pi-kiosk-shared 2.1.47 → 2.1.49
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/clientLogRedaction.d.ts +9 -0
- package/dist/clientLogRedaction.d.ts.map +1 -0
- package/dist/clientLogRedaction.js +96 -0
- package/dist/clientLogRedaction.js.map +1 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/package.json +6 -1
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Client log metadata redaction (enterprise hardening v1.2.3).
|
|
3
|
+
* Used by admin, kiosk, and customer structured loggers before console transport.
|
|
4
|
+
*/
|
|
5
|
+
/** Redact tokens, emails, and card-like digit runs in free-text log messages. */
|
|
6
|
+
export declare function redactStringSecrets(value: string): string;
|
|
7
|
+
/** Redact structured metadata before console transport or JSON log lines. */
|
|
8
|
+
export declare function redactClientLogMeta(meta: Record<string, unknown> | undefined): Record<string, unknown> | undefined;
|
|
9
|
+
//# sourceMappingURL=clientLogRedaction.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"clientLogRedaction.d.ts","sourceRoot":"","sources":["../src/clientLogRedaction.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA8CH,iFAAiF;AACjF,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAUzD;AAoCD,6EAA6E;AAC7E,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GACxC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,CAKrC"}
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Client log metadata redaction (enterprise hardening v1.2.3).
|
|
3
|
+
* Used by admin, kiosk, and customer structured loggers before console transport.
|
|
4
|
+
*/
|
|
5
|
+
const SENSITIVE_KEYS = new Set([
|
|
6
|
+
'apitoken',
|
|
7
|
+
'apiToken',
|
|
8
|
+
'token',
|
|
9
|
+
'authorization',
|
|
10
|
+
'authtoken',
|
|
11
|
+
'authToken',
|
|
12
|
+
'sessiontoken',
|
|
13
|
+
'sessionToken',
|
|
14
|
+
'refreshtoken',
|
|
15
|
+
'refreshToken',
|
|
16
|
+
'accesstoken',
|
|
17
|
+
'accessToken',
|
|
18
|
+
'password',
|
|
19
|
+
'secret',
|
|
20
|
+
'credentialsecret',
|
|
21
|
+
'credentialsSecret',
|
|
22
|
+
'accountslug',
|
|
23
|
+
'accountSlug',
|
|
24
|
+
'errortext',
|
|
25
|
+
'errorText',
|
|
26
|
+
'responsebody',
|
|
27
|
+
'responseBody',
|
|
28
|
+
'rawbody',
|
|
29
|
+
'rawBody',
|
|
30
|
+
'customeremail',
|
|
31
|
+
'customerEmail',
|
|
32
|
+
'email',
|
|
33
|
+
'phone',
|
|
34
|
+
'phonenumber',
|
|
35
|
+
'phoneNumber',
|
|
36
|
+
'code',
|
|
37
|
+
'otp',
|
|
38
|
+
'cardnumber',
|
|
39
|
+
'cardNumber',
|
|
40
|
+
'pan',
|
|
41
|
+
]);
|
|
42
|
+
const MAX_DEPTH = 4;
|
|
43
|
+
function isSensitiveKey(key) {
|
|
44
|
+
return SENSITIVE_KEYS.has(key) || SENSITIVE_KEYS.has(key.toLowerCase());
|
|
45
|
+
}
|
|
46
|
+
/** Redact tokens, emails, and card-like digit runs in free-text log messages. */
|
|
47
|
+
export function redactStringSecrets(value) {
|
|
48
|
+
let out = value;
|
|
49
|
+
out = out.replace(/(Bearer\s+)[A-Za-z0-9._-]{16,}/gi, '$1[REDACTED]');
|
|
50
|
+
out = out.replace(/([?&](?:apiToken|token|api_key|apikey)=)([^&\s]+)/gi, '$1[REDACTED]');
|
|
51
|
+
out = out.replace(/\b\d{13,19}\b/g, '[REDACTED_PII]');
|
|
52
|
+
out = out.replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g, '[REDACTED_EMAIL]');
|
|
53
|
+
return out;
|
|
54
|
+
}
|
|
55
|
+
function redactValue(value, depth) {
|
|
56
|
+
if (depth > MAX_DEPTH) {
|
|
57
|
+
return '[REDACTED_DEPTH]';
|
|
58
|
+
}
|
|
59
|
+
if (value === null || value === undefined) {
|
|
60
|
+
return value;
|
|
61
|
+
}
|
|
62
|
+
if (typeof value === 'string') {
|
|
63
|
+
return redactStringSecrets(value);
|
|
64
|
+
}
|
|
65
|
+
if (value instanceof Error) {
|
|
66
|
+
return {
|
|
67
|
+
name: value.name,
|
|
68
|
+
message: redactStringSecrets(value.message),
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
if (Array.isArray(value)) {
|
|
72
|
+
return value.map((item) => redactValue(item, depth + 1));
|
|
73
|
+
}
|
|
74
|
+
if (typeof value === 'object') {
|
|
75
|
+
const record = value;
|
|
76
|
+
const out = {};
|
|
77
|
+
for (const [key, nested] of Object.entries(record)) {
|
|
78
|
+
if (isSensitiveKey(key)) {
|
|
79
|
+
out[key] = '[REDACTED]';
|
|
80
|
+
}
|
|
81
|
+
else {
|
|
82
|
+
out[key] = redactValue(nested, depth + 1);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
return out;
|
|
86
|
+
}
|
|
87
|
+
return value;
|
|
88
|
+
}
|
|
89
|
+
/** Redact structured metadata before console transport or JSON log lines. */
|
|
90
|
+
export function redactClientLogMeta(meta) {
|
|
91
|
+
if (meta === undefined) {
|
|
92
|
+
return undefined;
|
|
93
|
+
}
|
|
94
|
+
return redactValue(meta, 0);
|
|
95
|
+
}
|
|
96
|
+
//# sourceMappingURL=clientLogRedaction.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"clientLogRedaction.js","sourceRoot":"","sources":["../src/clientLogRedaction.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,UAAU;IACV,UAAU;IACV,OAAO;IACP,eAAe;IACf,WAAW;IACX,WAAW;IACX,cAAc;IACd,cAAc;IACd,cAAc;IACd,cAAc;IACd,aAAa;IACb,aAAa;IACb,UAAU;IACV,QAAQ;IACR,kBAAkB;IAClB,mBAAmB;IACnB,aAAa;IACb,aAAa;IACb,WAAW;IACX,WAAW;IACX,cAAc;IACd,cAAc;IACd,SAAS;IACT,SAAS;IACT,eAAe;IACf,eAAe;IACf,OAAO;IACP,OAAO;IACP,aAAa;IACb,aAAa;IACb,MAAM;IACN,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,KAAK;CACN,CAAC,CAAC;AAEH,MAAM,SAAS,GAAG,CAAC,CAAC;AAEpB,SAAS,cAAc,CAAC,GAAW;IACjC,OAAO,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,IAAI,GAAG,GAAG,KAAK,CAAC;IAChB,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,kCAAkC,EAAE,cAAc,CAAC,CAAC;IACtE,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,qDAAqD,EAAE,cAAc,CAAC,CAAC;IACzF,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC;IACtD,GAAG,GAAG,GAAG,CAAC,OAAO,CACf,iDAAiD,EACjD,kBAAkB,CACnB,CAAC;IACF,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,KAAa;IAChD,IAAI,KAAK,GAAG,SAAS,EAAE,CAAC;QACtB,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IACD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QAC3B,OAAO;YACL,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,OAAO,EAAE,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC;SAC5C,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,KAAgC,CAAC;QAChD,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnD,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,GAAG,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAC1B,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,mBAAmB,CACjC,IAAyC;IAEzC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,WAAW,CAAC,IAAI,EAAE,CAAC,CAA4B,CAAC;AACzD,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -31,4 +31,5 @@ export * from './auditMetadataDisplayFields.js';
|
|
|
31
31
|
export * from './complianceDevCaps.js';
|
|
32
32
|
export * from './customerFailureRecovery.js';
|
|
33
33
|
export * from './labels/localizedLabel.js';
|
|
34
|
+
export * from './clientLogRedaction.js';
|
|
34
35
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,cAAc,YAAY,CAAC;AAC3B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,qCAAqC,CAAC;AACpD,cAAc,8BAA8B,CAAC;AAC7C,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iCAAiC,CAAC;AAChD,cAAc,mCAAmC,CAAC;AAClD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,4BAA4B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,cAAc,YAAY,CAAC;AAC3B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,qCAAqC,CAAC;AACpD,cAAc,8BAA8B,CAAC;AAC7C,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iCAAiC,CAAC;AAChD,cAAc,mCAAmC,CAAC;AAClD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -31,4 +31,5 @@ export * from './auditMetadataDisplayFields.js';
|
|
|
31
31
|
export * from './complianceDevCaps.js';
|
|
32
32
|
export * from './customerFailureRecovery.js';
|
|
33
33
|
export * from './labels/localizedLabel.js';
|
|
34
|
+
export * from './clientLogRedaction.js';
|
|
34
35
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,cAAc,YAAY,CAAC;AAC3B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,qCAAqC,CAAC;AACpD,cAAc,8BAA8B,CAAC;AAC7C,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iCAAiC,CAAC;AAChD,cAAc,mCAAmC,CAAC;AAClD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,4BAA4B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,cAAc,YAAY,CAAC;AAC3B,cAAc,8BAA8B,CAAC;AAC7C,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,qCAAqC,CAAC;AACpD,cAAc,8BAA8B,CAAC;AAC7C,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iCAAiC,CAAC;AAChD,cAAc,mCAAmC,CAAC;AAClD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pi-kiosk-shared",
|
|
3
|
-
"version": "2.1.
|
|
3
|
+
"version": "2.1.49",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"private": false,
|
|
6
6
|
"description": "Shared types, API contracts, and error classes for Pi Kiosk system",
|
|
@@ -59,6 +59,11 @@
|
|
|
59
59
|
"import": "./dist/analyticsConsentAllowlist.js",
|
|
60
60
|
"require": "./dist/analyticsConsentAllowlist.js",
|
|
61
61
|
"types": "./dist/analyticsConsentAllowlist.d.ts"
|
|
62
|
+
},
|
|
63
|
+
"./clientLogRedaction": {
|
|
64
|
+
"import": "./dist/clientLogRedaction.js",
|
|
65
|
+
"require": "./dist/clientLogRedaction.js",
|
|
66
|
+
"types": "./dist/clientLogRedaction.d.ts"
|
|
62
67
|
}
|
|
63
68
|
},
|
|
64
69
|
"scripts": {
|