fix(api): stop logging full user (incl. password hash) on update by Kingvic300 · Pull Request #63 · Kingvic300/txio

Kingvic300 · 2026-06-07T11:35:42Z

Summary

Removes a debug println!("Updating user: {:?}", user) in UserRepository::update that printed the entire User struct — including email and the bcrypt password_hash — to stdout on every email change, password change, password reset, and network switch.

Why

Credentials (bcrypt hashes) and PII were written to container/stdout logs, which are frequently shipped to third-party aggregators.
It also bypassed the tracing setup used everywhere else.

Changes

Delete the stray println! in user_repository.rs.

Testing

cargo check --workspace passes.

Closes #37

Summary by CodeRabbit

Release Notes

Chores
- Removed debug output from internal code to improve production quality.

The debug println! in UserRepository::update printed the entire User struct, including email and bcrypt password_hash, to stdout on every email/password/network change. This leaked credentials into container and aggregated logs and bypassed the tracing setup. Removed it. Closes #37

vercel · 2026-06-07T11:35:48Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
txio	Ready	Preview, Comment	Jun 7, 2026 11:36am

coderabbitai · 2026-06-07T11:35:52Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 85ba6697-cba2-43e9-b176-477a941bbe0f

📥 Commits

Reviewing files that changed from the base of the PR and between 74b9e4b and c46e76a.

📒 Files selected for processing (1)

backend/api/src/repositories/user_repository.rs

💤 Files with no reviewable changes (1)

backend/api/src/repositories/user_repository.rs

📝 Walkthrough

Walkthrough

A debug println! statement that emitted the entire User struct—including password hashes and emails—to stdout during every user update operation has been removed from UserRepository::update. The rest of the update logic remains intact.

Changes

Debug Print Removal

Layer / File(s)	Summary
Remove debug println! from user update `backend/api/src/repositories/user_repository.rs`	The debug println! statement at lines 66–67 that logged the entire User struct to stdout is removed. The rest of the update method (user id extraction, database replace_one, and return) is unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A careless println! once did leak,
Passwords and emails—secrets meek—
But swift the cleanup came to pass,
No more data poured like grass!
Logs now safe, and tracers guide,
With proper logging by my side. 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: removing a debug println that logs sensitive user data including password hash during user updates.
Linked Issues check	✅ Passed	The code change directly addresses issue `#37`'s primary requirement by removing the println! statement that leaked password_hash and email to stdout logs.
Out of Scope Changes check	✅ Passed	The change is narrowly scoped to removing only the problematic println! statement. No other modifications are made, staying aligned with the linked issue's core requirement.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch fix/37-remove-user-debug-log

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

vercel Bot deployed to Preview June 7, 2026 11:36 View deployment

Kingvic300 merged commit 319e6c6 into main Jun 7, 2026
4 of 5 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(api): stop logging full user (incl. password hash) on update#63

fix(api): stop logging full user (incl. password hash) on update#63
Kingvic300 merged 1 commit into
mainfrom
fix/37-remove-user-debug-log

Kingvic300 commented Jun 7, 2026 •

edited by coderabbitai Bot

Loading

Uh oh!

vercel Bot commented Jun 7, 2026 •

edited

Loading

Uh oh!

coderabbitai Bot commented Jun 7, 2026 •

edited

Loading

Walkthrough

Changes

Estimated code review effort

Poem

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

Kingvic300 commented Jun 7, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Why

Changes

Testing

Summary by CodeRabbit

Release Notes

Uh oh!

vercel Bot commented Jun 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai Bot commented Jun 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Poem

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Kingvic300 commented Jun 7, 2026 •

edited by coderabbitai Bot

Loading

vercel Bot commented Jun 7, 2026 •

edited

Loading

coderabbitai Bot commented Jun 7, 2026 •

edited

Loading