Merge branch 'develop' of github.com:opencrvs/opencrvs-countryconfig …

…into develop

CHANGELOG.md

@@ -12,6 +12,10 @@
 
 - **Title** Description
 
+### Improvements
+
+- Auth token, ip address, remote address, mobile number, email redacted/masked from server log
+
 ### Infrastructure breaking changes
 
 - **Title** Description
@@ -73,13 +77,15 @@ INSERT CSV ROWS IN ENGLISH ONLY
  4. 'NAME',
  5. 'PHONE_NUMBER',
  6. 'EMAIL'
+- Updated `allowedFileFormats` in signature fields to use MIME types (`image/png`, `image/jpg`, `image/jpeg`, `image/svg`) instead of simple file extensions. If you are already using the `allowedFileFormats` field in your implementation, please ensure to update the format accordingly.
 
 ### New features
 
 - Certificate handlebar for registration fees `registrationFees` [#6817](https://github.com/opencrvs/opencrvs-core/issues/6817)
 - Logged in user details handlebar `loggedInUser` [#6529](https://github.com/opencrvs/opencrvs-core/issues/6529)
 - Supporting document fields can now be made required
 - If there is only one option in the document uploader select, then it stays hidden and only the upload button is showed with the only option being selected by default
+- The select options in DOCUMENT_UPLOADER_WITH_OPTION field can now be hidden using the new `optionCondition` property. It works similarly to the same property available in SELECT_WITH_OPTIONS field
 
 * **ElasticSearch reindexing**
 
@@ -95,7 +101,6 @@ INSERT CSV ROWS IN ENGLISH ONLY
 
 ## Bug fixes
 
-
 - Github pipeline dedicated for reading secrets and variables from other environments now checks if GH_TOKEN is still valid before attempting other operations
 - Remove unnecessary UI dividers that add in various sections of the declaration forms(e.g the Death, Birth and Marriage forms) [#244](https://github.com/opencrvs/opencrvs-countryconfig/pull/244)
 

src/api/notification/email-service.ts

@@ -9,7 +9,7 @@
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
 
-import { logger } from '@countryconfig/logger'
+import { logger, maskEmail } from '@countryconfig/logger'
 import * as Handlebars from 'handlebars'
 import * as nodemailer from 'nodemailer'
 import {
@@ -50,12 +50,14 @@ export const sendEmail = async (params: {
 
  if (formattedParams.to.endsWith('@example.com')) {
  logger.info(
- `Example email detected: ${formattedParams.to}. Not sending the email.`
+ `Example email detected: ${maskEmail(
+ formattedParams.to
+ )}. Not sending the email.`
  )
  return
  }
 
- logger.info(`Sending email to ${formattedParams.to}`)
+ logger.info(`Sending email to ${maskEmail(formattedParams.to)}`)
 
  const emailTransport = nodemailer.createTransport({
  host: SMTP_HOST,
@@ -77,7 +79,9 @@ export const sendEmail = async (params: {
  logger.error(`Unable to send mass email for error : ${error}`)
  } else {
  logger.error(
- `Unable to send email to ${formattedParams.to} for error : ${error}`
+ `Unable to send email to ${maskEmail(
+ formattedParams.to
+ )} for error : ${error}`
  )
  }
 

src/api/notification/handler.ts

@@ -8,7 +8,7 @@
  *
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
-import { logger } from '@countryconfig/logger'
+import { logger, maskEmail, maskSms } from '@countryconfig/logger'
 import * as Hapi from '@hapi/hapi'
 import * as Joi from 'joi'
 import { IApplicationConfig, getApplicationConfig } from '../../utils'
@@ -88,6 +88,14 @@ export async function notificationHandler(
 
  if (process.env.NODE_ENV !== 'production') {
  const { templateName, recipient, convertUnicode, type } = payload
+ if ('sms' in recipient) {
+ recipient.sms = maskSms(recipient.sms)
+ } else {
+ recipient.email = maskEmail(recipient.email)
+ recipient.bcc = Array.isArray(recipient.bcc)
+ ? recipient.bcc.map(maskEmail)
+ : undefined
+ }
  logger.info(
  `Ignoring notification due to NODE_ENV not being 'production'. Params: ${JSON.stringify(
  {
@@ -103,7 +111,9 @@ export async function notificationHandler(
 
  if (isEmailPayload(applicationConfig, payload)) {
  const { templateName, variables, recipient } = payload
- logger.info(`Notification method is email and recipient ${recipient.email}`)
+ logger.info(
+ `Notification method is email and recipient ${maskEmail(recipient.email)}`
+ )
 
  const template = getTemplate(templateName.email)
  const emailSubject =
@@ -161,7 +171,7 @@ export async function emailHandler(
  if (process.env.NODE_ENV !== 'production') {
  logger.info(
  `Ignoring email due to NODE_ENV not being 'production'. Params: ${JSON.stringify(
- payload
+ { ...payload, from: maskEmail(payload.from), to: maskEmail(payload.to) }
  )}`
  )
  return h.response().code(200)

src/api/notification/sms-service.ts

@@ -13,7 +13,7 @@ import {
  INFOBIP_GATEWAY_ENDPOINT,
  INFOBIP_SENDER_ID
 } from './constant'
-import { logger } from '@countryconfig/logger'
+import { logger, maskSms } from '@countryconfig/logger'
 import fetch from 'node-fetch'
 import * as Handlebars from 'handlebars'
 import { internal } from '@hapi/boom'
@@ -81,9 +81,13 @@ export async function sendSMS(
 
  const responseBody = await response.text()
  if (!response.ok) {
- logger.error(`Failed to send sms to ${recipient}. Reason: ${responseBody}`)
+ logger.error(
+ `Failed to send sms to ${maskSms(recipient)}. Reason: ${responseBody}`
+ )
  throw internal(
- `Failed to send notification to ${recipient}. Reason: ${responseBody}`
+ `Failed to send notification to ${maskSms(
+ recipient
+ )}. Reason: ${responseBody}`
  )
  }
  logger.info(`Response from Infobip: ${JSON.stringify(responseBody)}`)

src/form/common/common-optional-fields.ts

@@ -210,6 +210,7 @@ export const informantsSignature = {
  validator: [],
  required: true,
  type: 'SIGNATURE',
+ allowedFileFormats: ['image/png', 'image/svg'],
  mapping: {
  mutation: {
  operation: 'fieldValueSectionExchangeTransformer',

src/form/marriage/required-sections.ts

@@ -116,6 +116,7 @@ const signatureFields = [
  required: true,
  validator: [],
  type: 'SIGNATURE',
+ allowedFileFormats: ['image/png'],
  mapping: {
  mutation: {
  operation: 'fieldValueSectionExchangeTransformer',
@@ -137,6 +138,7 @@ const signatureFields = [
  required: true,
  validator: [],
  type: 'SIGNATURE',
+ allowedFileFormats: ['image/png'],
  mapping: {
  mutation: {
  operation: 'fieldValueSectionExchangeTransformer',
@@ -158,6 +160,7 @@ const signatureFields = [
  required: true,
  validator: [],
  type: 'SIGNATURE',
+ allowedFileFormats: ['image/png'],
  mapping: {
  mutation: {
  operation: 'fieldValueSectionExchangeTransformer',
@@ -179,6 +182,7 @@ const signatureFields = [
  required: true,
  validator: [],
  type: 'SIGNATURE',
+ allowedFileFormats: ['image/png'],
  mapping: {
  mutation: {
  operation: 'fieldValueSectionExchangeTransformer',

src/form/types/types.ts

@@ -410,6 +410,7 @@ export interface IImageUploaderWithOptionsFormField extends IFormFieldBase {
 export interface IDocumentUploaderWithOptionsFormField extends IFormFieldBase {
  type: typeof DOCUMENT_UPLOADER_WITH_OPTION
  options: ISelectOption[]
+ optionCondition?: string
  hideOnEmptyOption?: boolean
  compressImagesToSizeMB?: number
  maxSizeMB?: number
@@ -483,7 +484,12 @@ export interface IHeading3Field extends IFormFieldBase {
 export interface ISignatureFormField extends IFormFieldBase {
  type: typeof SIGNATURE
  maxSizeMb?: number
- allowedFileFormats?: ('png' | 'jpg' | 'jpeg' | 'svg')[]
+ allowedFileFormats?: (
+ | 'image/png'
+ | 'image/jpg'
+ | 'image/jpeg'
+ | 'image/svg'
+ )[]
 }
 
 export type IFormField =

src/logger.ts

@@ -11,7 +11,13 @@
 import pino from 'pino'
 export const logger =
  process.env.NODE_ENV === 'production'
- ? pino()
+ ? pino({
+ redact: [
+ 'req.headers.authorization',
+ 'req.remoteAddress',
+ "req.headers['x-real-ip']"
+ ]
+ })
  : pino({
  transport: {
  target: 'pino-pretty',
@@ -25,3 +31,21 @@ export const logger =
 if (process.env.NODE_ENV === 'test') {
  logger.level = 'silent'
 }
+
+export function maskEmail(email: string) {
+ if (email.length <= 10)
+ return `${email.at(0)}${'*'.repeat(email.length - 2)}${email.at(-1)}`
+
+ // The regex matches everything EXCEPT the first 3 and last 4 characters.
+ return email.replace(/(?<=.{3}).*(?=.{4})/, (match) =>
+ '*'.repeat(match.length)
+ )
+}
+
+export function maskSms(sms: string) {
+ if (sms.length <= 8)
+ return `${sms.at(0)}${'*'.repeat(sms.length - 2)}${sms.at(-1)}`
+
+ // The regex matches everything EXCEPT the first 3 and last 2 characters.
+ return sms.replace(/(?<=.{3}).*(?=.{2})/, (match) => '*'.repeat(match.length))
+}

tsconfig.json

@@ -2,9 +2,7 @@
  "compilerOptions": {
  "baseUrl": "./src",
  "paths": {
- "@countryconfig/*": [
- "./*"
- ]
+ "@countryconfig/*": ["./*"]
  },
  "target": "es6",
  "module": "commonjs",
@@ -13,30 +11,17 @@
  "resolveJsonModule": true,
  "moduleResolution": "node",
  "rootDir": ".",
- "lib": [
- "esnext.asynciterable",
- "es6",
- "es2017",
- "es2019"
- ],
+ "lib": ["esnext.asynciterable", "es6", "es2017", "es2019", "es2022"],
  "forceConsistentCasingInFileNames": true,
  "esModuleInterop": true,
  "noImplicitReturns": true,
  "noImplicitThis": true,
  "noImplicitAny": true,
  "skipLibCheck": true,
  "strictNullChecks": true,
- "types": [
- "fhir",
- "jest",
- "geojson"
- ]
+ "types": ["fhir", "geojson"]
  },
- "include": [
- "src/**/*.ts",
- "infrastructure/environments/**/*.ts",
- "typings"
- ],
+ "include": ["src/**/*.ts", "infrastructure/environments/**/*.ts", "typings"],
  "exclude": [
  "node_modules",
  "cypress",
@@ -49,4 +34,4 @@
  "ts-node": {
  "files": true
  }
-}
+}