From 998c7ca1b3d72022577916bfad952da3a3295e15 Mon Sep 17 00:00:00 2001
From: Logan Garrett <lgarrett@istreamplanet.com>
Date: Mon, 14 Mar 2022 14:36:44 -0700
Subject: [PATCH 1/2] feat: enable applications to redact headers from recovery
 handler

---
 middleware/recovery.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/middleware/recovery.go b/middleware/recovery.go
index 14a24079..04bdb851 100644
--- a/middleware/recovery.go
+++ b/middleware/recovery.go
@@ -78,6 +78,13 @@ func (r *bufferedReadCloser) Close() error {
 	return r.reader.Close()
 }
 
+// RemovedHeaders defines a list of HTTP headers that will be redacted from the
+// request in the Recovery handler--if any logging or other output occurs, these
+// headings will have value '<redacted>'.
+var RemovedHeaders []string
+
+const redacted = "<redacted>"
+
 // PanicFunc defines a function to run after a panic, which allows you to set
 // up custom logging, metrics, etc.
 type PanicFunc func(ctx context.Context, err error, request string)
@@ -105,6 +112,10 @@ func Recovery(onPanic PanicFunc) func(http.Handler) http.Handler {
 				r = r.WithContext(context.WithValue(r.Context(), bufContextKey, buf))
 			}
 
+			for _, v := range RemovedHeaders {
+				r.Header.Set(v, redacted)
+			}
+
 			// Recovering comes *after* the above so the buffer is not returned to
 			// the pool until after we print out its contents. This deferred func
 			// is used to recover from panics and deliberately left in-line.

From 04a61a746fb4909d2d331258a458ef90df621a61 Mon Sep 17 00:00:00 2001
From: Logan Garrett <lgarrett@istreamplanet.com>
Date: Mon, 14 Mar 2022 14:55:00 -0700
Subject: [PATCH 2/2] fix: default behavior removes auth header

---
 middleware/recovery.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/middleware/recovery.go b/middleware/recovery.go
index 04bdb851..7431d1c1 100644
--- a/middleware/recovery.go
+++ b/middleware/recovery.go
@@ -80,8 +80,10 @@ func (r *bufferedReadCloser) Close() error {
 
 // RemovedHeaders defines a list of HTTP headers that will be redacted from the
 // request in the Recovery handler--if any logging or other output occurs, these
-// headings will have value '<redacted>'.
-var RemovedHeaders []string
+// headings will have value '<redacted>'. By default, a huma service removes the
+// 'Authorization' header to avoid leaking sensitive information, but clients
+// can override this with an empty slice.
+var RemovedHeaders = []string{"Authorization"}
 
 const redacted = "<redacted>"