|
29 | 29 | ErrInvalidAuthHeader = errors.New("invalid Authorization header format") |
30 | 30 | ) |
31 | 31 |
|
| 32 | +// sanitizeForLogging returns a sanitized version of the input string for safe logging. |
| 33 | +// It shows only the first 4 characters followed by "..." to prevent exposing sensitive data. |
| 34 | +// For strings with 4 or fewer characters, it returns only "...". |
| 35 | +func sanitizeForLogging(input string) string { |
| 36 | + if len(input) > 4 { |
| 37 | + return input[:4] + "..." |
| 38 | + } else if len(input) > 0 { |
| 39 | + return "..." |
| 40 | + } |
| 41 | + return "" |
| 42 | +} |
| 43 | + |
32 | 44 | // ParseAuthHeader parses the Authorization header and extracts the API key and agent ID. |
33 | 45 | // Per MCP spec 7.1, the Authorization header should contain the API key directly |
34 | 46 | // without any Bearer prefix or other scheme. |
|
42 | 54 | // - agentID: The extracted agent/session identifier |
43 | 55 | // - error: ErrMissingAuthHeader if header is empty, nil otherwise |
44 | 56 | func ParseAuthHeader(authHeader string) (apiKey string, agentID string, error error) { |
45 | | - // Sanitize header for logging (show only first 4 chars) |
46 | | - sanitized := "" |
47 | | - if len(authHeader) > 4 { |
48 | | - sanitized = authHeader[:4] + "..." |
49 | | - } else if len(authHeader) > 0 { |
50 | | - sanitized = "..." |
51 | | - } |
52 | | - log.Printf("Parsing auth header: sanitized=%s, length=%d", sanitized, len(authHeader)) |
| 57 | + log.Printf("Parsing auth header: sanitized=%s, length=%d", sanitizeForLogging(authHeader), len(authHeader)) |
53 | 58 |
|
54 | 59 | if authHeader == "" { |
55 | 60 | log.Print("Auth header missing, returning error") |
|
0 commit comments