Potential fix for code scanning alert no. 4: Exposure of private information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: NafisianCastle

YTVidShareBackend/VideoSharingService/VideoSharingService/Controllers/UserController.cs

@@ -5,6 +5,8 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using System;
+using System.Security.Cryptography;
+using System.Text;
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using VideoSharingService.Data.DTOs;
@@ -34,6 +36,19 @@ private string MaskEmail(string email)
                 : prefix.Substring(0, 1) + new string('*', prefix.Length - 2) + prefix.Substring(prefix.Length - 1, 1);
             return $"{maskedPrefix}@{domain}";
         }
+
+        // Hash email address using SHA256 for logging (not reversible)
+        private string HashEmail(string email)
+        {
+            if (string.IsNullOrEmpty(email))
+                return "unknown";
+            
+            using (SHA256 sha256Hash = SHA256.Create())
+            {
+                byte[] bytes = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(email));
+                return Convert.ToBase64String(bytes);
+            }
+        }
         private readonly IUnitOfWork _unitOfWork;
         private readonly ILogger<UserController> _logger;
         private readonly IMapper _mapper;
@@ -133,7 +148,7 @@ public async Task<IActionResult> Register([FromBody] CreateUserDTO userDTO)
         public async Task<IActionResult> Login([FromBody] LoginDTO userDTO)
         {
             var sanitizedEmail = userDTO.Email?.Replace("\r", "").Replace("\n", "");
-            _logger.LogInformation($"Login attempt for {MaskEmail(sanitizedEmail)}");
+            _logger.LogInformation($"Login attempt for email hash {HashEmail(sanitizedEmail)}");
             if (!ModelState.IsValid)
             {
                 _logger.LogError($"Invalid post attempt {nameof(Login)}");