Redact basic auth credentials when confirming upload URL

bin/medic-conf.js

@@ -4,6 +4,7 @@ const error = require('../src/lib/log').error;
 const fs = require('../src/lib/sync-fs');
 const info = require('../src/lib/log').info;
 const readline = require('readline-sync');
+const redactBasicAuth = require('redact-basic-auth');
 const supportedActions = require('../src/cli/supported-actions');
 const usage = require('../src/cli/usage');
 
@@ -31,7 +32,7 @@ const productionUrlMatch = /^http(?:s)?:\/\/(.*)\.app\.medicmobile\.org(?:$|\/)/
 if(productionUrlMatch && productionUrlMatch[1] !== projectName) {
   if(!readline.keyInYN('\x1b[33mWARN ' +
       `Attempting to upload configuration for \x1b[31m${projectName}\x1b[33m ` +
-      `to production instance: \x1b[31m${instanceUrl}\x1b[33m\n` +
+      `to production instance: \x1b[31m${redactBasicAuth(instanceUrl)}\x1b[33m\n` +
       'Continue?\x1b[0m')) {
     error('User failed to confirm action.');
     process.exit(1);

package.json

@@ -1,6 +1,6 @@
 {
   "name": "medic-configurer-beta",
-  "version": "1.1.3",
+  "version": "1.1.4",
   "description": "Configure Medic Mobile deployments",
   "main": "index.js",
   "scripts": {
@@ -24,6 +24,7 @@
   "dependencies": {
     "pouchdb": "^6.2.0",
     "readline-sync": "^1.4.7",
+    "redact-basic-auth": "^0.1.1",
     "request-promise-native": "^1.0.4"
   },
   "devDependencies": {

src/lib/log.js

@@ -1,3 +1,5 @@
+const redactBasicAuth = require('redact-basic-auth');
+
 module.exports = (...args) => logAtLevel('\x1b[2m', 'TRACE', ...args);
 module.exports.error = (...args) => logAtLevel('\x1b[31m', 'ERROR', ...args);
 module.exports.info = (...args) => logAtLevel('\x1b[32m', 'INFO', ...args);
@@ -13,5 +15,5 @@ function logAtLevel(color, level, ...args) {
 const redactUrls = s => {
   if(s instanceof Error) s = s.toString();
   else if(s && typeof s !== 'string') s = JSON.stringify(s);
-  return s && s.replace(/(http[s]?:\/\/[^:]*):[^@]*@/g, '$1:****@');
+  return s && redactBasicAuth(s);
 };