fix: redact attachment upload path logs

[ocepkejepintu-droid]

Summary

• replace raw attachment upload metadata/path logs with shape-only summaries
• stop logging the full request URL when forwarding uploads to the Durable Object
• keep TUS routing, path normalization, and permission checks unchanged

Motivation

The attachment upload path currently logs raw Upload-Metadata, decoded TUS IDs, extracted file paths, and full request URLs while normalizing resumable uploads. Those values can include organization/app/file path details and upload identifiers. This keeps the useful operational signal without retaining those raw values in routine worker logs.

Business impact

Reduces accidental sensitive metadata exposure in upload worker logs without changing upload behavior.

Test plan

• bunx eslint supabase/functions/_backend/files/files.ts
• git diff --check

Checklist

• I have tested my changes
• I have kept the change scoped
• I have avoided public disclosure of exploitable details

Summary by CodeRabbit

• Chores
  • Improved internal logging to provide cleaner, more concise output during file operations and uploads.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[coderabbitai]

Warning

Rate limit exceeded

@ocepkejepintu-droid has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 54 minutes and 19 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6b49f2fe-9775-4538-977a-5022f7238577

📥 Commits

Reviewing files that changed from the base of the PR and between 93c9a5e and 27773f5.

📒 Files selected for processing (2)

• supabase/functions/_backend/files/files.ts
• supabase/functions/_backend/files/parse.ts

📝 Walkthrough

Walkthrough

The PR adds lightweight summarization helper functions for upload metadata and file path shapes, then updates all cloudlog calls across file upload and key-resolution handlers to use these summaries instead of logging full raw values, reducing log verbosity without changing request handling, routing, or response behavior.

Changes

Logging Shape Summarization for File Handlers

Layer / File(s)	Summary
Summarization Helper Functions supabase/functions/_backend/files/files.ts	Introduces summarizeMetadata, summarizeFileId, and summarizeFilePath helpers that compute presence flags, byte/character lengths, and path segment counts for compact logging.
Upload Handler Forwarding Logs supabase/functions/_backend/files/files.ts	Durable-object forwarding log now records HTTP method, query-string presence, and summarized file path instead of a single combined log string.
setKeyFromMetadata Logging Updates supabase/functions/_backend/files/files.ts	Logs for received metadata, fileID, base64 decoding outcomes, and final normalized fileID now use summarized shapes instead of raw metadata objects or full fileID strings.
setKeyFromIdParam Logging Updates supabase/functions/_backend/files/files.ts	Raw param, TUS upload ID detection/extraction, and final payload logs now record summarized fileID/path information and query presence instead of raw URLs, decoded payloads, or full arrays.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• Cap-go/capgo#1919: Both PRs modify the same file and affect the TUS key-resolution codepaths (setKeyFromMetadata / setKeyFromIdParam and upload forwarding); this PR's logging summarization complements the related PR's encoding and validation changes.

Poem

🐰 Logs that once ran wild and free,
Now summarize so cleanly—
Helpers count and shape each trace,
Keeping verbosity in its place!
Cleaner logs, no logic bent,
Just the right amount of format spent. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 14.29% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: redact attachment upload path logs' clearly and concisely describes the main change: redacting sensitive information from upload logs.
Description check	✅ Passed	The PR description includes a summary, motivation, business impact, and test plan sections. While the checklist items are custom rather than matching the template exactly, all required informational sections are present and complete.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codspeed-hq]

Merging this PR will not alter performance

✅ 43 untouched benchmarks
⏩ 2 skipped benchmarks¹

---

_{Comparing ocepkejepintu-droid:redact-upload-path-logs (27773f5) with main (38e5856)²}

Footnotes

1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on main (3d184f8) during the generation of this report, so 38e5856 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@supabase/functions/_backend/files/files.ts`:
- Around line 40-47: The function summarizeUploadMetadata currently exposes raw
key names and lengths; change it to emit only shape-only info: replace keys:
Object.keys(metadata) with keysCount: Object.keys(metadata).length and remove
any properties that reveal string lengths (filenameLength, filetypeLength); keep
only booleans like hasFilename and hasFiletype (based on metadata.filename !=
null and metadata.filetype != null) so no user-supplied names or lengths are
logged. Update the summarizeUploadMetadata signature/return shape accordingly
wherever it's consumed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2d911953-bd76-47bd-9c13-63765a414e0d

📥 Commits

Reviewing files that changed from the base of the PR and between 3d184f8 and 93c9a5e.

📒 Files selected for processing (1)

• supabase/functions/_backend/files/files.ts

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[WcaleNieWolny]

Closing as AI-generated spam. Part of a 50+ PR wave of duplicate redact logs PRs from disposable accounts. If you're human, open an issue first.