questions about correct reveal-mode usage to hide passwords

[Ted Zlatanov <tzz@lifelogs.com>]

Hello,

Following up on some old threads, I am trying to convert `authinfo-mode'
(which Lars wrote) into a proper minor mode that can be used anywhere. I
named the new minor mode `auth-source-reveal-mode' because in the Emacs
scope, it will primarily live in auth-source.el and be used for visually
hiding passwords in netrc/authinfo/JSON files.

I am including the change below, and it's also in the branch
scratch/tzz/auth-source-reveal-mode

I ran into two problems with converting `authinfo-mode':

* it doesn't update when the buffer is changed, but rather does one
  initial scan to install the overlays and then turns on `reveal-mode'.
  So further editing doesn't update, e.g. "password xyz" edited to "pass
  xyz" doesn't remove the hiding on xyz. I tried to add after-change
  functions but they don't seem to work well. Managing the overlays is a
  bit of a chore. It feels like reveal-mode should have a more automatic
  way of tracking this but I couldn't find it. I would appreciate some
  help there.

* it doesn't have JSON support, so I'll need to add that. Re-parsing the
  entire buffer is too expensive. Is there a way to scan a smaller
  region using the built-in JSON parser? Or should I drop down to
  regular expressions to match "password": "xyz"? Currently that's a
  (debug) TODO and not as important as the above.

(While researching this, I compared notes with the external packages
hidepw-mode and password-mode. One[1] uses font-lock mode to adapt to
change dynamically, which works well for live editing, but you can't see
the password when you're editing it. The other[2] also doesn't seem to
handle editing changes.)

[1] https://github.com/jekor/hidepw/blob/master/hidepw.el
[2] https://github.com/juergenhoetzel/password-mode/blob/master/password-mode.el

Thanks!
Ted

--------------------------------------------------------------------

;;; Tiny minor mode for editing .netrc/.authinfo modes (that basically
;;; just hides passwords).

(defcustom auth-source-reveal-regex "password"
  "Regexp matching tokens or JSON keys in .authinfo/.netrc/JSON files.
The text following the tokens or under the JSON keys will be hidden."
  :type 'regexp
  :version "27.1")

(defcustom auth-source-reveal-json-modes '(json-mode js-mode js2-mode rjsx-mode)
  "List of symbols for modes that should use JSON parsing logic."
  :type 'list
  :version "27.1")

(defun auth-source-reveal--propertize (start end hide)
  (save-excursion
    (goto-char start)
    (if (member major-mode auth-source-reveal-json-modes)
        ;; JSON modes
        (debug)
      ;; non-JSON modes
      (save-restriction
        (narrow-to-region (min (point-at-bol) start)
                          (max (point-at-eol) end))
        (cl-dolist (o (overlays-in (point-min) (point-max)))
          (when (overlay-get o 'display)
            (delete-overlay o)))
        (while (re-search-forward (format "\\(\\s-\\|^\\)\\(%s\\)\\s-+"
                                          auth-source-reveal-regex)
                                  nil t)
          (when (auth-source-netrc-looking-at-token)
            (let ((overlay (make-overlay (match-beginning 0) (match-end 0))))
              (auth-source-reveal--display overlay hide)
              (overlay-put overlay 'reveal-toggle-invisible
                           #'auth-source-reveal--display))))))))

(defun auth-source-reveal--display (overlay hide)
  (if hide
      (overlay-put overlay 'display
                   ;; Make a string of * of the same size as the original
                   (propertize (make-string 6 ?*) 'face 'warning))
    (overlay-put overlay 'display nil)))

(defun auth-source-reveal-after-change-function (start stop n)
  (auth-source-reveal--propertize start stop auth-source-reveal-mode))

;; (progn
;;   (setq auth-source-reveal-json-modes '(emacs-lisp-mode lisp-interaction-mode))
;;   (auth-source-reveal-mode t))

;; (auth-source-reveal-mode -1)

;;;###autoload
(define-minor-mode auth-source-reveal-mode
  "Toggle password hiding for auth-source files using `reveal-mode'.

If called interactively, enable auth-source-reveal mode if ARG is
positive, and disable it if ARG is zero or negative.  If called
from Lisp, also enable the mode if ARG is omitted or nil, and
toggle it if ARG is toggle; disable the mode otherwise.

When auth-source-reveal mode is enabled, password will be hidden
using an overlay.  See `auth-source-password-hide-regex' for the
regex matching the tokens and keys associated with passwords."
  ;; The initial value.
  :init-value nil
  ;; The indicator for the mode line.
  :lighter " asr"
  :group 'auth-source

  (auth-source-do-trivia "Setting auth-source-reveal-mode to %S"
                         auth-source-reveal-mode)
  (if auth-source-reveal-mode
      (add-hook 'after-change-functions #'auth-source-reveal-after-change-function nil t)
    (remove-hook 'after-change-functions #'auth-source-reveal-after-change-function t))
  (auth-source-reveal--propertize (point-min) (point-max) auth-source-reveal-mode)
  (reveal-mode (if auth-source-reveal-mode 1 -1)))