@dx-do/util 6.3.5 → 7.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.esm.js CHANGED
@@ -29884,6 +29884,99 @@ function mapSupportReviver(key, value) {
29884
29884
  return value;
29885
29885
  }
29886
29886
 
29887
+ /**
29888
+ * Redaction helpers for keeping auth tokens and other secrets out of logs.
29889
+ *
29890
+ * Auth tokens live in axios `error.config.headers` — e.g. `Authorization: Bearer
29891
+ * <userToken>` and `X-Asm-Auth: <dxASMToken>`. Anything that serializes a whole
29892
+ * error / config / headers object (`JSON.stringify`, an AxiosError's `.toJSON()`,
29893
+ * `console.log(err)`, or a logger that deep-prints its argument) will spill them.
29894
+ * These helpers strip the secrets before anything is logged or re-thrown.
29895
+ */
29896
+ const REDACTED = '[REDACTED]';
29897
+ /** Lowercased object-key names whose values must never be logged. */
29898
+ const SENSITIVE_KEYS = new Set([
29899
+ 'authorization',
29900
+ 'x-asm-auth',
29901
+ 'cookie',
29902
+ 'set-cookie',
29903
+ 'proxy-authorization',
29904
+ 'usertoken',
29905
+ 'dxasmtoken',
29906
+ 'tenanttoken',
29907
+ 'agenttoken',
29908
+ 'accesstoken',
29909
+ 'refreshtoken',
29910
+ 'password',
29911
+ 'apikey',
29912
+ 'x-api-key',
29913
+ ]);
29914
+ /** Matches `Bearer <token>` anywhere in a string. */
29915
+ const BEARER = /Bearer\s+\S+/gi;
29916
+ function redactString(value) {
29917
+ return value.replace(BEARER, `Bearer ${REDACTED}`);
29918
+ }
29919
+ /**
29920
+ * Returns a deep copy of `value` with sensitive object keys masked and any
29921
+ * `Bearer <token>` substrings scrubbed. Safe to pass anything: it is
29922
+ * circular-reference safe (axios errors are circular), and `Error` instances are
29923
+ * reduced to `{ name, message, stack }` (all scrubbed) so their token-bearing
29924
+ * `config`/`request`/`response` are dropped entirely.
29925
+ */
29926
+ function redactValue(value, seen = new WeakSet()) {
29927
+ if (typeof value === 'string')
29928
+ return redactString(value);
29929
+ if (value === null || typeof value !== 'object')
29930
+ return value;
29931
+ if (seen.has(value))
29932
+ return '[Circular]';
29933
+ seen.add(value);
29934
+ if (Array.isArray(value)) {
29935
+ return value.map((entry) => redactValue(entry, seen));
29936
+ }
29937
+ if (value instanceof Error) {
29938
+ return {
29939
+ name: value.name,
29940
+ message: redactString(value.message),
29941
+ stack: value.stack ? redactString(value.stack) : undefined,
29942
+ };
29943
+ }
29944
+ const out = {};
29945
+ for (const [key, entry] of Object.entries(value)) {
29946
+ out[key] = SENSITIVE_KEYS.has(key.toLowerCase())
29947
+ ? REDACTED
29948
+ : redactValue(entry, seen);
29949
+ }
29950
+ return out;
29951
+ }
29952
+ /**
29953
+ * Strips auth tokens from an (possibly Axios) error IN PLACE and returns it, so it
29954
+ * stays a throwable `Error` with its stack intact but no longer carries the token
29955
+ * in `config.headers`, `response.config.headers`, or the raw request header string.
29956
+ * Non-error / non-axios values are returned unchanged.
29957
+ *
29958
+ * Use this at the axios boundary (a response error interceptor) so every catch,
29959
+ * re-throw, and top-level handler downstream sees a token-free error.
29960
+ */
29961
+ function sanitizeAxiosError(err) {
29962
+ if (!err || typeof err !== 'object')
29963
+ return err;
29964
+ const e = err;
29965
+ // Only touch things that look like axios errors.
29966
+ if (!e.isAxiosError && !e.config && !e.response)
29967
+ return err;
29968
+ if (e.config?.headers)
29969
+ e.config.headers = redactValue(e.config.headers);
29970
+ if (e.response?.config?.headers) {
29971
+ e.response.config.headers = redactValue(e.response.config.headers);
29972
+ }
29973
+ // Node's ClientRequest keeps the raw request (incl. the Authorization line) in `_header`.
29974
+ if (e.request && typeof e.request._header === 'string') {
29975
+ e.request._header = redactString(e.request._header);
29976
+ }
29977
+ return err;
29978
+ }
29979
+
29887
29980
  class RemoveEmptyTransform extends Transform {
29888
29981
  _transform(chunk, encoding, callback) {
29889
29982
  const possiblyEmptyChunk = chunk.toString().trim();
@@ -29894,5 +29987,5 @@ class RemoveEmptyTransform extends Transform {
29894
29987
  }
29895
29988
  }
29896
29989
 
29897
- export { Histogram, Interpolation, ListMap, Logging, NonOverwritingMap, RemoveEmptyTransform, SetMap, StrictMap, calculateFrequency, cyrb53, enumFromValue, enumToString, mapSupportReplacer, mapSupportReviver };
29990
+ export { Histogram, Interpolation, ListMap, Logging, NonOverwritingMap, RemoveEmptyTransform, SetMap, StrictMap, calculateFrequency, cyrb53, enumFromValue, enumToString, mapSupportReplacer, mapSupportReviver, redactValue, sanitizeAxiosError };
29898
29991
  //# sourceMappingURL=index.esm.js.map