rules:
  - name: Railway API Token
    id: kingfisher.railway.1
    pattern: |
      (?xi)
      \b
      railway
      (?:.|[\n\r]){0,32}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN|API)
      (?:.|[\n\r]){0,32}?
      \b
      (
        (?:[A-Za-z0-9]{32}|[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})
      )
      \b
    min_entropy: 3.5
    confidence: medium
    pattern_requirements:
      min_digits: 2
    examples:
      - RAILWAY_API_TOKEN=abcdef1234567890abcdef1234567890
      - railway_token = "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
    references:
      - https://docs.railway.com/guides/public-api
      - https://docs.railway.com/reference/oauth/login-and-tokens
    validation:
      type: Http
      content:
        request:
          method: POST
          url: https://backboard.railway.com/graphql/v2
          headers:
            Authorization: "Bearer {{ TOKEN }}"
            Content-Type: application/json
          body: '{"query":"query { me { name email } }"}'
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: WordMatch
              words:
                - '"data"'
                - '"me"'
              match_all_words: true