paygate-mcp 8.89.0 → 8.91.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +94 -31
- package/dist/server.js.map +1 -1
- package/package.json +1 -1
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAgB,eAAe,EAA0B,MAAM,MAAM,CAAC;AAI7E,OAAO,EAAE,aAAa,EAAkB,mBAAmB,EAAkB,MAAM,SAAS,CAAC;AAE7F,OAAO,EAAE,MAAM,EAAiC,MAAM,UAAU,CAAC;AASjE,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE9B,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,cAAc,EAAqD,MAAM,WAAW,CAAC;AAC9F,OAAO,EAAE,WAAW,EAAmB,MAAM,SAAS,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAS,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,eAAe,EAA6B,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG3C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAgB,eAAe,EAA0B,MAAM,MAAM,CAAC;AAI7E,OAAO,EAAE,aAAa,EAAkB,mBAAmB,EAAkB,MAAM,SAAS,CAAC;AAE7F,OAAO,EAAE,MAAM,EAAiC,MAAM,UAAU,CAAC;AASjE,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE9B,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,cAAc,EAAqD,MAAM,WAAW,CAAC;AAC9F,OAAO,EAAE,WAAW,EAAmB,MAAM,SAAS,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAS,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,eAAe,EAA6B,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG3C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAiGrD,0EAA0E;AAC1E,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED,sFAAsF;AACtF,wBAAgB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,GAAG,SAAS,CAErE;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,eAAe,EAAE,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,CAsBvF;AAyCD,yCAAyC;AACzC,KAAK,YAAY,GAAG,QAAQ,GAAG,YAAY,CAAC;AAa5C,qBAAa,aAAa;IACxB,iDAAiD;IACjD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB,0DAA0D;IAC1D,QAAQ,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;IACpC,8DAA8D;IAC9D,QAAQ,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC1C,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,oEAAoE;IACpE,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,mEAAmE;IACnE,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,aAAa,CAAqC;IAC1D,wDAAwD;IACxD,QAAQ,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI,CAAQ;IAC5C,oDAAoD;IACpD,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,2BAA2B;IAC3B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,0CAA0C;IAC1C,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,8CAA8C;IAC9C,QAAQ,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACnC,mCAAmC;IACnC,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,4CAA4C;IAC5C,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,gCAAgC;IAChC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,yEAAyE;IACzE,QAAQ,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,CAAQ;IAC5C,4DAA4D;IAC5D,QAAQ,CAAC,MAAM,EAAE,kBAAkB,CAAC;IACpC,qDAAqD;IACrD,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC;IACjC,oCAAoC;IACpC,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,oDAAoD;IACpD,QAAQ,CAAC,SAAS,EAAE,kBAAkB,CAAC;IACvC,sCAAsC;IACtC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,oEAAoE;IACpE,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAc;IAC/C,yCAAyC;IACzC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAsB;IAChD,gEAAgE;IAChE,OAAO,CAAC,QAAQ,CAAS;IACzB,wEAAwE;IACxE,OAAO,CAAC,eAAe,CAAS;IAChC,mDAAmD;IACnD,OAAO,CAAC,kBAAkB,CAAiC;IAC3D,kDAAkD;IAClD,OAAO,CAAC,gBAAgB,CAAuB;IAC/C,gDAAgD;IAChD,OAAO,CAAC,iBAAiB,CAAqF;IAC9G,8CAA8C;IAC9C,OAAO,CAAC,wBAAwB,CAA+C;IAC/E,8BAA8B;IAC9B,OAAO,CAAC,gBAAgB,CAOhB;IACR,2CAA2C;IAC3C,OAAO,CAAC,aAAa,CAA+C;IACpE,4CAA4C;IAC5C,OAAO,CAAC,cAAc,CAAK;IAC3B,kCAAkC;IAClC,OAAO,CAAC,kBAAkB,CAOX;IACf,+CAA+C;IAC/C,OAAO,CAAC,iBAAiB,CAAK;IAC9B,qDAAqD;IACrD,OAAO,CAAC,UAAU,CAUV;IACR,gCAAgC;IAChC,OAAO,CAAC,gBAAgB,CAAK;IAC7B,4CAA4C;IAC5C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAQ;IAC7C,wCAAwC;IACxC,OAAO,CAAC,QAAQ,CAAK;IACrB,sEAAsE;IACtE,OAAO,CAAC,UAAU,CAAuB;IAEzC,0DAA0D;IAC1D,OAAO,KAAK,OAAO,GAElB;gBAGC,MAAM,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,EAC1D,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,mBAAmB,CAAC,EAAE,MAAM,EAC5B,OAAO,CAAC,EAAE,mBAAmB,EAAE,EAC/B,QAAQ,CAAC,EAAE,MAAM;IAkNnB;;;OAGG;IACH,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAIjC;;;;;;;;;;;OAWG;IACH,GAAG,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI;IAK1B,KAAK,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAiF1D,0EAA0E;IAC1E,OAAO,CAAC,iBAAiB;IA4BzB,uDAAuD;IACvD,OAAO,CAAC,QAAQ;IAKhB,wDAAwD;IACxD,OAAO,CAAC,SAAS;YAWH,aAAa;YA8kBb,SAAS;IA0RvB;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IA6C1B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAsB9B;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAyCrB;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAuC7B,OAAO,CAAC,UAAU;IAgLlB,OAAO,CAAC,YAAY;IAepB,OAAO,CAAC,YAAY;IAwCpB,OAAO,CAAC,UAAU;IA4ElB,OAAO,CAAC,kBAAkB;IAwD1B,kEAAkE;IAClE,OAAO,CAAC,OAAO;YAWD,eAAe;IAyH7B,OAAO,CAAC,cAAc;YA0DR,WAAW;YAkEX,oBAAoB;YA6GpB,oBAAoB;IAyIlC,OAAO,CAAC,eAAe;YA4DT,eAAe;YAiEf,eAAe;YAiDf,gBAAgB;YA2DhB,eAAe;YAwDf,cAAc;YAgFd,cAAc;YA8Dd,eAAe;YAqDf,YAAY;YAiDZ,eAAe;YA6Df,cAAc;YAwDd,aAAa;YAgDb,oBAAoB;YAgDpB,qBAAqB;IA4BnC,OAAO,CAAC,cAAc;IAwCtB,OAAO,CAAC,kBAAkB;IA+B1B,OAAO,CAAC,cAAc;IAuEtB,OAAO,CAAC,qBAAqB;IAkD7B,OAAO,CAAC,iBAAiB;IAmEzB,OAAO,CAAC,mBAAmB;IA2C3B,OAAO,CAAC,sBAAsB;IAoD9B,OAAO,CAAC,mBAAmB;IA+F3B,OAAO,CAAC,eAAe;IA6IvB,OAAO,CAAC,kBAAkB;YAyLZ,kBAAkB;IA4EhC,OAAO,CAAC,aAAa;YAmDP,YAAY;IA6C1B,OAAO,CAAC,WAAW;YA8CL,mBAAmB;IAgCjC,OAAO,CAAC,eAAe;IAcvB,+EAA+E;IAC/E,OAAO,CAAC,mBAAmB;IAS3B,oEAAoE;YACtD,mBAAmB;IAyDjC,yDAAyD;YAC3C,oBAAoB;IAsFlC,yCAAyC;YAC3B,gBAAgB;IA6E9B,uDAAuD;YACzC,iBAAiB;IA8B/B,sEAAsE;IACtE,OAAO,CAAC,kBAAkB;IAmB1B,OAAO,CAAC,qBAAqB;IAO7B,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,eAAe;IAyBvB,OAAO,CAAC,eAAe;YAWT,qBAAqB;IA8CnC,OAAO,CAAC,oBAAoB;IAe5B,OAAO,CAAC,sBAAsB;YAsBhB,mBAAmB;IA+CjC,OAAO,CAAC,oBAAoB;YAcd,oBAAoB;IA0DlC,OAAO,CAAC,sBAAsB;IA2D9B,OAAO,CAAC,wBAAwB;IAuJhC,OAAO,CAAC,qBAAqB;IA6G7B,OAAO,CAAC,wBAAwB;IAuGhC,OAAO,CAAC,kBAAkB;IAqH1B,OAAO,CAAC,uBAAuB;IAkH/B,OAAO,CAAC,mBAAmB;IAgH3B,OAAO,CAAC,oBAAoB;IA4H5B,OAAO,CAAC,qBAAqB;IAkI7B,OAAO,CAAC,mBAAmB;IAuH3B,OAAO,CAAC,qBAAqB;IAgF7B,OAAO,CAAC,uBAAuB;IAuF/B,OAAO,CAAC,sBAAsB;IAqG9B,OAAO,CAAC,sBAAsB;IAsF9B,OAAO,CAAC,sBAAsB;IA2G9B,OAAO,CAAC,mBAAmB;IA8E3B,OAAO,CAAC,sBAAsB;IA6F9B,OAAO,CAAC,mBAAmB;IAmE3B,OAAO,CAAC,qBAAqB;IAqF7B,OAAO,CAAC,iBAAiB;IAwEzB,OAAO,CAAC,gBAAgB;IAqExB,OAAO,CAAC,YAAY;IAiEpB,OAAO,CAAC,oBAAoB;IAiD5B,OAAO,CAAC,kBAAkB;IAiD1B,OAAO,CAAC,sBAAsB;IAmE9B,OAAO,CAAC,mBAAmB;IAgF3B,OAAO,CAAC,eAAe;IAiEvB,OAAO,CAAC,mBAAmB;IAoD3B,OAAO,CAAC,sBAAsB;IA4E9B,OAAO,CAAC,kBAAkB;IAoF1B,OAAO,CAAC,kBAAkB;IA0D1B,OAAO,CAAC,sBAAsB;IA+E9B,OAAO,CAAC,mBAAmB;IA2D3B,OAAO,CAAC,cAAc;IAqDtB,OAAO,CAAC,qBAAqB;IAwD7B,OAAO,CAAC,0BAA0B;IA+DlC,OAAO,CAAC,wBAAwB;IAyEhC,OAAO,CAAC,8BAA8B;IAiFtC,OAAO,CAAC,2BAA2B;IAsEnC,OAAO,CAAC,iBAAiB;IAqDzB,OAAO,CAAC,uBAAuB;IA4D/B,OAAO,CAAC,oBAAoB;IA+C5B,OAAO,CAAC,uBAAuB;IAoE/B,OAAO,CAAC,sBAAsB;IAsD9B,OAAO,CAAC,kBAAkB;IA6D1B,OAAO,CAAC,eAAe;IA4DvB,OAAO,CAAC,sBAAsB;IA8D9B,OAAO,CAAC,oBAAoB;IAmD5B,OAAO,CAAC,oBAAoB;IAqD5B,OAAO,CAAC,uBAAuB;IA0D/B,OAAO,CAAC,yBAAyB;IAuDjC,OAAO,CAAC,oBAAoB;IAqD5B,OAAO,CAAC,uBAAuB;IAmD/B,OAAO,CAAC,iBAAiB;IA+CzB,OAAO,CAAC,mBAAmB;IA8D3B,OAAO,CAAC,qBAAqB;IA0D7B,OAAO,CAAC,uBAAuB;IAkE/B,OAAO,CAAC,oBAAoB;IAoE5B,OAAO,CAAC,uBAAuB;IAwD/B,OAAO,CAAC,2BAA2B;IAyDnC,OAAO,CAAC,mBAAmB;IAwE3B,OAAO,CAAC,mBAAmB;IAsF3B,OAAO,CAAC,gBAAgB;IAsDxB,OAAO,CAAC,kBAAkB;IAsF1B,OAAO,CAAC,sBAAsB;IAiF9B,OAAO,CAAC,cAAc;YAsBR,aAAa;IA8D3B,OAAO,CAAC,gBAAgB;IA6CxB,OAAO,CAAC,kBAAkB;YA2BZ,oBAAoB;IA4FlC,OAAO,CAAC,oBAAoB;IAgC5B,gFAAgF;IAChF,OAAO,CAAC,uBAAuB;IAiD/B,OAAO,CAAC,iBAAiB;IAgGzB,OAAO,CAAC,sBAAsB;YA8BhB,uBAAuB;YAiGvB,uBAAuB;YAmEvB,wBAAwB;IA+CtC,uEAAuE;IACvE,OAAO,CAAC,cAAc;IAQtB,mCAAmC;IACnC,OAAO,CAAC,0BAA0B;YAWpB,kBAAkB;IAkIhC,OAAO,CAAC,kBAAkB;IA2B1B,OAAO,CAAC,gBAAgB;IAyCxB,OAAO,CAAC,kBAAkB;IA4B1B,OAAO,CAAC,mBAAmB;YA6Bb,iBAAiB;IA8H/B,OAAO,CAAC,wBAAwB;YAYlB,yBAAyB;YA2CzB,yBAAyB;YAqDzB,yBAAyB;IAsCvC,OAAO,CAAC,WAAW;IAyBnB,OAAO,CAAC,iBAAiB;IA2CzB,OAAO,CAAC,gBAAgB;IAaxB,OAAO,CAAC,UAAU;IA2ClB,OAAO,CAAC,eAAe;YAeT,gBAAgB;YAwChB,gBAAgB;YAwChB,gBAAgB;YAiChB,mBAAmB;YA+CnB,mBAAmB;IAwCjC,OAAO,CAAC,eAAe;IA2BvB,OAAO,CAAC,oBAAoB;YAed,iBAAiB;YAsDjB,iBAAiB;IA2D/B,OAAO,CAAC,uBAAuB;IAuB/B,OAAO,CAAC,iBAAiB;IAazB,OAAO,CAAC,gBAAgB;YAMV,iBAAiB;YAyCjB,iBAAiB;YAmDjB,iBAAiB;YAoCjB,sBAAsB;YAiDtB,wBAAwB;IA4CtC,OAAO,CAAC,mBAAmB;YAoBb,oBAAoB;YAoDpB,oBAAoB;YAgDpB,wBAAwB;IAqCtC,OAAO,CAAC,mBAAmB;YAOb,oBAAoB;YAoCpB,oBAAoB;IAmClC;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAQxB,OAAO,CAAC,eAAe;IAUvB,iFAAiF;IACjF,OAAO,CAAC,iBAAiB;IAuBzB,OAAO,CAAC,QAAQ;IA0DV,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqC3B;;;;;;;OAOG;IACG,YAAY,CAAC,SAAS,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAiErD,OAAO,CAAC,gBAAgB;IAsExB,OAAO,CAAC,eAAe;YA6GT,mBAAmB;YAoInB,wBAAwB;IA0ItC,OAAO,CAAC,sBAAsB;IA8F9B,OAAO,CAAC,sBAAsB;IA0E9B,qDAAqD;IACrD,OAAO,CAAC,UAAU;CAMnB"}
|
package/dist/server.js
CHANGED
|
@@ -122,6 +122,55 @@ const MAX_SPENDING_LIMIT = 1_000_000_000; // 1 billion credits lifetime cap
|
|
|
122
122
|
const MAX_TOPUP_AMOUNT = 100_000_000; // 100 million credits per auto-topup
|
|
123
123
|
const MAX_TOPUP_THRESHOLD = 100_000_000; // 100 million credits threshold
|
|
124
124
|
const MAX_RATE_LIMIT = 100_000; // 100k requests per window
|
|
125
|
+
/**
|
|
126
|
+
* Upper bounds for array-type admin inputs.
|
|
127
|
+
* Prevents memory exhaustion from unbounded lists and O(n) validation overhead.
|
|
128
|
+
*/
|
|
129
|
+
const MAX_ACL_ITEMS = 1_000; // Max tools in allowedTools/deniedTools per key/group
|
|
130
|
+
const MAX_IP_ALLOWLIST = 200; // Max IPs per key/group allowlist
|
|
131
|
+
const MAX_ALERT_RULES = 100; // Max alert rules
|
|
132
|
+
/** Truncate user-supplied arrays to a maximum length, returning the sliced array. */
|
|
133
|
+
function clampArray(arr, maxLen) {
|
|
134
|
+
if (!arr || !Array.isArray(arr))
|
|
135
|
+
return arr;
|
|
136
|
+
return arr.slice(0, maxLen);
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* Sanitize error messages before sending to clients — prevents information disclosure.
|
|
140
|
+
* Returns a generic message unless the error is a known-safe validation error.
|
|
141
|
+
* The full error is returned for internal logging only.
|
|
142
|
+
*/
|
|
143
|
+
function safeErrorMessage(err, fallback = 'Invalid request') {
|
|
144
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
145
|
+
// Allow known-safe, controlled error messages to pass through.
|
|
146
|
+
// These are validation messages from our own code, not system/library errors.
|
|
147
|
+
const safePatterns = [
|
|
148
|
+
/^invalid_grant/,
|
|
149
|
+
/^Request body too large$/,
|
|
150
|
+
/^Request body read timeout$/,
|
|
151
|
+
/^Missing required field/i,
|
|
152
|
+
/^Invalid (?:key|token|group|filter|parameter|redirect)/i,
|
|
153
|
+
/^(?:Key|Token|Group|Filter)\b.*\bnot found/i,
|
|
154
|
+
/^Unknown (?:client|action)/i,
|
|
155
|
+
/^Insufficient/i,
|
|
156
|
+
/^Duplicate/i,
|
|
157
|
+
/^Not found/i,
|
|
158
|
+
/^Unauthorized/i,
|
|
159
|
+
/^Forbidden/i,
|
|
160
|
+
/^(?:ACL|Quota|Rate) limit/i,
|
|
161
|
+
/^(?:Group|Filter) (?:must have|rule must)/i,
|
|
162
|
+
/^(?:Group) '.+' already exists/i,
|
|
163
|
+
/^.+(?:is required|are required)/i, // validation messages: "X is required"
|
|
164
|
+
/^Only .+ (?:is |are )?supported/i, // capability constraints
|
|
165
|
+
/^No API key linked/i, // OAuth setup validation
|
|
166
|
+
/^code_challenge/i, // PKCE validation
|
|
167
|
+
];
|
|
168
|
+
for (const pattern of safePatterns) {
|
|
169
|
+
if (pattern.test(msg))
|
|
170
|
+
return msg;
|
|
171
|
+
}
|
|
172
|
+
return fallback;
|
|
173
|
+
}
|
|
125
174
|
/** Truncate user-supplied strings to MAX_STRING_FIELD to prevent log injection and memory abuse. */
|
|
126
175
|
function sanitizeString(value, maxLen = MAX_STRING_FIELD) {
|
|
127
176
|
if (!value)
|
|
@@ -2128,12 +2177,12 @@ class PayGateServer {
|
|
|
2128
2177
|
quota = { ...tpl.quota };
|
|
2129
2178
|
}
|
|
2130
2179
|
const record = this.gate.store.createKey(name, credits, {
|
|
2131
|
-
allowedTools: params.allowedTools || (tpl ? [...tpl.allowedTools] : undefined),
|
|
2132
|
-
deniedTools: params.deniedTools || (tpl ? [...tpl.deniedTools] : undefined),
|
|
2180
|
+
allowedTools: clampArray(params.allowedTools, MAX_ACL_ITEMS) || (tpl ? [...tpl.allowedTools] : undefined),
|
|
2181
|
+
deniedTools: clampArray(params.deniedTools, MAX_ACL_ITEMS) || (tpl ? [...tpl.deniedTools] : undefined),
|
|
2133
2182
|
expiresAt,
|
|
2134
2183
|
quota,
|
|
2135
2184
|
tags: params.tags || (tpl ? { ...tpl.tags } : undefined),
|
|
2136
|
-
ipAllowlist: params.ipAllowlist || (tpl ? [...tpl.ipAllowlist] : undefined),
|
|
2185
|
+
ipAllowlist: clampArray(params.ipAllowlist, MAX_IP_ALLOWLIST) || (tpl ? [...tpl.ipAllowlist] : undefined),
|
|
2137
2186
|
namespace: params.namespace || tpl?.namespace,
|
|
2138
2187
|
});
|
|
2139
2188
|
// Apply template spending limit if not explicitly set
|
|
@@ -2423,8 +2472,8 @@ class PayGateServer {
|
|
|
2423
2472
|
break;
|
|
2424
2473
|
}
|
|
2425
2474
|
const record = this.gate.store.createKey(name, credits, {
|
|
2426
|
-
allowedTools: op.allowedTools,
|
|
2427
|
-
deniedTools: op.deniedTools,
|
|
2475
|
+
allowedTools: clampArray(op.allowedTools, MAX_ACL_ITEMS),
|
|
2476
|
+
deniedTools: clampArray(op.deniedTools, MAX_ACL_ITEMS),
|
|
2428
2477
|
tags: op.tags,
|
|
2429
2478
|
namespace: op.namespace,
|
|
2430
2479
|
});
|
|
@@ -2505,7 +2554,8 @@ class PayGateServer {
|
|
|
2505
2554
|
}
|
|
2506
2555
|
}
|
|
2507
2556
|
catch (e) {
|
|
2508
|
-
|
|
2557
|
+
this.logger.warn('Bulk operation failed', { index: i, action: op.action, error: e.message });
|
|
2558
|
+
results.push({ index: i, action: op.action || 'unknown', success: false, error: safeErrorMessage(e, 'Operation failed') });
|
|
2509
2559
|
}
|
|
2510
2560
|
}
|
|
2511
2561
|
const succeeded = results.filter(r => r.success).length;
|
|
@@ -2965,7 +3015,7 @@ class PayGateServer {
|
|
|
2965
3015
|
this.sendError(res, 400, 'Missing key');
|
|
2966
3016
|
return;
|
|
2967
3017
|
}
|
|
2968
|
-
const success = this.gate.store.setAcl(params.key, params.allowedTools, params.deniedTools);
|
|
3018
|
+
const success = this.gate.store.setAcl(params.key, clampArray(params.allowedTools, MAX_ACL_ITEMS), clampArray(params.deniedTools, MAX_ACL_ITEMS));
|
|
2969
3019
|
if (!success) {
|
|
2970
3020
|
this.sendError(res, 404, 'Key not found or inactive');
|
|
2971
3021
|
return;
|
|
@@ -3154,7 +3204,7 @@ class PayGateServer {
|
|
|
3154
3204
|
this.sendError(res, 400, 'Missing or invalid ips array');
|
|
3155
3205
|
return;
|
|
3156
3206
|
}
|
|
3157
|
-
const success = this.gate.store.setIpAllowlist(params.key, params.ips);
|
|
3207
|
+
const success = this.gate.store.setIpAllowlist(params.key, params.ips.slice(0, MAX_IP_ALLOWLIST));
|
|
3158
3208
|
if (!success) {
|
|
3159
3209
|
this.sendError(res, 404, 'Key not found');
|
|
3160
3210
|
return;
|
|
@@ -4208,8 +4258,9 @@ class PayGateServer {
|
|
|
4208
4258
|
});
|
|
4209
4259
|
}
|
|
4210
4260
|
catch (err) {
|
|
4261
|
+
this.logger.warn('OAuth client registration failed', { error: err.message });
|
|
4211
4262
|
res.writeHead(400, { 'Content-Type': 'application/json' });
|
|
4212
|
-
res.end(JSON.stringify({ error: 'invalid_client_metadata', error_description: err
|
|
4263
|
+
res.end(JSON.stringify({ error: 'invalid_client_metadata', error_description: safeErrorMessage(err, 'Invalid client metadata') }));
|
|
4213
4264
|
}
|
|
4214
4265
|
}
|
|
4215
4266
|
/** GET/POST /oauth/authorize — Authorization endpoint */
|
|
@@ -4278,13 +4329,15 @@ class PayGateServer {
|
|
|
4278
4329
|
res.end();
|
|
4279
4330
|
}
|
|
4280
4331
|
catch (err) {
|
|
4281
|
-
const
|
|
4332
|
+
const rawMsg = err.message;
|
|
4333
|
+
this.logger.warn('OAuth authorization failed', { error: rawMsg });
|
|
4334
|
+
const safeMsg = safeErrorMessage(err, 'Authorization failed');
|
|
4282
4335
|
// If there's a redirect URI and client is valid, redirect with error
|
|
4283
4336
|
if (redirectUri) {
|
|
4284
4337
|
try {
|
|
4285
4338
|
const redirectUrl = new URL(redirectUri);
|
|
4286
4339
|
redirectUrl.searchParams.set('error', 'server_error');
|
|
4287
|
-
redirectUrl.searchParams.set('error_description',
|
|
4340
|
+
redirectUrl.searchParams.set('error_description', safeMsg);
|
|
4288
4341
|
if (state)
|
|
4289
4342
|
redirectUrl.searchParams.set('state', state);
|
|
4290
4343
|
res.writeHead(302, { Location: redirectUrl.toString() });
|
|
@@ -4294,7 +4347,7 @@ class PayGateServer {
|
|
|
4294
4347
|
catch { /* fall through to JSON error */ }
|
|
4295
4348
|
}
|
|
4296
4349
|
res.writeHead(400, { 'Content-Type': 'application/json' });
|
|
4297
|
-
res.end(JSON.stringify({ error: 'invalid_request', error_description:
|
|
4350
|
+
res.end(JSON.stringify({ error: 'invalid_request', error_description: safeMsg }));
|
|
4298
4351
|
}
|
|
4299
4352
|
}
|
|
4300
4353
|
/** POST /oauth/token — Token endpoint */
|
|
@@ -4366,10 +4419,12 @@ class PayGateServer {
|
|
|
4366
4419
|
}
|
|
4367
4420
|
}
|
|
4368
4421
|
catch (err) {
|
|
4369
|
-
const
|
|
4370
|
-
|
|
4422
|
+
const rawMsg = err.message;
|
|
4423
|
+
this.logger.warn('OAuth token exchange failed', { error: rawMsg });
|
|
4424
|
+
const errorCode = rawMsg.startsWith('invalid_grant') ? 'invalid_grant' : 'invalid_request';
|
|
4425
|
+
const safeMsg = safeErrorMessage(err, 'Token exchange failed');
|
|
4371
4426
|
res.writeHead(400, { 'Content-Type': 'application/json' });
|
|
4372
|
-
res.end(JSON.stringify({ error: errorCode, error_description:
|
|
4427
|
+
res.end(JSON.stringify({ error: errorCode, error_description: safeMsg }));
|
|
4373
4428
|
}
|
|
4374
4429
|
}
|
|
4375
4430
|
/** POST /oauth/revoke — Token revocation (RFC 7009) */
|
|
@@ -9633,7 +9688,8 @@ class PayGateServer {
|
|
|
9633
9688
|
fileConfig = JSON.parse(raw);
|
|
9634
9689
|
}
|
|
9635
9690
|
catch (err) {
|
|
9636
|
-
this.
|
|
9691
|
+
this.logger.error('Config file read/parse failed', { error: err.message, path: filePath });
|
|
9692
|
+
this.sendError(res, 400, 'Failed to read or parse config file');
|
|
9637
9693
|
return;
|
|
9638
9694
|
}
|
|
9639
9695
|
// Validate the loaded config
|
|
@@ -9923,7 +9979,8 @@ class PayGateServer {
|
|
|
9923
9979
|
}
|
|
9924
9980
|
});
|
|
9925
9981
|
reqObj.on('error', (err) => {
|
|
9926
|
-
|
|
9982
|
+
this.logger.warn('Webhook test delivery failed', { error: err.message, url: parsed.hostname });
|
|
9983
|
+
resolve({ success: false, error: 'Connection failed', responseTime: Date.now() - startTime });
|
|
9927
9984
|
});
|
|
9928
9985
|
reqObj.on('timeout', () => {
|
|
9929
9986
|
reqObj.destroy();
|
|
@@ -9990,7 +10047,8 @@ class PayGateServer {
|
|
|
9990
10047
|
this.sendJson(res, 201, rule);
|
|
9991
10048
|
}
|
|
9992
10049
|
catch (err) {
|
|
9993
|
-
this.
|
|
10050
|
+
this.logger.warn('Webhook filter creation failed', { error: err.message });
|
|
10051
|
+
this.sendError(res, 400, safeErrorMessage(err, 'Failed to create webhook filter'));
|
|
9994
10052
|
}
|
|
9995
10053
|
}
|
|
9996
10054
|
async handleUpdateWebhookFilter(req, res) {
|
|
@@ -10039,7 +10097,8 @@ class PayGateServer {
|
|
|
10039
10097
|
this.sendJson(res, 200, rule);
|
|
10040
10098
|
}
|
|
10041
10099
|
catch (err) {
|
|
10042
|
-
this.
|
|
10100
|
+
this.logger.warn('Webhook filter update failed', { error: err.message });
|
|
10101
|
+
this.sendError(res, 400, safeErrorMessage(err, 'Failed to update webhook filter'));
|
|
10043
10102
|
}
|
|
10044
10103
|
}
|
|
10045
10104
|
async handleDeleteWebhookFilter(req, res) {
|
|
@@ -10429,16 +10488,17 @@ class PayGateServer {
|
|
|
10429
10488
|
return;
|
|
10430
10489
|
}
|
|
10431
10490
|
const ttl = Math.max(1, Math.min(86400, Math.floor(Number(params.ttl) || 3600)));
|
|
10491
|
+
const clampedTokenTools = clampArray(params.allowedTools, MAX_ACL_ITEMS);
|
|
10432
10492
|
const token = this.tokens.create({
|
|
10433
10493
|
apiKey: params.key,
|
|
10434
10494
|
ttlSeconds: ttl,
|
|
10435
|
-
allowedTools:
|
|
10495
|
+
allowedTools: clampedTokenTools,
|
|
10436
10496
|
label: params.label,
|
|
10437
10497
|
});
|
|
10438
10498
|
this.audit.log('token.created', 'admin', `Scoped token created for key: ${keyRecord.name}`, {
|
|
10439
10499
|
keyMasked: (0, audit_1.maskKeyForAudit)(params.key),
|
|
10440
10500
|
ttl,
|
|
10441
|
-
allowedTools:
|
|
10501
|
+
allowedTools: clampedTokenTools,
|
|
10442
10502
|
label: params.label,
|
|
10443
10503
|
});
|
|
10444
10504
|
this.sendJson(res, 201, {
|
|
@@ -10446,7 +10506,7 @@ class PayGateServer {
|
|
|
10446
10506
|
expiresAt: new Date(Date.now() + ttl * 1000).toISOString(),
|
|
10447
10507
|
ttl,
|
|
10448
10508
|
parentKey: keyRecord.name,
|
|
10449
|
-
allowedTools:
|
|
10509
|
+
allowedTools: clampedTokenTools || [],
|
|
10450
10510
|
label: params.label || null,
|
|
10451
10511
|
message: 'Use this token as X-API-Key or Bearer token. It will expire automatically.',
|
|
10452
10512
|
});
|
|
@@ -10557,8 +10617,8 @@ class PayGateServer {
|
|
|
10557
10617
|
const group = this.groups.createGroup({
|
|
10558
10618
|
name: sanitizeString(params.name) || '',
|
|
10559
10619
|
description: sanitizeString(params.description) || undefined,
|
|
10560
|
-
allowedTools: params.allowedTools,
|
|
10561
|
-
deniedTools: params.deniedTools,
|
|
10620
|
+
allowedTools: clampArray(params.allowedTools, MAX_ACL_ITEMS),
|
|
10621
|
+
deniedTools: clampArray(params.deniedTools, MAX_ACL_ITEMS),
|
|
10562
10622
|
rateLimitPerMin: params.rateLimitPerMin ? clampInt(Number(params.rateLimitPerMin), 0, MAX_RATE_LIMIT) : undefined,
|
|
10563
10623
|
toolPricing: params.toolPricing,
|
|
10564
10624
|
quota: params.quota ? {
|
|
@@ -10567,7 +10627,7 @@ class PayGateServer {
|
|
|
10567
10627
|
dailyCreditLimit: clampInt(Number(params.quota.dailyCreditLimit) || 0, 0, MAX_QUOTA_LIMIT),
|
|
10568
10628
|
monthlyCreditLimit: clampInt(Number(params.quota.monthlyCreditLimit) || 0, 0, MAX_QUOTA_LIMIT),
|
|
10569
10629
|
} : undefined,
|
|
10570
|
-
ipAllowlist: params.ipAllowlist,
|
|
10630
|
+
ipAllowlist: clampArray(params.ipAllowlist, MAX_IP_ALLOWLIST),
|
|
10571
10631
|
defaultCredits: params.defaultCredits ? clampInt(Number(params.defaultCredits), 0, MAX_CREDITS) : undefined,
|
|
10572
10632
|
maxSpendingLimit: params.maxSpendingLimit ? clampInt(Number(params.maxSpendingLimit), 0, MAX_SPENDING_LIMIT) : undefined,
|
|
10573
10633
|
tags: params.tags,
|
|
@@ -10579,7 +10639,8 @@ class PayGateServer {
|
|
|
10579
10639
|
this.sendJson(res, 201, group);
|
|
10580
10640
|
}
|
|
10581
10641
|
catch (err) {
|
|
10582
|
-
this.
|
|
10642
|
+
this.logger.warn('Group creation failed', { error: err.message });
|
|
10643
|
+
this.sendError(res, 400, safeErrorMessage(err, 'Failed to create group'));
|
|
10583
10644
|
}
|
|
10584
10645
|
}
|
|
10585
10646
|
async handleUpdateGroup(req, res) {
|
|
@@ -10607,8 +10668,8 @@ class PayGateServer {
|
|
|
10607
10668
|
const group = this.groups.updateGroup(groupId, {
|
|
10608
10669
|
name: params.name ? sanitizeString(params.name) : undefined,
|
|
10609
10670
|
description: params.description !== undefined ? (sanitizeString(params.description) || undefined) : undefined,
|
|
10610
|
-
allowedTools: params.allowedTools,
|
|
10611
|
-
deniedTools: params.deniedTools,
|
|
10671
|
+
allowedTools: clampArray(params.allowedTools, MAX_ACL_ITEMS),
|
|
10672
|
+
deniedTools: clampArray(params.deniedTools, MAX_ACL_ITEMS),
|
|
10612
10673
|
rateLimitPerMin: params.rateLimitPerMin ? clampInt(Number(params.rateLimitPerMin), 0, MAX_RATE_LIMIT) : undefined,
|
|
10613
10674
|
toolPricing: params.toolPricing,
|
|
10614
10675
|
quota: params.quota === null ? null : params.quota ? {
|
|
@@ -10617,7 +10678,7 @@ class PayGateServer {
|
|
|
10617
10678
|
dailyCreditLimit: clampInt(Number(params.quota.dailyCreditLimit) || 0, 0, MAX_QUOTA_LIMIT),
|
|
10618
10679
|
monthlyCreditLimit: clampInt(Number(params.quota.monthlyCreditLimit) || 0, 0, MAX_QUOTA_LIMIT),
|
|
10619
10680
|
} : undefined,
|
|
10620
|
-
ipAllowlist: params.ipAllowlist,
|
|
10681
|
+
ipAllowlist: clampArray(params.ipAllowlist, MAX_IP_ALLOWLIST),
|
|
10621
10682
|
defaultCredits: params.defaultCredits ? clampInt(Number(params.defaultCredits), 0, MAX_CREDITS) : undefined,
|
|
10622
10683
|
maxSpendingLimit: params.maxSpendingLimit ? clampInt(Number(params.maxSpendingLimit), 0, MAX_SPENDING_LIMIT) : undefined,
|
|
10623
10684
|
tags: params.tags,
|
|
@@ -10629,7 +10690,8 @@ class PayGateServer {
|
|
|
10629
10690
|
this.sendJson(res, 200, group);
|
|
10630
10691
|
}
|
|
10631
10692
|
catch (err) {
|
|
10632
|
-
this.
|
|
10693
|
+
this.logger.warn('Group update failed', { error: err.message });
|
|
10694
|
+
this.sendError(res, 400, safeErrorMessage(err, 'Failed to update group'));
|
|
10633
10695
|
}
|
|
10634
10696
|
}
|
|
10635
10697
|
async handleDeleteGroup(req, res) {
|
|
@@ -10709,7 +10771,8 @@ class PayGateServer {
|
|
|
10709
10771
|
this.sendJson(res, 200, { ok: true, message: `Key assigned to group ${groupId}` });
|
|
10710
10772
|
}
|
|
10711
10773
|
catch (err) {
|
|
10712
|
-
this.
|
|
10774
|
+
this.logger.warn('Group key assignment failed', { error: err.message, groupId });
|
|
10775
|
+
this.sendError(res, 400, safeErrorMessage(err, 'Failed to assign key to group'));
|
|
10713
10776
|
}
|
|
10714
10777
|
}
|
|
10715
10778
|
async handleRemoveKeyFromGroup(req, res) {
|