fix(logs): redact tokens/passwords/env vars from logs

dkundel · dkundel · commit 8ca6e3df7e72 · 2019-07-19T19:50:47.000-07:00
diff --git a/package.json b/package.json
@@ -57,6 +57,7 @@
     "@types/node": "^11.13.2",
     "@types/recursive-readdir": "^2.2.0",
     "debug": "^4.1.1",
+    "fast-redact": "^1.5.0",
     "file-type": "^10.10.0",
     "got": "^9.6.0",
     "mime-types": "^2.1.22",
diff --git a/src/client.ts b/src/client.ts
@@ -460,7 +460,7 @@ export class TwilioServerlessApiClient extends events.EventEmitter {
       message: 'Gathering Functions and Assets to deploy',
     });
 
-    log('Deploy config %O', deployConfig);
+    log('Deploy config %P', deployConfig);
 
     const searchConfig: SearchConfig = {};
     if (deployConfig.functionsFolderName) {
diff --git a/src/external-types.d.ts b/src/external-types.d.ts
@@ -0,0 +1,5 @@
+declare module 'fast-redact' {
+  function createRedactor(options: {}): <T>(val: T) => string;
+
+  export = createRedactor;
+}
diff --git a/src/index.ts b/src/index.ts
@@ -4,6 +4,9 @@
  *
  * Main entry point of the project
  */
+
+import './utils/debug';
+
 export * from './api';
 export * from './client';
 export * from './types/index';
diff --git a/src/utils/debug.ts b/src/utils/debug.ts
@@ -0,0 +1,67 @@
+import debug from 'debug';
+import fastRedact from 'fast-redact';
+
+type RedactorFunction<T extends object> = (val: T) => T;
+
+function prefixAllEntriesWithWildcard(values: string[]): string[] {
+  const result = [];
+
+  for (let val of values) {
+    result.push(val);
+    result.push(`*.${val}`);
+  }
+
+  return result;
+}
+
+export const generalRedactor = fastRedact({
+  paths: [
+    'env.*',
+    'pkgJson.*',
+    ...prefixAllEntriesWithWildcard([
+      'authToken',
+      'apiSecret',
+      'username',
+      'password',
+      'cookies',
+      'AUTH_TOKEN',
+      'API_SECRET',
+      'TWILIO_AUTH_TOKEN',
+      'TWILIO_API_SECRET',
+    ]),
+  ],
+});
+
+export const allPropertiesRedactor = fastRedact({
+  paths: ['*'],
+});
+
+debug.formatters.P = function protectedFormatterMultiline(v: any): string {
+  if (typeof v === 'object') {
+    v = JSON.parse(generalRedactor(v));
+  }
+
+  return debug.formatters.O.bind(debug)(v);
+};
+
+debug.formatters.p = function protectedFormatterSameline(v: any): string {
+  if (typeof v === 'object') {
+    v = JSON.parse(generalRedactor(v));
+  }
+
+  return debug.formatters.o.bind(debug)(v);
+};
+
+debug.formatters.R = function redactedFormatterMultiline(v: any): string {
+  if (typeof v === 'object') {
+    v = JSON.parse(allPropertiesRedactor(v));
+  }
+  return debug.formatters.O.bind(debug)(v);
+};
+
+debug.formatters.r = function redactedFormatterSameline(v: any): string {
+  if (typeof v === 'object') {
+    v = JSON.parse(allPropertiesRedactor(v));
+  }
+  return debug.formatters.o.bind(debug)(v);
+};
