writeKey is unnecessarily masked in Jitsu functions

[Phaust94]

Description: When trying to access writeKey in Jitsu custom JS functions (jitsu next, cloud) I get that the value of x-write-key header is masked in both request body and headers:

export default async function(event, {
    geo,
    headers,
    log,
}) {
    const writeKey = headers['x-write-key'];
    const SERVER_EVENT_KEY = "server_key_first_part:server_key_second_part";
    event.source = (writeKey == SERVER_EVENT_KEY) ? "SERVER" : 'CLIENT';
    return event
}

With the function above, if I send a request to https://<domain>.d.jitsu.com/api/s/s2s/ with headers={"X-Write-Key":"server_key_first_part:server_key_second_part"}, I get event.source = "CLIENT". However, if I replace the server key's second part with stars in the Jitsu function - I get event.source = "SERVER" instead:

const SERVER_EVENT_KEY = "server_key_first_part:***";

So the key is passed to the function in the header already masked. I would like to be able to match against the full key, to make sure I can trust the data in the event. Expected behaviour Write key is passed to the JS function in headers (x-write-key) as-is, unmasked Current behaviour Write key is passed to the JS function in headers (x-write-key) with it's second part masked

[vklimontovich]

After the discussion we decided that we want to leave x-write-key masking as is. We do not store the key itself, only hash. So we don't want to store it anywhere when it comes (in Kafka queue, etc).

However, some verification is still possible.

• keyId - a part before : is still available - you can compare it with key id.
• You can check where event came from with ctx.source property. Like ctx.source.type === "s2s" && ctx.source.id === "...."