n8n
Version:
n8n Workflow Automation Tool
50 lines • 2.11 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.redactSecretKeys = redactSecretKeys;
exports.truncateForLlm = truncateForLlm;
exports.isSecretKey = isSecretKey;
const backend_common_1 = require("@n8n/backend-common");
const di_1 = require("@n8n/di");
const MAX_BODY_LENGTH = 4096;
const SECRET_KEY_PATTERN = /key|secret|token|password|credential|auth|bearer|cookie|session|ssn|connectionString|private|proxy-auth/i;
const SAFE_KEY_PATTERN = /keyword|primary.?key|foreign.?key|sort.?key|partition.?key|group.?key|key.?name|key.?type|key.?field|key.?column|authentication$|author(?!.*(key|token|secret|password|credential))/i;
const SECRET_HEADER_PATTERN = /^(authorization|x-api-key|proxy-authorization|cookie|set-cookie)$/i;
const REDACTED = '<redacted>';
function redactSecretKeys(value) {
if (value === null || value === undefined)
return value;
if (Array.isArray(value))
return value.map((item) => redactSecretKeys(item));
if (typeof value !== 'object')
return value;
const result = {};
for (const [key, val] of Object.entries(value)) {
if (isSecretKey(key)) {
result[key] = REDACTED;
}
else if (typeof val === 'object' && val !== null) {
result[key] = redactSecretKeys(val);
}
else {
result[key] = val;
}
}
return result;
}
function truncateForLlm(serialized, maxLength = MAX_BODY_LENGTH) {
if (serialized.length <= maxLength)
return serialized;
di_1.Container.get(backend_common_1.Logger).warn(`[EvalMock] Request body truncated from ${serialized.length} to ${maxLength} chars — ` +
'large bodies may indicate non-synthetic data flowing through the eval handler');
return serialized.slice(0, maxLength) + '... [truncated]';
}
function isSecretKey(key) {
if (SECRET_HEADER_PATTERN.test(key))
return true;
if (SAFE_KEY_PATTERN.test(key))
return false;
if (SECRET_KEY_PATTERN.test(key))
return true;
return false;
}
//# sourceMappingURL=request-sanitizer.js.map