mask user email

src/main/java/com/danielbohry/authservice/config/SecurityConfig.java

@@ -48,7 +48,7 @@ public class SecurityConfig {
                                 "/index.html",
                                 "/css/**",
                                 "/js/**",
-                                "/images/**"
+                                "/img/**"
                         ).permitAll()
                         .requestMatchers("/api/users", "/api/authorize").authenticated()
                         .anyRequest().authenticated()

src/main/resources/static/index.html

@@ -5,6 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Auth Service</title>
     <link rel="stylesheet" href="css/main.css">
+    <link rel="icon" href="img/favicon.png" type="image/png">
 </head>
 <body>
     <div class="container">

src/main/resources/static/js/main.js

@@ -369,7 +369,7 @@ function clearResetPasswordMessages() {
 
 function updateUserDisplay() {
     document.getElementById('currentUsername').textContent = currentUser.username;
-    document.getElementById('currentEmail').textContent = currentUser.email || '-';
+    document.getElementById('currentEmail').textContent = maskUserEmail(currentUser.email) || '-';
     document.getElementById('currentUserId').textContent = maskUserId(currentUser.id);
     document.getElementById('currentRoles').textContent = currentUser.roles.join(', ');
 }
@@ -377,8 +377,6 @@ function updateUserDisplay() {
 function showUserSection() {
     document.getElementById('authSection').style.display = 'none';
     document.getElementById('userSection').classList.add('active');
-
-    // Ensure the main header is visible in user section
     document.querySelector('.header').style.display = 'block';
 
     updateUserDisplay();
@@ -388,11 +386,7 @@ function showResetPasswordSection() {
     document.getElementById('authSection').style.display = 'none';
     document.getElementById('userSection').classList.remove('active');
     document.getElementById('resetPasswordSection').style.display = 'block';
-
-    // Hide the main header to avoid duplicate headers
     document.querySelector('.header').style.display = 'none';
-
-    // Focus on the first input field
     document.getElementById('resetNewPassword').focus();
 }
 
@@ -401,6 +395,24 @@ function maskUserId(id) {
     return parts[0] + "-****-" + parts[4];
 }
 
+function maskUserEmail(email) {
+    if (!email.includes("@")) {
+        return email;
+    }
+
+    const [user, domain] = email.split("@");
+
+    if (user.length <= 2) {
+        return user[0] + "*@" + domain;
+    }
+
+    const first = user[0];
+    const last = user[user.length - 1];
+    const maskedPart = "*".repeat(user.length - 2);
+
+    return `${first}${maskedPart}${last}@${domain}`;
+}
+
 function logout() {
     localStorage.removeItem('authToken');
     localStorage.removeItem('userData');
@@ -408,18 +420,12 @@ function logout() {
 
     document.getElementById('userSection').classList.remove('active');
     document.getElementById('authSection').style.display = 'block';
-
-    // Show the main header when returning to auth section
     document.querySelector('.header').style.display = 'block';
-
     document.getElementById('loginForm').reset();
     document.getElementById('registerForm').reset();
 
-    // Reset edit profile form and hide it
     hideEditProfileForm();
-
     clearMessages();
-
     switchTab('login');
 }