From 396b92e3742b6931695294026506305de4e33a5e Mon Sep 17 00:00:00 2001
From: Ian Walton <ian@iwalton.com>
Date: Mon, 6 Jan 2020 01:05:07 -0500
Subject: [PATCH] Prevent tokens from being printed to the console.
 (Configurable.)

---
 README.md               |  1 +
 plex_mpv_shim/client.py |  6 +++---
 plex_mpv_shim/conf.py   |  1 +
 plex_mpv_shim/media.py  |  6 +++---
 plex_mpv_shim/utils.py  | 13 ++++++++++---
 5 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 8611d39..0a79545 100644
--- a/README.md
+++ b/README.md
@@ -115,6 +115,7 @@ You can execute shell commands on media state using the config file:
  - `client_profile` - The client profile for transcoding. Default: `Plex Home Theater`
     - It may be useful to change this on limited hardware.
     - If you change this, it should be changed to a profile that supports `hls` streaming.
+ - `sanitize_output` - Prevent Plex tokens from being printed to the console. Default: `true`
 
 ### MPV Configuration
 
diff --git a/plex_mpv_shim/client.py b/plex_mpv_shim/client.py
index bf2efc5..f7e3092 100644
--- a/plex_mpv_shim/client.py
+++ b/plex_mpv_shim/client.py
@@ -11,7 +11,7 @@ import socket
 from http.server import HTTPServer
 from http.server import SimpleHTTPRequestHandler
 from socketserver import ThreadingMixIn
-from .utils import upd_token
+from .utils import upd_token, sanitize_msg
 from .conf import settings
 
 try:
@@ -140,9 +140,9 @@ class HttpHandler(SimpleHTTPRequestHandler):
 
     def handle_request(self, method):
         if 'X-Plex-Device-Name' in self.headers:
-            log.debug("HttpHandler::handle_request request from '%s' to '%s'" % (self.headers["X-Plex-Device-Name"], self.path))
+            log.debug("HttpHandler::handle_request request from '%s' to '%s'" % (self.headers["X-Plex-Device-Name"], sanitize_msg(self.path)))
         else:
-            log.debug("HttpHandler::handle_request request to '%s'" % self.path)
+            log.debug("HttpHandler::handle_request request to '%s'" % sanitize_msg(self.path))
 
         path  = urllib.parse.urlparse(self.path)
         query = self.get_querydict(path.query)
diff --git a/plex_mpv_shim/conf.py b/plex_mpv_shim/conf.py
index c744ee2..076047e 100644
--- a/plex_mpv_shim/conf.py
+++ b/plex_mpv_shim/conf.py
@@ -34,6 +34,7 @@ class Settings(object):
         "remote_kbps_thresh":   5000,
         "transcode_kbps":       2000,
         "client_profile":       "Plex Home Theater",
+        "sanitize_output":      True,
     }
 
     def __getattr__(self, name):
diff --git a/plex_mpv_shim/media.py b/plex_mpv_shim/media.py
index f681254..1f8048f 100644
--- a/plex_mpv_shim/media.py
+++ b/plex_mpv_shim/media.py
@@ -10,7 +10,7 @@ except:
     import xml.etree.ElementTree as et
 
 from .conf import settings
-from .utils import get_plex_url, safe_urlopen, is_local_domain, get_session, reset_session
+from .utils import get_plex_url, safe_urlopen, is_local_domain, get_session, reset_session, sanitize_msg
 
 log = logging.getLogger('media')
 
@@ -370,7 +370,7 @@ class Video(object):
         rating_key = self.get_rating_key()
 
         if rating_key is None:
-            log.error("No 'ratingKey' could be found in XML from URL '%s'" % (self.parent.path.geturl()))
+            log.error("No 'ratingKey' could be found in XML from URL '%s'" % (sanitize_msg(self.parent.path.geturl())))
             return False
 
         url  = urllib.parse.urljoin(self.parent.server_url, '/:/progress')
@@ -387,7 +387,7 @@ class Video(object):
         rating_key = self.get_rating_key()
 
         if rating_key is None:
-            log.error("No 'ratingKey' could be found in XML from URL '%s'" % (self.parent.path.geturl()))
+            log.error("No 'ratingKey' could be found in XML from URL '%s'" % (sanitize_msg(self.parent.path.geturl())))
             return False
 
         if watched:
diff --git a/plex_mpv_shim/utils.py b/plex_mpv_shim/utils.py
index 4874d4e..effe208 100644
--- a/plex_mpv_shim/utils.py
+++ b/plex_mpv_shim/utils.py
@@ -4,11 +4,14 @@ import urllib.request, urllib.parse, urllib.error
 import socket
 import ipaddress
 import uuid
+import re
 
 from .conf import settings
 from datetime import datetime
 from functools import wraps
 
+PLEX_TOKEN_RE = re.compile("(token|X-Plex-Token)=[^&]*")
+
 log = logging.getLogger("utils")
 plex_eph_tokens = {}
 plex_sessions = {}
@@ -103,7 +106,7 @@ def get_plex_url(url, data=None, quiet=False):
         url = "%s%s%s" % (url, sep, urllib.parse.urlencode(data))
 
     if not quiet:
-        log.debug("get_plex_url Created URL: %s" % url)
+        log.debug("get_plex_url Created URL: %s" % sanitize_msg(url))
 
     return url
 
@@ -121,13 +124,17 @@ def safe_urlopen(url, data=None, quiet=False):
         page = urllib.request.urlopen(url)
         if page.code == 200:
             return True
-        log.error("Error opening URL '%s': page returned %d" % (url,
+        log.error("Error opening URL '%s': page returned %d" % (sanitize_msg(url),
                                                                 page.code))
     except Exception as e:
-        log.error("Error opening URL '%s':  %s" % (url, e))
+        log.error("Error opening URL '%s':  %s" % (sanitize_msg(url), e))
 
     return False
 
 def is_local_domain(domain):
     return ipaddress.ip_address(socket.gethostbyname(domain)).is_private
 
+def sanitize_msg(text):
+    if settings.sanitize_output:
+        return re.sub(PLEX_TOKEN_RE, "\\1=REDACTED", text)
+    return text