From b6951d64d4ca4e712375be80b8989e0e381dcbab Mon Sep 17 00:00:00 2001
From: Eli Ribble <eli@gleipnir.technology>
Date: Thu, 16 Apr 2026 00:09:18 +0000
Subject: [PATCH] Remove api_key from URL to stadia cache

It's redundant and a security risk
---
 platform/geocode/geocode.go | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/platform/geocode/geocode.go b/platform/geocode/geocode.go
index 597c66d2..484a124b 100644
--- a/platform/geocode/geocode.go
+++ b/platform/geocode/geocode.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"net/url"
 	"time"
 
 	"github.com/Gleipnir-Technology/bob"
@@ -16,7 +17,7 @@ import (
 	"github.com/Gleipnir-Technology/nidus-sync/platform/types"
 	"github.com/Gleipnir-Technology/nidus-sync/stadia"
 	"github.com/aarondl/opt/omit"
-	//"github.com/rs/zerolog/log"
+	"github.com/rs/zerolog/log"
 	"github.com/uber/h3-go/v4"
 	"resty.dev/v3"
 )
@@ -32,6 +33,18 @@ func InitializeStadia(key string) {
 	client = stadia.NewStadiaMaps(key)
 	client.AddResponseMiddleware(restyMiddleware)
 }
+func redactQueryParam(u string, param string) (string, error) {
+	parsedURL, err := url.Parse(u)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse URL: %w", err)
+	}
+
+	queryParams := parsedURL.Query()
+	queryParams.Del(param)
+	parsedURL.RawQuery = queryParams.Encode()
+
+	return parsedURL.String(), nil
+}
 func restyMiddleware(rclient *resty.Client, response *resty.Response) error {
 	//log.Info().Msg("middleware")
 	ctx := context.Background()
@@ -40,9 +53,14 @@ func restyMiddleware(rclient *resty.Client, response *resty.Response) error {
 	if err != nil {
 		return fmt.Errorf("unmarshal json in middleware: %w", err)
 	}
+	u, err := redactQueryParam(response.Request.URL, "api_key")
+	if err != nil {
+		log.Error().Err(err).Str("url", response.Request.URL).Msg("failed to redact url")
+		return nil
+	}
 	models.StadiaAPIRequests.Insert(&models.StadiaAPIRequestSetter{
 		CreatedAt: omit.From(time.Now()),
-		Request:   omit.From(response.Request.URL),
+		Request:   omit.From(u),
 		Response:  omit.From(body),
 	}).One(ctx, db.PGInstance.BobDB)
 	return nil