@replayio-app-building/netlify-recorder 0.21.0 → 0.22.0

package/dist/index.d.ts

@@ -205,24 +205,6 @@ interface CreateRecordingRequestHandlerOptions extends FinishRequestOptions {
  */
 declare function createRecordingRequestHandler(handler: (event: NetlifyEvent | NetlifyV2Request, context?: unknown) => Promise<HandlerResponse>, options: CreateRecordingRequestHandlerOptions): (event: NetlifyEvent | NetlifyV2Request, context?: unknown) => Promise<HandlerResponse>;
 
-/**
- * Redacts sensitive environment variable values from blob data.
- *
- * This function performs two passes:
- *
- *  Pass 1 — Redact env reads:
- *    For each captured EnvRead whose value should be redacted,
- *    replace the value with a "*"-repeated string of the same length.
- *
- *  Pass 2 — Scrub the rest of the blob:
- *    Any redacted value that appears elsewhere in the blob data
- *    (network call headers, bodies, request info headers/body) is
- *    also replaced with the same mask. This prevents secrets from
- *    leaking through, e.g., an Authorization header that embeds
- *    an API key captured via process.env.
- *
- * The function returns a new BlobData object; the input is not mutated.
- */
 declare function redactBlobData(blobData: BlobData): BlobData;
 
 interface RecordingResult {

package/dist/index.js

@@ -417,11 +417,8 @@ function shouldRedact(key, value) {
   if (value === void 0 || value.length <= 8) return false;
   return true;
 }
-function replaceAll(text, searchValue, mask) {
-  return text.split(searchValue).join(mask);
-}
-function buildMask(value) {
-  return "*".repeat(value.length);
+function replaceAll(text, searchValue, replacement) {
+  return text.split(searchValue).join(replacement);
 }
 function buildPlaceholder(key) {
   if (key === "DATABASE_URL" || key.endsWith("_DATABASE_URL")) {
@@ -430,20 +427,18 @@ function buildPlaceholder(key) {
   return `placeholder_${key.toLowerCase()}`;
 }
 function redactBlobData(blobData) {
-  const redactions = /* @__PURE__ */ new Map();
-  const placeholders = /* @__PURE__ */ new Map();
+  const replacements = /* @__PURE__ */ new Map();
   const redactedEnvReads = blobData.capturedData.envReads.map(
     (read) => {
       if (shouldRedact(read.key, read.value) && read.value !== void 0) {
-        const mask = buildMask(read.value);
-        redactions.set(read.value, mask);
-        placeholders.set(read.value, buildPlaceholder(read.key));
-        return { ...read, value: mask };
+        const placeholder = buildPlaceholder(read.key);
+        replacements.set(read.value, placeholder);
+        return { ...read, value: placeholder };
       }
       return { ...read };
     }
   );
-  if (redactions.size === 0) {
+  if (replacements.size === 0) {
     return {
       ...blobData,
       capturedData: {
@@ -452,14 +447,14 @@ function redactBlobData(blobData) {
       }
     };
   }
-  const sortedRedactions = [...redactions.entries()].sort(
+  const sorted = [...replacements.entries()].sort(
     (a, b) => b[0].length - a[0].length
   );
   function scrub(text) {
     if (text === void 0) return void 0;
     let result = text;
-    for (const [original, mask] of sortedRedactions) {
-      result = replaceAll(result, original, mask);
+    for (const [original, placeholder] of sorted) {
+      result = replaceAll(result, original, placeholder);
     }
     return result;
   }
@@ -470,29 +465,11 @@ function redactBlobData(blobData) {
     }
     return out;
   }
-  const sortedPlaceholders = [...placeholders.entries()].sort(
-    (a, b) => b[0].length - a[0].length
-  );
-  function scrubForRequest(text) {
-    if (text === void 0) return void 0;
-    let result = text;
-    for (const [original, placeholder] of sortedPlaceholders) {
-      result = replaceAll(result, original, placeholder);
-    }
-    return result;
-  }
-  function scrubHeadersForRequest(headers) {
-    const out = {};
-    for (const [k, v] of Object.entries(headers)) {
-      out[k] = scrubForRequest(v) ?? v;
-    }
-    return out;
-  }
   const redactedRequestInfo = {
     ...blobData.requestInfo,
-    url: scrubForRequest(blobData.requestInfo.url) ?? blobData.requestInfo.url,
-    headers: scrubHeadersForRequest(blobData.requestInfo.headers),
-    body: scrubForRequest(blobData.requestInfo.body)
+    url: scrub(blobData.requestInfo.url) ?? blobData.requestInfo.url,
+    headers: scrubHeaders(blobData.requestInfo.headers),
+    body: scrub(blobData.requestInfo.body)
   };
   const redactedNetworkCalls = blobData.capturedData.networkCalls.map(
     (call) => ({
@@ -643,15 +620,6 @@ async function createRequestRecording(blobUrlOrData, handlerPath, requestInfo) {
   } else {
     blobData = blobUrlOrData;
   }
-  for (const read of blobData.capturedData.envReads) {
-    if (read.value && read.value.length > 8 && /^\*+$/.test(read.value)) {
-      if (read.key === "DATABASE_URL" || read.key.endsWith("_DATABASE_URL")) {
-        read.value = "postgresql://replay:replay@localhost:5432/replay";
-      } else {
-        read.value = `placeholder_${read.key.toLowerCase()}`;
-      }
-    }
-  }
   const networkHandle = installNetworkInterceptor(
     "replay",
     blobData.capturedData.networkCalls

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@replayio-app-building/netlify-recorder",
-  "version": "0.21.0",
+  "version": "0.22.0",
   "description": "Capture and replay Netlify function executions as Replay recordings",
   "type": "module",
   "exports": {