"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.maskSecretUrls = exports.maskSigUrl = void 0;
const core_1 = require("@actions/core");
/**
 * Masks the `sig` parameter in a URL and sets it as a secret.
 *
 * @param url - The URL containing the signature parameter to mask
 * @remarks
 * This function attempts to parse the provided URL and identify the 'sig' query parameter.
 * If found, it registers both the raw and URL-encoded signature values as secrets using
 * the Actions `setSecret` API, which prevents them from being displayed in logs.
 *
 * The function handles errors gracefully if URL parsing fails, logging them as debug messages.
 *
 * @example
 * ```typescript
 * // Mask a signature in an Azure SAS token URL
 * maskSigUrl('https://example.blob.core.windows.net/container/file.txt?sig=abc123&se=2023-01-01');
 * ```
 */
function maskSigUrl(url) {
    if (!url)
        return;
    try {
        const parsedUrl = new URL(url);
        const signature = parsedUrl.searchParams.get('sig');
        if (signature) {
            (0, core_1.setSecret)(signature);
            (0, core_1.setSecret)(encodeURIComponent(signature));
        }
    }
    catch (error) {
        (0, core_1.debug)(`Failed to parse URL: ${url} ${error instanceof Error ? error.message : String(error)}`);
    }
}
exports.maskSigUrl = maskSigUrl;
/**
 * Masks sensitive information in URLs containing signature parameters.
 * Currently supports masking 'sig' parameters in the 'signed_upload_url'
 * and 'signed_download_url' properties of the provided object.
 *
 * @param body - The object should contain a signature
 * @remarks
 * This function extracts URLs from the object properties and calls maskSigUrl
 * on each one to redact sensitive signature information. The function doesn't
 * modify the original object; it only marks the signatures as secrets for
 * logging purposes.
 *
 * @example
 * ```typescript
 * const responseBody = {
 *   signed_upload_url: 'https://blob.core.windows.net/?sig=abc123',
 *   signed_download_url: 'https://blob.core/windows.net/?sig=def456'
 * };
 * maskSecretUrls(responseBody);
 * ```
 */
function maskSecretUrls(body) {
    if (typeof body !== 'object' || body === null) {
        (0, core_1.debug)('body is not an object or is null');
        return;
    }
    if ('signed_upload_url' in body &&
        typeof body.signed_upload_url === 'string') {
        maskSigUrl(body.signed_upload_url);
    }
    if ('signed_download_url' in body &&
        typeof body.signed_download_url === 'string') {
        maskSigUrl(body.signed_download_url);
    }
}
exports.maskSecretUrls = maskSecretUrls;
//# sourceMappingURL=util.js.map