@jaypie/express 1.2.14 → 1.2.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cjs/index.cjs +29 -7
  2. package/dist/cjs/index.cjs.map +1 -1
  3. package/dist/cjs/summarizeRequest.helper.d.ts +1 -1
  4. package/dist/esm/index.js +30 -8
  5. package/dist/esm/index.js.map +1 -1
  6. package/dist/esm/summarizeRequest.helper.d.ts +1 -1
  7. package/package.json +1 -1
package/dist/cjs/summarizeRequest.helper.d.ts CHANGED
@@ -2,7 +2,7 @@ import type { Request } from "express";
2
2
  export interface RequestSummary {
3
3
  baseUrl: string;
4
4
  body: unknown;
5
- headers: Request["headers"];
5
+ headers: Record<string, string | string[] | undefined>;
6
6
  method: string;
7
7
  query: Request["query"];
8
8
  url: string;
package/dist/esm/index.js CHANGED
@@ -4,7 +4,7 @@ import { CorsError, BadRequestError, UnhandledError, GatewayTimeoutError, Unavai
4
4
  import { force, envBoolean, JAYPIE, HTTP, getHeaderFrom, jaypieHandler } from '@jaypie/kit';
5
5
  import expressCors from 'cors';
6
6
  import { loadEnvSecrets, getContentTypeForFormat, formatStreamError } from '@jaypie/aws';
7
- import { log } from '@jaypie/logger';
7
+ import { log, redactAuth } from '@jaypie/logger';
8
8
  import { hasDatadogEnv, submitMetric, DATADOG } from '@jaypie/datadog';
9
9
 
10
10
  //
@@ -1510,6 +1510,11 @@ const decorateResponse = (res, { handler = "", version = process.env.PROJECT_VER
1510
1510
  // about the environment's secret parameters, the special adapter,
1511
1511
  // HTTP, etc. There must be a better way to organize this
1512
1512
 
1513
+ //
1514
+ //
1515
+ // Constants
1516
+ //
1517
+ const SENSITIVE_HEADERS = new Set(["authorization", "cookie", "set-cookie"]);
1513
1518
  //
1514
1519
  //
1515
1520
  // Function Definition
@@ -1520,10 +1525,19 @@ function summarizeRequest(req) {
1520
1525
  if (Buffer.isBuffer(body)) {
1521
1526
  body = body.toString();
1522
1527
  }
1528
+ // Redact sensitive headers
1529
+ const headers = {
1530
+ ...req.headers,
1531
+ };
1532
+ for (const key of Object.keys(headers)) {
1533
+ if (SENSITIVE_HEADERS.has(key.toLowerCase())) {
1534
+ headers[key] = redactAuth(headers[key]);
1535
+ }
1536
+ }
1523
1537
  return {
1524
1538
  baseUrl: req.baseUrl,
1525
1539
  body,
1526
- headers: req.headers,
1540
+ headers,
1527
1541
  method: req.method,
1528
1542
  query: req.query,
1529
1543
  url: req.url,
@@ -1793,14 +1807,18 @@ function expressHandler(handlerOrOptions, optionsOrHandler) {
1793
1807
  //
1794
1808
  // Preprocess
1795
1809
  //
1810
+ // Build a request-local setup list to avoid mutating the shared array
1811
+ const requestSetup = [];
1796
1812
  // Load secrets into process.env if configured
1797
1813
  if (secrets && secrets.length > 0) {
1798
1814
  const secretsToLoad = secrets;
1799
1815
  const secretsSetup = async () => {
1800
1816
  await loadEnvSecrets(...secretsToLoad);
1801
1817
  };
1802
- setup.unshift(secretsSetup);
1818
+ requestSetup.push(secretsSetup);
1803
1819
  }
1820
+ // Add shared setup functions
1821
+ requestSetup.push(...setup);
1804
1822
  if (locals) {
1805
1823
  // Locals
1806
1824
  const keys = Object.keys(locals);
@@ -1819,7 +1837,7 @@ function expressHandler(handlerOrOptions, optionsOrHandler) {
1819
1837
  }
1820
1838
  }
1821
1839
  };
1822
- setup.push(localsSetup);
1840
+ requestSetup.push(localsSetup);
1823
1841
  }
1824
1842
  }
1825
1843
  let response;
@@ -1830,7 +1848,7 @@ function expressHandler(handlerOrOptions, optionsOrHandler) {
1830
1848
  jaypieFunction = jaypieHandler(handler, {
1831
1849
  chaos,
1832
1850
  name,
1833
- setup,
1851
+ setup: requestSetup,
1834
1852
  teardown,
1835
1853
  unavailable,
1836
1854
  validate,
@@ -2141,14 +2159,18 @@ function expressStreamHandler(handlerOrOptions, optionsOrHandler) {
2141
2159
  //
2142
2160
  // Preprocess
2143
2161
  //
2162
+ // Build a request-local setup list to avoid mutating the shared array
2163
+ const requestSetup = [];
2144
2164
  // Load secrets into process.env if configured
2145
2165
  if (secrets && secrets.length > 0) {
2146
2166
  const secretsToLoad = secrets;
2147
2167
  const secretsSetup = async () => {
2148
2168
  await loadEnvSecrets(...secretsToLoad);
2149
2169
  };
2150
- setup.unshift(secretsSetup);
2170
+ requestSetup.push(secretsSetup);
2151
2171
  }
2172
+ // Add shared setup functions
2173
+ requestSetup.push(...setup);
2152
2174
  if (locals) {
2153
2175
  const keys = Object.keys(locals);
2154
2176
  if (keys.length > 0) {
@@ -2166,7 +2188,7 @@ function expressStreamHandler(handlerOrOptions, optionsOrHandler) {
2166
2188
  }
2167
2189
  }
2168
2190
  };
2169
- setup.push(localsSetup);
2191
+ requestSetup.push(localsSetup);
2170
2192
  }
2171
2193
  }
2172
2194
  try {
@@ -2174,7 +2196,7 @@ function expressStreamHandler(handlerOrOptions, optionsOrHandler) {
2174
2196
  jaypieFunction = jaypieHandler(handler, {
2175
2197
  chaos,
2176
2198
  name,
2177
- setup,
2199
+ setup: requestSetup,
2178
2200
  teardown,
2179
2201
  unavailable,
2180
2202
  validate,