securenow 4.0.9 → 4.0.12

package/nextjs-auto-capture.d.ts

@@ -0,0 +1,33 @@
+/**
+ * SecureNow Next.js Automatic Body Capture TypeScript Declarations
+ * 
+ * This module automatically patches Request.prototype methods to capture
+ * request bodies when they are first read by the application.
+ * 
+ * @example
+ * ```typescript
+ * // instrumentation.ts
+ * import { registerSecureNow } from 'securenow/nextjs';
+ * import 'securenow/nextjs-auto-capture'; // Auto-patches Request methods
+ * 
+ * export function register() {
+ *   registerSecureNow();
+ * }
+ * ```
+ * 
+ * Environment Variables:
+ * - SECURENOW_CAPTURE_BODY=1 - Enable body capture (default: disabled)
+ * - SECURENOW_MAX_BODY_SIZE=10240 - Max body size in bytes (default: 10KB)
+ * - SECURENOW_SENSITIVE_FIELDS=field1,field2 - Additional sensitive fields to redact
+ * 
+ * Features:
+ * - Zero code changes required in API routes
+ * - Automatically captures JSON, GraphQL, and form data
+ * - Redacts sensitive fields (passwords, tokens, etc.)
+ * - Handles request.clone() properly
+ * - No stream conflicts with Next.js
+ */
+
+// This module has side effects (patches Request.prototype)
+// No exports, just import it to enable automatic body capture
+export {};

package/nextjs-middleware.d.ts

@@ -0,0 +1,57 @@
+/**
+ * SecureNow Next.js Middleware TypeScript Declarations
+ * 
+ * Provides middleware for capturing request bodies in Next.js API routes.
+ */
+
+import type { NextRequest, NextResponse } from 'next/server';
+
+/**
+ * Next.js middleware function for request body capture
+ * 
+ * @param request - Next.js request object
+ * @returns Promise<NextResponse> - Passes through to next handler
+ * 
+ * @example
+ * ```typescript
+ * // middleware.ts
+ * import { NextRequest, NextResponse } from 'next/server';
+ * import { middleware as securenowMiddleware } from 'securenow/nextjs-middleware';
+ * 
+ * export async function middleware(request: NextRequest) {
+ *   // Capture body with SecureNow
+ *   await securenowMiddleware(request);
+ *   
+ *   // Your custom middleware logic
+ *   return NextResponse.next();
+ * }
+ * 
+ * export const config = {
+ *   matcher: '/api/:path*',
+ * };
+ * ```
+ */
+export function middleware(request: NextRequest): Promise<NextResponse>;
+
+/**
+ * Configuration options for body capture middleware
+ */
+export interface BodyCaptureOptions {
+  /**
+   * Maximum body size to capture in bytes
+   * @default 10240 (10KB)
+   */
+  maxBodySize?: number;
+
+  /**
+   * Additional sensitive field names to redact
+   * @default []
+   */
+  sensitiveFields?: string[];
+
+  /**
+   * Enable body capture
+   * @default true
+   */
+  enabled?: boolean;
+}

package/nextjs-wrapper.d.ts

@@ -0,0 +1,95 @@
+/**
+ * SecureNow Next.js API Route Wrapper TypeScript Declarations
+ * 
+ * Provides a higher-order function to wrap Next.js API routes for body capture.
+ */
+
+import type { NextRequest } from 'next/server';
+
+/**
+ * Next.js API route handler type
+ */
+export type NextApiHandler = (
+  request: NextRequest,
+  context?: any
+) => Promise<Response> | Response;
+
+/**
+ * Wrap a Next.js API route handler to enable body capture
+ * 
+ * @param handler - Your API route handler function
+ * @returns Wrapped handler with body capture enabled
+ * 
+ * @example
+ * ```typescript
+ * // app/api/users/route.ts
+ * import { NextRequest } from 'next/server';
+ * import { withSecureNow } from 'securenow/nextjs-wrapper';
+ * 
+ * async function handler(request: NextRequest) {
+ *   const body = await request.json();
+ *   // Your logic here
+ *   return Response.json({ success: true });
+ * }
+ * 
+ * export const POST = withSecureNow(handler);
+ * ```
+ * 
+ * @example
+ * ```typescript
+ * // With TypeScript types
+ * import { NextRequest } from 'next/server';
+ * import { withSecureNow } from 'securenow/nextjs-wrapper';
+ * 
+ * interface CreateUserBody {
+ *   email: string;
+ *   name: string;
+ * }
+ * 
+ * async function createUser(request: NextRequest) {
+ *   const body: CreateUserBody = await request.json();
+ *   // Body is automatically captured and redacted in traces
+ *   return Response.json({ id: 123 });
+ * }
+ * 
+ * export const POST = withSecureNow(createUser);
+ * ```
+ */
+export function withSecureNow<T extends NextApiHandler>(
+  handler: T
+): T;
+
+/**
+ * Configuration options for the wrapper
+ */
+export interface WrapperOptions {
+  /**
+   * Maximum body size to capture in bytes
+   * @default 10240 (10KB)
+   */
+  maxBodySize?: number;
+
+  /**
+   * Additional sensitive field names to redact
+   * @default []
+   */
+  sensitiveFields?: string[];
+
+  /**
+   * Enable body capture
+   * @default true
+   */
+  enabled?: boolean;
+}
+
+/**
+ * Wrap a Next.js API route handler with custom options
+ * 
+ * @param handler - Your API route handler function
+ * @param options - Configuration options
+ * @returns Wrapped handler with body capture enabled
+ */
+export function withSecureNowOptions<T extends NextApiHandler>(
+  handler: T,
+  options: WrapperOptions
+): T;

package/nextjs.d.ts

@@ -0,0 +1,87 @@
+/**
+ * SecureNow Next.js Integration TypeScript Declarations
+ */
+
+export interface RegisterOptions {
+  /**
+   * Service name for OpenTelemetry traces
+   * @default process.env.SECURENOW_APPID || process.env.OTEL_SERVICE_NAME
+   */
+  serviceName?: string;
+
+  /**
+   * OTLP endpoint for traces
+   * @default process.env.SECURENOW_INSTANCE || 'http://46.62.173.237:4318'
+   */
+  endpoint?: string;
+
+  /**
+   * Don't append UUID to service name
+   * @default false
+   */
+  noUuid?: boolean;
+
+  /**
+   * Enable request body capture (Next.js middleware required)
+   * @default false
+   */
+  captureBody?: boolean;
+}
+
+/**
+ * Register SecureNow OpenTelemetry instrumentation for Next.js
+ * 
+ * @param options - Optional configuration options
+ * 
+ * @example
+ * ```typescript
+ * // instrumentation.ts
+ * import { registerSecureNow } from 'securenow/nextjs';
+ * 
+ * export function register() {
+ *   registerSecureNow();
+ * }
+ * ```
+ * 
+ * @example
+ * ```typescript
+ * // With custom options
+ * import { registerSecureNow } from 'securenow/nextjs';
+ * 
+ * export function register() {
+ *   registerSecureNow({
+ *     serviceName: 'my-nextjs-app',
+ *     endpoint: 'http://signoz.company.com:4318',
+ *     noUuid: true,
+ *   });
+ * }
+ * ```
+ */
+export function registerSecureNow(options?: RegisterOptions): void;
+
+/**
+ * Default sensitive fields that are automatically redacted from traces
+ */
+export const DEFAULT_SENSITIVE_FIELDS: readonly string[];
+
+/**
+ * Redact sensitive fields from an object
+ * @param obj - Object to redact
+ * @param sensitiveFields - Array of field names to redact (case-insensitive substring match)
+ * @returns Redacted copy of the object
+ */
+export function redactSensitiveData<T = any>(
+  obj: T,
+  sensitiveFields?: string[]
+): T;
+
+/**
+ * Redact sensitive data from GraphQL query strings
+ * @param query - GraphQL query string
+ * @param sensitiveFields - Array of field names to redact
+ * @returns Redacted query string
+ */
+export function redactGraphQLQuery(
+  query: string,
+  sensitiveFields?: string[]
+): string;

package/nextjs.js

@@ -23,6 +23,16 @@ const { v4: uuidv4 } = require('uuid');
 
 const env = k => process.env[k] ?? process.env[k.toUpperCase()] ?? process.env[k.toLowerCase()];
 
+const parseHeaders = str => {
+  const out = {}; if (!str) return out;
+  for (const raw of String(str).split(',')) {
+    const s = raw.trim(); if (!s) continue;
+    const i = s.indexOf('='); if (i === -1) continue;
+    out[s.slice(0, i).trim().toLowerCase()] = s.slice(i + 1).trim();
+  }
+  return out;
+};
+
 let isRegistered = false;
 
 // Default sensitive fields to redact from request bodies
@@ -215,6 +225,9 @@ function registerSecureNow(options = {}) {
     return;
   }
 
+  // Detect environment outside try block for error handling
+  const isVercel = !!(env('VERCEL') || env('VERCEL_ENV') || env('VERCEL_URL'));
+
   try {
     console.log('[securenow] Next.js integration loading (pid=%d)', process.pid);
 
@@ -264,8 +277,12 @@ function registerSecureNow(options = {}) {
     const customSensitiveFields = (env('SECURENOW_SENSITIVE_FIELDS') || '').split(',').map(s => s.trim()).filter(Boolean);
     const allSensitiveFields = [...DEFAULT_SENSITIVE_FIELDS, ...customSensitiveFields];
 
-    // -------- Use @vercel/otel with enhanced configuration --------
-    const { registerOTel } = require('@vercel/otel');
+    // -------- Log environment detection --------
+    if (!isVercel) {
+      console.log('[securenow] 🖥️  Self-hosted environment detected (EC2/PM2) - using vanilla SDK');
+    }
+
+    // -------- Use different initialization based on environment --------
     const { HttpInstrumentation } = require('@opentelemetry/instrumentation-http');
     
     // Configure HTTP instrumentation with comprehensive header capture
@@ -433,31 +450,61 @@ function registerSecureNow(options = {}) {
       },
     });
     
-    registerOTel({
-      serviceName: serviceName,
-      attributes: {
-        'deployment.environment': env('NODE_ENV') || env('VERCEL_ENV') || 'development',
-        'service.version': process.env.npm_package_version || process.env.VERCEL_GIT_COMMIT_SHA || undefined,
-        'vercel.region': process.env.VERCEL_REGION || undefined,
-      },
-      instrumentations: [httpInstrumentation],
-      instrumentationConfig: {
-        fetch: {
-          // Propagate context to your backend APIs
-          propagateContextUrls: [
-            /^https?:\/\/localhost/,
-            /^https?:\/\/.*\.vercel\.app/,
-            // Add your backend domains here
-          ],
-          // Optionally ignore certain URLs
-          ignoreUrls: [
-            /_next\/static/,
-            /_next\/image/,
-            /\.map$/,
-          ],
+    if (isVercel) {
+      // -------- Vercel Environment: Use @vercel/otel --------
+      const { registerOTel } = require('@vercel/otel');
+      
+      registerOTel({
+        serviceName: serviceName,
+        attributes: {
+          'deployment.environment': env('NODE_ENV') || env('VERCEL_ENV') || 'development',
+          'service.version': process.env.npm_package_version || process.env.VERCEL_GIT_COMMIT_SHA || undefined,
+          'vercel.region': process.env.VERCEL_REGION || undefined,
         },
-      },
-    });
+        instrumentations: [httpInstrumentation],
+        instrumentationConfig: {
+          fetch: {
+            // Propagate context to your backend APIs
+            propagateContextUrls: [
+              /^https?:\/\/localhost/,
+              /^https?:\/\/.*\.vercel\.app/,
+              // Add your backend domains here
+            ],
+            // Optionally ignore certain URLs
+            ignoreUrls: [
+              /_next\/static/,
+              /_next\/image/,
+              /\.map$/,
+            ],
+          },
+        },
+      });
+    } else {
+      // -------- Self-Hosted (EC2/PM2): Use Vanilla OpenTelemetry SDK --------
+      const { NodeSDK } = require('@opentelemetry/sdk-node');
+      const { OTLPTraceExporter } = require('@opentelemetry/exporter-trace-otlp-http');
+      const { Resource } = require('@opentelemetry/resources');
+      const { SemanticResourceAttributes } = require('@opentelemetry/semantic-conventions');
+      
+      const traceExporter = new OTLPTraceExporter({ 
+        url: tracesUrl,
+        headers: parseHeaders(env('OTEL_EXPORTER_OTLP_HEADERS'))
+      });
+      
+      const sdk = new NodeSDK({
+        serviceName: serviceName,
+        traceExporter: traceExporter,
+        instrumentations: [httpInstrumentation],
+        resource: new Resource({
+          [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
+          [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]: env('NODE_ENV') || env('VERCEL_ENV') || 'production',
+          [SemanticResourceAttributes.SERVICE_VERSION]: process.env.npm_package_version || undefined,
+        }),
+      });
+      
+      sdk.start();
+      console.log('[securenow] 🎯 Vanilla SDK initialized for self-hosted environment');
+    }
 
     isRegistered = true;
     console.log('[securenow] ✅ OpenTelemetry started for Next.js → %s', tracesUrl);
@@ -485,7 +532,11 @@ function registerSecureNow(options = {}) {
 
   } catch (error) {
     console.error('[securenow] Failed to initialize OpenTelemetry:', error);
-    console.error('[securenow] Make sure you have @vercel/otel installed: npm install @vercel/otel');
+    if (isVercel) {
+      console.error('[securenow] Make sure you have @vercel/otel installed: npm install @vercel/otel');
+    } else {
+      console.error('[securenow] Make sure OpenTelemetry dependencies are installed');
+    }
   }
 }
 

package/package.json

@@ -1,11 +1,12 @@
 {
   "name": "securenow",
-  "version": "4.0.9",
+  "version": "4.0.12",
   "description": "OpenTelemetry instrumentation for Node.js and Next.js - Send traces to SigNoz or any OTLP backend",
   "type": "commonjs",
   "main": "register.js",
+  "types": "register.d.ts",
   "bin": {
-    "securenow": "./cli.js"
+    "securenow": "cli.js"
   },
   "scripts": {
     "postinstall": "node postinstall.js || exit 0"
@@ -29,13 +30,34 @@
     "nestjs"
   ],
   "exports": {
-    ".": "./register.js",
-    "./register": "./register.js",
-    "./tracing": "./tracing.js",
-    "./nextjs": "./nextjs.js",
-    "./nextjs-auto-capture": "./nextjs-auto-capture.js",
-    "./nextjs-middleware": "./nextjs-middleware.js",
-    "./nextjs-wrapper": "./nextjs-wrapper.js",
+    ".": {
+      "types": "./register.d.ts",
+      "default": "./register.js"
+    },
+    "./register": {
+      "types": "./register.d.ts",
+      "default": "./register.js"
+    },
+    "./tracing": {
+      "types": "./tracing.d.ts",
+      "default": "./tracing.js"
+    },
+    "./nextjs": {
+      "types": "./nextjs.d.ts",
+      "default": "./nextjs.js"
+    },
+    "./nextjs-auto-capture": {
+      "types": "./nextjs-auto-capture.d.ts",
+      "default": "./nextjs-auto-capture.js"
+    },
+    "./nextjs-middleware": {
+      "types": "./nextjs-middleware.d.ts",
+      "default": "./nextjs-middleware.js"
+    },
+    "./nextjs-wrapper": {
+      "types": "./nextjs-wrapper.d.ts",
+      "default": "./nextjs-wrapper.js"
+    },
     "./nextjs-webpack-config": "./nextjs-webpack-config.js",
     "./register-vite": "./register-vite.js",
     "./web-vite": {
@@ -45,11 +67,17 @@
   },
   "files": [
     "register.js",
+    "register.d.ts",
     "tracing.js",
+    "tracing.d.ts",
     "nextjs.js",
+    "nextjs.d.ts",
     "nextjs-auto-capture.js",
+    "nextjs-auto-capture.d.ts",
     "nextjs-middleware.js",
+    "nextjs-middleware.d.ts",
     "nextjs-wrapper.js",
+    "nextjs-wrapper.d.ts",
     "cli.js",
     "postinstall.js",
     "register-vite.js",

package/register.d.ts

@@ -0,0 +1,75 @@
+/**
+ * SecureNow Register Module TypeScript Declarations
+ * 
+ * Main entry point for Node.js/Express/Fastify/NestJS applications.
+ * This module is automatically loaded when using NODE_OPTIONS="-r securenow/register"
+ */
+
+/**
+ * Environment Variables:
+ * 
+ * Required:
+ * - SECURENOW_APPID=your-app-name - Logical service name
+ * - SECURENOW_INSTANCE=http://host:4318 - OTLP endpoint
+ * 
+ * Optional:
+ * - SECURENOW_NO_UUID=1 - Use same service.name across all workers
+ * - SECURENOW_STRICT=1 - Exit if no appid/name provided in cluster
+ * - SECURENOW_CAPTURE_BODY=1 - Enable request body capture
+ * - SECURENOW_MAX_BODY_SIZE=10240 - Max body size in bytes (default: 10KB)
+ * - SECURENOW_SENSITIVE_FIELDS=field1,field2 - Additional sensitive fields
+ * - SECURENOW_DISABLE_INSTRUMENTATIONS=pkg1,pkg2 - Disable specific instrumentations
+ * - OTEL_LOG_LEVEL=info|debug - Logging level
+ * - SECURENOW_TEST_SPAN=1 - Create test span on startup
+ * 
+ * Alternative Environment Variables:
+ * - OTEL_SERVICE_NAME - Alternative to SECURENOW_APPID
+ * - OTEL_EXPORTER_OTLP_ENDPOINT - Alternative to SECURENOW_INSTANCE
+ * - OTEL_EXPORTER_OTLP_TRACES_ENDPOINT - Full traces URL
+ * - OTEL_EXPORTER_OTLP_HEADERS - Headers for OTLP exporter (k=v,k2=v2)
+ */
+
+// This module has side effects (initializes OpenTelemetry)
+// It's typically used via NODE_OPTIONS, not imported directly
+export {};
+
+/**
+ * @example
+ * ```bash
+ * # Using with Node.js preload
+ * NODE_OPTIONS="-r securenow/register" node app.js
+ * ```
+ * 
+ * @example
+ * ```bash
+ * # Using with PM2
+ * pm2 start app.js --node-args="-r securenow/register"
+ * ```
+ * 
+ * @example
+ * ```javascript
+ * // ecosystem.config.js
+ * module.exports = {
+ *   apps: [{
+ *     name: 'my-app',
+ *     script: './app.js',
+ *     node_args: '-r securenow/register',
+ *     env: {
+ *       SECURENOW_APPID: 'my-app',
+ *       SECURENOW_INSTANCE: 'http://signoz:4318',
+ *       SECURENOW_CAPTURE_BODY: '1',
+ *     }
+ *   }]
+ * };
+ * ```
+ * 
+ * @example
+ * ```typescript
+ * // Explicit import (optional, mainly for side effects)
+ * import 'securenow/register';
+ * 
+ * import express from 'express';
+ * const app = express();
+ * // Your app code...
+ * ```
+ */

package/tracing.d.ts

@@ -0,0 +1,89 @@
+/**
+ * SecureNow Tracing Module TypeScript Declarations
+ * 
+ * Core tracing functionality for Node.js applications.
+ * This is typically loaded via register.js, not imported directly.
+ */
+
+/**
+ * Default sensitive fields that are automatically redacted from request bodies
+ */
+export const DEFAULT_SENSITIVE_FIELDS: readonly string[];
+
+/**
+ * Redact sensitive fields from an object (recursively)
+ * 
+ * @param obj - Object to redact (can be nested)
+ * @param sensitiveFields - Array of field names to redact (case-insensitive substring match)
+ * @returns Redacted copy of the object
+ * 
+ * @example
+ * ```typescript
+ * import { redactSensitiveData } from 'securenow/tracing';
+ * 
+ * const data = {
+ *   email: 'user@example.com',
+ *   password: 'secret123',
+ *   nested: {
+ *     api_key: 'sk_live_abc123'
+ *   }
+ * };
+ * 
+ * const redacted = redactSensitiveData(data);
+ * // Result: {
+ * //   email: 'user@example.com',
+ * //   password: '[REDACTED]',
+ * //   nested: { api_key: '[REDACTED]' }
+ * // }
+ * ```
+ */
+export function redactSensitiveData<T = any>(
+  obj: T,
+  sensitiveFields?: string[]
+): T;
+
+/**
+ * Redact sensitive data from GraphQL query strings
+ * 
+ * @param query - GraphQL query string
+ * @param sensitiveFields - Array of field names to redact
+ * @returns Redacted query string
+ * 
+ * @example
+ * ```typescript
+ * import { redactGraphQLQuery } from 'securenow/tracing';
+ * 
+ * const query = `
+ *   mutation {
+ *     login(email: "user@example.com", password: "secret123") {
+ *       token
+ *     }
+ *   }
+ * `;
+ * 
+ * const redacted = redactGraphQLQuery(query);
+ * // Result: mutation { login(email: "user@example.com", password: "[REDACTED]") { token } }
+ * ```
+ */
+export function redactGraphQLQuery(
+  query: string,
+  sensitiveFields?: string[]
+): string;
+
+/**
+ * Environment Variables (same as register.js):
+ * 
+ * Required:
+ * - SECURENOW_APPID=your-app-name
+ * - SECURENOW_INSTANCE=http://host:4318
+ * 
+ * Optional:
+ * - SECURENOW_NO_UUID=1
+ * - SECURENOW_STRICT=1
+ * - SECURENOW_CAPTURE_BODY=1
+ * - SECURENOW_MAX_BODY_SIZE=10240
+ * - SECURENOW_SENSITIVE_FIELDS=field1,field2
+ * - SECURENOW_DISABLE_INSTRUMENTATIONS=pkg1,pkg2
+ * - OTEL_LOG_LEVEL=info|debug
+ * - SECURENOW_TEST_SPAN=1
+ */