API token revealed in logs via tracing instrumentation

[josecelano]

Relates to: #727

When you run the tracker you see the API token MyAccessToken in the tracing logs:

2025-04-11T11:54:21.902975Z  INFO initialize{configuration=Configuration { metadata: Metadata { app: TorrustTracker, purpose: Configuration, schema_version: Version { schema_version: "2.0.0" } }, logging: Logging { threshold: Info }, core: Core { announce_policy: AnnouncePolicy { interval: 120, interval_min: 120 }, database: Database { driver: Sqlite3, path: "./storage/tracker/lib/database/sqlite3.db" }, inactive_peer_cleanup_interval: 600, listed: false, net: Network { external_ip: Some(0.0.0.0), on_reverse_proxy: false }, private: false, private_mode: None, tracker_policy: TrackerPolicy { max_peer_timeout: 900, persistent_torrent_completed_stat: false, remove_peerless_torrents: true }, tracker_usage_statistics: true }, udp_trackers: Some([UdpTracker { bind_address: 0.0.0.0:6868, cookie_lifetime: 120s, tracker_usage_statistics: true }, UdpTracker { bind_address: 0.0.0.0:6969, cookie_lifetime: 120s, tracker_usage_statistics: true }]), http_trackers: Some([HttpTracker { bind_address: 0.0.0.0:7070, tsl_config: None, tracker_usage_statistics: true }, HttpTracker { bind_address: 0.0.0.0:7171, tsl_config: None, tracker_usage_statistics: true }]), http_api: Some(HttpApi { bind_address: 0.0.0.0:1212, tsl_config: None, access_tokens: {"admin": "MyAccessToken"} }), health_check_api: HealthCheckApi { bind_address: 127.0.0.1:1313 } }}

The token "MyAccessToken" should not be included in logs.

The output is produced here:

impl AppContainer {
    #[instrument(skip())]
    pub fn initialize(configuration: &Configuration) -> AppContainer {

    // ...
    }
}

We have to change it to:

impl AppContainer {
    #[instrument(skip(configuration))]
    pub fn initialize(configuration: &Configuration) -> AppContainer {

    // ...
    }
}

[josecelano]

Closed via #1442