yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: redact credentials from Redis URL in rate-limit error messages

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Brown
2026-03-04 14:09:10 -07:00
committed by Abhimanyu Saharan
parent c5716897d7
commit a30b94c887
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/app/core/rate_limit.py
View File

@@ -125,6 +125,20 @@ class RedisRateLimiter(RateLimiter):
return count <= self._max_requests
def _redact_url(url: str) -> str:
"""Strip userinfo (credentials) from a Redis URL for safe logging."""
from urllib.parse import urlparse, urlunparse
parsed = urlparse(url)
if parsed.username or parsed.password:
# Replace user:pass@host with ***@host
redacted_netloc = f"***@{parsed.hostname}"
if parsed.port:
redacted_netloc += f":{parsed.port}"
return urlunparse(parsed._replace(netloc=redacted_netloc))
return url
def validate_rate_limit_redis(redis_url: str) -> None:
"""Verify Redis is reachable. Raises ``ConnectionError`` on failure."""
client = redis_lib.Redis.from_url(redis_url)
@@ -132,7 +146,7 @@ def validate_rate_limit_redis(redis_url: str) -> None:
client.ping()
except Exception as exc:
raise ConnectionError(
f"Redis rate-limit backend configured but unreachable at {redis_url}: {exc}",
f"Redis rate-limit backend configured but unreachable at {_redact_url(redis_url)}: {exc}",
) from exc
finally:
client.close()