paygate-mcp 8.90.0 → 8.91.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +64 -15
- package/dist/server.js.map +1 -1
- package/package.json +1 -1
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAgB,eAAe,EAA0B,MAAM,MAAM,CAAC;AAI7E,OAAO,EAAE,aAAa,EAAkB,mBAAmB,EAAkB,MAAM,SAAS,CAAC;AAE7F,OAAO,EAAE,MAAM,EAAiC,MAAM,UAAU,CAAC;AASjE,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE9B,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,cAAc,EAAqD,MAAM,WAAW,CAAC;AAC9F,OAAO,EAAE,WAAW,EAAmB,MAAM,SAAS,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAS,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,eAAe,EAA6B,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG3C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAgB,eAAe,EAA0B,MAAM,MAAM,CAAC;AAI7E,OAAO,EAAE,aAAa,EAAkB,mBAAmB,EAAkB,MAAM,SAAS,CAAC;AAE7F,OAAO,EAAE,MAAM,EAAiC,MAAM,UAAU,CAAC;AASjE,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE9B,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,cAAc,EAAqD,MAAM,WAAW,CAAC;AAC9F,OAAO,EAAE,WAAW,EAAmB,MAAM,SAAS,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAS,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,eAAe,EAA6B,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG3C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAiGrD,0EAA0E;AAC1E,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED,sFAAsF;AACtF,wBAAgB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,GAAG,SAAS,CAErE;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,eAAe,EAAE,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,CAsBvF;AAyCD,yCAAyC;AACzC,KAAK,YAAY,GAAG,QAAQ,GAAG,YAAY,CAAC;AAa5C,qBAAa,aAAa;IACxB,iDAAiD;IACjD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;IACpB,0DAA0D;IAC1D,QAAQ,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;IACpC,8DAA8D;IAC9D,QAAQ,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC1C,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,oEAAoE;IACpE,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,mEAAmE;IACnE,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,aAAa,CAAqC;IAC1D,wDAAwD;IACxD,QAAQ,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI,CAAQ;IAC5C,oDAAoD;IACpD,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,2BAA2B;IAC3B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,0CAA0C;IAC1C,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,8CAA8C;IAC9C,QAAQ,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACnC,mCAAmC;IACnC,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,4CAA4C;IAC5C,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B,gCAAgC;IAChC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,yEAAyE;IACzE,QAAQ,CAAC,SAAS,EAAE,SAAS,GAAG,IAAI,CAAQ;IAC5C,4DAA4D;IAC5D,QAAQ,CAAC,MAAM,EAAE,kBAAkB,CAAC;IACpC,qDAAqD;IACrD,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC;IACjC,oCAAoC;IACpC,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,oDAAoD;IACpD,QAAQ,CAAC,SAAS,EAAE,kBAAkB,CAAC;IACvC,sCAAsC;IACtC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,oEAAoE;IACpE,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAc;IAC/C,yCAAyC;IACzC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAsB;IAChD,gEAAgE;IAChE,OAAO,CAAC,QAAQ,CAAS;IACzB,wEAAwE;IACxE,OAAO,CAAC,eAAe,CAAS;IAChC,mDAAmD;IACnD,OAAO,CAAC,kBAAkB,CAAiC;IAC3D,kDAAkD;IAClD,OAAO,CAAC,gBAAgB,CAAuB;IAC/C,gDAAgD;IAChD,OAAO,CAAC,iBAAiB,CAAqF;IAC9G,8CAA8C;IAC9C,OAAO,CAAC,wBAAwB,CAA+C;IAC/E,8BAA8B;IAC9B,OAAO,CAAC,gBAAgB,CAOhB;IACR,2CAA2C;IAC3C,OAAO,CAAC,aAAa,CAA+C;IACpE,4CAA4C;IAC5C,OAAO,CAAC,cAAc,CAAK;IAC3B,kCAAkC;IAClC,OAAO,CAAC,kBAAkB,CAOX;IACf,+CAA+C;IAC/C,OAAO,CAAC,iBAAiB,CAAK;IAC9B,qDAAqD;IACrD,OAAO,CAAC,UAAU,CAUV;IACR,gCAAgC;IAChC,OAAO,CAAC,gBAAgB,CAAK;IAC7B,4CAA4C;IAC5C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAQ;IAC7C,wCAAwC;IACxC,OAAO,CAAC,QAAQ,CAAK;IACrB,sEAAsE;IACtE,OAAO,CAAC,UAAU,CAAuB;IAEzC,0DAA0D;IAC1D,OAAO,KAAK,OAAO,GAElB;gBAGC,MAAM,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,EAC1D,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,mBAAmB,CAAC,EAAE,MAAM,EAC5B,OAAO,CAAC,EAAE,mBAAmB,EAAE,EAC/B,QAAQ,CAAC,EAAE,MAAM;IAkNnB;;;OAGG;IACH,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAIjC;;;;;;;;;;;OAWG;IACH,GAAG,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI;IAK1B,KAAK,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAiF1D,0EAA0E;IAC1E,OAAO,CAAC,iBAAiB;IA4BzB,uDAAuD;IACvD,OAAO,CAAC,QAAQ;IAKhB,wDAAwD;IACxD,OAAO,CAAC,SAAS;YAWH,aAAa;YA8kBb,SAAS;IA0RvB;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IA6C1B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAsB9B;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAyCrB;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAuC7B,OAAO,CAAC,UAAU;IAgLlB,OAAO,CAAC,YAAY;IAepB,OAAO,CAAC,YAAY;IAwCpB,OAAO,CAAC,UAAU;IA4ElB,OAAO,CAAC,kBAAkB;IAwD1B,kEAAkE;IAClE,OAAO,CAAC,OAAO;YAWD,eAAe;IAyH7B,OAAO,CAAC,cAAc;YA0DR,WAAW;YAkEX,oBAAoB;YA6GpB,oBAAoB;IAyIlC,OAAO,CAAC,eAAe;YA4DT,eAAe;YAiEf,eAAe;YAiDf,gBAAgB;YA2DhB,eAAe;YAwDf,cAAc;YAgFd,cAAc;YA8Dd,eAAe;YAqDf,YAAY;YAiDZ,eAAe;YA6Df,cAAc;YAwDd,aAAa;YAgDb,oBAAoB;YAgDpB,qBAAqB;IA4BnC,OAAO,CAAC,cAAc;IAwCtB,OAAO,CAAC,kBAAkB;IA+B1B,OAAO,CAAC,cAAc;IAuEtB,OAAO,CAAC,qBAAqB;IAkD7B,OAAO,CAAC,iBAAiB;IAmEzB,OAAO,CAAC,mBAAmB;IA2C3B,OAAO,CAAC,sBAAsB;IAoD9B,OAAO,CAAC,mBAAmB;IA+F3B,OAAO,CAAC,eAAe;IA6IvB,OAAO,CAAC,kBAAkB;YAyLZ,kBAAkB;IA4EhC,OAAO,CAAC,aAAa;YAmDP,YAAY;IA6C1B,OAAO,CAAC,WAAW;YA8CL,mBAAmB;IAgCjC,OAAO,CAAC,eAAe;IAcvB,+EAA+E;IAC/E,OAAO,CAAC,mBAAmB;IAS3B,oEAAoE;YACtD,mBAAmB;IAyDjC,yDAAyD;YAC3C,oBAAoB;IAsFlC,yCAAyC;YAC3B,gBAAgB;IA6E9B,uDAAuD;YACzC,iBAAiB;IA8B/B,sEAAsE;IACtE,OAAO,CAAC,kBAAkB;IAmB1B,OAAO,CAAC,qBAAqB;IAO7B,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,eAAe;IAyBvB,OAAO,CAAC,eAAe;YAWT,qBAAqB;IA8CnC,OAAO,CAAC,oBAAoB;IAe5B,OAAO,CAAC,sBAAsB;YAsBhB,mBAAmB;IA+CjC,OAAO,CAAC,oBAAoB;YAcd,oBAAoB;IA0DlC,OAAO,CAAC,sBAAsB;IA2D9B,OAAO,CAAC,wBAAwB;IAuJhC,OAAO,CAAC,qBAAqB;IA6G7B,OAAO,CAAC,wBAAwB;IAuGhC,OAAO,CAAC,kBAAkB;IAqH1B,OAAO,CAAC,uBAAuB;IAkH/B,OAAO,CAAC,mBAAmB;IAgH3B,OAAO,CAAC,oBAAoB;IA4H5B,OAAO,CAAC,qBAAqB;IAkI7B,OAAO,CAAC,mBAAmB;IAuH3B,OAAO,CAAC,qBAAqB;IAgF7B,OAAO,CAAC,uBAAuB;IAuF/B,OAAO,CAAC,sBAAsB;IAqG9B,OAAO,CAAC,sBAAsB;IAsF9B,OAAO,CAAC,sBAAsB;IA2G9B,OAAO,CAAC,mBAAmB;IA8E3B,OAAO,CAAC,sBAAsB;IA6F9B,OAAO,CAAC,mBAAmB;IAmE3B,OAAO,CAAC,qBAAqB;IAqF7B,OAAO,CAAC,iBAAiB;IAwEzB,OAAO,CAAC,gBAAgB;IAqExB,OAAO,CAAC,YAAY;IAiEpB,OAAO,CAAC,oBAAoB;IAiD5B,OAAO,CAAC,kBAAkB;IAiD1B,OAAO,CAAC,sBAAsB;IAmE9B,OAAO,CAAC,mBAAmB;IAgF3B,OAAO,CAAC,eAAe;IAiEvB,OAAO,CAAC,mBAAmB;IAoD3B,OAAO,CAAC,sBAAsB;IA4E9B,OAAO,CAAC,kBAAkB;IAoF1B,OAAO,CAAC,kBAAkB;IA0D1B,OAAO,CAAC,sBAAsB;IA+E9B,OAAO,CAAC,mBAAmB;IA2D3B,OAAO,CAAC,cAAc;IAqDtB,OAAO,CAAC,qBAAqB;IAwD7B,OAAO,CAAC,0BAA0B;IA+DlC,OAAO,CAAC,wBAAwB;IAyEhC,OAAO,CAAC,8BAA8B;IAiFtC,OAAO,CAAC,2BAA2B;IAsEnC,OAAO,CAAC,iBAAiB;IAqDzB,OAAO,CAAC,uBAAuB;IA4D/B,OAAO,CAAC,oBAAoB;IA+C5B,OAAO,CAAC,uBAAuB;IAoE/B,OAAO,CAAC,sBAAsB;IAsD9B,OAAO,CAAC,kBAAkB;IA6D1B,OAAO,CAAC,eAAe;IA4DvB,OAAO,CAAC,sBAAsB;IA8D9B,OAAO,CAAC,oBAAoB;IAmD5B,OAAO,CAAC,oBAAoB;IAqD5B,OAAO,CAAC,uBAAuB;IA0D/B,OAAO,CAAC,yBAAyB;IAuDjC,OAAO,CAAC,oBAAoB;IAqD5B,OAAO,CAAC,uBAAuB;IAmD/B,OAAO,CAAC,iBAAiB;IA+CzB,OAAO,CAAC,mBAAmB;IA8D3B,OAAO,CAAC,qBAAqB;IA0D7B,OAAO,CAAC,uBAAuB;IAkE/B,OAAO,CAAC,oBAAoB;IAoE5B,OAAO,CAAC,uBAAuB;IAwD/B,OAAO,CAAC,2BAA2B;IAyDnC,OAAO,CAAC,mBAAmB;IAwE3B,OAAO,CAAC,mBAAmB;IAsF3B,OAAO,CAAC,gBAAgB;IAsDxB,OAAO,CAAC,kBAAkB;IAsF1B,OAAO,CAAC,sBAAsB;IAiF9B,OAAO,CAAC,cAAc;YAsBR,aAAa;IA8D3B,OAAO,CAAC,gBAAgB;IA6CxB,OAAO,CAAC,kBAAkB;YA2BZ,oBAAoB;IA4FlC,OAAO,CAAC,oBAAoB;IAgC5B,gFAAgF;IAChF,OAAO,CAAC,uBAAuB;IAiD/B,OAAO,CAAC,iBAAiB;IAgGzB,OAAO,CAAC,sBAAsB;YA8BhB,uBAAuB;YAiGvB,uBAAuB;YAmEvB,wBAAwB;IA+CtC,uEAAuE;IACvE,OAAO,CAAC,cAAc;IAQtB,mCAAmC;IACnC,OAAO,CAAC,0BAA0B;YAWpB,kBAAkB;IAkIhC,OAAO,CAAC,kBAAkB;IA2B1B,OAAO,CAAC,gBAAgB;IAyCxB,OAAO,CAAC,kBAAkB;IA4B1B,OAAO,CAAC,mBAAmB;YA6Bb,iBAAiB;IA8H/B,OAAO,CAAC,wBAAwB;YAYlB,yBAAyB;YA2CzB,yBAAyB;YAqDzB,yBAAyB;IAsCvC,OAAO,CAAC,WAAW;IAyBnB,OAAO,CAAC,iBAAiB;IA2CzB,OAAO,CAAC,gBAAgB;IAaxB,OAAO,CAAC,UAAU;IA2ClB,OAAO,CAAC,eAAe;YAeT,gBAAgB;YAwChB,gBAAgB;YAwChB,gBAAgB;YAiChB,mBAAmB;YA+CnB,mBAAmB;IAwCjC,OAAO,CAAC,eAAe;IA2BvB,OAAO,CAAC,oBAAoB;YAed,iBAAiB;YAsDjB,iBAAiB;IA2D/B,OAAO,CAAC,uBAAuB;IAuB/B,OAAO,CAAC,iBAAiB;IAazB,OAAO,CAAC,gBAAgB;YAMV,iBAAiB;YAyCjB,iBAAiB;YAmDjB,iBAAiB;YAoCjB,sBAAsB;YAiDtB,wBAAwB;IA4CtC,OAAO,CAAC,mBAAmB;YAoBb,oBAAoB;YAoDpB,oBAAoB;YAgDpB,wBAAwB;IAqCtC,OAAO,CAAC,mBAAmB;YAOb,oBAAoB;YAoCpB,oBAAoB;IAmClC;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAQxB,OAAO,CAAC,eAAe;IAUvB,iFAAiF;IACjF,OAAO,CAAC,iBAAiB;IAuBzB,OAAO,CAAC,QAAQ;IA0DV,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAqC3B;;;;;;;OAOG;IACG,YAAY,CAAC,SAAS,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAiErD,OAAO,CAAC,gBAAgB;IAsExB,OAAO,CAAC,eAAe;YA6GT,mBAAmB;YAoInB,wBAAwB;IA0ItC,OAAO,CAAC,sBAAsB;IA8F9B,OAAO,CAAC,sBAAsB;IA0E9B,qDAAqD;IACrD,OAAO,CAAC,UAAU;CAMnB"}
|
package/dist/server.js
CHANGED
|
@@ -135,6 +135,42 @@ function clampArray(arr, maxLen) {
|
|
|
135
135
|
return arr;
|
|
136
136
|
return arr.slice(0, maxLen);
|
|
137
137
|
}
|
|
138
|
+
/**
|
|
139
|
+
* Sanitize error messages before sending to clients — prevents information disclosure.
|
|
140
|
+
* Returns a generic message unless the error is a known-safe validation error.
|
|
141
|
+
* The full error is returned for internal logging only.
|
|
142
|
+
*/
|
|
143
|
+
function safeErrorMessage(err, fallback = 'Invalid request') {
|
|
144
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
145
|
+
// Allow known-safe, controlled error messages to pass through.
|
|
146
|
+
// These are validation messages from our own code, not system/library errors.
|
|
147
|
+
const safePatterns = [
|
|
148
|
+
/^invalid_grant/,
|
|
149
|
+
/^Request body too large$/,
|
|
150
|
+
/^Request body read timeout$/,
|
|
151
|
+
/^Missing required field/i,
|
|
152
|
+
/^Invalid (?:key|token|group|filter|parameter|redirect)/i,
|
|
153
|
+
/^(?:Key|Token|Group|Filter)\b.*\bnot found/i,
|
|
154
|
+
/^Unknown (?:client|action)/i,
|
|
155
|
+
/^Insufficient/i,
|
|
156
|
+
/^Duplicate/i,
|
|
157
|
+
/^Not found/i,
|
|
158
|
+
/^Unauthorized/i,
|
|
159
|
+
/^Forbidden/i,
|
|
160
|
+
/^(?:ACL|Quota|Rate) limit/i,
|
|
161
|
+
/^(?:Group|Filter) (?:must have|rule must)/i,
|
|
162
|
+
/^(?:Group) '.+' already exists/i,
|
|
163
|
+
/^.+(?:is required|are required)/i, // validation messages: "X is required"
|
|
164
|
+
/^Only .+ (?:is |are )?supported/i, // capability constraints
|
|
165
|
+
/^No API key linked/i, // OAuth setup validation
|
|
166
|
+
/^code_challenge/i, // PKCE validation
|
|
167
|
+
];
|
|
168
|
+
for (const pattern of safePatterns) {
|
|
169
|
+
if (pattern.test(msg))
|
|
170
|
+
return msg;
|
|
171
|
+
}
|
|
172
|
+
return fallback;
|
|
173
|
+
}
|
|
138
174
|
/** Truncate user-supplied strings to MAX_STRING_FIELD to prevent log injection and memory abuse. */
|
|
139
175
|
function sanitizeString(value, maxLen = MAX_STRING_FIELD) {
|
|
140
176
|
if (!value)
|
|
@@ -2518,7 +2554,8 @@ class PayGateServer {
|
|
|
2518
2554
|
}
|
|
2519
2555
|
}
|
|
2520
2556
|
catch (e) {
|
|
2521
|
-
|
|
2557
|
+
this.logger.warn('Bulk operation failed', { index: i, action: op.action, error: e.message });
|
|
2558
|
+
results.push({ index: i, action: op.action || 'unknown', success: false, error: safeErrorMessage(e, 'Operation failed') });
|
|
2522
2559
|
}
|
|
2523
2560
|
}
|
|
2524
2561
|
const succeeded = results.filter(r => r.success).length;
|
|
@@ -4221,8 +4258,9 @@ class PayGateServer {
|
|
|
4221
4258
|
});
|
|
4222
4259
|
}
|
|
4223
4260
|
catch (err) {
|
|
4261
|
+
this.logger.warn('OAuth client registration failed', { error: err.message });
|
|
4224
4262
|
res.writeHead(400, { 'Content-Type': 'application/json' });
|
|
4225
|
-
res.end(JSON.stringify({ error: 'invalid_client_metadata', error_description: err
|
|
4263
|
+
res.end(JSON.stringify({ error: 'invalid_client_metadata', error_description: safeErrorMessage(err, 'Invalid client metadata') }));
|
|
4226
4264
|
}
|
|
4227
4265
|
}
|
|
4228
4266
|
/** GET/POST /oauth/authorize — Authorization endpoint */
|
|
@@ -4291,13 +4329,15 @@ class PayGateServer {
|
|
|
4291
4329
|
res.end();
|
|
4292
4330
|
}
|
|
4293
4331
|
catch (err) {
|
|
4294
|
-
const
|
|
4332
|
+
const rawMsg = err.message;
|
|
4333
|
+
this.logger.warn('OAuth authorization failed', { error: rawMsg });
|
|
4334
|
+
const safeMsg = safeErrorMessage(err, 'Authorization failed');
|
|
4295
4335
|
// If there's a redirect URI and client is valid, redirect with error
|
|
4296
4336
|
if (redirectUri) {
|
|
4297
4337
|
try {
|
|
4298
4338
|
const redirectUrl = new URL(redirectUri);
|
|
4299
4339
|
redirectUrl.searchParams.set('error', 'server_error');
|
|
4300
|
-
redirectUrl.searchParams.set('error_description',
|
|
4340
|
+
redirectUrl.searchParams.set('error_description', safeMsg);
|
|
4301
4341
|
if (state)
|
|
4302
4342
|
redirectUrl.searchParams.set('state', state);
|
|
4303
4343
|
res.writeHead(302, { Location: redirectUrl.toString() });
|
|
@@ -4307,7 +4347,7 @@ class PayGateServer {
|
|
|
4307
4347
|
catch { /* fall through to JSON error */ }
|
|
4308
4348
|
}
|
|
4309
4349
|
res.writeHead(400, { 'Content-Type': 'application/json' });
|
|
4310
|
-
res.end(JSON.stringify({ error: 'invalid_request', error_description:
|
|
4350
|
+
res.end(JSON.stringify({ error: 'invalid_request', error_description: safeMsg }));
|
|
4311
4351
|
}
|
|
4312
4352
|
}
|
|
4313
4353
|
/** POST /oauth/token — Token endpoint */
|
|
@@ -4379,10 +4419,12 @@ class PayGateServer {
|
|
|
4379
4419
|
}
|
|
4380
4420
|
}
|
|
4381
4421
|
catch (err) {
|
|
4382
|
-
const
|
|
4383
|
-
|
|
4422
|
+
const rawMsg = err.message;
|
|
4423
|
+
this.logger.warn('OAuth token exchange failed', { error: rawMsg });
|
|
4424
|
+
const errorCode = rawMsg.startsWith('invalid_grant') ? 'invalid_grant' : 'invalid_request';
|
|
4425
|
+
const safeMsg = safeErrorMessage(err, 'Token exchange failed');
|
|
4384
4426
|
res.writeHead(400, { 'Content-Type': 'application/json' });
|
|
4385
|
-
res.end(JSON.stringify({ error: errorCode, error_description:
|
|
4427
|
+
res.end(JSON.stringify({ error: errorCode, error_description: safeMsg }));
|
|
4386
4428
|
}
|
|
4387
4429
|
}
|
|
4388
4430
|
/** POST /oauth/revoke — Token revocation (RFC 7009) */
|
|
@@ -9646,7 +9688,8 @@ class PayGateServer {
|
|
|
9646
9688
|
fileConfig = JSON.parse(raw);
|
|
9647
9689
|
}
|
|
9648
9690
|
catch (err) {
|
|
9649
|
-
this.
|
|
9691
|
+
this.logger.error('Config file read/parse failed', { error: err.message, path: filePath });
|
|
9692
|
+
this.sendError(res, 400, 'Failed to read or parse config file');
|
|
9650
9693
|
return;
|
|
9651
9694
|
}
|
|
9652
9695
|
// Validate the loaded config
|
|
@@ -9936,7 +9979,8 @@ class PayGateServer {
|
|
|
9936
9979
|
}
|
|
9937
9980
|
});
|
|
9938
9981
|
reqObj.on('error', (err) => {
|
|
9939
|
-
|
|
9982
|
+
this.logger.warn('Webhook test delivery failed', { error: err.message, url: parsed.hostname });
|
|
9983
|
+
resolve({ success: false, error: 'Connection failed', responseTime: Date.now() - startTime });
|
|
9940
9984
|
});
|
|
9941
9985
|
reqObj.on('timeout', () => {
|
|
9942
9986
|
reqObj.destroy();
|
|
@@ -10003,7 +10047,8 @@ class PayGateServer {
|
|
|
10003
10047
|
this.sendJson(res, 201, rule);
|
|
10004
10048
|
}
|
|
10005
10049
|
catch (err) {
|
|
10006
|
-
this.
|
|
10050
|
+
this.logger.warn('Webhook filter creation failed', { error: err.message });
|
|
10051
|
+
this.sendError(res, 400, safeErrorMessage(err, 'Failed to create webhook filter'));
|
|
10007
10052
|
}
|
|
10008
10053
|
}
|
|
10009
10054
|
async handleUpdateWebhookFilter(req, res) {
|
|
@@ -10052,7 +10097,8 @@ class PayGateServer {
|
|
|
10052
10097
|
this.sendJson(res, 200, rule);
|
|
10053
10098
|
}
|
|
10054
10099
|
catch (err) {
|
|
10055
|
-
this.
|
|
10100
|
+
this.logger.warn('Webhook filter update failed', { error: err.message });
|
|
10101
|
+
this.sendError(res, 400, safeErrorMessage(err, 'Failed to update webhook filter'));
|
|
10056
10102
|
}
|
|
10057
10103
|
}
|
|
10058
10104
|
async handleDeleteWebhookFilter(req, res) {
|
|
@@ -10593,7 +10639,8 @@ class PayGateServer {
|
|
|
10593
10639
|
this.sendJson(res, 201, group);
|
|
10594
10640
|
}
|
|
10595
10641
|
catch (err) {
|
|
10596
|
-
this.
|
|
10642
|
+
this.logger.warn('Group creation failed', { error: err.message });
|
|
10643
|
+
this.sendError(res, 400, safeErrorMessage(err, 'Failed to create group'));
|
|
10597
10644
|
}
|
|
10598
10645
|
}
|
|
10599
10646
|
async handleUpdateGroup(req, res) {
|
|
@@ -10643,7 +10690,8 @@ class PayGateServer {
|
|
|
10643
10690
|
this.sendJson(res, 200, group);
|
|
10644
10691
|
}
|
|
10645
10692
|
catch (err) {
|
|
10646
|
-
this.
|
|
10693
|
+
this.logger.warn('Group update failed', { error: err.message });
|
|
10694
|
+
this.sendError(res, 400, safeErrorMessage(err, 'Failed to update group'));
|
|
10647
10695
|
}
|
|
10648
10696
|
}
|
|
10649
10697
|
async handleDeleteGroup(req, res) {
|
|
@@ -10723,7 +10771,8 @@ class PayGateServer {
|
|
|
10723
10771
|
this.sendJson(res, 200, { ok: true, message: `Key assigned to group ${groupId}` });
|
|
10724
10772
|
}
|
|
10725
10773
|
catch (err) {
|
|
10726
|
-
this.
|
|
10774
|
+
this.logger.warn('Group key assignment failed', { error: err.message, groupId });
|
|
10775
|
+
this.sendError(res, 400, safeErrorMessage(err, 'Failed to assign key to group'));
|
|
10727
10776
|
}
|
|
10728
10777
|
}
|
|
10729
10778
|
async handleRemoveKeyFromGroup(req, res) {
|