From cfca3f15356425cf00faaf3037239c93e6dd441c Mon Sep 17 00:00:00 2001
From: Peter Siegmund <developer@mars3142.org>
Date: Tue, 6 Jan 2026 00:18:15 +0100
Subject: [PATCH] mask password in log

Signed-off-by: Peter Siegmund <developer@mars3142.org>
---
 .../components/api-server/src/api_handlers.c  | 35 ++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/firmware/components/api-server/src/api_handlers.c b/firmware/components/api-server/src/api_handlers.c
index 3d97866..921b6b9 100644
--- a/firmware/components/api-server/src/api_handlers.c
+++ b/firmware/components/api-server/src/api_handlers.c
@@ -125,7 +125,40 @@ esp_err_t api_wifi_config_handler(httpd_req_t *req)
     }
     buf[ret] = '\0';
 
-    ESP_LOGI(TAG, "Received WiFi config: %s", buf);
+    // Passwort maskieren
+    cJSON *json = cJSON_Parse(buf);
+    if (json)
+    {
+        cJSON *pw = cJSON_GetObjectItem(json, "password");
+        if (pw && cJSON_IsString(pw) && pw->valuestring)
+        {
+            size_t pwlen = strlen(pw->valuestring);
+            char *masked = malloc(pwlen + 1);
+            if (masked)
+            {
+                memset(masked, '*', pwlen);
+                masked[pwlen] = '\0';
+                cJSON_ReplaceItemInObject(json, "password", cJSON_CreateString(masked));
+                char *logstr = cJSON_PrintUnformatted(json);
+                ESP_LOGI(TAG, "Received WiFi config: %s", logstr);
+                free(logstr);
+                free(masked);
+            }
+            else
+            {
+                ESP_LOGI(TAG, "Received WiFi config: %s", buf);
+            }
+        }
+        else
+        {
+            ESP_LOGI(TAG, "Received WiFi config: %s", buf);
+        }
+        cJSON_Delete(json);
+    }
+    else
+    {
+        ESP_LOGI(TAG, "Received WiFi config: %s", buf);
+    }
 
     // TODO: Parse JSON and connect to WiFi
     set_cors_headers(req);