@gov-cy/govcy-express-services 1.0.0-alpha.2 → 1.0.0-alpha.20

package/src/resources/govcyResources.mjs

@@ -6,6 +6,11 @@ export const staticResources = {
             el: "Υποβολή", 
             tr: "Gönder" 
         },
+        continue: { 
+            en: "Continue", 
+            el: "Συνέχεια", 
+            tr: "Continue" 
+        },
         cancel: { 
             en: "Cancel", 
             el: "Ακύρωση", 
@@ -54,7 +59,7 @@ export const staticResources = {
         errorPage403NaturalOnlyPolicyBody: {
             el: "<p>Η πρόσβαση επιτρέπεται μόνο σε φυσικά πρόσωπα με επιβεβαιωμένο προφίλ. <a href=\"/logout\">Αποσυνδεθείτε</a> και δοκιμάστε ξανά αργότερα.</p>",
             en: "<p>Access is only allowed to individuals with a verified profile.<a href=\"/logout\">Sign out</a> and try again later.</p>",
-            tr: "<p>Access is only allowed to individuals with a confirmed profile.<a href=\"/logout\">Giriş yapmadan</a> sonra tekrar deneyiniz.</p>"
+            tr: "<p>Access is only allowed to individuals with a verified profile.<a href=\"/logout\">Giriş yapmadan</a> sonra tekrar deneyiniz.</p>"
         },
         errorPage500Title: {
             el: "Λυπούμαστε, υπάρχει πρόβλημα με την υπηρεσία",
@@ -100,6 +105,51 @@ export const staticResources = {
             en: "We have received your request. ",
             el: "Έχουμε λάβει την αίτησή σας. ",
             tr: "We have received your request. "
+        },
+        fileUploaded : {
+            en: "File uploaded",
+            el: "Το αρχείο ανεβάστηκε",
+            tr: "File uploaded"
+        },
+        fileNotUploaded : {
+            en: "File has not been uploaded. ",
+            el: "Το αρχείο δεν ανεβάστηκε. ",
+            tr: "File has not been uploaded. "
+        },
+        fileYouHaveUploaded : {
+            en: "You have uploaded the file for \"{{file}}\"",
+            el: "Έχετε ανεβάσει το αρχείο \"{{file}}\"",
+            tr: "You have uploaded the file for \"{{file}}\""
+        },
+        deleteFileTitle : {
+            en: "Are you sure you want to delete the file \"{{file}}\"? ",
+            el: "Σίγουρα θέλετε να διαγράψετε το αρχείο \"{{file}}\";",
+            tr: "Are you sure you want to delete the file \"{{file}}\"? "
+        },
+        deleteYesOption: {
+            el:"Ναι, θέλω να διαγράψω το αρχείο",
+            en:"Yes, I want to delete this file",
+            tr:"Yes, I want to delete this file"
+        },
+        deleteNoOption: {
+            el:"Όχι, δεν θέλω να διαγράψω το αρχείο",
+            en:"No, I don't want to delete this file",
+            tr:"No, I don't want to delete this file"
+        },
+        deleteFileValidationError: {
+            en: "Select if you want to delete the file",
+            el: "Επιλέξτε αν θέλετε να διαγράψετε το αρχείο",
+            tr: "Select if you want to delete the file"
+        },
+        viewFile: {
+            en: "View file",
+            el: "Προβολή αρχείου",
+            tr: "View file"
+        },
+        deleteSameFileWarning: {
+            en: "Υou have uploaded the same file more than once in this application. If you delete it, it will be deleted from all places in the application.",
+            el: "Έχετε ανεβάσει το αρχείο αυτό και σε άλλα σημεία της αίτησης. Αν το διαγράψετε, θα διαγραφεί από όλα τα σημεία.",
+            tr: "Υou have uploaded the same file more than once in this application. If you delete it, it will be deleted from all places in the application."
         }
     },
     //remderer sections
@@ -113,9 +163,19 @@ export const staticResources = {
             element: "htmlElement",
             params: {
                 text: {
-                    en: `<script src="/js/govcyForms.js"></script>`,
-                    el: `<script src="/js/govcyForms.js"></script>`,
-                    tr: `<script src="/js/govcyForms.js"></script>`
+                    en: `<script src="https://cdn.jsdelivr.net/gh/gov-cy/govcy-frontend-renderer@v1.22.0/dist/govcyCompiledTemplates.browser.js"></script><script src="https://cdn.jsdelivr.net/gh/gov-cy/govcy-frontend-renderer@v1.22.0/dist/govcyFrontendRenderer.browser.js"></script><script type="module" src="/js/govcyForms.js"></script><script type="module" src="/js/govcyFiles.js"></script>`,
+                    el: `<script src="https://cdn.jsdelivr.net/gh/gov-cy/govcy-frontend-renderer@v1.22.0/dist/govcyCompiledTemplates.browser.js"></script><script src="https://cdn.jsdelivr.net/gh/gov-cy/govcy-frontend-renderer@v1.22.0/dist/govcyFrontendRenderer.browser.js"></script><script type="module" src="/js/govcyForms.js"></script><script type="module" src="/js/govcyFiles.js"></script>`,
+                    tr: `<script src="https://cdn.jsdelivr.net/gh/gov-cy/govcy-frontend-renderer@v1.22.0/dist/govcyCompiledTemplates.browser.js"></script><script src="https://cdn.jsdelivr.net/gh/gov-cy/govcy-frontend-renderer@v1.22.0/dist/govcyFrontendRenderer.browser.js"></script><script type="module" src="/js/govcyForms.js"></script><script type="module" src="/js/govcyFiles.js"></script>`
+                }
+            }
+        },
+        govcyLoadingOverlay: {
+            element: "htmlElement",
+            params: {
+                text: {
+                    en: `<style>.govcy-loadingOverlay{position:fixed;top:0;right:0;bottom:0;left:0;display:none;justify-content:center;align-items:center;background:rgba(255,255,255,.7);-webkit-backdrop-filter:blur(3px);backdrop-filter:blur(3px);z-index:1050}.govcy-loadingOverlay[aria-hidden="false"]{display:flex}</style><div id="govcy--loadingOverlay" class="govcy-loadingOverlay" aria-hidden="true" role="dialog" aria-modal="true" tabindex="-1"><div class="govcy-loadingOverlay__content" role="status" aria-live="polite"><div class="spinner-border govcy-text-primary" role="status"><span class="govcy-visually-hidden">Loading...</span></div></div></div>`,
+                    el: `<style>.govcy-loadingOverlay{position:fixed;top:0;right:0;bottom:0;left:0;display:none;justify-content:center;align-items:center;background:rgba(255,255,255,.7);-webkit-backdrop-filter:blur(3px);backdrop-filter:blur(3px);z-index:1050}.govcy-loadingOverlay[aria-hidden="false"]{display:flex}</style><div id="govcy--loadingOverlay" class="govcy-loadingOverlay" aria-hidden="true" role="dialog" aria-modal="true" tabindex="-1"><div class="govcy-loadingOverlay__content" role="status" aria-live="polite"><div class="spinner-border govcy-text-primary" role="status"><span class="govcy-visually-hidden">Φόρτωση...</span></div></div></div>`,
+                    tr: `<style>.govcy-loadingOverlay{position:fixed;top:0;right:0;bottom:0;left:0;display:none;justify-content:center;align-items:center;background:rgba(255,255,255,.7);-webkit-backdrop-filter:blur(3px);backdrop-filter:blur(3px);z-index:1050}.govcy-loadingOverlay[aria-hidden="false"]{display:flex}</style><div id="govcy--loadingOverlay" class="govcy-loadingOverlay" aria-hidden="true" role="dialog" aria-modal="true" tabindex="-1"><div class="govcy-loadingOverlay__content" role="status" aria-live="polite"><div class="spinner-border govcy-text-primary" role="status"><span class="govcy-visually-hidden">Loading...</span></div></div></div>`
                 }
             }
         },
@@ -192,6 +252,27 @@ export function csrfTokenInput(csrfToken) {
     };
 }
 
+/**
+ * Get the site and page input elements 
+ * @param {string} siteId The site id
+ * @param {string} pageUrl The page url
+ * @param {string} lang The page language
+ * @returns {object} htmlElement with the site and page inputs
+ */
+export function siteAndPageInput(siteId, pageUrl, lang = "el") {
+    const siteAndPageInputs = `<input type="hidden" name="_siteId" value="${siteId}"><input type="hidden" name="_pageUrl" value="${pageUrl}"><input type="hidden" name="_lang" value="${lang}">`;
+    return {
+        element: "htmlElement",
+        params: {
+            text: {
+                en: siteAndPageInputs,
+                el: siteAndPageInputs,
+                tr: siteAndPageInputs
+            }
+        }
+    };
+}
+
 /**
  * Error page template
  * @param {object} title the title text element 

package/src/utils/govcyApiDetection.mjs

@@ -0,0 +1,17 @@
+/**
+ * Determines if a request is targeting an API endpoint.
+ * Currently matches:
+ * - Accept header with application/json
+ * - URLs ending with /upload or /download under a site/page structure
+ *
+ * @param {object} req - Express request object
+ * @returns {boolean}
+ */
+export function isApiRequest(req) {
+  const acceptJson = (req.headers?.accept || "").toLowerCase().includes("application/json");
+
+  const apiUrlPattern =  /^\/apis\/[^/]+\/[^/]+\/(upload|download)$/;
+  const isStructuredApiUrl = apiUrlPattern.test(req.originalUrl || req.url);
+
+  return acceptJson || isStructuredApiUrl;
+}

package/src/utils/govcyApiRequest.mjs

@@ -5,12 +5,13 @@ import { logger } from "./govcyLogger.mjs";
  * Utility to handle API communication with retry logic
  * @param {string} method - HTTP method (e.g., 'post', 'get', etc.)
  * @param {string} url - API endpoint URL
- * @param {object} inputData - Payload for the request (optional)
+ * @param {object|FormData} inputData - Payload for the request (optional)
  * @param {boolean} useAccessTokenAuth - Whether to use Authorization header with Bearer token
  * @param {object} user - User object containing access_token (optional)
  * @param {object} headers - Custom headers (optional)
  * @param {number} retries - Number of retry attempts (default: 3)
  * @param {boolean} allowSelfSignedCerts - Whether to allow self-signed certificates (default: false)
+ * @param {array} allowedHTTPStatusCodes - Array of allowed HTTP status codes (default: [200])
  * @returns {Promise<object>} - API response
  */
 export async function govcyApiRequest(
@@ -21,7 +22,8 @@ export async function govcyApiRequest(
     user = null, 
     headers = {}, 
     retries = 3,
-    allowSelfSignedCerts = false
+    allowSelfSignedCerts = false,
+    allowedHTTPStatusCodes = [200]
 ) {
     let attempt = 0;
 
@@ -37,6 +39,14 @@ export async function govcyApiRequest(
         requestHeaders['Authorization'] = `Bearer ${user.access_token}`;
     }
 
+    // If inputData is FormData, for attachments
+    if (inputData instanceof (await import('form-data')).default) {
+        requestHeaders = {
+        ...requestHeaders,
+        ...inputData.getHeaders(), // includes boundary in content-type
+        };
+    }
+
     while (attempt < retries) {
         try {
             logger.debug(`📤 Sending API request (Attempt ${attempt + 1})`, { method, url, inputData, requestHeaders });
@@ -45,11 +55,22 @@ export async function govcyApiRequest(
             const axiosConfig = {
                 method,
                 url,
-                [method?.toLowerCase() === 'get' ? 'params' : 'data']: inputData,
+                ...(inputData instanceof (await import('form-data')).default // If inputData is FormData, for attachments
+                    ? { data: inputData }
+                    : { [method?.toLowerCase() === 'get' ? 'params' : 'data']: inputData }),
                 headers: requestHeaders,
                 timeout: 10000, // 10 seconds timeout
+                // ✅ Treat only these statuses as "resolved" (no throw)
+                validateStatus: (status) => allowedHTTPStatusCodes.includes(status),
             };
 
+            // If inputData is FormData, for attachments
+            if (inputData instanceof (await import('form-data')).default) {
+                axiosConfig.maxContentLength = Infinity;
+                axiosConfig.maxBodyLength = Infinity;
+            }
+
+
             // Add httpsAgent if NOT production to allow self-signed certificates
             // Use per-call config for self-signed certs
             if (allowSelfSignedCerts) {
@@ -60,9 +81,13 @@ export async function govcyApiRequest(
 
             logger.debug(`📥 Received API response`, { status: response.status, data: response.data });
 
-            if (response.status !== 200) {
+            // Validate HTTP status
+            if (!allowedHTTPStatusCodes.includes(response.status)) {
                 throw new Error(`Unexpected HTTP status: ${response.status}`);
             }
+            // if (response.status !== 200) {
+            //     throw new Error(`Unexpected HTTP status: ${response.status}`);
+            // }
             
             // const { Succeeded, ErrorCode, ErrorMessage } = response.data;
             // Normalize to PascalCase regardless of input case
@@ -77,7 +102,7 @@ export async function govcyApiRequest(
                 ErrorMessage,
                 Data,
                 InformationMessage
-            } = response.data;
+            } = response.data ?? {};
 
             const normalized = {
                 Succeeded: Succeeded !== undefined ? Succeeded : succeeded,

package/src/utils/govcyApiResponse.mjs

@@ -0,0 +1,31 @@
+/**
+ * The successResponse function creates a standardized success response object.
+ * 
+ * @param {*} data - The data to be included in the response. 
+ * @returns  {Object} - The success response object.
+ */
+export function successResponse(data = null) {
+  return {
+    Succeeded: true,
+    ErrorCode: 0,
+    ErrorMessage: '',
+    Data: data
+  };
+}
+
+/**
+ * The errorResponse function creates a standardized error response object.
+ * 
+ * @param {int} code - The error code to be included in the response.
+ * @param {string} message - The error message to be included in the response.
+ * @param {Object} data - Additional data to be included in the response.
+ * @returns {Object} - The error response object.
+ */
+export function errorResponse(code = 1, message = 'Unknown error', data = null) {
+  return {
+    Succeeded: false,
+    ErrorCode: code,
+    ErrorMessage: message,
+    Data: data
+  };
+}

package/src/utils/govcyConstants.mjs

@@ -1,4 +1,8 @@
 /**
  * Shared constants for allowed form elements.
  */
-export const ALLOWED_FORM_ELEMENTS = ["textInput", "textArea", "select", "radios", "checkboxes", "datePicker", "dateInput"];
+export const ALLOWED_FORM_ELEMENTS = ["textInput", "textArea", "select", "radios", "checkboxes", "datePicker", "dateInput","fileInput","fileView"];
+export const ALLOWED_FILE_MIME_TYPES = ['application/pdf', 'image/jpeg', 'image/png'];
+export const ALLOWED_FILE_EXTENSIONS = ['pdf', 'jpg', 'jpeg', 'png'];
+export const ALLOWED_FILE_SIZE_MB = 4; // Maximum file size in MB
+export const ALLOWED_MULTER_FILE_SIZE_MB = 10; // Maximum file size in MB

package/src/utils/govcyDataLayer.mjs

@@ -98,6 +98,14 @@ export function storePageData(store, siteId, pageUrl, formData) {
 
     store.siteData[siteId].inputData[pageUrl]["formData"] = formData;
 }
+
+export function storePageDataElement(store, siteId, pageUrl, elementName, value) {
+    // Ensure session structure is initialized
+    initializeSiteData(store, siteId, pageUrl);
+
+    // Store the element value
+    store.siteData[siteId].inputData[pageUrl].formData[elementName] = value;
+}
 /**
  * Stores the page's input data in the data layer
  *  * 
@@ -183,11 +191,11 @@ export function storeSiteSubmissionData(store, siteId, submissionData) {
     // let rawData = getSiteInputData(store, siteId);
     // Store the submission data
     store.siteData[siteId].submissionData = submissionData;
-      
+
     // Clear validation errors from the session
     store.siteData[siteId].inputData = {};
     // Clear presaved/temporary save data
-    store.siteData[siteId].loadData = {}; 
+    store.siteData[siteId].loadData = {};
 
 }
 
@@ -200,7 +208,7 @@ export function storeSiteSubmissionData(store, siteId, submissionData) {
  * @param {object} result - API response
  */
 export function storeSiteEligibilityResult(store, siteId, endpointKey, result) {
-    
+
     initializeSiteData(store, siteId); // Ensure the structure exists
 
     if (!store.siteData[siteId].eligibility) store.siteData[siteId].eligibility = {};
@@ -236,7 +244,7 @@ export function getSiteEligibilityResult(store, siteId, endpointKey, maxAgeMs =
  */
 export function getPageValidationErrors(store, siteId, pageUrl) {
     const validationErrors = store?.siteData?.[siteId]?.inputData?.[pageUrl]?.validationErrors || null;
-    
+
     if (validationErrors) {
         // Clear validation errors from the session
         delete store.siteData[siteId].inputData[pageUrl].validationErrors;
@@ -267,7 +275,7 @@ export function getPageData(store, siteId, pageUrl) {
  */
 export function getSiteSubmissionErrors(store, siteId) {
     const validationErrors = store?.siteData?.[siteId]?.submissionErrors || null;
-    
+
     if (validationErrors) {
         // Clear validation errors from the session
         delete store.siteData[siteId].submissionErrors;
@@ -286,7 +294,7 @@ export function getSiteSubmissionErrors(store, siteId) {
  */
 export function getSiteData(store, siteId) {
     const inputData = store?.siteData?.[siteId] || {};
-    
+
     if (inputData) {
         return inputData;
     }
@@ -303,7 +311,7 @@ export function getSiteData(store, siteId) {
  */
 export function getSiteInputData(store, siteId) {
     const inputData = store?.siteData?.[siteId]?.inputData || {};
-    
+
     if (inputData) {
         return inputData;
     }
@@ -320,7 +328,7 @@ export function getSiteInputData(store, siteId) {
  */
 export function getSiteLoadData(store, siteId) {
     const loadData = store?.siteData?.[siteId]?.loadData || {};
-    
+
     if (loadData) {
         return loadData;
     }
@@ -328,6 +336,20 @@ export function getSiteLoadData(store, siteId) {
     return null;
 }
 
+/**
+ * Get the site's reference number from load data from the store 
+ * 
+ * @param {object} store The session store
+ * @param {string} siteId The site ID
+ * @returns {string|null} The reference number or null if not available
+ */
+export function getSiteLoadDataReferenceNumber(store, siteId) {
+    const ref = store?.siteData?.[siteId]?.loadData?.referenceValue;
+
+    return typeof ref === 'string' && ref.trim() !== '' ? ref : null;
+}
+
+
 /**
  * Get the site's input data from the store 
  * 
@@ -337,9 +359,9 @@ export function getSiteLoadData(store, siteId) {
  */
 export function getSiteSubmissionData(store, siteId) {
     initializeSiteData(store, siteId); // Ensure the structure exists
-    
+
     const submission = store?.siteData?.[siteId]?.submissionData || {};
-    
+
     if (submission) {
         return submission;
     }
@@ -366,7 +388,7 @@ export function getFormDataValue(store, siteId, pageUrl, elementName) {
  * @param {object} store The session store 
  * @returns The user object from the store or null if it doesn't exist.
  */
-export function getUser(store){
+export function getUser(store) {
     return store.user || null;
 }
 
@@ -374,3 +396,181 @@ export function clearSiteData(store, siteId) {
     delete store?.siteData[siteId];
 }
 
+/**
+ * Check if a file reference is used in more than one place (field) across the site's inputData.
+ *
+ * A "file reference" is an object like:
+ *   { sha256: "abc...", fileId: "xyz..." }
+ *
+ * Matching rules:
+ *  - If both fileId and sha256 are provided, both must match.
+ *  - If only one is provided, we match by that single property.
+ *
+ * Notes:
+ *  - Does NOT mutate the session.
+ *  - Safely handles missing site/pages.
+ *  - If a form field is an array (e.g., multiple file inputs), each item is checked.
+ *
+ * @param {object} store   The session object (e.g., req.session)
+ * @param {string} siteId  The site identifier
+ * @param {object} params  { fileId?: string, sha256?: string }
+ * @returns {boolean}      true if the file is found in more than one place, else false
+ */
+export function isFileUsedInSiteInputDataAgain(store, siteId, { fileId, sha256 } = {}) {
+    // If neither identifier is provided, we cannot match anything
+    if (!fileId && !sha256) return false;
+
+    // Ensure session structure is initialized
+    initializeSiteData(store, siteId);
+
+    // Site input data: session.siteData[siteId].inputData
+    const site = store?.siteData?.[siteId]?.inputData;
+    if (!site || typeof site !== 'object') return false;
+
+    let hits = 0; // how many fields across the site reference this file
+
+    // Loop all pages under the site
+    for (const pageKey of Object.keys(site)) {
+        const formData = site[pageKey]?.formData;
+        if (!formData || typeof formData !== 'object') continue;
+
+        // Loop all fields on the page
+        for (const [_, value] of Object.entries(formData)) {
+            if (value == null) continue;
+
+            // Normalize to an array to also support multi-value fields (e.g., multiple file inputs)
+            const candidates = Array.isArray(value) ? value : [value];
+
+            for (const candidate of candidates) {
+                // We only consider objects that look like file references
+                if (
+                    candidate &&
+                    typeof candidate === 'object' &&
+                    'fileId' in candidate &&
+                    'sha256' in candidate
+                ) {
+                    const idMatches = fileId ? candidate.fileId === fileId : true;
+                    const shaMatches = sha256 ? candidate.sha256 === sha256 : true;
+
+                    if (idMatches && shaMatches) {
+                        hits += 1;
+                        // As soon as we see it in more than one place, we can answer true
+                        if (hits > 1) return true;
+                    }
+                }
+            }
+        }
+    }
+
+    // If we get here, it was used 0 or 1 times
+    return false;
+}
+
+
+/**
+ * Remove (replace with "") file values across ALL pages of a site,
+ * matching a specific fileId and/or sha256.
+ *
+ * Matching rules:
+ *  - If BOTH fileId and sha256 are provided, a file object must match BOTH.
+ *  - If ONLY fileId is provided, match on fileId.
+ *  - If ONLY sha256 is provided, match on sha256.
+ *
+ * Scope:
+ *  - Operates on every page under store.siteData[siteId].inputData.
+ *  - Shallow traversal of formData:
+ *      • Direct fields: formData[elementId] = { fileId, sha256, ... }
+ *      • Arrays: [ {fileId...}, {sha256...}, "other" ] → ["", "", "other"] (for matches)
+ *
+ * Side effects:
+ *  - Mutates store.siteData[siteId].inputData[*].formData in place.
+ *  - Intentionally returns nothing.
+ *
+ * @param {object} store - The data-layer store.
+ * @param {string} siteId - The site key under store.siteData to modify.
+ * @param {{ fileId?: string|null, sha256?: string|null }} match - Identifiers to match.
+ *   Provide at least one of fileId/sha256. If both are given, both must match.
+ */
+export function removeAllFilesFromSite(
+    store,
+    siteId,
+    { fileId = null, sha256 = null } = {}
+) {
+    // Ensure session structure is initialized
+    initializeSiteData(store, siteId);
+    // --- Guard rails ---------------------------------------------------------
+
+    // Nothing to remove if neither identifier is provided.
+    if (!fileId && !sha256) return;
+
+    // Per your structure: dig under .inputData for the site's pages.
+    const site = store?.siteData?.[siteId]?.inputData;
+    if (!site || typeof site !== "object") return;
+
+    // --- Helpers -------------------------------------------------------------
+
+    // Is this value a "file-like" object (has fileId and/or sha256)?
+    const isFileLike = (v) =>
+        v &&
+        typeof v === "object" &&
+        (Object.prototype.hasOwnProperty.call(v, "fileId") ||
+            Object.prototype.hasOwnProperty.call(v, "sha256"));
+
+    // Does a file-like object match the provided criteria?
+    const isMatch = (obj) => {
+        if (!isFileLike(obj)) return false;
+
+        // Strict when both are given
+        if (fileId && sha256) {
+            return obj.fileId === fileId && obj.sha256 === sha256;
+        }
+        // Otherwise match whichever was provided
+        if (fileId) return obj.fileId === fileId;
+        if (sha256) return obj.sha256 === sha256;
+
+        return false;
+    };
+
+    // --- Main traversal over all pages --------------------------------------
+
+    for (const page of Object.values(site)) {
+        // Each page should be an object with a formData object
+        const formData =
+            page &&
+                typeof page === "object" &&
+                page.formData &&
+                typeof page.formData === "object"
+                ? page.formData
+                : null;
+
+        if (!formData) continue; // skip content-only pages, etc.
+
+        // For each field on this page…
+        for (const key of Object.keys(formData)) {
+            const val = formData[key];
+
+            // Case A: a single file object → replace with "" if it matches.
+            if (isMatch(val)) {
+                formData[key] = "";
+                continue;
+            }
+
+            // Case B: an array → replace ONLY the matching items with "".
+            if (Array.isArray(val)) {
+                let changed = false;
+                const mapped = val.map((item) => {
+                    if (isMatch(item)) {
+                        changed = true;
+                        return "";
+                    }
+                    return item;
+                });
+                if (changed) formData[key] = mapped;
+            }
+
+            // Note: If you later store file-like objects deeper in nested objects,
+            // add a recursive visitor here (with cycle protection / max depth).
+        }
+    }
+}
+

package/src/utils/govcyExpressions.mjs

@@ -124,7 +124,7 @@ export function evaluateExpressionWithFlattening(expression, object, prefix = ''
  * @returns {{ result: true } | { result: false, redirect: string }}
  *          An object indicating whether to render the page or redirect
  */
-export function evaluatePageConditions(page, store, siteKey, req) {
+export function evaluatePageConditions(page, store, siteKey, req = {}) {
   // Get conditions array from nested page structure
   const conditions = page?.pageData?.conditions;