Charon/backend/internal/api/middleware/sanitize.go

package middleware

import (
    "net/http"
    "strings"

    "github.com/Wikid82/charon/backend/internal/util"
)

// SanitizeHeaders returns a map of header keys to redacted/sanitized values
// for safe logging. Sensitive headers are redacted; other values are
// sanitized using util.SanitizeForLog and truncated.
func SanitizeHeaders(h http.Header) map[string][]string {
    if h == nil {
        return nil
    }
    sensitive := map[string]struct{}{
        "authorization":        {},
        "cookie":               {},
        "set-cookie":           {},
        "proxy-authorization":  {},
        "x-api-key":            {},
        "x-api-token":          {},
        "x-access-token":       {},
        "x-auth-token":         {},
        "x-api-secret":         {},
        "x-forwarded-for":     {},
    }
    out := make(map[string][]string, len(h))
    for k, vals := range h {
        keyLower := strings.ToLower(k)
        if _, ok := sensitive[keyLower]; ok {
            out[k] = []string{"<redacted>"}
            continue
        }
        sanitizedVals := make([]string, 0, len(vals))
        for _, v := range vals {
            v2 := util.SanitizeForLog(v)
            if len(v2) > 200 {
                v2 = v2[:200]
            }
            sanitizedVals = append(sanitizedVals, v2)
        }
        out[k] = sanitizedVals
    }
    return out
}

// SanitizePath prepares a request path for safe logging by removing
// control characters and truncating long values. It does not include
// query parameters.
func SanitizePath(p string) string {
    // remove query string
    if i := strings.Index(p, "?"); i != -1 {
        p = p[:i]
    }
    p = util.SanitizeForLog(p)
    if len(p) > 200 {
        p = p[:200]
    }
    return p
}