| 171 | } |
| 172 | |
| 173 | func getRedactedAuthHeader(req *http.Request) string { |
| 174 | authHeader := req.Header.Get("Authorization") |
| 175 | parts := strings.SplitN(authHeader, " ", 2) |
| 176 | |
| 177 | if len(authHeader) < 10 || len(parts) < 2 { |
| 178 | // too short to safely reveal any part |
| 179 | return strings.Repeat("*", len(authHeader)) |
| 180 | } |
| 181 | |
| 182 | authType, token := parts[0], parts[1] |
| 183 | if len(token) < 10 { |
| 184 | // second word too short to reveal any, but show first word |
| 185 | return authType + " " + strings.Repeat("*", len(token)) |
| 186 | } |
| 187 | |
| 188 | // show first 4 chars of token to help with debugging (will often be "ghp_") |
| 189 | return authType + " " + token[:4] + strings.Repeat("*", len(token)-4) |
| 190 | } |