added scrubbing to api function requestArgs (#27)

Daniel-Estoll · web-flow · commit a20cd0cbb9bf · 2025-07-23T11:27:18.000-06:00
* added scrubbing to api function requestArgs

* Changed iteration to go through keys, added scrubbing to scrubKeys, changed * to 8

* closed some holes and fixed some edge cases

* cleaning the scrubbing

* bumped version

* changed Record to Partial&lt;Record&gt;
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "polyapi",
-  "version": "0.24.9",
+  "version": "0.24.10",
   "description": "Poly is a CLI tool to help create and manage your Poly definitions.",
   "license": "MIT",
   "repository": {
diff --git a/templates/api-index.js b/templates/api-index.js
@@ -49,6 +49,28 @@ const handleError = (err) => {
   };
 }
 
+const scrub = (data) => {
+  if (!data || typeof data !== 'object' ) return data;
+  const secrets = ["x_api_key", "x-api-key", "access_token", "access-token", "authorization", "api_key", "api-key", "apikey", "accesstoken", "token", "password", "key"];
+  if (Array.isArray(data)) {
+    return data.map(item => scrub(item))
+  }
+  else {
+    const temp = {};
+    for (const key of Object.keys(data)) {
+      if (typeof data[key] === 'object') {
+        temp[key] = scrub(data[key]);
+      } else if (secrets.includes(key.toLowerCase())) {
+        temp[key] = "********";
+      } else {
+        temp[key] = data[key];
+      }
+    }
+    return temp
+  }
+}
+
+
 const executeApiFunction = (id, clientID, polyCustom, requestArgs) => {
   const requestServerStartTime = Date.now();
 
@@ -78,7 +100,8 @@ const executeApiFunction = (id, clientID, polyCustom, requestArgs) => {
         try {
           responseData = JSON.stringify(data.data);
         } catch (err) {}
-        console.error('Error executing api function with id:', id, 'Status code:', data.status, 'Request data:', requestArgs, 'Response data:', responseData);
+        scrub(requestArgs)
+        console.error('Error executing api function with id:', id, 'Status code:', data.status, 'Request data:', scrubbedArgs, 'Response data:', responseData);
       }
 
       serverPreperationTimeMs = Number(polyHeaders['x-poly-execution-duration']);
@@ -96,6 +119,7 @@ const executeApiFunction = (id, clientID, polyCustom, requestArgs) => {
       })
     }).then(({ headers, data, status }) => {
       if (status && (status < 200 || status >= 300) && process.env.LOGS_ENABLED) {
+        scrub(requestArgs)
         console.error('Error direct executing api function with id:', id, 'Status code:', status, 'Request data:', requestArgs, 'Response data:', data.data);
       }
       const apiExecutionTimeMs = Date.now() - requestApiStartTime;
@@ -127,6 +151,7 @@ const executeApiFunction = (id, clientID, polyCustom, requestArgs) => {
       try {
         responseData = JSON.stringify(data.data);
       } catch (err) {}
+      scrub(requestArgs)
       console.error('Error executing api function with id:', id, 'Status code:', data.status, 'Request data:', requestArgs, 'Response data:', responseData);
     }
     const serverExecutionTimeMs = Number(headers['x-poly-execution-duration']);
diff --git a/templates/axios.js b/templates/axios.js
@@ -5,6 +5,7 @@ const https = require('https');
 const dotenv = require('dotenv');
 const polyCustom = require('./poly-custom');
 const { API_KEY, API_BASE_URL } = require('./constants');
+import { scrub } from './api-index.js'
 
 dotenv.config();
 
@@ -43,13 +44,16 @@ axios.interceptors.request.use(
 );
 
 const scrubKeys = (err) => {
-  if (err.request && typeof err.request.headers === 'object' && err.request.headers.Authorization) {
+  if (!err.request || typeof err.request.headers !== 'object') throw err
+  const temp = scrub(err.request.headers)
+  if (err.request.headers.Authorization) {
     // Scrub any credentials in the authorization header
     const [type, ...rest] = err.request.headers.Authorization.split(' ');
-    err.request.headers.Authorization = rest.length && type
+    temp.Authorization = rest.length && type
       ? `${type} ********`
       : `********`;
   }
+  err.request.headers = temp
   throw err;
 };
 
diff --git a/templates/tabi/types.d.ts b/templates/tabi/types.d.ts
@@ -43,14 +43,14 @@ type PolyCountQuery<T extends Record<string, unknown>> = Clean<{
 
 type PolySelectOneQuery<T extends Record<string, unknown>> = Clean<{
   where?: Where<T>;
-  orderBy?: Record<keyof T, 'asc' | 'desc'>;
+  orderBy?: Partial<Record<keyof T, 'asc' | 'desc'>>;
 }>;
 
 type PolySelectManyQuery<T extends Record<string, unknown>> = Clean<{
   where?: Where<T>;
   limit?: number; // 1000 is max limit for now
   offset?: number;
-  orderBy?: Record<keyof T, 'asc' | 'desc'>;
+  orderBy?: Partial<Record<keyof T, 'asc' | 'desc'>>;
 }>;
 
 type PolyDeleteQuery<T extends Record<string, unknown>> = Clean<{

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "polyapi",`
`3`		`- "version": "0.24.9",`
	`3`	`+ "version": "0.24.10",`
`4`	`4`	`"description": "Poly is a CLI tool to help create and manage your Poly definitions.",`
`5`	`5`	`"license": "MIT",`
`6`	`6`	`"repository": {`