feat(logging): centralize sensitive header masking

2026-02-03 13:00:52 +08:00 · 2025-10-18 17:16:00 +08:00
parent 307ae76ed4
commit 9f45806106
3 changed files with 52 additions and 17 deletions
--- a/internal/runtime/executor/logging_helpers.go
+++ b/internal/runtime/executor/logging_helpers.go
@@ -275,7 +275,8 @@ func writeHeaders(builder *strings.Builder, headers http.Header) {
 			continue
 		}
 		for _, value := range values {
-			builder.WriteString(fmt.Sprintf("%s: %s\n", key, sanitizeHeaderValue(key, value)))
+			masked := util.MaskSensitiveHeaderValue(key, value)
+			builder.WriteString(fmt.Sprintf("%s: %s\n", key, masked))
 		}
 	}
 }
@@ -319,18 +320,3 @@ func formatAuthInfo(info upstreamRequestLog) string {

 	return strings.Join(parts, ", ")
 }
-
-func sanitizeHeaderValue(key, value string) string {
-	trimmedValue := strings.TrimSpace(value)
-	lowerKey := strings.ToLower(strings.TrimSpace(key))
-	switch {
-	case strings.Contains(lowerKey, "authorization"),
-		strings.Contains(lowerKey, "api-key"),
-		strings.Contains(lowerKey, "apikey"),
-		strings.Contains(lowerKey, "token"),
-		strings.Contains(lowerKey, "secret"):
-		return util.HideAPIKey(trimmedValue)
-	default:
-		return trimmedValue
-	}
-}