284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
79 lines
2.3 KiB
TypeScript
79 lines
2.3 KiB
TypeScript
const DEFAULT_SENSITIVE_KEY_PATTERN = /(secret|token|password|api[_-]?key|authorization|signature)/i;
|
|
|
|
function safeJsonClone(value: unknown): unknown {
|
|
try {
|
|
return JSON.parse(JSON.stringify(value));
|
|
} catch {
|
|
return '[UNSERIALIZABLE]';
|
|
}
|
|
}
|
|
|
|
function redactSensitiveKeys(
|
|
value: unknown,
|
|
options: { sensitiveKeyPattern: RegExp; redactValue: string }
|
|
): unknown {
|
|
if (Array.isArray(value)) {
|
|
return value.map((entry) => redactSensitiveKeys(entry, options));
|
|
}
|
|
|
|
if (!value || typeof value !== 'object') {
|
|
return value;
|
|
}
|
|
|
|
const obj = value as Record<string, unknown>;
|
|
const result: Record<string, unknown> = {};
|
|
for (const [key, val] of Object.entries(obj)) {
|
|
if (key === 'secretRef' || key === '$secret' || options.sensitiveKeyPattern.test(key)) {
|
|
result[key] = options.redactValue;
|
|
continue;
|
|
}
|
|
result[key] = redactSensitiveKeys(val, options);
|
|
}
|
|
return result;
|
|
}
|
|
|
|
export function sanitizeIntegrationWebhookRawPayload(
|
|
rawPayload: unknown,
|
|
options?: { maxBytes?: number; sensitiveKeyPattern?: RegExp; redactValue?: string }
|
|
): { snapshot: unknown; truncated: boolean; originalSize: number; maxBytes: number } {
|
|
const maxBytes = options?.maxBytes ?? 10_000;
|
|
const sensitiveKeyPattern = options?.sensitiveKeyPattern ?? DEFAULT_SENSITIVE_KEY_PATTERN;
|
|
const redactValue = options?.redactValue ?? '***';
|
|
|
|
const cloned = safeJsonClone(rawPayload);
|
|
const redacted = redactSensitiveKeys(cloned, { sensitiveKeyPattern, redactValue });
|
|
const serialized = JSON.stringify(redacted);
|
|
|
|
if (serialized.length <= maxBytes) {
|
|
return { snapshot: redacted, truncated: false, originalSize: serialized.length, maxBytes };
|
|
}
|
|
|
|
return {
|
|
snapshot: { truncated: true, size: serialized.length, max: maxBytes },
|
|
truncated: true,
|
|
originalSize: serialized.length,
|
|
maxBytes,
|
|
};
|
|
}
|
|
|
|
export function buildIntegrationWebhookReceivedPayload(params: {
|
|
integrationId: string;
|
|
provider: string;
|
|
connectionId?: string;
|
|
webhookId: string;
|
|
eventName: string;
|
|
receivedAt?: string;
|
|
rawPayloadRef?: string;
|
|
}) {
|
|
return {
|
|
integrationId: params.integrationId,
|
|
provider: params.provider,
|
|
connectionId: params.connectionId,
|
|
webhookId: params.webhookId,
|
|
eventName: params.eventName,
|
|
receivedAt: params.receivedAt,
|
|
rawPayloadRef: params.rawPayloadRef,
|
|
};
|
|
}
|
|
|