sanitizeCredentialHint ensures the hint looks masked before exposing it in the API. The aibridge library uses "..." as the masking delimiter (e.g. "sk-a...efgh"), so we check for its presence. If the hint doesn't contain "..." or exceeds the max length, it's replaced with "..." to prevent leaking ra
(hint string)
| 1527 | // the hint doesn't contain "..." or exceeds the max length, it's |
| 1528 | // replaced with "..." to prevent leaking raw secrets. |
| 1529 | func sanitizeCredentialHint(hint string) string { |
| 1530 | // Matches the VARCHAR(15) DB constraint. |
| 1531 | const maxCredentialHintLength = 15 |
| 1532 | |
| 1533 | if hint == "" { |
| 1534 | return "" |
| 1535 | } |
| 1536 | |
| 1537 | if len(hint) > maxCredentialHintLength || !strings.Contains(hint, "...") { |
| 1538 | return "..." |
| 1539 | } |
| 1540 | return hint |
| 1541 | } |
| 1542 | |
| 1543 | func jsonOrEmptyMap(rawMessage pqtype.NullRawMessage) map[string]any { |
| 1544 | var m map[string]any |