feat: Add ability to mark property value as secret (validaiton) (#194)

* initial commit

* add propertyRules test

* revert changes

* revert changes

* change * to hidden

Author: nieomylnieja

validation/comparable.go

@@ -7,7 +7,7 @@ import (
 	"golang.org/x/exp/constraints"
 )
 
-func EqualTo[T comparable](compared T) Rule[T] {
+func EqualTo[T comparable](compared T) SingleRule[T] {
 	return NewSingleRule(func(v T) error {
 		if v != compared {
 			return errors.Errorf(comparisonFmt, cmpEqualTo, compared)
@@ -16,7 +16,7 @@ func EqualTo[T comparable](compared T) Rule[T] {
 	}).WithErrorCode(ErrorCodeEqualTo)
 }
 
-func NotEqualTo[T comparable](compared T) Rule[T] {
+func NotEqualTo[T comparable](compared T) SingleRule[T] {
 	return NewSingleRule(func(v T) error {
 		if v == compared {
 			return errors.Errorf(comparisonFmt, cmpNotEqualTo, compared)
@@ -25,22 +25,22 @@ func NotEqualTo[T comparable](compared T) Rule[T] {
 	}).WithErrorCode(ErrorCodeNotEqualTo)
 }
 
-func GreaterThan[T constraints.Ordered](n T) Rule[T] {
+func GreaterThan[T constraints.Ordered](n T) SingleRule[T] {
 	return NewSingleRule(orderedComparisonRule(cmpGreaterThan, n)).
 		WithErrorCode(ErrorCodeGreaterThan)
 }
 
-func GreaterThanOrEqualTo[T constraints.Ordered](n T) Rule[T] {
+func GreaterThanOrEqualTo[T constraints.Ordered](n T) SingleRule[T] {
 	return NewSingleRule(orderedComparisonRule(cmpGreaterThanOrEqual, n)).
 		WithErrorCode(ErrorCodeGreaterThanOrEqualTo)
 }
 
-func LessThan[T constraints.Ordered](n T) Rule[T] {
+func LessThan[T constraints.Ordered](n T) SingleRule[T] {
 	return NewSingleRule(orderedComparisonRule(cmpLessThan, n)).
 		WithErrorCode(ErrorCodeLessThan)
 }
 
-func LessThanOrEqualTo[T constraints.Ordered](n T) Rule[T] {
+func LessThanOrEqualTo[T constraints.Ordered](n T) SingleRule[T] {
 	return NewSingleRule(orderedComparisonRule(cmpLessThanOrEqual, n)).
 		WithErrorCode(ErrorCodeLessThanOrEqualTo)
 }

validation/errors.go

@@ -41,6 +41,13 @@ func (e PropertyErrors) Error() string {
 	return b.String()
 }
 
+func (e PropertyErrors) HideValue() PropertyErrors {
+	for _, err := range e {
+		_ = err.HideValue()
+	}
+	return e
+}
+
 func NewPropertyError(propertyName string, propertyValue interface{}, errs ...error) *PropertyError {
 	return &PropertyError{
 		PropertyName:  propertyName,
@@ -70,13 +77,26 @@ func (e *PropertyError) Error() string {
 	return b.String()
 }
 
-const propertyNameSeparator = "."
+const (
+	propertyNameSeparator = "."
+	hiddenValue           = "[hidden]"
+)
 
 func (e *PropertyError) PrependPropertyName(name string) *PropertyError {
 	e.PropertyName = concatStrings(name, e.PropertyName, propertyNameSeparator)
 	return e
 }
 
+// HideValue hides the property value from [PropertyError.Error] and also hides it from.
+func (e *PropertyError) HideValue() *PropertyError {
+	sv := propertyValueString(e.PropertyValue)
+	e.PropertyValue = ""
+	for _, err := range e.Errors {
+		_ = err.HideValue(sv)
+	}
+	return e
+}
+
 // NewRuleError creates a new [RuleError] with the given message and optional error codes.
 // Error codes are added according to the rules defined by [RuleError.AddCode].
 func NewRuleError(message string, codes ...ErrorCode) *RuleError {
@@ -110,6 +130,12 @@ func (r *RuleError) AddCode(code ErrorCode) *RuleError {
 	return r
 }
 
+// HideValue replaces all occurrences of stringValue in the [RuleError.Message] with an '*' characters.
+func (r *RuleError) HideValue(stringValue string) *RuleError {
+	r.Message = strings.ReplaceAll(r.Message, stringValue, hiddenValue)
+	return r
+}
+
 func concatStrings(pre, post, sep string) string {
 	if pre == "" {
 		return post

validation/rules.go

@@ -27,19 +27,19 @@ func ForPointer[T, S any](getter PropertyGetter[*T, S]) PropertyRules[T, S] {
 // [Transformer] is only called if [PropertyGetter] returns a non-zero value.
 func Transform[T, N, S any](getter PropertyGetter[T, S], transform Transformer[T, N]) PropertyRules[N, S] {
 	return PropertyRules[N, S]{
-		getter: func(s S) (transformed N, err error) {
+		transformGetter: func(s S) (transformed N, original any, err error) {
 			v := getter(s)
 			if err != nil {
-				return transformed, err
+				return transformed, nil, err
 			}
 			if isEmptyFunc(v) {
-				return transformed, emptyErr{}
+				return transformed, nil, emptyErr{}
 			}
 			transformed, err = transform(v)
 			if err != nil {
-				return transformed, NewPropertyError("", v, NewRuleError(err.Error(), ErrorCodeTransform))
+				return transformed, v, NewRuleError(err.Error(), ErrorCodeTransform)
 			}
-			return transformed, nil
+			return transformed, v, nil
 		},
 	}
 }
@@ -56,18 +56,21 @@ type Predicate[S any] func(S) bool
 type PropertyGetter[T, S any] func(S) T
 
 type internalPropertyGetter[T, S any] func(S) (v T, err error)
+type internalTransformPropertyGetter[T, S any] func(S) (transformed T, original any, err error)
 type emptyErr struct{}
 
 func (emptyErr) Error() string { return "" }
 
 // PropertyRules is responsible for validating a single property.
 type PropertyRules[T, S any] struct {
-	name      string
-	getter    internalPropertyGetter[T, S]
-	steps     []interface{}
-	required  bool
-	omitEmpty bool
-	isPointer bool
+	name            string
+	getter          internalPropertyGetter[T, S]
+	transformGetter internalTransformPropertyGetter[T, S]
+	steps           []interface{}
+	required        bool
+	omitEmpty       bool
+	hideValue       bool
+	isPointer       bool
 }
 
 // Validate validates the property value using provided rules.
@@ -80,6 +83,9 @@ func (r PropertyRules[T, S]) Validate(st S) PropertyErrors {
 	)
 	propValue, skip, err := r.getValue(st)
 	if err != nil {
+		if r.hideValue {
+			err = err.HideValue()
+		}
 		return err
 	}
 	if skip {
@@ -122,6 +128,9 @@ loop:
 		allErrors = append(allErrors, NewPropertyError(r.name, propValue, ruleErrors...))
 	}
 	if len(allErrors) > 0 {
+		if r.hideValue {
+			allErrors = allErrors.HideValue()
+		}
 		return allErrors
 	}
 	return nil
@@ -157,6 +166,11 @@ func (r PropertyRules[T, S]) OmitEmpty() PropertyRules[T, S] {
 	return r
 }
 
+func (r PropertyRules[T, S]) HideValue() PropertyRules[T, S] {
+	r.hideValue = true
+	return r
+}
+
 type stopOnErrorStep uint8
 
 func (r PropertyRules[T, S]) StopOnError() PropertyRules[T, S] {
@@ -172,16 +186,26 @@ func appendSteps[T any](slice []interface{}, steps []T) []interface{} {
 }
 
 func (r PropertyRules[T, S]) getValue(st S) (v T, skip bool, errs PropertyErrors) {
-	v, err := r.getter(st)
+	var (
+		err           error
+		originalValue any
+	)
+	if r.transformGetter != nil {
+		v, originalValue, err = r.transformGetter(st)
+	} else {
+		v, err = r.getter(st)
+	}
 	_, isEmptyError := err.(emptyErr)
 	// Any error other than [emptyErr] is considered critical, we don't proceed with validation.
 	if err != nil && !isEmptyError {
-		if propErr, ok := err.(*PropertyError); ok {
-			// Make sure the name is set to the current property name.
-			propErr.PropertyName = r.name
-			return v, false, PropertyErrors{propErr}
+		// If the value was transformed, we need to set the property value to the original, pre-transformed one.
+		var propValue interface{}
+		if HasErrorCode(err, ErrorCodeTransform) {
+			propValue = originalValue
+		} else {
+			propValue = v
 		}
-		return v, false, PropertyErrors{NewPropertyError(r.name, nil, err)}
+		return v, false, PropertyErrors{NewPropertyError(r.name, propValue, err)}
 	}
 	isEmpty := isEmptyError || (!r.isPointer && isEmptyFunc(v))
 	if r.required && isEmpty {

validation/rules_test.go

@@ -145,6 +145,21 @@ func TestPropertyRules(t *testing.T) {
 			Errors:        []*RuleError{{Message: expectedErrs.Error()}},
 		}, errs[0])
 	})
+
+	t.Run("hide value", func(t *testing.T) {
+		expectedErr := errors.New("oh no! here's the value: 'secret'")
+		r := For(func(m mockStruct) string { return "secret" }).
+			WithName("test.path").
+			HideValue().
+			Rules(NewSingleRule(func(v string) error { return expectedErr }))
+		errs := r.Validate(mockStruct{})
+		require.Len(t, errs, 1)
+		assert.Equal(t, &PropertyError{
+			PropertyName:  "test.path",
+			PropertyValue: "",
+			Errors:        []*RuleError{{Message: "oh no! here's the value: '[hidden]'"}},
+		}, errs[0])
+	})
 }
 
 func TestForPointer(t *testing.T) {
@@ -260,6 +275,17 @@ func TestTransform(t *testing.T) {
 		assert.EqualError(t, errs, expectedErrorOutput(t, "property_error_transform.txt"))
 		assert.True(t, HasErrorCode(errs, ErrorCodeTransform))
 	})
+	t.Run("fail transformation with hidden value", func(t *testing.T) {
+		getter := func(s string) string { return s }
+		transformed := Transform(getter, strconv.Atoi).
+			WithName("prop").
+			HideValue().
+			Rules(GreaterThan(123))
+		errs := transformed.Validate("secret!")
+		assert.Len(t, errs, 1)
+		assert.EqualError(t, errs, expectedErrorOutput(t, "property_error_transform_with_hidden_value.txt"))
+		assert.True(t, HasErrorCode(errs, ErrorCodeTransform))
+	})
 }
 
 func ptr[T any](v T) *T { return &v }

validation/test_data/property_error_transform_with_hidden_value.txt

@@ -0,0 +1,2 @@
+- 'prop':
+  - strconv.Atoi: parsing "[hidden]": invalid syntax