67 lines
1.8 KiB
JavaScript
67 lines
1.8 KiB
JavaScript
// src/utils/otpLogger.js
|
|
// === SECURITY HARDENING: OTP LOGGING ===
|
|
// Safe OTP logging helper that only logs in development and never to centralized logs
|
|
|
|
const isDevelopment = process.env.NODE_ENV === 'development';
|
|
const isProduction = process.env.NODE_ENV === 'production';
|
|
|
|
/**
|
|
* Safely log OTP code for debugging purposes
|
|
* - Only logs in development mode
|
|
* - Never logs to production or centralized logging systems
|
|
* - Uses console.log (not console.error) to avoid log aggregation
|
|
* - Clearly marked as DEV-ONLY
|
|
*
|
|
* @param {string} phone - Phone number (can be partially masked)
|
|
* @param {string} otp - OTP code (will be logged only in dev)
|
|
*/
|
|
function logOtpForDebug(phone, otp) {
|
|
if (!isDevelopment) {
|
|
// In production, never log OTPs
|
|
return;
|
|
}
|
|
|
|
// Mask phone number for additional safety (show only last 4 digits)
|
|
const maskedPhone = phone.length > 4
|
|
? phone.slice(0, -4).replace(/\d/g, '*') + phone.slice(-4)
|
|
: '****';
|
|
|
|
// Use console.log (not error/warn) to avoid log aggregation systems
|
|
// Prefix with [DEV-ONLY] to make it clear this is development-only
|
|
console.log('[DEV-ONLY] OTP generated:', {
|
|
phone: maskedPhone,
|
|
code: otp,
|
|
warning: 'This log should NEVER appear in production logs'
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Log OTP generation event without exposing the code
|
|
* Safe for production use
|
|
*
|
|
* @param {string} phone - Phone number (masked)
|
|
* @param {boolean} smsSent - Whether SMS was successfully sent
|
|
*/
|
|
function logOtpEvent(phone, smsSent) {
|
|
const maskedPhone = phone.length > 4
|
|
? phone.slice(0, -4).replace(/\d/g, '*') + phone.slice(-4)
|
|
: '****';
|
|
|
|
if (smsSent) {
|
|
console.log('OTP sent via SMS:', maskedPhone);
|
|
} else {
|
|
console.warn('OTP generated but SMS failed:', maskedPhone);
|
|
}
|
|
}
|
|
|
|
module.exports = {
|
|
logOtpForDebug,
|
|
logOtpEvent,
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|