[Prod] More LogRocket filtering (#786)

* Making it so the URLs are shared to reduce the chance of them separating
Masking the encryption calls
Cleaning up the old function

* Making the code a bit more safe and supporting updates

* Moving shared stuff around a bit

src/api/oauth.ts

@@ -1,10 +1,6 @@
-import { FUNCTIONS, invokeSupabase } from 'services/supabase';
+import { FUNCTIONS, invokeSupabase, OAUTH_OPERATIONS } from 'services/supabase';
 
-const OPERATIONS = {
-    AUTH_URL: 'auth-url',
-    ACCESS_TOKEN: 'access-token',
-    ENCRYPT_CONFIG: 'encrypt-config',
-};
+const OAUTH_URL_SUFFIX = '/oauth';
 
 export interface AccessTokenResponse {
     [k: string]: any;
@@ -18,9 +14,9 @@ export interface AuthURLResponse {
 
 export const authURL = (connectorId: string, config: any) => {
     return invokeSupabase<AuthURLResponse>(FUNCTIONS.OAUTH, {
-        operation: OPERATIONS.AUTH_URL,
+        operation: OAUTH_OPERATIONS.AUTH_URL,
         connector_id: connectorId,
-        redirect_uri: `${window.location.origin}/oauth`,
+        redirect_uri: `${window.location.origin}${OAUTH_URL_SUFFIX}`,
         config,
     });
 };
@@ -32,8 +28,8 @@ export const accessToken = (
     code_verifier: string | null
 ) => {
     return invokeSupabase<AccessTokenResponse>(FUNCTIONS.OAUTH, {
-        operation: OPERATIONS.ACCESS_TOKEN,
-        redirect_uri: `${window.location.origin}/oauth`,
+        operation: OAUTH_OPERATIONS.ACCESS_TOKEN,
+        redirect_uri: `${window.location.origin}${OAUTH_URL_SUFFIX}`,
         state,
         code,
         config,
@@ -47,7 +43,7 @@ export const encryptConfig = (
     config: any
 ) => {
     return invokeSupabase<any>(FUNCTIONS.OAUTH, {
-        operation: OPERATIONS.ENCRYPT_CONFIG,
+        operation: OAUTH_OPERATIONS.ENCRYPT_CONFIG,
         connector_id: connectorId,
         connector_tag_id: connectorTagId,
         config,

src/services/logrocket.ts

@@ -3,7 +3,7 @@ import { includeKeys } from 'filter-obj';
 import { isEmpty } from 'lodash';
 import LogRocket from 'logrocket';
 import setupLogRocketReact from 'logrocket-react';
-import { getUserDetails } from 'services/supabase';
+import { getUserDetails, OAUTH_OPERATIONS } from 'services/supabase';
 import { getAppVersion, getLogRocketSettings } from 'utils/env-utils';
 
 // Based on node_modules/logrocket/dist/types.d.ts
@@ -19,7 +19,7 @@ interface Settings {
     serverURL?: any;
 }
 
-type ParsedBody = [{ [k: string]: any }] | { [k: string]: any } | undefined;
+type ParsedBody = any | undefined;
 
 export enum CustomEvents {
     CAPTURE_TEST = 'Capture_Test',
@@ -49,7 +49,13 @@ export const MASKED = '**MASKED**';
 // for endspoints where we want nothing ever logged
 const maskEverythingURLs = ['config-encryption.estuary.dev'];
 const shouldMaskEverything = (url?: string) =>
-    maskEverythingURLs.some((el) => url?.includes(el));
+    maskEverythingURLs.some((el) => url?.toLowerCase().includes(el));
+
+const maskEverythingOperations = [OAUTH_OPERATIONS.ENCRYPT_CONFIG];
+const shouldMaskEverythingInOperation = (operation?: string) =>
+    maskEverythingOperations.some(
+        (el) => operation?.toLowerCase().includes(el)
+    );
 
 // for endpoints where we do not want to mess with the request at all
 const ignoreURLs = ['lr-in-prod'];
@@ -104,27 +110,26 @@ const processBody = (
     return originalIsArray ? response : response[0];
 };
 
-// DISABLE BODY FILTERING
 // Used to parse the body of a request/response. Will handle very basic use of just
 //  a string or object body. To keep stuff safe if we cannot parse the string we
 //  set everything to masked.
-// const parseBody = (body: any): ParsedBody => {
-//     let formattedContent;
-
-//     if (typeof body === 'string') {
-//         try {
-//             // If the body has length parse it otherwise leave it as a blank string
-//             formattedContent = body.length > 0 ? JSON.parse(body) : '';
-//         } catch (error: unknown) {
-//             // If the JSON messes up getting parsed just be safe and mask everything
-//             formattedContent = MASKED;
-//         }
-//     } else if (typeof body === 'object') {
-//         formattedContent = body;
-//     }
-
-//     return formattedContent;
-// };
+const parseBody = (body: any): ParsedBody => {
+    let formattedContent;
+
+    if (typeof body === 'string') {
+        try {
+            // If the body has length parse it otherwise leave it as a blank string
+            formattedContent = body.length > 0 ? JSON.parse(body) : '';
+        } catch (error: unknown) {
+            // If the JSON messes up getting parsed just be safe and mask everything
+            formattedContent = MASKED;
+        }
+    } else if (typeof body === 'object') {
+        formattedContent = body;
+    }
+
+    return formattedContent;
+};
 
 // Go through the request and handle the skipping, masking, filtering
 const maskContent = (requestResponse: any) => {
@@ -137,7 +142,18 @@ const maskContent = (requestResponse: any) => {
     //   SOPs encryption endpoint we don't really want to accidently leak anything.
     if (shouldMaskEverything(requestResponse.url)) {
         requestResponse.body = MASKED;
-        return requestResponse;
+    } else {
+        // If we are not masking everything then we need to check if the operation being called
+        //  is one that requires extra masking. This is mainly for the oauth "encrypt-config" call
+        const parsedBody = parseBody(requestResponse.body);
+
+        if (
+            parsedBody &&
+            typeof parsedBody !== 'string' &&
+            shouldMaskEverythingInOperation(parsedBody?.operation)
+        ) {
+            requestResponse.body = `${MASKED}_${parsedBody?.operation}`;
+        }
     }
 
     //  DISABLE BODY FILTERING

src/services/supabase.ts

@@ -79,6 +79,12 @@ export enum FUNCTIONS {
     BILLING = 'billing',
 }
 
+export const OAUTH_OPERATIONS = {
+    AUTH_URL: 'auth-url',
+    ACCESS_TOKEN: 'access-token',
+    ENCRYPT_CONFIG: 'encrypt-config',
+};
+
 export const supabaseClient = createClient(
     supabaseSettings.url,
     supabaseSettings.anonKey,