npm - @heliyos/heliyos-api-core - Versions diffs - 1.0.67 → 1.0.69 - Mend

@heliyos/heliyos-api-core 1.0.67 → 1.0.69

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/email/index.js CHANGED Viewed

@@ -52,12 +52,12 @@ const markdownToHtml = (text) => {
         // Bold: **text** or __text__
         .replace(/\*\*(.*?)\*\*/g, "<strong>$1</strong>")
         .replace(/__(.*?)__/g, "<strong>$1</strong>")
-        // Italics: *text* or _text_
+        // Italics: *text* (intentionally avoid _text_ to keep URLs/query keys intact)
         .replace(/\*(.*?)\*/g, "<em>$1</em>")
-        .replace(/_(.*?)_/g, "<em>$1</em>")
         // Newlines to <br>
         .replace(/\n/g, "<br>");
 };
+const URL_LIKE_PATTERN = /^(https?:\/\/|mailto:|tel:)\S+$/i;
 /**
  * Recursively process object values to convert markdown to HTML
  */
@@ -65,6 +65,9 @@ const processMarkdownData = (data) => {
     if (!data)
         return data;
     if (typeof data === "string") {
+        if (URL_LIKE_PATTERN.test(data.trim())) {
+            return data;
+        }
         return markdownToHtml(data);
     }
     if (Array.isArray(data)) {

package/dist/middleware.js CHANGED Viewed

@@ -19,6 +19,55 @@ const serve_static_1 = __importDefault(require("serve-static"));
 const authentication_1 = require("./authentication");
 const allowedOrigin_1 = require("./allowedOrigin");
 const customError_1 = require("./@types/globals/customError");
+const genericErrorMessage = "Something went wrong";
+const defaultErrorStatusCode = 500;
+const nonProductionEnvironments = new Set(["development", "local", "test"]);
+const sensitiveErrorMessagePatterns = [
+    /https?:\/\//i,
+    /\bapi\.[a-z0-9.-]+\b/i,
+    /\btraceback\b/i,
+    /\bstack trace\b/i,
+    /\b(httpx|requests|axios)\b/i,
+    /\bparallel(?:\.ai)?\b/i,
+];
+const isProductionEnvironment = () => {
+    const nodeEnv = (process.env.NODE_ENV || "").toLowerCase();
+    return !nonProductionEnvironments.has(nodeEnv);
+};
+const toStatusCode = (status) => Number.isFinite(Number(status))
+    ? Number(status)
+    : defaultErrorStatusCode;
+const isSensitiveErrorMessage = (message) => {
+    if (!message) {
+        return true;
+    }
+    if (message.length > 220 || message.includes("\n") || message.includes("\r")) {
+        return true;
+    }
+    return sensitiveErrorMessagePatterns.some((pattern) => pattern.test(message));
+};
+const sanitizeErrorMessage = (message, statusCode) => {
+    if (!isProductionEnvironment()) {
+        return message || genericErrorMessage;
+    }
+    const normalizedMessage = (message || "").trim();
+    if (!normalizedMessage) {
+        return genericErrorMessage;
+    }
+    if (statusCode >= 500 && isSensitiveErrorMessage(normalizedMessage)) {
+        return genericErrorMessage;
+    }
+    if (statusCode < 500 && isSensitiveErrorMessage(normalizedMessage)) {
+        return genericErrorMessage;
+    }
+    return normalizedMessage;
+};
+const sanitizeErrorDescription = (description) => {
+    if (isProductionEnvironment()) {
+        return {};
+    }
+    return description;
+};
 /**
  * Function to handle invalid routes
  * @param _
@@ -134,10 +183,10 @@ const apply_cors = (req, res, next) => {
  */
 const handle_errors = (error, _, res, __) => {
     const { message, description, stack, status } = error;
-    const errorStatus = status || "500";
+    const statusCode = toStatusCode(status);
     const response = {
-        message,
-        description,
+        message: sanitizeErrorMessage(message, statusCode),
+        description: sanitizeErrorDescription(description),
     };
     //  Log original error
     console.error("=== Begin Error ===\n---\n" +
@@ -153,14 +202,10 @@ const handle_errors = (error, _, res, __) => {
         "Stack: " +
         stack +
         "\n---\n=== End Error ===");
-    if (!errorStatus) {
-        response.message = "Internal server error";
-    }
     //	Provide stack track in env development and local
-    if (process.env.NODE_ENV === "development" ||
-        process.env.NODE_ENV === "local") {
+    if (!isProductionEnvironment()) {
         response.error = Object.assign({ stack }, error);
     }
     //	Send status and response
-    return res.status(parseInt(errorStatus, 10)).json(response);
+    return res.status(statusCode).json(response);
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@heliyos/heliyos-api-core",
-  "version": "1.0.67",
+  "version": "1.0.69",
   "description": "Heliyos's core api functions and middlewares. Its a private package hosted on npm.",
   "main": "./dist/index.js",
   "scripts": {

package/src/email/index.ts CHANGED Viewed

@@ -25,13 +25,14 @@ const markdownToHtml = (text: string): string => {
     // Bold: **text** or __text__
     .replace(/\*\*(.*?)\*\*/g, "<strong>$1</strong>")
     .replace(/__(.*?)__/g, "<strong>$1</strong>")
-    // Italics: *text* or _text_
+    // Italics: *text* (intentionally avoid _text_ to keep URLs/query keys intact)
     .replace(/\*(.*?)\*/g, "<em>$1</em>")
-    .replace(/_(.*?)_/g, "<em>$1</em>")
     // Newlines to <br>
     .replace(/\n/g, "<br>");
 };
+const URL_LIKE_PATTERN = /^(https?:\/\/|mailto:|tel:)\S+$/i;
 /**
  * Recursively process object values to convert markdown to HTML
  */
@@ -39,6 +40,9 @@ const processMarkdownData = (data: any): any => {
   if (!data) return data;
   if (typeof data === "string") {
+    if (URL_LIKE_PATTERN.test(data.trim())) {
+      return data;
+    }
     return markdownToHtml(data);
   }