@doclo/core 0.1.5

package/dist/security/index.js

@@ -0,0 +1,260 @@
+// src/security/url-validator.ts
+var BLOCKED_IP_RANGES = [
+  // Loopback
+  { start: "127.0.0.0", end: "127.255.255.255" },
+  // Private Class A
+  { start: "10.0.0.0", end: "10.255.255.255" },
+  // Private Class B
+  { start: "172.16.0.0", end: "172.31.255.255" },
+  // Private Class C
+  { start: "192.168.0.0", end: "192.168.255.255" },
+  // Link Local
+  { start: "169.254.0.0", end: "169.254.255.255" }
+];
+var BLOCKED_METADATA_HOSTS = [
+  "169.254.169.254",
+  // AWS metadata service
+  "169.254.169.253",
+  // AWS metadata service (Windows)
+  "metadata.google.internal",
+  // GCP metadata service
+  "metadata",
+  // GCP alias
+  "100.100.100.200",
+  // Aliyun metadata service
+  "instance-data"
+  // OpenStack alias
+];
+var BLOCKED_IPV6_PATTERNS = [
+  /^::1$/,
+  // Loopback (::1)
+  /^::$/,
+  // Any address (::)
+  /^::ffff:/i,
+  // IPv4-mapped IPv6 (::ffff:0:0/96) - matches ::ffff:127.0.0.1
+  /^::ffff:0:/i,
+  // IPv4-mapped IPv6 alternative
+  /^fe80:/i,
+  // Link-local (fe80::/10)
+  /^fec0:/i,
+  // Site-local deprecated (fec0::/10)
+  /^fc00:/i,
+  // Unique local address (fc00::/7)
+  /^fd00:/i,
+  // Unique local address (fd00::/8)
+  /^ff00:/i,
+  // Multicast (ff00::/8)
+  /^0:0:0:0:0:0:0:1$/i
+  // Loopback expanded form
+];
+function ipToNumber(ip) {
+  const parts = ip.split(".").map(Number);
+  if (parts.length !== 4 || parts.some((p) => p < 0 || p > 255)) {
+    return -1;
+  }
+  return (parts[0] << 24) + (parts[1] << 16) + (parts[2] << 8) + parts[3];
+}
+function isIpInBlockedRange(ip) {
+  const ipNum = ipToNumber(ip);
+  if (ipNum === -1) return false;
+  return BLOCKED_IP_RANGES.some((range) => {
+    const startNum = ipToNumber(range.start);
+    const endNum = ipToNumber(range.end);
+    return ipNum >= startNum && ipNum <= endNum;
+  });
+}
+function isIPv6Blocked(hostname) {
+  const addr = hostname.replace(/^\[|\]$/g, "");
+  return BLOCKED_IPV6_PATTERNS.some((pattern) => pattern.test(addr));
+}
+function validateUrl(urlString, options = {}) {
+  const {
+    blockInternal = true,
+    allowedProtocols = ["http:", "https:"]
+  } = options;
+  let url;
+  try {
+    url = new URL(urlString);
+  } catch (error) {
+    throw new Error(`Invalid URL: ${urlString}`);
+  }
+  if (!allowedProtocols.includes(url.protocol)) {
+    throw new Error(
+      `Blocked protocol: ${url.protocol}. Allowed: ${allowedProtocols.join(", ")}`
+    );
+  }
+  if (blockInternal) {
+    const hostname = url.hostname;
+    if (BLOCKED_METADATA_HOSTS.includes(hostname)) {
+      throw new Error(`Blocked metadata service: ${hostname}`);
+    }
+    if (hostname.includes(":") || hostname.startsWith("[")) {
+      if (isIPv6Blocked(hostname)) {
+        throw new Error(`Blocked IPv6 address: ${hostname}`);
+      }
+    }
+    if (isIpInBlockedRange(hostname)) {
+      throw new Error(`Blocked internal IP address: ${hostname}`);
+    }
+    if (hostname === "localhost") {
+      throw new Error("Blocked localhost access");
+    }
+  }
+  return url;
+}
+async function secureFetch(url, timeoutMs = 3e4) {
+  const validatedUrl = validateUrl(url);
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetch(validatedUrl.toString(), {
+      signal: controller.signal
+    });
+    return response;
+  } finally {
+    clearTimeout(timeoutId);
+  }
+}
+function getHostnameFromUrl(urlString) {
+  try {
+    const url = new URL(urlString);
+    return url.hostname;
+  } catch {
+    return "";
+  }
+}
+
+// src/security/path-validator.ts
+import { resolve, normalize, isAbsolute, relative } from "path";
+function validatePath(filePath, basePath) {
+  const normalizedBase = normalize(resolve(basePath));
+  const normalizedPath = normalize(resolve(basePath, filePath));
+  const relativePath = relative(normalizedBase, normalizedPath);
+  if (relativePath.startsWith("..")) {
+    throw new Error(
+      `Path traversal attempt detected: ${filePath} tries to escape ${basePath}`
+    );
+  }
+  if (isAbsolute(filePath) && !normalizedPath.startsWith(normalizedBase)) {
+    throw new Error(
+      `Absolute path outside base directory: ${filePath} is not within ${basePath}`
+    );
+  }
+  return normalizedPath;
+}
+function validatePathSimple(filePath) {
+  const normalized = normalize(filePath);
+  if (normalized.includes("..") || normalized.startsWith("/etc") || normalized.startsWith("C:\\Windows")) {
+    throw new Error(`Suspicious path detected: ${filePath}`);
+  }
+  return normalized;
+}
+function isPathSafe(filePath, basePath) {
+  try {
+    if (basePath) {
+      validatePath(filePath, basePath);
+    } else {
+      validatePathSimple(filePath);
+    }
+    return true;
+  } catch {
+    return false;
+  }
+}
+function getSafePath(filePath, basePath) {
+  if (basePath) {
+    return validatePath(filePath, basePath);
+  }
+  return resolve(filePath);
+}
+
+// src/security/resource-limits.ts
+var DEFAULT_LIMITS = {
+  // Maximum file size: 100MB
+  MAX_FILE_SIZE: 100 * 1024 * 1024,
+  // Request timeout: 30 seconds
+  REQUEST_TIMEOUT: 3e4,
+  // Maximum JSON parse depth
+  MAX_JSON_DEPTH: 100
+};
+function validateFileSize(size, maxSize = DEFAULT_LIMITS.MAX_FILE_SIZE) {
+  if (size > maxSize) {
+    const maxMB = Math.round(maxSize / 1024 / 1024);
+    const sizeMB = Math.round(size / 1024 / 1024);
+    throw new Error(
+      `File size ${sizeMB}MB exceeds maximum allowed size of ${maxMB}MB`
+    );
+  }
+}
+function createFetchController(timeoutMs = DEFAULT_LIMITS.REQUEST_TIMEOUT) {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
+  controller.__timeoutId = timeoutId;
+  return controller;
+}
+function cleanupFetchController(controller) {
+  const timeoutId = controller.__timeoutId;
+  if (timeoutId) {
+    clearTimeout(timeoutId);
+  }
+}
+async function fetchWithTimeout(url, options = {}, timeoutMs = DEFAULT_LIMITS.REQUEST_TIMEOUT) {
+  const controller = createFetchController(timeoutMs);
+  try {
+    const response = await fetch(url, {
+      ...options,
+      signal: controller.signal,
+      cache: "no-store"
+      // Prevent Next.js cache revalidation which can cause AbortError (see: github.com/vercel/next.js/issues/54045)
+    });
+    return response;
+  } finally {
+    cleanupFetchController(controller);
+  }
+}
+function validateBufferSize(size, maxSize = DEFAULT_LIMITS.MAX_FILE_SIZE) {
+  validateFileSize(size, maxSize);
+}
+function safeJsonParse(text, maxDepth = DEFAULT_LIMITS.MAX_JSON_DEPTH) {
+  try {
+    let checkDepth2 = function(obj2, depth = 0) {
+      if (depth > maxDepth) {
+        throw new Error(`JSON nesting depth exceeds maximum of ${maxDepth}`);
+      }
+      if (typeof obj2 === "object" && obj2 !== null) {
+        for (const value of Object.values(obj2)) {
+          checkDepth2(value, depth + 1);
+        }
+      }
+    };
+    var checkDepth = checkDepth2;
+    if (text.length > DEFAULT_LIMITS.MAX_FILE_SIZE) {
+      throw new Error("JSON string exceeds maximum size");
+    }
+    const obj = JSON.parse(text);
+    checkDepth2(obj);
+    return obj;
+  } catch (error) {
+    if (error instanceof Error) {
+      throw error;
+    }
+    throw new Error(`Invalid JSON: ${String(error)}`);
+  }
+}
+export {
+  DEFAULT_LIMITS,
+  cleanupFetchController,
+  createFetchController,
+  fetchWithTimeout,
+  getHostnameFromUrl,
+  getSafePath,
+  isPathSafe,
+  safeJsonParse,
+  secureFetch,
+  validateBufferSize,
+  validateFileSize,
+  validatePath,
+  validatePathSimple,
+  validateUrl
+};
+//# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/security/url-validator.ts","../../src/security/path-validator.ts","../../src/security/resource-limits.ts"],"sourcesContent":["/**\n * URL Validation and SSRF Protection\n *\n * ⚠️ SECURITY CRITICAL: SSRF (Server-Side Request Forgery) Prevention\n *\n * This module blocks URLs that could be used in Server-Side Request Forgery attacks:\n * - Internal IP addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)\n * - Loopback addresses (127.0.0.0/8, ::1)\n * - Cloud metadata services (AWS, GCP, Aliyun, etc.)\n * - Link-local addresses (169.254.0.0/16)\n *\n * Attack example: An attacker tricks your server to make requests to:\n * - http://169.254.169.254 (AWS credentials endpoint)\n * - http://10.0.0.1:8080/admin (internal service)\n * - http://localhost/api/admin (localhost admin endpoint)\n *\n * Prevents Server-Side Request Forgery attacks by validating URLs against blocklist\n */\n\n/**\n * IP ranges that should be blocked (internal networks)\n * RFC 1918 private ranges + loopback + cloud metadata\n */\nconst BLOCKED_IP_RANGES = [\n  // Loopback\n  { start: '127.0.0.0', end: '127.255.255.255' },\n  // Private Class A\n  { start: '10.0.0.0', end: '10.255.255.255' },\n  // Private Class B\n  { start: '172.16.0.0', end: '172.31.255.255' },\n  // Private Class C\n  { start: '192.168.0.0', end: '192.168.255.255' },\n  // Link Local\n  { start: '169.254.0.0', end: '169.254.255.255' },\n];\n\nconst BLOCKED_METADATA_HOSTS = [\n  '169.254.169.254', // AWS metadata service\n  '169.254.169.253', // AWS metadata service (Windows)\n  'metadata.google.internal', // GCP metadata service\n  'metadata', // GCP alias\n  '100.100.100.200', // Aliyun metadata service\n  'instance-data', // OpenStack alias\n];\n\n/**\n * IPv6 address patterns that should be blocked\n * Prevents SSRF attacks using IPv6 addresses\n */\nconst BLOCKED_IPV6_PATTERNS = [\n  /^::1$/,                  // Loopback (::1)\n  /^::$/,                   // Any address (::)\n  /^::ffff:/i,              // IPv4-mapped IPv6 (::ffff:0:0/96) - matches ::ffff:127.0.0.1\n  /^::ffff:0:/i,            // IPv4-mapped IPv6 alternative\n  /^fe80:/i,                // Link-local (fe80::/10)\n  /^fec0:/i,                // Site-local deprecated (fec0::/10)\n  /^fc00:/i,                // Unique local address (fc00::/7)\n  /^fd00:/i,                // Unique local address (fd00::/8)\n  /^ff00:/i,                // Multicast (ff00::/8)\n  /^0:0:0:0:0:0:0:1$/i,     // Loopback expanded form\n];\n\n/**\n * Convert IPv4 string to number for range comparison\n */\nfunction ipToNumber(ip: string): number {\n  const parts = ip.split('.').map(Number);\n  if (parts.length !== 4 || parts.some((p) => p < 0 || p > 255)) {\n    return -1;\n  }\n  return (parts[0] << 24) + (parts[1] << 16) + (parts[2] << 8) + parts[3];\n}\n\n/**\n * Check if IP is in blocked range\n */\nfunction isIpInBlockedRange(ip: string): boolean {\n  const ipNum = ipToNumber(ip);\n  if (ipNum === -1) return false;\n\n  return BLOCKED_IP_RANGES.some((range) => {\n    const startNum = ipToNumber(range.start);\n    const endNum = ipToNumber(range.end);\n    return ipNum >= startNum && ipNum <= endNum;\n  });\n}\n\n/**\n * Check if IPv6 address is blocked\n * Handles both bracket notation ([::1]) and standard notation (::1)\n */\nfunction isIPv6Blocked(hostname: string): boolean {\n  // Remove brackets if present ([::1] -> ::1)\n  const addr = hostname.replace(/^\\[|\\]$/g, '');\n\n  return BLOCKED_IPV6_PATTERNS.some(pattern => pattern.test(addr));\n}\n\n/**\n * Validate a URL to prevent SSRF (Server-Side Request Forgery) attacks\n *\n * ⚠️ SECURITY CRITICAL: SSRF Prevention\n *\n * This function blocks URLs that could be used to exploit the server:\n * - Internal IP addresses (breaks firewall perimeter security)\n * - Cloud metadata services (leaks credentials, API keys)\n * - Localhost/loopback (access admin services, debug ports)\n *\n * By default, blocks internal network access automatically.\n *\n * @param urlString - The URL to validate\n * @param options - Validation options\n *   - blockInternal (default: true) - Block internal IP ranges. ⚠️ Set to false only if you understand SSRF risks\n *   - allowedProtocols (default: ['http:', 'https:']) - Restrict to specific protocols\n * @throws Error if URL is invalid, uses blocked protocol, or points to blocked IP/host\n * @returns The validated URL object\n * @security Always validate user-provided URLs. Do not set blockInternal to false without SSRF security review\n *\n * @example\n * ```typescript\n * // Validate user-provided URL\n * try {\n *   const url = validateUrl(userInput);\n *   const response = await fetch(url.toString());\n * } catch (error) {\n *   // URL was malicious or pointed to internal resource\n * }\n * ```\n */\nexport function validateUrl(\n  urlString: string,\n  options: {\n    blockInternal?: boolean;\n    allowedProtocols?: string[];\n  } = {}\n): URL {\n  const {\n    blockInternal = true,\n    allowedProtocols = ['http:', 'https:'],\n  } = options;\n\n  let url: URL;\n\n  try {\n    url = new URL(urlString);\n  } catch (error) {\n    throw new Error(`Invalid URL: ${urlString}`);\n  }\n\n  // Check protocol\n  if (!allowedProtocols.includes(url.protocol)) {\n    throw new Error(\n      `Blocked protocol: ${url.protocol}. Allowed: ${allowedProtocols.join(', ')}`\n    );\n  }\n\n  // Check for internal access if enabled\n  if (blockInternal) {\n    const hostname = url.hostname;\n\n    // Check blocked metadata hosts\n    if (BLOCKED_METADATA_HOSTS.includes(hostname)) {\n      throw new Error(`Blocked metadata service: ${hostname}`);\n    }\n\n    // Check IPv6 addresses (includes bracket notation)\n    if (hostname.includes(':') || hostname.startsWith('[')) {\n      if (isIPv6Blocked(hostname)) {\n        throw new Error(`Blocked IPv6 address: ${hostname}`);\n      }\n    }\n\n    // Check if IPv4 is in blocked range\n    if (isIpInBlockedRange(hostname)) {\n      throw new Error(`Blocked internal IP address: ${hostname}`);\n    }\n\n    // Block localhost keyword\n    if (hostname === 'localhost') {\n      throw new Error('Blocked localhost access');\n    }\n  }\n\n  return url;\n}\n\n/**\n * Fetch a URL with SSRF protection and timeout\n * @param url - The URL to fetch\n * @param timeoutMs - Request timeout in milliseconds (default 30s)\n * @throws Error if URL is invalid, blocked, or request times out\n */\nexport async function secureFetch(\n  url: string,\n  timeoutMs: number = 30000\n): Promise<Response> {\n  // Validate URL first\n  const validatedUrl = validateUrl(url);\n\n  // Create abort controller for timeout\n  const controller = new AbortController();\n  const timeoutId = setTimeout(() => controller.abort(), timeoutMs);\n\n  try {\n    const response = await fetch(validatedUrl.toString(), {\n      signal: controller.signal,\n    });\n    return response;\n  } finally {\n    clearTimeout(timeoutId);\n  }\n}\n\n/**\n * Extract hostname from URL string for validation\n * Useful for pre-validation checks before full URL parsing\n */\nexport function getHostnameFromUrl(urlString: string): string {\n  try {\n    const url = new URL(urlString);\n    return url.hostname;\n  } catch {\n    return '';\n  }\n}\n","/**\n * Path Validation and Path Traversal Prevention\n * Prevents attackers from accessing arbitrary files through path traversal\n */\n\nimport { resolve, normalize, isAbsolute, relative } from 'path';\n\n/**\n * Validate and normalize a file path to prevent traversal attacks\n * @param filePath - The file path to validate\n * @param basePath - The base directory that paths must be within\n * @throws Error if path attempts to traverse outside basePath\n * @returns The normalized safe path\n */\nexport function validatePath(filePath: string, basePath: string): string {\n  // Normalize both paths to handle . and .. references\n  const normalizedBase = normalize(resolve(basePath));\n  const normalizedPath = normalize(resolve(basePath, filePath));\n\n  // Check if the resolved path is within the base path\n  const relativePath = relative(normalizedBase, normalizedPath);\n\n  // If relative path starts with .., it's trying to escape the base\n  if (relativePath.startsWith('..')) {\n    throw new Error(\n      `Path traversal attempt detected: ${filePath} tries to escape ${basePath}`\n    );\n  }\n\n  // Also check if it's an absolute path that's not based on basePath\n  if (isAbsolute(filePath) && !normalizedPath.startsWith(normalizedBase)) {\n    throw new Error(\n      `Absolute path outside base directory: ${filePath} is not within ${basePath}`\n    );\n  }\n\n  return normalizedPath;\n}\n\n/**\n * Validate a path without a required base path (more permissive)\n * Still prevents obvious traversal attempts\n * @param filePath - The file path to validate\n * @throws Error if path contains suspicious traversal patterns\n * @returns The normalized path\n */\nexport function validatePathSimple(filePath: string): string {\n  const normalized = normalize(filePath);\n\n  // Check for obvious traversal patterns\n  if (normalized.includes('..') || normalized.startsWith('/etc') ||\n      normalized.startsWith('C:\\\\Windows')) {\n    throw new Error(`Suspicious path detected: ${filePath}`);\n  }\n\n  return normalized;\n}\n\n/**\n * Check if a path would be safe to access\n * @param filePath - The file path to check\n * @param basePath - Optional base path restriction\n * @returns true if path is safe, false otherwise\n */\nexport function isPathSafe(filePath: string, basePath?: string): boolean {\n  try {\n    if (basePath) {\n      validatePath(filePath, basePath);\n    } else {\n      validatePathSimple(filePath);\n    }\n    return true;\n  } catch {\n    return false;\n  }\n}\n\n/**\n * Get the absolute path with validation\n * @param filePath - The file path\n * @param basePath - Optional base directory\n * @returns Absolute path if valid\n * @throws Error if path is invalid\n */\nexport function getSafePath(filePath: string, basePath?: string): string {\n  if (basePath) {\n    return validatePath(filePath, basePath);\n  }\n  return resolve(filePath);\n}\n","/**\n * Resource Limits and DoS Protection\n *\n * ⚠️ SECURITY WARNING: Resource limits are critical for protecting against:\n * - Resource exhaustion attacks (large file downloads)\n * - Denial of Service (slow loris, timeout attacks)\n * - Memory exhaustion (deeply nested JSON, large arrays)\n *\n * Prevents resource exhaustion attacks through file size limits and timeouts\n */\n\n/**\n * Default resource limits\n *\n * ⚠️ SECURITY CRITICAL: These are conservative defaults designed to prevent DoS attacks.\n *\n * - MAX_FILE_SIZE (100MB): Prevents downloading very large files that could exhaust memory or disk\n * - REQUEST_TIMEOUT (30s): Prevents slow-loris attacks and hung connections\n * - MAX_JSON_DEPTH (100): Prevents billion laughs attack (deeply nested JSON)\n *\n * Do not increase these limits without understanding the security implications:\n * - Higher file size limit → Greater risk of resource exhaustion\n * - Lower timeout → May reject legitimate slow requests\n * - Lower JSON depth → May reject valid documents\n *\n * @security These limits can be overridden by SDK users, but doing so reduces security.\n */\nexport const DEFAULT_LIMITS = {\n  // Maximum file size: 100MB\n  MAX_FILE_SIZE: 100 * 1024 * 1024,\n  // Request timeout: 30 seconds\n  REQUEST_TIMEOUT: 30000,\n  // Maximum JSON parse depth\n  MAX_JSON_DEPTH: 100,\n};\n\n/**\n * Validate file size before processing\n *\n * ⚠️ SECURITY WARNING: File size validation prevents resource exhaustion.\n * - Without limits: attackers can force downloads of multi-gigabyte files\n * - Memory impact: files are loaded into memory for base64 encoding\n * - Disk impact: temporary storage of downloaded files\n *\n * @param size - The file size in bytes\n * @param maxSize - Maximum allowed size in bytes (default 100MB, can be customized)\n * @throws Error if file exceeds size limit\n * @security Do not disable this check without understanding resource implications\n *\n * @example\n * ```typescript\n * // Standard check with default limit (100MB)\n * validateFileSize(fileSize);\n *\n * // Custom limit for use case that requires larger files\n * validateFileSize(fileSize, 500 * 1024 * 1024); // 500MB\n * ```\n */\nexport function validateFileSize(\n  size: number,\n  maxSize: number = DEFAULT_LIMITS.MAX_FILE_SIZE\n): void {\n  if (size > maxSize) {\n    const maxMB = Math.round(maxSize / 1024 / 1024);\n    const sizeMB = Math.round(size / 1024 / 1024);\n    throw new Error(\n      `File size ${sizeMB}MB exceeds maximum allowed size of ${maxMB}MB`\n    );\n  }\n}\n\n/**\n * Create a fetch controller with timeout\n * @param timeoutMs - Timeout in milliseconds (default 30s)\n * @returns AbortController with timeout configured\n */\nexport function createFetchController(\n  timeoutMs: number = DEFAULT_LIMITS.REQUEST_TIMEOUT\n): AbortController {\n  const controller = new AbortController();\n  const timeoutId = setTimeout(() => controller.abort(), timeoutMs);\n\n  // Store timeout ID so caller can clean it up\n  (controller as any).__timeoutId = timeoutId;\n\n  return controller;\n}\n\n/**\n * Clean up fetch controller timeout\n * @param controller - The AbortController to clean up\n */\nexport function cleanupFetchController(controller: AbortController): void {\n  const timeoutId = (controller as any).__timeoutId;\n  if (timeoutId) {\n    clearTimeout(timeoutId);\n  }\n}\n\n/**\n * Execute a fetch with automatic timeout and cleanup\n *\n * ⚠️ SECURITY WARNING: Timeout protection prevents slow-loris and other timing attacks.\n * - Without timeout: requests can hang indefinitely, consuming server resources\n * - Slow-loris attack: attacker sends requests slowly to exhaust connection pool\n * - Zombie connections: closed clients but open server connections\n *\n * Default timeout (30s) balances security with legitimate use:\n * - Too short: may reject slow networks or legitimate large downloads\n * - Too long: keeps server resources tied up, enables DoS attacks\n *\n * @param url - The URL to fetch\n * @param options - Fetch options (method, headers, body, etc.)\n * @param timeoutMs - Timeout in milliseconds (default 30s, can be customized)\n * @returns The fetch response\n * @throws Error if request times out\n * @security Do not use very long timeouts without understanding DoS implications\n *\n * @example\n * ```typescript\n * // Default timeout (30 seconds)\n * const response = await fetchWithTimeout('https://example.com/file.pdf');\n *\n * // Custom timeout for slower connections\n * const response = await fetchWithTimeout(url, options, 60000); // 60 seconds\n * ```\n */\nexport async function fetchWithTimeout(\n  url: string,\n  options: RequestInit = {},\n  timeoutMs: number = DEFAULT_LIMITS.REQUEST_TIMEOUT\n): Promise<Response> {\n  const controller = createFetchController(timeoutMs);\n\n  try {\n    const response = await fetch(url, {\n      ...options,\n      signal: controller.signal,\n      cache: 'no-store', // Prevent Next.js cache revalidation which can cause AbortError (see: github.com/vercel/next.js/issues/54045)\n    });\n    return response;\n  } finally {\n    cleanupFetchController(controller);\n  }\n}\n\n/**\n * Check buffer size before allocation\n * @param size - The buffer size in bytes\n * @param maxSize - Maximum allowed size (default 100MB)\n * @throws Error if buffer would exceed memory limit\n */\nexport function validateBufferSize(\n  size: number,\n  maxSize: number = DEFAULT_LIMITS.MAX_FILE_SIZE\n): void {\n  validateFileSize(size, maxSize);\n}\n\n/**\n * Memory-safe JSON parse with depth limit\n *\n * ⚠️ SECURITY WARNING: Depth limits prevent billion laughs / XML bomb attacks in JSON format.\n * - Billion laughs attack: deeply nested JSON causes exponential memory expansion\n * - Stack overflow: deeply nested structures can exhaust call stack\n * - Resource exhaustion: parsing deeply nested JSON consumes CPU and memory\n *\n * Attack example (evil.json):\n * ```json\n * {\"a\":{\"b\":{\"c\":{\"d\":{\"e\":...}}}}} // 1000+ levels deep\n * ```\n *\n * Default limit (100 levels) prevents attacks while allowing legitimate documents.\n *\n * @param text - JSON string to parse\n * @param maxDepth - Maximum nesting depth in levels (default 100, can be customized)\n * @returns Parsed object\n * @throws Error if JSON exceeds depth limit, size limit, or is invalid\n * @security Do not disable depth checking without understanding XML bomb implications\n *\n * @example\n * ```typescript\n * // Standard parsing with default depth limit (100 levels)\n * const data = safeJsonParse(jsonString);\n *\n * // Custom depth limit for data that needs deeper nesting\n * const data = safeJsonParse(jsonString, 200); // 200 levels\n * ```\n */\nexport function safeJsonParse(\n  text: string,\n  maxDepth: number = DEFAULT_LIMITS.MAX_JSON_DEPTH\n): unknown {\n  try {\n    // Quick size check first\n    if (text.length > DEFAULT_LIMITS.MAX_FILE_SIZE) {\n      throw new Error('JSON string exceeds maximum size');\n    }\n\n    const obj = JSON.parse(text);\n\n    // Check nesting depth\n    function checkDepth(obj: unknown, depth: number = 0): void {\n      if (depth > maxDepth) {\n        throw new Error(`JSON nesting depth exceeds maximum of ${maxDepth}`);\n      }\n\n      if (typeof obj === 'object' && obj !== null) {\n        for (const value of Object.values(obj)) {\n          checkDepth(value, depth + 1);\n        }\n      }\n    }\n\n    checkDepth(obj);\n    return obj;\n  } catch (error) {\n    if (error instanceof Error) {\n      throw error;\n    }\n    throw new Error(`Invalid JSON: ${String(error)}`);\n  }\n}\n"],"mappings":";AAuBA,IAAM,oBAAoB;AAAA;AAAA,EAExB,EAAE,OAAO,aAAa,KAAK,kBAAkB;AAAA;AAAA,EAE7C,EAAE,OAAO,YAAY,KAAK,iBAAiB;AAAA;AAAA,EAE3C,EAAE,OAAO,cAAc,KAAK,iBAAiB;AAAA;AAAA,EAE7C,EAAE,OAAO,eAAe,KAAK,kBAAkB;AAAA;AAAA,EAE/C,EAAE,OAAO,eAAe,KAAK,kBAAkB;AACjD;AAEA,IAAM,yBAAyB;AAAA,EAC7B;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAMA,IAAM,wBAAwB;AAAA,EAC5B;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAKA,SAAS,WAAW,IAAoB;AACtC,QAAM,QAAQ,GAAG,MAAM,GAAG,EAAE,IAAI,MAAM;AACtC,MAAI,MAAM,WAAW,KAAK,MAAM,KAAK,CAAC,MAAM,IAAI,KAAK,IAAI,GAAG,GAAG;AAC7D,WAAO;AAAA,EACT;AACA,UAAQ,MAAM,CAAC,KAAK,OAAO,MAAM,CAAC,KAAK,OAAO,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC;AACxE;AAKA,SAAS,mBAAmB,IAAqB;AAC/C,QAAM,QAAQ,WAAW,EAAE;AAC3B,MAAI,UAAU,GAAI,QAAO;AAEzB,SAAO,kBAAkB,KAAK,CAAC,UAAU;AACvC,UAAM,WAAW,WAAW,MAAM,KAAK;AACvC,UAAM,SAAS,WAAW,MAAM,GAAG;AACnC,WAAO,SAAS,YAAY,SAAS;AAAA,EACvC,CAAC;AACH;AAMA,SAAS,cAAc,UAA2B;AAEhD,QAAM,OAAO,SAAS,QAAQ,YAAY,EAAE;AAE5C,SAAO,sBAAsB,KAAK,aAAW,QAAQ,KAAK,IAAI,CAAC;AACjE;AAiCO,SAAS,YACd,WACA,UAGI,CAAC,GACA;AACL,QAAM;AAAA,IACJ,gBAAgB;AAAA,IAChB,mBAAmB,CAAC,SAAS,QAAQ;AAAA,EACvC,IAAI;AAEJ,MAAI;AAEJ,MAAI;AACF,UAAM,IAAI,IAAI,SAAS;AAAA,EACzB,SAAS,OAAO;AACd,UAAM,IAAI,MAAM,gBAAgB,SAAS,EAAE;AAAA,EAC7C;AAGA,MAAI,CAAC,iBAAiB,SAAS,IAAI,QAAQ,GAAG;AAC5C,UAAM,IAAI;AAAA,MACR,qBAAqB,IAAI,QAAQ,cAAc,iBAAiB,KAAK,IAAI,CAAC;AAAA,IAC5E;AAAA,EACF;AAGA,MAAI,eAAe;AACjB,UAAM,WAAW,IAAI;AAGrB,QAAI,uBAAuB,SAAS,QAAQ,GAAG;AAC7C,YAAM,IAAI,MAAM,6BAA6B,QAAQ,EAAE;AAAA,IACzD;AAGA,QAAI,SAAS,SAAS,GAAG,KAAK,SAAS,WAAW,GAAG,GAAG;AACtD,UAAI,cAAc,QAAQ,GAAG;AAC3B,cAAM,IAAI,MAAM,yBAAyB,QAAQ,EAAE;AAAA,MACrD;AAAA,IACF;AAGA,QAAI,mBAAmB,QAAQ,GAAG;AAChC,YAAM,IAAI,MAAM,gCAAgC,QAAQ,EAAE;AAAA,IAC5D;AAGA,QAAI,aAAa,aAAa;AAC5B,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AAAA,EACF;AAEA,SAAO;AACT;AAQA,eAAsB,YACpB,KACA,YAAoB,KACD;AAEnB,QAAM,eAAe,YAAY,GAAG;AAGpC,QAAM,aAAa,IAAI,gBAAgB;AACvC,QAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAEhE,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,aAAa,SAAS,GAAG;AAAA,MACpD,QAAQ,WAAW;AAAA,IACrB,CAAC;AACD,WAAO;AAAA,EACT,UAAE;AACA,iBAAa,SAAS;AAAA,EACxB;AACF;AAMO,SAAS,mBAAmB,WAA2B;AAC5D,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,SAAS;AAC7B,WAAO,IAAI;AAAA,EACb,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;AC3NA,SAAS,SAAS,WAAW,YAAY,gBAAgB;AASlD,SAAS,aAAa,UAAkB,UAA0B;AAEvE,QAAM,iBAAiB,UAAU,QAAQ,QAAQ,CAAC;AAClD,QAAM,iBAAiB,UAAU,QAAQ,UAAU,QAAQ,CAAC;AAG5D,QAAM,eAAe,SAAS,gBAAgB,cAAc;AAG5D,MAAI,aAAa,WAAW,IAAI,GAAG;AACjC,UAAM,IAAI;AAAA,MACR,oCAAoC,QAAQ,oBAAoB,QAAQ;AAAA,IAC1E;AAAA,EACF;AAGA,MAAI,WAAW,QAAQ,KAAK,CAAC,eAAe,WAAW,cAAc,GAAG;AACtE,UAAM,IAAI;AAAA,MACR,yCAAyC,QAAQ,kBAAkB,QAAQ;AAAA,IAC7E;AAAA,EACF;AAEA,SAAO;AACT;AASO,SAAS,mBAAmB,UAA0B;AAC3D,QAAM,aAAa,UAAU,QAAQ;AAGrC,MAAI,WAAW,SAAS,IAAI,KAAK,WAAW,WAAW,MAAM,KACzD,WAAW,WAAW,aAAa,GAAG;AACxC,UAAM,IAAI,MAAM,6BAA6B,QAAQ,EAAE;AAAA,EACzD;AAEA,SAAO;AACT;AAQO,SAAS,WAAW,UAAkB,UAA4B;AACvE,MAAI;AACF,QAAI,UAAU;AACZ,mBAAa,UAAU,QAAQ;AAAA,IACjC,OAAO;AACL,yBAAmB,QAAQ;AAAA,IAC7B;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AASO,SAAS,YAAY,UAAkB,UAA2B;AACvE,MAAI,UAAU;AACZ,WAAO,aAAa,UAAU,QAAQ;AAAA,EACxC;AACA,SAAO,QAAQ,QAAQ;AACzB;;;AC9DO,IAAM,iBAAiB;AAAA;AAAA,EAE5B,eAAe,MAAM,OAAO;AAAA;AAAA,EAE5B,iBAAiB;AAAA;AAAA,EAEjB,gBAAgB;AAClB;AAwBO,SAAS,iBACd,MACA,UAAkB,eAAe,eAC3B;AACN,MAAI,OAAO,SAAS;AAClB,UAAM,QAAQ,KAAK,MAAM,UAAU,OAAO,IAAI;AAC9C,UAAM,SAAS,KAAK,MAAM,OAAO,OAAO,IAAI;AAC5C,UAAM,IAAI;AAAA,MACR,aAAa,MAAM,sCAAsC,KAAK;AAAA,IAChE;AAAA,EACF;AACF;AAOO,SAAS,sBACd,YAAoB,eAAe,iBAClB;AACjB,QAAM,aAAa,IAAI,gBAAgB;AACvC,QAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAGhE,EAAC,WAAmB,cAAc;AAElC,SAAO;AACT;AAMO,SAAS,uBAAuB,YAAmC;AACxE,QAAM,YAAa,WAAmB;AACtC,MAAI,WAAW;AACb,iBAAa,SAAS;AAAA,EACxB;AACF;AA8BA,eAAsB,iBACpB,KACA,UAAuB,CAAC,GACxB,YAAoB,eAAe,iBAChB;AACnB,QAAM,aAAa,sBAAsB,SAAS;AAElD,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAChC,GAAG;AAAA,MACH,QAAQ,WAAW;AAAA,MACnB,OAAO;AAAA;AAAA,IACT,CAAC;AACD,WAAO;AAAA,EACT,UAAE;AACA,2BAAuB,UAAU;AAAA,EACnC;AACF;AAQO,SAAS,mBACd,MACA,UAAkB,eAAe,eAC3B;AACN,mBAAiB,MAAM,OAAO;AAChC;AAgCO,SAAS,cACd,MACA,WAAmB,eAAe,gBACzB;AACT,MAAI;AASF,QAASA,cAAT,SAAoBC,MAAc,QAAgB,GAAS;AACzD,UAAI,QAAQ,UAAU;AACpB,cAAM,IAAI,MAAM,yCAAyC,QAAQ,EAAE;AAAA,MACrE;AAEA,UAAI,OAAOA,SAAQ,YAAYA,SAAQ,MAAM;AAC3C,mBAAW,SAAS,OAAO,OAAOA,IAAG,GAAG;AACtC,UAAAD,YAAW,OAAO,QAAQ,CAAC;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAVS,qBAAAA;AAPT,QAAI,KAAK,SAAS,eAAe,eAAe;AAC9C,YAAM,IAAI,MAAM,kCAAkC;AAAA,IACpD;AAEA,UAAM,MAAM,KAAK,MAAM,IAAI;AAe3B,IAAAA,YAAW,GAAG;AACd,WAAO;AAAA,EACT,SAAS,OAAO;AACd,QAAI,iBAAiB,OAAO;AAC1B,YAAM;AAAA,IACR;AACA,UAAM,IAAI,MAAM,iBAAiB,OAAO,KAAK,CAAC,EAAE;AAAA,EAClD;AACF;","names":["checkDepth","obj"]}