Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-01-06 18:48:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
LibreChat/packages/api/src/utils/openid.ts

52 lines
1.6 KiB
TypeScript
Raw Normal View History

🔍 refactor: OpenID Fetch Handling and Logging (#7790) * feat: Enhance OpenID Strategy with Debug Logging and Header Management - Added detailed logging for OpenID requests and responses when debug mode is enabled. - Introduced helper functions for safely logging sensitive data and headers. - Updated OpenID strategy to handle non-standard WWW-Authenticate headers in responses. - Refactored proxy configuration handling for improved clarity and logging. * refactor: MemoryViewer Layout with Conditional Justification - Updated the MemoryViewer component to conditionally apply justification styles based on memory data and access permissions. - Introduced utility function `cn` for cleaner class name management in the component. * refactor: Update OpenID Strategy to use Global Fetch * refactor: Add undici for customFetch request handling in OpenID strategy * fix: Export 'files' module in utils index * chore: Add node-fetch dependency for openid image download * ci: Add comprehensive tests for multer configuration and file handling - Introduced a new test suite for multer configuration, covering storage destination and filename generation. - Implemented tests for file filtering, ensuring only valid JSON files are accepted. - Added error handling tests for edge cases and vulnerabilities, including handling empty field names and malformed filenames. - Integrated real configuration testing with actual fileConfig and custom endpoints. - Enhanced UUID generation tests to ensure uniqueness and cryptographic security. * chore: Improve proxy configuration logging in customFetch function * fix: Improve logging for non-standard WWW-Authenticate header in customFetch function
2025-06-09 11:27:23 -04:00
/**
* Helper function to safely log sensitive data when debug mode is enabled
* @param obj - Object to stringify
* @param maxLength - Maximum length of the stringified output
* @returns Stringified object with sensitive data masked
*/
export function safeStringify(obj: unknown, maxLength = 1000): string {
try {
const str = JSON.stringify(obj, (key, value) => {
// Mask sensitive values
if (
key === 'client_secret' ||
key === 'Authorization' ||
key.toLowerCase().includes('token') ||
key.toLowerCase().includes('password')
) {
return typeof value === 'string' && value.length > 6
? `${value.substring(0, 3)}...${value.substring(value.length - 3)}`
: '***MASKED***';
}
return value;
});
if (str && str.length > maxLength) {
return `${str.substring(0, maxLength)}... (truncated)`;
}
return str;
} catch (error) {
return `[Error stringifying object: ${(error as Error).message}]`;
}
}
/**
* Helper to log headers without revealing sensitive information
* @param headers - Headers object to log
* @returns Stringified headers with sensitive data masked
*/
export function logHeaders(headers: Headers | undefined | null): string {
const headerObj: Record<string, string> = {};
if (!headers || typeof headers.entries !== 'function') {
return 'No headers available';
}
for (const [key, value] of headers.entries()) {
if (key.toLowerCase() === 'authorization' || key.toLowerCase().includes('secret')) {
headerObj[key] = '***MASKED***';
} else {
headerObj[key] = value;
}
}
return safeStringify(headerObj);
}
Reference in a new issue Copy permalink