Redact the Authorization header for safer sharing

This redacts the Authorization header, but shows whether a Basic or Bearer token was used, just not the value. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
openfaas · Nov 22, 2023 · 3e76c8c · 3e76c8c
1 parent f0bcb31
commit 3e76c8c
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/proxy/client.go b/proxy/client.go
@@ -103,7 +103,21 @@ func (c *Client) newRequest(method, path string, query url.Values, body io.Reade
 	if os.Getenv("FAAS_DEBUG") == "1" {
 		fmt.Printf("%s %s\n", req.Method, req.URL.String())
 		for k, v := range req.Header {
-			fmt.Printf("%s: %s\n", k, v)
+			if k == "Authorization" {
+				auth := "[REDACTED]"
+				if len(v) == 0 {
+					auth = "[NOT_SET]"
+				} else {
+					l, _, ok := strings.Cut(v[0], " ")
+					if ok && (l == "Basic" || l == "Bearer") {
+						auth = l + " REDACTED"
+					}
+				}
+				fmt.Printf("%s: %s\n", k, auth)
+
+			} else {
+				fmt.Printf("%s: %s\n", k, v)
+			}
 		}
 
 		if len(bodyDebug) > 0 {