refactor(recovery): extract Authorization header masking into maskAuthorization func (#4143)

* refactor(recovery): extract Authorization header masking into maskAuthorization func

* test(recovery): Add a test for maskAuthorization

recovery.go

@@ -70,12 +70,7 @@ func CustomRecoveryWithWriter(out io.Writer, handle RecoveryFunc) HandlerFunc {
 					stack := stack(3)
 					httpRequest, _ := httputil.DumpRequest(c.Request, false)
 					headers := strings.Split(string(httpRequest), "\r\n")
-					for idx, header := range headers {
-						key, _, _ := strings.Cut(header, ":")
-						if key == "Authorization" {
-							headers[idx] = key + ": *"
-						}
-					}
+					maskAuthorization(headers)
 					headersToStr := strings.Join(headers, "\r\n")
 					if brokenPipe {
 						logger.Printf("%s\n%s%s", err, headersToStr, reset)
@@ -131,6 +126,16 @@ func stack(skip int) []byte {
 	return buf.Bytes()
 }
 
+// maskAuthorization replaces any "Authorization: <token>" header with "Authorization: *", hiding sensitive credentials.
+func maskAuthorization(headers []string) {
+	for idx, header := range headers {
+		key, _, _ := strings.Cut(header, ":")
+		if strings.EqualFold(key, "Authorization") {
+			headers[idx] = key + ": *"
+		}
+	}
+}
+
 // source returns a space-trimmed slice of the n'th line.
 func source(lines [][]byte, n int) []byte {
 	n-- // in stack trace, lines are 1-indexed but our array is 0-indexed