@riocrypto/common-server 1.0.2711 → 1.0.2713

package/build/clients/axios-with-logging.js

@@ -21,9 +21,7 @@ function buildAxiosWithLogging() {
         "csrf",
     ];
     function maskHeaderValue(value) {
-        return value.length > 4
-            ? "*".repeat(value.length - 4) + value.slice(-4)
-            : value;
+        return value.length > 2 ? "*".repeat(12) + value.slice(-2) : "************";
     }
     // Masking function - masks any header containing a sensitive substring
     function maskHeaders(headers) {

package/build/index.d.ts

@@ -117,6 +117,7 @@ export * from "./models/compliance-bot-chat";
 export * from "./models/compliance-bot-rule";
 export * from "./models/compliance-bot-rule-result";
 export * from "./models/static-bank-payment-reference";
+export * from "./models/indicative-quote-page";
 export * from "./clients/axios-with-logging";
 export * from "./clients/slack-client";
 export * from "./clients/fireblocks-client";

package/build/index.js

@@ -133,6 +133,7 @@ __exportStar(require("./models/compliance-bot-chat"), exports);
 __exportStar(require("./models/compliance-bot-rule"), exports);
 __exportStar(require("./models/compliance-bot-rule-result"), exports);
 __exportStar(require("./models/static-bank-payment-reference"), exports);
+__exportStar(require("./models/indicative-quote-page"), exports);
 __exportStar(require("./clients/axios-with-logging"), exports);
 __exportStar(require("./clients/slack-client"), exports);
 __exportStar(require("./clients/fireblocks-client"), exports);

package/build/models/indicative-quote-page.d.ts

@@ -0,0 +1,24 @@
+import { IndicativeQuotePageQuoteConfig } from "@riocrypto/common";
+import { Mongoose, Model, Document } from "mongoose";
+interface IndicativeQuotePageAttrs {
+    userId: string;
+    quotes: IndicativeQuotePageQuoteConfig[];
+    allowedIPs: string[];
+    createdBy: string;
+    createdAt: Date;
+    updatedAt: Date;
+}
+interface IndicativeQuotePageModel extends Model<IndicativeQuotePageDoc> {
+    build(attrs: IndicativeQuotePageAttrs): IndicativeQuotePageDoc;
+}
+interface IndicativeQuotePageDoc extends Document {
+    _id: string;
+    userId: string;
+    quotes: IndicativeQuotePageQuoteConfig[];
+    allowedIPs: string[];
+    createdBy: string;
+    createdAt: Date;
+    updatedAt: Date;
+}
+declare const buildIndicativeQuotePage: (mongoose: Mongoose) => IndicativeQuotePageModel;
+export { buildIndicativeQuotePage, IndicativeQuotePageDoc, IndicativeQuotePageAttrs };

package/build/models/indicative-quote-page.js

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildIndicativeQuotePage = void 0;
+const common_1 = require("@riocrypto/common");
+const buildIndicativeQuotePage = (mongoose) => {
+    if (mongoose.models.PublicQuotePage) {
+        return mongoose.model("PublicQuotePage");
+    }
+    const QuoteConfigSchema = new mongoose.Schema({
+        side: {
+            type: String,
+            required: true,
+            enum: Object.values(common_1.Side),
+        },
+        crypto: {
+            type: String,
+            required: true,
+            enum: Object.values(common_1.Crypto),
+        },
+        fiat: {
+            type: String,
+            required: true,
+            enum: Object.values(common_1.Fiat),
+        },
+        country: {
+            type: String,
+            required: true,
+            enum: Object.values(common_1.Country),
+        },
+        amountFiat: {
+            type: Number,
+        },
+        amountCrypto: {
+            type: Number,
+        },
+    }, { _id: false });
+    const IndicativeQuotePageSchema = new mongoose.Schema({
+        userId: {
+            type: String,
+            required: true,
+        },
+        quotes: {
+            type: [QuoteConfigSchema],
+            required: true,
+        },
+        allowedIPs: {
+            type: [String],
+            required: true,
+        },
+        createdBy: {
+            type: String,
+            required: true,
+        },
+        createdAt: {
+            type: Date,
+            required: true,
+        },
+        updatedAt: {
+            type: Date,
+            required: true,
+        },
+    }, {
+        toJSON: {
+            transform(doc, ret) {
+                ret.id = ret._id.valueOf();
+                delete ret._id;
+                delete ret.__v;
+            },
+        },
+    });
+    IndicativeQuotePageSchema.statics.build = (attrs) => {
+        return new IndicativeQuotePage(attrs);
+    };
+    const IndicativeQuotePage = mongoose.model("PublicQuotePage", IndicativeQuotePageSchema);
+    return IndicativeQuotePage;
+};
+exports.buildIndicativeQuotePage = buildIndicativeQuotePage;

package/build/services/logger.d.ts

@@ -2,10 +2,18 @@ import { Logger } from "winston";
 declare class LoggerService {
     private logger;
     constructor();
+    private sensitiveSubstrings;
+    private isSensitiveKey;
     private maskValue;
+    private deepMaskSensitiveKeys;
     private maskSensitiveData;
     private requestMethodFilter;
     private handleCustomErrorFormat;
+    private sanitizeArg;
+    private sensitiveStringPatterns;
+    private maskSensitiveString;
+    private setupConsoleMasking;
+    private setupStreamMasking;
     getLogger(): Logger;
     initLogger(): Promise<void>;
 }

package/build/services/logger.js

@@ -8,33 +8,43 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const common_1 = require("@riocrypto/common");
 const winston_1 = require("winston");
 class LoggerService {
     constructor() {
+        this.sensitiveSubstrings = [
+            "key",
+            "token",
+            "secret",
+            "auth",
+            "sign",
+            "password",
+            "private",
+            "credential",
+            "passphrase",
+            "csrf",
+        ];
         this.maskSensitiveData = (0, winston_1.format)((info) => {
             var _a, _b, _c, _d, _e;
             // Mask sensitive headers
             if ((_b = (_a = info.meta) === null || _a === void 0 ? void 0 : _a.req) === null || _b === void 0 ? void 0 : _b.headers) {
                 // Use optional chaining
                 const headers = info.meta.req.headers;
-                const sensitiveSubstrings = [
-                    "key",
-                    "token",
-                    "secret",
-                    "auth",
-                    "sign",
-                    "password",
-                    "private",
-                    "credential",
-                    "passphrase",
-                    "csrf",
-                ];
                 // Mask any header containing a sensitive substring
                 Object.keys(headers).forEach((headerKey) => {
-                    const lower = headerKey.toLowerCase();
-                    if (sensitiveSubstrings.some((sub) => lower.includes(sub))) {
+                    if (this.isSensitiveKey(headerKey)) {
                         headers[headerKey] = this.maskValue(String(headers[headerKey]));
                     }
                 });
@@ -152,22 +162,131 @@ class LoggerService {
                 if (typeof info.message === "object") {
                     info.message = error.message;
                 }
+                // Deep mask the error object to catch SDK errors with embedded configs/headers
                 if ((_c = info.meta) === null || _c === void 0 ? void 0 : _c.err) {
-                    // Use optional chaining
-                    delete info.meta.err;
+                    info.meta.err = this.deepMaskSensitiveKeys(info.meta.err);
                 }
             }
+            // Deep mask the entire meta object to catch any remaining sensitive data
+            if (info.meta) {
+                const _d = info.meta, { req, res } = _d, rest = __rest(_d, ["req", "res"]);
+                // req/res are already handled above, deep mask everything else (error objects, SDK responses, etc.)
+                const masked = this.deepMaskSensitiveKeys(rest);
+                info.meta = Object.assign(Object.assign({}, info.meta), masked);
+            }
             return info;
         });
+        // Pre-compiled regex patterns for string masking
+        this.sensitiveStringPatterns = [
+            // Quoted keys: "Authorization":"value" or "api-key": "value"
+            new RegExp(`("(?:[^"]*(?:${this.sensitiveSubstrings.join("|")})[^"]*)"\\s*[:=]\\s*"?)([^",}\\s]+)`, "gi"),
+            // Unquoted keys: Authorization: value, apiKey=value, api_key: value
+            new RegExp(`((?:^|[\\s,;{])(?:[\\w-]*(?:${this.sensitiveSubstrings.join("|")})[\\w-]*)\\s*[:=]\\s*"?)([^",}\\s;]+)`, "gi"),
+            // Bearer tokens: Bearer <token>
+            /(\bBearer\s+)([^\s,;"]+)/gi,
+        ];
         this.logger = null;
+        this.setupConsoleMasking();
+        this.setupStreamMasking();
+    }
+    isSensitiveKey(key) {
+        const lower = key.toLowerCase();
+        return this.sensitiveSubstrings.some((sub) => lower.includes(sub));
     }
     maskValue(value, showLastFour = false) {
         if (showLastFour) {
-            return value.length > 4 ? "*".repeat(12) + value.slice(-4) : value;
+            return value.length > 4 ? "*".repeat(12) + value.slice(-4) : "************";
+        }
+        return value.length > 2 ? "*".repeat(12) + value.slice(-2) : "************";
+    }
+    deepMaskSensitiveKeys(obj, seen = new WeakSet()) {
+        if (obj === null || obj === undefined)
+            return obj;
+        if (typeof obj !== "object")
+            return obj;
+        if (seen.has(obj))
+            return "[Circular]";
+        seen.add(obj);
+        if (Array.isArray(obj)) {
+            return obj.map((item) => this.deepMaskSensitiveKeys(item, seen));
         }
-        else {
-            return "************";
+        const result = {};
+        for (const key of Object.keys(obj)) {
+            const value = obj[key];
+            if (this.isSensitiveKey(key) && typeof value === "string") {
+                result[key] = this.maskValue(value);
+            }
+            else if (typeof value === "object" && value !== null) {
+                result[key] = this.deepMaskSensitiveKeys(value, seen);
+            }
+            else {
+                result[key] = value;
+            }
         }
+        return result;
+    }
+    sanitizeArg(arg) {
+        if (arg === null || arg === undefined)
+            return arg;
+        if (typeof arg === "string") {
+            return this.maskSensitiveString(arg);
+        }
+        if (arg instanceof Error) {
+            const masked = this.deepMaskSensitiveKeys(Object.assign(Object.assign({}, arg), { message: arg.message, stack: arg.stack }));
+            const sanitizedError = new Error(this.maskSensitiveString(masked.message));
+            sanitizedError.stack = this.maskSensitiveString(masked.stack || "");
+            Object.assign(sanitizedError, masked);
+            return sanitizedError;
+        }
+        if (typeof arg === "object") {
+            return this.deepMaskSensitiveKeys(arg);
+        }
+        return arg;
+    }
+    maskSensitiveString(str) {
+        let result = str;
+        for (const pattern of this.sensitiveStringPatterns) {
+            pattern.lastIndex = 0;
+            result = result.replace(pattern, (_match, prefix, value) => {
+                if (value.length > 2) {
+                    return `${prefix}************${value.slice(-2)}`;
+                }
+                return `${prefix}************`;
+            });
+        }
+        return result;
+    }
+    setupConsoleMasking() {
+        const originalConsole = {
+            log: console.log.bind(console),
+            error: console.error.bind(console),
+            warn: console.warn.bind(console),
+            info: console.info.bind(console),
+        };
+        const sanitize = (...args) => args.map((arg) => this.sanitizeArg(arg));
+        console.log = (...args) => originalConsole.log(...sanitize(...args));
+        console.error = (...args) => originalConsole.error(...sanitize(...args));
+        console.warn = (...args) => originalConsole.warn(...sanitize(...args));
+        console.info = (...args) => originalConsole.info(...sanitize(...args));
+    }
+    setupStreamMasking() {
+        const originalStdoutWrite = process.stdout.write.bind(process.stdout);
+        const originalStderrWrite = process.stderr.write.bind(process.stderr);
+        const maskChunk = (chunk) => {
+            if (typeof chunk === "string") {
+                return this.maskSensitiveString(chunk);
+            }
+            if (Buffer.isBuffer(chunk)) {
+                return Buffer.from(this.maskSensitiveString(chunk.toString("utf8")));
+            }
+            return chunk;
+        };
+        process.stdout.write = (chunk, ...args) => {
+            return originalStdoutWrite(maskChunk(chunk), ...args);
+        };
+        process.stderr.write = (chunk, ...args) => {
+            return originalStderrWrite(maskChunk(chunk), ...args);
+        };
     }
     getLogger() {
         if (!this.logger) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@riocrypto/common-server",
-  "version": "1.0.2711",
+  "version": "1.0.2713",
   "description": "",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",
@@ -28,7 +28,7 @@
     "@google-cloud/secret-manager": "^5.3.0",
     "@google-cloud/storage": "^6.9.5",
     "@hyperdx/node-opentelemetry": "^0.7.0",
-    "@riocrypto/common": "^1.0.2510",
+    "@riocrypto/common": "^1.0.2511",
     "@types/express": "^4.17.13",
     "axios": "^1.7.4",
     "crypto-js": "^4.2.0",