Merge pull request #139 from router-for-me/log

feat(logging): centralize sensitive header masking

internal/logging/request_logger.go

@@ -16,6 +16,7 @@ import (
 	"time"
 
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/interfaces"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
 )
 
 // RequestLogger defines the interface for logging HTTP requests and responses.
@@ -485,7 +486,8 @@ func (l *FileRequestLogger) formatRequestInfo(url, method string, headers map[st
 	content.WriteString("=== HEADERS ===\n")
 	for key, values := range headers {
 		for _, value := range values {
-			content.WriteString(fmt.Sprintf("%s: %s\n", key, value))
+			masked := util.MaskSensitiveHeaderValue(key, value)
+			content.WriteString(fmt.Sprintf("%s: %s\n", key, masked))
 		}
 	}
 	content.WriteString("\n")

internal/runtime/executor/logging_helpers.go

@@ -275,7 +275,8 @@ func writeHeaders(builder *strings.Builder, headers http.Header) {
 			continue
 		}
 		for _, value := range values {
-			builder.WriteString(fmt.Sprintf("%s: %s\n", key, sanitizeHeaderValue(key, value)))
+			masked := util.MaskSensitiveHeaderValue(key, value)
+			builder.WriteString(fmt.Sprintf("%s: %s\n", key, masked))
 		}
 	}
 }
@@ -319,18 +320,3 @@ func formatAuthInfo(info upstreamRequestLog) string {
 
 	return strings.Join(parts, ", ")
 }
-
-func sanitizeHeaderValue(key, value string) string {
-	trimmedValue := strings.TrimSpace(value)
-	lowerKey := strings.ToLower(strings.TrimSpace(key))
-	switch {
-	case strings.Contains(lowerKey, "authorization"),
-		strings.Contains(lowerKey, "api-key"),
-		strings.Contains(lowerKey, "apikey"),
-		strings.Contains(lowerKey, "token"),
-		strings.Contains(lowerKey, "secret"):
-		return util.HideAPIKey(trimmedValue)
-	default:
-		return trimmedValue
-	}
-}

internal/translator/codex/claude/codex_claude_response.go

@@ -7,7 +7,6 @@
 package claude
 
 import (
-	"bufio"
 	"bytes"
 	"context"
 	"encoding/json"
@@ -180,56 +179,58 @@ func ConvertCodexResponseToClaude(_ context.Context, _ string, originalRequestRa
 // Returns:
 //   - string: A Claude Code-compatible JSON response containing all message content and metadata
 func ConvertCodexResponseToClaudeNonStream(_ context.Context, _ string, originalRequestRawJSON, _ []byte, rawJSON []byte, _ *any) string {
-	scanner := bufio.NewScanner(bytes.NewReader(rawJSON))
-	buffer := make([]byte, 20_971_520)
-	scanner.Buffer(buffer, 20_971_520)
 	revNames := buildReverseMapFromClaudeOriginalShortToOriginal(originalRequestRawJSON)
 
-	for scanner.Scan() {
-		line := scanner.Bytes()
-		if !bytes.HasPrefix(line, dataTag) {
-			continue
-		}
-		payload := bytes.TrimSpace(line[len(dataTag):])
-		if len(payload) == 0 {
-			continue
-		}
+	rootResult := gjson.ParseBytes(rawJSON)
+	if rootResult.Get("type").String() != "response.completed" {
+		return ""
+	}
 
-		rootResult := gjson.ParseBytes(payload)
-		if rootResult.Get("type").String() != "response.completed" {
-			continue
-		}
+	responseData := rootResult.Get("response")
+	if !responseData.Exists() {
+		return ""
+	}
 
-		responseData := rootResult.Get("response")
-		if !responseData.Exists() {
-			continue
-		}
+	response := map[string]interface{}{
+		"id":            responseData.Get("id").String(),
+		"type":          "message",
+		"role":          "assistant",
+		"model":         responseData.Get("model").String(),
+		"content":       []interface{}{},
+		"stop_reason":   nil,
+		"stop_sequence": nil,
+		"usage": map[string]interface{}{
+			"input_tokens":  responseData.Get("usage.input_tokens").Int(),
+			"output_tokens": responseData.Get("usage.output_tokens").Int(),
+		},
+	}
 
-		response := map[string]interface{}{
-			"id":            responseData.Get("id").String(),
-			"type":          "message",
-			"role":          "assistant",
-			"model":         responseData.Get("model").String(),
-			"content":       []interface{}{},
-			"stop_reason":   nil,
-			"stop_sequence": nil,
-			"usage": map[string]interface{}{
-				"input_tokens":  responseData.Get("usage.input_tokens").Int(),
-				"output_tokens": responseData.Get("usage.output_tokens").Int(),
-			},
-		}
+	var contentBlocks []interface{}
+	hasToolCall := false
 
-		var contentBlocks []interface{}
-		hasToolCall := false
-
-		if output := responseData.Get("output"); output.Exists() && output.IsArray() {
-			output.ForEach(func(_, item gjson.Result) bool {
-				switch item.Get("type").String() {
-				case "reasoning":
-					thinkingBuilder := strings.Builder{}
-					if summary := item.Get("summary"); summary.Exists() {
-						if summary.IsArray() {
-							summary.ForEach(func(_, part gjson.Result) bool {
+	if output := responseData.Get("output"); output.Exists() && output.IsArray() {
+		output.ForEach(func(_, item gjson.Result) bool {
+			switch item.Get("type").String() {
+			case "reasoning":
+				thinkingBuilder := strings.Builder{}
+				if summary := item.Get("summary"); summary.Exists() {
+					if summary.IsArray() {
+						summary.ForEach(func(_, part gjson.Result) bool {
+							if txt := part.Get("text"); txt.Exists() {
+								thinkingBuilder.WriteString(txt.String())
+							} else {
+								thinkingBuilder.WriteString(part.String())
+							}
+							return true
+						})
+					} else {
+						thinkingBuilder.WriteString(summary.String())
+					}
+				}
+				if thinkingBuilder.Len() == 0 {
+					if content := item.Get("content"); content.Exists() {
+						if content.IsArray() {
+							content.ForEach(func(_, part gjson.Result) bool {
 								if txt := part.Get("text"); txt.Exists() {
 									thinkingBuilder.WriteString(txt.String())
 								} else {
@@ -238,114 +239,96 @@ func ConvertCodexResponseToClaudeNonStream(_ context.Context, _ string, original
 								return true
 							})
 						} else {
-							thinkingBuilder.WriteString(summary.String())
+							thinkingBuilder.WriteString(content.String())
 						}
 					}
-					if thinkingBuilder.Len() == 0 {
-						if content := item.Get("content"); content.Exists() {
-							if content.IsArray() {
-								content.ForEach(func(_, part gjson.Result) bool {
-									if txt := part.Get("text"); txt.Exists() {
-										thinkingBuilder.WriteString(txt.String())
-									} else {
-										thinkingBuilder.WriteString(part.String())
-									}
-									return true
-								})
-							} else {
-								thinkingBuilder.WriteString(content.String())
-							}
-						}
-					}
-					if thinkingBuilder.Len() > 0 {
-						contentBlocks = append(contentBlocks, map[string]interface{}{
-							"type":     "thinking",
-							"thinking": thinkingBuilder.String(),
-						})
-					}
-				case "message":
-					if content := item.Get("content"); content.Exists() {
-						if content.IsArray() {
-							content.ForEach(func(_, part gjson.Result) bool {
-								if part.Get("type").String() == "output_text" {
-									text := part.Get("text").String()
-									if text != "" {
-										contentBlocks = append(contentBlocks, map[string]interface{}{
-											"type": "text",
-											"text": text,
-										})
-									}
-								}
-								return true
-							})
-						} else {
-							text := content.String()
-							if text != "" {
-								contentBlocks = append(contentBlocks, map[string]interface{}{
-									"type": "text",
-									"text": text,
-								})
-							}
-						}
-					}
-				case "function_call":
-					hasToolCall = true
-					name := item.Get("name").String()
-					if original, ok := revNames[name]; ok {
-						name = original
-					}
-
-					toolBlock := map[string]interface{}{
-						"type":  "tool_use",
-						"id":    item.Get("call_id").String(),
-						"name":  name,
-						"input": map[string]interface{}{},
-					}
-
-					if argsStr := item.Get("arguments").String(); argsStr != "" {
-						var args interface{}
-						if err := json.Unmarshal([]byte(argsStr), &args); err == nil {
-							toolBlock["input"] = args
-						}
-					}
-
-					contentBlocks = append(contentBlocks, toolBlock)
 				}
-				return true
-			})
-		}
+				if thinkingBuilder.Len() > 0 {
+					contentBlocks = append(contentBlocks, map[string]interface{}{
+						"type":     "thinking",
+						"thinking": thinkingBuilder.String(),
+					})
+				}
+			case "message":
+				if content := item.Get("content"); content.Exists() {
+					if content.IsArray() {
+						content.ForEach(func(_, part gjson.Result) bool {
+							if part.Get("type").String() == "output_text" {
+								text := part.Get("text").String()
+								if text != "" {
+									contentBlocks = append(contentBlocks, map[string]interface{}{
+										"type": "text",
+										"text": text,
+									})
+								}
+							}
+							return true
+						})
+					} else {
+						text := content.String()
+						if text != "" {
+							contentBlocks = append(contentBlocks, map[string]interface{}{
+								"type": "text",
+								"text": text,
+							})
+						}
+					}
+				}
+			case "function_call":
+				hasToolCall = true
+				name := item.Get("name").String()
+				if original, ok := revNames[name]; ok {
+					name = original
+				}
 
-		if len(contentBlocks) > 0 {
-			response["content"] = contentBlocks
-		}
+				toolBlock := map[string]interface{}{
+					"type":  "tool_use",
+					"id":    item.Get("call_id").String(),
+					"name":  name,
+					"input": map[string]interface{}{},
+				}
 
-		if stopReason := responseData.Get("stop_reason"); stopReason.Exists() && stopReason.String() != "" {
-			response["stop_reason"] = stopReason.String()
-		} else if hasToolCall {
-			response["stop_reason"] = "tool_use"
-		} else {
-			response["stop_reason"] = "end_turn"
-		}
+				if argsStr := item.Get("arguments").String(); argsStr != "" {
+					var args interface{}
+					if err := json.Unmarshal([]byte(argsStr), &args); err == nil {
+						toolBlock["input"] = args
+					}
+				}
 
-		if stopSequence := responseData.Get("stop_sequence"); stopSequence.Exists() && stopSequence.String() != "" {
-			response["stop_sequence"] = stopSequence.Value()
-		}
-
-		if responseData.Get("usage.input_tokens").Exists() || responseData.Get("usage.output_tokens").Exists() {
-			response["usage"] = map[string]interface{}{
-				"input_tokens":  responseData.Get("usage.input_tokens").Int(),
-				"output_tokens": responseData.Get("usage.output_tokens").Int(),
+				contentBlocks = append(contentBlocks, toolBlock)
 			}
-		}
-
-		responseJSON, err := json.Marshal(response)
-		if err != nil {
-			return ""
-		}
-		return string(responseJSON)
+			return true
+		})
 	}
 
-	return ""
+	if len(contentBlocks) > 0 {
+		response["content"] = contentBlocks
+	}
+
+	if stopReason := responseData.Get("stop_reason"); stopReason.Exists() && stopReason.String() != "" {
+		response["stop_reason"] = stopReason.String()
+	} else if hasToolCall {
+		response["stop_reason"] = "tool_use"
+	} else {
+		response["stop_reason"] = "end_turn"
+	}
+
+	if stopSequence := responseData.Get("stop_sequence"); stopSequence.Exists() && stopSequence.String() != "" {
+		response["stop_sequence"] = stopSequence.Value()
+	}
+
+	if responseData.Get("usage.input_tokens").Exists() || responseData.Get("usage.output_tokens").Exists() {
+		response["usage"] = map[string]interface{}{
+			"input_tokens":  responseData.Get("usage.input_tokens").Int(),
+			"output_tokens": responseData.Get("usage.output_tokens").Int(),
+		}
+	}
+
+	responseJSON, err := json.Marshal(response)
+	if err != nil {
+		return ""
+	}
+	return string(responseJSON)
 }
 
 // buildReverseMapFromClaudeOriginalShortToOriginal builds a map[short]original from original Claude request tools.

internal/translator/codex/gemini/codex_gemini_response.go

@@ -5,7 +5,6 @@
 package gemini
 
 import (
-	"bufio"
 	"bytes"
 	"context"
 	"encoding/json"
@@ -152,159 +151,146 @@ func ConvertCodexResponseToGemini(_ context.Context, modelName string, originalR
 // Returns:
 //   - string: A Gemini-compatible JSON response containing all message content and metadata
 func ConvertCodexResponseToGeminiNonStream(_ context.Context, modelName string, originalRequestRawJSON, requestRawJSON, rawJSON []byte, _ *any) string {
-	scanner := bufio.NewScanner(bytes.NewReader(rawJSON))
-	buffer := make([]byte, 20_971_520)
-	scanner.Buffer(buffer, 20_971_520)
-	for scanner.Scan() {
-		line := scanner.Bytes()
-		// log.Debug(string(line))
-		if !bytes.HasPrefix(line, dataTag) {
-			continue
-		}
-		rawJSON = bytes.TrimSpace(rawJSON[5:])
+	rootResult := gjson.ParseBytes(rawJSON)
 
-		rootResult := gjson.ParseBytes(rawJSON)
-
-		// Verify this is a response.completed event
-		if rootResult.Get("type").String() != "response.completed" {
-			continue
-		}
-
-		// Base Gemini response template for non-streaming
-		template := `{"candidates":[{"content":{"role":"model","parts":[]},"finishReason":"STOP"}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}`
-
-		// Set model version
-		template, _ = sjson.Set(template, "modelVersion", modelName)
-
-		// Set response metadata from the completed response
-		responseData := rootResult.Get("response")
-		if responseData.Exists() {
-			// Set response ID
-			if responseId := responseData.Get("id"); responseId.Exists() {
-				template, _ = sjson.Set(template, "responseId", responseId.String())
-			}
-
-			// Set creation time
-			if createdAt := responseData.Get("created_at"); createdAt.Exists() {
-				template, _ = sjson.Set(template, "createTime", time.Unix(createdAt.Int(), 0).Format(time.RFC3339Nano))
-			}
-
-			// Set usage metadata
-			if usage := responseData.Get("usage"); usage.Exists() {
-				inputTokens := usage.Get("input_tokens").Int()
-				outputTokens := usage.Get("output_tokens").Int()
-				totalTokens := inputTokens + outputTokens
-
-				template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", inputTokens)
-				template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", outputTokens)
-				template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", totalTokens)
-			}
-
-			// Process output content to build parts array
-			var parts []interface{}
-			hasToolCall := false
-			var pendingFunctionCalls []interface{}
-
-			flushPendingFunctionCalls := func() {
-				if len(pendingFunctionCalls) > 0 {
-					// Add all pending function calls as individual parts
-					// This maintains the original Gemini API format while ensuring consecutive calls are grouped together
-					for _, fc := range pendingFunctionCalls {
-						parts = append(parts, fc)
-					}
-					pendingFunctionCalls = nil
-				}
-			}
-
-			if output := responseData.Get("output"); output.Exists() && output.IsArray() {
-				output.ForEach(func(key, value gjson.Result) bool {
-					itemType := value.Get("type").String()
-
-					switch itemType {
-					case "reasoning":
-						// Flush any pending function calls before adding non-function content
-						flushPendingFunctionCalls()
-
-						// Add thinking content
-						if content := value.Get("content"); content.Exists() {
-							part := map[string]interface{}{
-								"thought": true,
-								"text":    content.String(),
-							}
-							parts = append(parts, part)
-						}
-
-					case "message":
-						// Flush any pending function calls before adding non-function content
-						flushPendingFunctionCalls()
-
-						// Add regular text content
-						if content := value.Get("content"); content.Exists() && content.IsArray() {
-							content.ForEach(func(_, contentItem gjson.Result) bool {
-								if contentItem.Get("type").String() == "output_text" {
-									if text := contentItem.Get("text"); text.Exists() {
-										part := map[string]interface{}{
-											"text": text.String(),
-										}
-										parts = append(parts, part)
-									}
-								}
-								return true
-							})
-						}
-
-					case "function_call":
-						// Collect function call for potential merging with consecutive ones
-						hasToolCall = true
-						functionCall := map[string]interface{}{
-							"functionCall": map[string]interface{}{
-								"name": func() string {
-									n := value.Get("name").String()
-									rev := buildReverseMapFromGeminiOriginal(originalRequestRawJSON)
-									if orig, ok := rev[n]; ok {
-										return orig
-									}
-									return n
-								}(),
-								"args": map[string]interface{}{},
-							},
-						}
-
-						// Parse and set arguments
-						if argsStr := value.Get("arguments").String(); argsStr != "" {
-							argsResult := gjson.Parse(argsStr)
-							if argsResult.IsObject() {
-								var args map[string]interface{}
-								if err := json.Unmarshal([]byte(argsStr), &args); err == nil {
-									functionCall["functionCall"].(map[string]interface{})["args"] = args
-								}
-							}
-						}
-
-						pendingFunctionCalls = append(pendingFunctionCalls, functionCall)
-					}
-					return true
-				})
-
-				// Handle any remaining pending function calls at the end
-				flushPendingFunctionCalls()
-			}
-
-			// Set the parts array
-			if len(parts) > 0 {
-				template, _ = sjson.SetRaw(template, "candidates.0.content.parts", mustMarshalJSON(parts))
-			}
-
-			// Set finish reason based on whether there were tool calls
-			if hasToolCall {
-				template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP")
-			} else {
-				template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP")
-			}
-		}
-		return template
+	// Verify this is a response.completed event
+	if rootResult.Get("type").String() != "response.completed" {
+		return ""
 	}
-	return ""
+
+	// Base Gemini response template for non-streaming
+	template := `{"candidates":[{"content":{"role":"model","parts":[]},"finishReason":"STOP"}],"usageMetadata":{"trafficType":"PROVISIONED_THROUGHPUT"},"modelVersion":"","createTime":"","responseId":""}`
+
+	// Set model version
+	template, _ = sjson.Set(template, "modelVersion", modelName)
+
+	// Set response metadata from the completed response
+	responseData := rootResult.Get("response")
+	if responseData.Exists() {
+		// Set response ID
+		if responseId := responseData.Get("id"); responseId.Exists() {
+			template, _ = sjson.Set(template, "responseId", responseId.String())
+		}
+
+		// Set creation time
+		if createdAt := responseData.Get("created_at"); createdAt.Exists() {
+			template, _ = sjson.Set(template, "createTime", time.Unix(createdAt.Int(), 0).Format(time.RFC3339Nano))
+		}
+
+		// Set usage metadata
+		if usage := responseData.Get("usage"); usage.Exists() {
+			inputTokens := usage.Get("input_tokens").Int()
+			outputTokens := usage.Get("output_tokens").Int()
+			totalTokens := inputTokens + outputTokens
+
+			template, _ = sjson.Set(template, "usageMetadata.promptTokenCount", inputTokens)
+			template, _ = sjson.Set(template, "usageMetadata.candidatesTokenCount", outputTokens)
+			template, _ = sjson.Set(template, "usageMetadata.totalTokenCount", totalTokens)
+		}
+
+		// Process output content to build parts array
+		var parts []interface{}
+		hasToolCall := false
+		var pendingFunctionCalls []interface{}
+
+		flushPendingFunctionCalls := func() {
+			if len(pendingFunctionCalls) > 0 {
+				// Add all pending function calls as individual parts
+				// This maintains the original Gemini API format while ensuring consecutive calls are grouped together
+				for _, fc := range pendingFunctionCalls {
+					parts = append(parts, fc)
+				}
+				pendingFunctionCalls = nil
+			}
+		}
+
+		if output := responseData.Get("output"); output.Exists() && output.IsArray() {
+			output.ForEach(func(key, value gjson.Result) bool {
+				itemType := value.Get("type").String()
+
+				switch itemType {
+				case "reasoning":
+					// Flush any pending function calls before adding non-function content
+					flushPendingFunctionCalls()
+
+					// Add thinking content
+					if content := value.Get("content"); content.Exists() {
+						part := map[string]interface{}{
+							"thought": true,
+							"text":    content.String(),
+						}
+						parts = append(parts, part)
+					}
+
+				case "message":
+					// Flush any pending function calls before adding non-function content
+					flushPendingFunctionCalls()
+
+					// Add regular text content
+					if content := value.Get("content"); content.Exists() && content.IsArray() {
+						content.ForEach(func(_, contentItem gjson.Result) bool {
+							if contentItem.Get("type").String() == "output_text" {
+								if text := contentItem.Get("text"); text.Exists() {
+									part := map[string]interface{}{
+										"text": text.String(),
+									}
+									parts = append(parts, part)
+								}
+							}
+							return true
+						})
+					}
+
+				case "function_call":
+					// Collect function call for potential merging with consecutive ones
+					hasToolCall = true
+					functionCall := map[string]interface{}{
+						"functionCall": map[string]interface{}{
+							"name": func() string {
+								n := value.Get("name").String()
+								rev := buildReverseMapFromGeminiOriginal(originalRequestRawJSON)
+								if orig, ok := rev[n]; ok {
+									return orig
+								}
+								return n
+							}(),
+							"args": map[string]interface{}{},
+						},
+					}
+
+					// Parse and set arguments
+					if argsStr := value.Get("arguments").String(); argsStr != "" {
+						argsResult := gjson.Parse(argsStr)
+						if argsResult.IsObject() {
+							var args map[string]interface{}
+							if err := json.Unmarshal([]byte(argsStr), &args); err == nil {
+								functionCall["functionCall"].(map[string]interface{})["args"] = args
+							}
+						}
+					}
+
+					pendingFunctionCalls = append(pendingFunctionCalls, functionCall)
+				}
+				return true
+			})
+
+			// Handle any remaining pending function calls at the end
+			flushPendingFunctionCalls()
+		}
+
+		// Set the parts array
+		if len(parts) > 0 {
+			template, _ = sjson.SetRaw(template, "candidates.0.content.parts", mustMarshalJSON(parts))
+		}
+
+		// Set finish reason based on whether there were tool calls
+		if hasToolCall {
+			template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP")
+		} else {
+			template, _ = sjson.Set(template, "candidates.0.finishReason", "STOP")
+		}
+	}
+	return template
 }
 
 // buildReverseMapFromGeminiOriginal builds a map[short]original from original Gemini request tools.

internal/util/provider.go

@@ -4,6 +4,8 @@
 package util
 
 import (
+	"strings"
+
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
 	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
 )
@@ -141,3 +143,48 @@ func HideAPIKey(apiKey string) string {
 	}
 	return apiKey
 }
+
+// maskAuthorizationHeader masks the Authorization header value while preserving the auth type prefix.
+// Common formats: "Bearer <token>", "Basic <credentials>", "ApiKey <key>", etc.
+// It preserves the prefix (e.g., "Bearer ") and only masks the token/credential part.
+//
+// Parameters:
+//   - value: The Authorization header value
+//
+// Returns:
+//   - string: The masked Authorization value with prefix preserved
+func MaskAuthorizationHeader(value string) string {
+	parts := strings.SplitN(strings.TrimSpace(value), " ", 2)
+	if len(parts) < 2 {
+		return HideAPIKey(value)
+	}
+	return parts[0] + " " + HideAPIKey(parts[1])
+}
+
+// MaskSensitiveHeaderValue masks sensitive header values while preserving expected formats.
+//
+// Behavior by header key (case-insensitive):
+//   - "Authorization": Preserve the auth type prefix (e.g., "Bearer ") and mask only the credential part.
+//   - Headers containing "api-key": Mask the entire value using HideAPIKey.
+//   - Others: Return the original value unchanged.
+//
+// Parameters:
+//   - key:   The HTTP header name to inspect (case-insensitive matching).
+//   - value: The header value to mask when sensitive.
+//
+// Returns:
+//   - string: The masked value according to the header type; unchanged if not sensitive.
+func MaskSensitiveHeaderValue(key, value string) string {
+	lowerKey := strings.ToLower(strings.TrimSpace(key))
+	switch {
+	case lowerKey == "authorization":
+		return MaskAuthorizationHeader(value)
+	case strings.Contains(lowerKey, "api-key"),
+		strings.Contains(lowerKey, "apikey"),
+		strings.Contains(lowerKey, "token"),
+		strings.Contains(lowerKey, "secret"):
+		return HideAPIKey(value)
+	default:
+		return value
+	}
+}