From f3920afe8c4c6b15f415be18a898d66ea7bfee43 Mon Sep 17 00:00:00 2001
From: Dan Sosedoff <dan.sosedoff@gmail.com>
Date: Sun, 10 Jan 2016 15:16:31 -0600
Subject: [PATCH] Only expose sessions data in debug mode, otherwise return
 just a count of sessions

---
 pkg/api/api.go       | 9 ++++++++-
 pkg/client/client.go | 4 ++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkg/api/api.go b/pkg/api/api.go
index 0cad11d..cf07225 100644
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -56,7 +56,14 @@ func GetAsset(c *gin.Context) {
 }
 
 func GetSessions(c *gin.Context) {
-	c.JSON(200, DbSessions)
+	// In debug mode endpoint will return a lot of sensitive information
+	// like full database connection string and all query history.
+	if command.Opts.Debug {
+		c.JSON(200, DbSessions)
+		return
+	}
+
+	c.JSON(200, map[string]int{"sessions": len(DbSessions)})
 }
 
 func Connect(c *gin.Context) {
diff --git a/pkg/client/client.go b/pkg/client/client.go
index d7ad76b..412134a 100644
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@@ -15,8 +15,8 @@ import (
 
 type Client struct {
 	db               *sqlx.DB
-	History          []history.Record
-	ConnectionString string
+	History          []history.Record `json:"history"`
+	ConnectionString string           `json:"connection_string"`
 }
 
 // Struct to hold table rows browsing options