TASK-011: Remove session token prefix from log output

Replace sensitive token fragments in structured logs with: - login(): Use session_id=session.id (database row ID) instead of token_prefix - logout(): Use token_hash (SHA256 one-way hash, first 12 chars) instead of token_prefix This prevents partial token material leakage into log aggregation systems while maintaining useful session correlation via hashed tokens or database IDs. Also updated Backend-Development.md to clarify logging conventions for sensitive data handling. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-26 13:19:26 +02:00
parent 8698b89f6a
commit 5b24a9c142
3 changed files with 15 additions and 33 deletions
--- a/backend/app/services/auth_service.py
+++ b/backend/app/services/auth_service.py
@@ -114,7 +114,7 @@ async def login(
        db, token=token, created_at=created_iso, expires_at=expires_iso
    )
    signed_token = sign_session_token(session.token, session_secret)
-    log.info("bangui_login_success", token_prefix=session.token[:8])
+    log.info("bangui_login_success", session_id=session.id)
    return signed_token, session.expires_at


@@ -175,9 +175,11 @@ async def logout(
        try:
            token = unwrap_session_token(token, session_secret)
        except ValueError:
-            log.warning("bangui_logout_invalid_token", token_prefix=token[:8])
+            token_hash = hashlib.sha256(token.encode()).hexdigest()[:12]
+            log.warning("bangui_logout_invalid_token", token_hash=token_hash)
            return None

+    token_hash = hashlib.sha256(token.encode()).hexdigest()[:12]
    await session_repo.delete_session(db, token)
-    log.info("bangui_logout", token_prefix=token[:8])
+    log.info("bangui_logout", token_hash=token_hash)
    return token