Adds `pseudonymize(actorId)` in core-audit — SHA-256 of salt+":"+actorId truncated to 16 hex chars, prefixed "erased-". Salt from AUDIT_PSEUDONYM_SALT env (fallback dev label). 6 unit tests: deterministic, salt-change-differs, fallback-no-throw. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
23 lines
811 B
TypeScript
23 lines
811 B
TypeScript
import { createHash } from "node:crypto";
|
|
|
|
/**
|
|
* Produces a stable, irreversible token for a GDPR-erased actorId.
|
|
*
|
|
* Format: `erased-<first-16-hex-chars-of-sha256(salt:actorId)>`
|
|
*
|
|
* The salt is read from `AUDIT_PSEUDONYM_SALT` env at call time so that
|
|
* production binding can pre-validate the var at boot (see `bindAudit`)
|
|
* while tests can override it per-test via `process.env`.
|
|
*
|
|
* Fallback salt is intentionally weak and labelled so that any token
|
|
* produced with it is recognisable as a dev/test artefact.
|
|
*/
|
|
export function pseudonymize(actorId: string): string {
|
|
const salt =
|
|
process.env["AUDIT_PSEUDONYM_SALT"] ?? "dev-fallback-salt-replace-in-prod";
|
|
const hash = createHash("sha256")
|
|
.update(`${salt}:${actorId}`)
|
|
.digest("hex");
|
|
return `erased-${hash.slice(0, 16)}`;
|
|
}
|