From aba2aed39693f6bc7f047c38771e2e8ea24939b8 Mon Sep 17 00:00:00 2001
From: Martin Dimitrov <martin3dimitrov@gmail.com>
Date: Wed, 8 Oct 2025 15:05:35 -0700
Subject: [PATCH] sanitize phone number

---
 packages/doorman-api/src/functions/api/door/info.ts   |  3 ++-
 .../doorman-api/src/functions/api/door/logCall.ts     | 11 ++---------
 packages/doorman-api/src/utils/phoneUtils.ts          |  6 ++++++
 3 files changed, 10 insertions(+), 10 deletions(-)
 create mode 100644 packages/doorman-api/src/utils/phoneUtils.ts

diff --git a/packages/doorman-api/src/functions/api/door/info.ts b/packages/doorman-api/src/functions/api/door/info.ts
index 34de996..8297386 100644
--- a/packages/doorman-api/src/functions/api/door/info.ts
+++ b/packages/doorman-api/src/functions/api/door/info.ts
@@ -13,6 +13,7 @@ import { withMetrics } from "../../../common/DoormanHandler";
 import { z } from "zod";
 import { UserAgentHeader } from "../../../utils/blockUserAgent";
 import { setResponseJson } from "../../../utils/responseUtils";
+import { sanitizePhoneNumber } from "../../../utils/phoneUtils";
 
 export const InfoRequestSchema = z.object({
   door: z.string().optional(),
@@ -39,7 +40,7 @@ export const handler: ServerlessFunctionSignature<TwilioContext, InfoRequestTwil
   const req = InfoRequestSchema.parse(event);
 
   let door = req.door;
-  const buzzer = req.buzzer?.slice(-10);
+  const buzzer = sanitizePhoneNumber(req.buzzer);
 
   const db = createDynaBridgeClient(context);
 
diff --git a/packages/doorman-api/src/functions/api/door/logCall.ts b/packages/doorman-api/src/functions/api/door/logCall.ts
index 0e33abd..120d6b8 100644
--- a/packages/doorman-api/src/functions/api/door/logCall.ts
+++ b/packages/doorman-api/src/functions/api/door/logCall.ts
@@ -14,6 +14,7 @@ import { setResponseJson } from "../../../utils/responseUtils";
 import { LOG_CALL_SK, LogCallSchema } from "../../../schema/LogCall";
 
 import crypto from "crypto";
+import { sanitizePhoneNumber } from "../../../utils/phoneUtils";
 
 export const LogCallRequestSchema = z.object({
   caller: z.string(),
@@ -52,7 +53,7 @@ export const handler: ServerlessFunctionSignature<TwilioContext, LogCallRequestT
   const response = new Twilio.Response();
   const req = LogCallRequestSchema.parse(event);
 
-  let caller = req.caller;
+  let caller = sanitizePhoneNumber(req.caller);
 
   const db = createDynaBridgeClient(context);
 
@@ -64,14 +65,6 @@ export const handler: ServerlessFunctionSignature<TwilioContext, LogCallRequestT
       msg: "Onboarding is not open",
     });
   } else {
-    // TODO: best efforts cleanup
-    // console.log("Attempting best efforts cleanup of logged calls")
-    // const items = await db.entities.logCall.findAll();
-    // const toRemove = items.filter(item => item.SK === LOG_CALL_SK && !isTTLInFuture(item));
-    // console.log(`There are ${toRemove.length} old call logs to remove`);
-    // await db.entities.logCall.deleteBatch(toRemove);
-    // console.log("done cleaning up logged calls");
-
     // log this caller
     const otp = getCode(caller);
     const logCall = LogCallSchema.parse({
diff --git a/packages/doorman-api/src/utils/phoneUtils.ts b/packages/doorman-api/src/utils/phoneUtils.ts
new file mode 100644
index 0000000..4453005
--- /dev/null
+++ b/packages/doorman-api/src/utils/phoneUtils.ts
@@ -0,0 +1,6 @@
+export const sanitizePhoneNumber = (phone?: string) => {
+  if (!phone) {
+    return "";
+  }
+  return phone.slice(-10);
+};