fix: remove password from show endpoint

lib/realtime_web/views/tenant_view.ex

@@ -24,7 +24,12 @@ defmodule RealtimeWeb.TenantView do
       max_events_per_second: tenant.max_events_per_second,
       max_joins_per_second: tenant.max_joins_per_second,
       inserted_at: tenant.inserted_at,
-      extensions: tenant.extensions,
+      extensions:
+        Enum.map(tenant.extensions, fn extension ->
+          Map.update(extension, :settings, %{}, fn settings ->
+            Map.drop(settings, ["db_password"])
+          end)
+        end),
       private_only: tenant.private_only
     }
   end

mix.exs

@@ -4,7 +4,7 @@ defmodule Realtime.MixProject do
   def project do
     [
       app: :realtime,
-      version: "2.33.56",
+      version: "2.33.57",
       elixir: "~> 1.17.3",
       elixirc_paths: elixirc_paths(Mix.env()),
       start_permanent: Mix.env() == :prod,

test/realtime_web/controllers/tenant_controller_test.exs

@@ -64,6 +64,17 @@ defmodule RealtimeWeb.TenantControllerTest do
     {:ok, conn: new_conn}
   end
 
+  describe "show tenant" do
+    test "removes db_password", %{conn: conn} do
+      with_mock JwtVerification, verify: fn _token, _secret, _jwks -> {:ok, %{}} end do
+        conn = get(conn, Routes.tenant_path(conn, :show, "dev_tenant"))
+        response = json_response(conn, 200)
+
+        refute get_in(response, ["data", "extensions", Access.at(0), "settings", "db_password"])
+      end
+    end
+  end
+
   describe "create tenant" do
     test "renders tenant when data is valid", %{conn: conn} do
       with_mock JwtVerification, verify: fn _token, _secret, _jwks -> {:ok, %{}} end do