fix: censor token in debug output (#8764)

Co-authored-by: Aura Román <kyradiscord@gmail.com>
discordjs · Oct 27, 2022 · 53d8e87 · 53d8e87
1 parent fc10774
commit 53d8e87
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 8 deletions.
diff --git a/packages/discord.js/src/client/Client.js b/packages/discord.js/src/client/Client.js
@@ -214,13 +214,7 @@ class Client extends BaseClient {
     if (!token || typeof token !== 'string') throw new DiscordjsError(ErrorCodes.TokenInvalid);
     this.token = token = token.replace(/^(Bot|Bearer)\s*/i, '');
     this.rest.setToken(token);
-    this.emit(
-      Events.Debug,
-      `Provided token: ${token
-        .split('.')
-        .map((val, i) => (i > 1 ? val.replace(/./g, '*') : val))
-        .join('.')}`,
-    );
+    this.emit(Events.Debug, `Provided token: ${this._censoredToken}`);
 
     if (this.options.presence) {
       this.options.ws.presence = this.presence._parse(this.options.presence);
@@ -459,6 +453,21 @@ class Client extends BaseClient {
     });
   }
 
+  /**
+   * Partially censored client token for debug logging purposes.
+   * @type {?string}
+   * @readonly
+   * @private
+   */
+  get _censoredToken() {
+    if (!this.token) return null;
+
+    return this.token
+      .split('.')
+      .map((val, i) => (i > 1 ? val.replace(/./g, '*') : val))
+      .join('.');
+  }
+
   /**
    * Calls {@link https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval} on a script
    * with the client as `this`.

diff --git a/packages/discord.js/src/client/websocket/WebSocketShard.js b/packages/discord.js/src/client/websocket/WebSocketShard.js
@@ -740,7 +740,12 @@ class WebSocketShard extends EventEmitter {
    */
   _send(data) {
     if (this.connection?.readyState !== WebSocket.OPEN) {
-      this.debug(`Tried to send packet '${JSON.stringify(data)}' but no WebSocket is available!`);
+      this.debug(
+        `Tried to send packet '${JSON.stringify(data).replaceAll(
+          this.manager.client.token,
+          this.manager.client._censoredToken,
+        )}' but no WebSocket is available!`,
+      );
       this.destroy({ closeCode: 4_000 });
       return;
     }

diff --git a/packages/discord.js/typings/index.d.ts b/packages/discord.js/typings/index.d.ts
@@ -766,6 +766,7 @@ export class Client<Ready extends boolean = boolean> extends BaseClient {
   private presence: ClientPresence;
   private _eval(script: string): unknown;
   private _validateOptions(options: ClientOptions): void;
+  private get _censoredToken(): string | null;
 
   public application: If<Ready, ClientApplication>;
   public channels: ChannelManager;