azify-logger 1.0.20 → 1.0.22

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "azify-logger",
-  "version": "1.0.20",
+  "version": "1.0.22",
   "description": "Azify Logger Client - Centralized logging for OpenSearch",
   "main": "index.js",
   "types": "index.d.ts",
@@ -30,14 +30,11 @@
     "axios": "^1.6.0",
     "cors": "^2.8.5",
     "express": "^4.18.2",
-    "express-session": "^1.17.3",
-    "passport": "^0.6.0",
-    "passport-azure-ad": "^4.3.5",
     "require-in-the-middle": "^7.4.0",
     "uuid": "^9.0.1"
   },
   "optionalDependencies": {
-    "@opentelemetry/api": "^1.7.0",
+    "@opentelemetry/api": "^1.9.0",
     "@opentelemetry/auto-instrumentations-node": "^0.40.0",
     "@opentelemetry/core": "^1.28.0",
     "@opentelemetry/exporter-trace-otlp-http": "^0.45.0",

package/server.js

@@ -27,19 +27,57 @@ app.use(express.json({ limit: '10mb' }))
 app.use(express.urlencoded({ extended: true, limit: '10mb' }))
 app.use(cors())
 
-const authEnabled = process.env.AZURE_AD_AUTH_ENABLED === 'true'
-let ensureAuthenticated = (req, res, next) => next()
+const IS_LOCAL = process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'dev' || !process.env.NODE_ENV
 
-if (authEnabled) {
-  const { setupAuth, setupAuthRoutes, ensureAuthenticated: authMiddleware } = require('./auth')
-  ensureAuthenticated = authMiddleware
-  setupAuth(app)
-  setupAuthRoutes(app)
-  console.log('✅ Autenticação Azure AD habilitada')
-} else {
-  console.log('⚠️  Autenticação Azure AD desabilitada')
+function isPrivateOrLocalhost(ip) {
+  if (IS_LOCAL) {
+    return true
+  }
+  
+  ip = ip.replace('::ffff:', '').replace('::1', '127.0.0.1')
+  
+  if (ip === '127.0.0.1' || ip === 'localhost' || ip === '::1') {
+    return true
+  }
+  
+  const parts = ip.split('.').map(Number)
+  
+  if (parts.length !== 4) {
+    return false
+  }
+  
+  if (parts[0] === 10) return true
+  if (parts[0] === 127) return true
+  if (parts[0] === 192 && parts[1] === 168) return true
+  if (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31) return true
+  
+  return false
+}
+
+function validateNetworkAccess(req, res, next) {
+  if (req.path === '/health' || req.path === '/') {
+    return next()
+  }
+  
+  const clientIP = req.headers['x-forwarded-for']?.split(',')[0]?.trim() ||
+                   req.headers['x-real-ip'] || 
+                   req.ip || 
+                   req.connection.remoteAddress ||
+                   req.socket.remoteAddress
+  
+  if (!IS_LOCAL && !isPrivateOrLocalhost(clientIP)) {
+    return res.status(403).json({
+      success: false,
+      message: 'Forbidden. Access denied - endpoint only accessible from same server (localhost/private IPs).',
+      clientIP: clientIP
+    })
+  }
+  
+  next()
 }
 
+app.use(validateNetworkAccess)
+
 const tracer = trace.getTracer('azify-logger', '1.0.0')
 const propagator = new W3CTraceContextPropagator()
 
@@ -66,7 +104,7 @@ async function ensureIndexTemplate() {
         },
         mappings: {
           properties: {
-            timestamp: { type: 'date' },
+            '@timestamp': { type: 'date' },
             level: { type: 'keyword' },
             message: { type: 'text' },
             service: {
@@ -114,54 +152,6 @@ async function ensureIndexTemplate() {
 
 ensureIndexTemplate()
 
-/**
- * Escapes HTML special characters to prevent XSS attacks
- * This prevents script injection when data is rendered in OpenSearch Dashboards
- * @param {string} str - String to escape
- * @returns {string} Escaped string
- */
-function escapeHtml(str) {
-  if (typeof str !== 'string') return str
-  const map = {
-    '&': '&amp;',
-    '<': '&lt;',
-    '>': '&gt;',
-    '"': '&quot;',
-    "'": '&#x27;',
-    '/': '&#x2F;'
-  }
-  return str.replace(/[&<>"'/]/g, (m) => map[m])
-}
-
-/**
- * Sanitizes a value recursively to prevent XSS attacks
- * Escapes HTML special characters in strings that could be rendered in Dashboards
- * @param {any} value - Value to sanitize
- * @returns {any} Sanitized value
- */
-function sanitizeValue(value) {
-  if (typeof value === 'string') {
-    // Escape HTML special characters to prevent XSS when rendered in Dashboards
-    return escapeHtml(value)
-  }
-  
-  if (Array.isArray(value)) {
-    return value.map(item => sanitizeValue(item))
-  }
-  
-  if (value !== null && typeof value === 'object') {
-    const sanitized = {}
-    for (const key in value) {
-      if (value.hasOwnProperty(key)) {
-        sanitized[key] = sanitizeValue(value[key])
-      }
-    }
-    return sanitized
-  }
-  
-  return value
-}
-
 function generateTraceId() {
   return Math.random().toString(36).substring(2, 15) +
          Math.random().toString(36).substring(2, 15)
@@ -194,41 +184,24 @@ function getOrCreateTraceContext(requestId) {
 app.get('/health', (req, res) => {
   res.json({ 
     status: 'ok', 
-    service: 'azify-logger',
-    authEnabled: authEnabled
+    service: 'azify-logger'
   })
 })
 
-app.get('/', ensureAuthenticated, (req, res) => {
+app.get('/', (req, res) => {
   res.json({
     service: 'azify-logger',
     version: '1.0.0',
     endpoints: {
       health: '/health',
-      testLog: '/test-log',
-      auth: authEnabled ? {
-        login: '/auth/login',
-        logout: '/auth/logout',
-        me: '/auth/me'
-      } : null
-    },
-    user: req.user || null
+      testLog: '/test-log'
+    }
   })
 })
 
 app.post('/log', async (req, res) => {
   let { level, message, meta } = req.body
   
-  if (typeof message === 'string') {
-    message = sanitizeValue(message)
-  }
-  if (meta) {
-    meta = sanitizeValue(meta)
-  }
-  if (typeof level === 'string') {
-    level = sanitizeValue(level)
-  }
-  
   if (!level || !message) {
     return res.status(400).json({ success: false, message: 'Level and message are required.' })
   }
@@ -297,7 +270,7 @@ app.post('/log', async (req, res) => {
   }
   
   const logEntry = {
-    timestamp: (meta && meta.timestamp) || new Date().toISOString(),
+    '@timestamp': (meta && meta.timestamp) || new Date().toISOString(),
     level,
     message,
     service: {