@http-forge/core 0.2.7 → 0.2.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +62 -3
- package/dist/index.d.ts +11 -9
- package/dist/index.js +178 -174
- package/dist/index.mjs +178 -174
- package/dist/infrastructure/environment/environment-config-service.d.ts +21 -1
- package/dist/infrastructure/execution/request-preparer.d.ts +3 -3
- package/dist/infrastructure/script/request-script-session.d.ts +3 -1
- package/dist/infrastructure/script/script-executor.d.ts +0 -4
- package/dist/infrastructure/script/vm-script-executor.adapter.d.ts +1 -1
- package/dist/infrastructure/security/sensitive-data-redactor.d.ts +117 -0
- package/dist/infrastructure/test-suite/result-storage-service.d.ts +1 -1
- package/package.json +1 -1
|
@@ -43,9 +43,24 @@ export declare class EnvironmentConfigService implements IEnvironmentConfigServi
|
|
|
43
43
|
getEnvironmentNames(): string[];
|
|
44
44
|
getSelectedEnvironment(): string;
|
|
45
45
|
setSelectedEnvironment(envName: string): Promise<void>;
|
|
46
|
+
private getEnvOverridesStateKey;
|
|
47
|
+
/**
|
|
48
|
+
* Load persisted environment overrides from workspace state into the in-memory map.
|
|
49
|
+
* Called once at construction time.
|
|
50
|
+
*/
|
|
51
|
+
private loadPersistedEnvironmentOverrides;
|
|
52
|
+
/**
|
|
53
|
+
* Persist current environment overrides to workspace state (fire-and-forget).
|
|
54
|
+
*/
|
|
55
|
+
private persistEnvironmentOverrides;
|
|
46
56
|
setEnvironmentVariable(key: string, value: unknown): void;
|
|
47
57
|
deleteEnvironmentVariable(key: string): void;
|
|
48
58
|
clearEnvironmentVariables(): void;
|
|
59
|
+
/**
|
|
60
|
+
* Reset all runtime environment overrides for the current environment.
|
|
61
|
+
* Equivalent to Postman's "Reset All" — reverts Current Values to Initial Values.
|
|
62
|
+
*/
|
|
63
|
+
resetEnvironmentOverrides(envName?: string): Promise<void>;
|
|
49
64
|
getEnvironmentVariableLocal(key: string): string | undefined;
|
|
50
65
|
getEnvironmentVariableLocals(): Record<string, string>;
|
|
51
66
|
setGlobalVariable(key: string, value: unknown): void;
|
|
@@ -55,12 +70,17 @@ export declare class EnvironmentConfigService implements IEnvironmentConfigServi
|
|
|
55
70
|
getGlobalVariableLocals(): Record<string, string>;
|
|
56
71
|
deleteGlobalVariable(key: string): void;
|
|
57
72
|
clearGlobalVariables(): void;
|
|
58
|
-
|
|
73
|
+
/** @deprecated Use setEnvironmentVariable instead */
|
|
59
74
|
setSessionVariable(key: string, value: unknown): Promise<void>;
|
|
75
|
+
/** @deprecated Use getEnvironmentVariableLocal instead */
|
|
60
76
|
getSessionVariable(key: string): string | undefined;
|
|
77
|
+
/** @deprecated Use getEnvironmentVariableLocals instead */
|
|
61
78
|
getSessionVariables(): Record<string, string>;
|
|
79
|
+
/** @deprecated Use deleteEnvironmentVariable instead */
|
|
62
80
|
deleteSessionVariable(key: string): Promise<void>;
|
|
81
|
+
/** @deprecated Use clearEnvironmentVariables instead */
|
|
63
82
|
clearSessionVariables(): Promise<void>;
|
|
83
|
+
/** @deprecated Use getEnvironmentVariableLocal instead */
|
|
64
84
|
hasSessionVariable(key: string): boolean;
|
|
65
85
|
getResolvedEnvironment(envName?: string): ResolvedEnvironment | null;
|
|
66
86
|
resolveVariables(input: string, envName?: string): string;
|
|
@@ -9,12 +9,12 @@
|
|
|
9
9
|
*
|
|
10
10
|
* Used by both Request Tester (manual) and Collection Runner (batch).
|
|
11
11
|
*/
|
|
12
|
-
import { IOAuth2TokenManager } from '../auth/interfaces';
|
|
13
12
|
import { IEnvironmentConfigService, ResolvedEnvironment } from '../../types/environment-config';
|
|
14
|
-
import { IHttpRequestService } from '../http/interfaces';
|
|
15
|
-
import { IRequestPreprocessor } from '../http/request-preprocessor';
|
|
16
13
|
import { IApplicationInfo } from '../../types/platform';
|
|
17
14
|
import { ExecutionRequest, PreparedRequest } from '../../types/types';
|
|
15
|
+
import { IOAuth2TokenManager } from '../auth/interfaces';
|
|
16
|
+
import { IHttpRequestService } from '../http/interfaces';
|
|
17
|
+
import { IRequestPreprocessor } from '../http/request-preprocessor';
|
|
18
18
|
import { IRequestPreparer } from './request-preparer-interfaces';
|
|
19
19
|
/**
|
|
20
20
|
* RequestPreparer implementation
|
|
@@ -34,8 +34,10 @@ export declare class RequestScriptSession implements IRequestScriptSession {
|
|
|
34
34
|
private _variables;
|
|
35
35
|
private _collectionVariables;
|
|
36
36
|
private _globals;
|
|
37
|
-
private _sessionVariables;
|
|
38
37
|
private _environmentVariables;
|
|
38
|
+
private _liveEnvironmentScope;
|
|
39
|
+
private _liveGlobalsScope;
|
|
40
|
+
private _liveCollectionScope;
|
|
39
41
|
private _nextRequest;
|
|
40
42
|
private _skipRequest;
|
|
41
43
|
private _visualizerData;
|
|
@@ -49,10 +49,6 @@ export declare class ScriptExecutor implements IScriptExecutor {
|
|
|
49
49
|
* Create environment variable scope with change callbacks
|
|
50
50
|
*/
|
|
51
51
|
private createEnvironmentScope;
|
|
52
|
-
/**
|
|
53
|
-
* Create session variable scope with change callbacks
|
|
54
|
-
*/
|
|
55
|
-
private createSessionScope;
|
|
56
52
|
/**
|
|
57
53
|
* Create sendRequest function using httpService
|
|
58
54
|
*/
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* The legacy ScriptExecutor uses `createRequestSession()` pattern;
|
|
6
6
|
* this adapter translates to the simpler `executePreRequest` / `executePostResponse` port API.
|
|
7
7
|
*/
|
|
8
|
-
import { IScriptExecutor as IScriptExecutorPort,
|
|
8
|
+
import { IScriptExecutor as IScriptExecutorPort, IScriptResult, IScriptSession } from '../../ports/executors/script-executor.interface';
|
|
9
9
|
import { HttpResponse } from '../../types/types';
|
|
10
10
|
import { ScriptExecutor } from './script-executor';
|
|
11
11
|
/**
|
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sensitive Data Redactor
|
|
3
|
+
*
|
|
4
|
+
* Prevents tokens, passwords, credentials, and other sensitive data from being
|
|
5
|
+
* persisted in history files, result files, and shared-history files.
|
|
6
|
+
*
|
|
7
|
+
* Uses pattern-based auto-detection on:
|
|
8
|
+
* - HTTP header names (Authorization, Cookie, Set-Cookie, etc.)
|
|
9
|
+
* - URL query parameter names (token, key, secret, etc.)
|
|
10
|
+
* - JSON/form body field names (password, client_secret, api_key, etc.)
|
|
11
|
+
*/
|
|
12
|
+
import { FullResponse, HistoryEntry } from '../history/history-interfaces';
|
|
13
|
+
import { FullResultDetails } from '../test-suite/result-storage';
|
|
14
|
+
/**
|
|
15
|
+
* Redact values from a headers object.
|
|
16
|
+
* Returns a shallow copy with sensitive header values replaced.
|
|
17
|
+
*/
|
|
18
|
+
export declare function redactHeaders(headers: Record<string, string | string[]>): Record<string, string | string[]>;
|
|
19
|
+
/**
|
|
20
|
+
* Redact sensitive query parameters from a URL string.
|
|
21
|
+
* E.g. `?token=abc&name=foo` → `?token=[REDACTED]&name=foo`
|
|
22
|
+
*/
|
|
23
|
+
export declare function redactUrl(url: string): string;
|
|
24
|
+
/**
|
|
25
|
+
* Redact sensitive data from a request body.
|
|
26
|
+
* Handles JSON objects, JSON strings, and URL-encoded form strings.
|
|
27
|
+
*/
|
|
28
|
+
export declare function redactBody(body: any): any;
|
|
29
|
+
/**
|
|
30
|
+
* Redact sensitive data from a HistoryEntry's sentRequest.
|
|
31
|
+
* Returns a deep copy with sensitive values replaced.
|
|
32
|
+
* The originalConfig (unresolved templates) is left untouched.
|
|
33
|
+
*/
|
|
34
|
+
export declare function redactHistoryEntry(entry: HistoryEntry): HistoryEntry;
|
|
35
|
+
/**
|
|
36
|
+
* Redact sensitive data from a FullResponse (response headers and cookies).
|
|
37
|
+
* Response body is NOT redacted (too varied to pattern-match safely).
|
|
38
|
+
*/
|
|
39
|
+
export declare function redactFullResponse(response: FullResponse): FullResponse;
|
|
40
|
+
/**
|
|
41
|
+
* Redact sensitive data from a FullResultDetails (suite test result).
|
|
42
|
+
*/
|
|
43
|
+
export declare function redactFullResultDetails(result: FullResultDetails): FullResultDetails;
|
|
44
|
+
/** A single warning about a hardcoded sensitive value. */
|
|
45
|
+
export interface SensitiveDataWarning {
|
|
46
|
+
/** Where the issue was found (e.g. "header", "auth", "body", "query", "url") */
|
|
47
|
+
location: string;
|
|
48
|
+
/** The field name that matched (e.g. "Authorization", "password") */
|
|
49
|
+
field: string;
|
|
50
|
+
/** Human-readable guidance */
|
|
51
|
+
message: string;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Check a request for hardcoded sensitive data that should use environment
|
|
55
|
+
* variables instead. Returns an array of warnings. An empty array means the
|
|
56
|
+
* request is safe to save.
|
|
57
|
+
*
|
|
58
|
+
* Only values that are NOT `{{variable}}` template references are flagged.
|
|
59
|
+
*/
|
|
60
|
+
export declare function detectSensitiveData(request: {
|
|
61
|
+
url?: string;
|
|
62
|
+
headers?: Record<string, string> | Array<{
|
|
63
|
+
key: string;
|
|
64
|
+
value: string;
|
|
65
|
+
enabled?: boolean;
|
|
66
|
+
}>;
|
|
67
|
+
query?: Record<string, string> | Array<{
|
|
68
|
+
key: string;
|
|
69
|
+
value: string;
|
|
70
|
+
enabled?: boolean;
|
|
71
|
+
}>;
|
|
72
|
+
body?: any;
|
|
73
|
+
auth?: any;
|
|
74
|
+
}): SensitiveDataWarning[];
|
|
75
|
+
/**
|
|
76
|
+
* A single sensitive value that can be extracted to a .local.json variable.
|
|
77
|
+
*/
|
|
78
|
+
export interface SensitiveExtraction {
|
|
79
|
+
/** Where the value was found */
|
|
80
|
+
location: 'header' | 'query' | 'body' | 'auth' | 'url';
|
|
81
|
+
/** The field name / key (e.g. "Authorization", "password") */
|
|
82
|
+
field: string;
|
|
83
|
+
/** Dot-path for nested body fields (e.g. "credentials.secret") */
|
|
84
|
+
path?: string;
|
|
85
|
+
/** The hardcoded value to extract */
|
|
86
|
+
value: string;
|
|
87
|
+
/** Suggested variable name for the .local.json file */
|
|
88
|
+
variableName: string;
|
|
89
|
+
}
|
|
90
|
+
/**
|
|
91
|
+
* Scan a request and build an extraction plan: a list of all hardcoded sensitive
|
|
92
|
+
* values with their locations and suggested variable names.
|
|
93
|
+
*
|
|
94
|
+
* The caller can use this plan to:
|
|
95
|
+
* 1. Write the values to a .local.json environment file
|
|
96
|
+
* 2. Replace each value with {{variableName}} in the request before saving
|
|
97
|
+
*/
|
|
98
|
+
export declare function buildExtractionPlan(request: {
|
|
99
|
+
url?: string;
|
|
100
|
+
headers?: Record<string, string> | Array<{
|
|
101
|
+
key: string;
|
|
102
|
+
value: string;
|
|
103
|
+
enabled?: boolean;
|
|
104
|
+
}>;
|
|
105
|
+
query?: Record<string, string> | Array<{
|
|
106
|
+
key: string;
|
|
107
|
+
value: string;
|
|
108
|
+
enabled?: boolean;
|
|
109
|
+
}>;
|
|
110
|
+
body?: any;
|
|
111
|
+
auth?: any;
|
|
112
|
+
}): SensitiveExtraction[];
|
|
113
|
+
/**
|
|
114
|
+
* Apply an extraction plan to a request: replace hardcoded values with {{variableName}}.
|
|
115
|
+
* Returns a deep copy of the request with all sensitive values replaced.
|
|
116
|
+
*/
|
|
117
|
+
export declare function applyExtractionPlan(request: any, plan: SensitiveExtraction[]): any;
|
|
@@ -7,8 +7,8 @@
|
|
|
7
7
|
* - Aggregated stats in memory (constant size)
|
|
8
8
|
* - On-demand result loading
|
|
9
9
|
*/
|
|
10
|
-
import { IConfigService } from '../config';
|
|
11
10
|
import { ExecutionResult } from '../../types/types';
|
|
11
|
+
import { IConfigService } from '../config';
|
|
12
12
|
import { FullResultDetails, IndexPage, IResultStorageService, RecentError, RequestStats, ResultSummary, RunConfig, RunManifest, RunStats } from './result-storage';
|
|
13
13
|
/**
|
|
14
14
|
* File-based Result Storage Service for Test Suite
|
package/package.json
CHANGED