refactor(recovery): extract Authorization header masking into maskAuthorization func

2025-04-06 03:57:46 +08:00 · 2025-01-19 18:05:28 +09:00 · 2025-01-19 18:05:28 +09:00 · e33e0c795c
commit e33e0c795c
parent 3f818c3fa6
1 changed files with 11 additions and 6 deletions
--- a/recovery.go
+++ b/recovery.go
@ -73,12 +73,7 @@ func CustomRecoveryWithWriter(out io.Writer, handle RecoveryFunc) HandlerFunc {
 					stack := stack(3)
 					httpRequest, _ := httputil.DumpRequest(c.Request, false)
 					headers := strings.Split(string(httpRequest), "\r\n")
-					for idx, header := range headers {
-						current := strings.Split(header, ":")
-						if current[0] == "Authorization" {
-							headers[idx] = current[0] + ": *"
-						}
-					}
+					maskAuthorization(&headers)
 					headersToStr := strings.Join(headers, "\r\n")
 					if brokenPipe {
 						logger.Printf("%s\n%s%s", err, headersToStr, reset)
@ -134,6 +129,16 @@ func stack(skip int) []byte {
 	return buf.Bytes()
 }

+// maskAuthorization replaces any "Authorization: <token>" header with "Authorization: *", hiding sensitive credentials.
+func maskAuthorization(headers *[]string) {
+	for idx, header := range *headers {
+		current := strings.Split(header, ":")
+		if current[0] == "Authorization" {
+			(*headers)[idx] = current[0] + ": *"
+		}
+	}
+}
+
 // source returns a space-trimmed slice of the n'th line.
 func source(lines [][]byte, n int) []byte {
 	n-- // in stack trace, lines are 1-indexed but our array is 0-indexed