fix(auth): strip line breaks from pasted keys

2026-04-03 03:03:24 -04:00 · 2026-02-09 11:25:54 -06:00
parent fb8c653f53
commit 42a07791c4
15 changed files with 293 additions and 30 deletions
--- a/src/utils/normalize-secret-input.ts
+++ b/src/utils/normalize-secret-input.ts
@@ -0,0 +1,20 @@
+/**
+ * Secret normalization for copy/pasted credentials.
+ *
+ * Common footgun: line breaks (especially `\r`) embedded in API keys/tokens.
+ * We strip line breaks anywhere, then trim whitespace at the ends.
+ *
+ * Intentionally does NOT remove ordinary spaces inside the string to avoid
+ * silently altering "Bearer <token>" style values.
+ */
+export function normalizeSecretInput(value: unknown): string {
+  if (typeof value !== "string") {
+    return "";
+  }
+  return value.replace(/[\r\n\u2028\u2029]+/g, "").trim();
+}
+
+export function normalizeOptionalSecretInput(value: unknown): string | undefined {
+  const normalized = normalizeSecretInput(value);
+  return normalized ? normalized : undefined;
+}