fix(http_bridge): redact headers

Fixes https://emqx.atlassian.net/browse/EMQX-11864

```
2024-02-20T15:51:34.744509+00:00 [debug] msg: http_connector_received, mfa: emqx_bridge_http_connector:on_query_async/4(471), tag: QUERY_ASYNC, request: {"/bah",[{<<"Authorization">>,<<"******">>},{<<"content-type">>,<<"application/json">>},{<<"authorization">>,<<"******">>},{<<"content-type">>,<<"application/json">>}],<<"******">>}, state: #{port => 18083,request => #{path => [<<>>],body => undefined,headers => [{[<<"content-type">>],[<<"application/json">>]},{[<<"Authorization">>],#Fun<emqx_secret.0.85191762>}],method => [<<"undefined">>],max_retries => 2,request_timeout => 30000},host => "localhost",connect_timeout => 15000,pool_type => random,pool_name => <<"connector:http:p1">>,base_path => "/",installed_actions => #{<<"action:http:p1:connector:http:p1">> => #{path => [<<"/bah">>],body => undefined,headers => [{[<<"authorization">>],#Fun<emqx_secret.0.85191762>},{[<<"content-type">>],[<<"application/json">>]}],method => [<<"post">>],max_retries => 2,request_timeout => 30000,render_template_func => fun emqx_bridge_http_connector:render_template/2}}}, connector: <<"connector:http:p1">>, note: the request body is redacted due to security reasons
```
This commit is contained in:
Thales Macedo Garitezi 2024-02-20 12:52:12 -03:00
parent 31d48ad529
commit b6689d178f
3 changed files with 4 additions and 3 deletions

View File

@ -1,6 +1,6 @@
{application, emqx_bridge_http, [ {application, emqx_bridge_http, [
{description, "EMQX HTTP Bridge and Connector Application"}, {description, "EMQX HTTP Bridge and Connector Application"},
{vsn, "0.2.2"}, {vsn, "0.2.3"},
{registered, []}, {registered, []},
{applications, [kernel, stdlib, emqx_resource, ehttpc]}, {applications, [kernel, stdlib, emqx_resource, ehttpc]},
{env, [{emqx_action_info_modules, [emqx_bridge_http_action_info]}]}, {env, [{emqx_action_info_modules, [emqx_bridge_http_action_info]}]},

View File

@ -876,9 +876,9 @@ redact(Data) ->
%% and we also can't know the body format and where the sensitive data will be %% and we also can't know the body format and where the sensitive data will be
%% so the easy way to keep data security is redacted the whole body %% so the easy way to keep data security is redacted the whole body
redact_request({Path, Headers}) -> redact_request({Path, Headers}) ->
{Path, Headers}; {Path, redact(Headers)};
redact_request({Path, Headers, _Body}) -> redact_request({Path, Headers, _Body}) ->
{Path, Headers, <<"******">>}. {Path, redact(Headers), <<"******">>}.
clientid(Msg) -> maps:get(clientid, Msg, undefined). clientid(Msg) -> maps:get(clientid, Msg, undefined).

View File

@ -0,0 +1 @@
Redacted authorization headers from debug logs from HTTP bridge.