|
|
| |
| |
| |
| |
|
|
|
|
| let _enabled = true;
|
| let _observer = null;
|
| const PREF_KEY = 'odysseus-sensitive-blur';
|
| export const _prefEnabled = () => {
|
| try {
|
| return localStorage.getItem(PREF_KEY) === 'on';
|
| } catch (_) {
|
| return false;
|
| }
|
| };
|
|
|
|
|
| const PATTERNS = [
|
|
|
| { re: /\b[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}\b/g, label: 'email' },
|
|
|
| { re: /\b(sk-[a-zA-Z0-9]{20,}|pk-[a-zA-Z0-9]{20,}|ghp_[a-zA-Z0-9]{36,}|gho_[a-zA-Z0-9]{36,}|glpat-[a-zA-Z0-9\-_]{20,}|xox[bpras]-[a-zA-Z0-9\-]{10,}|npm_[a-zA-Z0-9]{36,}|AKIA[A-Z0-9]{12,})\b/g, label: 'api-key' },
|
|
|
| { re: /Bearer\s+[A-Za-z0-9._\-]{20,}/g, label: 'token' },
|
|
|
|
|
| { re: /(?:password|passwd|secret|api[_\-]?key|access[_\-]?token|auth[_\-]?token|private[_\-]?key|client[_\-]?secret)[\s]*[:=]\s*["']?[^\s"'<]{4,}["']?/gi, label: 'credential' },
|
|
|
| { re: /(?:password|passwd|secret|api[_\-]?key|access[_\-]?token|auth[_\-]?token|private[_\-]?key|client[_\-]?secret)\s{2,}[^\s<]{4,}/gi, label: 'credential' },
|
|
|
| { re: /(?:^|\n)\s*(?:password|passwd|secret|api[_\-]?key|token|private[_\-]?key)[\t ]*\n\s*([^\s<]{4,})/gim, label: 'credential' },
|
|
|
| { re: /-----BEGIN\s[\w\s]*PRIVATE KEY-----[\s\S]*?-----END\s[\w\s]*PRIVATE KEY-----/g, label: 'private-key' },
|
|
|
| { re: /\b[0-9a-f]{32,}\b/gi, label: 'hash' },
|
|
|
| { re: /\beyJ[A-Za-z0-9_\-]{10,}\.eyJ[A-Za-z0-9_\-]{10,}\.[A-Za-z0-9_\-]{10,}\b/g, label: 'jwt' },
|
|
|
| { re: /\b(?:10\.\d{1,3}|172\.(?:1[6-9]|2\d|3[01])|192\.168)\.\d{1,3}\.\d{1,3}(?::\d+)?\b/g, label: 'internal-ip' },
|
| ];
|
|
|
| export function init() {
|
|
|
| _loadState();
|
| window.addEventListener('odysseus-sensitive-blur-change', (e) => {
|
| setEnabled(e.detail?.enabled !== false);
|
| });
|
|
|
| document.addEventListener('click', (e) => {
|
| const el = e.target.closest('.censored-item');
|
| if (!el) return;
|
| e.preventDefault();
|
| e.stopPropagation();
|
| el.classList.toggle('revealed');
|
| });
|
| }
|
|
|
| function _loadState() {
|
|
|
| fetch('/api/auth/features', { credentials: 'same-origin' })
|
| .then(r => r.json())
|
| .then(features => {
|
| _enabled = features.sensitive_filter !== false && _prefEnabled();
|
|
|
| _startObserver();
|
| })
|
| .catch(() => {
|
|
|
| _enabled = _prefEnabled();
|
| _startObserver();
|
| });
|
| }
|
|
|
| function _startObserver() {
|
| if (_observer) return;
|
|
|
| _observer = new MutationObserver((mutations) => {
|
| if (!_enabled) return;
|
| for (const mutation of mutations) {
|
| for (const node of mutation.addedNodes) {
|
| if (node.nodeType !== 1) continue;
|
|
|
| if (node.classList && node.classList.contains('body')) {
|
| _scheduleProcess(node);
|
| } else if (node.querySelectorAll) {
|
| node.querySelectorAll('.msg .body, .msg-ai .body').forEach(b => _scheduleProcess(b));
|
| }
|
| }
|
| }
|
| });
|
|
|
|
|
| const targets = [
|
| document.getElementById('chat-container'),
|
| document.getElementById('chat-history'),
|
| ].filter(Boolean);
|
|
|
| targets.forEach(t => {
|
| _observer.observe(t, { childList: true, subtree: true });
|
| });
|
| }
|
|
|
|
|
| const _pending = new WeakSet();
|
| function _scheduleProcess(el) {
|
| if (_pending.has(el)) return;
|
| _pending.add(el);
|
|
|
|
|
| let attempts = 0;
|
| const maxAttempts = 30;
|
| const interval = setInterval(() => {
|
| _processElement(el);
|
| attempts++;
|
| if (attempts >= maxAttempts) clearInterval(interval);
|
| }, 2000);
|
|
|
| setTimeout(() => _processElement(el), 100);
|
|
|
| setTimeout(() => {
|
| clearInterval(interval);
|
| _processElement(el);
|
| _pending.delete(el);
|
| }, 60000);
|
| }
|
|
|
|
|
| const SENSITIVE_LABELS = /^(?:password|passwd|secret|api[_\-]?key|access[_\-]?token|auth[_\-]?token|private[_\-]?key|client[_\-]?secret|token|credentials?)$/i;
|
|
|
| function _processElement(el) {
|
| if (!_enabled || !el) return;
|
| if (el.closest && el.closest('.setup-guide-no-censor')) return;
|
|
|
|
|
| const walker = document.createTreeWalker(el, NodeFilter.SHOW_TEXT, null);
|
| const textNodes = [];
|
| let node;
|
| while ((node = walker.nextNode())) {
|
| if (node.parentElement.closest('.setup-guide-no-censor')) continue;
|
| if (node.parentElement.closest('pre:not(.censored-item), .censored-item')) continue;
|
| textNodes.push(node);
|
| }
|
|
|
| for (const textNode of textNodes) {
|
| const text = textNode.textContent;
|
| if (!text || text.trim().length < 4) continue;
|
|
|
| const matches = [];
|
| for (const pattern of PATTERNS) {
|
| pattern.re.lastIndex = 0;
|
| let m;
|
| while ((m = pattern.re.exec(text)) !== null) {
|
| matches.push({ start: m.index, end: m.index + m[0].length, text: m[0], label: pattern.label });
|
| }
|
| }
|
| if (matches.length === 0) continue;
|
|
|
| matches.sort((a, b) => a.start - b.start);
|
| const deduped = [matches[0]];
|
| for (let i = 1; i < matches.length; i++) {
|
| const prev = deduped[deduped.length - 1];
|
| if (matches[i].start < prev.end) {
|
| if (matches[i].end > prev.end) prev.end = matches[i].end;
|
| } else {
|
| deduped.push(matches[i]);
|
| }
|
| }
|
|
|
| const frag = document.createDocumentFragment();
|
| let lastIdx = 0;
|
| for (const match of deduped) {
|
| if (match.start > lastIdx) {
|
| frag.appendChild(document.createTextNode(text.slice(lastIdx, match.start)));
|
| }
|
| const span = document.createElement('span');
|
| span.className = 'censored-item';
|
| span.dataset.type = match.label;
|
| span.title = 'Click to reveal ' + match.label;
|
| span.textContent = match.text;
|
| frag.appendChild(span);
|
| lastIdx = match.end;
|
| }
|
| if (lastIdx < text.length) {
|
| frag.appendChild(document.createTextNode(text.slice(lastIdx)));
|
| }
|
| textNode.parentNode.replaceChild(frag, textNode);
|
| }
|
|
|
|
|
|
|
|
|
| _contextCensor(el);
|
| }
|
|
|
| function _contextCensor(el) {
|
|
|
| const allElements = el.querySelectorAll('td, th, dt, dd, span, strong, b, em, li, p, div');
|
| for (let i = 0; i < allElements.length; i++) {
|
| const elem = allElements[i];
|
| if (elem.closest('.setup-guide-no-censor')) continue;
|
| if (elem.closest('.censored-item, pre')) continue;
|
| const txt = (elem.textContent || '').trim();
|
| if (!SENSITIVE_LABELS.test(txt)) continue;
|
|
|
|
|
| let censored = false;
|
|
|
|
|
| let sibling = elem.nextSibling;
|
| while (sibling && !censored) {
|
| if (sibling.nodeType === 3) {
|
| const val = sibling.textContent.trim();
|
| if (val.length >= 4 && !SENSITIVE_LABELS.test(val)) {
|
| const span = document.createElement('span');
|
| span.className = 'censored-item';
|
| span.dataset.type = 'credential';
|
| span.title = 'Click to reveal credential';
|
| span.textContent = sibling.textContent;
|
| sibling.parentNode.replaceChild(span, sibling);
|
| censored = true;
|
| }
|
| } else if (sibling.nodeType === 1 && !sibling.closest('.censored-item')) {
|
|
|
| const val = sibling.textContent.trim();
|
| if (val.length >= 4 && !SENSITIVE_LABELS.test(val)) {
|
| _censorAllText(sibling);
|
| censored = true;
|
| }
|
| }
|
| sibling = censored ? null : sibling.nextSibling;
|
| }
|
|
|
|
|
| if (!censored) {
|
| const parent = elem.parentElement;
|
| if (parent) {
|
| const nextEl = parent.nextElementSibling;
|
| if (nextEl && !nextEl.closest('.censored-item')) {
|
| const val = nextEl.textContent.trim();
|
| if (val.length >= 2 && !SENSITIVE_LABELS.test(val)) {
|
| _censorAllText(nextEl);
|
| censored = true;
|
| }
|
| }
|
| }
|
| }
|
|
|
|
|
| if (!censored && elem.parentElement) {
|
| const parent = elem.parentElement;
|
| let found = false;
|
| for (let c = 0; c < parent.childNodes.length; c++) {
|
| const child = parent.childNodes[c];
|
| if (child === elem) { found = true; continue; }
|
| if (!found) continue;
|
| if (child.nodeType === 3 && child.textContent.trim().length >= 4) {
|
| const val = child.textContent.trim();
|
| if (!SENSITIVE_LABELS.test(val)) {
|
| const span = document.createElement('span');
|
| span.className = 'censored-item';
|
| span.dataset.type = 'credential';
|
| span.title = 'Click to reveal credential';
|
| span.textContent = child.textContent;
|
| child.parentNode.replaceChild(span, child);
|
| break;
|
| }
|
| }
|
| }
|
| }
|
| }
|
|
|
|
|
|
|
| const fullText = el.textContent || '';
|
| const labelValueRe = /(?:password|passwd|secret|api[_\-]?key|access[_\-]?token|private[_\-]?key|client[_\-]?secret|token|auth[_\-]?token)\s*[:\s]\s*(\S{4,})/gi;
|
| let m;
|
| while ((m = labelValueRe.exec(fullText)) !== null) {
|
| const value = m[1];
|
|
|
| _censorValueInElement(el, value);
|
| }
|
| }
|
|
|
| function _censorValueInElement(el, value) {
|
| if (!value || value.length < 4) return;
|
| const walker = document.createTreeWalker(el, NodeFilter.SHOW_TEXT, null);
|
| let node;
|
| while ((node = walker.nextNode())) {
|
| if (node.parentElement.closest('.setup-guide-no-censor')) continue;
|
| if (node.parentElement.closest('pre:not(.censored-item), .censored-item')) continue;
|
| const idx = node.textContent.indexOf(value);
|
| if (idx < 0) continue;
|
|
|
| const before = node.textContent.slice(0, idx);
|
| const after = node.textContent.slice(idx + value.length);
|
| const frag = document.createDocumentFragment();
|
| if (before) frag.appendChild(document.createTextNode(before));
|
| const span = document.createElement('span');
|
| span.className = 'censored-item';
|
| span.dataset.type = 'credential';
|
| span.title = 'Click to reveal credential';
|
| span.textContent = value;
|
| frag.appendChild(span);
|
| if (after) frag.appendChild(document.createTextNode(after));
|
| node.parentNode.replaceChild(frag, node);
|
| return;
|
| }
|
| }
|
|
|
| function _censorAllText(el) {
|
|
|
| if (el.querySelector('.censored-item')) return;
|
| const walker = document.createTreeWalker(el, NodeFilter.SHOW_TEXT, null);
|
| const nodes = [];
|
| let n;
|
| while ((n = walker.nextNode())) {
|
| if (n.parentElement.closest('.setup-guide-no-censor')) continue;
|
| if (n.parentElement.closest('.censored-item, pre')) continue;
|
| if (n.textContent.trim().length >= 2) nodes.push(n);
|
| }
|
| for (const tn of nodes) {
|
| const span = document.createElement('span');
|
| span.className = 'censored-item';
|
| span.dataset.type = 'credential';
|
| span.title = 'Click to reveal credential';
|
| span.textContent = tn.textContent;
|
| tn.parentNode.replaceChild(span, tn);
|
| }
|
| }
|
|
|
|
|
| export function censorElement(el) {
|
| if (!_enabled) return;
|
| _processElement(el);
|
| }
|
|
|
|
|
| export function setEnabled(enabled) {
|
| _enabled = enabled;
|
| if (!enabled) {
|
|
|
| document.querySelectorAll('.censored-item').forEach(el => el.classList.add('revealed'));
|
| } else {
|
| document.querySelectorAll('.censored-item').forEach(el => el.classList.remove('revealed'));
|
| }
|
| }
|
|
|
| export function isEnabled() {
|
| return _enabled;
|
| }
|
|
|
| const censorModule = { init, censorElement, setEnabled, isEnabled };
|
|
|
| export default censorModule;
|
|
|