@unito/integration-sdk 1.0.26 → 1.0.28

package/dist/src/helpers.d.ts

@@ -10,6 +10,6 @@ import { Filter } from './index.js';
  * @param fields The schema of the item against which the filters are applied
  * @returns The validated filters
  */
-export declare const getApplicableFilters: (context: {
+export declare function getApplicableFilters(context: {
     filters: Filter[];
-}, fields: FieldSchema[]) => Filter[];
+}, fields: FieldSchema[]): Filter[];

package/dist/src/helpers.js

@@ -8,7 +8,7 @@
  * @param fields The schema of the item against which the filters are applied
  * @returns The validated filters
  */
-export const getApplicableFilters = (context, fields) => {
+export function getApplicableFilters(context, fields) {
     const applicableFilters = [];
     for (const filter of context.filters) {
         let field = undefined;
@@ -25,4 +25,4 @@ export const getApplicableFilters = (context, fields) => {
         }
     }
     return applicableFilters;
-};
+}

package/dist/src/index.cjs

@@ -34,6 +34,35 @@ var LogLevel;
     LogLevel["LOG"] = "log";
     LogLevel["DEBUG"] = "debug";
 })(LogLevel || (LogLevel = {}));
+/**
+ * See https://docs.datadoghq.com/logs/log_collection/?tab=host#custom-log-forwarding
+ * - Datadog Agent splits at 256kB (256000 bytes)...
+ * - ... but the same docs say that "for optimal performance, it is
+ *   recommended that an individual log be no greater than 25kB"
+ * -> Truncating at 25kB - a bit of wiggle room for metadata = 20kB.
+ */
+const MAX_LOG_MESSAGE_SIZE = parseInt(process.env.MAX_LOG_MESSAGE_SIZE ?? '20000', 10);
+const LOG_LINE_TRUNCATED_SUFFIX = ' - LOG LINE TRUNCATED';
+/**
+ * For *LogMeta* sanitization, we let in anything that was passed, except for clearly-problematic keys
+ */
+const LOGMETA_BLACKLIST = [
+    // Security
+    'access_token',
+    'bot_auth_code',
+    'client_secret',
+    'jwt',
+    'oauth_token',
+    'password',
+    'refresh_token',
+    'shared_secret',
+    'token',
+    // Privacy
+    'billing_email',
+    'email',
+    'first_name',
+    'last_name',
+];
 /**
  * Logger class that can be configured with metadata add creation and when logging to add additional context to your logs.
  */
@@ -113,20 +142,27 @@ class Logger {
         this.metadata = {};
     }
     send(logLevel, message, metadata) {
-        const processedMessage = this.snakifyKeys({
-            ...this.metadata,
-            ...metadata,
+        // We need to provide the date to Datadog. Otherwise, the date is set to when they receive the log.
+        const date = Date.now();
+        if (message.length > MAX_LOG_MESSAGE_SIZE) {
+            message = `${message.substring(0, MAX_LOG_MESSAGE_SIZE)}${LOG_LINE_TRUNCATED_SUFFIX}`;
+        }
+        let processedMetadata = Logger.snakifyKeys({ ...this.metadata, ...metadata, logMessageSize: message.length });
+        processedMetadata = Logger.pruneSensitiveMetadata(processedMetadata);
+        const processedLogs = {
+            ...processedMetadata,
             message,
+            date,
             status: logLevel,
-        });
+        };
         if (process.env.NODE_ENV === 'development') {
-            console[logLevel](JSON.stringify(processedMessage, null, 2));
+            console[logLevel](JSON.stringify(processedLogs, null, 2));
         }
         else {
-            console[logLevel](JSON.stringify(processedMessage));
+            console[logLevel](JSON.stringify(processedLogs));
         }
     }
-    snakifyKeys(value) {
+    static snakifyKeys(value) {
         const result = {};
         for (const key in value) {
             const deepValue = typeof value[key] === 'object' ? this.snakifyKeys(value[key]) : value[key];
@@ -135,6 +171,22 @@ class Logger {
         }
         return result;
     }
+    static pruneSensitiveMetadata(metadata, topLevelMeta) {
+        const prunedMetadata = {};
+        for (const key in metadata) {
+            if (LOGMETA_BLACKLIST.includes(key)) {
+                prunedMetadata[key] = '[REDACTED]';
+                (topLevelMeta ?? prunedMetadata).has_sensitive_attribute = true;
+            }
+            else if (typeof metadata[key] === 'object') {
+                prunedMetadata[key] = Logger.pruneSensitiveMetadata(metadata[key], topLevelMeta ?? prunedMetadata);
+            }
+            else {
+                prunedMetadata[key] = metadata[key];
+            }
+        }
+        return prunedMetadata;
+    }
 }
 
 /**
@@ -369,201 +421,6 @@ function buildHttpError(responseStatus, message) {
     return httpError;
 }
 
-const middleware$a = (req, res, next) => {
-    res.locals.correlationId = req.header('X-Unito-Correlation-Id') ?? crypto.randomUUID();
-    next();
-};
-
-const ADDITIONAL_CONTEXT_HEADER = 'X-Unito-Additional-Logging-Context';
-const middleware$9 = (req, res, next) => {
-    const logger = new Logger({ correlation_id: res.locals.correlationId });
-    res.locals.logger = logger;
-    const rawAdditionalContext = req.header(ADDITIONAL_CONTEXT_HEADER);
-    if (typeof rawAdditionalContext === 'string') {
-        try {
-            const additionalContext = JSON.parse(rawAdditionalContext);
-            logger.decorate(additionalContext);
-        }
-        catch (error) {
-            logger.warn(`Failed parsing header ${ADDITIONAL_CONTEXT_HEADER}: ${rawAdditionalContext}`);
-        }
-    }
-    next();
-};
-
-const CREDENTIALS_HEADER = 'X-Unito-Credentials';
-const middleware$8 = (req, res, next) => {
-    const credentialsHeader = req.header(CREDENTIALS_HEADER);
-    if (credentialsHeader) {
-        let credentials;
-        try {
-            credentials = JSON.parse(Buffer.from(credentialsHeader, 'base64').toString('utf8'));
-        }
-        catch {
-            throw new BadRequestError(`Malformed HTTP header ${CREDENTIALS_HEADER}`);
-        }
-        res.locals.credentials = credentials;
-    }
-    next();
-};
-
-const OPERATION_DEADLINE_HEADER = 'X-Unito-Operation-Deadline';
-const middleware$7 = (req, res, next) => {
-    const operationDeadlineHeader = Number(req.header(OPERATION_DEADLINE_HEADER));
-    if (operationDeadlineHeader) {
-        // `operationDeadlineHeader` represents a timestamp in the future, in seconds.
-        // We need to convert it to a number of milliseconds.
-        const deadline = operationDeadlineHeader * 1000 - Date.now();
-        if (deadline > 0) {
-            res.locals.signal = AbortSignal.timeout(deadline);
-        }
-        else {
-            throw new TimeoutError('Request already timed out upon reception');
-        }
-    }
-    else {
-        // Default to 20s, which is the maximum time frame allowed for an operation by Unito.
-        res.locals.signal = AbortSignal.timeout(20000);
-    }
-    next();
-};
-
-const SECRETS_HEADER = 'X-Unito-Secrets';
-const middleware$6 = (req, res, next) => {
-    const secretsHeader = req.header(SECRETS_HEADER);
-    if (secretsHeader) {
-        let secrets;
-        try {
-            secrets = JSON.parse(Buffer.from(secretsHeader, 'base64').toString('utf8'));
-        }
-        catch {
-            throw new BadRequestError(`Malformed HTTP header ${SECRETS_HEADER}`);
-        }
-        res.locals.secrets = secrets;
-    }
-    next();
-};
-
-// The operators are ordered by their symbol length, in descending order.
-// This is necessary because the symbol of an operator can be
-// a subset of the symbol of another operator.
-//
-// For example, the symbol "=" (EQUAL) is a subset of the symbol "!=" (NOT_EQUAL).
-const ORDERED_OPERATORS = Object.values(integrationApi.OperatorType).sort((o1, o2) => o1.length - o2.length);
-const middleware$5 = (req, res, next) => {
-    const rawFilters = req.query.filter;
-    res.locals.filters = [];
-    if (typeof rawFilters === 'string') {
-        for (const rawFilter of rawFilters.split(',')) {
-            for (const operator of ORDERED_OPERATORS) {
-                if (rawFilter.includes(operator)) {
-                    const [field, valuesRaw] = rawFilter.split(operator, 2);
-                    const values = valuesRaw ? valuesRaw.split('|').map(decodeURIComponent) : [];
-                    res.locals.filters.push({ field: field, operator, values });
-                    break;
-                }
-            }
-        }
-    }
-    next();
-};
-
-const middleware$4 = (req, res, next) => {
-    const rawSelect = req.query.select;
-    if (typeof rawSelect === 'string') {
-        res.locals.selects = rawSelect.split(',');
-    }
-    else {
-        res.locals.selects = [];
-    }
-    next();
-};
-
-const middleware$3 = (err, _req, res, next) => {
-    if (res.headersSent) {
-        return next(err);
-    }
-    let error;
-    if (err instanceof HttpError) {
-        error = {
-            code: err.status.toString(),
-            message: err.message,
-            details: {
-                stack: err.stack,
-            },
-        };
-    }
-    else {
-        error = {
-            code: '500',
-            message: 'Oops! Something went wrong',
-            originalError: {
-                code: err.name,
-                message: err.message,
-                details: {
-                    stack: err.stack,
-                },
-            },
-        };
-    }
-    res.locals.error = structuredClone(error);
-    // Keep the stack details in development for the Debugger
-    if (process.env.NODE_ENV !== 'development') {
-        delete error.details;
-        delete error.originalError?.details;
-    }
-    res.status(Number(error.code)).json(error);
-};
-
-const middleware$2 = (req, res, next) => {
-    if (req.originalUrl !== '/health') {
-        res.on('finish', function () {
-            const error = res.locals.error;
-            const durationInNs = Number(process.hrtime.bigint() - res.locals.requestStartTime);
-            const durationInMs = (durationInNs / 1_000_000) | 0;
-            const message = `${req.method} ${req.originalUrl} ${res.statusCode} - ${durationInMs} ms`;
-            const metadata = {
-                duration: durationInNs,
-                // Use reserved and standard attributes of Datadog
-                // https://app.datadoghq.com/logs/pipelines/standard-attributes
-                http: { method: req.method, status_code: res.statusCode, url_details: { path: req.originalUrl } },
-                ...(error
-                    ? {
-                        error: {
-                            kind: error.message,
-                            stack: (error.originalError?.details?.stack ?? error.details?.stack),
-                            message: error.originalError?.message ?? error.message,
-                        },
-                    }
-                    : {}),
-            };
-            if ([404, 429].includes(res.statusCode)) {
-                res.locals.logger.warn(message, metadata);
-            }
-            else if (res.statusCode >= 400) {
-                res.locals.logger.error(message, metadata);
-            }
-            else {
-                res.locals.logger.info(message, metadata);
-            }
-        });
-    }
-    next();
-};
-
-const middleware$1 = (req, res, _next) => {
-    const error = {
-        code: '404',
-        message: `Path ${req.path} not found.`,
-    };
-    res.status(404).json(error);
-};
-
-const middleware = (_, res, next) => {
-    res.locals.requestStartTime = process.hrtime.bigint();
-    next();
-};
-
 function assertValidPath(path) {
     if (!path.startsWith('/')) {
         throw new InvalidHandler(`The provided path '${path}' is invalid. All paths must start with a '/'.`);
@@ -896,6 +753,201 @@ class Handler {
     }
 }
 
+function extractCorrelationId(req, res, next) {
+    res.locals.correlationId = req.header('X-Unito-Correlation-Id') ?? crypto.randomUUID();
+    next();
+}
+
+const CREDENTIALS_HEADER = 'X-Unito-Credentials';
+function extractCredentials(req, res, next) {
+    const credentialsHeader = req.header(CREDENTIALS_HEADER);
+    if (credentialsHeader) {
+        let credentials;
+        try {
+            credentials = JSON.parse(Buffer.from(credentialsHeader, 'base64').toString('utf8'));
+        }
+        catch {
+            throw new BadRequestError(`Malformed HTTP header ${CREDENTIALS_HEADER}`);
+        }
+        res.locals.credentials = credentials;
+    }
+    next();
+}
+
+function onError(err, _req, res, next) {
+    if (res.headersSent) {
+        return next(err);
+    }
+    let error;
+    if (err instanceof HttpError) {
+        error = {
+            code: err.status.toString(),
+            message: err.message,
+            details: {
+                stack: err.stack,
+            },
+        };
+    }
+    else {
+        error = {
+            code: '500',
+            message: 'Oops! Something went wrong',
+            originalError: {
+                code: err.name,
+                message: err.message,
+                details: {
+                    stack: err.stack,
+                },
+            },
+        };
+    }
+    res.locals.error = structuredClone(error);
+    // Keep the stack details in development for the Debugger
+    if (process.env.NODE_ENV !== 'development') {
+        delete error.details;
+        delete error.originalError?.details;
+    }
+    res.status(Number(error.code)).json(error);
+}
+
+// The operators are ordered by their symbol length, in descending order.
+// This is necessary because the symbol of an operator can be
+// a subset of the symbol of another operator.
+//
+// For example, the symbol "=" (EQUAL) is a subset of the symbol "!=" (NOT_EQUAL).
+const ORDERED_OPERATORS = Object.values(integrationApi.OperatorType).sort((o1, o2) => o2.length - o1.length);
+function extractFilters(req, res, next) {
+    const rawFilters = req.query.filter;
+    res.locals.filters = [];
+    if (typeof rawFilters === 'string') {
+        for (const rawFilter of rawFilters.split(',')) {
+            for (const operator of ORDERED_OPERATORS) {
+                if (rawFilter.includes(operator)) {
+                    const [field, valuesRaw] = rawFilter.split(operator, 2);
+                    const values = valuesRaw ? valuesRaw.split('|').map(decodeURIComponent) : [];
+                    res.locals.filters.push({ field: field, operator, values });
+                    break;
+                }
+            }
+        }
+    }
+    next();
+}
+
+function onFinish(req, res, next) {
+    if (req.originalUrl !== '/health') {
+        res.on('finish', function () {
+            const error = res.locals.error;
+            const durationInNs = Number(process.hrtime.bigint() - res.locals.requestStartTime);
+            const durationInMs = (durationInNs / 1_000_000) | 0;
+            const message = `${req.method} ${req.originalUrl} ${res.statusCode} - ${durationInMs} ms`;
+            const metadata = {
+                duration: durationInNs,
+                // Use reserved and standard attributes of Datadog
+                // https://app.datadoghq.com/logs/pipelines/standard-attributes
+                http: { method: req.method, status_code: res.statusCode, url_details: { path: req.originalUrl } },
+                ...(error
+                    ? {
+                        error: {
+                            kind: error.message,
+                            stack: (error.originalError?.details?.stack ?? error.details?.stack),
+                            message: error.originalError?.message ?? error.message,
+                        },
+                    }
+                    : {}),
+            };
+            if ([404, 429].includes(res.statusCode)) {
+                res.locals.logger.warn(message, metadata);
+            }
+            else if (res.statusCode >= 400) {
+                res.locals.logger.error(message, metadata);
+            }
+            else {
+                res.locals.logger.info(message, metadata);
+            }
+        });
+    }
+    next();
+}
+
+function notFound(req, res, _next) {
+    const error = {
+        code: '404',
+        message: `Path ${req.path} not found.`,
+    };
+    res.status(404).json(error);
+}
+
+const ADDITIONAL_CONTEXT_HEADER = 'X-Unito-Additional-Logging-Context';
+function injectLogger(req, res, next) {
+    const logger = new Logger({ correlation_id: res.locals.correlationId });
+    res.locals.logger = logger;
+    const rawAdditionalContext = req.header(ADDITIONAL_CONTEXT_HEADER);
+    if (typeof rawAdditionalContext === 'string') {
+        try {
+            const additionalContext = JSON.parse(rawAdditionalContext);
+            logger.decorate(additionalContext);
+        }
+        catch (error) {
+            logger.warn(`Failed parsing header ${ADDITIONAL_CONTEXT_HEADER}: ${rawAdditionalContext}`);
+        }
+    }
+    next();
+}
+
+function start(_, res, next) {
+    res.locals.requestStartTime = process.hrtime.bigint();
+    next();
+}
+
+const SECRETS_HEADER = 'X-Unito-Secrets';
+function extractSecrets(req, res, next) {
+    const secretsHeader = req.header(SECRETS_HEADER);
+    if (secretsHeader) {
+        let secrets;
+        try {
+            secrets = JSON.parse(Buffer.from(secretsHeader, 'base64').toString('utf8'));
+        }
+        catch {
+            throw new BadRequestError(`Malformed HTTP header ${SECRETS_HEADER}`);
+        }
+        res.locals.secrets = secrets;
+    }
+    next();
+}
+
+function extractSelects(req, res, next) {
+    const rawSelect = req.query.select;
+    if (typeof rawSelect === 'string') {
+        res.locals.selects = rawSelect.split(',');
+    }
+    else {
+        res.locals.selects = [];
+    }
+    next();
+}
+
+const OPERATION_DEADLINE_HEADER = 'X-Unito-Operation-Deadline';
+function extractOperationDeadline(req, res, next) {
+    const operationDeadlineHeader = Number(req.header(OPERATION_DEADLINE_HEADER));
+    if (operationDeadlineHeader) {
+        // `operationDeadlineHeader` represents a timestamp in the future, in seconds.
+        // We need to convert it to a number of milliseconds.
+        const deadline = operationDeadlineHeader * 1000 - Date.now();
+        if (deadline > 0) {
+            res.locals.signal = AbortSignal.timeout(deadline);
+        }
+        else {
+            throw new TimeoutError('Request already timed out upon reception');
+        }
+    }
+    else {
+        // Default to 20s, which is the maximum time frame allowed for an operation by Unito.
+        res.locals.signal = AbortSignal.timeout(20000);
+    }
+    next();
+}
+
 function printErrorMessage(message) {
     console.error();
     console.error(`\x1b[31m Oops! Something went wrong! \x1b[0m`);
@@ -997,11 +1049,11 @@ class Integration {
         app.set('query parser', 'extended');
         app.use(express.json());
         // Must be one of the first handlers (to catch all the errors).
-        app.use(middleware$2);
+        app.use(onFinish);
         // Instantiate internal middlewares.
-        app.use(middleware);
-        app.use(middleware$a);
-        app.use(middleware$9);
+        app.use(start);
+        app.use(extractCorrelationId);
+        app.use(injectLogger);
         // Making sure we log all incoming requests (except to '/health'), prior any processing.
         app.use((req, res, next) => {
             if (req.originalUrl !== '/health') {
@@ -1011,11 +1063,11 @@ class Integration {
         });
         // Instantiate application middlewares. These can throw, so they have an implicit dependency on the internal
         // middlewares such as the logger, the correlationId, and the error handling.
-        app.use(middleware$8);
-        app.use(middleware$6);
-        app.use(middleware$5);
-        app.use(middleware$4);
-        app.use(middleware$7);
+        app.use(extractCredentials);
+        app.use(extractSecrets);
+        app.use(extractFilters);
+        app.use(extractSelects);
+        app.use(extractOperationDeadline);
         // Load handlers as needed.
         if (this.handlers.length) {
             for (const handler of this.handlers) {
@@ -1031,9 +1083,9 @@ class Integration {
             process.exit(1);
         }
         // Must be the (last - 1) handler.
-        app.use(middleware$3);
+        app.use(onError);
         // Must be the last handler.
-        app.use(middleware$1);
+        app.use(notFound);
         // Start the server.
         this.instance = app.listen(this.port, () => console.info(`Server started on port ${this.port}.`));
     }
@@ -1358,7 +1410,7 @@ class Provider {
  * @param fields The schema of the item against which the filters are applied
  * @returns The validated filters
  */
-const getApplicableFilters = (context, fields) => {
+function getApplicableFilters(context, fields) {
     const applicableFilters = [];
     for (const filter of context.filters) {
         let field = undefined;
@@ -1375,7 +1427,7 @@ const getApplicableFilters = (context, fields) => {
         }
     }
     return applicableFilters;
-};
+}
 
 exports.Api = integrationApi__namespace;
 exports.Cache = Cache;

package/dist/src/integration.js

@@ -1,17 +1,17 @@
 import express from 'express';
 import { InvalidHandler } from './errors.js';
+import { Handler } from './handler.js';
 import correlationIdMiddleware from './middlewares/correlationId.js';
-import loggerMiddleware from './middlewares/logger.js';
 import credentialsMiddleware from './middlewares/credentials.js';
-import signalMiddleware from './middlewares/signal.js';
-import secretsMiddleware from './middlewares/secrets.js';
-import filtersMiddleware from './middlewares/filters.js';
-import selectsMiddleware from './middlewares/selects.js';
 import errorsMiddleware from './middlewares/errors.js';
+import filtersMiddleware from './middlewares/filters.js';
 import finishMiddleware from './middlewares/finish.js';
 import notFoundMiddleware from './middlewares/notFound.js';
-import requestStartTimeMiddleware from './middlewares/requestStartTime.js';
-import { Handler } from './handler.js';
+import loggerMiddleware from './middlewares/logger.js';
+import startMiddleware from './middlewares/start.js';
+import secretsMiddleware from './middlewares/secrets.js';
+import selectsMiddleware from './middlewares/selects.js';
+import signalMiddleware from './middlewares/signal.js';
 function printErrorMessage(message) {
     console.error();
     console.error(`\x1b[31m Oops! Something went wrong! \x1b[0m`);
@@ -115,7 +115,7 @@ export default class Integration {
         // Must be one of the first handlers (to catch all the errors).
         app.use(finishMiddleware);
         // Instantiate internal middlewares.
-        app.use(requestStartTimeMiddleware);
+        app.use(startMiddleware);
         app.use(correlationIdMiddleware);
         app.use(loggerMiddleware);
         // Making sure we log all incoming requests (except to '/health'), prior any processing.

package/dist/src/middlewares/correlationId.d.ts

@@ -6,5 +6,5 @@ declare global {
         }
     }
 }
-declare const middleware: (req: Request, res: Response, next: NextFunction) => void;
-export default middleware;
+declare function extractCorrelationId(req: Request, res: Response, next: NextFunction): void;
+export default extractCorrelationId;

package/dist/src/middlewares/correlationId.js

@@ -1,6 +1,6 @@
 import crypto from 'crypto';
-const middleware = (req, res, next) => {
+function extractCorrelationId(req, res, next) {
     res.locals.correlationId = req.header('X-Unito-Correlation-Id') ?? crypto.randomUUID();
     next();
-};
-export default middleware;
+}
+export default extractCorrelationId;

package/dist/src/middlewares/credentials.d.ts

@@ -10,5 +10,5 @@ export type Credentials = {
     accessToken?: string;
     [keys: string]: unknown;
 };
-declare const middleware: (req: Request, res: Response, next: NextFunction) => void;
-export default middleware;
+declare function extractCredentials(req: Request, res: Response, next: NextFunction): void;
+export default extractCredentials;

package/dist/src/middlewares/credentials.js

@@ -1,6 +1,6 @@
 import { BadRequestError } from '../httpErrors.js';
 const CREDENTIALS_HEADER = 'X-Unito-Credentials';
-const middleware = (req, res, next) => {
+function extractCredentials(req, res, next) {
     const credentialsHeader = req.header(CREDENTIALS_HEADER);
     if (credentialsHeader) {
         let credentials;
@@ -13,5 +13,5 @@ const middleware = (req, res, next) => {
         res.locals.credentials = credentials;
     }
     next();
-};
-export default middleware;
+}
+export default extractCredentials;

package/dist/src/middlewares/errors.d.ts

@@ -7,5 +7,5 @@ declare global {
         }
     }
 }
-declare const middleware: (err: Error, _req: Request, res: Response, next: NextFunction) => void;
-export default middleware;
+declare function onError(err: Error, _req: Request, res: Response, next: NextFunction): void;
+export default onError;

package/dist/src/middlewares/errors.js

@@ -1,5 +1,5 @@
 import { HttpError } from '../httpErrors.js';
-const middleware = (err, _req, res, next) => {
+function onError(err, _req, res, next) {
     if (res.headersSent) {
         return next(err);
     }
@@ -33,5 +33,5 @@ const middleware = (err, _req, res, next) => {
         delete error.originalError?.details;
     }
     res.status(Number(error.code)).json(error);
-};
-export default middleware;
+}
+export default onError;