From 4165ce0668e1bf5e30b103565da0098f91f67a97 Mon Sep 17 00:00:00 2001
From: ruquanzhao <903264308@qq.com>
Date: Tue, 14 Jan 2025 16:26:47 +0800
Subject: [PATCH] fix: hidden cmdline, memstat and token in serverconfig (#726)

## What type of PR is this?

/kind cleanup

## What this PR does / why we need it:

- hidden AI backend token in ServerConfig api
- remove `cmdline` and `memstat` in ServerConfig api


![image](https://github.com/user-attachments/assets/d8677e2d-b62a-4ac6-9132-38a879234507)

## Which issue(s) this PR fixes:

<!--
*Automatically closes linked issue when PR is merged.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
_If PR is about `failing-tests or flakes`, please post the related
issues/tests in a comment and do not use `Fixes`_*
-->

Fixes #
---
 cmd/karpor/app/server.go |  4 +++-
 pkg/core/route/route.go  | 30 +++++++++++++++++++++++++++++-
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/cmd/karpor/app/server.go b/cmd/karpor/app/server.go
index 345f42fa..2f513c32 100644
--- a/cmd/karpor/app/server.go
+++ b/cmd/karpor/app/server.go
@@ -108,7 +108,9 @@ func NewServerCommand(ctx context.Context) *cobra.Command {
 		return o.SearchStorageOptions
 	}))
 	expvar.Publish("AIOptions", expvar.Func(func() interface{} {
-		return o.AIOptions
+		displayOpts := *o.AIOptions
+		displayOpts.AIAuthToken = "[hidden]"
+		return &displayOpts
 	}))
 	expvar.Publish("Version", expvar.Func(func() interface{} {
 		return version.GetVersion()
diff --git a/pkg/core/route/route.go b/pkg/core/route/route.go
index dc79aaec..3c336712 100644
--- a/pkg/core/route/route.go
+++ b/pkg/core/route/route.go
@@ -15,8 +15,10 @@
 package route
 
 import (
+	"encoding/json"
 	"errors"
 	"expvar"
+	"net/http"
 
 	docs "github.com/KusionStack/karpor/api/openapispec"
 	aggregatorhandler "github.com/KusionStack/karpor/pkg/core/handler/aggregator"
@@ -125,7 +127,7 @@ func NewCoreRoute(
 	router.Get("/endpoints", endpointhandler.Endpoints(router))
 
 	// Expose server configuration and runtime statistics.
-	router.Get("/server-configs", expvar.Handler().ServeHTTP)
+	router.Get("/server-configs", customVarHandler().ServeHTTP)
 
 	healthhandler.Register(router, generalStorage)
 	return router, nil
@@ -189,3 +191,29 @@ func setupRestAPIV1(
 	r.Get("/resource-groups/{resourceGroupRuleName}", resourcegrouphandler.List(resourceGroupMgr))
 	r.Get("/authn", authnhandler.Get())
 }
+
+func customVarHandler() http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+
+		w.Write([]byte("{"))
+		first := true
+
+		expvar.Do(func(kv expvar.KeyValue) {
+			if kv.Key == "memstats" || kv.Key == "cmdline" {
+				return // Skip memstats and cmdline
+			}
+			if !first {
+				w.Write([]byte(","))
+			} else {
+				first = false
+			}
+
+			b, _ := json.Marshal(kv.Key)
+			w.Write(b)
+			w.Write([]byte(":"))
+			w.Write([]byte(kv.Value.String()))
+		})
+		w.Write([]byte("}"))
+	})
+}