@cravery/core 0.0.4 → 0.0.6

package/src/lib/repository/index.ts

@@ -1,6 +1,7 @@
-export * from "./errors";
-export * from "./firestore.repository";
-export * from "./rtdb.repository";
-export * from "./user.repository";
-export * from "./profile.repository";
-export * from "./settings.repository";
+export * from "./errors";
+export * from "./factory";
+export * from "./firestore.repository";
+export * from "./rtdb.repository";
+export * from "./user.repository";
+export * from "./profile.repository";
+export * from "./settings.repository";

package/src/lib/repository/profile.repository.ts

@@ -1,51 +1,51 @@
-import { Firestore } from "firebase-admin/firestore";
-import { FirestoreRepository } from "./firestore.repository";
-import type { Profile } from "../../types/profile";
-import { ProfileSchema } from "../../types/profile";
-import { Collections } from "../../config/collections";
-import { RepositoryError, RepositoryErrorCode } from "./errors";
-
-export class ProfileRepository extends FirestoreRepository<Profile> {
-  constructor(firestore: Firestore) {
-    super(firestore, Collections.Profiles, {
-      enableTimestamps: true,
-      enableSoftDelete: true,
-      validateOnWrite: true,
-    });
-  }
-
-  protected validate(data: Partial<Profile>): void {
-    const result = ProfileSchema.partial().safeParse(data);
-    if (!result.success) {
-      throw new RepositoryError(
-        RepositoryErrorCode.VALIDATION_ERROR,
-        "Profile validation failed",
-        { errors: result.error.issues },
-      );
-    }
-  }
-
-  async findByHandle(handle: string): Promise<Profile | null> {
-    const results = await this.findWhere(
-      [{ field: "handle", op: "==", value: handle }],
-      { limit: 1 },
-    );
-    return results[0] ?? null;
-  }
-
-  async findByUserId(userId: string): Promise<Profile | null> {
-    return this.findById(userId);
-  }
-
-  async createWithUserId(
-    userId: string,
-    data: Omit<Profile, "id">,
-  ): Promise<Profile> {
-    return this.create(data, userId);
-  }
-
-  async handleExists(handle: string): Promise<boolean> {
-    const profile = await this.findByHandle(handle);
-    return profile !== null;
-  }
-}
+import { Firestore } from "firebase-admin/firestore";
+import { FirestoreRepository } from "./firestore.repository";
+import type { Profile } from "../../types/profile";
+import { ProfileSchema } from "../../types/profile";
+import { Collections } from "../../config/collections";
+import { RepositoryError, RepositoryErrorCode } from "./errors";
+
+export class ProfileRepository extends FirestoreRepository<Profile> {
+  constructor(firestore: Firestore) {
+    super(firestore, Collections.Profiles, {
+      enableTimestamps: true,
+      enableSoftDelete: true,
+      validateOnWrite: true,
+    });
+  }
+
+  protected validate(data: Partial<Profile>): void {
+    const result = ProfileSchema.partial().safeParse(data);
+    if (!result.success) {
+      throw new RepositoryError(
+        RepositoryErrorCode.VALIDATION_ERROR,
+        "Profile validation failed",
+        { errors: result.error.issues },
+      );
+    }
+  }
+
+  async findByHandle(handle: string): Promise<Profile | null> {
+    const results = await this.findWhere(
+      [{ field: "handle", op: "==", value: handle }],
+      { limit: 1 },
+    );
+    return results[0] ?? null;
+  }
+
+  async findByUserId(userId: string): Promise<Profile | null> {
+    return this.findById(userId);
+  }
+
+  async createWithUserId(
+    userId: string,
+    data: Omit<Profile, "id">,
+  ): Promise<Profile> {
+    return this.create(data, userId);
+  }
+
+  async handleExists(handle: string): Promise<boolean> {
+    const profile = await this.findByHandle(handle);
+    return profile !== null;
+  }
+}

package/src/lib/repository/rtdb.repository.ts

@@ -1,68 +1,67 @@
-import { Database, Reference } from "firebase-admin/database";
-import type { IRTDBRepository } from "../../types/repository";
-
-export abstract class RTDBRepository<T extends { id: string }>
-  implements IRTDBRepository<T>
-{
-  protected readonly ref: Reference;
-
-  constructor(
-    protected readonly database: Database,
-    protected readonly path: string,
-  ) {
-    this.ref = database.ref(path);
-  }
-
-  protected toDocument(entity: Partial<T>): Record<string, unknown> {
-    return { ...entity };
-  }
-
-  protected fromDocument(id: string, data: Record<string, unknown>): T {
-    return { id, ...data } as T;
-  }
-
-  async get(id: string): Promise<T | null> {
-    const snapshot = await this.ref.child(id).get();
-    if (!snapshot.exists()) return null;
-    return this.fromDocument(id, snapshot.val());
-  }
-
-  async getAll(): Promise<T[]> {
-    const snapshot = await this.ref.get();
-    if (!snapshot.exists()) return [];
-
-    const results: T[] = [];
-    snapshot.forEach((child) => {
-      results.push(this.fromDocument(child.key!, child.val()));
-    });
-    return results;
-  }
-
-  async set(id: string, data: T): Promise<void> {
-    const docData = this.toDocument(data);
-    await this.ref.child(id).set(docData);
-  }
-
-  async update(id: string, data: Partial<T>): Promise<void> {
-    const docData = this.toDocument(data);
-    await this.ref.child(id).update(docData);
-  }
-
-  async remove(id: string): Promise<void> {
-    await this.ref.child(id).remove();
-  }
-
-  async increment(id: string, field: string, delta: number = 1): Promise<void> {
-    const fieldRef = this.ref.child(id).child(field);
-    await fieldRef.transaction((current) => (current || 0) + delta);
-  }
-
-  async decrement(id: string, field: string, delta: number = 1): Promise<void> {
-    await this.increment(id, field, -delta);
-  }
-
-  async multiUpdate(updates: Record<string, unknown>): Promise<void> {
-    await this.ref.update(updates);
-  }
-
-}
+import { Database, Reference } from "firebase-admin/database";
+import type { IRTDBRepository } from "../../types/repository";
+
+export abstract class RTDBRepository<
+  T extends { id: string },
+> implements IRTDBRepository<T> {
+  protected readonly ref: Reference;
+
+  constructor(
+    protected readonly database: Database,
+    protected readonly path: string,
+  ) {
+    this.ref = database.ref(path);
+  }
+
+  protected toDocument(entity: Partial<T>): Record<string, unknown> {
+    return { ...entity };
+  }
+
+  protected fromDocument(id: string, data: Record<string, unknown>): T {
+    return { id, ...data } as T;
+  }
+
+  async get(id: string): Promise<T | null> {
+    const snapshot = await this.ref.child(id).get();
+    if (!snapshot.exists()) return null;
+    return this.fromDocument(id, snapshot.val());
+  }
+
+  async getAll(): Promise<T[]> {
+    const snapshot = await this.ref.get();
+    if (!snapshot.exists()) return [];
+
+    const results: T[] = [];
+    snapshot.forEach((child) => {
+      results.push(this.fromDocument(child.key!, child.val()));
+    });
+    return results;
+  }
+
+  async set(id: string, data: T): Promise<void> {
+    const docData = this.toDocument(data);
+    await this.ref.child(id).set(docData);
+  }
+
+  async update(id: string, data: Partial<T>): Promise<void> {
+    const docData = this.toDocument(data);
+    await this.ref.child(id).update(docData);
+  }
+
+  async remove(id: string): Promise<void> {
+    await this.ref.child(id).remove();
+  }
+
+  async increment(id: string, field: string, delta: number = 1): Promise<void> {
+    const fieldRef = this.ref.child(id).child(field);
+    await fieldRef.transaction((current) => (current || 0) + delta);
+  }
+
+  async decrement(id: string, field: string, delta: number = 1): Promise<void> {
+    await this.increment(id, field, -delta);
+  }
+
+  async multiUpdate(updates: Record<string, unknown>): Promise<void> {
+    await this.ref.update(updates);
+  }
+}

package/src/lib/repository/settings.repository.ts

@@ -1,38 +1,57 @@
-import { Firestore } from "firebase-admin/firestore";
-import { FirestoreRepository } from "./firestore.repository";
-import type { Settings } from "../../types/settings";
-import { SettingsSchema } from "../../types/settings";
-import { Collections } from "../../config/collections";
-import { RepositoryError, RepositoryErrorCode } from "./errors";
-
-export class SettingsRepository extends FirestoreRepository<Settings> {
-  constructor(firestore: Firestore) {
-    super(firestore, Collections.Settings, {
-      enableTimestamps: true,
-      enableSoftDelete: false,
-      validateOnWrite: true,
-    });
-  }
-
-  protected validate(data: Partial<Settings>): void {
-    const result = SettingsSchema.partial().safeParse(data);
-    if (!result.success) {
-      throw new RepositoryError(
-        RepositoryErrorCode.VALIDATION_ERROR,
-        "Settings validation failed",
-        { errors: result.error.issues },
-      );
-    }
-  }
-
-  async findByUserId(userId: string): Promise<Settings | null> {
-    return this.findById(userId);
-  }
-
-  async createForUser(
-    userId: string,
-    data: Omit<Settings, "id">,
-  ): Promise<Settings> {
-    return this.create(data, userId);
-  }
-}
+import { Firestore } from "firebase-admin/firestore";
+import { FirestoreRepository } from "./firestore.repository";
+import type { Settings, SettingsInput } from "../../types/settings";
+import { SettingsSchema } from "../../types/settings";
+import { Collections } from "../../config/collections";
+import { RepositoryError, RepositoryErrorCode } from "./errors";
+
+export class SettingsRepository extends FirestoreRepository<Settings> {
+  constructor(firestore: Firestore) {
+    super(firestore, Collections.Settings, {
+      enableTimestamps: true,
+      enableSoftDelete: false,
+      validateOnWrite: true,
+    });
+  }
+
+  protected validate(data: Partial<Settings>): void {
+    const result = SettingsSchema.partial().safeParse(data);
+    if (!result.success) {
+      throw new RepositoryError(
+        RepositoryErrorCode.VALIDATION_ERROR,
+        "Settings validation failed",
+        { errors: result.error.issues },
+      );
+    }
+  }
+
+  async findByUserId(userId: string): Promise<Settings | null> {
+    return this.findById(userId);
+  }
+
+  async createForUser(
+    userId: string,
+    data: Omit<Settings, "id">,
+  ): Promise<Settings> {
+    return this.create(data, userId);
+  }
+
+  static createDefaultSettings(): SettingsInput {
+    return {
+      allergens: [],
+      dietaryTags: [],
+      cuisines: [],
+      excludedIngredients: [],
+      locale: "en",
+      temperatureUnit: "celsius",
+      measurementSystem: "metric",
+      theme: "system",
+      notifications: {
+        email: true,
+        push: true,
+        marketing: false,
+        weeklyDigest: true,
+      },
+    };
+  }
+}

package/src/lib/repository/user.repository.ts

@@ -1,44 +1,44 @@
-import { Firestore } from "firebase-admin/firestore";
-import { FirestoreRepository } from "./firestore.repository";
-import type { User } from "../../types/user";
-import { UserSchema } from "../../types/user";
-import { Collections } from "../../config/collections";
-import { RepositoryError, RepositoryErrorCode } from "./errors";
-
-export class UserRepository extends FirestoreRepository<User> {
-  constructor(firestore: Firestore) {
-    super(firestore, Collections.Users, {
-      enableTimestamps: true,
-      enableSoftDelete: true,
-      validateOnWrite: true,
-    });
-  }
-
-  protected validate(data: Partial<User>): void {
-    const result = UserSchema.partial().safeParse(data);
-    if (!result.success) {
-      throw new RepositoryError(
-        RepositoryErrorCode.VALIDATION_ERROR,
-        "User validation failed",
-        { errors: result.error.issues },
-      );
-    }
-  }
-
-  async findByEmail(email: string): Promise<User | null> {
-    const results = await this.findWhere(
-      [{ field: "email", op: "==", value: email }],
-      { limit: 1 },
-    );
-    return results[0] ?? null;
-  }
-
-  async createWithId(uid: string, data: Omit<User, "id">): Promise<User> {
-    return this.create(data, uid);
-  }
-
-  async emailExists(email: string): Promise<boolean> {
-    const user = await this.findByEmail(email);
-    return user !== null;
-  }
-}
+import { Firestore } from "firebase-admin/firestore";
+import { FirestoreRepository } from "./firestore.repository";
+import type { User } from "../../types/user";
+import { UserSchema } from "../../types/user";
+import { Collections } from "../../config/collections";
+import { RepositoryError, RepositoryErrorCode } from "./errors";
+
+export class UserRepository extends FirestoreRepository<User> {
+  constructor(firestore: Firestore) {
+    super(firestore, Collections.Users, {
+      enableTimestamps: true,
+      enableSoftDelete: true,
+      validateOnWrite: true,
+    });
+  }
+
+  protected validate(data: Partial<User>): void {
+    const result = UserSchema.partial().safeParse(data);
+    if (!result.success) {
+      throw new RepositoryError(
+        RepositoryErrorCode.VALIDATION_ERROR,
+        "User validation failed",
+        { errors: result.error.issues },
+      );
+    }
+  }
+
+  async findByEmail(email: string): Promise<User | null> {
+    const results = await this.findWhere(
+      [{ field: "email", op: "==", value: email }],
+      { limit: 1 },
+    );
+    return results[0] ?? null;
+  }
+
+  async createWithId(uid: string, data: Omit<User, "id">): Promise<User> {
+    return this.create(data, uid);
+  }
+
+  async emailExists(email: string): Promise<boolean> {
+    const user = await this.findByEmail(email);
+    return user !== null;
+  }
+}

package/src/lib/storage.ts

@@ -1,15 +1,33 @@
 import { getStorage } from "firebase-admin/storage";
+import { ValidationError } from "./errors";
 
 export interface UploadImageResult {
   url: string;
   path: string;
 }
 
+function validateStoragePath(path: string): void {
+  if (!path || path.length === 0) {
+    throw new ValidationError("Storage path cannot be empty");
+  }
+  if (path.includes("..")) {
+    throw new ValidationError("Storage path cannot contain '..'", { path });
+  }
+  if (path.startsWith("/")) {
+    throw new ValidationError("Storage path cannot start with '/'", { path });
+  }
+  if (path.includes("//")) {
+    throw new ValidationError("Storage path cannot contain '//'", { path });
+  }
+}
+
 export const uploadImageToStorage = async (
   base64Data: string,
   path: string,
   contentType: string = "image/png",
 ): Promise<UploadImageResult> => {
+  validateStoragePath(path);
+
   try {
     const bucket = getStorage().bucket();
     const buffer = Buffer.from(base64Data, "base64");

package/src/lib/utils/index.ts

@@ -0,0 +1 @@
+export * from "./sanitize";

package/src/lib/utils/sanitize.ts

@@ -0,0 +1,38 @@
+import { z } from "zod";
+
+/**
+ * Removes HTML tags and script content from a string.
+ * Use for text fields that should not contain HTML (descriptions, bios, etc.)
+ */
+export function sanitizeText(text: string): string {
+  return text
+    .replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, "")
+    .replace(/<[^>]*>/g, "")
+    .trim();
+}
+
+/**
+ * Creates a Zod string schema that sanitizes HTML on transformation.
+ * Use in schemas where text input needs to be cleaned.
+ *
+ * @example
+ * const BioSchema = sanitizedString(z.string().max(280));
+ */
+export function sanitizedString<T extends z.ZodString>(schema: T) {
+  return schema.transform(sanitizeText);
+}
+
+/**
+ * Escapes HTML special characters to prevent XSS.
+ * Use when HTML needs to be displayed as text.
+ */
+export function escapeHtml(text: string): string {
+  const htmlEscapes: Record<string, string> = {
+    "&": "&amp;",
+    "<": "&lt;",
+    ">": "&gt;",
+    '"': "&quot;",
+    "'": "&#39;",
+  };
+  return text.replace(/[&<>"']/g, (char) => htmlEscapes[char]);
+}

package/src/types/index.ts

@@ -7,6 +7,7 @@ export * from "./nutrition";
 export * from "./profile";
 export * from "./recipe";
 export * from "./repository";
+export * from "./response";
 export * from "./settings";
 export * from "./subscription";
 export * from "./temperature";