@replayio-app-building/netlify-recorder 0.15.5 → 0.15.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +14 -5
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -31,8 +31,9 @@ The Netlify Recorder app (`https://netlify-recorder-bm4wmw.netlify.app`) provide
31
31
  | `REPLAY_REPOSITORY_URL` | Your app's git repository URL (e.g. `https://github.com/org/repo.git`) | Set in your deploy script or Netlify site settings |
32
32
  | `COMMIT_SHA` | The git commit hash of the deployed code | Set in your deploy script via `git rev-parse HEAD` |
33
33
  | `BRANCH_NAME` | The git branch of the deployed code | Set in your deploy script via `git rev-parse --abbrev-ref HEAD` |
34
+ | `NETLIFY_RECORDER_SECRET` | Secret string for access control — restricts who can view and act on your captured requests | Set in Netlify site environment variables or via `set-branch-secret` |
34
35
 
35
- **These are required.** `finishRequest` will throw an error if any are missing. Your deploy script should resolve them from git and set them on the Netlify site before deploying. Example:
36
+ The first three are **required** `finishRequest` will throw an error if any are missing. `NETLIFY_RECORDER_SECRET` is strongly recommended to prevent other apps from accessing your captured request data. Your deploy script should resolve the git values and set them on the Netlify site before deploying. Example:
36
37
 
37
38
  ```typescript
38
39
  // In your deploy script:
@@ -46,7 +47,7 @@ const repositoryUrl = execSync("git remote get-url origin", { encoding: "utf-8"
46
47
 
47
48
  ### 2. Wrap your Netlify function
48
49
 
49
- Use `createRecordingRequestHandler` with `remoteCallbacks()` to wrap your handler with automatic request capture.
50
+ Use `createRecordingRequestHandler` with `remoteCallbacks()` to wrap your handler with automatic request capture. Set `secret` to restrict access to captured requests — only API calls providing the same secret can view or act on them.
50
51
 
51
52
  **v1 handler** (Netlify Functions v1 — `event` with `httpMethod`, `path`, etc.):
52
53
 
@@ -71,6 +72,7 @@ const handler = createRecordingRequestHandler(
71
72
  {
72
73
  callbacks: remoteCallbacks(RECORDER_URL),
73
74
  handlerPath: "netlify/functions/my-handler",
75
+ secret: process.env.NETLIFY_RECORDER_SECRET,
74
76
  }
75
77
  );
76
78
 
@@ -102,6 +104,7 @@ export default createRecordingRequestHandler(
102
104
  {
103
105
  callbacks: remoteCallbacks(RECORDER_URL),
104
106
  handlerPath: "netlify/functions/my-handler",
107
+ secret: process.env.NETLIFY_RECORDER_SECRET,
105
108
  }
106
109
  );
107
110
  ```
@@ -262,6 +265,7 @@ const handler = createRecordingRequestHandler(
262
265
  };
263
266
  },
264
267
  {
268
+ secret: process.env.NETLIFY_RECORDER_SECRET,
265
269
  callbacks: {
266
270
  uploadBlob: async (data) => {
267
271
  // Upload the JSON string to your blob storage (S3, R2, etc.)
@@ -272,10 +276,10 @@ const handler = createRecordingRequestHandler(
272
276
  const { url } = await res.json();
273
277
  return url;
274
278
  },
275
- storeRequestData: async ({ blobUrl, commitSha, branchName, repositoryUrl, handlerPath }) => {
279
+ storeRequestData: async ({ blobUrl, commitSha, branchName, repositoryUrl, handlerPath, secret }) => {
276
280
  const [row] = await sql`
277
- INSERT INTO requests (blob_url, commit_sha, branch_name, repository_url, handler_path, status)
278
- VALUES (${blobUrl}, ${commitSha}, ${branchName}, ${repositoryUrl}, ${handlerPath}, 'captured')
281
+ INSERT INTO requests (blob_url, commit_sha, branch_name, repository_url, handler_path, secret, status)
282
+ VALUES (${blobUrl}, ${commitSha}, ${branchName}, ${repositoryUrl}, ${handlerPath}, ${secret}, 'captured')
279
283
  RETURNING id
280
284
  `;
281
285
  return row.id;
@@ -297,12 +301,15 @@ CREATE TABLE IF NOT EXISTS requests (
297
301
  branch_name TEXT,
298
302
  repository_url TEXT,
299
303
  handler_path TEXT,
304
+ secret TEXT,
300
305
  recording_id TEXT,
301
306
  status TEXT NOT NULL DEFAULT 'captured'
302
307
  CHECK (status IN ('captured', 'processing', 'recorded', 'failed')),
303
308
  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
304
309
  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
305
310
  );
311
+
312
+ CREATE INDEX IF NOT EXISTS idx_requests_secret ON requests (secret) WHERE secret IS NOT NULL;
306
313
  ```
307
314
 
308
315
  ### 4. Create a background function to produce recordings
@@ -434,6 +441,7 @@ export default createRecordingRequestHandler(
434
441
  {
435
442
  callbacks: remoteCallbacks(RECORDER_URL),
436
443
  handlerPath: "netlify/functions/create-order",
444
+ secret: process.env.NETLIFY_RECORDER_SECRET,
437
445
  }
438
446
  );
439
447
  ```
@@ -595,6 +603,7 @@ These must be set on your Netlify site. Your deploy script should resolve them f
595
603
  | `COMMIT_SHA` | Git commit hash of the deployed code | `git rev-parse HEAD` |
596
604
  | `BRANCH_NAME` | Git branch of the deployed code | `git rev-parse --abbrev-ref HEAD` |
597
605
  | `REPLAY_REPOSITORY_URL` | Git repository URL (no embedded credentials) | `git remote get-url origin` (strip tokens) |
606
+ | `NETLIFY_RECORDER_SECRET` | Secret for access control (strongly recommended) | `openssl rand -base64 32` — store in Netlify site env vars |
598
607
 
599
608
  ### Required for self-hosted recording (Option B)
600
609
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@replayio-app-building/netlify-recorder",
3
- "version": "0.15.5",
3
+ "version": "0.15.6",
4
4
  "description": "Capture and replay Netlify function executions as Replay recordings",
5
5
  "type": "module",
6
6
  "exports": {