nautilus_tardis/common/credential.rs
1// -------------------------------------------------------------------------------------------------
2// Copyright (C) 2015-2025 Nautech Systems Pty Ltd. All rights reserved.
3// https://nautechsystems.io
4//
5// Licensed under the GNU Lesser General Public License Version 3.0 (the "License");
6// You may not use this file except in compliance with the License.
7// You may obtain a copy of the License at https://www.gnu.org/licenses/lgpl-3.0.en.html
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14// -------------------------------------------------------------------------------------------------
15
16//! Tardis API credential storage.
17
18use std::fmt::{Debug, Formatter};
19
20use zeroize::ZeroizeOnDrop;
21
22/// API credentials required for Tardis API requests.
23#[derive(Clone, ZeroizeOnDrop)]
24pub struct Credential {
25 api_key: Box<[u8]>,
26}
27
28impl Debug for Credential {
29 fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
30 f.debug_struct("Credential")
31 .field("api_key", &"<redacted>")
32 .finish()
33 }
34}
35
36impl Credential {
37 /// Creates a new [`Credential`] instance from the API key.
38 #[must_use]
39 pub fn new(api_key: impl Into<String>) -> Self {
40 let api_key_bytes = api_key.into().into_bytes();
41
42 Self {
43 api_key: api_key_bytes.into_boxed_slice(),
44 }
45 }
46
47 /// Returns the API key associated with this credential.
48 ///
49 /// # Panics
50 ///
51 /// This method should never panic as the API key is always valid UTF-8,
52 /// having been created from a String.
53 #[must_use]
54 pub fn api_key(&self) -> &str {
55 // SAFETY: The API key is always valid UTF-8 since it was created from a String
56 std::str::from_utf8(&self.api_key).unwrap()
57 }
58
59 /// Returns a masked version of the API key for logging purposes.
60 ///
61 /// Shows first 4 and last 4 characters with ellipsis in between.
62 /// For keys shorter than 8 characters, shows asterisks only.
63 #[must_use]
64 pub fn api_key_masked(&self) -> String {
65 nautilus_core::string::mask_api_key(self.api_key())
66 }
67}
68
69////////////////////////////////////////////////////////////////////////////////
70// Tests
71////////////////////////////////////////////////////////////////////////////////
72
73#[cfg(test)]
74mod tests {
75 use rstest::rstest;
76
77 use super::*;
78
79 #[rstest]
80 fn test_api_key_masked_short() {
81 let credential = Credential::new("short");
82 assert_eq!(credential.api_key_masked(), "*****");
83 }
84
85 #[rstest]
86 fn test_api_key_masked_long() {
87 let credential = Credential::new("abcdefghijklmnop");
88 assert_eq!(credential.api_key_masked(), "abcd...mnop");
89 }
90
91 #[rstest]
92 fn test_debug_redaction() {
93 let credential = Credential::new("test_api_key");
94 let debug_str = format!("{credential:?}");
95 assert!(debug_str.contains("<redacted>"));
96 assert!(!debug_str.contains("test_api_key"));
97 }
98}