Redact Gravity API key from upstream errors

Author: jahooma

web/src/app/api/v1/gravity-index/search/__tests__/gravity-index-search.test.ts

@@ -18,11 +18,13 @@ describe('/api/v1/gravity-index/search POST endpoint', () => {
   let mockTrackEvent: TrackEventFn
   let mockGetUserInfoFromApiKey: GetUserInfoFromApiKeyFn
   let mockFetch: typeof globalThis.fetch
+  let mockWarn: ReturnType<typeof mock>
 
   beforeEach(() => {
+    mockWarn = mock(() => {})
     mockLogger = {
       error: mock(() => {}),
-      warn: mock(() => {}),
+      warn: mockWarn,
       info: mock(() => {}),
       debug: mock(() => {}),
     }
@@ -194,4 +196,48 @@ describe('/api/v1/gravity-index/search POST endpoint', () => {
     expect(res.status).toBe(502)
     expect(await res.json()).toEqual({ error: 'bad request' })
   })
+
+  test('redacts Gravity API key from upstream error responses and logs', async () => {
+    mockFetch = Object.assign(
+      mock(async () =>
+        new Response(
+          JSON.stringify({
+            detail: [
+              {
+                input: {
+                  query: '',
+                  platform_api_key: 'gravity-key',
+                },
+              },
+            ],
+          }),
+          { status: 422, headers: { 'Content-Type': 'application/json' } },
+        ),
+      ),
+      { preconnect: () => {} },
+    ) as typeof fetch
+    const req = new NextRequest(
+      'http://localhost:3000/api/v1/gravity-index/search',
+      {
+        method: 'POST',
+        headers: { Authorization: 'Bearer valid' },
+        body: JSON.stringify({ query: 'transactional email' }),
+      },
+    )
+
+    const res = await postGravityIndexSearch({
+      req,
+      getUserInfoFromApiKey: mockGetUserInfoFromApiKey,
+      logger: mockLogger,
+      loggerWithContext: mockLoggerWithContext,
+      trackEvent: mockTrackEvent,
+      fetch: mockFetch,
+      serverEnv: testServerEnv,
+    })
+
+    expect(res.status).toBe(502)
+    expect(JSON.stringify(await res.json())).not.toContain('gravity-key')
+    expect(JSON.stringify(mockWarn.mock.calls)).not.toContain('gravity-key')
+    expect(JSON.stringify(mockWarn.mock.calls)).toContain('[redacted]')
+  })
 })

web/src/app/api/v1/gravity-index/search/_post.ts

@@ -34,6 +34,9 @@ const getErrorMessage = (value: unknown): string | undefined => {
   return typeof message === 'string' ? message : undefined
 }
 
+const redactGravityApiKey = (text: string, gravityApiKey: string) =>
+  text.split(gravityApiKey).join('[redacted]')
+
 export async function postGravityIndexSearch(params: {
   req: NextRequest
   getUserInfoFromApiKey: GetUserInfoFromApiKeyFn
@@ -116,15 +119,20 @@ export async function postGravityIndexSearch(params: {
     })
 
     const text = await response.text()
+    const redactedText = redactGravityApiKey(text, publisherKey)
     const json = tryParseJson(text)
 
     if (!response.ok) {
-      const error = (getErrorMessage(json) ?? text) || 'Gravity Index failed'
+      const upstreamError = getErrorMessage(json)
+      const error =
+        (upstreamError
+          ? redactGravityApiKey(upstreamError, publisherKey)
+          : redactedText) || 'Gravity Index failed'
       logger.warn(
         {
           status: response.status,
           statusText: response.statusText,
-          body: text.slice(0, 500),
+          body: redactedText.slice(0, 500),
         },
         'Gravity Index upstream request failed',
       )
@@ -138,7 +146,10 @@ export async function postGravityIndexSearch(params: {
     }
 
     if (!json || typeof json !== 'object' || Array.isArray(json)) {
-      logger.warn({ body: text.slice(0, 500) }, 'Invalid Gravity Index JSON')
+      logger.warn(
+        { body: redactedText.slice(0, 500) },
+        'Invalid Gravity Index JSON',
+      )
       return NextResponse.json(
         { error: 'Invalid Gravity Index response' },
         { status: 502 },