From 538d96a6ab8f212e046f38d33b58999ea9add9d7 Mon Sep 17 00:00:00 2001
From: nhas <jordanatararimu@gmail.com>
Date: Sun, 10 Nov 2024 11:50:27 +1300
Subject: [PATCH] Mask sensitive values in cli printing, improve ENV variable
 handling to set variable as blank if exists

---
 cli.go              |  5 ++++-
 env.go              | 24 ++++--------------------
 reflection_utils.go | 21 +++++++++++++++++++++
 3 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/cli.go b/cli.go
index 757c6d9..54ab5b1 100644
--- a/cli.go
+++ b/cli.go
@@ -282,6 +282,7 @@ func (cp *ciParser[T]) apply(result *T) (err error) {
 	type association struct {
 		v    reflect.Value
 		path []string
+		tag  reflect.StructTag
 	}
 
 	flagAssociation := map[string]association{}
@@ -326,7 +327,7 @@ func (cp *ciParser[T]) apply(result *T) (err error) {
 			}
 
 			cp.o.logger.Info("adding flag", "flag", "-"+flagName, "type", field.value.Kind())
-			flagAssociation[flagName] = association{v: field.value, path: field.path}
+			flagAssociation[flagName] = association{v: field.value, path: field.path, tag: field.tag}
 
 			switch field.value.Kind() {
 			case reflect.String:
@@ -405,6 +406,8 @@ func (cp *ciParser[T]) apply(result *T) (err error) {
 		v, _ := getField(result, association.path)
 
 		v.Set(association.v)
+
+		cp.o.logger.Info("CLI FLAG", "-"+f.Name, maskSensitive(f.Value.String(), association.tag))
 	})
 
 	if help {
diff --git a/env.go b/env.go
index 445a44e..172f5e0 100644
--- a/env.go
+++ b/env.go
@@ -80,27 +80,11 @@ func (ep *envParser[T]) apply(result *T) (err error) {
 			ep.o.logger.Info("using transform func on env variable", "before_func", strings.Join(resolvePath(result, field.path), ep.o.env.delimiter), "after_func", envVariable)
 		}
 
-		envVarValue := os.Getenv(envVariable)
+		value, wasSet := os.LookupEnv(envVariable)
+		ep.o.logger.Info("ENV", "was_set", wasSet, envVariable, maskSensitive(value, field.tag))
 
-		printedValue := envVarValue
-
-		isSensitive := false
-		value, ok := field.tag.Lookup(confyTag)
-		if ok {
-			parts := strings.Split(value, ";")
-			if len(parts) > 1 {
-				isSensitive = strings.TrimSpace(parts[1]) == "sensitive"
-			}
-		}
-
-		if isSensitive && envVarValue != "" {
-			printedValue = "**********"
-		}
-
-		ep.o.logger.Info("ENV", envVariable, printedValue)
-
-		if envVarValue != "" {
-			ep.setBasicFieldFromString(result, field.path, envVarValue)
+		if wasSet {
+			ep.setBasicFieldFromString(result, field.path, value)
 		}
 	}
 
diff --git a/reflection_utils.go b/reflection_utils.go
index 1e2eac7..9a1b097 100644
--- a/reflection_utils.go
+++ b/reflection_utils.go
@@ -2,6 +2,7 @@ package confy
 
 import (
 	"reflect"
+	"strings"
 )
 
 type fieldsData struct {
@@ -122,3 +123,23 @@ func equalStringSlices(a, b []string) bool {
 	}
 	return true
 }
+
+func maskSensitive(value string, tag reflect.StructTag) string {
+
+	printedValue := value
+
+	isSensitive := false
+	value, ok := tag.Lookup(confyTag)
+	if ok {
+		parts := strings.Split(value, ";")
+		if len(parts) > 1 {
+			isSensitive = strings.TrimSpace(parts[1]) == "sensitive"
+		}
+	}
+
+	if isSensitive && value != "" {
+		printedValue = "**********"
+	}
+
+	return printedValue
+}