added mask to mobygames api

rommapp · Nov 27, 2024 · 213e62b · 213e62b
1 parent 9bdea91
commit 213e62b
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 5 deletions.
diff --git a/backend/handler/metadata/base_hander.py b/backend/handler/metadata/base_hander.py
@@ -195,17 +195,28 @@ async def _mame_format(self, search_term: str) -> str:
     def _mask_sensitive_values(self, values: dict[str, str]) -> dict[str, str]:
         """
         Mask sensitive values (headers or params), leaving only the first 3 and last 3 characters of the token.
+        This is valid for a dictionary with any of the following keys:
+            - "Authorization" (Bearer token)
+            - "Client-ID"
+            - "Client-Secret"
+            - "client_id"
+            - "client_secret"
+            - "api_key"
         """
         return {
             key: (
-                # Mask 'Authorization' Bearer tokens
                 f"Bearer {values[key].split(' ')[1][:3]}***{values[key].split(' ')[1][-3:]}"
                 if key == "Authorization" and values[key].startswith("Bearer ")
-                # Mask 'Client-ID' and 'Client-Secret'
                 else (
                     f"{values[key][:3]}***{values[key][-3:]}"
                     if key
-                    in {"Client-ID", "Client-Secret", "client_id", "client_secret"}
+                    in {
+                        "Client-ID",
+                        "Client-Secret",
+                        "client_id",
+                        "client_secret",
+                        "api_key",
+                    }
                     # Leave other keys unchanged
                     else values[key]
                 )

diff --git a/backend/handler/metadata/moby_handler.py b/backend/handler/metadata/moby_handler.py
@@ -85,10 +85,13 @@ def __init__(self) -> None:
     async def _request(self, url: str, timeout: int = 120) -> dict:
         httpx_client = ctx_httpx_client.get()
         authorized_url = yarl.URL(url).update_query(api_key=MOBYGAMES_API_KEY)
+        masked_url = authorized_url.with_query(
+            self._mask_sensitive_values(dict(authorized_url.query))
+        )
 
         log.debug(
             "API request: URL=%s, Timeout=%s",
-            authorized_url,
+            masked_url,
             timeout,
         )
 
@@ -116,7 +119,7 @@ async def _request(self, url: str, timeout: int = 120) -> dict:
                 return {}
         except httpx.TimeoutException:
             log.debug(
-                "Request to URL=%s timed out. Retrying with URL=%s", authorized_url, url
+                "Request to URL=%s timed out. Retrying with URL=%s", masked_url, url
             )
             # Retry the request once if it times out
         try: