Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redact sensitive header when DEBUG is set #1218

Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 13 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 25 additions & 1 deletion src/core.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1138,9 +1138,33 @@ function applyHeadersMut(targetHeaders: Headers, newHeaders: Headers): void {
}
}

const SENSITIVE_HEADERS = new Set(['authorization', 'api-key']);

export function debug(action: string, ...args: any[]) {
if (typeof process !== 'undefined' && process?.env?.['DEBUG'] === 'true') {
console.log(`OpenAI:DEBUG:${action}`, ...args);
const modifiedArgs = args.map((arg) => {
if (!arg) {
return arg;
}

const modifiedArg = { ...arg };
// Check for sensitive headers in request body 'headers' object
if (modifiedArg['headers']) {
for (const header in modifiedArg['headers']) {
if (SENSITIVE_HEADERS.has(header.toLowerCase())) {
modifiedArg['headers'][header] = 'REDACTED';
RobertCraigie marked this conversation as resolved.
Show resolved Hide resolved
}
}
}
// Check for sensitive headers in headers object
for (const header in modifiedArg) {
if (SENSITIVE_HEADERS.has(header.toLowerCase())) {
modifiedArg[header] = 'REDACTED';
}
}
return modifiedArg;
});
console.log(`OpenAI:DEBUG:${action}`, ...modifiedArgs);
}
}

Expand Down
58 changes: 57 additions & 1 deletion tests/index.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

import OpenAI from 'openai';
import { APIUserAbortError } from 'openai';
import { Headers } from 'openai/core';
import { debug, Headers } from 'openai/core';
import defaultFetch, { Response, type RequestInit, type RequestInfo } from 'node-fetch';

describe('instantiate client', () => {
Expand Down Expand Up @@ -411,3 +411,59 @@ describe('retries', () => {
expect(count).toEqual(3);
});
});

describe('Debug', () => {
const env = process.env;
const spy = jest.spyOn(console, 'log');

beforeEach(() => {
jest.resetModules();
process.env = { ...env };
process.env['DEBUG'] = 'true';
});

afterEach(() => {
process.env = env;
});

test('body request object with Authorization header', function () {
RobertCraigie marked this conversation as resolved.
Show resolved Hide resolved
// Test request body includes headers object with Authorization
const headersTest = {
headers: {
Authorization: 'fakeAuthorization',
},
};
debug('request', headersTest);
expect(spy).toHaveBeenCalledWith('OpenAI:DEBUG:request', {
headers: {
Authorization: 'REDACTED',
},
});
});

test('body request object with api-key header', function () {
// Test request body includes headers object with api-ley
const apiKeyTest = {
headers: {
'api-key': 'fakeKey',
},
};
debug('request', apiKeyTest);
expect(spy).toHaveBeenCalledWith('OpenAI:DEBUG:request', {
headers: {
'api-key': 'REDACTED',
},
});
});

test('header object with Authorization header', function () {
// Test headers object with authorization header
const authorizationTest = {
authorization: 'fakeValue',
};
debug('request', authorizationTest);
expect(spy).toHaveBeenCalledWith('OpenAI:DEBUG:request', {
authorization: 'REDACTED',
});
});
});
Loading