@girardmedia/bootspring 1.2.0 → 2.0.3

package/skills/patterns/security/xss.md

@@ -1,229 +0,0 @@
-# XSS Prevention Patterns
-
-Patterns for preventing Cross-Site Scripting attacks.
-
-## HTML Sanitization
-
-```typescript
-// lib/sanitize.ts
-import DOMPurify from 'isomorphic-dompurify'
-
-// Basic sanitization - remove all HTML
-export function stripHtml(input: string): string {
-  return DOMPurify.sanitize(input, { ALLOWED_TAGS: [] })
-}
-
-// Allow safe HTML (for rich text)
-export function sanitizeHtml(input: string): string {
-  return DOMPurify.sanitize(input, {
-    ALLOWED_TAGS: [
-      'b', 'i', 'em', 'strong', 'a', 'p', 'br',
-      'ul', 'ol', 'li', 'h1', 'h2', 'h3', 'h4',
-      'blockquote', 'code', 'pre'
-    ],
-    ALLOWED_ATTR: ['href', 'target', 'rel'],
-    ALLOW_DATA_ATTR: false
-  })
-}
-
-// Sanitize with custom hooks
-export function sanitizeRichContent(input: string): string {
-  return DOMPurify.sanitize(input, {
-    ADD_TAGS: ['iframe'],
-    ADD_ATTR: ['allow', 'allowfullscreen', 'frameborder', 'scrolling'],
-    ALLOWED_URI_REGEXP: /^(?:(?:https?|mailto):|[^a-z]|[a-z+.-]+(?:[^a-z+.-:]|$))/i,
-    // Only allow specific iframe sources
-    CUSTOM_ELEMENT_HANDLING: {
-      tagNameCheck: (tagName) => tagName === 'iframe',
-      attributeNameCheck: () => true,
-      allowCustomizedBuiltInElements: false
-    }
-  })
-}
-```
-
-## Escape Functions
-
-```typescript
-// lib/escape.ts
-
-// Escape HTML entities
-export function escapeHtml(str: string): string {
-  const htmlEscapes: Record<string, string> = {
-    '&': '&amp;',
-    '<': '&lt;',
-    '>': '&gt;',
-    '"': '&quot;',
-    "'": '&#x27;',
-    '/': '&#x2F;'
-  }
-
-  return str.replace(/[&<>"'/]/g, char => htmlEscapes[char])
-}
-
-// Escape for use in JavaScript strings
-export function escapeJs(str: string): string {
-  return str
-    .replace(/\\/g, '\\\\')
-    .replace(/'/g, "\\'")
-    .replace(/"/g, '\\"')
-    .replace(/\n/g, '\\n')
-    .replace(/\r/g, '\\r')
-    .replace(/\t/g, '\\t')
-}
-
-// Escape for URLs
-export function escapeUrl(str: string): string {
-  return encodeURIComponent(str)
-}
-
-// Escape for CSS
-export function escapeCss(str: string): string {
-  return str.replace(/[^a-zA-Z0-9]/g, char => `\\${char.charCodeAt(0).toString(16)} `)
-}
-```
-
-## Content Security Policy
-
-```typescript
-// middleware.ts
-import { NextResponse } from 'next/server'
-import type { NextRequest } from 'next/server'
-
-export function middleware(request: NextRequest) {
-  const response = NextResponse.next()
-
-  // Content Security Policy
-  const csp = [
-    "default-src 'self'",
-    "script-src 'self' 'unsafe-inline' 'unsafe-eval'", // Adjust for your needs
-    "style-src 'self' 'unsafe-inline'",
-    "img-src 'self' data: https:",
-    "font-src 'self'",
-    "connect-src 'self' https://api.stripe.com",
-    "frame-ancestors 'none'",
-    "base-uri 'self'",
-    "form-action 'self'"
-  ].join('; ')
-
-  response.headers.set('Content-Security-Policy', csp)
-  response.headers.set('X-Content-Type-Options', 'nosniff')
-  response.headers.set('X-Frame-Options', 'DENY')
-  response.headers.set('X-XSS-Protection', '1; mode=block')
-
-  return response
-}
-```
-
-## Safe React Rendering
-
-```tsx
-// components/SafeHtml.tsx
-import DOMPurify from 'isomorphic-dompurify'
-
-interface Props {
-  html: string
-  className?: string
-}
-
-export function SafeHtml({ html, className }: Props) {
-  const sanitized = DOMPurify.sanitize(html)
-
-  return (
-    <div
-      className={className}
-      dangerouslySetInnerHTML={{ __html: sanitized }}
-    />
-  )
-}
-
-// Usage
-<SafeHtml html={userContent} />
-
-// DON'T do this:
-// <div dangerouslySetInnerHTML={{ __html: userContent }} />
-```
-
-## URL Validation
-
-```typescript
-// lib/url.ts
-const ALLOWED_PROTOCOLS = ['http:', 'https:', 'mailto:']
-
-export function isValidUrl(url: string): boolean {
-  try {
-    const parsed = new URL(url)
-    return ALLOWED_PROTOCOLS.includes(parsed.protocol)
-  } catch {
-    return false
-  }
-}
-
-export function sanitizeUrl(url: string): string {
-  if (isValidUrl(url)) {
-    return url
-  }
-
-  // Return safe fallback
-  return '#'
-}
-
-// Usage in React
-function SafeLink({ href, children }: { href: string; children: React.ReactNode }) {
-  const safeHref = sanitizeUrl(href)
-
-  return (
-    <a href={safeHref} rel="noopener noreferrer">
-      {children}
-    </a>
-  )
-}
-```
-
-## Input Validation
-
-```typescript
-// lib/validation.ts
-import { z } from 'zod'
-
-// Text input - strip HTML by default
-export const safeTextSchema = z.string().transform(stripHtml)
-
-// Rich text - sanitize HTML
-export const richTextSchema = z.string().transform(sanitizeHtml)
-
-// URL - validate protocol
-export const safeUrlSchema = z.string().refine(isValidUrl, {
-  message: 'Invalid URL'
-})
-
-// Example schema
-const PostSchema = z.object({
-  title: safeTextSchema.min(1).max(200),
-  content: richTextSchema,
-  externalLink: safeUrlSchema.optional()
-})
-```
-
-## JSON Response Headers
-
-```typescript
-// app/api/data/route.ts
-export async function GET() {
-  const data = await getData()
-
-  return Response.json(data, {
-    headers: {
-      'Content-Type': 'application/json',
-      'X-Content-Type-Options': 'nosniff'
-    }
-  })
-}
-```
-
-## When to Use
-
-- User-generated content
-- Rich text editors
-- External links
-- API responses

package/skills/patterns/seo/metadata.md

@@ -1,252 +0,0 @@
-# SEO Metadata Patterns
-
-Patterns for SEO optimization in Next.js.
-
-## Static Metadata
-
-```typescript
-// app/layout.tsx
-import type { Metadata } from 'next'
-
-export const metadata: Metadata = {
-  title: {
-    default: 'My App',
-    template: '%s | My App'
-  },
-  description: 'The best app for productivity',
-  keywords: ['productivity', 'tasks', 'collaboration'],
-  authors: [{ name: 'Company Name' }],
-  creator: 'Company Name',
-  publisher: 'Company Name',
-  metadataBase: new URL('https://myapp.com'),
-  openGraph: {
-    type: 'website',
-    locale: 'en_US',
-    url: 'https://myapp.com',
-    siteName: 'My App',
-    title: 'My App - Productivity Made Simple',
-    description: 'The best app for productivity',
-    images: [
-      {
-        url: '/og-image.png',
-        width: 1200,
-        height: 630,
-        alt: 'My App'
-      }
-    ]
-  },
-  twitter: {
-    card: 'summary_large_image',
-    title: 'My App',
-    description: 'The best app for productivity',
-    images: ['/twitter-image.png'],
-    creator: '@myapp'
-  },
-  robots: {
-    index: true,
-    follow: true,
-    googleBot: {
-      index: true,
-      follow: true,
-      'max-video-preview': -1,
-      'max-image-preview': 'large',
-      'max-snippet': -1
-    }
-  },
-  verification: {
-    google: 'google-site-verification-code',
-    yandex: 'yandex-verification-code'
-  }
-}
-```
-
-## Dynamic Metadata
-
-```typescript
-// app/blog/[slug]/page.tsx
-import type { Metadata } from 'next'
-
-interface Props {
-  params: { slug: string }
-}
-
-export async function generateMetadata({ params }: Props): Promise<Metadata> {
-  const post = await getPost(params.slug)
-
-  if (!post) {
-    return { title: 'Post Not Found' }
-  }
-
-  return {
-    title: post.title,
-    description: post.excerpt,
-    openGraph: {
-      title: post.title,
-      description: post.excerpt,
-      type: 'article',
-      publishedTime: post.publishedAt.toISOString(),
-      authors: [post.author.name],
-      images: [
-        {
-          url: post.image,
-          width: 1200,
-          height: 630,
-          alt: post.title
-        }
-      ]
-    },
-    twitter: {
-      card: 'summary_large_image',
-      title: post.title,
-      description: post.excerpt,
-      images: [post.image]
-    }
-  }
-}
-
-export default async function BlogPost({ params }: Props) {
-  const post = await getPost(params.slug)
-  return <article>{/* ... */}</article>
-}
-```
-
-## JSON-LD Structured Data
-
-```tsx
-// components/JsonLd.tsx
-export function JsonLd({ data }: { data: object }) {
-  return (
-    <script
-      type="application/ld+json"
-      dangerouslySetInnerHTML={{ __html: JSON.stringify(data) }}
-    />
-  )
-}
-
-// Article JSON-LD
-export function ArticleJsonLd({ post }: { post: Post }) {
-  const data = {
-    '@context': 'https://schema.org',
-    '@type': 'Article',
-    headline: post.title,
-    description: post.excerpt,
-    image: post.image,
-    datePublished: post.publishedAt,
-    dateModified: post.updatedAt,
-    author: {
-      '@type': 'Person',
-      name: post.author.name
-    },
-    publisher: {
-      '@type': 'Organization',
-      name: 'My App',
-      logo: {
-        '@type': 'ImageObject',
-        url: 'https://myapp.com/logo.png'
-      }
-    }
-  }
-
-  return <JsonLd data={data} />
-}
-
-// Product JSON-LD
-export function ProductJsonLd({ product }: { product: Product }) {
-  const data = {
-    '@context': 'https://schema.org',
-    '@type': 'Product',
-    name: product.name,
-    description: product.description,
-    image: product.images,
-    sku: product.sku,
-    offers: {
-      '@type': 'Offer',
-      price: product.price,
-      priceCurrency: 'USD',
-      availability: product.inStock
-        ? 'https://schema.org/InStock'
-        : 'https://schema.org/OutOfStock'
-    }
-  }
-
-  return <JsonLd data={data} />
-}
-```
-
-## Sitemap
-
-```typescript
-// app/sitemap.ts
-import { MetadataRoute } from 'next'
-
-export default async function sitemap(): Promise<MetadataRoute.Sitemap> {
-  const baseUrl = 'https://myapp.com'
-
-  // Static pages
-  const staticPages = [
-    { url: baseUrl, lastModified: new Date(), priority: 1 },
-    { url: `${baseUrl}/about`, lastModified: new Date(), priority: 0.8 },
-    { url: `${baseUrl}/pricing`, lastModified: new Date(), priority: 0.8 }
-  ]
-
-  // Dynamic pages
-  const posts = await prisma.post.findMany({
-    where: { published: true },
-    select: { slug: true, updatedAt: true }
-  })
-
-  const postPages = posts.map(post => ({
-    url: `${baseUrl}/blog/${post.slug}`,
-    lastModified: post.updatedAt,
-    priority: 0.6
-  }))
-
-  return [...staticPages, ...postPages]
-}
-```
-
-## Robots.txt
-
-```typescript
-// app/robots.ts
-import { MetadataRoute } from 'next'
-
-export default function robots(): MetadataRoute.Robots {
-  return {
-    rules: [
-      {
-        userAgent: '*',
-        allow: '/',
-        disallow: ['/api/', '/admin/', '/private/']
-      }
-    ],
-    sitemap: 'https://myapp.com/sitemap.xml'
-  }
-}
-```
-
-## Canonical URLs
-
-```typescript
-// app/blog/[slug]/page.tsx
-export async function generateMetadata({ params }: Props): Promise<Metadata> {
-  const post = await getPost(params.slug)
-
-  return {
-    alternates: {
-      canonical: `https://myapp.com/blog/${params.slug}`,
-      languages: {
-        'en-US': `https://myapp.com/en/blog/${params.slug}`,
-        'es-ES': `https://myapp.com/es/blog/${params.slug}`
-      }
-    }
-  }
-}
-```
-
-## When to Use
-
-- All public pages
-- Blog posts
-- Product pages
-- Landing pages