fix(http_bridge): redact headers

Fixes https://emqx.atlassian.net/browse/EMQX-11864 ``` 2024-02-20T15:51:34.744509+00:00 [debug] msg: http_connector_received, mfa: emqx_bridge_http_connector:on_query_async/4(471), tag: QUERY_ASYNC, request: {"/bah",[{<<"Authorization">>,<<"******">>},{<<"content-type">>,<<"application/json">>},{<<"authorization">>,<<"******">>},{<<"content-type">>,<<"application/json">>}],<<"******">>}, state: #{port => 18083,request => #{path => [<<>>],body => undefined,headers => [{[<<"content-type">>],[<<"application/json">>]},{[<<"Authorization">>],#Fun<emqx_secret.0.85191762>}],method => [<<"undefined">>],max_retries => 2,request_timeout => 30000},host => "localhost",connect_timeout => 15000,pool_type => random,pool_name => <<"connector:http:p1">>,base_path => "/",installed_actions => #{<<"action:http:p1:connector:http:p1">> => #{path => [<<"/bah">>],body => undefined,headers => [{[<<"authorization">>],#Fun<emqx_secret.0.85191762>},{[<<"content-type">>],[<<"application/json">>]}],method => [<<"post">>],max_retries => 2,request_timeout => 30000,render_template_func => fun emqx_bridge_http_connector:render_template/2}}}, connector: <<"connector:http:p1">>, note: the request body is redacted due to security reasons ```
2024-02-20 12:52:12 -03:00 · 2024-02-20 12:52:12 -03:00 · b6689d178f
parent 31d48ad529
commit b6689d178f
3 changed files with 4 additions and 3 deletions
--- a/apps/emqx_bridge_http/src/emqx_bridge_http.app.src
+++ b/apps/emqx_bridge_http/src/emqx_bridge_http.app.src
@ -1,6 +1,6 @@
 {application, emqx_bridge_http, [
    {description, "EMQX HTTP Bridge and Connector Application"},
-    {vsn, "0.2.2"},
+    {vsn, "0.2.3"},
    {registered, []},
    {applications, [kernel, stdlib, emqx_resource, ehttpc]},
    {env, [{emqx_action_info_modules, [emqx_bridge_http_action_info]}]},
--- a/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl
+++ b/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl
@ -876,9 +876,9 @@ redact(Data) ->
 %% and we also can't know the body format and where the sensitive data will be
 %% so the easy way to keep data security is redacted the whole body
 redact_request({Path, Headers}) ->
-    {Path, Headers};
+    {Path, redact(Headers)};
 redact_request({Path, Headers, _Body}) ->
-    {Path, Headers, <<"******">>}.
+    {Path, redact(Headers), <<"******">>}.

 clientid(Msg) -> maps:get(clientid, Msg, undefined).

--- a/changes/ce/fix-12542.en.md
+++ b/changes/ce/fix-12542.en.md
@ -0,0 +1 @@
+Redacted authorization headers from debug logs from HTTP bridge.
				`@ -0,0 +1 @@`
				`Redacted authorization headers from debug logs from HTTP bridge.`