff.Compare(apply.OldCfg, apply.NewCfg)
 			buf := jsondiff.Format(diff)
 
 			return strings.NewReader(string(buf)), nil
@@ -404,6 +417,21 @@ func buildProfileHelp() string {
 	return out
 }
 
+// scrubPrivKey scrubs private key for security reasons.
+func scrubPrivKey(cfg *config.Config) (map[string]interface{}, error) {
+	cfgMap, err := config.ToMap(cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	err = scrubValue(cfgMap, []string{config.IdentityTag, config.PrivKeyTag})
+	if err != nil {
+		return nil, err
+	}
+
+	return cfgMap, nil
+}
+
 // transformConfig returns old config and new config instead of difference between they,
 // because apply command can provide stable API through this way.
 // If dryRun is true, repo's config should not be updated and persisted
diff --git a/test/sharness/t0021-config.sh b/test/sharness/t0021-config.sh
index ec7ba7038..46654e5f9 100755
--- a/test/sharness/t0021-config.sh
+++ b/test/sharness/t0021-config.sh
@@ -262,6 +262,16 @@ test_config_cmd() {
     test `grep "DisableNatPortMap" diff_info | wc -l` = 2
   '
 
+  test_expect_success "'ipfs config profile apply test --dry-run' doesn't include privkey" '
+    ipfs config profile apply test --dry-run > show_config &&
+    test_expect_code 1 grep PrivKey show_config
+  '
+
+  test_expect_success "'ipfs config profile apply test' doesn't include privkey" '
+    ipfs config profile apply test > show_config &&
+    test_expect_code 1 grep PrivKey show_config
+  '
+
   # won't work as it changes datastore definition, which makes ipfs not launch
   # without converting first
   # test_profile_apply_revert badgerds