import { config } from '$lib/stores/settings.svelte'; import { REDACTED_HEADERS } from '$lib/constants'; import { redactValue } from './redact'; /** * Get authorization headers for API requests * Includes Bearer token if API key is configured */ export function getAuthHeaders(): Record { const currentConfig = config(); const apiKey = currentConfig.apiKey?.toString().trim(); return apiKey ? { Authorization: `Bearer ${apiKey}` } : {}; } /** * Get standard JSON headers with optional authorization */ export function getJsonHeaders(): Record { return { 'Content-Type': 'application/json', ...getAuthHeaders() }; } /** * Sanitize HTTP headers by redacting sensitive values. * Known sensitive headers (from REDACTED_HEADERS) and any extra headers * specified by the caller are fully redacted. Headers listed in * `partialRedactHeaders` are partially redacted, showing only the * specified number of trailing characters. * * @param headers - Headers to sanitize * @param extraRedactedHeaders - Additional header names to fully redact * @param partialRedactHeaders - Map of header name -> number of trailing chars to keep visible * @returns Object with header names as keys and (possibly redacted) values */ export function sanitizeHeaders( headers?: HeadersInit, extraRedactedHeaders?: Iterable, partialRedactHeaders?: Map ): Record { if (!headers) { return {}; } const normalized = new Headers(headers); const sanitized: Record = {}; const redactedHeaders = new Set( Array.from(extraRedactedHeaders ?? [], (header) => header.toLowerCase()) ); for (const [key, value] of normalized.entries()) { const normalizedKey = key.toLowerCase(); const partialChars = partialRedactHeaders?.get(normalizedKey); if (partialChars !== undefined) { sanitized[key] = redactValue(value, partialChars); } else if (REDACTED_HEADERS.has(normalizedKey) || redactedHeaders.has(normalizedKey)) { sanitized[key] = redactValue(value); } else { sanitized[key] = value; } } return sanitized; }