paygate-mcp 8.79.0 → 8.80.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server.d.ts +1 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +44 -31
- package/dist/server.js.map +1 -1
- package/package.json +1 -1
package/dist/server.d.ts
CHANGED
|
@@ -163,7 +163,7 @@ export declare class PayGateServer {
|
|
|
163
163
|
private logStartupSummary;
|
|
164
164
|
/** Send a JSON response with the given status code. */
|
|
165
165
|
private sendJson;
|
|
166
|
-
/** Send a JSON error response: { error
|
|
166
|
+
/** Send a JSON error response: { error, requestId }. */
|
|
167
167
|
private sendError;
|
|
168
168
|
private handleRequest;
|
|
169
169
|
private handleMcp;
|
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAgB,eAAe,EAA0B,MAAM,MAAM,CAAC;AAI7E,OAAO,EAAE,aAAa,EAAkB,mBAAmB,EAAkB,MAAM,SAAS,CAAC;AAE7F,OAAO,EAAE,MAAM,EAAiC,MAAM,UAAU,CAAC;AASjE,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE9B,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,cAAc,EAAqD,MAAM,WAAW,CAAC;AAC9F,OAAO,EAAE,WAAW,EAAmB,MAAM,SAAS,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAS,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,eAAe,EAA6B,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAgB,eAAe,EAA0B,MAAM,MAAM,CAAC;AAI7E,OAAO,EAAE,aAAa,EAAkB,mBAAmB,EAAkB,MAAM,SAAS,CAAC;AAE7F,OAAO,EAAE,MAAM,EAAiC,MAAM,UAAU,CAAC;AASjE,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE9B,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,cAAc,EAAqD,MAAM,WAAW,CAAC;AAC9F,OAAO,EAAE,WAAW,EAAmB,MAAM,SAAS,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAS,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,eAAe,EAA6B,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAcrD,0EAA0E;AAC1E,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED,sFAAsF;AACtF,wBAAgB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,GAAG,SAAS,CAErE;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,eAAe,EAAE,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,CAsBvF;AAyCD,yCAAyC;AACzC,KAAK,YAAY,GAAG,QAAQ,GAAG,YAAY,CAAC;AAa5C,qBAAa,aAAa;IACxB,iDAAiD;IACjD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB,0DAA0D;IAC1D,QAAQ,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;IACpC,8DAA8D;IAC9D,QAAQ,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC1C,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,oEAAoE;IACpE,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,mEAAmE;IACnE,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,aAAa,CAAqC;IAC1D,wDAAwD;IACxD,QAAQ,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI,CAAQ;IAC5C,oDAAoD;IACpD,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,2BAA2B;IAC3B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,0CAA0C;IAC1C,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,8CAA8C;IAC9C,QAAQ,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACnC,mCAAmC;IACnC,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,4CAA4C;IAC5C,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,gCAAgC;IAChC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,yEAAyE;IACzE,QAAQ,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,CAAQ;IAC5C,4DAA4D;IAC5D,QAAQ,CAAC,MAAM,EAAE,kBAAkB,CAAC;IACpC,qDAAqD;IACrD,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC;IACjC,oCAAoC;IACpC,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,oDAAoD;IACpD,QAAQ,CAAC,SAAS,EAAE,kBAAkB,CAAC;IACvC,sCAAsC;IACtC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,oEAAoE;IACpE,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAc;IAC/C,yCAAyC;IACzC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAsB;IAChD,gEAAgE;IAChE,OAAO,CAAC,QAAQ,CAAS;IACzB,wEAAwE;IACxE,OAAO,CAAC,eAAe,CAAS;IAChC,mDAAmD;IACnD,OAAO,CAAC,kBAAkB,CAAiC;IAC3D,kDAAkD;IAClD,OAAO,CAAC,gBAAgB,CAAuB;IAC/C,gDAAgD;IAChD,OAAO,CAAC,iBAAiB,CAAqF;IAC9G,8CAA8C;IAC9C,OAAO,CAAC,wBAAwB,CAA+C;IAC/E,8BAA8B;IAC9B,OAAO,CAAC,gBAAgB,CAOhB;IACR,2CAA2C;IAC3C,OAAO,CAAC,aAAa,CAA+C;IACpE,4CAA4C;IAC5C,OAAO,CAAC,cAAc,CAAK;IAC3B,kCAAkC;IAClC,OAAO,CAAC,kBAAkB,CAOX;IACf,+CAA+C;IAC/C,OAAO,CAAC,iBAAiB,CAAK;IAC9B,qDAAqD;IACrD,OAAO,CAAC,UAAU,CAUV;IACR,gCAAgC;IAChC,OAAO,CAAC,gBAAgB,CAAK;IAC7B,4CAA4C;IAC5C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAQ;IAC7C,wCAAwC;IACxC,OAAO,CAAC,QAAQ,CAAK;IACrB,sEAAsE;IACtE,OAAO,CAAC,UAAU,CAAuB;IAEzC,0DAA0D;IAC1D,OAAO,KAAK,OAAO,GAElB;gBAGC,MAAM,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,EAC1D,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,mBAAmB,CAAC,EAAE,MAAM,EAC5B,OAAO,CAAC,EAAE,mBAAmB,EAAE,EAC/B,QAAQ,CAAC,EAAE,MAAM;IAkNnB;;;OAGG;IACH,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAIjC;;;;;;;;;;;OAWG;IACH,GAAG,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI;IAK1B,KAAK,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAiF1D,0EAA0E;IAC1E,OAAO,CAAC,iBAAiB;IA4BzB,uDAAuD;IACvD,OAAO,CAAC,QAAQ;IAKhB,wDAAwD;IACxD,OAAO,CAAC,SAAS;YAQH,aAAa;YA8kBb,SAAS;IAkQvB;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IA6C1B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAsB9B;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAyCrB;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAuC7B,OAAO,CAAC,UAAU;IAgLlB,OAAO,CAAC,YAAY;IAepB,OAAO,CAAC,YAAY;IAwCpB,OAAO,CAAC,UAAU;IA4ElB,OAAO,CAAC,kBAAkB;IAwD1B,kEAAkE;IAClE,OAAO,CAAC,OAAO;YAWD,eAAe;IAwH7B,OAAO,CAAC,cAAc;YA0CR,WAAW;YAiEX,oBAAoB;YA+GpB,oBAAoB;IAuIlC,OAAO,CAAC,eAAe;YAmDT,eAAe;YAiEf,eAAe;YAiDf,gBAAgB;YA2DhB,eAAe;YAwDf,cAAc;YAgFd,cAAc;YA+Dd,eAAe;YAqDf,YAAY;YA6CZ,eAAe;YA6Df,cAAc;YAwDd,aAAa;YAgDb,oBAAoB;YAgDpB,qBAAqB;IA4BnC,OAAO,CAAC,cAAc;IAwCtB,OAAO,CAAC,kBAAkB;IA+B1B,OAAO,CAAC,cAAc;IAuEtB,OAAO,CAAC,qBAAqB;IAkD7B,OAAO,CAAC,iBAAiB;IAmEzB,OAAO,CAAC,mBAAmB;IA0C3B,OAAO,CAAC,sBAAsB;IAoD9B,OAAO,CAAC,mBAAmB;IA+F3B,OAAO,CAAC,eAAe;IA6IvB,OAAO,CAAC,kBAAkB;YAyLZ,kBAAkB;IA4EhC,OAAO,CAAC,aAAa;YAmDP,YAAY;IA6C1B,OAAO,CAAC,WAAW;YA8CL,mBAAmB;IAgCjC,OAAO,CAAC,eAAe;IAcvB,+EAA+E;IAC/E,OAAO,CAAC,mBAAmB;IAS3B,oEAAoE;YACtD,mBAAmB;IAwDjC,yDAAyD;YAC3C,oBAAoB;IAoFlC,yCAAyC;YAC3B,gBAAgB;IA2E9B,uDAAuD;YACzC,iBAAiB;IA8B/B,sEAAsE;IACtE,OAAO,CAAC,kBAAkB;IAmB1B,OAAO,CAAC,qBAAqB;IAO7B,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,eAAe;IAyBvB,OAAO,CAAC,eAAe;YAWT,qBAAqB;IAgDnC,OAAO,CAAC,oBAAoB;IAe5B,OAAO,CAAC,sBAAsB;YAsBhB,mBAAmB;IA+CjC,OAAO,CAAC,oBAAoB;IAc5B,OAAO,CAAC,oBAAoB;IAsD5B,OAAO,CAAC,sBAAsB;IA2D9B,OAAO,CAAC,wBAAwB;IAuJhC,OAAO,CAAC,qBAAqB;IA6G7B,OAAO,CAAC,wBAAwB;IAuGhC,OAAO,CAAC,kBAAkB;IAqH1B,OAAO,CAAC,uBAAuB;IAkH/B,OAAO,CAAC,mBAAmB;IAgH3B,OAAO,CAAC,oBAAoB;IA4H5B,OAAO,CAAC,qBAAqB;IAkI7B,OAAO,CAAC,mBAAmB;IAuH3B,OAAO,CAAC,qBAAqB;IAgF7B,OAAO,CAAC,uBAAuB;IAuF/B,OAAO,CAAC,sBAAsB;IAqG9B,OAAO,CAAC,sBAAsB;IAsF9B,OAAO,CAAC,sBAAsB;IA2G9B,OAAO,CAAC,mBAAmB;IA8E3B,OAAO,CAAC,sBAAsB;IA6F9B,OAAO,CAAC,mBAAmB;IAmE3B,OAAO,CAAC,qBAAqB;IAqF7B,OAAO,CAAC,iBAAiB;IAwEzB,OAAO,CAAC,gBAAgB;IAqExB,OAAO,CAAC,YAAY;IAiEpB,OAAO,CAAC,oBAAoB;IAiD5B,OAAO,CAAC,kBAAkB;IAiD1B,OAAO,CAAC,sBAAsB;IAmE9B,OAAO,CAAC,mBAAmB;IAgF3B,OAAO,CAAC,eAAe;IAiEvB,OAAO,CAAC,mBAAmB;IAoD3B,OAAO,CAAC,sBAAsB;IA4E9B,OAAO,CAAC,kBAAkB;IAoF1B,OAAO,CAAC,kBAAkB;IA0D1B,OAAO,CAAC,sBAAsB;IA+E9B,OAAO,CAAC,mBAAmB;IA2D3B,OAAO,CAAC,cAAc;IAqDtB,OAAO,CAAC,qBAAqB;IAwD7B,OAAO,CAAC,0BAA0B;IA+DlC,OAAO,CAAC,wBAAwB;IAyEhC,OAAO,CAAC,8BAA8B;IAiFtC,OAAO,CAAC,2BAA2B;IAsEnC,OAAO,CAAC,iBAAiB;IAqDzB,OAAO,CAAC,uBAAuB;IA4D/B,OAAO,CAAC,oBAAoB;IA+C5B,OAAO,CAAC,uBAAuB;IAoE/B,OAAO,CAAC,sBAAsB;IAsD9B,OAAO,CAAC,kBAAkB;IA6D1B,OAAO,CAAC,eAAe;IA4DvB,OAAO,CAAC,sBAAsB;IA8D9B,OAAO,CAAC,oBAAoB;IAmD5B,OAAO,CAAC,oBAAoB;IAqD5B,OAAO,CAAC,uBAAuB;IA0D/B,OAAO,CAAC,yBAAyB;IAuDjC,OAAO,CAAC,oBAAoB;IAqD5B,OAAO,CAAC,uBAAuB;IAmD/B,OAAO,CAAC,iBAAiB;IA+CzB,OAAO,CAAC,mBAAmB;IA8D3B,OAAO,CAAC,qBAAqB;IA0D7B,OAAO,CAAC,uBAAuB;IAkE/B,OAAO,CAAC,oBAAoB;IAoE5B,OAAO,CAAC,uBAAuB;IAwD/B,OAAO,CAAC,2BAA2B;IAyDnC,OAAO,CAAC,mBAAmB;IAwE3B,OAAO,CAAC,mBAAmB;IAsF3B,OAAO,CAAC,gBAAgB;IAsDxB,OAAO,CAAC,kBAAkB;IAsF1B,OAAO,CAAC,sBAAsB;IAiF9B,OAAO,CAAC,cAAc;IAsBtB,OAAO,CAAC,aAAa;IA0DrB,OAAO,CAAC,gBAAgB;IA8CxB,OAAO,CAAC,kBAAkB;IA2B1B,OAAO,CAAC,oBAAoB;IAwF5B,OAAO,CAAC,oBAAoB;IAgC5B,gFAAgF;IAChF,OAAO,CAAC,uBAAuB;IAiD/B,OAAO,CAAC,iBAAiB;IAgGzB,OAAO,CAAC,sBAAsB;IA8B9B,OAAO,CAAC,uBAAuB;IA6F/B,OAAO,CAAC,uBAAuB;IA+D/B,OAAO,CAAC,wBAAwB;IA2ChC,uEAAuE;IACvE,OAAO,CAAC,cAAc;IAQtB,mCAAmC;IACnC,OAAO,CAAC,0BAA0B;YAWpB,kBAAkB;IAyIhC,OAAO,CAAC,kBAAkB;IA2B1B,OAAO,CAAC,gBAAgB;IA0CxB,OAAO,CAAC,kBAAkB;IA4B1B,OAAO,CAAC,mBAAmB;YA6Bb,iBAAiB;IAyH/B,OAAO,CAAC,wBAAwB;YAYlB,yBAAyB;YAoCzB,yBAAyB;YA6CzB,yBAAyB;IAsCvC,OAAO,CAAC,WAAW;IAyBnB,OAAO,CAAC,iBAAiB;IA+BzB,OAAO,CAAC,gBAAgB;IAaxB,OAAO,CAAC,UAAU;IA+ClB,OAAO,CAAC,eAAe;YAeT,gBAAgB;YAwChB,gBAAgB;YAwChB,gBAAgB;YAiChB,mBAAmB;YAgDnB,mBAAmB;IAwCjC,OAAO,CAAC,eAAe;IA2BvB,OAAO,CAAC,oBAAoB;YAed,iBAAiB;YAqDjB,iBAAiB;IA2D/B,OAAO,CAAC,uBAAuB;IAuB/B,OAAO,CAAC,iBAAiB;IAazB,OAAO,CAAC,gBAAgB;YAMV,iBAAiB;YA0CjB,iBAAiB;YAoDjB,iBAAiB;YAoCjB,sBAAsB;YAiDtB,wBAAwB;IA4CtC,OAAO,CAAC,mBAAmB;YAoBb,oBAAoB;YAoDpB,oBAAoB;YAiDpB,wBAAwB;IAqCtC,OAAO,CAAC,mBAAmB;YAOb,oBAAoB;YAqCpB,oBAAoB;IAoClC;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAQxB,OAAO,CAAC,eAAe;IAUvB,iFAAiF;IACjF,OAAO,CAAC,iBAAiB;IAuBzB,OAAO,CAAC,QAAQ;IA8CV,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqC3B;;;;;;;OAOG;IACG,YAAY,CAAC,SAAS,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAiErD,OAAO,CAAC,gBAAgB;IAsExB,OAAO,CAAC,eAAe;YA6GT,mBAAmB;YAoInB,wBAAwB;IA2ItC,OAAO,CAAC,sBAAsB;IA0F9B,OAAO,CAAC,sBAAsB;IA0E9B,qDAAqD;IACrD,OAAO,CAAC,UAAU;CAMnB"}
|
package/dist/server.js
CHANGED
|
@@ -94,6 +94,14 @@ const expiry_scanner_1 = require("./expiry-scanner");
|
|
|
94
94
|
const key_templates_1 = require("./key-templates");
|
|
95
95
|
/** Max request body size: 1MB */
|
|
96
96
|
const MAX_BODY_SIZE = 1_048_576;
|
|
97
|
+
/** Max length for user-supplied string fields (names, reasons, messages, memos) */
|
|
98
|
+
const MAX_STRING_FIELD = 500;
|
|
99
|
+
/** Truncate user-supplied strings to MAX_STRING_FIELD to prevent log injection and memory abuse. */
|
|
100
|
+
function sanitizeString(value, maxLen = MAX_STRING_FIELD) {
|
|
101
|
+
if (!value)
|
|
102
|
+
return '';
|
|
103
|
+
return String(value).slice(0, maxLen);
|
|
104
|
+
}
|
|
97
105
|
/** Generate a unique request ID (16 hex chars = 8 bytes of randomness) */
|
|
98
106
|
function generateRequestId() {
|
|
99
107
|
return `req_${(0, crypto_1.randomBytes)(8).toString('hex')}`;
|
|
@@ -578,10 +586,11 @@ class PayGateServer {
|
|
|
578
586
|
res.writeHead(status, { 'Content-Type': 'application/json' });
|
|
579
587
|
res.end(JSON.stringify(data));
|
|
580
588
|
}
|
|
581
|
-
/** Send a JSON error response: { error
|
|
589
|
+
/** Send a JSON error response: { error, requestId }. */
|
|
582
590
|
sendError(res, status, message) {
|
|
591
|
+
const requestId = res.getHeader('X-Request-Id');
|
|
583
592
|
res.writeHead(status, { 'Content-Type': 'application/json' });
|
|
584
|
-
res.end(JSON.stringify({ error: message }));
|
|
593
|
+
res.end(JSON.stringify(requestId ? { error: message, requestId } : { error: message }));
|
|
585
594
|
}
|
|
586
595
|
// ─── Request Handling ──────────────────────────────────────────────────────
|
|
587
596
|
async handleRequest(req, res) {
|
|
@@ -2271,7 +2280,7 @@ class PayGateServer {
|
|
|
2271
2280
|
}
|
|
2272
2281
|
const fromBalance = sourceRecord.credits;
|
|
2273
2282
|
const toBalance = destRecord.credits;
|
|
2274
|
-
const memo = params.memo
|
|
2283
|
+
const memo = sanitizeString(params.memo);
|
|
2275
2284
|
this.creditLedger.record(sourceRecord.key, {
|
|
2276
2285
|
type: 'transfer_out', amount: credits, balanceBefore: sourceBalanceBefore, balanceAfter: fromBalance, memo: memo || undefined,
|
|
2277
2286
|
});
|
|
@@ -2620,13 +2629,14 @@ class PayGateServer {
|
|
|
2620
2629
|
return;
|
|
2621
2630
|
}
|
|
2622
2631
|
this.syncKeyMutation(record.key);
|
|
2623
|
-
|
|
2632
|
+
const reason = sanitizeString(params.reason) || null;
|
|
2633
|
+
this.audit.log('key.suspended', 'admin', `Key suspended${reason ? ': ' + reason : ''}`, {
|
|
2624
2634
|
keyMasked: (0, audit_1.maskKeyForAudit)(record.key),
|
|
2625
|
-
reason
|
|
2635
|
+
reason,
|
|
2626
2636
|
});
|
|
2627
2637
|
this.emitWebhookAdmin('key.suspended', 'admin', {
|
|
2628
2638
|
keyMasked: (0, audit_1.maskKeyForAudit)(record.key),
|
|
2629
|
-
reason
|
|
2639
|
+
reason,
|
|
2630
2640
|
});
|
|
2631
2641
|
this.sendJson(res, 200, { message: 'Key suspended', suspended: true });
|
|
2632
2642
|
}
|
|
@@ -2710,7 +2720,7 @@ class PayGateServer {
|
|
|
2710
2720
|
return;
|
|
2711
2721
|
}
|
|
2712
2722
|
const cloned = this.gate.store.cloneKey(source.key, {
|
|
2713
|
-
name: params.name,
|
|
2723
|
+
name: params.name ? sanitizeString(String(params.name)) : undefined,
|
|
2714
2724
|
credits: params.credits,
|
|
2715
2725
|
tags: params.tags,
|
|
2716
2726
|
namespace: params.namespace,
|
|
@@ -2771,7 +2781,7 @@ class PayGateServer {
|
|
|
2771
2781
|
this.sendError(res, 404, 'Key not found');
|
|
2772
2782
|
return;
|
|
2773
2783
|
}
|
|
2774
|
-
const alias = params.alias !== undefined ? (params.alias === null || params.alias === '' ? null : String(params.alias)) : undefined;
|
|
2784
|
+
const alias = params.alias !== undefined ? (params.alias === null || params.alias === '' ? null : sanitizeString(String(params.alias))) : undefined;
|
|
2775
2785
|
if (alias === undefined) {
|
|
2776
2786
|
this.sendError(res, 400, 'Missing "alias" parameter (string to set, null to clear)');
|
|
2777
2787
|
return;
|
|
@@ -4519,7 +4529,7 @@ class PayGateServer {
|
|
|
4519
4529
|
const wasEnabled = this.maintenanceMode;
|
|
4520
4530
|
this.maintenanceMode = params.enabled;
|
|
4521
4531
|
if (params.enabled) {
|
|
4522
|
-
this.maintenanceMessage = params.message || 'Server is under maintenance';
|
|
4532
|
+
this.maintenanceMessage = sanitizeString(params.message) || 'Server is under maintenance';
|
|
4523
4533
|
this.maintenanceSince = new Date().toISOString();
|
|
4524
4534
|
if (!wasEnabled) {
|
|
4525
4535
|
this.audit.log('maintenance.enabled', 'admin', `Maintenance mode enabled: ${this.maintenanceMessage}`, {
|
|
@@ -9360,7 +9370,7 @@ class PayGateServer {
|
|
|
9360
9370
|
credits: params.credits,
|
|
9361
9371
|
createdAt: new Date().toISOString(),
|
|
9362
9372
|
expiresAt: new Date(Date.now() + ttl * 1000).toISOString(),
|
|
9363
|
-
memo: params.memo
|
|
9373
|
+
memo: sanitizeString(params.memo),
|
|
9364
9374
|
};
|
|
9365
9375
|
this.creditReservations.set(reservation.id, reservation);
|
|
9366
9376
|
this.audit.log('credits.reserved', 'admin', `Reserved ${params.credits} credits`, {
|
|
@@ -9865,7 +9875,7 @@ class PayGateServer {
|
|
|
9865
9875
|
try {
|
|
9866
9876
|
const rule = this.gate.webhookRouter.addRule({
|
|
9867
9877
|
id: '', // auto-generated
|
|
9868
|
-
name:
|
|
9878
|
+
name: sanitizeString(params.name) || '',
|
|
9869
9879
|
events: Array.isArray(params.events) ? params.events.map(String) : [],
|
|
9870
9880
|
url: String(params.url || ''),
|
|
9871
9881
|
secret: params.secret ? String(params.secret) : undefined,
|
|
@@ -9908,7 +9918,7 @@ class PayGateServer {
|
|
|
9908
9918
|
}
|
|
9909
9919
|
try {
|
|
9910
9920
|
const rule = this.gate.webhookRouter.updateRule(filterId, {
|
|
9911
|
-
name: params.name !== undefined ? String(params.name) : undefined,
|
|
9921
|
+
name: params.name !== undefined ? sanitizeString(String(params.name)) : undefined,
|
|
9912
9922
|
events: Array.isArray(params.events) ? params.events.map(String) : undefined,
|
|
9913
9923
|
url: params.url !== undefined ? String(params.url) : undefined,
|
|
9914
9924
|
secret: params.secret !== undefined ? String(params.secret) : undefined,
|
|
@@ -10091,8 +10101,8 @@ class PayGateServer {
|
|
|
10091
10101
|
return;
|
|
10092
10102
|
}
|
|
10093
10103
|
const team = this.teams.createTeam({
|
|
10094
|
-
name: params.name,
|
|
10095
|
-
description: params.description,
|
|
10104
|
+
name: sanitizeString(params.name) || 'unnamed',
|
|
10105
|
+
description: sanitizeString(params.description) || undefined,
|
|
10096
10106
|
budget: params.budget,
|
|
10097
10107
|
quota: params.quota,
|
|
10098
10108
|
tags: params.tags,
|
|
@@ -10126,8 +10136,8 @@ class PayGateServer {
|
|
|
10126
10136
|
return;
|
|
10127
10137
|
}
|
|
10128
10138
|
const success = this.teams.updateTeam(params.teamId, {
|
|
10129
|
-
name: params.name,
|
|
10130
|
-
description: params.description,
|
|
10139
|
+
name: params.name ? sanitizeString(params.name) : undefined,
|
|
10140
|
+
description: params.description !== undefined ? (sanitizeString(params.description) || undefined) : undefined,
|
|
10131
10141
|
budget: params.budget,
|
|
10132
10142
|
quota: params.quota,
|
|
10133
10143
|
tags: params.tags,
|
|
@@ -10353,7 +10363,7 @@ class PayGateServer {
|
|
|
10353
10363
|
this.sendError(res, 400, 'Not a scoped token (must start with pgt_)');
|
|
10354
10364
|
return;
|
|
10355
10365
|
}
|
|
10356
|
-
const entry = this.tokens.revokeToken(params.token, params.reason);
|
|
10366
|
+
const entry = this.tokens.revokeToken(params.token, sanitizeString(params.reason) || undefined);
|
|
10357
10367
|
if (!entry) {
|
|
10358
10368
|
// Already revoked or invalid signature
|
|
10359
10369
|
this.sendError(res, 409, 'Token already revoked or invalid signature');
|
|
@@ -10431,8 +10441,8 @@ class PayGateServer {
|
|
|
10431
10441
|
}
|
|
10432
10442
|
try {
|
|
10433
10443
|
const group = this.groups.createGroup({
|
|
10434
|
-
name:
|
|
10435
|
-
description: params.description,
|
|
10444
|
+
name: sanitizeString(params.name) || '',
|
|
10445
|
+
description: sanitizeString(params.description) || undefined,
|
|
10436
10446
|
allowedTools: params.allowedTools,
|
|
10437
10447
|
deniedTools: params.deniedTools,
|
|
10438
10448
|
rateLimitPerMin: params.rateLimitPerMin,
|
|
@@ -10483,8 +10493,8 @@ class PayGateServer {
|
|
|
10483
10493
|
}
|
|
10484
10494
|
try {
|
|
10485
10495
|
const group = this.groups.updateGroup(groupId, {
|
|
10486
|
-
name: params.name,
|
|
10487
|
-
description: params.description,
|
|
10496
|
+
name: params.name ? sanitizeString(params.name) : undefined,
|
|
10497
|
+
description: params.description !== undefined ? (sanitizeString(params.description) || undefined) : undefined,
|
|
10488
10498
|
allowedTools: params.allowedTools,
|
|
10489
10499
|
deniedTools: params.deniedTools,
|
|
10490
10500
|
rateLimitPerMin: params.rateLimitPerMin,
|
|
@@ -10679,14 +10689,15 @@ class PayGateServer {
|
|
|
10679
10689
|
// Mask the requesting admin key for audit
|
|
10680
10690
|
const callerKey = req.headers['x-admin-key'];
|
|
10681
10691
|
const callerMasked = callerKey.slice(0, 7) + '...' + callerKey.slice(-4);
|
|
10682
|
-
const
|
|
10683
|
-
this.
|
|
10692
|
+
const safeName = sanitizeString(params.name) || 'unnamed';
|
|
10693
|
+
const record = this.adminKeys.create(safeName, role, callerMasked);
|
|
10694
|
+
this.audit.log('admin_key.created', callerMasked, `Created admin key "${safeName}" with role ${role}`, {
|
|
10684
10695
|
newKeyMasked: record.key.slice(0, 7) + '...' + record.key.slice(-4),
|
|
10685
10696
|
role,
|
|
10686
10697
|
});
|
|
10687
10698
|
this.emitWebhookAdmin('admin_key.created', callerMasked, {
|
|
10688
10699
|
newKeyMasked: record.key.slice(0, 7) + '...' + record.key.slice(-4),
|
|
10689
|
-
name:
|
|
10700
|
+
name: safeName,
|
|
10690
10701
|
role,
|
|
10691
10702
|
});
|
|
10692
10703
|
this.sendJson(res, 201, {
|
|
@@ -10786,11 +10797,12 @@ class PayGateServer {
|
|
|
10786
10797
|
this.sendError(res, 400, 'Invalid JSON');
|
|
10787
10798
|
return;
|
|
10788
10799
|
}
|
|
10789
|
-
const
|
|
10790
|
-
if (!
|
|
10800
|
+
const rawName = params.name;
|
|
10801
|
+
if (!rawName || typeof rawName !== 'string') {
|
|
10791
10802
|
this.sendError(res, 400, 'Missing required field: name');
|
|
10792
10803
|
return;
|
|
10793
10804
|
}
|
|
10805
|
+
const name = sanitizeString(rawName);
|
|
10794
10806
|
const existing = this.templates.get(name);
|
|
10795
10807
|
const result = this.templates.set(name, params);
|
|
10796
10808
|
if (!result.success) {
|
|
@@ -10825,16 +10837,17 @@ class PayGateServer {
|
|
|
10825
10837
|
this.sendError(res, 400, 'Missing required field: name');
|
|
10826
10838
|
return;
|
|
10827
10839
|
}
|
|
10828
|
-
const
|
|
10840
|
+
const templateName = sanitizeString(params.name);
|
|
10841
|
+
const deleted = this.templates.delete(templateName);
|
|
10829
10842
|
if (!deleted) {
|
|
10830
10843
|
res.writeHead(404, { 'Content-Type': 'application/json' });
|
|
10831
|
-
res.end(JSON.stringify({ error: `Template "${
|
|
10844
|
+
res.end(JSON.stringify({ error: `Template "${templateName}" not found` }));
|
|
10832
10845
|
return;
|
|
10833
10846
|
}
|
|
10834
|
-
this.audit.log('template.deleted', 'admin', `Deleted template: ${
|
|
10835
|
-
templateName
|
|
10847
|
+
this.audit.log('template.deleted', 'admin', `Deleted template: ${templateName}`, {
|
|
10848
|
+
templateName,
|
|
10836
10849
|
});
|
|
10837
|
-
this.sendJson(res, 200, { deleted: true, name:
|
|
10850
|
+
this.sendJson(res, 200, { deleted: true, name: templateName });
|
|
10838
10851
|
}
|
|
10839
10852
|
/**
|
|
10840
10853
|
* Route admin webhook events through the WebhookRouter (for filter rules) or direct emitter.
|