X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fcommon.js;h=c0aaf3799c7f3d2609ae2ce7ee8c6cec3482facb;hb=HEAD;hp=d69e6ad6a2131d12d975dbaaddaca70fdb3551e5;hpb=681ff60618195ab6754e5b8718a32e53ab2222ec;p=squeep-authentication-module

diff --git a/lib/common.js b/lib/common.js
index d69e6ad..5563254 100644
--- a/lib/common.js
+++ b/lib/common.js
@@ -1,17 +1,20 @@
 'use strict';
 
 const { common } = require('@squeep/api-dingus');
+const { randomBytes } = require('node:crypto');
+const { promisify } = require('node:util');
 
+const randomBytesAsync = promisify(randomBytes);
 
 /**
  * Recursively freeze an object.
- * @param {Object} o
- * @returns {Object}
+ * @param {object} o object to freeze
+ * @returns {object} frozen object
  */
 const freezeDeep = (o) => {
   Object.freeze(o);
   Object.getOwnPropertyNames(o).forEach((prop) => {
-    if (Object.hasOwnProperty.call(o, prop)
+    if (Object.hasOwn(o, prop)
     &&  ['object', 'function'].includes(typeof o[prop]) // eslint-disable-line security/detect-object-injection
     &&  !Object.isFrozen(o[prop])) { // eslint-disable-line security/detect-object-injection
       return freezeDeep(o[prop]); // eslint-disable-line security/detect-object-injection
@@ -22,9 +25,9 @@ const freezeDeep = (o) => {
 
 /**
  * Return a new object duplicating `o`, without the properties specified.
- * @param {Object} o
- * @param {String[]} props
- * @returns {Object}
+ * @param {object} o source object
+ * @param {string[]} props list of property names to omit
+ * @returns {object} pruned object
  */
 const omit = (o, props) => {
   return Object.fromEntries(Object.entries(o).filter(([k]) => !props.includes(k)));
@@ -32,9 +35,10 @@ const omit = (o, props) => {
 
 /**
  * Helper to log mystery-box statistics.
- * @param {ConsoleLike} logger
- * @param {String} scope
- * @returns {Function}
+ * @param {object} logger logger
+ * @param {Function} logger.debug log debug
+ * @param {string} scope scope
+ * @returns {Function} stats log decorator
  */
 const mysteryBoxLogger = (logger, scope) => {
   return (s) => {
@@ -46,8 +50,24 @@ const mysteryBoxLogger = (logger, scope) => {
   };
 };
 
+/**
+ * Hide sensitive part of an Authorization header.
+ * @param {string} authHeader header value
+ * @returns {string} scrubbed header value
+ */
+const obscureAuthorizationHeader = (authHeader) => {
+  if (!authHeader) {
+    return authHeader;
+  }
+  const space = authHeader.indexOf(' ');
+  // This blurs entire string if no space found, because -1.
+  return authHeader.slice(0, space + 1) + '*'.repeat(authHeader.length - (space + 1));
+};
+
 module.exports = Object.assign(Object.create(common), {
   freezeDeep,
   mysteryBoxLogger,
+  obscureAuthorizationHeader,
   omit,
-});
\ No newline at end of file
+  randomBytesAsync,
+});