Added support redacting ip addresses

Author: SudoDios

README.md

@@ -138,6 +138,9 @@ Compatible with all librespeed clients :
 
     # password for logging into statistics page, fill this to enable stats page
     stats_password=""
+   
+    # redact IP addresses
+    redact_ip_addresses=false
 
     # database config for : mysql, postgres, sqlite, memory, or disable by write none
     # after restarting the service, the in-memory database is reset

configs.toml

@@ -20,6 +20,9 @@ assets_path="./assets" # Write without suffix separator
 # password for logging into statistics page, fill this to enable stats page
 stats_password=""
 
+# redact IP addresses
+redact_ip_addresses=false
+
 # database config for : mysql, postgres, sqlite, memory, or disable by write none
 # after restarting the service, the in-memory database is reset
 # if none is specified, no telemetry/stats will be recorded, and no result JPG will be generated

src/cmd.rs

@@ -10,6 +10,7 @@ pub struct Cmd {
     pub ipinfo_api_key : Option<String>,
     pub assets_path : Option<String>,
     pub stats_password : Option<String>,
+    pub redact_ip_addresses : Option<bool>,
     pub database_type : Option<String>,
     pub database_hostname : Option<String>,
     pub database_name : Option<String>,
@@ -82,6 +83,12 @@ impl Cmd {
                     .help("Specify the password for logging into statistics page")
                     .value_parser(value_parser!(String))
             )
+            .arg(
+                Arg::new("redact-ips")
+                    .long("redact-ips")
+                    .help("Redact IP addresses")
+                    .value_parser(value_parser!(bool))
+            )
             .arg(
                 Arg::new("database-type")
                     .long("database-type")
@@ -145,6 +152,7 @@ impl Cmd {
         let ipinfo_api_key : Option<String> = args.get_one::<String>("ipinfo-api-key").map(|s| s.to_owned());
         let assets_path : Option<String> = args.get_one::<String>("assets-path").map(|s| s.to_owned());
         let stats_password : Option<String> = args.get_one::<String>("stats-password").map(|s| s.to_owned());
+        let redact_ip_addresses : Option<bool> = args.get_one::<bool>("redact-ips").map(|s| s.to_owned());
         let database_type : Option<String> = args.get_one::<String>("database-type").map(|s| s.to_owned());
         let database_hostname : Option<String> = args.get_one::<String>("database-hostname").map(|s| s.to_owned());
         let database_name : Option<String> = args.get_one::<String>("database-name").map(|s| s.to_owned());
@@ -163,6 +171,7 @@ impl Cmd {
             ipinfo_api_key,
             assets_path,
             stats_password,
+            redact_ip_addresses,
             database_type,
             database_hostname,
             database_name,

src/config/mod.rs

@@ -43,6 +43,7 @@ pub struct ServerConfig {
     pub base_url : String,
     pub ipinfo_api_key : String,
     pub stats_password : String,
+    pub redact_ip_addresses : bool,
     pub assets_path : String,
     pub database_type : String,
     pub database_hostname : Option<String>,
@@ -64,6 +65,7 @@ impl Default for ServerConfig {
             base_url: "backend".to_string(),
             ipinfo_api_key: "".to_string(),
             stats_password: "".to_string(),
+            redact_ip_addresses: false,
             assets_path: "".to_string(),
             database_type: "none".to_string(),
             database_hostname: None,
@@ -191,6 +193,7 @@ fn initialize (mut config: ServerConfig,cmd : Cmd) -> std::io::Result<()> {
     config.ipinfo_api_key.set_if_some(cmd.ipinfo_api_key);
     config.assets_path.set_if_some(cmd.assets_path);
     config.stats_password.set_if_some(cmd.stats_password);
+    config.redact_ip_addresses.set_if_some(cmd.redact_ip_addresses);
     config.database_type.set_if_some(cmd.database_type);
     config.database_hostname.set_if_some(cmd.database_hostname);
     config.database_name.set_if_some(cmd.database_name);

src/results/mod.rs

@@ -1,3 +1,5 @@
+use std::net::IpAddr;
+use std::str::FromStr;
 use serde::{Deserialize, Serialize};
 
 pub mod telemetry;
@@ -17,4 +19,55 @@ pub struct TelemetryData {
     pub log : String,
     pub uuid : String,
     pub timestamp : i64,
-}
+}
+
+pub fn redact_hostname(s: &mut String, replacement: &str) {
+    let mut result = String::with_capacity(s.len());
+    let mut idx = 0;
+    while let Some(start_relative) = s[idx..].find("\"hostname\":\"") {
+        let start = start_relative + idx;
+        result.push_str(&s[idx..start]);
+        result.push_str(replacement);
+        let value_start = start + "\"hostname\":\"".len();
+        if let Some(end_relative) = s[value_start..].find('\"') {
+            let end = value_start + end_relative + 1;
+            idx = end;
+        } else {
+            break;
+        }
+    }
+    result.push_str(&s[idx..]);
+    *s = result
+}
+
+pub fn redact_all_ips(s: &mut String, replacement: &str) {
+    let mut result = String::with_capacity(s.len());
+    let chars: Vec<char> = s.chars().collect();
+    let len = chars.len();
+    let mut idx = 0;
+    while idx < len {
+        let max_ip_length = 39; // IPV6 max len
+        let remaining = len - idx;
+        let max_len = if remaining < max_ip_length { remaining } else { max_ip_length };
+        let mut replaced = false;
+        for l in (2..=max_len).rev() {
+            let end = idx + l;
+            if end > len {
+                continue;
+            }
+            let substr: String = chars[idx..end].iter().collect();
+            if IpAddr::from_str(&substr).is_ok() {
+                result.push_str(replacement);
+                idx += l;
+                replaced = true;
+                break;
+            }
+        }
+        if replaced {
+            continue;
+        }
+        result.push(chars[idx]);
+        idx += 1;
+    }
+    *s = result
+}

src/results/telemetry.rs

@@ -9,28 +9,40 @@ use imageproc::rect::Rect;
 use log::error;
 use tokio::sync::Mutex;
 
-use crate::config::FONT;
+use crate::config::{FONT, SERVER_CONFIG};
 use crate::config::time::{convert_time_local, get_current_millis};
 use crate::database::{Database, generate_uuid};
 use crate::http::request::Request;
+use crate::results;
 use crate::ip::ip_info::IPInfo;
 use crate::results::TelemetryData;
 
 pub async fn record_result (request : &Request, database : &mut Arc<Mutex<dyn Database + Send>>) -> std::io::Result<String> {
     let default = "".to_string();
-    let isp_info = request.form_data.get("ispinfo").unwrap_or(&default);
+    let mut ip_address = request.remote_addr.to_string();
+    let mut isp_info = request.form_data.get("ispinfo").unwrap_or(&default).clone();
     let extra = request.form_data.get("extra").unwrap_or(&default);
     let ua = request.headers.get("User-Agent").unwrap_or(&default);
     let lang = request.headers.get("Accept-Language").unwrap_or(&default);
     let dl = request.form_data.get("dl").unwrap_or(&default);
     let ul = request.form_data.get("ul").unwrap_or(&default);
     let ping = request.form_data.get("ping").unwrap_or(&default);
     let jitter = request.form_data.get("jitter").unwrap_or(&default);
-    let log = request.form_data.get("log").unwrap_or(&default);
+    let mut log = request.form_data.get("log").unwrap_or(&default).clone();
     let uuid = generate_uuid();
-    let mut data = database.lock().await;
-    let insert_db = data.insert(TelemetryData {
-        ip_address: request.remote_addr.to_string(),
+
+    let config = SERVER_CONFIG.get().unwrap();
+    if config.redact_ip_addresses {
+        ip_address = "0.0.0.0".to_string();
+        results::redact_hostname(&mut isp_info,"\"hostname\":\"REDACTED\"");
+        results::redact_all_ips(&mut isp_info,"0.0.0.0");
+        results::redact_hostname(&mut log,"\"hostname\":\"REDACTED\"");
+        results::redact_all_ips(&mut log,"0.0.0.0");
+    }
+
+    let mut database = database.lock().await;
+    let insert_db = database.insert(TelemetryData {
+        ip_address,
         isp_info: isp_info.to_string(),
         extra: extra.to_string(),
         user_agent: ua.to_string(),