n8n-nodes-redactor 3.0.1

package/dist/nodes/PiiRedactor/vault.js

@@ -0,0 +1,352 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FileVault = exports.MemoryVault = void 0;
+exports.createVault = createVault;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const crypto = __importStar(require("crypto"));
+const encryption_1 = require("./encryption");
+// ═══════════════════════════════════════════════════════════
+// In-memory vault
+// ═══════════════════════════════════════════════════════════
+const memoryStore = new Map();
+const reverseIndex = new Map();
+const MAX_SESSIONS = 1000; // Prevent unbounded memory growth
+class MemoryVault {
+    getOrCreateSession(sessionId, ttl) {
+        // Auto-cleanup expired sessions on every create to prevent memory leak
+        this.cleanup();
+        // Enforce max session limit
+        if (memoryStore.size >= MAX_SESSIONS && !memoryStore.has(sessionId)) {
+            // Evict oldest session
+            const oldest = memoryStore.keys().next().value;
+            if (oldest !== undefined) {
+                memoryStore.delete(oldest);
+                reverseIndex.delete(oldest);
+            }
+        }
+        if (!memoryStore.has(sessionId)) {
+            memoryStore.set(sessionId, {
+                sessionId,
+                entries: {},
+                createdAt: new Date().toISOString(),
+                ttl,
+            });
+        }
+        return memoryStore.get(sessionId);
+    }
+    getSession(sessionId) {
+        const session = memoryStore.get(sessionId);
+        if (!session)
+            return null;
+        // Check expiry
+        if (session.ttl > 0) {
+            const created = new Date(session.createdAt).getTime();
+            if (Date.now() - created > session.ttl) {
+                memoryStore.delete(sessionId);
+                return null;
+            }
+        }
+        return session;
+    }
+    addEntry(sessionId, entry) {
+        const session = memoryStore.get(sessionId);
+        if (session) {
+            session.entries[entry.token] = entry;
+            // Maintain reverse lookup index for O(1) dedup
+            if (!reverseIndex.has(sessionId))
+                reverseIndex.set(sessionId, new Map());
+            reverseIndex.get(sessionId).set(entry.original, entry);
+        }
+    }
+    findByOriginal(sessionId, original) {
+        // O(1) lookup via reverse index instead of O(n) scan
+        const index = reverseIndex.get(sessionId);
+        if (index) {
+            const entry = index.get(original);
+            if (entry)
+                return entry;
+        }
+        // Fallback to linear scan (for sessions loaded without index)
+        const session = memoryStore.get(sessionId);
+        if (!session)
+            return undefined;
+        return Object.values(session.entries).find((e) => e.original === original);
+    }
+    deleteSession(sessionId) {
+        memoryStore.delete(sessionId);
+        reverseIndex.delete(sessionId);
+    }
+    listSessions() {
+        return Array.from(memoryStore.values()).map((s) => ({
+            sessionId: s.sessionId,
+            entryCount: Object.keys(s.entries).length,
+            createdAt: s.createdAt,
+            ttl: s.ttl,
+        }));
+    }
+    save() {
+        // No-op for memory vault
+    }
+    cleanup() {
+        let removed = 0;
+        const now = Date.now();
+        for (const [id, session] of memoryStore.entries()) {
+            if (session.ttl > 0) {
+                const created = new Date(session.createdAt).getTime();
+                if (now - created > session.ttl) {
+                    memoryStore.delete(id);
+                    reverseIndex.delete(id);
+                    removed++;
+                }
+            }
+        }
+        return removed;
+    }
+}
+exports.MemoryVault = MemoryVault;
+// ═══════════════════════════════════════════════════════════
+// File-based vault (JSON files in a directory)
+// ═══════════════════════════════════════════════════════════
+class FileVault {
+    constructor(dir, passphrase) {
+        this.cache = new Map();
+        this.passphrase = passphrase || '';
+        this.dir = dir || path.join(process.env.HOME || '/tmp', '.n8n', 'pii-vault');
+        if (!fs.existsSync(this.dir)) {
+            fs.mkdirSync(this.dir, { recursive: true });
+        }
+        // Auto-cleanup expired files on every instantiation
+        this.cleanup();
+    }
+    filePath(sessionId) {
+        // Hash session ID for safe filenames — use 32 hex chars (128 bits) to avoid collisions
+        const hash = crypto.createHash('sha256').update(sessionId).digest('hex').slice(0, 32);
+        return path.join(this.dir, `vault_${hash}.json`);
+    }
+    load(sessionId) {
+        if (this.cache.has(sessionId)) {
+            return this.cache.get(sessionId);
+        }
+        const fp = this.filePath(sessionId);
+        if (!fs.existsSync(fp))
+            return null;
+        try {
+            const raw = fs.readFileSync(fp);
+            let jsonStr;
+            if ((0, encryption_1.isEncryptedVault)(raw)) {
+                // Encrypted file — decrypt with passphrase
+                if (!this.passphrase) {
+                    // Encrypted but no passphrase — cannot read
+                    return null;
+                }
+                jsonStr = (0, encryption_1.decryptVaultData)(raw, this.passphrase);
+            }
+            else if ((0, encryption_1.isPlaintextVault)(raw)) {
+                // Plaintext JSON — read directly
+                jsonStr = raw.toString('utf-8');
+            }
+            else {
+                // Unknown format
+                return null;
+            }
+            const data = JSON.parse(jsonStr);
+            // Check expiry
+            if (data.ttl > 0) {
+                const created = new Date(data.createdAt).getTime();
+                if (Date.now() - created > data.ttl) {
+                    try {
+                        fs.unlinkSync(fp);
+                    }
+                    catch { /* ignore */ }
+                    return null;
+                }
+            }
+            this.cache.set(sessionId, data);
+            return data;
+        }
+        catch {
+            return null;
+        }
+    }
+    getOrCreateSession(sessionId, ttl) {
+        // Auto-cleanup expired files before creating new sessions
+        this.cleanup();
+        const existing = this.load(sessionId);
+        if (existing)
+            return existing;
+        const session = {
+            sessionId,
+            entries: {},
+            createdAt: new Date().toISOString(),
+            ttl,
+        };
+        this.cache.set(sessionId, session);
+        return session;
+    }
+    getSession(sessionId) {
+        return this.load(sessionId);
+    }
+    addEntry(sessionId, entry) {
+        const session = this.cache.get(sessionId);
+        if (session) {
+            session.entries[entry.token] = entry;
+        }
+    }
+    findByOriginal(sessionId, original) {
+        const session = this.cache.get(sessionId);
+        if (!session)
+            return undefined;
+        return Object.values(session.entries).find((e) => e.original === original);
+    }
+    deleteSession(sessionId) {
+        this.cache.delete(sessionId);
+        try {
+            const fp = this.filePath(sessionId);
+            if (fs.existsSync(fp)) {
+                fs.unlinkSync(fp);
+            }
+        }
+        catch {
+            // Ignore file deletion errors (read-only FS, already deleted, etc.)
+        }
+    }
+    listSessions() {
+        // List all vault files
+        const files = fs.readdirSync(this.dir).filter((f) => f.startsWith('vault_') && f.endsWith('.json'));
+        const sessions = [];
+        for (const file of files) {
+            try {
+                const fp = path.join(this.dir, file);
+                const raw = fs.readFileSync(fp);
+                let jsonStr;
+                if ((0, encryption_1.isEncryptedVault)(raw)) {
+                    if (!this.passphrase)
+                        continue; // Can't read without passphrase
+                    try {
+                        jsonStr = (0, encryption_1.decryptVaultData)(raw, this.passphrase);
+                    }
+                    catch {
+                        continue; // Wrong passphrase or corrupted
+                    }
+                }
+                else if ((0, encryption_1.isPlaintextVault)(raw)) {
+                    jsonStr = raw.toString('utf-8');
+                }
+                else {
+                    continue;
+                }
+                const data = JSON.parse(jsonStr);
+                sessions.push({
+                    sessionId: data.sessionId,
+                    entryCount: Object.keys(data.entries).length,
+                    createdAt: data.createdAt,
+                    ttl: data.ttl,
+                });
+            }
+            catch {
+                // Skip corrupt files
+            }
+        }
+        return sessions;
+    }
+    save(sessionId) {
+        const session = this.cache.get(sessionId);
+        if (session) {
+            try {
+                const fp = this.filePath(sessionId);
+                const tmpFp = fp + '.tmp';
+                const jsonData = JSON.stringify(session, null, 2);
+                if (this.passphrase) {
+                    // Encrypt vault data before writing
+                    const encrypted = (0, encryption_1.encryptVaultData)(jsonData, this.passphrase);
+                    fs.writeFileSync(tmpFp, encrypted);
+                }
+                else {
+                    // Write plaintext JSON
+                    fs.writeFileSync(tmpFp, jsonData, 'utf-8');
+                }
+                fs.renameSync(tmpFp, fp);
+            }
+            catch {
+                // Write failed (read-only FS, permissions, disk full).
+                // Session stays in memory cache — restore will still work
+                // for this execution, just won't persist across restarts.
+            }
+        }
+    }
+    cleanup() {
+        let removed = 0;
+        const now = Date.now();
+        const files = fs.readdirSync(this.dir).filter((f) => f.startsWith('vault_') && f.endsWith('.json'));
+        for (const file of files) {
+            try {
+                const fp = path.join(this.dir, file);
+                const data = JSON.parse(fs.readFileSync(fp, 'utf-8'));
+                if (data.ttl > 0) {
+                    const created = new Date(data.createdAt).getTime();
+                    if (now - created > data.ttl) {
+                        fs.unlinkSync(fp);
+                        this.cache.delete(data.sessionId);
+                        removed++;
+                    }
+                }
+            }
+            catch {
+                // Skip
+            }
+        }
+        return removed;
+    }
+}
+exports.FileVault = FileVault;
+/**
+ * Factory to get the right vault implementation.
+ * If file vault fails (read-only filesystem, no permissions, Docker, cloud),
+ * automatically falls back to memory vault so the node never crashes.
+ */
+function createVault(storage, vaultDir, passphrase) {
+    if (storage === 'file') {
+        try {
+            return new FileVault(vaultDir, passphrase);
+        }
+        catch {
+            // Filesystem not writable — fall back to memory vault silently
+            return new MemoryVault();
+        }
+    }
+    return new MemoryVault();
+}

package/package.json

@@ -0,0 +1,87 @@
+{
+  "name": "n8n-nodes-redactor",
+  "version": "3.0.1",
+  "description": "Redact, remove, mask and anonymize sensitive data before LLMs. Detect PII, personal information, emails, phones, addresses, IBAN, credit cards, names, SSN, passport, tax ID. Reversible vault restore. GDPR HIPAA CCPA DACH EU compliant. 50+ patterns. 100% local. Built by next8n.",
+  "keywords": [
+    "n8n-community-node-package",
+    "n8n",
+    "redactor",
+    "redact",
+    "pii",
+    "remove-data",
+    "remove-pii",
+    "data-masking",
+    "data-privacy",
+    "data-protection",
+    "anonymize",
+    "anonymization",
+    "sanitize",
+    "scrub",
+    "mask",
+    "gdpr",
+    "hipaa",
+    "ccpa",
+    "dsgvo",
+    "compliance",
+    "privacy",
+    "personal-data",
+    "sensitive-data",
+    "iban",
+    "credit-card",
+    "ssn",
+    "email",
+    "phone",
+    "address",
+    "passport",
+    "tax-id",
+    "eu",
+    "dach",
+    "european",
+    "llm",
+    "openai",
+    "claude",
+    "ai",
+    "next8n",
+    "workflow",
+    "automation"
+  ],
+  "author": "Mirza Iqbal / next8n (https://next8n.com)",
+  "license": "FUCL",
+  "homepage": "https://next8n.com",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/mjmirza/n8n-nodes-redactor.git"
+  },
+  "bugs": {
+    "url": "https://github.com/mjmirza/n8n-nodes-redactor/issues"
+  },
+  "main": "dist/nodes/PiiRedactor/PiiRedactor.node.js",
+  "types": "dist/nodes/PiiRedactor/PiiRedactor.node.d.ts",
+  "scripts": {
+    "build": "tsc -p tsconfig.json && cp src/nodes/PiiRedactor/redact.png dist/nodes/PiiRedactor/redact.png",
+    "dev": "tsc -w -p tsconfig.json",
+    "test": "jest --no-cache",
+    "lint": "eslint src/ --ext .ts",
+    "prepublishOnly": "cp README.md README.dev.md && cp README.npm.md README.md && npm run build",
+    "postpublish": "mv README.dev.md README.md"
+  },
+  "files": [
+    "dist"
+  ],
+  "n8n": {
+    "n8nNodesApiVersion": 1,
+    "nodes": [
+      "dist/nodes/PiiRedactor/PiiRedactor.node.js"
+    ]
+  },
+  "devDependencies": {
+    "@types/jest": "^30.0.0",
+    "@types/node": "^20.0.0",
+    "jest": "^29.7.0",
+    "ts-jest": "^29.4.6",
+    "typescript": "^5.4.0"
+  },
+  "peerDependencies": {
+    "n8n-workflow": "*"
+  }
+}