Remove secrets from API config endpoint?

[josecelano]

There is an API endpoint to get the Tracker configuration.

https://index.torrust-demo.com/api/v1/settings

It's used by the Index to show the admin the Index settings (read-only).

The response:

{
    "data": {
        "log_level": "info",
        "website": {
            "name": "Torrust"
        },
        "tracker": {
            "url": "udp://tracker.torrust-demo.com:6969",
            "mode": "Public",
            "api_url": "http://tracker:1212",
            "token": "*****",
            "token_valid_seconds": 7257600
        },
        "net": {
            "port": 3001,
            "base_url": null
        },
        "auth": {
            "email_on_signup": "Optional",
            "min_password_length": 6,
            "max_password_length": 64,
            "secret_key": "*****"
        },
        "database": {
            "connect_url": "sqlite:///var/lib/torrust/index/database/sqlite3.db?mode=rwc"
        },
        "mail": {
            "email_verification_enabled": false,
            "from": "example@email.com",
            "reply_to": "noreply@email.com",
            "username": "",
            "password": "*****",
            "server": "mailcatcher",
            "port": 1025
        },
        "image_cache": {
            "max_request_timeout_ms": 1000,
            "capacity": 128000000,
            "entry_size_limit": 4000000,
            "user_quota_period_seconds": 3600,
            "user_quota_bytes": 64000000
        },
        "api": {
            "default_torrent_page_size": 10,
            "max_torrent_page_size": 30
        },
        "tracker_statistics_importer": {
            "torrent_info_update_interval": 3600,
            "port": 3002
        }
    }
}

Should we remove the secrets from the response? @da2ce7 @WarmBeer

• data.tracker.token
• data.database.connect_url
• data.mail.password
• data.auth.secret_key

[josecelano]

Hi @da2ce7 @WarmBeer @mario-nt currently, we are only checking if the user is an admin. However I think the site/app administrator is not the same as the system administrator.

The application's users should not have access to some secrets only needed to launch the service. Especially if we can't do anything. I'm going to remove those secrets (replace them with asterisks ***). In the future, if we want the app admin role to do things related to those secrets we can enable them again. For the time being, I think they should be different roles.