* Determine which secrets a module is allowed to restore. A module may only * restore the `**SECRET_***` placeholders that appear in its own config — the * exact inverse of how the config is redacted before it is sent to the browser. * @param {string} moduleName - Name of the module. * @returns
(moduleName)
| 10 | * @returns {Set<string>} The secret names the module may restore. |
| 11 | */ |
| 12 | function getAllowedSecrets (moduleName) { |
| 13 | const modules = global.configRedacted?.modules || []; |
| 14 | const moduleConfig = modules.find((m) => m.module === moduleName); |
| 15 | const allowed = new Set(); |
| 16 | if (moduleConfig) { |
| 17 | // Stringify the config to easily find all expected **SECRET_*** placeholders |
| 18 | for (const [, secretName] of JSON.stringify(moduleConfig).matchAll(/\*\*(SECRET_[^*]+)\*\*/g)) { |
| 19 | allowed.add(secretName); |
| 20 | } |
| 21 | } |
| 22 | return allowed; |
| 23 | } |
| 24 | |
| 25 | class NodeHelper { |
| 26 | init () { |