Issue UI: redact private data like (user, locations, ...) (#25039)

Author: Copilot

assets/js/views/Issue.vue

@@ -475,7 +475,8 @@ export default defineComponent({
 
 				for (const endpoint of endpoints) {
 					try {
-						const response = await api.get(endpoint);
+						// Add private=false for device endpoints to hide private data in bug reports
+						const response = await api.get(endpoint, { params: { private: false } });
 						if (response.data && Object.keys(response.data).length > 0) {
 							const key = endpoint.replace("config/", "").replace("devices/", "");
 							let data = response.data;

cmd/config.go

@@ -5,6 +5,7 @@ import (
 	"strings"
 
 	"github.com/evcc-io/evcc/util/config"
+	"github.com/evcc-io/evcc/util/redact"
 	"github.com/evcc-io/evcc/util/templates"
 	"github.com/spf13/cobra"
 )
@@ -54,7 +55,7 @@ func runConfig(cmd *cobra.Command, args []string) {
 			}
 
 			for _, c := range configurable {
-				fmt.Println(config.NameForID(c.ID), fmt.Sprintf("%+v", c.Properties), redactMap(c.Data))
+				fmt.Println(config.NameForID(c.ID), fmt.Sprintf("%+v", c.Properties), redact.Map(c.Data))
 			}
 
 			fmt.Println("")

cmd/discuss.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/cli/browser"
 	"github.com/evcc-io/evcc/util"
+	"github.com/evcc-io/evcc/util/redact"
 	"github.com/spf13/cobra"
 )
 
@@ -44,7 +45,7 @@ func runDiscuss(cmd *cobra.Command, args []string) {
 
 	var redacted string
 	if src, err := os.ReadFile(cfgFile); err == nil {
-		redacted = redact(string(src))
+		redacted = redact.String(string(src))
 	}
 
 	tmpl := template.Must(template.New("discuss").Parse(discussTmpl))

cmd/dump.go

@@ -13,6 +13,7 @@ import (
 	"github.com/evcc-io/evcc/core"
 	"github.com/evcc-io/evcc/util"
 	"github.com/evcc-io/evcc/util/config"
+	"github.com/evcc-io/evcc/util/redact"
 	"github.com/spf13/cobra"
 )
 
@@ -67,7 +68,7 @@ func runDump(cmd *cobra.Command, args []string) {
 
 		var redacted string
 		if src, err := os.ReadFile(cfgFile); err == nil {
-			redacted = redact(string(src))
+			redacted = redact.String(string(src))
 		}
 
 		tmpl := template.Must(

cmd/helper.go

@@ -49,14 +49,6 @@ func unwrap(err error) (res []string) {
 	return
 }
 
-func redact(src string) string {
-	return util.RedactConfigString(src)
-}
-
-func redactMap(src map[string]any) map[string]any {
-	return util.RedactConfigMap(src)
-}
-
 // fatal logs a fatal error and runs shutdown functions before terminating
 func fatal(err error) {
 	log.FATAL.Println(err)

cmd/root_test.go

@@ -6,6 +6,8 @@ import (
 	"reflect"
 	"strings"
 	"testing"
+
+	"github.com/evcc-io/evcc/util/redact"
 )
 
 func TestUnwrap(t *testing.T) {
@@ -23,17 +25,17 @@ func TestRedact(t *testing.T) {
 	sponsortoken: geheim
 	user: geheim
 	password: geheim
-	secret: geheim
+	clientsecret: geheim
 	token:
-		access: geheim
-		refresh: geheim
+		accesstoken: geheim
+		refreshtoken: geheim
 	pin: geheim
 	mac: geheim
-	secret: geheim # comment
-	secret : geheim
+	clientsecret: geheim # comment
+	clientsecret : geheim
 	`
 
-	if res := redact(secret); strings.Contains(res, "geheim") || !strings.Contains(res, "public") {
+	if res := redact.String(secret); strings.Contains(res, "geheim") || !strings.Contains(res, "public") {
 		t.Errorf("secret exposed: %v", res)
 	}
 }

playwright.config.ts

@@ -15,6 +15,7 @@ export default defineConfig({
     video: "on-first-retry",
     screenshot: "only-on-failure",
     permissions: ["clipboard-write"],
+    actionTimeout: 20000, // 20s for individual actions
   },
   projects: [
     {

server/http_config_device_handler.go

@@ -23,11 +23,11 @@ import (
 	"go.yaml.in/yaml/v4"
 )
 
-func devicesConfig[T any](class templates.Class, h config.Handler[T]) ([]map[string]any, error) {
+func devicesConfig[T any](class templates.Class, h config.Handler[T], hidePrivate bool) ([]map[string]any, error) {
 	var res []map[string]any
 
 	for _, dev := range h.Devices() {
-		dc, err := deviceConfigMap(class, dev)
+		dc, err := deviceConfigMap(class, dev, hidePrivate)
 		if err != nil {
 			return nil, err
 		}
@@ -54,20 +54,23 @@ func devicesConfigHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Check if private data should be hidden (default: true, showing private data)
+	hidePrivate := r.URL.Query().Get("private") == "false"
+
 	var res []map[string]any
 
 	switch class {
 	case templates.Meter:
-		res, err = devicesConfig(class, config.Meters())
+		res, err = devicesConfig(class, config.Meters(), hidePrivate)
 
 	case templates.Charger:
-		res, err = devicesConfig(class, config.Chargers())
+		res, err = devicesConfig(class, config.Chargers(), hidePrivate)
 
 	case templates.Vehicle:
-		res, err = devicesConfig(class, config.Vehicles())
+		res, err = devicesConfig(class, config.Vehicles(), hidePrivate)
 
 	case templates.Circuit:
-		res, err = devicesConfig(class, config.Circuits())
+		res, err = devicesConfig(class, config.Circuits(), hidePrivate)
 	}
 
 	if err != nil {
@@ -78,7 +81,7 @@ func devicesConfigHandler(w http.ResponseWriter, r *http.Request) {
 	jsonWrite(w, res)
 }
 
-func deviceConfigMap[T any](class templates.Class, dev config.Device[T]) (map[string]any, error) {
+func deviceConfigMap[T any](class templates.Class, dev config.Device[T], hidePrivate bool) (map[string]any, error) {
 	conf := dev.Config()
 
 	dc := map[string]any{
@@ -102,7 +105,7 @@ func deviceConfigMap[T any](class templates.Class, dev config.Device[T]) (map[st
 		}
 
 		if conf.Type == typeTemplate {
-			params, err := sanitizeMasked(class, conf.Other)
+			params, err := sanitizeMasked(class, conf.Other, hidePrivate)
 			if err != nil {
 				return nil, err
 			}
@@ -146,13 +149,13 @@ func deviceConfigMap[T any](class templates.Class, dev config.Device[T]) (map[st
 	return dc, nil
 }
 
-func deviceConfig[T any](class templates.Class, id int, h config.Handler[T]) (map[string]any, error) {
+func deviceConfig[T any](class templates.Class, id int, h config.Handler[T], hidePrivate bool) (map[string]any, error) {
 	dev, err := h.ByName(config.NameForID(id))
 	if err != nil {
 		return nil, err
 	}
 
-	return deviceConfigMap(class, dev)
+	return deviceConfigMap(class, dev, hidePrivate)
 }
 
 // deviceConfigHandler returns a device configuration by class
@@ -171,20 +174,23 @@ func deviceConfigHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Check if private data should be hidden (default: true, showing private data)
+	hidePrivate := r.URL.Query().Get("private") == "false"
+
 	var res map[string]any
 
 	switch class {
 	case templates.Meter:
-		res, err = deviceConfig(class, id, config.Meters())
+		res, err = deviceConfig(class, id, config.Meters(), hidePrivate)
 
 	case templates.Charger:
-		res, err = deviceConfig(class, id, config.Chargers())
+		res, err = deviceConfig(class, id, config.Chargers(), hidePrivate)
 
 	case templates.Vehicle:
-		res, err = deviceConfig(class, id, config.Vehicles())
+		res, err = deviceConfig(class, id, config.Vehicles(), hidePrivate)
 
 	case templates.Circuit:
-		res, err = deviceConfig(class, id, config.Circuits())
+		res, err = deviceConfig(class, id, config.Circuits(), hidePrivate)
 	}
 
 	if err != nil {

server/http_config_helper.go

@@ -133,7 +133,7 @@ func filterValidTemplateParams(tmpl *templates.Template, conf map[string]any) ma
 	return res
 }
 
-func sanitizeMasked(class templates.Class, conf map[string]any) (map[string]any, error) {
+func sanitizeMasked(class templates.Class, conf map[string]any, hidePrivate bool) (map[string]any, error) {
 	tmpl, err := templateForConfig(class, conf)
 	if err != nil {
 		return nil, err
@@ -142,8 +142,12 @@ func sanitizeMasked(class templates.Class, conf map[string]any) (map[string]any,
 	res := make(map[string]any, len(conf))
 
 	for k, v := range conf {
-		if i, p := tmpl.ParamByName(k); i >= 0 && p.IsMasked() {
-			v = masked
+		if i, p := tmpl.ParamByName(k); i >= 0 {
+			if p.IsMasked() {
+				v = masked
+			} else if hidePrivate && p.IsPrivate() {
+				v = masked
+			}
 		}
 
 		res[k] = v

server/http_config_yaml_handler.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 	"os"
 
-	"github.com/evcc-io/evcc/util"
+	"github.com/evcc-io/evcc/util/redact"
 )
 
 // configYamlHandler returns the redacted evcc.yaml configuration file
@@ -25,7 +25,7 @@ func configYamlHandler(configFilePath string) http.HandlerFunc {
 		}
 
 		// Redact sensitive information
-		redacted := util.RedactConfigString(string(src))
+		redacted := redact.String(string(src))
 
 		// Return the redacted content as plain text
 		w.Header().Set("Content-Type", "text/plain; charset=utf-8")