🔍 refactor: OpenID Fetch Handling and Logging (#7790)

* feat: Enhance OpenID Strategy with Debug Logging and Header Management

- Added detailed logging for OpenID requests and responses when debug mode is enabled.
- Introduced helper functions for safely logging sensitive data and headers.
- Updated OpenID strategy to handle non-standard WWW-Authenticate headers in responses.
- Refactored proxy configuration handling for improved clarity and logging.

* refactor: MemoryViewer Layout with Conditional Justification

- Updated the MemoryViewer component to conditionally apply justification styles based on memory data and access permissions.
- Introduced utility function `cn` for cleaner class name management in the component.

* refactor: Update OpenID Strategy to use Global Fetch

* refactor: Add undici for customFetch request handling in OpenID strategy

* fix: Export 'files' module in utils index

* chore: Add node-fetch dependency for openid image download

* ci: Add comprehensive tests for multer configuration and file handling

- Introduced a new test suite for multer configuration, covering storage destination and filename generation.
- Implemented tests for file filtering, ensuring only valid JSON files are accepted.
- Added error handling tests for edge cases and vulnerabilities, including handling empty field names and malformed filenames.
- Integrated real configuration testing with actual fileConfig and custom endpoints.
- Enhanced UUID generation tests to ensure uniqueness and cryptographic security.

* chore: Improve proxy configuration logging in customFetch function

* fix: Improve logging for non-standard WWW-Authenticate header in customFetch function

packages/api/src/utils/index.ts

@@ -1,5 +1,7 @@
 export * from './azure';
 export * from './common';
 export * from './events';
+export * from './files';
 export * from './generators';
+export * from './openid';
 export { default as Tokenizer } from './tokenizer';

packages/api/src/utils/openid.ts

@@ -0,0 +1,51 @@
+/**
+ * Helper function to safely log sensitive data when debug mode is enabled
+ * @param obj - Object to stringify
+ * @param maxLength - Maximum length of the stringified output
+ * @returns Stringified object with sensitive data masked
+ */
+export function safeStringify(obj: unknown, maxLength = 1000): string {
+  try {
+    const str = JSON.stringify(obj, (key, value) => {
+      // Mask sensitive values
+      if (
+        key === 'client_secret' ||
+        key === 'Authorization' ||
+        key.toLowerCase().includes('token') ||
+        key.toLowerCase().includes('password')
+      ) {
+        return typeof value === 'string' && value.length > 6
+          ? `${value.substring(0, 3)}...${value.substring(value.length - 3)}`
+          : '***MASKED***';
+      }
+      return value;
+    });
+
+    if (str && str.length > maxLength) {
+      return `${str.substring(0, maxLength)}... (truncated)`;
+    }
+    return str;
+  } catch (error) {
+    return `[Error stringifying object: ${(error as Error).message}]`;
+  }
+}
+
+/**
+ * Helper to log headers without revealing sensitive information
+ * @param headers - Headers object to log
+ * @returns Stringified headers with sensitive data masked
+ */
+export function logHeaders(headers: Headers | undefined | null): string {
+  const headerObj: Record<string, string> = {};
+  if (!headers || typeof headers.entries !== 'function') {
+    return 'No headers available';
+  }
+  for (const [key, value] of headers.entries()) {
+    if (key.toLowerCase() === 'authorization' || key.toLowerCase().includes('secret')) {
+      headerObj[key] = '***MASKED***';
+    } else {
+      headerObj[key] = value;
+    }
+  }
+  return safeStringify(headerObj);
+}