- refactor secrets

- add support for env in config
- redact sensitive information in logs/responses

internal/api/api.go

@@ -1,6 +1,7 @@
 package api
 
 import (
+	"bytes"
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
@@ -14,6 +15,7 @@ import (
 	"time"
 
 	"github.com/AlexxIT/go2rtc/internal/app"
+	"github.com/AlexxIT/go2rtc/pkg/shell"
 	"github.com/rs/zerolog"
 )
 
@@ -164,10 +166,20 @@ func ResponseJSON(w http.ResponseWriter, v any) {
 }
 
 func ResponsePrettyJSON(w http.ResponseWriter, v any) {
-	w.Header().Set("Content-Type", MimeJSON)
-	enc := json.NewEncoder(w)
+	w.Header().Set("Content-Type", "application/json")
+	
+	var buf bytes.Buffer
+	enc := json.NewEncoder(&buf)
 	enc.SetIndent("", "  ")
-	_ = enc.Encode(v)
+	err := enc.Encode(v)
+	
+	if err != nil {
+		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+	
+	redactedJSON := shell.Redact(buf.String())
+	w.Write([]byte(redactedJSON))
 }
 
 func Response(w http.ResponseWriter, body any, contentType string) {
@@ -190,7 +202,7 @@ var log zerolog.Logger
 
 func middlewareLog(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		log.Trace().Msgf("[api] %s %s %s", r.Method, r.URL, r.RemoteAddr)
+		log.Trace().Msgf("[api] %s %s %s", r.Method, shell.Redact(r.URL.String()), r.RemoteAddr)
 		next.ServeHTTP(w, r)
 	})
 }