@yoooclaw/phone-notifications 1.11.6 → 1.11.7

package/dist/index.cjs

@@ -5574,7 +5574,7 @@ function readBuildInjectedVersion() {
   if (false) {
     return void 0;
   }
-  const version = "1.11.6".trim();
+  const version = "1.11.7".trim();
   return version || void 0;
 }
 function readPluginVersionFromPackageJson() {
@@ -5594,6 +5594,78 @@ var PLUGIN_VERSION = readBuildInjectedVersion() ?? readPluginVersionFromPackageJ
 // src/logger.ts
 var DEFAULT_LOG_RETENTION_DAYS = 30;
 var DAY_MS = 24 * 60 * 60 * 1e3;
+var REDACTED = "[redacted]";
+var REDACTED_SECRET = "[redacted-secret]";
+var REDACTED_URL = "[redacted-url]";
+var SECRET_KEYS = [
+  "apiKey",
+  "api_key",
+  "appKey",
+  "authorization",
+  "password",
+  "secret",
+  "token",
+  "accessToken",
+  "refreshToken",
+  "gatewayToken",
+  "gatewayPassword",
+  "apnsToken",
+  "deviceToken",
+  "X-Api-Key-Id",
+  "x-api-key-id",
+  "x-openclaw-password"
+];
+var USER_TEXT_KEYS = [
+  "accountId",
+  "body",
+  "content",
+  "conversationName",
+  "deviceId",
+  "loginAccount",
+  "metadata",
+  "name",
+  "raw",
+  "rawResponse",
+  "reason",
+  "recordResult",
+  "recordingName",
+  "resBody",
+  "response",
+  "senderName",
+  "sourceText",
+  "sourceTextList",
+  "summary",
+  "summaryResult",
+  "summaryText",
+  "text",
+  "title",
+  "transcript",
+  "transcriptData",
+  "userId"
+];
+var USER_URL_KEYS = [
+  "audio",
+  "audioOssUrl",
+  "fileUrl",
+  "oss_audio_url",
+  "oss_srt_url",
+  "srt",
+  "url"
+];
+var SENSITIVE_QUERY_KEYS = [
+  "access_token",
+  "api_key",
+  "apikey",
+  "authorization",
+  "fileUrl",
+  "password",
+  "refresh_token",
+  "secret",
+  "signature",
+  "token",
+  "x-api-key-id",
+  "x-oss-security-token"
+];
 function isBetaPluginVersion(version = PLUGIN_VERSION) {
   return /\bbeta\b/i.test(version);
 }
@@ -5602,13 +5674,14 @@ function createVersionAwareLogger(upstream, options = {}) {
     return upstream;
   }
   return {
-    info() {
+    info(msg) {
+      upstream.info(redactLogMessage(msg));
     },
     warn(msg) {
-      upstream.warn(msg);
+      upstream.warn(redactLogMessage(msg));
     },
     error(msg) {
-      upstream.error(msg);
+      upstream.error(redactLogMessage(msg));
     }
   };
 }
@@ -5616,7 +5689,7 @@ var PluginFileLogger = class {
   constructor(upstream, stateDir, options = {}) {
     this.upstream = upstream;
     this.logsDir = (0, import_node_path.join)(stateDir, "plugins", "phone-notifications", "logs");
-    this.infoEnabled = isBetaPluginVersion(options.version ?? PLUGIN_VERSION);
+    this.redactLogs = !isBetaPluginVersion(options.version ?? PLUGIN_VERSION);
     this.retentionDays = Number.isFinite(options.retentionDays) && (options.retentionDays ?? 0) > 0 ? options.retentionDays : DEFAULT_LOG_RETENTION_DAYS;
     (0, import_node_fs2.mkdirSync)(this.logsDir, { recursive: true });
     const now = /* @__PURE__ */ new Date();
@@ -5624,24 +5697,27 @@ var PluginFileLogger = class {
     this.lastPruneDateKey = formatDate(now);
   }
   logsDir;
-  infoEnabled;
+  redactLogs;
   retentionDays;
   lastPruneDateKey = null;
   info(msg) {
     this.prepareLogDate(/* @__PURE__ */ new Date());
-    if (!this.infoEnabled) {
-      return;
-    }
-    this.upstream.info(msg);
-    this.append("INFO", msg);
+    const safeMsg = this.formatLogMessage(msg);
+    this.upstream.info(safeMsg);
+    this.append("INFO", safeMsg);
   }
   warn(msg) {
-    this.upstream.warn(msg);
-    this.append("WARN", msg);
+    const safeMsg = this.formatLogMessage(msg);
+    this.upstream.warn(safeMsg);
+    this.append("WARN", safeMsg);
   }
   error(msg) {
-    this.upstream.error(msg);
-    this.append("ERROR", msg);
+    const safeMsg = this.formatLogMessage(msg);
+    this.upstream.error(safeMsg);
+    this.append("ERROR", safeMsg);
+  }
+  formatLogMessage(msg) {
+    return this.redactLogs ? redactLogMessage(msg) : msg;
   }
   append(level, msg) {
     const now = /* @__PURE__ */ new Date();
@@ -5677,6 +5753,188 @@ var PluginFileLogger = class {
     }
   }
 };
+function redactLogMessage(msg) {
+  let redacted = String(msg);
+  redacted = redactQuotedObjectFields(redacted, SECRET_KEYS, REDACTED_SECRET);
+  redacted = redactQuotedObjectFields(redacted, USER_TEXT_KEYS, REDACTED);
+  redacted = redactQuotedObjectFields(redacted, USER_URL_KEYS, REDACTED_URL);
+  redacted = redactStructuredKeyValueFields(
+    redacted,
+    SECRET_KEYS,
+    REDACTED_SECRET
+  );
+  redacted = redactStructuredKeyValueFields(redacted, USER_TEXT_KEYS, REDACTED);
+  redacted = redactStructuredKeyValueFields(redacted, USER_URL_KEYS, REDACTED_URL);
+  redacted = redactKeyValueFields(redacted, SECRET_KEYS, REDACTED_SECRET);
+  redacted = redactKeyValueFields(redacted, USER_TEXT_KEYS, REDACTED);
+  redacted = redactKeyValueFields(redacted, USER_URL_KEYS, REDACTED_URL);
+  redacted = redactColonTextFields(redacted, SECRET_KEYS, REDACTED_SECRET);
+  redacted = redactColonTextFields(redacted, USER_TEXT_KEYS, REDACTED);
+  redacted = redactQueryParams(redacted, SENSITIVE_QUERY_KEYS);
+  redacted = redactBearerTokens(redacted);
+  redacted = redactLikelyUserUrls(redacted);
+  redacted = redactEmails(redacted);
+  redacted = redactPhoneNumbers(redacted);
+  redacted = redactJwtTokens(redacted);
+  redacted = redactLongHexTokens(redacted);
+  return redacted;
+}
+function redactQuotedObjectFields(input, keys, placeholder) {
+  const keyPattern = buildKeyPattern(keys);
+  return input.replace(
+    new RegExp(
+      `(["'])(${keyPattern})\\1\\s*:\\s*(?:"(?:\\\\.|[^"\\\\])*"|'(?:\\\\.|[^'\\\\])*'|[^,}\\]]+)`,
+      "gi"
+    ),
+    (_match, quote, key) => `${quote}${key}${quote}: "${placeholder}"`
+  );
+}
+function redactKeyValueFields(input, keys, placeholder) {
+  const keyPattern = buildKeyPattern(keys);
+  return input.replace(
+    new RegExp(
+      `(?<![?&])\\b(${keyPattern})\\s*=\\s*(?:Bearer\\s+[^,\\s)]+|"(?:\\\\.|[^"\\\\])*"|'(?:\\\\.|[^'\\\\])*'|[^,\\s)]+)`,
+      "gi"
+    ),
+    (_match, key) => `${key}=${placeholder}`
+  );
+}
+function redactStructuredKeyValueFields(input, keys, placeholder) {
+  const keyPattern = buildKeyPattern(keys);
+  const regex = new RegExp(`\\b(${keyPattern})\\s*=\\s*([\\[{])`, "gi");
+  let result = "";
+  let lastIndex = 0;
+  let match;
+  while (match = regex.exec(input)) {
+    const valueStart = regex.lastIndex - 1;
+    const valueEnd = findStructuredValueEnd(input, valueStart);
+    if (valueEnd === null) {
+      continue;
+    }
+    result += input.slice(lastIndex, match.index);
+    result += `${match[1]}=${placeholder}`;
+    lastIndex = valueEnd;
+    regex.lastIndex = valueEnd;
+  }
+  if (lastIndex === 0) {
+    return input;
+  }
+  return result + input.slice(lastIndex);
+}
+function findStructuredValueEnd(input, start) {
+  const open = input[start];
+  const close = open === "{" ? "}" : "]";
+  const stack = [close];
+  let quote = null;
+  let escaped = false;
+  for (let i = start + 1; i < input.length; i++) {
+    const ch = input[i];
+    if (quote) {
+      if (escaped) {
+        escaped = false;
+      } else if (ch === "\\") {
+        escaped = true;
+      } else if (ch === quote) {
+        quote = null;
+      }
+      continue;
+    }
+    if (ch === '"' || ch === "'") {
+      quote = ch;
+      continue;
+    }
+    if (ch === "{" || ch === "[") {
+      stack.push(ch === "{" ? "}" : "]");
+      continue;
+    }
+    if (ch === stack[stack.length - 1]) {
+      stack.pop();
+      if (stack.length === 0) {
+        return i + 1;
+      }
+    }
+  }
+  return null;
+}
+function redactColonTextFields(input, keys, placeholder) {
+  const keyPattern = buildKeyPattern(keys);
+  return input.replace(
+    new RegExp(`\\b(${keyPattern})\\s*:\\s*([^,\\n]+)`, "gi"),
+    (_match, key) => `${key}: ${placeholder}`
+  );
+}
+function redactQueryParams(input, keys) {
+  const keyPattern = buildKeyPattern(keys);
+  return input.replace(
+    new RegExp(`([?&](${keyPattern})=)([^&#\\s]+)`, "gi"),
+    (_match, prefix) => `${prefix}${encodeURIComponent(REDACTED)}`
+  );
+}
+function redactBearerTokens(input) {
+  return input.replace(
+    /\b(Bearer\s+)[A-Za-z0-9._~+/=-]+/gi,
+    `$1${REDACTED_SECRET}`
+  );
+}
+function redactJwtTokens(input) {
+  return input.replace(
+    /\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g,
+    REDACTED_SECRET
+  );
+}
+function redactLongHexTokens(input) {
+  return input.replace(/\b[a-f0-9]{32,}\b/gi, REDACTED_SECRET);
+}
+function redactEmails(input) {
+  return input.replace(
+    /\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/gi,
+    "[redacted-email]"
+  );
+}
+function redactPhoneNumbers(input) {
+  return input.replace(
+    /\b1[3-9]\d{9}\b/g,
+    (phone) => `${phone.slice(0, 3)}****${phone.slice(-4)}`
+  );
+}
+function redactLikelyUserUrls(input) {
+  return input.replace(
+    /https?:\/\/[^\s"',)]+/gi,
+    (rawUrl) => redactUrl(rawUrl)
+  );
+}
+function redactUrl(rawUrl) {
+  try {
+    const url = new URL(rawUrl);
+    for (const key of Array.from(url.searchParams.keys())) {
+      if (SENSITIVE_QUERY_KEYS.some(
+        (sensitiveKey) => sensitiveKey.toLowerCase() === key.toLowerCase()
+      )) {
+        url.searchParams.set(key, REDACTED);
+      }
+    }
+    if (shouldRedactUrlPath(url)) {
+      return `${url.origin}/${REDACTED_URL}`;
+    }
+    return url.toString();
+  } catch {
+    return rawUrl;
+  }
+}
+function shouldRedactUrlPath(url) {
+  const host = url.hostname.toLowerCase();
+  const path2 = decodeURIComponent(url.pathname).toLowerCase();
+  if (/(^|\.)((oss|cos|s3|storage|cdn)[.-])/.test(host) || /(aliyuncs|myqcloud|amazonaws|oss|storage|cdn)/.test(host)) {
+    return true;
+  }
+  return /\/(audio|avatar|feedback|log|logs|recording|recordings)\//.test(path2) || /\.(aac|flac|json|m4a|md|mp3|ogg|opus|srt|wav|zip)$/i.test(path2);
+}
+function buildKeyPattern(keys) {
+  return keys.map(escapeRegExp).join("|");
+}
+function escapeRegExp(value) {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
 function formatDate(d) {
   const y = d.getFullYear();
   const m = String(d.getMonth() + 1).padStart(2, "0");