@kapeta/local-cluster-service 0.43.2 → 0.44.0

package/CHANGELOG.md

@@ -1,3 +1,23 @@
+# [0.44.0](https://github.com/kapetacom/local-cluster-service/compare/v0.43.3...v0.44.0) (2024-05-08)
+
+
+### Bug Fixes
+
+* Remove wrong todo comment ([c300f3c](https://github.com/kapetacom/local-cluster-service/commit/c300f3c8bd2542517317aca0d54825332f6424bc))
+* Safeguard with optional chaining ([ff8af98](https://github.com/kapetacom/local-cluster-service/commit/ff8af98845d3cc6431a919a7d251c5a90e5b88ef))
+
+
+### Features
+
+* Mask sensitive data in req and res body ([39c0c46](https://github.com/kapetacom/local-cluster-service/commit/39c0c46a9f9c58938b70c4736d1fb8ec651d7d9c))
+
+## [0.43.3](https://github.com/kapetacom/local-cluster-service/compare/v0.43.2...v0.43.3) (2024-05-08)
+
+
+### Bug Fixes
+
+* bump microfrontend w/ node 20.13 sentry fix ([#145](https://github.com/kapetacom/local-cluster-service/issues/145)) ([30cf291](https://github.com/kapetacom/local-cluster-service/commit/30cf2917985217eb6b9a172dade6e8cadea73d7e))
+
 ## [0.43.2](https://github.com/kapetacom/local-cluster-service/compare/v0.43.1...v0.43.2) (2024-05-03)
 
 

package/dist/cjs/src/proxy/routes.js

@@ -49,19 +49,19 @@ router.all('/:systemId/:consumerInstanceId/:consumerResourceName/:type/*', async
             });
             return;
         }
-        const toBlockInstance = lodash_1.default.find(plan.spec.blocks, (blockInstance) => {
+        const consumerBlockInstance = lodash_1.default.find(plan.spec.blocks, (blockInstance) => {
             return blockInstance.id.toLowerCase() === connection.consumer.blockId.toLowerCase();
         });
-        if (!toBlockInstance) {
+        if (!consumerBlockInstance) {
             res.status(401).send({ error: `Block instance not found "${req.params.consumerInstanceId}` });
             return;
         }
-        const toBlockAsset = await assetManager_1.assetManager.getAsset(toBlockInstance.block.ref);
-        if (!toBlockAsset) {
-            res.status(401).send({ error: `Block asset not found "${toBlockInstance.block.ref}` });
+        const consumerBlockAsset = await assetManager_1.assetManager.getAsset(consumerBlockInstance.block.ref);
+        if (!consumerBlockAsset) {
+            res.status(401).send({ error: `Block asset not found "${consumerBlockInstance.block.ref}` });
             return;
         }
-        const consumerResource = getResource(toBlockAsset.data.spec.consumers, req.params.consumerResourceName);
+        const consumerResource = getResource(consumerBlockAsset.data.spec.consumers, req.params.consumerResourceName);
         if (!consumerResource) {
             res.status(401).send({
                 error: `Block resource not found "${req.params.consumerInstanceId}::${req.params.consumerResourceName}`,
@@ -69,19 +69,19 @@ router.all('/:systemId/:consumerInstanceId/:consumerResourceName/:type/*', async
             return;
         }
         const basePath = clusterService_1.clusterService.getProxyPath(req.params.systemId, req.params.consumerInstanceId, req.params.consumerResourceName, req.params.type);
-        const fromBlockInstance = lodash_1.default.find(plan.spec.blocks, (blockInstance) => {
+        const providerBlockInstance = lodash_1.default.find(plan.spec.blocks, (blockInstance) => {
             return blockInstance.id.toLowerCase() === connection.provider.blockId.toLowerCase();
         });
-        if (!fromBlockInstance) {
+        if (!providerBlockInstance) {
             res.status(401).send({ error: `Block instance not found "${connection.provider.blockId}` });
             return;
         }
-        const fromBlockAsset = await assetManager_1.assetManager.getAsset(fromBlockInstance.block.ref);
-        if (!fromBlockAsset) {
-            res.status(401).send({ error: `Block asset not found "${fromBlockInstance.block.ref}` });
+        const providerBlockAsset = await assetManager_1.assetManager.getAsset(providerBlockInstance.block.ref);
+        if (!providerBlockAsset) {
+            res.status(401).send({ error: `Block asset not found "${providerBlockInstance.block.ref}` });
             return;
         }
-        const providerResource = getResource(fromBlockAsset.data.spec.providers, connection.provider.resourceName);
+        const providerResource = getResource(providerBlockAsset.data.spec.providers, connection.provider.resourceName);
         if (!providerResource) {
             res.status(401).send({
                 error: `Block resource not found "${connection.provider.blockId}::${connection.provider.resourceName}`,
@@ -93,18 +93,18 @@ router.all('/:systemId/:consumerInstanceId/:consumerResourceName/:type/*', async
         while (address.endsWith('/')) {
             address = address.substring(0, address.length - 1);
         }
-        /*
-     Get the path the consumer requested.
-     Note that this might not match the path the destination is expecting so we need to identify the method
-     that is being called and identify the destination path from the connection.
-     */
+        // Get the path the consumer requested. Note that this might not match the path the
+        // destination is expecting so we need to identify the method that is being called and
+        // identify the destination path from the connection.
         const consumerPath = req.originalUrl.substring(basePath.length - 1);
         typeHandler(req, res, {
-            consumerPath,
             address,
+            connection,
+            consumerPath,
             consumerResource,
+            consumerBlockAsset,
             providerResource,
-            connection,
+            providerBlockAsset,
         });
     }
     catch (err) {

package/dist/cjs/src/proxy/types/rest.d.ts

@@ -2,9 +2,7 @@
  * Copyright 2023 Kapeta Inc.
  * SPDX-License-Identifier: BUSL-1.1
  */
-import { Response } from 'express';
-import { ProxyRequestInfo } from '../../types';
-import { StringBodyRequest } from '../../middleware/stringBody';
+import { ProxyRequestHandler } from '../../types';
 import { Resource } from '@kapeta/schemas';
 export declare function getRestMethodId(restResource: Resource, httpMethod: string, httpPath: string): string | undefined;
-export declare function proxyRestRequest(req: StringBodyRequest, res: Response, opts: ProxyRequestInfo): void;
+export declare const proxyRestRequest: ProxyRequestHandler;

package/dist/cjs/src/proxy/types/rest.js

@@ -16,6 +16,7 @@ const networkManager_1 = require("../../networkManager");
 const socketManager_1 = require("../../socketManager");
 const qs_1 = require("qs");
 const web_1 = require("./web");
+const kaplang_core_1 = require("@kapeta/kaplang-core");
 function getRestMethodId(restResource, httpMethod, httpPath) {
     return lodash_1.default.findKey(restResource.spec.methods, (method) => {
         let methodType = method.method ? method.method.toUpperCase() : 'GET';
@@ -63,12 +64,49 @@ function resolveMethods(req, opts) {
         providerMethod,
     };
 }
-function proxyRestRequest(req, res, opts) {
+function resolveEntitiesSource(blockAsset) {
+    return blockAsset.data.spec?.entities?.source?.value || '';
+}
+const MASK_STRING = '*******';
+function maskSimpleRequest(req, consumerMethod, entitiesSource) {
+    const maskedRequest = lodash_1.default.cloneDeep(req);
+    Object.entries(consumerMethod.arguments || {}).forEach(([key, value]) => {
+        if (value.transport === kaplang_core_1.HTTPTransport.BODY && typeof maskedRequest.body === 'string') {
+            try {
+                maskedRequest.body = (0, kaplang_core_1.maskSensitiveData)(maskedRequest.body, kaplang_core_1.DSLConverters.fromSchemaType(value), entitiesSource, MASK_STRING);
+            }
+            catch (error) {
+                // Ignore errors masking the request body
+            }
+        }
+        // TODO: Mask HEADER
+        // TODO: Mask QUERY
+    });
+    return maskedRequest;
+}
+function maskSimpleResponse(res, consumerMethod, entitiesSource) {
+    const maskedResponse = lodash_1.default.cloneDeep(res);
+    Object.entries(consumerMethod.arguments || {}).forEach(([key, value]) => {
+        // TODO: Mask HEADER
+    });
+    try {
+        if (typeof maskedResponse.body === 'string') {
+            maskedResponse.body = (0, kaplang_core_1.maskSensitiveData)(maskedResponse.body, kaplang_core_1.DSLConverters.fromSchemaType(consumerMethod.responseType), entitiesSource, MASK_STRING);
+        }
+    }
+    catch (error) {
+        // Ignore errors masking the response body
+    }
+    return maskedResponse;
+}
+const proxyRestRequest = (req, res, opts) => {
     if (lodash_1.default.isEmpty(opts.consumerResource.spec.methods) && lodash_1.default.isEmpty(opts.providerResource.spec.methods)) {
         // If there are no methods defined, we assume the user controls the path and we just proxy the raw request
         return (0, web_1.proxyHttpRequest)(req, res, opts);
     }
-    let { consumerMethod, providerMethod } = resolveMethods(req, opts);
+    const { consumerMethod, providerMethod } = resolveMethods(req, opts);
+    const consumerEntitiesSource = resolveEntitiesSource(opts.consumerBlockAsset);
+    const providerEntitiesSource = resolveEntitiesSource(opts.providerBlockAsset);
     const consumerPathTemplate = (0, pathTemplateParser_1.pathTemplateParser)(consumerMethod.path);
     const providerPathTemplate = (0, pathTemplateParser_1.pathTemplateParser)(providerMethod.path);
     const pathVariables = consumerPathTemplate.parse(opts.consumerPath);
@@ -98,7 +136,7 @@ function proxyRestRequest(req, res, opts) {
         body: req.stringBody,
         headers: requestHeaders,
     };
-    const traffic = networkManager_1.networkManager.addRequest(req.params.systemId, opts.connection, reqOpts, consumerMethod.id, providerMethod.id);
+    const traffic = networkManager_1.networkManager.addRequest(req.params.systemId, opts.connection, maskSimpleRequest(reqOpts, consumerMethod, consumerEntitiesSource), consumerMethod.id, providerMethod.id);
     socketManager_1.socketManager.emit(traffic.connectionId, 'traffic_start', traffic);
     (0, request_1.default)(reqOpts, function (err, response, responseBody) {
         if (err) {
@@ -113,16 +151,17 @@ function proxyRestRequest(req, res, opts) {
         delete responseHeaders['connection'];
         res.set(responseHeaders);
         res.status(response.statusCode);
-        traffic.withResponse({
+        const simpleResponse = {
             code: response.statusCode,
             headers: response.headers,
             body: responseBody,
-        });
+        };
+        traffic.withResponse(maskSimpleResponse(simpleResponse, consumerMethod, consumerEntitiesSource));
         socketManager_1.socketManager.emit(traffic.connectionId, 'traffic_end', traffic);
         if (responseBody) {
             res.write(responseBody);
         }
         res.end();
     });
-}
+};
 exports.proxyRestRequest = proxyRestRequest;

package/dist/cjs/src/proxy/types/web.d.ts

@@ -2,7 +2,5 @@
  * Copyright 2023 Kapeta Inc.
  * SPDX-License-Identifier: BUSL-1.1
  */
-import { Response } from 'express';
-import { ProxyRequestInfo } from '../../types';
-import { StringBodyRequest } from '../../middleware/stringBody';
-export declare function proxyHttpRequest(req: StringBodyRequest, res: Response, opts: ProxyRequestInfo): void;
+import { ProxyRequestHandler } from '../../types';
+export declare const proxyHttpRequest: ProxyRequestHandler;

package/dist/cjs/src/proxy/types/web.js

@@ -13,7 +13,7 @@ const lodash_1 = __importDefault(require("lodash"));
 const networkManager_1 = require("../../networkManager");
 const socketManager_1 = require("../../socketManager");
 const qs_1 = require("qs");
-function proxyHttpRequest(req, res, opts) {
+const proxyHttpRequest = (req, res, opts) => {
     const requestHeaders = lodash_1.default.clone(req.headers);
     delete requestHeaders['content-length'];
     delete requestHeaders['content-encoding'];
@@ -57,5 +57,5 @@ function proxyHttpRequest(req, res, opts) {
     });
     //We need to pipe the proxy response to the client response to handle sockets and event streams
     proxyReq.pipe(res);
-}
+};
 exports.proxyHttpRequest = proxyHttpRequest;

package/dist/cjs/src/types.d.ts

@@ -6,6 +6,7 @@ import express from 'express';
 import { Connection, Resource } from '@kapeta/schemas';
 import { StringBodyRequest } from './middleware/stringBody';
 import { KapetaRequest } from './middleware/kapeta';
+import { EnrichedAsset } from './assetManager';
 export declare const KIND_RESOURCE_OPERATOR = "core/resource-type-operator";
 export declare const KIND_BLOCK_TYPE = "core/block-type";
 export declare const KIND_BLOCK_TYPE_OPERATOR = "core/block-type-operator";
@@ -80,9 +81,11 @@ export type ProxyRequestHandler = (req: StringBodyRequest, res: express.Response
 export interface ProxyRequestInfo {
     address: string;
     connection: Connection;
-    providerResource: Resource;
-    consumerResource: Resource;
     consumerPath: string;
+    consumerResource: Resource;
+    consumerBlockAsset: EnrichedAsset;
+    providerResource: Resource;
+    providerBlockAsset: EnrichedAsset;
 }
 export interface SimpleResponse {
     code: number;

package/dist/esm/src/proxy/routes.js

@@ -49,19 +49,19 @@ router.all('/:systemId/:consumerInstanceId/:consumerResourceName/:type/*', async
             });
             return;
         }
-        const toBlockInstance = lodash_1.default.find(plan.spec.blocks, (blockInstance) => {
+        const consumerBlockInstance = lodash_1.default.find(plan.spec.blocks, (blockInstance) => {
             return blockInstance.id.toLowerCase() === connection.consumer.blockId.toLowerCase();
         });
-        if (!toBlockInstance) {
+        if (!consumerBlockInstance) {
             res.status(401).send({ error: `Block instance not found "${req.params.consumerInstanceId}` });
             return;
         }
-        const toBlockAsset = await assetManager_1.assetManager.getAsset(toBlockInstance.block.ref);
-        if (!toBlockAsset) {
-            res.status(401).send({ error: `Block asset not found "${toBlockInstance.block.ref}` });
+        const consumerBlockAsset = await assetManager_1.assetManager.getAsset(consumerBlockInstance.block.ref);
+        if (!consumerBlockAsset) {
+            res.status(401).send({ error: `Block asset not found "${consumerBlockInstance.block.ref}` });
             return;
         }
-        const consumerResource = getResource(toBlockAsset.data.spec.consumers, req.params.consumerResourceName);
+        const consumerResource = getResource(consumerBlockAsset.data.spec.consumers, req.params.consumerResourceName);
         if (!consumerResource) {
             res.status(401).send({
                 error: `Block resource not found "${req.params.consumerInstanceId}::${req.params.consumerResourceName}`,
@@ -69,19 +69,19 @@ router.all('/:systemId/:consumerInstanceId/:consumerResourceName/:type/*', async
             return;
         }
         const basePath = clusterService_1.clusterService.getProxyPath(req.params.systemId, req.params.consumerInstanceId, req.params.consumerResourceName, req.params.type);
-        const fromBlockInstance = lodash_1.default.find(plan.spec.blocks, (blockInstance) => {
+        const providerBlockInstance = lodash_1.default.find(plan.spec.blocks, (blockInstance) => {
             return blockInstance.id.toLowerCase() === connection.provider.blockId.toLowerCase();
         });
-        if (!fromBlockInstance) {
+        if (!providerBlockInstance) {
             res.status(401).send({ error: `Block instance not found "${connection.provider.blockId}` });
             return;
         }
-        const fromBlockAsset = await assetManager_1.assetManager.getAsset(fromBlockInstance.block.ref);
-        if (!fromBlockAsset) {
-            res.status(401).send({ error: `Block asset not found "${fromBlockInstance.block.ref}` });
+        const providerBlockAsset = await assetManager_1.assetManager.getAsset(providerBlockInstance.block.ref);
+        if (!providerBlockAsset) {
+            res.status(401).send({ error: `Block asset not found "${providerBlockInstance.block.ref}` });
             return;
         }
-        const providerResource = getResource(fromBlockAsset.data.spec.providers, connection.provider.resourceName);
+        const providerResource = getResource(providerBlockAsset.data.spec.providers, connection.provider.resourceName);
         if (!providerResource) {
             res.status(401).send({
                 error: `Block resource not found "${connection.provider.blockId}::${connection.provider.resourceName}`,
@@ -93,18 +93,18 @@ router.all('/:systemId/:consumerInstanceId/:consumerResourceName/:type/*', async
         while (address.endsWith('/')) {
             address = address.substring(0, address.length - 1);
         }
-        /*
-     Get the path the consumer requested.
-     Note that this might not match the path the destination is expecting so we need to identify the method
-     that is being called and identify the destination path from the connection.
-     */
+        // Get the path the consumer requested. Note that this might not match the path the
+        // destination is expecting so we need to identify the method that is being called and
+        // identify the destination path from the connection.
         const consumerPath = req.originalUrl.substring(basePath.length - 1);
         typeHandler(req, res, {
-            consumerPath,
             address,
+            connection,
+            consumerPath,
             consumerResource,
+            consumerBlockAsset,
             providerResource,
-            connection,
+            providerBlockAsset,
         });
     }
     catch (err) {

package/dist/esm/src/proxy/types/rest.d.ts

@@ -2,9 +2,7 @@
  * Copyright 2023 Kapeta Inc.
  * SPDX-License-Identifier: BUSL-1.1
  */
-import { Response } from 'express';
-import { ProxyRequestInfo } from '../../types';
-import { StringBodyRequest } from '../../middleware/stringBody';
+import { ProxyRequestHandler } from '../../types';
 import { Resource } from '@kapeta/schemas';
 export declare function getRestMethodId(restResource: Resource, httpMethod: string, httpPath: string): string | undefined;
-export declare function proxyRestRequest(req: StringBodyRequest, res: Response, opts: ProxyRequestInfo): void;
+export declare const proxyRestRequest: ProxyRequestHandler;

package/dist/esm/src/proxy/types/rest.js

@@ -16,6 +16,7 @@ const networkManager_1 = require("../../networkManager");
 const socketManager_1 = require("../../socketManager");
 const qs_1 = require("qs");
 const web_1 = require("./web");
+const kaplang_core_1 = require("@kapeta/kaplang-core");
 function getRestMethodId(restResource, httpMethod, httpPath) {
     return lodash_1.default.findKey(restResource.spec.methods, (method) => {
         let methodType = method.method ? method.method.toUpperCase() : 'GET';
@@ -63,12 +64,49 @@ function resolveMethods(req, opts) {
         providerMethod,
     };
 }
-function proxyRestRequest(req, res, opts) {
+function resolveEntitiesSource(blockAsset) {
+    return blockAsset.data.spec?.entities?.source?.value || '';
+}
+const MASK_STRING = '*******';
+function maskSimpleRequest(req, consumerMethod, entitiesSource) {
+    const maskedRequest = lodash_1.default.cloneDeep(req);
+    Object.entries(consumerMethod.arguments || {}).forEach(([key, value]) => {
+        if (value.transport === kaplang_core_1.HTTPTransport.BODY && typeof maskedRequest.body === 'string') {
+            try {
+                maskedRequest.body = (0, kaplang_core_1.maskSensitiveData)(maskedRequest.body, kaplang_core_1.DSLConverters.fromSchemaType(value), entitiesSource, MASK_STRING);
+            }
+            catch (error) {
+                // Ignore errors masking the request body
+            }
+        }
+        // TODO: Mask HEADER
+        // TODO: Mask QUERY
+    });
+    return maskedRequest;
+}
+function maskSimpleResponse(res, consumerMethod, entitiesSource) {
+    const maskedResponse = lodash_1.default.cloneDeep(res);
+    Object.entries(consumerMethod.arguments || {}).forEach(([key, value]) => {
+        // TODO: Mask HEADER
+    });
+    try {
+        if (typeof maskedResponse.body === 'string') {
+            maskedResponse.body = (0, kaplang_core_1.maskSensitiveData)(maskedResponse.body, kaplang_core_1.DSLConverters.fromSchemaType(consumerMethod.responseType), entitiesSource, MASK_STRING);
+        }
+    }
+    catch (error) {
+        // Ignore errors masking the response body
+    }
+    return maskedResponse;
+}
+const proxyRestRequest = (req, res, opts) => {
     if (lodash_1.default.isEmpty(opts.consumerResource.spec.methods) && lodash_1.default.isEmpty(opts.providerResource.spec.methods)) {
         // If there are no methods defined, we assume the user controls the path and we just proxy the raw request
         return (0, web_1.proxyHttpRequest)(req, res, opts);
     }
-    let { consumerMethod, providerMethod } = resolveMethods(req, opts);
+    const { consumerMethod, providerMethod } = resolveMethods(req, opts);
+    const consumerEntitiesSource = resolveEntitiesSource(opts.consumerBlockAsset);
+    const providerEntitiesSource = resolveEntitiesSource(opts.providerBlockAsset);
     const consumerPathTemplate = (0, pathTemplateParser_1.pathTemplateParser)(consumerMethod.path);
     const providerPathTemplate = (0, pathTemplateParser_1.pathTemplateParser)(providerMethod.path);
     const pathVariables = consumerPathTemplate.parse(opts.consumerPath);
@@ -98,7 +136,7 @@ function proxyRestRequest(req, res, opts) {
         body: req.stringBody,
         headers: requestHeaders,
     };
-    const traffic = networkManager_1.networkManager.addRequest(req.params.systemId, opts.connection, reqOpts, consumerMethod.id, providerMethod.id);
+    const traffic = networkManager_1.networkManager.addRequest(req.params.systemId, opts.connection, maskSimpleRequest(reqOpts, consumerMethod, consumerEntitiesSource), consumerMethod.id, providerMethod.id);
     socketManager_1.socketManager.emit(traffic.connectionId, 'traffic_start', traffic);
     (0, request_1.default)(reqOpts, function (err, response, responseBody) {
         if (err) {
@@ -113,16 +151,17 @@ function proxyRestRequest(req, res, opts) {
         delete responseHeaders['connection'];
         res.set(responseHeaders);
         res.status(response.statusCode);
-        traffic.withResponse({
+        const simpleResponse = {
             code: response.statusCode,
             headers: response.headers,
             body: responseBody,
-        });
+        };
+        traffic.withResponse(maskSimpleResponse(simpleResponse, consumerMethod, consumerEntitiesSource));
         socketManager_1.socketManager.emit(traffic.connectionId, 'traffic_end', traffic);
         if (responseBody) {
             res.write(responseBody);
         }
         res.end();
     });
-}
+};
 exports.proxyRestRequest = proxyRestRequest;

package/dist/esm/src/proxy/types/web.d.ts

@@ -2,7 +2,5 @@
  * Copyright 2023 Kapeta Inc.
  * SPDX-License-Identifier: BUSL-1.1
  */
-import { Response } from 'express';
-import { ProxyRequestInfo } from '../../types';
-import { StringBodyRequest } from '../../middleware/stringBody';
-export declare function proxyHttpRequest(req: StringBodyRequest, res: Response, opts: ProxyRequestInfo): void;
+import { ProxyRequestHandler } from '../../types';
+export declare const proxyHttpRequest: ProxyRequestHandler;

package/dist/esm/src/proxy/types/web.js

@@ -13,7 +13,7 @@ const lodash_1 = __importDefault(require("lodash"));
 const networkManager_1 = require("../../networkManager");
 const socketManager_1 = require("../../socketManager");
 const qs_1 = require("qs");
-function proxyHttpRequest(req, res, opts) {
+const proxyHttpRequest = (req, res, opts) => {
     const requestHeaders = lodash_1.default.clone(req.headers);
     delete requestHeaders['content-length'];
     delete requestHeaders['content-encoding'];
@@ -57,5 +57,5 @@ function proxyHttpRequest(req, res, opts) {
     });
     //We need to pipe the proxy response to the client response to handle sockets and event streams
     proxyReq.pipe(res);
-}
+};
 exports.proxyHttpRequest = proxyHttpRequest;

package/dist/esm/src/types.d.ts

@@ -6,6 +6,7 @@ import express from 'express';
 import { Connection, Resource } from '@kapeta/schemas';
 import { StringBodyRequest } from './middleware/stringBody';
 import { KapetaRequest } from './middleware/kapeta';
+import { EnrichedAsset } from './assetManager';
 export declare const KIND_RESOURCE_OPERATOR = "core/resource-type-operator";
 export declare const KIND_BLOCK_TYPE = "core/block-type";
 export declare const KIND_BLOCK_TYPE_OPERATOR = "core/block-type-operator";
@@ -80,9 +81,11 @@ export type ProxyRequestHandler = (req: StringBodyRequest, res: express.Response
 export interface ProxyRequestInfo {
     address: string;
     connection: Connection;
-    providerResource: Resource;
-    consumerResource: Resource;
     consumerPath: string;
+    consumerResource: Resource;
+    consumerBlockAsset: EnrichedAsset;
+    providerResource: Resource;
+    providerBlockAsset: EnrichedAsset;
 }
 export interface SimpleResponse {
     code: number;

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@kapeta/local-cluster-service",
-    "version": "0.43.2",
+    "version": "0.44.0",
     "description": "Manages configuration, ports and service discovery for locally running Kapeta systems",
     "type": "commonjs",
     "exports": {
@@ -43,13 +43,16 @@
         "build:cjs": "tsc  --outDir ./dist/cjs && echo '{\"type\":\"commonjs\"}' > ./dist/cjs/package.json",
         "build": "npm run clean && npm run build:esm && npm run build:cjs",
         "format": "prettier --write .",
-        "lint": "tsc --noEmit && eslint src/**/*.ts",
+        "lint": "npm run lint:tsc && npm run lint:eslint",
+        "lint:tsc": "tsc --noEmit",
+        "lint:eslint": "eslint src/**/*.ts",
         "prepublishOnly": "npm run build"
     },
     "homepage": "https://github.com/kapetacom/local-cluster-service#readme",
     "dependencies": {
         "@kapeta/codegen": "^1.3.0",
         "@kapeta/config-mapper": "^1.2.1",
+        "@kapeta/kaplang-core": "^1.14.2",
         "@kapeta/local-cluster-config": "^0.4.2",
         "@kapeta/nodejs-api-client": ">=0.2.0 <2",
         "@kapeta/nodejs-process": "^1.2.0",
@@ -57,8 +60,8 @@
         "@kapeta/nodejs-utils": "<2",
         "@kapeta/schemas": "^3.6.0",
         "@kapeta/sdk-config": "^2.1.1",
-        "@kapeta/web-microfrontend": "^1.2.5",
-        "@sentry/node": "^7.94.1",
+        "@kapeta/web-microfrontend": "^1.2.11",
+        "@sentry/node": "^7.114.0",
         "@types/dockerode": "^3.3.19",
         "@types/stream-json": "^1.7.3",
         "async-lock": "^1.4.0",

package/src/proxy/routes.ts

@@ -4,7 +4,7 @@
  */
 
 import Router from 'express-promise-router';
-import { Request, Response } from 'express';
+import { Response } from 'express';
 import { Resource } from '@kapeta/schemas';
 import { proxyRestRequest } from './types/rest';
 import { proxyHttpRequest } from './types/web';
@@ -61,23 +61,26 @@ router.all(
                 return;
             }
 
-            const toBlockInstance = _.find(plan.spec.blocks, (blockInstance) => {
+            const consumerBlockInstance = _.find(plan.spec.blocks, (blockInstance) => {
                 return blockInstance.id.toLowerCase() === connection.consumer.blockId.toLowerCase();
             });
 
-            if (!toBlockInstance) {
+            if (!consumerBlockInstance) {
                 res.status(401).send({ error: `Block instance not found "${req.params.consumerInstanceId}` });
                 return;
             }
 
-            const toBlockAsset = await assetManager.getAsset(toBlockInstance.block.ref);
+            const consumerBlockAsset = await assetManager.getAsset(consumerBlockInstance.block.ref);
 
-            if (!toBlockAsset) {
-                res.status(401).send({ error: `Block asset not found "${toBlockInstance.block.ref}` });
+            if (!consumerBlockAsset) {
+                res.status(401).send({ error: `Block asset not found "${consumerBlockInstance.block.ref}` });
                 return;
             }
 
-            const consumerResource = getResource(toBlockAsset.data.spec.consumers, req.params.consumerResourceName);
+            const consumerResource = getResource(
+                consumerBlockAsset.data.spec.consumers,
+                req.params.consumerResourceName
+            );
 
             if (!consumerResource) {
                 res.status(401).send({
@@ -93,23 +96,26 @@ router.all(
                 req.params.type
             );
 
-            const fromBlockInstance = _.find(plan.spec.blocks, (blockInstance) => {
+            const providerBlockInstance = _.find(plan.spec.blocks, (blockInstance) => {
                 return blockInstance.id.toLowerCase() === connection.provider.blockId.toLowerCase();
             });
 
-            if (!fromBlockInstance) {
+            if (!providerBlockInstance) {
                 res.status(401).send({ error: `Block instance not found "${connection.provider.blockId}` });
                 return;
             }
 
-            const fromBlockAsset = await assetManager.getAsset(fromBlockInstance.block.ref);
+            const providerBlockAsset = await assetManager.getAsset(providerBlockInstance.block.ref);
 
-            if (!fromBlockAsset) {
-                res.status(401).send({ error: `Block asset not found "${fromBlockInstance.block.ref}` });
+            if (!providerBlockAsset) {
+                res.status(401).send({ error: `Block asset not found "${providerBlockInstance.block.ref}` });
                 return;
             }
 
-            const providerResource = getResource(fromBlockAsset.data.spec.providers, connection.provider.resourceName);
+            const providerResource = getResource(
+                providerBlockAsset.data.spec.providers,
+                connection.provider.resourceName
+            );
 
             if (!providerResource) {
                 res.status(401).send({
@@ -129,19 +135,19 @@ router.all(
                 address = address.substring(0, address.length - 1);
             }
 
-            /*
-         Get the path the consumer requested.
-         Note that this might not match the path the destination is expecting so we need to identify the method
-         that is being called and identify the destination path from the connection.
-         */
+            // Get the path the consumer requested. Note that this might not match the path the
+            // destination is expecting so we need to identify the method that is being called and
+            // identify the destination path from the connection.
             const consumerPath = req.originalUrl.substring(basePath.length - 1);
 
             typeHandler(req, res, {
-                consumerPath,
                 address,
+                connection,
+                consumerPath,
                 consumerResource,
+                consumerBlockAsset,
                 providerResource,
-                connection,
+                providerBlockAsset,
             });
         } catch (err: any) {
             console.warn('Failed to process proxy request', err);

package/src/proxy/types/rest.ts

@@ -10,12 +10,13 @@ import { pathTemplateParser } from '../../utils/pathTemplateParser';
 import { networkManager } from '../../networkManager';
 
 import { socketManager } from '../../socketManager';
-import { Request, Response } from 'express';
-import { ProxyRequestInfo, SimpleRequest, StringMap } from '../../types';
-import { StringBodyRequest } from '../../middleware/stringBody';
+import { Request } from 'express';
+import { ProxyRequestHandler, ProxyRequestInfo, SimpleRequest, SimpleResponse, StringMap } from '../../types';
 import { Resource } from '@kapeta/schemas';
 import { stringify } from 'qs';
 import { proxyHttpRequest } from './web';
+import { DSLConverters, HTTPTransport, RESTMethod, maskSensitiveData } from '@kapeta/kaplang-core';
+import { EnrichedAsset } from '../../assetManager';
 
 export function getRestMethodId(restResource: Resource, httpMethod: string, httpPath: string) {
     return _.findKey(restResource.spec.methods, (method) => {
@@ -37,6 +38,10 @@ export function getRestMethodId(restResource: Resource, httpMethod: string, http
     });
 }
 
+interface RESTMethodWithId extends RESTMethod {
+    id: string;
+}
+
 /**
  *
  * @param req {Request}
@@ -52,7 +57,7 @@ function resolveMethods(req: Request, opts: ProxyRequestInfo) {
         );
     }
 
-    const consumerMethod = _.cloneDeep(opts.consumerResource.spec.methods[consumerMethodId]);
+    const consumerMethod = _.cloneDeep(opts.consumerResource.spec.methods[consumerMethodId] as RESTMethodWithId);
 
     if (!consumerMethod) {
         throw new Error(
@@ -70,7 +75,7 @@ function resolveMethods(req: Request, opts: ProxyRequestInfo) {
         throw new Error(`Connection contained no mapping for consumer method "${consumerMethodId}`);
     }
 
-    const providerMethod = _.cloneDeep(opts.providerResource.spec.methods[providerMethodId]);
+    const providerMethod = _.cloneDeep(opts.providerResource.spec.methods[providerMethodId] as RESTMethodWithId);
 
     if (!providerMethod) {
         throw new Error(
@@ -86,12 +91,67 @@ function resolveMethods(req: Request, opts: ProxyRequestInfo) {
     };
 }
 
-export function proxyRestRequest(req: StringBodyRequest, res: Response, opts: ProxyRequestInfo) {
+function resolveEntitiesSource(blockAsset: EnrichedAsset) {
+    return (blockAsset.data.spec?.entities?.source?.value as string) || '';
+}
+
+const MASK_STRING = '*******';
+
+function maskSimpleRequest(req: SimpleRequest, consumerMethod: RESTMethod, entitiesSource: string) {
+    const maskedRequest = _.cloneDeep(req);
+
+    Object.entries(consumerMethod.arguments || {}).forEach(([key, value]) => {
+        if (value.transport === HTTPTransport.BODY && typeof maskedRequest.body === 'string') {
+            try {
+                maskedRequest.body = maskSensitiveData(
+                    maskedRequest.body,
+                    DSLConverters.fromSchemaType(value),
+                    entitiesSource,
+                    MASK_STRING
+                );
+            } catch (error) {
+                // Ignore errors masking the request body
+            }
+        }
+        // TODO: Mask HEADER
+        // TODO: Mask QUERY
+    });
+
+    return maskedRequest;
+}
+
+function maskSimpleResponse(res: SimpleResponse, consumerMethod: RESTMethod, entitiesSource: string) {
+    const maskedResponse = _.cloneDeep(res);
+
+    Object.entries(consumerMethod.arguments || {}).forEach(([key, value]) => {
+        // TODO: Mask HEADER
+    });
+
+    try {
+        if (typeof maskedResponse.body === 'string') {
+            maskedResponse.body = maskSensitiveData(
+                maskedResponse.body,
+                DSLConverters.fromSchemaType(consumerMethod.responseType),
+                entitiesSource,
+                MASK_STRING
+            );
+        }
+    } catch (error) {
+        // Ignore errors masking the response body
+    }
+
+    return maskedResponse;
+}
+
+export const proxyRestRequest: ProxyRequestHandler = (req, res, opts) => {
     if (_.isEmpty(opts.consumerResource.spec.methods) && _.isEmpty(opts.providerResource.spec.methods)) {
         // If there are no methods defined, we assume the user controls the path and we just proxy the raw request
         return proxyHttpRequest(req, res, opts);
     }
-    let { consumerMethod, providerMethod } = resolveMethods(req, opts);
+    const { consumerMethod, providerMethod } = resolveMethods(req, opts);
+
+    const consumerEntitiesSource = resolveEntitiesSource(opts.consumerBlockAsset);
+    const providerEntitiesSource = resolveEntitiesSource(opts.providerBlockAsset);
 
     const consumerPathTemplate = pathTemplateParser(consumerMethod.path);
     const providerPathTemplate = pathTemplateParser(providerMethod.path);
@@ -134,7 +194,7 @@ export function proxyRestRequest(req: StringBodyRequest, res: Response, opts: Pr
     const traffic = networkManager.addRequest(
         req.params.systemId,
         opts.connection,
-        reqOpts,
+        maskSimpleRequest(reqOpts, consumerMethod, consumerEntitiesSource),
         consumerMethod.id,
         providerMethod.id
     );
@@ -160,11 +220,13 @@ export function proxyRestRequest(req: StringBodyRequest, res: Response, opts: Pr
 
         res.status(response.statusCode);
 
-        traffic.withResponse({
+        const simpleResponse = {
             code: response.statusCode,
             headers: response.headers as StringMap,
             body: responseBody,
-        });
+        };
+
+        traffic.withResponse(maskSimpleResponse(simpleResponse, consumerMethod, consumerEntitiesSource));
 
         socketManager.emit(traffic.connectionId, 'traffic_end', traffic);
 
@@ -174,4 +236,4 @@ export function proxyRestRequest(req: StringBodyRequest, res: Response, opts: Pr
 
         res.end();
     });
-}
+};

package/src/proxy/types/web.ts

@@ -7,12 +7,10 @@ import request from 'request';
 import _ from 'lodash';
 import { networkManager } from '../../networkManager';
 import { socketManager } from '../../socketManager';
-import { Response } from 'express';
-import { ProxyRequestInfo, SimpleRequest, StringMap } from '../../types';
-import { StringBodyRequest } from '../../middleware/stringBody';
+import { ProxyRequestHandler, SimpleRequest, StringMap } from '../../types';
 import { stringify } from 'qs';
 
-export function proxyHttpRequest(req: StringBodyRequest, res: Response, opts: ProxyRequestInfo) {
+export const proxyHttpRequest: ProxyRequestHandler = (req, res, opts) => {
     const requestHeaders = _.clone(req.headers);
 
     delete requestHeaders['content-length'];
@@ -67,4 +65,4 @@ export function proxyHttpRequest(req: StringBodyRequest, res: Response, opts: Pr
 
     //We need to pipe the proxy response to the client response to handle sockets and event streams
     proxyReq.pipe(res);
-}
+};

package/src/types.ts

@@ -7,6 +7,7 @@ import express from 'express';
 import { Connection, Resource } from '@kapeta/schemas';
 import { StringBodyRequest } from './middleware/stringBody';
 import { KapetaRequest } from './middleware/kapeta';
+import { EnrichedAsset } from './assetManager';
 
 export const KIND_RESOURCE_OPERATOR = 'core/resource-type-operator';
 export const KIND_BLOCK_TYPE = 'core/block-type';
@@ -90,9 +91,11 @@ export type ProxyRequestHandler = (req: StringBodyRequest, res: express.Response
 export interface ProxyRequestInfo {
     address: string;
     connection: Connection;
-    providerResource: Resource;
-    consumerResource: Resource;
     consumerPath: string;
+    consumerResource: Resource;
+    consumerBlockAsset: EnrichedAsset;
+    providerResource: Resource;
+    providerBlockAsset: EnrichedAsset;
 }
 
 export interface SimpleResponse {