Skip to content

refactor(recovery): extract Authorization header masking into maskAuthorization func#4143

Merged
appleboy merged 2 commits into
gin-gonic:masterfrom
zeek0x:refactor/maskAuthorization
Jun 2, 2025
Merged

refactor(recovery): extract Authorization header masking into maskAuthorization func#4143
appleboy merged 2 commits into
gin-gonic:masterfrom
zeek0x:refactor/maskAuthorization

Conversation

@zeek0x

@zeek0x zeek0x commented Jan 19, 2025

Copy link
Copy Markdown
Contributor

Hi :)

Extract Authorization header masking into maskAuthorization func for better readability.

@appleboy

appleboy commented May 29, 2025

Copy link
Copy Markdown
Member

please resolve conflicts.

@appleboy appleboy added type/bug Found something you weren't expecting? Report it here! enhancement and removed type/bug Found something you weren't expecting? Report it here! labels May 29, 2025
@zeek0x zeek0x force-pushed the refactor/maskAuthorization branch 2 times, most recently from 61986d6 to 8e9ba2d Compare May 29, 2025 07:11
@appleboy appleboy requested a review from Copilot May 31, 2025 00:28
@codecov

codecov Bot commented May 31, 2025
edited
Loading

Copy link
Copy Markdown

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.92%. Comparing base (3dc1cd6) to head (32b3414).
Report is 129 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4143      +/-   ##
==========================================
- Coverage   99.21%   98.92%   -0.30%     
==========================================
  Files          42       44       +2     
  Lines        3182     3434     +252     
==========================================
+ Hits         3157     3397     +240     
- Misses         17       26       +9     
- Partials        8       11       +3
Flag Coverage Δ
?
--ldflags="-checklinkname=0" -tags sonic 98.85% <100.00%> (?)
-tags go_json 98.85% <100.00%> (?)
-tags nomsgpack 98.90% <100.00%> (?)
go-1.18 ?
go-1.19 ?
go-1.20 ?
go-1.21 ?
go-1.23 98.92% <100.00%> (?)
go-1.24 98.92% <100.00%> (?)
macos-latest 98.92% <100.00%> (-0.30%) ⬇️
ubuntu-latest 98.92% <100.00%> (-0.30%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI reviewed May 31, 2025
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Extract the inline Authorization header masking logic into a dedicated maskAuthorization helper for clarity and reuse.

  • Introduced a maskAuthorization function with a doc comment.
  • Replaced the inline loop in CustomRecoveryWithWriter with the new helper.
  • Added TestMaskAuthorization to validate the masking behavior.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
recovery.go Extracted header-masking loop into maskAuthorization and added documentation
recovery_test.go Added TestMaskAuthorization to ensure Authorization tokens are hidden
Comments suppressed due to low confidence (1)

recovery_test.go:93

  • Consider adding a test case with a lowercase authorization: ... header to verify that maskAuthorization handles header names case-insensitively.
headers := []string{

Comment thread recovery.go Outdated
Comment on lines +133 to +137
func maskAuthorization(headers *[]string) {
for idx, header := range *headers {
key, _, _ := strings.Cut(header, ":")
if key == "Authorization" {
(*headers)[idx] = key + ": *"

Copilot AI May 31, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Avoid using a pointer to a slice since slices are reference types in Go; consider using func maskAuthorization(headers []string) []string or modify the slice in-place without a pointer for clearer intent.

Suggested change
func maskAuthorization(headers *[]string) {
for idx, header := range *headers {
key, _, _ := strings.Cut(header, ":")
if key == "Authorization" {
(*headers)[idx] = key + ": *"
func maskAuthorization(headers []string) {
for idx, header := range headers {
key, _, _ := strings.Cut(header, ":")
if key == "Authorization" {
headers[idx] = key + ": *"

Copilot uses AI. Check for mistakes.
Comment thread recovery.go Outdated
func maskAuthorization(headers *[]string) {
for idx, header := range *headers {
key, _, _ := strings.Cut(header, ":")
if key == "Authorization" {

Copilot AI May 31, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comparing header keys with a case-sensitive key == "Authorization" may miss variations like authorization:; use strings.EqualFold(key, "Authorization") for case-insensitive matching.

Suggested change
if key == "Authorization" {
if strings.EqualFold(key, "Authorization") {

Copilot uses AI. Check for mistakes.
@zeek0x zeek0x force-pushed the refactor/maskAuthorization branch from 8e9ba2d to 32b3414 Compare June 1, 2025 08:21
@appleboy appleboy added this to the v1.11 milestone Jun 1, 2025
@appleboy appleboy merged commit e30123a into gin-gonic:master Jun 2, 2025
24 of 25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@appleboy appleboy appleboy approved these changes

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

v1.11

Development

Successfully merging this pull request may close these issues.

3 participants

@zeek0x @appleboy