@carecard/validate 3.1.16 → 3.1.18

package/.github/workflows/auto-draft-pr.yml

@@ -0,0 +1,114 @@
+name: Auto Draft PR
+
+# Creates a draft Pull Request automatically when a feature/fix/hotfix/etc.
+# branch is pushed.
+#
+# Why not `workflow_run`?
+#   GitHub only dispatches `workflow_run` events for workflow files that
+#   exist on the repository's DEFAULT branch. Until this file is merged
+#   into the default branch, a `workflow_run`-based trigger silently does
+#   nothing. Triggering directly on `push` (with the same branch filters
+#   as CI) is more reliable and works from the branch itself.
+#
+# Routing rules:
+#   - If the branch name starts with "main-" (e.g. main-hotfix-x), open a
+#     draft PR targeting `main`.
+#   - For any other branch (except protected base branches), open a draft
+#     PR targeting `development`.
+#
+# Branch patterns mirror `.github/workflows/ci.yml` and support nested
+# names such as `feature/foo/bar`, `fix/bug-1`, `hotfix/...`, etc.
+
+on:
+    push:
+        branches:
+            - 'feature/**'
+            - 'releases/**'
+            - 'release*'
+            - 'hotfix/**'
+            - 'iss/**'
+            - 'fix/**'
+            - 'main-*'
+            - 'main-**'
+        paths-ignore:
+            - '**.md'
+    workflow_dispatch:
+
+permissions:
+    contents: read
+    pull-requests: write
+
+jobs:
+    open-draft-pr:
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Determine target base branch
+              id: target
+              env:
+                  HEAD_BRANCH: ${{ github.ref_name }}
+              run: |
+                  set -euo pipefail
+                  echo "Head branch: $HEAD_BRANCH"
+
+                  # Skip protected/base branches – we never open a PR from them to themselves.
+                  case "$HEAD_BRANCH" in
+                    main|master|development|develop)
+                      echo "Branch '$HEAD_BRANCH' is a base branch – skipping PR creation."
+                      echo "skip=true" >> "$GITHUB_OUTPUT"
+                      exit 0
+                      ;;
+                  esac
+
+                  if [[ "$HEAD_BRANCH" == main-* ]]; then
+                    BASE="main"
+                  else
+                    BASE="development"
+                  fi
+
+                  echo "Target base branch: $BASE"
+                  echo "base=$BASE"          >> "$GITHUB_OUTPUT"
+                  echo "head=$HEAD_BRANCH"   >> "$GITHUB_OUTPUT"
+                  echo "skip=false"          >> "$GITHUB_OUTPUT"
+
+            - name: Checkout repository
+              if: steps.target.outputs.skip == 'false'
+              uses: actions/checkout@v4
+              with:
+                  fetch-depth: 0
+
+            - name: Create draft Pull Request (if missing)
+              if: steps.target.outputs.skip == 'false'
+              env:
+                  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                  HEAD: ${{ steps.target.outputs.head }}
+                  BASE: ${{ steps.target.outputs.base }}
+                  REPO: ${{ github.repository }}
+              run: |
+                  set -euo pipefail
+
+                  # Avoid creating duplicates: check for an existing open PR for this head -> base.
+                  # `gh pr list --head` expects the branch name (without owner prefix) for same-repo PRs.
+                  EXISTING=$(gh pr list \
+                    --repo "$REPO" \
+                    --state open \
+                    --head "$HEAD" \
+                    --base "$BASE" \
+                    --json number \
+                    --jq '.[0].number' || true)
+
+                  if [[ -n "${EXISTING:-}" ]]; then
+                    echo "An open PR already exists for $HEAD -> $BASE (#$EXISTING). Nothing to do."
+                    exit 0
+                  fi
+
+                  TITLE="Draft: merge \`$HEAD\` into \`$BASE\`"
+                  BODY=$'Auto-created draft PR for branch `'"$HEAD"$'`.\n\nTarget base: `'"$BASE"$'`\n\nMark this PR as ready for review when you want it to be reviewed/merged.'
+
+                  gh pr create \
+                    --repo "$REPO" \
+                    --draft \
+                    --base "$BASE" \
+                    --head "$HEAD" \
+                    --title "$TITLE" \
+                    --body  "$BODY"

package/.github/workflows/ci.yml

@@ -1,24 +1,24 @@
 name: CI
 
 on:
-  push:
-  pull_request:
+    push:
+    pull_request:
 
 jobs:
-  test:
-    runs-on: ubuntu-latest
+    test:
+        runs-on: ubuntu-latest
 
-    steps:
-      - uses: actions/checkout@v4
+        steps:
+            - uses: actions/checkout@v4
 
-      - name: Use Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '25'
-          cache: 'npm'
+            - name: Use Node.js
+              uses: actions/setup-node@v4
+              with:
+                  node-version: '25'
+                  cache: 'npm'
 
-      - name: Install dependencies
-        run: npm ci
+            - name: Install dependencies
+              run: npm ci
 
-      - name: Run tests and coverage
-        run: npm run test:All
+            - name: Run tests and coverage
+              run: npm run test:All

package/.github/workflows/publish.yml

@@ -1,34 +1,34 @@
 name: Publish to npm
 
 on:
-  push:
-    branches:
-      - main
+    push:
+        branches:
+            - main
 
 permissions:
-  id-token: write
-  contents: read
+    id-token: write
+    contents: read
 
 jobs:
-  publish:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
+    publish:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '25'
-          registry-url: 'https://registry.npmjs.org'
+            - name: Setup Node.js
+              uses: actions/setup-node@v4
+              with:
+                  node-version: '25'
+                  registry-url: 'https://registry.npmjs.org'
 
-      - name: Install dependencies
-        # Added HUSKY=0 to prevent the husky error in logs
-        run: npm ci
-        env:
-          HUSKY: 0
+            - name: Install dependencies
+              # Added HUSKY=0 to prevent the husky error in logs
+              run: npm ci
+              env:
+                  HUSKY: 0
 
-      - name: Publish to npm
-        run: npm publish --provenance --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+            - name: Publish to npm
+              run: npm publish --provenance --access public
+              env:
+                  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/.prettierrc.js

@@ -1,12 +1,13 @@
 module.exports = {
-  arrowParens: 'avoid',
-  bracketSameLine: true,
-  bracketSpacing: true,
-  singleQuote: true,
-  trailingComma: 'all',
-  printWidth: 140,
-  useTabs: false,
-  endOfLine: 'auto',
-  importOrderSeparation: true,
-  importOrderSortSpecifiers: true,
+    arrowParens: 'avoid',
+    bracketSameLine: true,
+    bracketSpacing: true,
+    singleQuote: true,
+    trailingComma: 'all',
+    printWidth: 140,
+    tabWidth: 4,
+    useTabs: false,
+    endOfLine: 'auto',
+    importOrderSeparation: true,
+    importOrderSortSpecifiers: true,
 };

package/eslint.config.mjs

@@ -1,14 +1,14 @@
 import { defineConfig, globalIgnores } from 'eslint/config';
 
 const eslintConfig = defineConfig([
-  globalIgnores([
-    // Default ignores of eslint-config-next:
-    '.next/**',
-    'out/**',
-    'build/**',
-    'next-env.d.ts',
-    'node_modules/**',
-  ]),
+    globalIgnores([
+        // Default ignores of eslint-config-next:
+        '.next/**',
+        'out/**',
+        'build/**',
+        'next-env.d.ts',
+        'node_modules/**',
+    ]),
 ]);
 
 export default eslintConfig;

package/index.d.ts

@@ -3,6 +3,52 @@
  */
 export function validateProperties(obj?: Record<string, any>): Record<string, any>;
 
+/**
+ * Options for {@link validateWhitelistProperties}.
+ */
+export interface ValidateWhitelistPropertiesOptions {
+    /** Properties allowed in the input but not required. */
+    optionalProperties?: string[];
+    /** When true, the returned object's keys are converted to snake_case. */
+    convertToSnakeCase?: boolean;
+    /**
+     * When true, the returned object is flattened so that every validated leaf
+     * becomes a top-level key, joined by `.` (e.g. `{ 'user.first_name': 'Jane' }`).
+     * No nested objects remain in the output. Applied after snake_case conversion.
+     */
+    flattenOutput?: boolean;
+}
+
+/**
+ * Validates and transforms whitelisted properties from an input object.
+ *
+ * - Supports nested objects via dot-notation paths (e.g. `"address.city"`),
+ *   up to 5 levels deep. The function checks that each path resolves to an
+ *   existing leaf property and validates the leaf value by its leaf segment.
+ * - Extracts only the whitelisted (required + optional) leaf properties and
+ *   rebuilds the same nested shape in the result.
+ * - Validates values via {@link validateProperties}.
+ * - Throws a "Bad_Input" error when any required property is missing/invalid,
+ *   when a provided optional property has an invalid value, when a path
+ *   exceeds 5 levels of nesting, or when the combined count of
+ *   `requiredProperties` and `options.optionalProperties` exceeds 5000.
+ * - Array values are supported: if a leaf value is an array, the per-leaf
+ *   validator is applied to each element. The leaf is accepted only when every
+ *   element passes validation, and the returned value is an array of the
+ *   validated elements (e.g. `{ name: ["First", "Other"] }` is validated like
+ *   `{ name: "First" }` and `{ name: "Other" }` individually).
+ * - Optionally converts the resulting keys (including nested keys) to snake_case.
+ *
+ * @param inputObject The input object (e.g. `req.body` or `req.params`).
+ * @param requiredProperties Leaf paths that must be present and valid. Dot-notation supported.
+ * @param options Optional list of additional allowed leaf paths and case-conversion flag.
+ */
+export function validateWhitelistProperties(
+    inputObject: Record<string, any>,
+    requiredProperties?: string[],
+    options?: ValidateWhitelistPropertiesOptions,
+): Promise<Record<string, any>>;
+
 /** Checks if the string is a valid image URL format. */
 export function isImageUrl(imageUrl: any): boolean;
 /** Checks if the value is an integer. */
@@ -70,34 +116,34 @@ export function isValidArrayOfStrings(arr: any): boolean;
  * @deprecated Use direct imports instead.
  */
 export const validate: {
-  isImageUrl: typeof isImageUrl;
-  isInteger: typeof isInteger;
-  isValidJsonString: typeof isValidJsonString;
-  isValidIntegerString: typeof isValidIntegerString;
-  isValidUuidString: typeof isValidUuidString;
-  isCharactersString: typeof isCharactersString;
-  isNameString: typeof isNameString;
-  isSafeSearchString: typeof isSafeSearchString;
-  isEmailString: typeof isEmailString;
-  isJwtString: typeof isJwtString;
-  isPasswordString: typeof isPasswordString;
-  isSimplePasswordString: typeof isSimplePasswordString;
-  isPasswordStringFailureMessage: typeof isPasswordStringFailureMessage;
-  isSimplePasswordStringFailureMessage: typeof isSimplePasswordStringFailureMessage;
-  isUsernameString: typeof isUsernameString;
-  isPhoneNumber: typeof isPhoneNumber;
-  isUrlSafeString: typeof isUrlSafeString;
-  isString6To24CharacterLong: typeof isString6To24CharacterLong;
-  isString6To16CharacterLong: typeof isString6To16CharacterLong;
-  isProvinceString: typeof isProvinceString;
-  isBoolValue: typeof isBoolValue;
-  isPostalCodeString: typeof isPostalCodeString;
-  isSafeString: typeof isSafeString;
-  isInStringArray: typeof isInStringArray;
-  isCountryCodeString: typeof isCountryCodeString;
-  isValidDomainName: typeof isValidDomainName;
-  isValidTimestampzString: typeof isValidTimestampzString;
-  isValidTimestampString: typeof isValidTimestampString;
-  isValidUrl: typeof isValidUrl;
-  isValidArrayOfStrings: typeof isValidArrayOfStrings;
+    isImageUrl: typeof isImageUrl;
+    isInteger: typeof isInteger;
+    isValidJsonString: typeof isValidJsonString;
+    isValidIntegerString: typeof isValidIntegerString;
+    isValidUuidString: typeof isValidUuidString;
+    isCharactersString: typeof isCharactersString;
+    isNameString: typeof isNameString;
+    isSafeSearchString: typeof isSafeSearchString;
+    isEmailString: typeof isEmailString;
+    isJwtString: typeof isJwtString;
+    isPasswordString: typeof isPasswordString;
+    isSimplePasswordString: typeof isSimplePasswordString;
+    isPasswordStringFailureMessage: typeof isPasswordStringFailureMessage;
+    isSimplePasswordStringFailureMessage: typeof isSimplePasswordStringFailureMessage;
+    isUsernameString: typeof isUsernameString;
+    isPhoneNumber: typeof isPhoneNumber;
+    isUrlSafeString: typeof isUrlSafeString;
+    isString6To24CharacterLong: typeof isString6To24CharacterLong;
+    isString6To16CharacterLong: typeof isString6To16CharacterLong;
+    isProvinceString: typeof isProvinceString;
+    isBoolValue: typeof isBoolValue;
+    isPostalCodeString: typeof isPostalCodeString;
+    isSafeString: typeof isSafeString;
+    isInStringArray: typeof isInStringArray;
+    isCountryCodeString: typeof isCountryCodeString;
+    isValidDomainName: typeof isValidDomainName;
+    isValidTimestampzString: typeof isValidTimestampzString;
+    isValidTimestampString: typeof isValidTimestampString;
+    isValidUrl: typeof isValidUrl;
+    isValidArrayOfStrings: typeof isValidArrayOfStrings;
 };

package/index.js

@@ -1,9 +1,11 @@
 const validate = require('./lib/validate');
 const validateProperties = require('./lib/validateProperties');
+const validateWhitelistProperties = require('./lib/validateWhitelistProperties');
 
 module.exports = {
-  validate,
-  validateProperties,
-  ...validate,
-  ...validateProperties,
+    validate,
+    validateProperties,
+    validateWhitelistProperties,
+    ...validate,
+    ...validateProperties,
 };