make logs more secure

Author: zyxkad

README.MD

@@ -232,10 +232,12 @@ webdav-users:
         # 密码
         password: example-password
 
-# 以下为高级选项, 通常用于调试. ** 如果不理解其工作原理请不要碰 **
+# 以下为高级选项, 通常用于调试. **❌ 如果不理解其工作原理请不要碰 ❌**
 advanced:
   # 是否打印调试日志
   debug-log: false
+  # 是否记录 socket.io 流的日志 (仅在打开 debug-log 后才会输出到标准输出)
+  socket-io-log: false
   # 是否仅从主服务器下载文件
   noopen: false
   # 跳过文件哈希值校验
@@ -252,6 +254,8 @@ advanced:
   exit-when-disconnected: false
   # 不执行快速上线
   no-fast-enable: false
+  # 上线前等待几秒
+  wait-before-enable: 0
 
 ```
 

api.go

@@ -104,7 +104,6 @@ func (cr *Cluster) generateAuthToken(cliId string) (string, error) {
 }
 
 func (cr *Cluster) verifyAuthToken(cliId string, token string) (id string) {
-	logDebugf("Authorizing %q", token)
 	t, err := jwt.Parse(
 		token,
 		func(t *jwt.Token) (interface{}, error) {
@@ -135,7 +134,6 @@ func (cr *Cluster) verifyAuthToken(cliId string, token string) (id string) {
 		logDebugf("Cannot verity auth token: jti not exists")
 		return ""
 	}
-	logDebugf("JTI is %s", jti)
 	return jti
 }
 
@@ -162,7 +160,6 @@ func (cr *Cluster) generateAPIToken(cliId string, path string) (string, error) {
 }
 
 func (cr *Cluster) verifyAPIToken(cliId string, token string, path string) (id string) {
-	logDebugf("Authorizing %q for %q", token, path)
 	t, err := jwt.Parse(
 		token,
 		func(t *jwt.Token) (interface{}, error) {
@@ -193,7 +190,6 @@ func (cr *Cluster) verifyAPIToken(cliId string, token string, path string) (id s
 		logDebugf("Cannot verity api token: jti not exists")
 		return ""
 	}
-	logDebugf("JTI is %s", jti)
 	return jti
 }
 

cluster.go

@@ -214,7 +214,7 @@ func (cr *Cluster) Connect(ctx context.Context) bool {
 
 	cr.reconnectCount = 0
 
-	if config.Advanced.DebugLog {
+	if config.Advanced.SocketIOLog {
 		engio.OnRecv(func(_ *engine.Socket, data []byte) {
 			logDebugf("Engine.IO recv: %q", (string)(data))
 		})

config.go

@@ -32,6 +32,7 @@ import (
 
 type AdvancedConfig struct {
 	DebugLog             bool `yaml:"debug-log"`
+	SocketIOLog          bool `yaml:"socket-io-log"`
 	NoOpen               bool `yaml:"noopen"`
 	NoHeavyCheck         bool `yaml:"no-heavy-check"`
 	HeavyCheckInterval   int  `yaml:"heavy-check-interval"`

config.yaml

@@ -37,6 +37,7 @@ webdav-users:
     password: example-password
 advanced:
   debug-log: false
+  socket-io-log: false
   noopen: false
   no-heavy-check: false
   heavy-check-interval: 120
@@ -45,3 +46,4 @@ advanced:
   skip-signature-check: false
   exit-when-disconnected: false
   no-fast-enable: false
+  wait-before-enable: 0

token.go

@@ -81,8 +81,6 @@ func (cr *Cluster) fetchToken(ctx context.Context) (token *ClusterToken, err err
 		return
 	}
 
-	logDebugf("Token Challenge: %s", res1.Challenge)
-
 	var buf [32]byte
 	hs := hmac.New(crypto.SHA256.New, ([]byte)(cr.clusterSecret))
 	hs.Write(([]byte)(res1.Challenge))
@@ -98,8 +96,6 @@ func (cr *Cluster) fetchToken(ctx context.Context) (token *ClusterToken, err err
 		Signature: signature,
 	})
 
-	logDebugf("Payload: %s", (string)(payload))
-
 	req, err = cr.makeReqWithBody(ctx, http.MethodPost, "/openbmclapi-agent/token", nil, bytes.NewReader(payload))
 	if err != nil {
 		return