gopkg/gin
2
0
Fork 0
Code Pull Requests Activity

Remove contents of the Authorization header while dumping requests (#1836)

Browse Source 
This PR replaces the contents of that header with a *. This prevents
credential leak in logs.
This commit is contained in:
Abhishek Chanda
2019-04-18 03:45:37 +01:00
committed by 田欧
parent ffcbe77b1e
commit f9de6049cb
2 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
recovery.go
+8 -1
View File
@@ -53,11 +53,18 @@ func RecoveryWithWriter(out io.Writer) HandlerFunc {
if logger != nil {
stack := stack(3)
httpRequest, _ := httputil.DumpRequest(c.Request, false)
headers := strings.Split(string(httpRequest), "\r\n")
for idx, header := range headers {
current := strings.Split(header, ":")
if current[0] == "Authorization" {
headers[idx] = current[0] + ": *"
}
}
if brokenPipe {
logger.Printf("%s\n%s%s", err, string(httpRequest), reset)
} else if IsDebugging() {
logger.Printf("[Recovery] %s panic recovered:\n%s\n%s\n%s%s",
timeFormat(time.Now()), string(httpRequest), err, stack, reset)
timeFormat(time.Now()), strings.Join(headers, "\r\n"), err, stack, reset)
} else {
logger.Printf("[Recovery] %s panic recovered:\n%s\n%s%s",
timeFormat(time.Now()), err, stack, reset)