fix: prevent postgres credentials leak (#3895)

Co-authored-by: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com>
2025-07-09 03:04:54 -04:00 · 2024-07-25 15:27:50 -05:00 · 2024-07-25 15:27:50 -05:00 · edf649dea6
commit edf649dea6
parent 29b4a3cd22
1 changed files with 12 additions and 3 deletions
--- a/mealie/core/settings/db_providers.py
+++ b/mealie/core/settings/db_providers.py
@ -72,9 +72,18 @@ class PostgresProvider(AbstractDBProvider, BaseSettings):

    @property
    def db_url_public(self) -> str:
-        user = self.POSTGRES_USER
-        password = self.POSTGRES_PASSWORD
-        return self.db_url.replace(user, "*****", 1).replace(password, "*****", 1)
+        if self.POSTGRES_URL_OVERRIDE:
+            return "Postgres Url Overridden"
+
+        return str(
+            PostgresDsn.build(
+                scheme="postgresql",
+                username="******",
+                password="******",
+                host=f"{self.POSTGRES_SERVER}:{self.POSTGRES_PORT}",
+                path=f"{self.POSTGRES_DB or ''}",
+            )
+        )


 def db_provider_factory(provider_name: str, data_dir: Path, env_file: Path, env_encoding="utf-8") -> AbstractDBProvider: