Gronod
8fa20c6990
Added server/utils/sanitizeError.js which redacts: - ?apikey= query parameters (SABnzbd passes key in URL) - ?token= query parameters - X-Api-Key / X-MediaBrowser-Token / X-Emby-Authorization header values if they appear in the error message string Applied to all catch blocks in emby.js, sabnzbd.js, sonarr.js, radarr.js, and dashboard.js. Internal error.message still logged server-side (unredacted) for debugging.
16 lines
617 B
JavaScript
16 lines
617 B
JavaScript
const API_KEY_PATTERN = /([?&]apikey=)[^&\s]*/gi;
|
|
const TOKEN_PATTERN = /([?&]token=)[^&\s]*/gi;
|
|
const HEADER_PATTERN = /x-(?:api-key|mediabrowser-token|emby-authorization):[^\s,]*/gi;
|
|
|
|
function sanitizeError(err) {
|
|
let msg = err.message || String(err);
|
|
// Redact API keys in URLs (SABnzbd passes apikey as query param)
|
|
msg = msg.replace(API_KEY_PATTERN, '$1[REDACTED]');
|
|
msg = msg.replace(TOKEN_PATTERN, '$1[REDACTED]');
|
|
// Redact auth header values if they appear in the message
|
|
msg = msg.replace(HEADER_PATTERN, (m) => m.split(':')[0] + ':[REDACTED]');
|
|
return msg;
|
|
}
|
|
|
|
module.exports = sanitizeError;
|