webssh2-server
Version:
A Websocket to SSH2 gateway using xterm.js, socket.io, ssh2
73 lines (72 loc) • 2.32 kB
JavaScript
// app/config/safe-logging.ts
// Safe masking of configuration data for logging
const maskWhenFilled = (value) => {
if (value == null) {
return null;
}
if (value === '') {
return null;
}
return '***';
};
const describeOrigins = (origins) => {
if (origins.length === 0) {
return 'none';
}
return `${origins.length} origin(s)`;
};
const maskSessionSecret = (secret) => {
if (secret.length === 0) {
return 'not set';
}
return '***';
};
/**
* Masks sensitive configuration data for logging
* @param config - Configuration to mask
* @returns Masked configuration safe for logging
* @pure
*/
export const maskSensitiveConfig = (config) => {
return {
listen: config.listen,
http: {
origins: describeOrigins(config.http.origins)
},
user: {
name: maskWhenFilled(config.user.name),
password: maskWhenFilled(config.user.password),
privateKey: maskWhenFilled(config.user.privateKey),
passphrase: maskWhenFilled(config.user.passphrase)
},
ssh: {
host: config.ssh.host,
port: config.ssh.port,
localAddress: config.ssh.localAddress,
localPort: config.ssh.localPort,
term: config.ssh.term,
readyTimeout: config.ssh.readyTimeout,
keepaliveInterval: config.ssh.keepaliveInterval,
keepaliveCountMax: config.ssh.keepaliveCountMax,
allowedSubnets: config.ssh.allowedSubnets?.length ?? 0,
algorithms: {
cipher: config.ssh.algorithms.cipher.length,
kex: config.ssh.algorithms.kex.length,
hmac: config.ssh.algorithms.hmac.length,
compress: config.ssh.algorithms.compress.length,
serverHostKey: config.ssh.algorithms.serverHostKey.length
}
},
header: config.header,
options: config.options,
session: {
name: config.session.name,
secret: maskSessionSecret(config.session.secret)
},
sso: {
enabled: config.sso.enabled,
csrfProtection: config.sso.csrfProtection,
trustedProxies: config.sso.trustedProxies.length
}
};
};