From c048bde330b0bacec6a4f0d71161c2a94ba15023 Mon Sep 17 00:00:00 2001
From: Liang Ding <d@b3log.org>
Date: Sat, 8 Oct 2022 10:57:20 +0800
Subject: [PATCH] =?UTF-8?q?:lock:=20=E5=86=85=E6=A0=B8=E6=8E=A5=E5=8F=A3?=
 =?UTF-8?q?=20`api/system/getConf`=20=E8=84=B1=E6=95=8F=E5=A4=84=E7=90=86?=
 =?UTF-8?q?=20Fix=20https://github.com/siyuan-note/siyuan/issues/6088?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 kernel/api/system.go | 13 ++++++++++++-
 kernel/model/conf.go | 23 +++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/kernel/api/system.go b/kernel/api/system.go
index 2c1936532..59426c573 100644
--- a/kernel/api/system.go
+++ b/kernel/api/system.go
@@ -146,8 +146,15 @@ func getConf(c *gin.Context) {
 	ret := gulu.Ret.NewResult()
 	defer c.JSON(http.StatusOK, ret)
 
+	maskedConf, err := model.GetMaskedConf()
+	if nil != err {
+		ret.Code = -1
+		ret.Msg = "get conf failed: " + err.Error()
+		return
+	}
+
 	ret.Data = map[string]interface{}{
-		"conf":  model.Conf,
+		"conf":  maskedConf,
 		"start": start,
 	}
 
@@ -193,6 +200,10 @@ func setAccessAuthCode(c *gin.Context) {
 	}
 
 	aac := arg["accessAuthCode"].(string)
+	if model.MaskedAccessAuthCode == aac {
+		aac = model.Conf.AccessAuthCode
+	}
+
 	model.Conf.AccessAuthCode = aac
 	model.Conf.Save()
 
diff --git a/kernel/model/conf.go b/kernel/model/conf.go
index 57d663a66..ad9caec3c 100644
--- a/kernel/model/conf.go
+++ b/kernel/model/conf.go
@@ -582,6 +582,29 @@ func IsSubscriber() bool {
 	return nil != Conf.User && (-1 == Conf.User.UserSiYuanProExpireTime || 0 < Conf.User.UserSiYuanProExpireTime) && 0 == Conf.User.UserSiYuanSubscriptionStatus
 }
 
+const (
+	MaskedUserData       = ""
+	MaskedAccessAuthCode = "*******"
+)
+
+func GetMaskedConf() (ret *AppConf, err error) {
+	// 脱敏处理
+	data, err := gulu.JSON.MarshalIndentJSON(Conf, "", "  ")
+	if nil != err {
+		logging.LogErrorf("marshal conf failed: %s", err)
+		return
+	}
+	ret = &AppConf{}
+	if err = gulu.JSON.UnmarshalJSON(data, ret); nil != err {
+		logging.LogErrorf("unmarshal conf failed: %s", err)
+		return
+	}
+
+	ret.UserData = MaskedUserData
+	ret.AccessAuthCode = MaskedAccessAuthCode
+	return
+}
+
 func clearWorkspaceTemp() {
 	os.RemoveAll(filepath.Join(util.TempDir, "bazaar"))
 	os.RemoveAll(filepath.Join(util.TempDir, "export"))