handle edge case for short key strings

Apikey obscure unobscure Aws Apikey
hope this works?
2026-01-25 02:08:24 +00:00 · 2022-09-20 15:05:20 -07:00 · 2022-09-20 15:05:20 -07:00 · 2022-09-20 15:05:20 -07:00 · 2022-09-20 15:05:20 -07:00 · 2022-09-20 15:05:20 -07:00
1 changed files with 33 additions and 7 deletions
--- a/lib/routes/api/speech-credentials.js
+++ b/lib/routes/api/speech-credentials.js
@@ -15,6 +15,16 @@ const {
  testWellSaidTts
 } = require('../../utils/speech-utils');

+const obscureKey = (key) => {
+  const key_spoiler_length = 6;
+  const key_spoiler_char = 'X';
+
+  if (key.length <= key_spoiler_length) {
+    return key;
+  }
+
+  return `${key.slice(0, key_spoiler_length)}${key_spoiler_char.repeat(key.length - key_spoiler_length)}`;
+};

 const encryptCredential = (obj) => {
  const {
@@ -110,24 +120,30 @@ router.get('/', async(req, res) => {
    res.status(200).json(creds.map((c) => {
      const {credential, ...obj} = c;
      if ('google' === obj.vendor) {
-        obj.service_key = JSON.parse(decrypt(credential));
+        const o = JSON.parse(decrypt(credential));
+        const key_header = '-----BEGIN PRIVATE KEY-----\n';
+        const obscured = {
+          ...o,
+          private_key: `${key_header}${obscureKey(o.private_key.slice(key_header.length, o.private_key.length))}`
+        };
+        obj.service_key = obscured;
      }
      else if ('aws' === obj.vendor) {
        const o = JSON.parse(decrypt(credential));
        obj.access_key_id = o.access_key_id;
-        obj.secret_access_key = o.secret_access_key;
+        obj.secret_access_key = obscureKey(o.secret_access_key);
        obj.aws_region = o.aws_region;
        logger.info({obj, o}, 'retrieving aws speech credential');
      }
      else if ('microsoft' === obj.vendor) {
        const o = JSON.parse(decrypt(credential));
-        obj.api_key = o.api_key;
+        obj.api_key = obscureKey(o.api_key);
        obj.region = o.region;
        logger.info({obj, o}, 'retrieving azure speech credential');
      }
      else if ('wellsaid' === obj.vendor) {
        const o = JSON.parse(decrypt(credential));
-        obj.api_key = o.api_key;
+        obj.api_key = obscureKey(o.api_key);
      }
      return obj;
    }));
@@ -147,19 +163,29 @@ router.get('/:sid', async(req, res) => {
    if (0 === cred.length) return res.sendStatus(404);
    const {credential, ...obj} = cred[0];
    if ('google' === obj.vendor) {
-      obj.service_key = decrypt(credential);
+      const o = JSON.parse(decrypt(credential));
+      const key_header = '-----BEGIN PRIVATE KEY-----\n';
+      const obscured = {
+        ...o,
+        private_key: `${key_header}${obscureKey(o.private_key.slice(key_header.length, o.private_key.length))}`
+      };
+      obj.service_key = JSON.stringify(obscured);
    }
    else if ('aws' === obj.vendor) {
      const o = JSON.parse(decrypt(credential));
      obj.access_key_id = o.access_key_id;
-      obj.secret_access_key = o.secret_access_key;
+      obj.secret_access_key = obscureKey(o.secret_access_key);
      obj.aws_region = o.aws_region;
    }
    else if ('microsoft' === obj.vendor) {
      const o = JSON.parse(decrypt(credential));
-      obj.api_key = o.api_key;
+      obj.api_key = obscureKey(o.api_key);
      obj.region = o.region;
    }
+    else if ('wellsaid' === obj.vendor) {
+      const o = JSON.parse(decrypt(credential));
+      obj.api_key = obscureKey(o.api_key);
+    }
    res.status(200).json(obj);
  } catch (err) {
    sysError(logger, res, err);
Author	SHA1	Message	Date
kitajchuk	ec73bcef53	handle edge case for short key strings	2022-09-20 15:05:20 -07:00
khang	28d9bbf98e	Apikey obscure unobscure Aws Apikey	2022-09-20 15:05:20 -07:00
khang	e5793a85f2	hope this works?	2022-09-20 15:05:20 -07:00
khang	31db9131b8	changes suggested and fix wellsaid apikey return	2022-09-20 15:05:20 -07:00
khang	c1a2c6c591	obscuring api key when called from webapp	2022-09-20 15:05:20 -07:00