Merge pull request #29 from danielgtaylor/lg/redact-jwt

feat: enable applications to redact headers from recovery handler
danielgtaylor · Mar 15, 2022 · ef18a59 · ef18a59
2 parents 269f9ad + 04a61a7
commit ef18a59
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/middleware/recovery.go b/middleware/recovery.go
@@ -78,6 +78,15 @@ func (r *bufferedReadCloser) Close() error {
 	return r.reader.Close()
 }
 
+// RemovedHeaders defines a list of HTTP headers that will be redacted from the
+// request in the Recovery handler--if any logging or other output occurs, these
+// headings will have value '<redacted>'. By default, a huma service removes the
+// 'Authorization' header to avoid leaking sensitive information, but clients
+// can override this with an empty slice.
+var RemovedHeaders = []string{"Authorization"}
+
+const redacted = "<redacted>"
+
 // PanicFunc defines a function to run after a panic, which allows you to set
 // up custom logging, metrics, etc.
 type PanicFunc func(ctx context.Context, err error, request string)
@@ -105,6 +114,10 @@ func Recovery(onPanic PanicFunc) func(http.Handler) http.Handler {
 				r = r.WithContext(context.WithValue(r.Context(), bufContextKey, buf))
 			}
 
+			for _, v := range RemovedHeaders {
+				r.Header.Set(v, redacted)
+			}
+
 			// Recovering comes *after* the above so the buffer is not returned to
 			// the pool until after we print out its contents. This deferred func
 			// is used to recover from panics and deliberately left in-line.