apunkt/plano
1
0
Fork 0
mirror of https://github.com/katanemo/plano.git synced 2026-05-09 07:42:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

obfuscate auth header (#254)

Browse source
This commit is contained in:
Adil Hafeez 2024-11-08 15:17:39 -06:00 committed by GitHub
parent 88d0f99866
commit 9081eb0f7f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 49 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
crates/common/src/lib.rs
View file

@ -11,3 +11,4 @@ pub mod ratelimit;
pub mod routing; pub mod routing;
pub mod stats; pub mod stats;
pub mod tokenizer; pub mod tokenizer;
pub mod pii;

44
crates/common/src/pii.rs Normal file
View file

@ -0,0 +1,44 @@
pub fn obfuscate_auth_header(headers: &mut [(String, String)]) -> &[(String, String)] {
headers.iter_mut().for_each(|(key, value)| {
if key.to_lowercase() == "authorization" {
if value.starts_with("Bearer ") {
*value = "Bearer ***".to_string();
} else {
*value = "***".to_string();
}
}
});
headers
}
#[cfg(test)]
mod test {
use crate::pii::obfuscate_auth_header;
#[test]
pub fn test_obfuscate_auth_header() {
let mut headers = vec![("Authorization".to_string(), "Bearer 1234".to_string())];
obfuscate_auth_header(&mut headers);
assert_eq!(
headers,
vec![("Authorization".to_string(), "Bearer ***".to_string())]
);
}
#[test]
pub fn test_obfuscate_no_auth_header_found() {
let mut headers = vec![
(":path".to_string(), "/healthz".to_string()),
(":method".to_string(), "POST".to_string()),
];
obfuscate_auth_header(&mut headers);
assert_eq!(
headers,
vec![
(":path".to_string(), "/healthz".to_string()),
(":method".to_string(), "POST".to_string()),
]
);
}
}

3
crates/llm_gateway/src/stream_context.rs
View file

@ -10,6 +10,7 @@ use common::consts::{
}; };
use common::errors::ServerError; use common::errors::ServerError;
use common::llm_providers::LlmProviders; use common::llm_providers::LlmProviders;
use common::pii::obfuscate_auth_header;
use common::ratelimit::Header; use common::ratelimit::Header;
use common::{ratelimit, routing, tokenizer}; use common::{ratelimit, routing, tokenizer};
use http::StatusCode; use http::StatusCode;
@ -153,7 +154,7 @@ impl HttpContext for StreamContext {
debug!( debug!(
"on_http_request_headers S[{}] req_headers={:?}", "on_http_request_headers S[{}] req_headers={:?}",
self.context_id, self.context_id,
self.get_http_request_headers() obfuscate_auth_header(&mut self.get_http_request_headers())
); );
self.request_id = self.get_http_request_header(REQUEST_ID_HEADER); self.request_id = self.get_http_request_header(REQUEST_ID_HEADER);

4
crates/prompt_gateway/src/http_context.rs
View file

@ -13,7 +13,7 @@ use common::{
HEALTHZ_PATH, REQUEST_ID_HEADER, TOOL_ROLE, TRACE_PARENT_HEADER, USER_ROLE, HEALTHZ_PATH, REQUEST_ID_HEADER, TOOL_ROLE, TRACE_PARENT_HEADER, USER_ROLE,
}, },
errors::ServerError, errors::ServerError,
http::{CallArgs, Client}, http::{CallArgs, Client}, pii::obfuscate_auth_header,
}; };
use http::StatusCode; use http::StatusCode;
use log::{debug, trace, warn}; use log::{debug, trace, warn};
@ -48,7 +48,7 @@ impl HttpContext for StreamContext {
trace!( trace!(
"on_http_request_headers S[{}] req_headers={:?}", "on_http_request_headers S[{}] req_headers={:?}",
self.context_id, self.context_id,
self.get_http_request_headers() obfuscate_auth_header(&mut self.get_http_request_headers())
); );
self.request_id = self.get_http_request_header(REQUEST_ID_HEADER); self.request_id = self.get_http_request_header(REQUEST_ID_HEADER);