Skip to content

fix: pool gateway transports and add OAuth token redaction#100

Merged
donbader merged 6 commits into
mainfrom
fix/gateway-improvements
Jun 5, 2026
Merged

fix: pool gateway transports and add OAuth token redaction#100
donbader merged 6 commits into
mainfrom
fix/gateway-improvements

Conversation

@dorey-agent
Copy link
Copy Markdown
Contributor

@dorey-agent dorey-agent Bot commented Jun 4, 2026

Closes #85, closes #83

Transport Pooling (#85)

forwardRequest() was creating a new http.Transport per request, killing connection pooling. Added a sync.Map transport cache keyed by serverName — transports are created once and reused.

OAuth Token Redaction (#83)

collectSecrets() didn't handle OAuth tokens. Added SecretProvider interface to the mitm package. OAuthRewriter implements it, exposing the cached access token. Gateway main iterates built rewriters for SecretProvider and adds tokens to the redaction list.

Tests

  • TestHandler_TransportReuse — verifies same transport returned for same host
  • TestOAuthRewriter_ImplementsSecretProvider — verifies token appears in Secrets()

dorey-agent[bot] added 6 commits June 4, 2026 16:17
fix: pool gateway transports and add OAuth token redaction (closes #85,
35d474b 
closes #83)
fix: silence errcheck lint in schema_test.go
608158f
fix: address errcheck lint for type assertions in transport cache
20959b1
feat: add RegisterSecret to SDK for middleware-declared log redaction
757e9af 
Middleware can now call gateway.RegisterSecret(value) in init() to
declare secrets that should be redacted from gateway logs. This covers
template-baked tokens that aren't available via env vars or rewriter
interfaces.

Applied to both existing middlewares:
- github-pat: registers the PAT token
- telegram: registers the bot token

Gateway main.go collects secrets from 3 sources:
1. Env-var backed (auth-header rewriter config)
2. Runtime secrets (OAuth SecretProvider interface)
3. Middleware-declared (gateway.Secrets())
test: add TestRegisterSecret for SDK secret registration
7739d05
refactor: unify secret collection via SecretProvider interface
8f43d56 
Remove collectSecrets() — AuthHeaderRewriter now implements
SecretProvider directly, returning the raw env var value.

Secret collection is now two clean sources:
1. Rewriters implementing SecretProvider (auth-header, OAuth)
2. Middleware-declared via gateway.RegisterSecret()

No more special-casing rewriter types in main.go.
@donbader donbader merged commit 5f8de53 into main Jun 5, 2026
6 checks passed
@donbader donbader deleted the fix/gateway-improvements branch June 5, 2026 00:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Performance: New http.Transport created per forwarded request in gateway Security: OAuth access tokens excluded from log redaction

1 participant

@donbader