Censor apple id email in logs

2026-03-02 06:26:16 +01:00 · 2026-02-15 12:11:51 -05:00
parent 7dd680f6a1
commit 14e22ba218
3 changed files with 24 additions and 3 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1831,7 +1831,7 @@ checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695"

 [[package]]
 name = "isideload"
-version = "0.2.4"
+version = "0.2.5"
 dependencies = [
 "aes 0.9.0-rc.4",
 "aes-gcm",
--- a/isideload/Cargo.toml
+++ b/isideload/Cargo.toml
@@ -3,7 +3,7 @@ name = "isideload"
 description = "Sideload iOS/iPadOS applications"
 license = "MIT"
 authors = ["Nicholas Sharp <nab@nabdev.me>"]
-version = "0.2.4"
+version = "0.2.5"
 edition = "2024"
 repository = "https://github.com/nab138/isideload"
 documentation = "https://docs.rs/isideload"
--- a/isideload/src/auth/apple_account.rs
+++ b/isideload/src/auth/apple_account.rs
@@ -95,7 +95,7 @@ impl AppleAccount {
        password: &str,
        two_factor_callback: impl Fn() -> Option<String>,
    ) -> Result<(), Report> {
-        info!("Logging in to Apple ID: {}", self.email);
+        info!("Logging in to Apple ID: {}", censor_email(&self.email));
        if self.debug {
            warn!("Debug mode enabled: this is a security risk!");
        }
@@ -681,3 +681,24 @@ pub struct AppToken {
    pub duration: u64,
    pub expiry: u64,
 }
+
+fn censor_email(email: &str) -> String {
+    if std::env::var("DEBUG_SENSITIVE").is_ok() {
+        return email.to_string();
+    }
+    if let Some(at_pos) = email.find('@') {
+        let (local, domain) = email.split_at(at_pos);
+        if local.len() <= 2 {
+            format!("{}***{}", &local[0..1], &domain)
+        } else {
+            format!(
+                "{}***{}{}",
+                &local[0..1],
+                &local[local.len() - 1..],
+                &domain
+            )
+        }
+    } else {
+        "***".to_string()
+    }
+}