From 1d1f5573b03f82c929710bac58f02c1eeeaea51e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?France=CC=81=20Wilke?= <francewilke@gmail.com>
Date: Thu, 8 Dec 2022 14:44:50 +0200
Subject: [PATCH] Exclude authorisation header from api logs

---
 api_logs/api-logs.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/api_logs/api-logs.go b/api_logs/api-logs.go
index 33043db..e41caec 100644
--- a/api_logs/api-logs.go
+++ b/api_logs/api-logs.go
@@ -60,6 +60,14 @@ func GenerateIncomingAPILog(startTime time.Time, requestID *string, claim map[st
 		typeString = "webhook-incoming"
 	}
 
+	// Remove the API key in the header
+	if req.Headers["authorization"] != "" {
+		req.Headers["authorization"] = "***"
+	}
+	if req.Headers["Authorization"] != "" {
+		req.Headers["Authorization"] = "***"
+	}
+
 	apiLog := ApiLog{
 		StartTime:           startTime,
 		EndTime:             endTime,
-- 
GitLab