npm - @heliyos/heliyos-api-core - Versions diffs - 1.0.67 → 1.0.68 - Mend

@heliyos/heliyos-api-core 1.0.67 → 1.0.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/middleware.js +54 -9
package/package.json +1 -1

package/dist/middleware.js CHANGED Viewed

@@ -19,6 +19,55 @@ const serve_static_1 = __importDefault(require("serve-static"));
 const authentication_1 = require("./authentication");
 const allowedOrigin_1 = require("./allowedOrigin");
 const customError_1 = require("./@types/globals/customError");
+const genericErrorMessage = "Something went wrong";
+const defaultErrorStatusCode = 500;
+const nonProductionEnvironments = new Set(["development", "local", "test"]);
+const sensitiveErrorMessagePatterns = [
+    /https?:\/\//i,
+    /\bapi\.[a-z0-9.-]+\b/i,
+    /\btraceback\b/i,
+    /\bstack trace\b/i,
+    /\b(httpx|requests|axios)\b/i,
+    /\bparallel(?:\.ai)?\b/i,
+];
+const isProductionEnvironment = () => {
+    const nodeEnv = (process.env.NODE_ENV || "").toLowerCase();
+    return !nonProductionEnvironments.has(nodeEnv);
+};
+const toStatusCode = (status) => Number.isFinite(Number(status))
+    ? Number(status)
+    : defaultErrorStatusCode;
+const isSensitiveErrorMessage = (message) => {
+    if (!message) {
+        return true;
+    }
+    if (message.length > 220 || message.includes("\n") || message.includes("\r")) {
+        return true;
+    }
+    return sensitiveErrorMessagePatterns.some((pattern) => pattern.test(message));
+};
+const sanitizeErrorMessage = (message, statusCode) => {
+    if (!isProductionEnvironment()) {
+        return message || genericErrorMessage;
+    }
+    const normalizedMessage = (message || "").trim();
+    if (!normalizedMessage) {
+        return genericErrorMessage;
+    }
+    if (statusCode >= 500 && isSensitiveErrorMessage(normalizedMessage)) {
+        return genericErrorMessage;
+    }
+    if (statusCode < 500 && isSensitiveErrorMessage(normalizedMessage)) {
+        return genericErrorMessage;
+    }
+    return normalizedMessage;
+};
+const sanitizeErrorDescription = (description) => {
+    if (isProductionEnvironment()) {
+        return {};
+    }
+    return description;
+};
 /**
  * Function to handle invalid routes
  * @param _
@@ -134,10 +183,10 @@ const apply_cors = (req, res, next) => {
  */
 const handle_errors = (error, _, res, __) => {
     const { message, description, stack, status } = error;
-    const errorStatus = status || "500";
+    const statusCode = toStatusCode(status);
     const response = {
-        message,
-        description,
+        message: sanitizeErrorMessage(message, statusCode),
+        description: sanitizeErrorDescription(description),
     };
     //  Log original error
     console.error("=== Begin Error ===\n---\n" +
@@ -153,14 +202,10 @@ const handle_errors = (error, _, res, __) => {
         "Stack: " +
         stack +
         "\n---\n=== End Error ===");
-    if (!errorStatus) {
-        response.message = "Internal server error";
-    }
     //	Provide stack track in env development and local
-    if (process.env.NODE_ENV === "development" ||
-        process.env.NODE_ENV === "local") {
+    if (!isProductionEnvironment()) {
         response.error = Object.assign({ stack }, error);
     }
     //	Send status and response
-    return res.status(parseInt(errorStatus, 10)).json(response);
+    return res.status(statusCode).json(response);
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@heliyos/heliyos-api-core",
-  "version": "1.0.67",
+  "version": "1.0.68",
   "description": "Heliyos's core api functions and middlewares. Its a private package hosted on npm.",
   "main": "./dist/index.js",
   "scripts": {