securenow 7.6.7 → 7.6.8

package/postinstall.js

@@ -1,296 +0,0 @@
-#!/usr/bin/env node
-'use strict';
-
-/**
- * SecureNow Post-Install Script
- * 
- * Automatically detects Next.js projects and offers to create instrumentation file
- */
-
-const fs = require('fs');
-const path = require('path');
-const readline = require('readline');
-
-// Make sure `.securenow/` is in the project's .gitignore so credentials never get committed.
-function ensureGitignore() {
-  try {
-    // Skip if we're not in an npm install of a user project
-    // (e.g., securenow's own CI, or nested install under another node_modules).
-    const cwd = process.cwd();
-    if (!fs.existsSync(path.join(cwd, 'package.json'))) return;
-    if (cwd.includes(`${path.sep}node_modules${path.sep}`)) return;
-
-    const gitignorePath = path.join(cwd, '.gitignore');
-    const entry = '.securenow/';
-    const header = '# SecureNow local credentials';
-
-    if (fs.existsSync(gitignorePath)) {
-      const content = fs.readFileSync(gitignorePath, 'utf8');
-      const alreadyListed = content.split('\n').some((line) => line.trim() === entry);
-      if (!alreadyListed) {
-        const prefix = content.endsWith('\n') ? '' : '\n';
-        fs.appendFileSync(gitignorePath, `${prefix}\n${header}\n${entry}\n`);
-      }
-    } else if (fs.existsSync(path.join(cwd, '.git'))) {
-      // Only create a new .gitignore if this is actually a git repo.
-      fs.writeFileSync(gitignorePath, `${header}\n${entry}\n`);
-    }
-  } catch {
-    // Non-fatal
-  }
-}
-
-// Check if we're in a Next.js project
-function isNextJsProject() {
-  try {
-    const packageJsonPath = path.join(process.cwd(), 'package.json');
-    if (!fs.existsSync(packageJsonPath)) return false;
-    
-    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
-    const deps = { ...packageJson.dependencies, ...packageJson.devDependencies };
-    
-    return !!deps.next;
-  } catch (error) {
-    return false;
-  }
-}
-
-// Check if instrumentation file already exists
-function hasInstrumentationFile() {
-  const files = [
-    'instrumentation.ts',
-    'instrumentation.js',
-    'src/instrumentation.ts',
-    'src/instrumentation.js'
-  ];
-  
-  return files.some(file => fs.existsSync(path.join(process.cwd(), file)));
-}
-
-// Create TypeScript instrumentation file
-function createTsInstrumentation(targetPath) {
-  const content = `import { createRequire } from 'node:module';
-
-const require = createRequire(import.meta.url);
-
-export async function register() {
-  if (process.env.NEXT_RUNTIME !== 'nodejs') return;
-
-  const { registerSecureNow } = require('securenow/nextjs');
-  registerSecureNow({ captureBody: true });
-  require('securenow/nextjs-auto-capture');
-}
-`;
-  
-  fs.writeFileSync(targetPath, content, 'utf8');
-}
-
-// Create JavaScript instrumentation file
-function createJsInstrumentation(targetPath) {
-  const content = `import { createRequire } from 'node:module';
-
-const require = createRequire(import.meta.url);
-
-export async function register() {
-  if (process.env.NEXT_RUNTIME !== 'nodejs') return;
-
-  const { registerSecureNow } = require('securenow/nextjs');
-  registerSecureNow({ captureBody: true });
-  require('securenow/nextjs-auto-capture');
-}
-`;
-  
-  fs.writeFileSync(targetPath, content, 'utf8');
-}
-
-// Create TypeScript middleware file
-function createTsMiddleware(targetPath) {
-  const content = `// SecureNow Middleware - Automatic Request Body Capture
-// This enables capturing JSON, GraphQL, and Form request bodies
-// with automatic sensitive field redaction
-
-export { middleware } from 'securenow/nextjs-middleware';
-
-export const config = {
-  matcher: '/api/:path*',  // Apply to all API routes
-};
-
-/**
- * Bodies are captured with:
- * - Automatic redaction of passwords, tokens, cards, etc.
- * - Size limits from .securenow/credentials.json
- * - JSON, GraphQL, Form data support
- */
-`;
-  
-  fs.writeFileSync(targetPath, content, 'utf8');
-}
-
-// Create JavaScript middleware file
-function createJsMiddleware(targetPath) {
-  const content = `// SecureNow Middleware - Automatic Request Body Capture
-// This enables capturing JSON, GraphQL, and Form request bodies
-// with automatic sensitive field redaction
-
-export { middleware } from 'securenow/nextjs-middleware';
-
-export const config = {
-  matcher: '/api/:path*',  // Apply to all API routes
-};
-
-/**
- * Bodies are captured with:
- * - Automatic redaction of passwords, tokens, cards, etc.
- * - Size limits from .securenow/credentials.json
- * - JSON, GraphQL, Form data support
- */
-`;
-  
-  fs.writeFileSync(targetPath, content, 'utf8');
-}
-
-// Create a credentials-file reminder for old callers that still import this helper.
-function createEnvTemplate(targetPath) {
-  const content = `SecureNow no longer needs a .env file for local development.
-
-Run:
-  npx securenow login
-  npx securenow init
-
-The CLI writes .securenow/credentials.json with the selected app, firewall key,
-secure defaults, and explanations for each setting.
-`;
-  
-  fs.writeFileSync(targetPath, content, 'utf8');
-}
-
-// Check if TypeScript is used
-function isTypeScriptProject() {
-  return fs.existsSync(path.join(process.cwd(), 'tsconfig.json'));
-}
-
-// Main setup function
-async function setup() {
-  // Always make sure .securenow/ is gitignored (cheap, non-destructive).
-  ensureGitignore();
-
-  // Skip if not in Next.js project
-  if (!isNextJsProject()) {
-    console.log('[securenow] Not a Next.js project, skipping auto-setup');
-    return;
-  }
-  
-  // Skip if instrumentation file already exists
-  if (hasInstrumentationFile()) {
-    console.log('[securenow] ✅ Instrumentation file already exists');
-    return;
-  }
-  
-  console.log('\n┌─────────────────────────────────────────────────┐');
-  console.log('│  🎉 SecureNow installed successfully!          │');
-  console.log('│  Next.js project detected                       │');
-  console.log('└─────────────────────────────────────────────────┘\n');
-  
-  // Check if we're in CI/non-interactive environment
-  if (process.env.CI || !process.stdin.isTTY) {
-    console.log('[securenow] ℹ️  Non-interactive environment detected');
-    console.log('[securenow] 💡 To complete setup, run: npx securenow init');
-    return;
-  }
-  
-  // Ask user if they want to auto-setup
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  
-  rl.question('Would you like to automatically create instrumentation file? (Y/n) ', (answer) => {
-    const shouldCreate = !answer || answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes';
-    
-    if (!shouldCreate) {
-      console.log('\n[securenow] No problem! To setup later, run: npx securenow init');
-      rl.close();
-      return;
-    }
-    
-    try {
-      const useTypeScript = isTypeScriptProject();
-      const srcExists = fs.existsSync(path.join(process.cwd(), 'src'));
-      
-      // Determine file path
-      const fileName = useTypeScript ? 'instrumentation.ts' : 'instrumentation.js';
-      const filePath = srcExists 
-        ? path.join(process.cwd(), 'src', fileName)
-        : path.join(process.cwd(), fileName);
-      
-      // Create instrumentation file
-      if (useTypeScript) {
-        createTsInstrumentation(filePath);
-      } else {
-        createJsInstrumentation(filePath);
-      }
-      
-      console.log(`\n✅ Created ${srcExists ? 'src/' : ''}${fileName}`);
-      
-      // Ask about middleware for body capture
-      rl.question('\nWould you like to enable request body capture? (y/N) ', (middlewareAnswer) => {
-        const shouldCreateMiddleware = middlewareAnswer && (middlewareAnswer.toLowerCase() === 'y' || middlewareAnswer.toLowerCase() === 'yes');
-        
-        if (shouldCreateMiddleware) {
-          try {
-            const middlewareName = useTypeScript ? 'middleware.ts' : 'middleware.js';
-            const middlewarePath = srcExists 
-              ? path.join(process.cwd(), 'src', middlewareName)
-              : path.join(process.cwd(), middlewareName);
-            
-            if (useTypeScript) {
-              createTsMiddleware(middlewarePath);
-            } else {
-              createJsMiddleware(middlewarePath);
-            }
-            
-            console.log(`✅ Created ${srcExists ? 'src/' : ''}${middlewareName}`);
-            console.log('   → Captures JSON, GraphQL, Form bodies with auto-redaction');
-          } catch (error) {
-            console.warn(`⚠️  Could not create middleware: ${error.message}`);
-          }
-        }
-        
-        console.log('\n┌─────────────────────────────────────────────────┐');
-        console.log('│  🚀 Next Steps:                                 │');
-        console.log('│                                                 │');
-        console.log('│  1. Pick your app in the browser:              │');
-        console.log('│     npx securenow login                        │');
-        console.log('│                                                 │');
-        console.log('│  2. Run your app: npm run dev                  │');
-        console.log('│                                                 │');
-        console.log('│  3. Check SecureNow for traces!                │');
-        console.log('│                                                 │');
-        if (shouldCreateMiddleware) {
-          console.log('│  📝 Body capture enabled with auto-redaction   │');
-        }
-        console.log('│  📚 Full guide: npm docs securenow              │');
-        console.log('└─────────────────────────────────────────────────┘\n');
-
-        rl.close();
-      });
-      
-    } catch (error) {
-      console.error('\n❌ Failed to create instrumentation file:', error.message);
-      console.log('💡 You can create it manually or run: npx securenow init');
-      rl.close();
-    }
-  });
-}
-
-// Run setup if this is a new installation (not being installed as a dependency of another package)
-if (require.main === module || process.env.npm_config_global !== 'true') {
-  setup().catch(err => {
-    console.error('[securenow] Setup error:', err);
-  });
-}
-
-module.exports = { setup };
-
-
-