@jmruthers/pace-core 0.2.4

package/dist/validation.js

@@ -0,0 +1,477 @@
+import {
+  changePasswordSchema,
+  combineSchemas,
+  contactFormSchema,
+  dateSchema,
+  emailSchema,
+  loginSchema,
+  nameSchema,
+  passwordResetSchema,
+  passwordSchema,
+  phoneSchema,
+  pickSchema,
+  registrationSchema,
+  secureLoginSchema,
+  securePasswordSchema,
+  urlSchema,
+  userProfileSchema
+} from "./chunk-24MKLB7U.js";
+import {
+  secureStorage
+} from "./chunk-5CDJCTOO.js";
+import "./chunk-PLDDJCW6.js";
+
+// src/validation/sanitization.ts
+import { z } from "zod";
+var secureEmailSchema = z.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long").refine(
+  (email) => {
+    if (!email || typeof email !== "string") return false;
+    const domain = email.split("@")[1];
+    return domain && domain.includes(".") && domain.length > 3;
+  },
+  "Invalid email domain"
+).transform((email) => sanitizeEmail(email));
+var emailSchema2 = z.string().min(1, "Email is required").email("Invalid email format");
+var nameSchema2 = z.string().min(1, "Name is required").max(100, "Name too long").regex(/^[a-zA-Z\s'-]+$/, "Name contains invalid characters");
+var phoneSchema2 = z.string().regex(/^[\+]?[1-9][\d]{0,15}$/, "Invalid phone number format");
+var urlSchema2 = z.string().url("Invalid URL format");
+var dateSchema2 = z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "Invalid date format (YYYY-MM-DD)");
+var secureLoginSchema2 = z.object({
+  email: secureEmailSchema,
+  password: z.string().min(1, "Password is required")
+});
+function sanitizeEmail(email) {
+  if (!email || typeof email !== "string") {
+    return "";
+  }
+  return email.toLowerCase().trim();
+}
+function sanitizeString(input) {
+  if (!input || typeof input !== "string") {
+    return "";
+  }
+  return input.replace(/[<>]/g, "").replace(/javascript:/gi, "").replace(/on\w+=/gi, "").trim();
+}
+
+// src/validation/csrf.ts
+var CSRFManager = class {
+  constructor() {
+    this.tokenCache = /* @__PURE__ */ new Map();
+    this.TOKEN_EXPIRY = 30 * 60 * 1e3;
+    // 30 minutes
+    this.MAX_TOKENS_PER_SESSION = 10;
+  }
+  /**
+   * Generate a new CSRF token for the current session
+   */
+  async generateToken(sessionId) {
+    try {
+      await this.cleanupExpiredTokens();
+      const sessionTokens = Array.from(this.tokenCache.values()).filter((data) => data.sessionId === sessionId && !data.used);
+      if (sessionTokens.length >= this.MAX_TOKENS_PER_SESSION) {
+        const oldest = sessionTokens.sort((a, b) => a.timestamp - b.timestamp)[0];
+        this.tokenCache.delete(oldest.token);
+      }
+      const tokenBytes = new Uint8Array(32);
+      crypto.getRandomValues(tokenBytes);
+      const token = Array.from(
+        tokenBytes,
+        (byte) => byte.toString(16).padStart(2, "0")
+      ).join("");
+      const tokenData = {
+        token,
+        sessionId,
+        timestamp: Date.now(),
+        used: false
+      };
+      this.tokenCache.set(token, tokenData);
+      await this.persistTokens();
+      return token;
+    } catch (error) {
+      throw new Error("CSRF token generation failed");
+    }
+  }
+  /**
+   * Validate and consume a CSRF token
+   */
+  async validateToken(token, sessionId) {
+    try {
+      if (this.tokenCache.size === 0) {
+        await this.loadTokens();
+      }
+      const tokenData = this.tokenCache.get(token);
+      if (!tokenData) {
+        return false;
+      }
+      if (tokenData.sessionId !== sessionId) {
+        return false;
+      }
+      if (tokenData.used) {
+        return false;
+      }
+      if (Date.now() - tokenData.timestamp > this.TOKEN_EXPIRY) {
+        this.tokenCache.delete(token);
+        await this.persistTokens();
+        return false;
+      }
+      tokenData.used = true;
+      this.tokenCache.set(token, tokenData);
+      await this.persistTokens();
+      return true;
+    } catch (error) {
+      return false;
+    }
+  }
+  /**
+   * Get current valid token for session
+   */
+  async getCurrentToken(sessionId) {
+    if (this.tokenCache.size === 0) {
+      await this.loadTokens();
+    }
+    for (const [token, data] of this.tokenCache.entries()) {
+      if (data.sessionId === sessionId && !data.used && Date.now() - data.timestamp < this.TOKEN_EXPIRY) {
+        return token;
+      }
+    }
+    return await this.generateToken(sessionId);
+  }
+  /**
+   * Clean up expired and used tokens
+   */
+  async cleanupExpiredTokens() {
+    const now = Date.now();
+    const expiredTokens = [];
+    for (const [token, data] of this.tokenCache.entries()) {
+      if (data.used || now - data.timestamp > this.TOKEN_EXPIRY) {
+        expiredTokens.push(token);
+      }
+    }
+    expiredTokens.forEach((token) => this.tokenCache.delete(token));
+    if (expiredTokens.length > 0) {
+      await this.persistTokens();
+    }
+  }
+  /**
+   * Persist tokens to secure storage
+   */
+  async persistTokens() {
+    try {
+      const tokensArray = Array.from(this.tokenCache.entries());
+      await secureStorage.setItem(
+        "csrf_tokens",
+        JSON.stringify(tokensArray),
+        { encrypt: true, expiry: this.TOKEN_EXPIRY }
+      );
+    } catch (error) {
+    }
+  }
+  /**
+   * Load tokens from secure storage
+   */
+  async loadTokens() {
+    try {
+      const tokensData = await secureStorage.getItem("csrf_tokens");
+      if (tokensData) {
+        const tokensArray = JSON.parse(tokensData);
+        this.tokenCache = new Map(tokensArray);
+        await this.cleanupExpiredTokens();
+      }
+    } catch (error) {
+      this.tokenCache.clear();
+    }
+  }
+  /**
+   * Clear all tokens for session
+   */
+  async clearSession(sessionId) {
+    const tokensToRemove = [];
+    for (const [token, data] of this.tokenCache.entries()) {
+      if (data.sessionId === sessionId) {
+        tokensToRemove.push(token);
+      }
+    }
+    tokensToRemove.forEach((token) => this.tokenCache.delete(token));
+    await this.persistTokens();
+  }
+};
+var csrfManager = new CSRFManager();
+async function generateCSRFToken(sessionId) {
+  return csrfManager.generateToken(sessionId);
+}
+async function validateCSRFToken(token, sessionId) {
+  return csrfManager.validateToken(token, sessionId);
+}
+async function getCSRFToken(sessionId) {
+  return csrfManager.getCurrentToken(sessionId);
+}
+
+// src/validation/sqlInjectionProtection.ts
+import { z as z2 } from "zod";
+var SQL_INJECTION_PATTERNS = [
+  /(\b(SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER|EXEC|EXECUTE|UNION|SCRIPT|JAVASCRIPT)\b)/i,
+  /(\'|(\\\')|(\'\')|(\"|(\\\")|(\\")))|(\\x)|(\\u)/i,
+  /((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52))/i,
+  // '|%27|' OR
+  /((%27)|(')|(%55)|u|(%55)|(%4E)|n|(%4E)|(%49)|i|(%49)|(%4F)|o|(%4F)|(%4E)|n|(%4E))/i,
+  // '|%27|' UNION
+  /((%3D)|(=))[^\n]*((%27)|(')|((\\x27))|((\\x2D))|((\\x23)))/i,
+  /(w*((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52)))/i,
+  /((%27)|(')|(''))+union/i,
+  /exec(\+|\s)+(s|x)p\w+/i,
+  /\b(and|or)\b.+?(=|<|>|\bin\b|\blike\b)/i,
+  /\bunion\b.+?\bselect\b/i,
+  /\bdrop\b.+?\btable\b/i,
+  /\binsert\b.+?\binto\b/i,
+  /\bdelete\b.+?\bfrom\b/i,
+  /\bupdate\b.+?\bset\b/i,
+  /(;|(\\x3B)).+?(drop|create|alter|exec|execute|insert|update|delete)/i,
+  /(%3B|;).+?(%44|%64|d)(%52|%72|r)(%4F|%6F|o)(%50|%70|p)/i
+];
+var DANGEROUS_CHARS = /[';\"\\%]/g;
+var searchQuerySchema = z2.string().max(500, "Search query too long").refine(
+  (query) => {
+    return !SQL_INJECTION_PATTERNS.some((pattern) => pattern.test(query));
+  },
+  "Invalid characters detected in search query"
+).transform((query) => sanitizeSearchQuery(query));
+var sqlIdentifierSchema = z2.string().min(1, "Identifier cannot be empty").max(63, "Identifier too long").regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/, "Invalid identifier format").refine(
+  (identifier) => {
+    const reservedWords = [
+      "SELECT",
+      "INSERT",
+      "UPDATE",
+      "DELETE",
+      "DROP",
+      "CREATE",
+      "ALTER",
+      "FROM",
+      "WHERE",
+      "JOIN",
+      "UNION",
+      "ORDER",
+      "GROUP",
+      "HAVING"
+    ];
+    return !reservedWords.includes(identifier.toUpperCase());
+  },
+  "Identifier cannot be a reserved SQL keyword"
+);
+var orderBySchema = z2.string().regex(/^[a-zA-Z_][a-zA-Z0-9_]*(\s+(ASC|DESC|asc|desc))?$/, "Invalid order by format");
+var limitOffsetSchema = z2.number().int("Must be an integer").min(0, "Must be non-negative").max(1e3, "Limit too large");
+function sanitizeSearchQuery(query) {
+  return query.replace(DANGEROUS_CHARS, "").replace(/\s+/g, " ").trim().slice(0, 500);
+}
+function escapeLikeQuery(query) {
+  return query.replace(/\\/g, "\\\\").replace(/%/g, "\\%").replace(/_/g, "\\_");
+}
+function sanitizeFilters(filters) {
+  const sanitized = {};
+  for (const [key, value] of Object.entries(filters)) {
+    const keyValidation = sqlIdentifierSchema.safeParse(key);
+    if (!keyValidation.success) {
+      console.warn(`[SECURITY] Invalid filter key detected and removed: ${key}`);
+      continue;
+    }
+    if (typeof value === "string") {
+      const valueValidation = searchQuerySchema.safeParse(value);
+      if (valueValidation.success) {
+        sanitized[key] = valueValidation.data;
+      }
+    } else if (typeof value === "number") {
+      if (Number.isFinite(value)) {
+        sanitized[key] = value;
+      }
+    } else if (typeof value === "boolean") {
+      sanitized[key] = value;
+    } else if (Array.isArray(value)) {
+      const sanitizedArray = value.filter((item) => typeof item === "string" || typeof item === "number").map((item) => typeof item === "string" ? sanitizeSearchQuery(item) : item).slice(0, 100);
+      if (sanitizedArray.length > 0) {
+        sanitized[key] = sanitizedArray;
+      }
+    }
+  }
+  return sanitized;
+}
+function buildSafeQueryParams(params) {
+  const safe = {};
+  if (params.select) {
+    const selectFields = params.select.split(",").map((field) => field.trim());
+    const validFields = selectFields.filter((field) => {
+      return sqlIdentifierSchema.safeParse(field).success;
+    });
+    if (validFields.length > 0) {
+      safe.select = validFields.join(", ");
+    }
+  }
+  if (params.filters) {
+    safe.filters = sanitizeFilters(params.filters);
+  }
+  if (params.orderBy) {
+    const orderByValidation = orderBySchema.safeParse(params.orderBy);
+    if (orderByValidation.success) {
+      safe.orderBy = orderByValidation.data;
+    }
+  }
+  if (params.limit !== void 0) {
+    const limitValidation = limitOffsetSchema.safeParse(params.limit);
+    if (limitValidation.success) {
+      safe.limit = limitValidation.data;
+    }
+  }
+  if (params.offset !== void 0) {
+    const offsetValidation = limitOffsetSchema.safeParse(params.offset);
+    if (offsetValidation.success) {
+      safe.offset = offsetValidation.data;
+    }
+  }
+  if (params.search) {
+    const searchValidation = searchQuerySchema.safeParse(params.search);
+    if (searchValidation.success) {
+      safe.search = searchValidation.data;
+    }
+  }
+  return safe;
+}
+function detectSQLInjection(input) {
+  const detectedPatterns = [];
+  let maxRisk = "low";
+  SQL_INJECTION_PATTERNS.forEach((pattern, index) => {
+    if (pattern.test(input)) {
+      detectedPatterns.push(`Pattern ${index + 1}`);
+      if (index < 3) {
+        maxRisk = "critical";
+      } else if (index < 7 && maxRisk !== "critical") {
+        maxRisk = "high";
+      } else if (index < 12 && !["critical", "high"].includes(maxRisk)) {
+        maxRisk = "medium";
+      }
+    }
+  });
+  return {
+    isSuspicious: detectedPatterns.length > 0,
+    patterns: detectedPatterns,
+    riskLevel: maxRisk
+  };
+}
+
+// src/validation/passwordSchema.ts
+import { z as z3 } from "zod";
+var COMMON_PASSWORDS = /* @__PURE__ */ new Set([
+  "password",
+  "123456",
+  "123456789",
+  "qwerty",
+  "abc123",
+  "password123",
+  "admin",
+  "letmein",
+  "welcome",
+  "monkey",
+  "1234567890",
+  "password1"
+]);
+var WEAK_PATTERNS = [
+  /^(.)\1+$/,
+  // All same character
+  /^(012|123|234|345|456|567|678|789|890|987|876|765|654|543|432|321|210)+/,
+  // Sequential numbers
+  /^(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz)+/i
+  // Sequential letters
+];
+var securePasswordSchema2 = z3.string().min(8, "Password must be at least 8 characters long").max(128, "Password must not exceed 128 characters").refine(
+  (password) => /[a-z]/.test(password),
+  "Password must contain at least one lowercase letter"
+).refine(
+  (password) => /[A-Z]/.test(password),
+  "Password must contain at least one uppercase letter"
+).refine(
+  (password) => /\d/.test(password),
+  "Password must contain at least one number"
+).refine(
+  (password) => /[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password),
+  "Password must contain at least one special character"
+).refine(
+  (password) => !COMMON_PASSWORDS.has(password.toLowerCase()),
+  "Password is too common. Please choose a stronger password"
+).refine(
+  (password) => !WEAK_PATTERNS.some((pattern) => pattern.test(password)),
+  "Password contains weak patterns. Please choose a more complex password"
+).refine(
+  (password) => {
+    const keyboardPatterns = ["qwerty", "asdfgh", "zxcvbn", "1234567890"];
+    return !keyboardPatterns.some(
+      (pattern) => password.toLowerCase().includes(pattern)
+    );
+  },
+  "Password contains keyboard patterns. Please choose a more secure password"
+);
+var passwordSchema2 = z3.string().min(6, "Password must be at least 6 characters long").max(128, "Password must not exceed 128 characters");
+function calculatePasswordStrength(password) {
+  let score = 0;
+  const feedback = [];
+  if (password.length >= 8) score += 20;
+  else if (password.length >= 6) score += 10;
+  else feedback.push("Use at least 8 characters");
+  if (/[a-z]/.test(password)) score += 15;
+  else feedback.push("Add lowercase letters");
+  if (/[A-Z]/.test(password)) score += 15;
+  else feedback.push("Add uppercase letters");
+  if (/\d/.test(password)) score += 15;
+  else feedback.push("Add numbers");
+  if (/[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password)) score += 15;
+  else feedback.push("Add special characters");
+  if (password.length >= 12) score += 10;
+  if (/[^a-zA-Z0-9]/.test(password)) score += 10;
+  if (COMMON_PASSWORDS.has(password.toLowerCase())) {
+    score -= 30;
+    feedback.push("Avoid common passwords");
+  }
+  if (WEAK_PATTERNS.some((pattern) => pattern.test(password))) {
+    score -= 20;
+    feedback.push("Avoid predictable patterns");
+  }
+  let level;
+  if (score < 30) level = "very-weak";
+  else if (score < 50) level = "weak";
+  else if (score < 70) level = "fair";
+  else if (score < 90) level = "good";
+  else level = "strong";
+  return { score: Math.max(0, Math.min(100, score)), feedback, level };
+}
+export {
+  buildSafeQueryParams,
+  calculatePasswordStrength,
+  changePasswordSchema,
+  combineSchemas,
+  contactFormSchema,
+  csrfManager,
+  dateSchema,
+  detectSQLInjection,
+  emailSchema,
+  escapeLikeQuery,
+  generateCSRFToken,
+  getCSRFToken,
+  limitOffsetSchema,
+  loginSchema,
+  nameSchema,
+  orderBySchema,
+  passwordResetSchema,
+  passwordSchema,
+  phoneSchema,
+  pickSchema,
+  registrationSchema,
+  sanitizeEmail,
+  sanitizeFilters,
+  sanitizeSearchQuery,
+  sanitizeString,
+  searchQuerySchema,
+  secureEmailSchema,
+  secureLoginSchema,
+  securePasswordSchema,
+  sqlIdentifierSchema,
+  urlSchema,
+  userProfileSchema,
+  validateCSRFToken
+};
+//# sourceMappingURL=validation.js.map

package/dist/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/validation/sanitization.ts","../src/validation/csrf.ts","../src/validation/sqlInjectionProtection.ts","../src/validation/passwordSchema.ts"],"sourcesContent":["\n/**\n * @file Input sanitization and validation schemas\n * @description Enhanced validation schemas with security features\n */\n\nimport { z } from 'zod';\n\n/**\n * Enhanced email schema with security checks\n */\nexport const secureEmailSchema = z\n  .string()\n  .min(1, 'Email is required')\n  .email('Invalid email format')\n  .max(254, 'Email too long')\n  .refine(\n    (email) => {\n      if (!email || typeof email !== 'string') return false;\n      // Basic domain validation\n      const domain = email.split('@')[1];\n      return domain && domain.includes('.') && domain.length > 3;\n    },\n    'Invalid email domain'\n  )\n  .transform((email) => sanitizeEmail(email));\n\n/**\n * Basic email schema for common use\n */\nexport const emailSchema = z\n  .string()\n  .min(1, 'Email is required')\n  .email('Invalid email format');\n\n/**\n * Name validation schema\n */\nexport const nameSchema = z\n  .string()\n  .min(1, 'Name is required')\n  .max(100, 'Name too long')\n  .regex(/^[a-zA-Z\\s'-]+$/, 'Name contains invalid characters');\n\n/**\n * Phone validation schema\n */\nexport const phoneSchema = z\n  .string()\n  .regex(/^[\\+]?[1-9][\\d]{0,15}$/, 'Invalid phone number format');\n\n/**\n * URL validation schema\n */\nexport const urlSchema = z\n  .string()\n  .url('Invalid URL format');\n\n/**\n * Date validation schema\n */\nexport const dateSchema = z\n  .string()\n  .regex(/^\\d{4}-\\d{2}-\\d{2}$/, 'Invalid date format (YYYY-MM-DD)');\n\n/**\n * Secure login schema\n */\nexport const secureLoginSchema = z.object({\n  email: secureEmailSchema,\n  password: z.string().min(1, 'Password is required'),\n});\n\n/**\n * Sanitize email input\n */\nexport function sanitizeEmail(email: string): string {\n  if (!email || typeof email !== 'string') {\n    return '';\n  }\n  return email.toLowerCase().trim();\n}\n\n/**\n * Sanitize string input\n */\nexport function sanitizeString(input: string): string {\n  if (!input || typeof input !== 'string') {\n    return '';\n  }\n  return input\n    .replace(/[<>]/g, '') // Remove angle brackets\n    .replace(/javascript:/gi, '') // Remove javascript: protocol\n    .replace(/on\\w+=/gi, '') // Remove event handlers\n    .trim();\n}\n","/**\n * @file CSRF Protection Implementation\n * @description Session-based CSRF token management with security enhancements\n */\n\nimport { secureStorage } from '../utils/secureStorage';\n\nexport interface CSRFTokenData {\n  token: string;\n  sessionId: string;\n  timestamp: number;\n  used: boolean;\n}\n\nclass CSRFManager {\n  private tokenCache = new Map<string, CSRFTokenData>();\n  private readonly TOKEN_EXPIRY = 30 * 60 * 1000; // 30 minutes\n  private readonly MAX_TOKENS_PER_SESSION = 10;\n\n  /**\n   * Generate a new CSRF token for the current session\n   */\n  async generateToken(sessionId: string): Promise<string> {\n    try {\n      // Clean up expired tokens\n      await this.cleanupExpiredTokens();\n\n      // Limit tokens per session\n      const sessionTokens = Array.from(this.tokenCache.values())\n        .filter(data => data.sessionId === sessionId && !data.used);\n      \n      if (sessionTokens.length >= this.MAX_TOKENS_PER_SESSION) {\n        // Remove oldest token\n        const oldest = sessionTokens.sort((a, b) => a.timestamp - b.timestamp)[0];\n        this.tokenCache.delete(oldest.token);\n      }\n\n      // Generate cryptographically secure token\n      const tokenBytes = new Uint8Array(32);\n      crypto.getRandomValues(tokenBytes);\n      const token = Array.from(tokenBytes, byte => \n        byte.toString(16).padStart(2, '0')\n      ).join('');\n\n      const tokenData: CSRFTokenData = {\n        token,\n        sessionId,\n        timestamp: Date.now(),\n        used: false,\n      };\n\n      // Store in memory and secure storage\n      this.tokenCache.set(token, tokenData);\n      await this.persistTokens();\n\n      return token;\n    } catch (error) {\n      throw new Error('CSRF token generation failed');\n    }\n  }\n\n  /**\n   * Validate and consume a CSRF token\n   */\n  async validateToken(token: string, sessionId: string): Promise<boolean> {\n    try {\n      // Load tokens from storage if cache is empty\n      if (this.tokenCache.size === 0) {\n        await this.loadTokens();\n      }\n\n      const tokenData = this.tokenCache.get(token);\n      \n      if (!tokenData) {\n        return false;\n      }\n\n      // Check if token belongs to the session\n      if (tokenData.sessionId !== sessionId) {\n        return false;\n      }\n\n      // Check if token is already used\n      if (tokenData.used) {\n        return false;\n      }\n\n      // Check if token is expired\n      if (Date.now() - tokenData.timestamp > this.TOKEN_EXPIRY) {\n        this.tokenCache.delete(token);\n        await this.persistTokens();\n        return false;\n      }\n\n      // Mark token as used (one-time use)\n      tokenData.used = true;\n      this.tokenCache.set(token, tokenData);\n      await this.persistTokens();\n\n      return true;\n    } catch (error) {\n      return false;\n    }\n  }\n\n  /**\n   * Get current valid token for session\n   */\n  async getCurrentToken(sessionId: string): Promise<string | null> {\n    // Load tokens from storage if needed\n    if (this.tokenCache.size === 0) {\n      await this.loadTokens();\n    }\n\n    // Find valid unused token for session\n    for (const [token, data] of this.tokenCache.entries()) {\n      if (\n        data.sessionId === sessionId &&\n        !data.used &&\n        (Date.now() - data.timestamp) < this.TOKEN_EXPIRY\n      ) {\n        return token;\n      }\n    }\n\n    // Generate new token if none found\n    return await this.generateToken(sessionId);\n  }\n\n  /**\n   * Clean up expired and used tokens\n   */\n  private async cleanupExpiredTokens(): Promise<void> {\n    const now = Date.now();\n    const expiredTokens: string[] = [];\n\n    for (const [token, data] of this.tokenCache.entries()) {\n      if (data.used || (now - data.timestamp) > this.TOKEN_EXPIRY) {\n        expiredTokens.push(token);\n      }\n    }\n\n    expiredTokens.forEach(token => this.tokenCache.delete(token));\n    \n    if (expiredTokens.length > 0) {\n      await this.persistTokens();\n    }\n  }\n\n  /**\n   * Persist tokens to secure storage\n   */\n  private async persistTokens(): Promise<void> {\n    try {\n      const tokensArray = Array.from(this.tokenCache.entries());\n      await secureStorage.setItem(\n        'csrf_tokens',\n        JSON.stringify(tokensArray),\n        { encrypt: true, expiry: this.TOKEN_EXPIRY }\n      );\n    } catch (error) {\n      // Silent fail - tokens will be regenerated if needed\n    }\n  }\n\n  /**\n   * Load tokens from secure storage\n   */\n  private async loadTokens(): Promise<void> {\n    try {\n      const tokensData = await secureStorage.getItem('csrf_tokens');\n      if (tokensData) {\n        const tokensArray = JSON.parse(tokensData);\n        this.tokenCache = new Map(tokensArray);\n        // Clean up on load\n        await this.cleanupExpiredTokens();\n      }\n    } catch (error) {\n      this.tokenCache.clear();\n    }\n  }\n\n  /**\n   * Clear all tokens for session\n   */\n  async clearSession(sessionId: string): Promise<void> {\n    const tokensToRemove: string[] = [];\n    \n    for (const [token, data] of this.tokenCache.entries()) {\n      if (data.sessionId === sessionId) {\n        tokensToRemove.push(token);\n      }\n    }\n    \n    tokensToRemove.forEach(token => this.tokenCache.delete(token));\n    await this.persistTokens();\n  }\n}\n\n// Export singleton instance\nexport const csrfManager = new CSRFManager();\n\n// Convenience functions\nexport async function generateCSRFToken(sessionId: string): Promise<string> {\n  return csrfManager.generateToken(sessionId);\n}\n\nexport async function validateCSRFToken(token: string, sessionId: string): Promise<boolean> {\n  return csrfManager.validateToken(token, sessionId);\n}\n\nexport async function getCSRFToken(sessionId: string): Promise<string | null> {\n  return csrfManager.getCurrentToken(sessionId);\n}\n","\n/**\n * @file SQL Injection Protection\n * @description Utilities to prevent SQL injection attacks in dynamic queries\n */\n\nimport { z } from 'zod';\n\n// Common SQL injection patterns\nconst SQL_INJECTION_PATTERNS = [\n  /(\\b(SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER|EXEC|EXECUTE|UNION|SCRIPT|JAVASCRIPT)\\b)/i,\n  /(\\'|(\\\\\\')|(\\'\\')|(\\\"|(\\\\\\\")|(\\\\\")))|(\\\\x)|(\\\\u)/i,\n  /((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52))/i, // '|%27|' OR\n  /((%27)|(')|(%55)|u|(%55)|(%4E)|n|(%4E)|(%49)|i|(%49)|(%4F)|o|(%4F)|(%4E)|n|(%4E))/i, // '|%27|' UNION\n  /((%3D)|(=))[^\\n]*((%27)|(')|((\\\\x27))|((\\\\x2D))|((\\\\x23)))/i,\n  /(w*((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52)))/i,\n  /((%27)|(')|(''))+union/i,\n  /exec(\\+|\\s)+(s|x)p\\w+/i,\n  /\\b(and|or)\\b.+?(=|<|>|\\bin\\b|\\blike\\b)/i,\n  /\\bunion\\b.+?\\bselect\\b/i,\n  /\\bdrop\\b.+?\\btable\\b/i,\n  /\\binsert\\b.+?\\binto\\b/i,\n  /\\bdelete\\b.+?\\bfrom\\b/i,\n  /\\bupdate\\b.+?\\bset\\b/i,\n  /(;|(\\\\x3B)).+?(drop|create|alter|exec|execute|insert|update|delete)/i,\n  /(%3B|;).+?(%44|%64|d)(%52|%72|r)(%4F|%6F|o)(%50|%70|p)/i\n];\n\n// Characters that should be escaped or removed\nconst DANGEROUS_CHARS = /[';\\\"\\\\%]/g;\n\n/**\n * Schema for validating and sanitizing search queries\n */\nexport const searchQuerySchema = z\n  .string()\n  .max(500, 'Search query too long')\n  .refine(\n    (query) => {\n      return !SQL_INJECTION_PATTERNS.some(pattern => pattern.test(query));\n    },\n    'Invalid characters detected in search query'\n  )\n  .transform((query) => sanitizeSearchQuery(query));\n\n/**\n * Schema for validating table/column names\n */\nexport const sqlIdentifierSchema = z\n  .string()\n  .min(1, 'Identifier cannot be empty')\n  .max(63, 'Identifier too long') // PostgreSQL limit\n  .regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/, 'Invalid identifier format')\n  .refine(\n    (identifier) => {\n      const reservedWords = [\n        'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE', 'ALTER',\n        'FROM', 'WHERE', 'JOIN', 'UNION', 'ORDER', 'GROUP', 'HAVING'\n      ];\n      return !reservedWords.includes(identifier.toUpperCase());\n    },\n    'Identifier cannot be a reserved SQL keyword'\n  );\n\n/**\n * Schema for validating order by clauses\n */\nexport const orderBySchema = z\n  .string()\n  .regex(/^[a-zA-Z_][a-zA-Z0-9_]*(\\s+(ASC|DESC|asc|desc))?$/, 'Invalid order by format');\n\n/**\n * Schema for validating limit/offset values\n */\nexport const limitOffsetSchema = z\n  .number()\n  .int('Must be an integer')\n  .min(0, 'Must be non-negative')\n  .max(1000, 'Limit too large'); // Reasonable maximum\n\n/**\n * Sanitize search query by removing dangerous characters\n */\nexport function sanitizeSearchQuery(query: string): string {\n  return query\n    .replace(DANGEROUS_CHARS, '') // Remove dangerous characters\n    .replace(/\\s+/g, ' ') // Normalize whitespace\n    .trim()\n    .slice(0, 500); // Enforce length limit\n}\n\n/**\n * Escape special characters for LIKE queries\n */\nexport function escapeLikeQuery(query: string): string {\n  return query\n    .replace(/\\\\/g, '\\\\\\\\') // Escape backslashes\n    .replace(/%/g, '\\\\%')   // Escape percent signs\n    .replace(/_/g, '\\\\_');  // Escape underscores\n}\n\n/**\n * Validate and sanitize a dynamic filter object\n */\nexport function sanitizeFilters(filters: Record<string, unknown>): Record<string, unknown> {\n  const sanitized: Record<string, unknown> = {};\n  \n  for (const [key, value] of Object.entries(filters)) {\n    // Validate the key (column name)\n    const keyValidation = sqlIdentifierSchema.safeParse(key);\n    if (!keyValidation.success) {\n      // Log warning for invalid filter keys\n      console.warn(`[SECURITY] Invalid filter key detected and removed: ${key}`);\n      continue;\n    }\n    \n    // Sanitize the value based on type\n    if (typeof value === 'string') {\n      const valueValidation = searchQuerySchema.safeParse(value);\n      if (valueValidation.success) {\n        sanitized[key] = valueValidation.data;\n      }\n    } else if (typeof value === 'number') {\n      if (Number.isFinite(value)) {\n        sanitized[key] = value;\n      }\n    } else if (typeof value === 'boolean') {\n      sanitized[key] = value;\n    } else if (Array.isArray(value)) {\n      // For IN queries, validate each item\n      const sanitizedArray = value\n        .filter(item => typeof item === 'string' || typeof item === 'number')\n        .map(item => typeof item === 'string' ? sanitizeSearchQuery(item) : item)\n        .slice(0, 100); // Limit array size\n      \n      if (sanitizedArray.length > 0) {\n        sanitized[key] = sanitizedArray;\n      }\n    }\n  }\n  \n  return sanitized;\n}\n\n/**\n * Build safe query parameters for Supabase\n */\nexport interface SafeQueryParams {\n  select?: string;\n  filters?: Record<string, unknown>;\n  orderBy?: string;\n  limit?: number;\n  offset?: number;\n  search?: string;\n}\n\nexport function buildSafeQueryParams(params: SafeQueryParams): SafeQueryParams {\n  const safe: SafeQueryParams = {};\n  \n  // Validate select clause\n  if (params.select) {\n    const selectFields = params.select.split(',').map(field => field.trim());\n    const validFields = selectFields.filter(field => {\n      return sqlIdentifierSchema.safeParse(field).success;\n    });\n    \n    if (validFields.length > 0) {\n      safe.select = validFields.join(', ');\n    }\n  }\n  \n  // Sanitize filters\n  if (params.filters) {\n    safe.filters = sanitizeFilters(params.filters);\n  }\n  \n  // Validate order by\n  if (params.orderBy) {\n    const orderByValidation = orderBySchema.safeParse(params.orderBy);\n    if (orderByValidation.success) {\n      safe.orderBy = orderByValidation.data;\n    }\n  }\n  \n  // Validate limit and offset\n  if (params.limit !== undefined) {\n    const limitValidation = limitOffsetSchema.safeParse(params.limit);\n    if (limitValidation.success) {\n      safe.limit = limitValidation.data;\n    }\n  }\n  \n  if (params.offset !== undefined) {\n    const offsetValidation = limitOffsetSchema.safeParse(params.offset);\n    if (offsetValidation.success) {\n      safe.offset = offsetValidation.data;\n    }\n  }\n  \n  // Sanitize search query\n  if (params.search) {\n    const searchValidation = searchQuerySchema.safeParse(params.search);\n    if (searchValidation.success) {\n      safe.search = searchValidation.data;\n    }\n  }\n  \n  return safe;\n}\n\n/**\n * Detect potential SQL injection attempts\n */\nexport function detectSQLInjection(input: string): {\n  isSuspicious: boolean;\n  patterns: string[];\n  riskLevel: 'low' | 'medium' | 'high' | 'critical';\n} {\n  const detectedPatterns: string[] = [];\n  let maxRisk: 'low' | 'medium' | 'high' | 'critical' = 'low';\n  \n  SQL_INJECTION_PATTERNS.forEach((pattern, index) => {\n    if (pattern.test(input)) {\n      detectedPatterns.push(`Pattern ${index + 1}`);\n      \n      // Assign risk levels based on pattern severity\n      if (index < 3) { // Most dangerous patterns first\n        maxRisk = 'critical';\n      } else if (index < 7 && maxRisk !== 'critical') {\n        maxRisk = 'high';\n      } else if (index < 12 && !['critical', 'high'].includes(maxRisk)) {\n        maxRisk = 'medium';\n      }\n    }\n  });\n  \n  return {\n    isSuspicious: detectedPatterns.length > 0,\n    patterns: detectedPatterns,\n    riskLevel: maxRisk\n  };\n}\n","\n/**\n * @file Enhanced Password Schema with Security Validations\n * @description Comprehensive password validation with security checks\n */\n\nimport { z } from 'zod';\n\n// Common weak passwords to check against\nconst COMMON_PASSWORDS = new Set([\n  'password', '123456', '123456789', 'qwerty', 'abc123', 'password123',\n  'admin', 'letmein', 'welcome', 'monkey', '1234567890', 'password1'\n]);\n\n// Common password patterns to avoid\nconst WEAK_PATTERNS = [\n  /^(.)\\1+$/, // All same character\n  /^(012|123|234|345|456|567|678|789|890|987|876|765|654|543|432|321|210)+/, // Sequential numbers\n  /^(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz)+/i, // Sequential letters\n];\n\n/**\n * Enhanced password validation schema with security checks\n */\nexport const securePasswordSchema = z\n  .string()\n  .min(8, 'Password must be at least 8 characters long')\n  .max(128, 'Password must not exceed 128 characters')\n  .refine(\n    (password) => /[a-z]/.test(password),\n    'Password must contain at least one lowercase letter'\n  )\n  .refine(\n    (password) => /[A-Z]/.test(password),\n    'Password must contain at least one uppercase letter'\n  )\n  .refine(\n    (password) => /\\d/.test(password),\n    'Password must contain at least one number'\n  )\n  .refine(\n    (password) => /[!@#$%^&*()_+\\-=\\[\\]{};':\"\\\\|,.<>\\/?]/.test(password),\n    'Password must contain at least one special character'\n  )\n  .refine(\n    (password) => !COMMON_PASSWORDS.has(password.toLowerCase()),\n    'Password is too common. Please choose a stronger password'\n  )\n  .refine(\n    (password) => !WEAK_PATTERNS.some(pattern => pattern.test(password)),\n    'Password contains weak patterns. Please choose a more complex password'\n  )\n  .refine(\n    (password) => {\n      // Check for keyboard patterns (qwerty, asdf, etc.)\n      const keyboardPatterns = ['qwerty', 'asdfgh', 'zxcvbn', '1234567890'];\n      return !keyboardPatterns.some(pattern => \n        password.toLowerCase().includes(pattern)\n      );\n    },\n    'Password contains keyboard patterns. Please choose a more secure password'\n  );\n\n/**\n * Basic password schema for less strict requirements\n */\nexport const passwordSchema = z\n  .string()\n  .min(6, 'Password must be at least 6 characters long')\n  .max(128, 'Password must not exceed 128 characters');\n\n/**\n * Password strength calculator\n */\nexport function calculatePasswordStrength(password: string): {\n  score: number;\n  feedback: string[];\n  level: 'very-weak' | 'weak' | 'fair' | 'good' | 'strong';\n} {\n  let score = 0;\n  const feedback: string[] = [];\n\n  // Length check\n  if (password.length >= 8) score += 20;\n  else if (password.length >= 6) score += 10;\n  else feedback.push('Use at least 8 characters');\n\n  // Character variety\n  if (/[a-z]/.test(password)) score += 15;\n  else feedback.push('Add lowercase letters');\n\n  if (/[A-Z]/.test(password)) score += 15;\n  else feedback.push('Add uppercase letters');\n\n  if (/\\d/.test(password)) score += 15;\n  else feedback.push('Add numbers');\n\n  if (/[!@#$%^&*()_+\\-=\\[\\]{};':\"\\\\|,.<>\\/?]/.test(password)) score += 15;\n  else feedback.push('Add special characters');\n\n  // Additional complexity\n  if (password.length >= 12) score += 10;\n  if (/[^a-zA-Z0-9]/.test(password)) score += 10;\n\n  // Penalties\n  if (COMMON_PASSWORDS.has(password.toLowerCase())) {\n    score -= 30;\n    feedback.push('Avoid common passwords');\n  }\n\n  if (WEAK_PATTERNS.some(pattern => pattern.test(password))) {\n    score -= 20;\n    feedback.push('Avoid predictable patterns');\n  }\n\n  // Determine level\n  let level: 'very-weak' | 'weak' | 'fair' | 'good' | 'strong';\n  if (score < 30) level = 'very-weak';\n  else if (score < 50) level = 'weak';\n  else if (score < 70) level = 'fair';\n  else if (score < 90) level = 'good';\n  else level = 'strong';\n\n  return { score: Math.max(0, Math.min(100, score)), feedback, level };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAMA,SAAS,SAAS;AAKX,IAAM,oBAAoB,EAC9B,OAAO,EACP,IAAI,GAAG,mBAAmB,EAC1B,MAAM,sBAAsB,EAC5B,IAAI,KAAK,gBAAgB,EACzB;AAAA,EACC,CAAC,UAAU;AACT,QAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAEhD,UAAM,SAAS,MAAM,MAAM,GAAG,EAAE,CAAC;AACjC,WAAO,UAAU,OAAO,SAAS,GAAG,KAAK,OAAO,SAAS;AAAA,EAC3D;AAAA,EACA;AACF,EACC,UAAU,CAAC,UAAU,cAAc,KAAK,CAAC;AAKrC,IAAMA,eAAc,EACxB,OAAO,EACP,IAAI,GAAG,mBAAmB,EAC1B,MAAM,sBAAsB;AAKxB,IAAMC,cAAa,EACvB,OAAO,EACP,IAAI,GAAG,kBAAkB,EACzB,IAAI,KAAK,eAAe,EACxB,MAAM,mBAAmB,kCAAkC;AAKvD,IAAMC,eAAc,EACxB,OAAO,EACP,MAAM,0BAA0B,6BAA6B;AAKzD,IAAMC,aAAY,EACtB,OAAO,EACP,IAAI,oBAAoB;AAKpB,IAAMC,cAAa,EACvB,OAAO,EACP,MAAM,uBAAuB,kCAAkC;AAK3D,IAAMC,qBAAoB,EAAE,OAAO;AAAA,EACxC,OAAO;AAAA,EACP,UAAU,EAAE,OAAO,EAAE,IAAI,GAAG,sBAAsB;AACpD,CAAC;AAKM,SAAS,cAAc,OAAuB;AACnD,MAAI,CAAC,SAAS,OAAO,UAAU,UAAU;AACvC,WAAO;AAAA,EACT;AACA,SAAO,MAAM,YAAY,EAAE,KAAK;AAClC;AAKO,SAAS,eAAe,OAAuB;AACpD,MAAI,CAAC,SAAS,OAAO,UAAU,UAAU;AACvC,WAAO;AAAA,EACT;AACA,SAAO,MACJ,QAAQ,SAAS,EAAE,EACnB,QAAQ,iBAAiB,EAAE,EAC3B,QAAQ,YAAY,EAAE,EACtB,KAAK;AACV;;;ACjFA,IAAM,cAAN,MAAkB;AAAA,EAAlB;AACE,SAAQ,aAAa,oBAAI,IAA2B;AACpD,SAAiB,eAAe,KAAK,KAAK;AAC1C;AAAA,SAAiB,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA,EAK1C,MAAM,cAAc,WAAoC;AACtD,QAAI;AAEF,YAAM,KAAK,qBAAqB;AAGhC,YAAM,gBAAgB,MAAM,KAAK,KAAK,WAAW,OAAO,CAAC,EACtD,OAAO,UAAQ,KAAK,cAAc,aAAa,CAAC,KAAK,IAAI;AAE5D,UAAI,cAAc,UAAU,KAAK,wBAAwB;AAEvD,cAAM,SAAS,cAAc,KAAK,CAAC,GAAG,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;AACxE,aAAK,WAAW,OAAO,OAAO,KAAK;AAAA,MACrC;AAGA,YAAM,aAAa,IAAI,WAAW,EAAE;AACpC,aAAO,gBAAgB,UAAU;AACjC,YAAM,QAAQ,MAAM;AAAA,QAAK;AAAA,QAAY,UACnC,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,MACnC,EAAE,KAAK,EAAE;AAET,YAAM,YAA2B;AAAA,QAC/B;AAAA,QACA;AAAA,QACA,WAAW,KAAK,IAAI;AAAA,QACpB,MAAM;AAAA,MACR;AAGA,WAAK,WAAW,IAAI,OAAO,SAAS;AACpC,YAAM,KAAK,cAAc;AAEzB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAc,OAAe,WAAqC;AACtE,QAAI;AAEF,UAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,cAAM,KAAK,WAAW;AAAA,MACxB;AAEA,YAAM,YAAY,KAAK,WAAW,IAAI,KAAK;AAE3C,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,MACT;AAGA,UAAI,UAAU,cAAc,WAAW;AACrC,eAAO;AAAA,MACT;AAGA,UAAI,UAAU,MAAM;AAClB,eAAO;AAAA,MACT;AAGA,UAAI,KAAK,IAAI,IAAI,UAAU,YAAY,KAAK,cAAc;AACxD,aAAK,WAAW,OAAO,KAAK;AAC5B,cAAM,KAAK,cAAc;AACzB,eAAO;AAAA,MACT;AAGA,gBAAU,OAAO;AACjB,WAAK,WAAW,IAAI,OAAO,SAAS;AACpC,YAAM,KAAK,cAAc;AAEzB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,WAA2C;AAE/D,QAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,YAAM,KAAK,WAAW;AAAA,IACxB;AAGA,eAAW,CAAC,OAAO,IAAI,KAAK,KAAK,WAAW,QAAQ,GAAG;AACrD,UACE,KAAK,cAAc,aACnB,CAAC,KAAK,QACL,KAAK,IAAI,IAAI,KAAK,YAAa,KAAK,cACrC;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAGA,WAAO,MAAM,KAAK,cAAc,SAAS;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,uBAAsC;AAClD,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,gBAA0B,CAAC;AAEjC,eAAW,CAAC,OAAO,IAAI,KAAK,KAAK,WAAW,QAAQ,GAAG;AACrD,UAAI,KAAK,QAAS,MAAM,KAAK,YAAa,KAAK,cAAc;AAC3D,sBAAc,KAAK,KAAK;AAAA,MAC1B;AAAA,IACF;AAEA,kBAAc,QAAQ,WAAS,KAAK,WAAW,OAAO,KAAK,CAAC;AAE5D,QAAI,cAAc,SAAS,GAAG;AAC5B,YAAM,KAAK,cAAc;AAAA,IAC3B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,gBAA+B;AAC3C,QAAI;AACF,YAAM,cAAc,MAAM,KAAK,KAAK,WAAW,QAAQ,CAAC;AACxD,YAAM,cAAc;AAAA,QAClB;AAAA,QACA,KAAK,UAAU,WAAW;AAAA,QAC1B,EAAE,SAAS,MAAM,QAAQ,KAAK,aAAa;AAAA,MAC7C;AAAA,IACF,SAAS,OAAO;AAAA,IAEhB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,aAA4B;AACxC,QAAI;AACF,YAAM,aAAa,MAAM,cAAc,QAAQ,aAAa;AAC5D,UAAI,YAAY;AACd,cAAM,cAAc,KAAK,MAAM,UAAU;AACzC,aAAK,aAAa,IAAI,IAAI,WAAW;AAErC,cAAM,KAAK,qBAAqB;AAAA,MAClC;AAAA,IACF,SAAS,OAAO;AACd,WAAK,WAAW,MAAM;AAAA,IACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,WAAkC;AACnD,UAAM,iBAA2B,CAAC;AAElC,eAAW,CAAC,OAAO,IAAI,KAAK,KAAK,WAAW,QAAQ,GAAG;AACrD,UAAI,KAAK,cAAc,WAAW;AAChC,uBAAe,KAAK,KAAK;AAAA,MAC3B;AAAA,IACF;AAEA,mBAAe,QAAQ,WAAS,KAAK,WAAW,OAAO,KAAK,CAAC;AAC7D,UAAM,KAAK,cAAc;AAAA,EAC3B;AACF;AAGO,IAAM,cAAc,IAAI,YAAY;AAG3C,eAAsB,kBAAkB,WAAoC;AAC1E,SAAO,YAAY,cAAc,SAAS;AAC5C;AAEA,eAAsB,kBAAkB,OAAe,WAAqC;AAC1F,SAAO,YAAY,cAAc,OAAO,SAAS;AACnD;AAEA,eAAsB,aAAa,WAA2C;AAC5E,SAAO,YAAY,gBAAgB,SAAS;AAC9C;;;AC/MA,SAAS,KAAAC,UAAS;AAGlB,IAAM,yBAAyB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,IAAM,kBAAkB;AAKjB,IAAM,oBAAoBA,GAC9B,OAAO,EACP,IAAI,KAAK,uBAAuB,EAChC;AAAA,EACC,CAAC,UAAU;AACT,WAAO,CAAC,uBAAuB,KAAK,aAAW,QAAQ,KAAK,KAAK,CAAC;AAAA,EACpE;AAAA,EACA;AACF,EACC,UAAU,CAAC,UAAU,oBAAoB,KAAK,CAAC;AAK3C,IAAM,sBAAsBA,GAChC,OAAO,EACP,IAAI,GAAG,4BAA4B,EACnC,IAAI,IAAI,qBAAqB,EAC7B,MAAM,4BAA4B,2BAA2B,EAC7D;AAAA,EACC,CAAC,eAAe;AACd,UAAM,gBAAgB;AAAA,MACpB;AAAA,MAAU;AAAA,MAAU;AAAA,MAAU;AAAA,MAAU;AAAA,MAAQ;AAAA,MAAU;AAAA,MAC1D;AAAA,MAAQ;AAAA,MAAS;AAAA,MAAQ;AAAA,MAAS;AAAA,MAAS;AAAA,MAAS;AAAA,IACtD;AACA,WAAO,CAAC,cAAc,SAAS,WAAW,YAAY,CAAC;AAAA,EACzD;AAAA,EACA;AACF;AAKK,IAAM,gBAAgBA,GAC1B,OAAO,EACP,MAAM,qDAAqD,yBAAyB;AAKhF,IAAM,oBAAoBA,GAC9B,OAAO,EACP,IAAI,oBAAoB,EACxB,IAAI,GAAG,sBAAsB,EAC7B,IAAI,KAAM,iBAAiB;AAKvB,SAAS,oBAAoB,OAAuB;AACzD,SAAO,MACJ,QAAQ,iBAAiB,EAAE,EAC3B,QAAQ,QAAQ,GAAG,EACnB,KAAK,EACL,MAAM,GAAG,GAAG;AACjB;AAKO,SAAS,gBAAgB,OAAuB;AACrD,SAAO,MACJ,QAAQ,OAAO,MAAM,EACrB,QAAQ,MAAM,KAAK,EACnB,QAAQ,MAAM,KAAK;AACxB;AAKO,SAAS,gBAAgB,SAA2D;AACzF,QAAM,YAAqC,CAAC;AAE5C,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,GAAG;AAElD,UAAM,gBAAgB,oBAAoB,UAAU,GAAG;AACvD,QAAI,CAAC,cAAc,SAAS;AAE1B,cAAQ,KAAK,uDAAuD,GAAG,EAAE;AACzE;AAAA,IACF;AAGA,QAAI,OAAO,UAAU,UAAU;AAC7B,YAAM,kBAAkB,kBAAkB,UAAU,KAAK;AACzD,UAAI,gBAAgB,SAAS;AAC3B,kBAAU,GAAG,IAAI,gBAAgB;AAAA,MACnC;AAAA,IACF,WAAW,OAAO,UAAU,UAAU;AACpC,UAAI,OAAO,SAAS,KAAK,GAAG;AAC1B,kBAAU,GAAG,IAAI;AAAA,MACnB;AAAA,IACF,WAAW,OAAO,UAAU,WAAW;AACrC,gBAAU,GAAG,IAAI;AAAA,IACnB,WAAW,MAAM,QAAQ,KAAK,GAAG;AAE/B,YAAM,iBAAiB,MACpB,OAAO,UAAQ,OAAO,SAAS,YAAY,OAAO,SAAS,QAAQ,EACnE,IAAI,UAAQ,OAAO,SAAS,WAAW,oBAAoB,IAAI,IAAI,IAAI,EACvE,MAAM,GAAG,GAAG;AAEf,UAAI,eAAe,SAAS,GAAG;AAC7B,kBAAU,GAAG,IAAI;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAcO,SAAS,qBAAqB,QAA0C;AAC7E,QAAM,OAAwB,CAAC;AAG/B,MAAI,OAAO,QAAQ;AACjB,UAAM,eAAe,OAAO,OAAO,MAAM,GAAG,EAAE,IAAI,WAAS,MAAM,KAAK,CAAC;AACvE,UAAM,cAAc,aAAa,OAAO,WAAS;AAC/C,aAAO,oBAAoB,UAAU,KAAK,EAAE;AAAA,IAC9C,CAAC;AAED,QAAI,YAAY,SAAS,GAAG;AAC1B,WAAK,SAAS,YAAY,KAAK,IAAI;AAAA,IACrC;AAAA,EACF;AAGA,MAAI,OAAO,SAAS;AAClB,SAAK,UAAU,gBAAgB,OAAO,OAAO;AAAA,EAC/C;AAGA,MAAI,OAAO,SAAS;AAClB,UAAM,oBAAoB,cAAc,UAAU,OAAO,OAAO;AAChE,QAAI,kBAAkB,SAAS;AAC7B,WAAK,UAAU,kBAAkB;AAAA,IACnC;AAAA,EACF;AAGA,MAAI,OAAO,UAAU,QAAW;AAC9B,UAAM,kBAAkB,kBAAkB,UAAU,OAAO,KAAK;AAChE,QAAI,gBAAgB,SAAS;AAC3B,WAAK,QAAQ,gBAAgB;AAAA,IAC/B;AAAA,EACF;AAEA,MAAI,OAAO,WAAW,QAAW;AAC/B,UAAM,mBAAmB,kBAAkB,UAAU,OAAO,MAAM;AAClE,QAAI,iBAAiB,SAAS;AAC5B,WAAK,SAAS,iBAAiB;AAAA,IACjC;AAAA,EACF;AAGA,MAAI,OAAO,QAAQ;AACjB,UAAM,mBAAmB,kBAAkB,UAAU,OAAO,MAAM;AAClE,QAAI,iBAAiB,SAAS;AAC5B,WAAK,SAAS,iBAAiB;AAAA,IACjC;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,mBAAmB,OAIjC;AACA,QAAM,mBAA6B,CAAC;AACpC,MAAI,UAAkD;AAEtD,yBAAuB,QAAQ,CAAC,SAAS,UAAU;AACjD,QAAI,QAAQ,KAAK,KAAK,GAAG;AACvB,uBAAiB,KAAK,WAAW,QAAQ,CAAC,EAAE;AAG5C,UAAI,QAAQ,GAAG;AACb,kBAAU;AAAA,MACZ,WAAW,QAAQ,KAAK,YAAY,YAAY;AAC9C,kBAAU;AAAA,MACZ,WAAW,QAAQ,MAAM,CAAC,CAAC,YAAY,MAAM,EAAE,SAAS,OAAO,GAAG;AAChE,kBAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,cAAc,iBAAiB,SAAS;AAAA,IACxC,UAAU;AAAA,IACV,WAAW;AAAA,EACb;AACF;;;AC3OA,SAAS,KAAAC,UAAS;AAGlB,IAAM,mBAAmB,oBAAI,IAAI;AAAA,EAC/B;AAAA,EAAY;AAAA,EAAU;AAAA,EAAa;AAAA,EAAU;AAAA,EAAU;AAAA,EACvD;AAAA,EAAS;AAAA,EAAW;AAAA,EAAW;AAAA,EAAU;AAAA,EAAc;AACzD,CAAC;AAGD,IAAM,gBAAgB;AAAA,EACpB;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAKO,IAAMC,wBAAuBD,GACjC,OAAO,EACP,IAAI,GAAG,6CAA6C,EACpD,IAAI,KAAK,yCAAyC,EAClD;AAAA,EACC,CAAC,aAAa,QAAQ,KAAK,QAAQ;AAAA,EACnC;AACF,EACC;AAAA,EACC,CAAC,aAAa,QAAQ,KAAK,QAAQ;AAAA,EACnC;AACF,EACC;AAAA,EACC,CAAC,aAAa,KAAK,KAAK,QAAQ;AAAA,EAChC;AACF,EACC;AAAA,EACC,CAAC,aAAa,wCAAwC,KAAK,QAAQ;AAAA,EACnE;AACF,EACC;AAAA,EACC,CAAC,aAAa,CAAC,iBAAiB,IAAI,SAAS,YAAY,CAAC;AAAA,EAC1D;AACF,EACC;AAAA,EACC,CAAC,aAAa,CAAC,cAAc,KAAK,aAAW,QAAQ,KAAK,QAAQ,CAAC;AAAA,EACnE;AACF,EACC;AAAA,EACC,CAAC,aAAa;AAEZ,UAAM,mBAAmB,CAAC,UAAU,UAAU,UAAU,YAAY;AACpE,WAAO,CAAC,iBAAiB;AAAA,MAAK,aAC5B,SAAS,YAAY,EAAE,SAAS,OAAO;AAAA,IACzC;AAAA,EACF;AAAA,EACA;AACF;AAKK,IAAME,kBAAiBF,GAC3B,OAAO,EACP,IAAI,GAAG,6CAA6C,EACpD,IAAI,KAAK,yCAAyC;AAK9C,SAAS,0BAA0B,UAIxC;AACA,MAAI,QAAQ;AACZ,QAAM,WAAqB,CAAC;AAG5B,MAAI,SAAS,UAAU,EAAG,UAAS;AAAA,WAC1B,SAAS,UAAU,EAAG,UAAS;AAAA,MACnC,UAAS,KAAK,2BAA2B;AAG9C,MAAI,QAAQ,KAAK,QAAQ,EAAG,UAAS;AAAA,MAChC,UAAS,KAAK,uBAAuB;AAE1C,MAAI,QAAQ,KAAK,QAAQ,EAAG,UAAS;AAAA,MAChC,UAAS,KAAK,uBAAuB;AAE1C,MAAI,KAAK,KAAK,QAAQ,EAAG,UAAS;AAAA,MAC7B,UAAS,KAAK,aAAa;AAEhC,MAAI,wCAAwC,KAAK,QAAQ,EAAG,UAAS;AAAA,MAChE,UAAS,KAAK,wBAAwB;AAG3C,MAAI,SAAS,UAAU,GAAI,UAAS;AACpC,MAAI,eAAe,KAAK,QAAQ,EAAG,UAAS;AAG5C,MAAI,iBAAiB,IAAI,SAAS,YAAY,CAAC,GAAG;AAChD,aAAS;AACT,aAAS,KAAK,wBAAwB;AAAA,EACxC;AAEA,MAAI,cAAc,KAAK,aAAW,QAAQ,KAAK,QAAQ,CAAC,GAAG;AACzD,aAAS;AACT,aAAS,KAAK,4BAA4B;AAAA,EAC5C;AAGA,MAAI;AACJ,MAAI,QAAQ,GAAI,SAAQ;AAAA,WACf,QAAQ,GAAI,SAAQ;AAAA,WACpB,QAAQ,GAAI,SAAQ;AAAA,WACpB,QAAQ,GAAI,SAAQ;AAAA,MACxB,SAAQ;AAEb,SAAO,EAAE,OAAO,KAAK,IAAI,GAAG,KAAK,IAAI,KAAK,KAAK,CAAC,GAAG,UAAU,MAAM;AACrE;","names":["emailSchema","nameSchema","phoneSchema","urlSchema","dateSchema","secureLoginSchema","z","z","securePasswordSchema","passwordSchema"]}