npm - @easyflow/javascript-sdk - Versions diffs - 2.1.7 - Mend

@easyflow/javascript-sdk 2.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/.babelrc +5 -0
package/.github/workflows/deploy-sdk-cf.yml +49 -0
package/.github/workflows/release-sdk-cdn.yml +144 -0
package/.github/workflows/release-sdk.yml +112 -0
package/.prettierrc +6 -0
package/CDN-DEPLOYMENT.md +175 -0
package/DEMO.md +258 -0
package/DEPLOYMENT.md +224 -0
package/INTEGRATION-GUIDE.md +521 -0
package/README.md +1013 -0
package/coverage/base.css +224 -0
package/coverage/block-navigation.js +87 -0
package/coverage/easyflow-javascript-sdk/index.html +116 -0
package/coverage/easyflow-javascript-sdk/libs/constants.mjs.html +268 -0
package/coverage/easyflow-javascript-sdk/libs/errors.mjs.html +271 -0
package/coverage/easyflow-javascript-sdk/libs/exception-handler.mjs.html +148 -0
package/coverage/easyflow-javascript-sdk/libs/fingerprint.mjs.html +895 -0
package/coverage/easyflow-javascript-sdk/libs/http.mjs.html +502 -0
package/coverage/easyflow-javascript-sdk/libs/index.html +266 -0
package/coverage/easyflow-javascript-sdk/libs/logger.mjs.html +568 -0
package/coverage/easyflow-javascript-sdk/libs/sanitizer.mjs.html +1099 -0
package/coverage/easyflow-javascript-sdk/libs/security.mjs.html +733 -0
package/coverage/easyflow-javascript-sdk/libs/types.mjs.html +508 -0
package/coverage/easyflow-javascript-sdk/libs/utils.mjs.html +379 -0
package/coverage/easyflow-javascript-sdk/libs/validator.mjs.html +2623 -0
package/coverage/easyflow-javascript-sdk/sdk.mjs.html +2434 -0
package/coverage/favicon.png +0 -0
package/coverage/index.html +131 -0
package/coverage/lcov-report/base.css +224 -0
package/coverage/lcov-report/block-navigation.js +87 -0
package/coverage/lcov-report/easyflow-javascript-sdk/index.html +116 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/constants.mjs.html +268 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/errors.mjs.html +271 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/exception-handler.mjs.html +148 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/fingerprint.mjs.html +895 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/http.mjs.html +502 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/index.html +266 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/logger.mjs.html +568 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/sanitizer.mjs.html +1099 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/security.mjs.html +733 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/types.mjs.html +508 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/utils.mjs.html +379 -0
package/coverage/lcov-report/easyflow-javascript-sdk/libs/validator.mjs.html +2623 -0
package/coverage/lcov-report/easyflow-javascript-sdk/sdk.mjs.html +2434 -0
package/coverage/lcov-report/favicon.png +0 -0
package/coverage/lcov-report/index.html +131 -0
package/coverage/lcov-report/prettify.css +1 -0
package/coverage/lcov-report/prettify.js +2 -0
package/coverage/lcov-report/sort-arrow-sprite.png +0 -0
package/coverage/lcov-report/sorter.js +196 -0
package/coverage/lcov.info +1429 -0
package/coverage/prettify.css +1 -0
package/coverage/prettify.js +2 -0
package/coverage/sort-arrow-sprite.png +0 -0
package/coverage/sorter.js +196 -0
package/dist/435.easyflow-sdk.min.js +1 -0
package/dist/easyflow-sdk.min.js +1 -0
package/dist/easyflow-sdk.min.js.LICENSE.txt +1 -0
package/dist/index.html +756 -0
package/docs/index.html +775 -0
package/examples/lovable-integration.html +410 -0
package/index.html +981 -0
package/jest.config.js +37 -0
package/jsdoc.json +42 -0
package/libs/auto-integration.mjs +333 -0
package/libs/constants.mjs +61 -0
package/libs/constants.spec.js +198 -0
package/libs/errors.mjs +62 -0
package/libs/errors.spec.js +178 -0
package/libs/exception-handler.mjs +21 -0
package/libs/exception-handler.spec.js +237 -0
package/libs/fingerprint.mjs +270 -0
package/libs/http.mjs +163 -0
package/libs/http.spec.js +427 -0
package/libs/integration-wrapper.mjs +285 -0
package/libs/logger.mjs +161 -0
package/libs/logger.spec.js +389 -0
package/libs/sanitizer.mjs +340 -0
package/libs/sanitizer.spec.js +583 -0
package/libs/security.mjs +217 -0
package/libs/types.mjs +141 -0
package/libs/utils.mjs +368 -0
package/libs/utils.spec.js +231 -0
package/libs/validator.mjs +952 -0
package/libs/validator.spec.js +615 -0
package/mocks/offer.mock.js +77 -0
package/package.json +72 -0
package/scripts/publish-npm.sh +82 -0
package/sdk.mjs +945 -0
package/sdk.spec.js +796 -0
package/test-setup.cjs +211 -0
package/test.html +154 -0
package/webpack.config.cjs +41 -0

package/libs/sanitizer.mjs ADDED Viewed

@@ -0,0 +1,340 @@
+import { deepClone } from './utils.mjs'
+/**
+ * Sanitizer class for cleaning and validating input data
+ *
+ * This class provides methods to sanitize various types of input data
+ * to prevent XSS attacks and ensure data integrity.
+ *
+ * @class Sanitizer
+ * @since 1.0.0
+ */
+export class Sanitizer {
+    /**
+     * Sanitizes HTTP headers by removing potentially dangerous headers
+     *
+     * @param {Object} [headers={}] - Headers object to sanitize
+     * @returns {Object} Sanitized headers object
+     *
+     * @example
+     * ```javascript
+     * const sanitizedHeaders = Sanitizer.sanitizeHeaders({
+     *   'Content-Type': 'application/json',
+     *   'x-forwarded-for': 'malicious-value'
+     * });
+     * // Returns: { 'Content-Type': 'application/json' }
+     * ```
+     */
+    static sanitizeHeaders(headers = {}) {
+        const sanitized = {}
+        for (const [key, value] of Object.entries(headers)) {
+            const dangerousHeaders = [
+                'x-forwarded-for',
+                'x-real-ip',
+                'x-forwarded-host',
+                'x-forwarded-proto',
+                'x-forwarded-port',
+                'x-forwarded-server',
+                'x-forwarded-uri',
+                'x-forwarded-method',
+                'x-forwarded-path',
+                'x-forwarded-query',
+                'x-forwarded-scheme',
+                'x-forwarded-ssl',
+                'x-forwarded-proto-version',
+            ]
+            if (!dangerousHeaders.includes(key.toLowerCase())) {
+                sanitized[key] = value
+            }
+        }
+        return sanitized
+    }
+    /**
+     * Sanitizes string input by removing potentially dangerous characters
+     *
+     * @param {*} input - Input to sanitize (only strings are processed)
+     * @returns {*} Sanitized input (returns original value if not a string)
+     *
+     * @example
+     * ```javascript
+     * const sanitized = Sanitizer.sanitizeInput('<script>alert("xss")</script>');
+     * // Returns: 'scriptalert("xss")/script'
+     * ```
+     */
+    static sanitizeInput(input) {
+        if (typeof input !== 'string' || !input) return input
+        return input
+            .replace(/[<>&]/g, '') // Remove <, >, & mas mantém aspas
+            .replace(/javascript:/gi, '')
+            .replace(/data:/gi, '')
+            .replace(/vbscript:/gi, '')
+            .trim()
+    }
+    /**
+     * Sanitizes credit card data by cleaning all card-related fields
+     *
+     * @param {Object} creditCard - Credit card object to sanitize
+     * @param {string} creditCard.cardNumber - Card number
+     * @param {string} creditCard.cvv - Security code
+     * @param {string} creditCard.month - Expiration month
+     * @param {string} creditCard.year - Expiration year
+     * @param {string} creditCard.holderName - Cardholder name
+     * @returns {Object} Sanitized credit card object
+     *
+     * @example
+     * ```javascript
+     * const sanitizedCard = Sanitizer.sanitizeCreditCard({
+     *   cardNumber: '4111 1111 1111 1111',
+     *   cvv: '123',
+     *   month: '12',
+     *   year: '2025',
+     *   holderName: 'John Doe'
+     * });
+     * ```
+     */
+    static sanitizeCreditCard(creditCard) {
+        return {
+            cardNumber: this.sanitizeInput(creditCard.cardNumber),
+            cvv: this.sanitizeInput(creditCard.cvv),
+            month: this.sanitizeInput(creditCard.month),
+            year: this.sanitizeInput(creditCard.year),
+            holderName: this.sanitizeInput(creditCard.holderName),
+        }
+    }
+    /**
+     * Recursively sanitizes all fields of an object using sanitizeInput
+     *
+     * This method traverses the entire object structure and sanitizes
+     * all string values found in any nested objects, arrays, or primitive values.
+     * It preserves the original object structure while ensuring all string data
+     * is properly sanitized.
+     *
+     * @param {*} obj - Object, array, or primitive value to sanitize
+     * @returns {*} Deep cloned and sanitized object with the same structure
+     *
+     * @example
+     * ```javascript
+     * const userData = {
+     *   name: '<script>alert("xss")</script>',
+     *   email: 'user@example.com',
+     *   profile: {
+     *     bio: 'User bio with <strong>HTML</strong>',
+     *     tags: ['tag1', '<script>malicious</script>']
+     *   },
+     *   settings: {
+     *     theme: 'dark',
+     *     notifications: true
+     *   }
+     * };
+     *
+     * const sanitized = Sanitizer.sanitizeObjectFields(userData);
+     * // Result: All string fields are sanitized, structure preserved
+     * ```
+     */
+    static sanitizeObjectFields(obj) {
+        return this._sanitizeObjectFieldsRecursive(obj, new WeakSet())
+    }
+    /**
+     * Internal recursive method for sanitizing object fields
+     *
+     * @private
+     * @param {*} obj - Object to sanitize
+     * @param {WeakSet} processed - Set of already processed objects to prevent circular references
+     * @returns {*} Sanitized object
+     */
+    static _sanitizeObjectFieldsRecursive(obj, processed) {
+        // Handle null and undefined
+        if (obj === null || obj === undefined) {
+            return obj
+        }
+        // Handle primitive types (only sanitize strings)
+        if (typeof obj !== 'object') {
+            return this.sanitizeInput(obj)
+        }
+        // Handle arrays
+        if (Array.isArray(obj)) {
+            return obj.map((item) =>
+                this._sanitizeObjectFieldsRecursive(item, processed)
+            )
+        }
+        // Check for circular references
+        if (processed.has(obj)) {
+            return obj // Return original object to prevent infinite recursion
+        }
+        // Mark this object as processed
+        processed.add(obj)
+        // Handle objects
+        const sanitized = {}
+        for (const [key, value] of Object.entries(obj)) {
+            // Recursively sanitize nested values
+            sanitized[key] = this._sanitizeObjectFieldsRecursive(
+                value,
+                processed
+            )
+        }
+        return sanitized
+    }
+}
+/**
+ * Sanitizes complete order data including buyer information, payments, and items
+ *
+ * @param {Object} order - Order object to sanitize
+ * @param {Object} [order.buyer] - Buyer information
+ * @param {Object} [order.payments] - Payment methods array
+ * @param {Object} [order.items] - Order items array
+ * @param {Object} [order.metadata] - Order metadata array
+ * @returns {Object} Deep cloned and sanitized order object
+ *
+ * @example
+ * ```javascript
+ * const sanitizedOrder = sanitizeOrderData({
+ *   buyer: {
+ *     name: '<script>alert("xss")</script>',
+ *     email: 'user@example.com'
+ *   },
+ *   payments: [{
+ *     method: 'credit-card',
+ *     creditCard: { cardNumber: '4111 1111 1111 1111' }
+ *   }]
+ * });
+ * ```
+ */
+function sanitizeOrderData(order) {
+    const sanitized = deepClone(order)
+    if (sanitized.cartId)
+        sanitized.cartId = Sanitizer.sanitizeInput(sanitized.cartId)
+    if (sanitized.buyer) {
+        sanitized.buyer.customerId = Sanitizer.sanitizeInput(
+            sanitized.buyer.customerId
+        )
+        sanitized.buyer.name = Sanitizer.sanitizeInput(sanitized.buyer.name)
+        sanitized.buyer.email = Sanitizer.sanitizeInput(sanitized.buyer.email)
+        if (sanitized.buyer.document) {
+            sanitized.buyer.document.number = Sanitizer.sanitizeInput(
+                sanitized.buyer.document.number
+            )
+            sanitized.buyer.document.type = Sanitizer.sanitizeInput(
+                sanitized.buyer.document.type
+            )
+        }
+        if (sanitized.buyer.phone) {
+            sanitized.buyer.phone.number = Sanitizer.sanitizeInput(
+                sanitized.buyer.phone.number
+            )
+            sanitized.buyer.phone.areaCode = Sanitizer.sanitizeInput(
+                sanitized.buyer.phone.areaCode
+            )
+        }
+        if (sanitized.buyer.address) {
+            sanitized.buyer.address.zipCode = Sanitizer.sanitizeInput(
+                sanitized.buyer.address.zipCode
+            )
+            sanitized.buyer.address.street = Sanitizer.sanitizeInput(
+                sanitized.buyer.address.street
+            )
+            sanitized.buyer.address.complement = Sanitizer.sanitizeInput(
+                sanitized.buyer.address.complement
+            )
+            sanitized.buyer.address.neighborhood = Sanitizer.sanitizeInput(
+                sanitized.buyer.address.neighborhood
+            )
+            sanitized.buyer.address.city = Sanitizer.sanitizeInput(
+                sanitized.buyer.address.city
+            )
+            sanitized.buyer.address.state = Sanitizer.sanitizeInput(
+                sanitized.buyer.address.state
+            )
+            sanitized.buyer.address.number = Sanitizer.sanitizeInput(
+                sanitized.buyer.address.number
+            )
+        }
+        if (sanitized.buyer.deliveryAddress) {
+            sanitized.buyer.deliveryAddress.zipCode = Sanitizer.sanitizeInput(
+                sanitized.buyer.deliveryAddress.zipCode
+            )
+            sanitized.buyer.deliveryAddress.street = Sanitizer.sanitizeInput(
+                sanitized.buyer.deliveryAddress.street
+            )
+            sanitized.buyer.deliveryAddress.complement =
+                Sanitizer.sanitizeInput(
+                    sanitized.buyer.deliveryAddress.complement
+                )
+            sanitized.buyer.deliveryAddress.neighborhood =
+                Sanitizer.sanitizeInput(
+                    sanitized.buyer.deliveryAddress.neighborhood
+                )
+            sanitized.buyer.deliveryAddress.city = Sanitizer.sanitizeInput(
+                sanitized.buyer.deliveryAddress.city
+            )
+            sanitized.buyer.deliveryAddress.state = Sanitizer.sanitizeInput(
+                sanitized.buyer.deliveryAddress.state
+            )
+            sanitized.buyer.deliveryAddress.number = Sanitizer.sanitizeInput(
+                sanitized.buyer.deliveryAddress.number
+            )
+        }
+    }
+    if (sanitized.payments && Array.isArray(sanitized.payments)) {
+        sanitized.payments = sanitized.payments.map((payment) => {
+            const sanitizedPayment = { ...payment }
+            if (sanitizedPayment.creditCard) {
+                sanitizedPayment.creditCard = {
+                    cardId: Sanitizer.sanitizeInput(
+                        sanitizedPayment.creditCard?.cardId
+                    ),
+                    cardNumber: Sanitizer.sanitizeInput(
+                        sanitizedPayment.creditCard.cardNumber
+                    ),
+                    cvv: Sanitizer.sanitizeInput(
+                        sanitizedPayment.creditCard.cvv
+                    ),
+                    month: Sanitizer.sanitizeInput(
+                        sanitizedPayment.creditCard.month
+                    ),
+                    year: Sanitizer.sanitizeInput(
+                        sanitizedPayment.creditCard.year
+                    ),
+                    holderName: Sanitizer.sanitizeInput(
+                        sanitizedPayment.creditCard.holderName
+                    ),
+                }
+            }
+            return sanitizedPayment
+        })
+    }
+    if (sanitized.items) {
+        sanitized.items = sanitized.items.map((item) => {
+            return {
+                externalReferenceId: Sanitizer.sanitizeInput(
+                    item.externalReferenceId
+                ),
+                description: Sanitizer.sanitizeInput(item.description),
+                name: Sanitizer.sanitizeInput(item.name),
+                quantity: item.quantity,
+                priceInCents: item.priceInCents,
+            }
+        })
+    }
+    if (sanitized.metadata && Array.isArray(sanitized.metadata)) {
+        sanitized.metadata = sanitized.metadata.map((metadata) => {
+            return {
+                key: Sanitizer.sanitizeInput(metadata.key),
+                value: Sanitizer.sanitizeInput(metadata.value),
+            }
+        })
+    }
+    return sanitized
+}
+export { sanitizeOrderData }