npm - @jmruthers/pace-core - Versions diffs - 0.5.115 → 0.5.116 - Mend

@jmruthers/pace-core 0.5.115 → 0.5.116

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (234) hide show

package/src/utils/file-reference.test.ts CHANGED Viewed

@@ -523,6 +523,220 @@ describe('[service] FileReferenceServiceImpl', () => {
       const result3 = await service.getFileReference('test_table', 'test-record-123', '');
       expect(result3 === null || typeof result3 === 'object').toBe(true);
     });
+    it('handles rollback when RPC fails after upload', async () => {
+      const testFile = createTestFile();
+      mockUploadFile.mockResolvedValue({
+        success: true,
+        path: 'org-123/documents/test.pdf'
+      });
+      mockSupabase.rpc.mockResolvedValue({
+        data: null,
+        error: { message: 'Database error' }
+      });
+      await expect(service.createFileReference(mockFileUploadOptions, testFile))
+        .rejects.toThrow('Database error');
+      // Verify rollback was attempted
+      expect(mockDeleteFile).toHaveBeenCalledWith(
+        mockSupabase,
+        'org-123/documents/test.pdf',
+        false
+      );
+    });
+    it('handles rollback failure gracefully', async () => {
+      const testFile = createTestFile();
+      mockUploadFile.mockResolvedValue({
+        success: true,
+        path: 'org-123/documents/test.pdf'
+      });
+      mockSupabase.rpc.mockResolvedValue({
+        data: null,
+        error: { message: 'Database error' }
+      });
+      mockDeleteFile.mockRejectedValue(new Error('Delete failed'));
+      // When rollback fails, the deleteFile error might be thrown, or the original error
+      // The implementation throws the database error, but if deleteFile throws synchronously,
+      // it might propagate. Let's check what actually happens.
+      await expect(service.createFileReference(mockFileUploadOptions, testFile))
+        .rejects.toThrow();
+      // Verify rollback was attempted
+      expect(mockDeleteFile).toHaveBeenCalled();
+    });
+    it('handles getFileUrl when RPC returns null path', async () => {
+      const publicFileRef = { ...mockFileReference, is_public: true };
+      mockSupabase.from().select().eq().eq().eq().single.mockResolvedValue({
+        data: publicFileRef,
+        error: null
+      });
+      mockSupabase.rpc.mockResolvedValue({
+        data: null,
+        error: null
+      });
+      const result = await service.getFileUrl(
+        'test_table',
+        'test-record-123',
+        'test-org-123'
+      );
+      expect(result).toBeNull();
+    });
+    it('handles getFilesByCategory with category mismatch', async () => {
+      const rpcResponse = [{
+        id: 'file-ref-123',
+        file_path: 'org-123/documents/test.pdf',
+        file_metadata: {
+          fileName: 'test-document.pdf',
+          fileType: 'application/pdf',
+          fileSize: 1024000,
+          category: FileCategory.IMAGES // Different category
+        },
+        is_public: false,
+        created_at: '2023-01-01T00:00:00Z'
+      }];
+      mockSupabase.rpc.mockResolvedValue({ data: rpcResponse, error: null });
+      const result = await service.getFilesByCategory(
+        'test_table',
+        'test-record-123',
+        FileCategory.GENERAL_DOCUMENTS,
+        'test-org-123'
+      );
+      // Should filter out mismatched category
+      expect(result).toHaveLength(0);
+    });
+    it('handles getFilesByCategory with empty category', async () => {
+      mockSupabase.rpc.mockResolvedValue({ data: [], error: null });
+      const result = await service.getFilesByCategory(
+        'test_table',
+        'test-record-123',
+        FileCategory.GENERAL_DOCUMENTS,
+        'test-org-123'
+      );
+      expect(result).toEqual([]);
+    });
+    it('handles updateFileReference with concurrent update conflicts', async () => {
+      const updates = { file_metadata: { tags: ['updated'] } };
+      (mockSupabase.from() as any).update().eq().select().single.mockResolvedValue({
+        data: null,
+        error: { message: 'Concurrent update conflict', code: 'PGRST301' }
+      });
+      await expect(service.updateFileReference('file-ref-123', updates))
+        .rejects.toThrow('Concurrent update conflict');
+    });
+    it('handles deleteFileReference when file already deleted', async () => {
+      mockSupabase.from().select().eq().eq().eq().single.mockResolvedValue({
+        data: mockFileReference,
+        error: null
+      });
+      mockSupabase.rpc.mockResolvedValue({
+        data: true,
+        error: null
+      });
+      mockDeleteFile.mockRejectedValue(new Error('File not found'));
+      // The implementation throws when deleteFile fails, so we expect it to throw
+      await expect(service.deleteFileReference(
+        'test_table',
+        'test-record-123',
+        'test-org-123',
+        true
+      )).rejects.toThrow('File not found');
+    });
+    it('handles uploadMultipleFiles with all files failing', async () => {
+      const files = [
+        createTestFile('file1.pdf'),
+        createTestFile('file2.pdf')
+      ];
+      mockUploadFile.mockResolvedValue({
+        success: false,
+        error: 'Upload failed'
+      });
+      const result = await service.uploadMultipleFiles(mockFileUploadOptions, files);
+      expect(result.success).toHaveLength(0);
+      expect(result.failed).toHaveLength(2);
+      expect(result.failed.every(f => f.error.includes('Upload failed'))).toBe(true);
+    });
+    it('handles uploadMultipleFiles with different error types', async () => {
+      const files = [
+        createTestFile('file1.pdf'),
+        createTestFile('file2.pdf'),
+        createTestFile('file3.pdf')
+      ];
+      mockUploadFile
+        .mockResolvedValueOnce({ success: true, path: 'path1' })
+        .mockResolvedValueOnce({ success: false, error: 'Network timeout' })
+        .mockResolvedValueOnce({ success: true, path: 'path3' });
+      mockSupabase.rpc
+        .mockResolvedValueOnce({ data: 'file-ref-1', error: null })
+        .mockResolvedValueOnce({ data: 'file-ref-3', error: null });
+      const result = await service.uploadMultipleFiles(mockFileUploadOptions, files);
+      expect(result.success).toHaveLength(2);
+      expect(result.failed).toHaveLength(1);
+      expect(result.failed[0].error).toContain('Network timeout');
+    });
+    it('handles getSignedUrl with invalid file path', async () => {
+      mockSupabase.rpc.mockResolvedValue({
+        data: null,
+        error: null
+      });
+      const result = await service.getSignedUrl(
+        'test_table',
+        'test-record-123',
+        'test-org-123'
+      );
+      expect(result).toBeNull();
+    });
+    it('handles getSignedUrl with RPC error', async () => {
+      mockSupabase.rpc.mockResolvedValue({
+        data: null,
+        error: { message: 'File not found' }
+      });
+      await expect(service.getSignedUrl(
+        'test_table',
+        'test-record-123',
+        'test-org-123'
+      )).rejects.toThrow('File not found');
+    });
   });
 });

package/dist/chunk-3OGQLOJM.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/rbac/audit.ts"],"sourcesContent":["/**\n * RBAC Audit Events System\n * @package @jmruthers/pace-core\n * @module RBAC/Audit\n * @since 1.0.0\n * \n * This module provides structured audit event emission for all RBAC operations.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../types/database';\nimport { \n UUID, \n AuditEventSource, \n RBACAuditEvent \n} from './types';\n\n/**\n * Audit event payload for permission checks\n */\nexport interface PermissionCheckAuditEvent {\n type: 'permission_check';\n userId: UUID;\n organisationId: UUID;\n eventId?: string;\n appId?: UUID;\n pageId?: UUID;\n permission: string;\n decision: boolean;\n source: AuditEventSource;\n bypass?: boolean;\n duration_ms: number;\n cache_hit?: boolean;\n cache_source?: 'memory' | 'database' | 'rpc';\n metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for permission denied\n */\nexport interface PermissionDeniedAuditEvent {\n type: 'permission_denied';\n userId: UUID;\n organisationId: UUID;\n eventId?: string;\n appId?: UUID;\n pageId?: UUID;\n permission: string;\n source: AuditEventSource;\n metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for role granted\n */\nexport interface RoleGrantedAuditEvent {\n type: 'role_granted';\n userId: UUID;\n organisationId: UUID;\n eventId?: string;\n appId?: UUID;\n role: string;\n grantedBy: UUID;\n metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for role revoked\n */\nexport interface RoleRevokedAuditEvent {\n type: 'role_denied';\n userId: UUID;\n organisationId: UUID;\n eventId?: string;\n appId?: UUID;\n role: string;\n revokedBy: UUID;\n metadata?: Record<string, any>;\n}\n\n/**\n * Audit event payload for RLS denied\n */\nexport interface RLSDeniedAuditEvent {\n type: 'rls_denied';\n userId: UUID;\n organisationId: UUID;\n table: string;\n operation: string;\n metadata?: Record<string, any>;\n}\n\n/**\n * Union type for all audit events\n */\nexport type AuditEventPayload = \n | PermissionCheckAuditEvent\n | PermissionDeniedAuditEvent\n | RoleGrantedAuditEvent\n | RoleRevokedAuditEvent\n | RLSDeniedAuditEvent;\n\n/**\n * RBAC Audit Manager\n * \n * Handles emission of structured audit events for all RBAC operations.\n */\nexport class RBACAuditManager {\n private supabase: SupabaseClient<Database>;\n private enabled: boolean = true;\n\n constructor(supabase: SupabaseClient<Database>) {\n this.supabase = supabase;\n }\n\n /**\n * Enable or disable audit logging\n * \n * @param enabled - Whether to enable audit logging\n */\n setEnabled(enabled: boolean): void {\n this.enabled = enabled;\n }\n\n /**\n * Check if audit logging is enabled\n * \n * @returns True if audit logging is enabled\n */\n isEnabled(): boolean {\n return this.enabled;\n }\n\n /**\n * Emit an audit event\n * \n * @param event - Audit event payload\n * @returns Promise that resolves when event is logged\n */\n async emitEvent(event: AuditEventPayload): Promise<void> {\n if (!this.enabled) {\n return;\n }\n\n // Validate required fields before attempting to insert\n // MANDATORY: All audit events must have userId\n if (!event.userId) {\n console.error('[RBAC Audit] CRITICAL: Cannot log audit event without userId:', {\n eventType: event.type,\n organisationId: event.organisationId\n });\n return;\n }\n\n // WARNING: Some audit events may not have organisationId (e.g., global admin operations)\n // Log these for security monitoring even if organisationId is missing\n if (!event.organisationId) {\n console.warn('[RBAC Audit] Audit event without organisation context:', {\n userId: event.userId,\n eventType: event.type,\n note: 'This should be investigated for security compliance'\n });\n }\n\n try {\n // Since organisationId is now required in SecurityContext, this should rarely happen\n // But we still handle the edge case properly without masking it\n if (!event.organisationId) {\n console.warn('[RBAC Audit] Audit event without organisation context - this should be investigated:', {\n userId: event.userId,\n eventType: event.type,\n note: 'Organisation context is required for RBAC operations. This may indicate a security issue or missing context derivation.'\n });\n }\n\n // Validate pageId: only include in page_id column if it's a valid UUID\n // Otherwise, store it in metadata to avoid database errors\n const rawPageId = 'pageId' in event ? event.pageId : undefined;\n const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n const isValidPageIdUuid = rawPageId && uuidRegex.test(rawPageId);\n const pageIdUuid: UUID | undefined = isValidPageIdUuid ? (rawPageId as UUID) : undefined;\n const pageIdName: string | undefined = rawPageId && !isValidPageIdUuid ? rawPageId : undefined;\n\n const auditEvent: Omit<RBACAuditEvent, 'id' | 'created_at'> = {\n event_type: event.type,\n user_id: event.userId,\n // Store organisationId - nullable to properly track missing context cases\n // Do NOT use fallback UUID as it masks security issues\n organisation_id: event.organisationId || null, // Explicitly null if missing\n event_id: 'eventId' in event ? event.eventId : undefined,\n app_id: 'appId' in event ? event.appId : undefined,\n page_id: pageIdUuid, // Only set if it's a valid UUID\n permission: 'permission' in event ? event.permission : undefined,\n decision: 'decision' in event ? event.decision : undefined,\n source: 'source' in event ? event.source : 'api', // Default to 'api' if not provided\n bypass: 'bypass' in event ? event.bypass : undefined,\n duration_ms: 'duration_ms' in event ? event.duration_ms : undefined,\n metadata: {\n ...event.metadata,\n cache_hit: 'cache_hit' in event ? event.cache_hit : undefined,\n cache_source: 'cache_source' in event ? event.cache_source : undefined,\n // Explicit flag indicating this event had no organisation context\n no_organisation_context: !event.organisationId,\n // Store page name/identifier in metadata if it's not a UUID\n page_name: pageIdName,\n },\n };\n\n const { error } = await (this.supabase as any)\n .from('rbac_audit_events')\n .insert([auditEvent]);\n\n if (error) {\n // Log the error for debugging but don't throw\n console.warn('[RBAC Audit] Failed to insert audit event:', {\n error: error.message,\n code: error.code,\n details: error.details,\n hint: error.hint,\n event: auditEvent\n });\n }\n } catch (error) {\n // Log unexpected errors but don't throw\n console.error('[RBAC Audit] Unexpected error during audit logging:', error);\n }\n }\n\n /**\n * Emit a permission check audit event\n * \n * @param event - Permission check event data\n */\n async emitPermissionCheck(event: Omit<PermissionCheckAuditEvent, 'type'>): Promise<void> {\n await this.emitEvent({\n type: 'permission_check',\n ...event,\n });\n }\n\n /**\n * Emit a permission denied audit event\n * \n * @param event - Permission denied event data\n */\n async emitPermissionDenied(event: Omit<PermissionDeniedAuditEvent, 'type'>): Promise<void> {\n await this.emitEvent({\n type: 'permission_denied',\n ...event,\n });\n }\n\n /**\n * Emit a role granted audit event\n * \n * @param event - Role granted event data\n */\n async emitRoleGranted(event: Omit<RoleGrantedAuditEvent, 'type'>): Promise<void> {\n await this.emitEvent({\n type: 'role_granted',\n ...event,\n });\n }\n\n /**\n * Emit a role revoked audit event\n * \n * @param event - Role revoked event data\n */\n async emitRoleRevoked(event: Omit<RoleRevokedAuditEvent, 'type'>): Promise<void> {\n await this.emitEvent({\n type: 'role_denied',\n ...event,\n });\n }\n\n /**\n * Emit an RLS denied audit event\n * \n * @param event - RLS denied event data\n */\n async emitRLSDenied(event: Omit<RLSDeniedAuditEvent, 'type'>): Promise<void> {\n await this.emitEvent({\n type: 'rls_denied',\n ...event,\n });\n }\n\n /**\n * Get audit events for a user\n * \n * @param userId - User ID\n * @param limit - Maximum number of events to return\n * @returns Promise resolving to audit events\n */\n async getUserAuditEvents(userId: UUID, limit: number = 100): Promise<RBACAuditEvent[]> {\n const { data, error } = await this.supabase\n .from('rbac_audit_events')\n .select('*')\n .eq('user_id', userId)\n .order('created_at', { ascending: false })\n .limit(limit);\n\n if (error) {\n throw new Error(`Failed to get audit events: ${error.message}`);\n }\n\n return data || [];\n }\n\n /**\n * Get audit events for an organisation\n * \n * @param organisationId - Organisation ID\n * @param limit - Maximum number of events to return\n * @returns Promise resolving to audit events\n */\n async getOrganisationAuditEvents(organisationId: UUID, limit: number = 100): Promise<RBACAuditEvent[]> {\n const { data, error } = await this.supabase\n .from('rbac_audit_events')\n .select('*')\n .eq('organisation_id', organisationId)\n .order('created_at', { ascending: false })\n .limit(limit);\n\n if (error) {\n throw new Error(`Failed to get audit events: ${error.message}`);\n }\n\n return data || [];\n }\n}\n\n/**\n * Create an audit manager instance\n * \n * @param supabase - Supabase client\n * @returns RBACAuditManager instance\n */\nexport function createAuditManager(supabase: SupabaseClient<Database>): RBACAuditManager {\n return new RBACAuditManager(supabase);\n}\n\n/**\n * Global audit manager instance\n * \n * This is set by the RBAC engine when it initializes.\n */\nlet globalAuditManager: RBACAuditManager | null = null;\n\n/**\n * Set the global audit manager\n * \n * @param manager - Audit manager instance\n */\nexport function setGlobalAuditManager(manager: RBACAuditManager): void {\n globalAuditManager = manager;\n}\n\n/**\n * Get the global audit manager\n * \n * @returns Global audit manager or null if not set\n */\nexport function getGlobalAuditManager(): RBACAuditManager | null {\n return globalAuditManager;\n}\n\n/**\n * Emit an audit event using the global audit manager\n * \n * @param event - Audit event payload\n */\nexport async function emitAuditEvent(event: AuditEventPayload): Promise<void> {\n if (globalAuditManager) {\n await globalAuditManager.emitEvent(event);\n }\n}\n"],"mappings":";AA2GO,IAAM,mBAAN,MAAuB;AAAA,EAI5B,YAAY,UAAoC;AAFhD,SAAQ,UAAmB;AAGzB,SAAK,WAAW;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAW,SAAwB;AACjC,SAAK,UAAU;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,YAAqB;AACnB,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAU,OAAyC;AACvD,QAAI,CAAC,KAAK,SAAS;AACjB;AAAA,IACF;AAIA,QAAI,CAAC,MAAM,QAAQ;AACjB,cAAQ,MAAM,iEAAiE;AAAA,QAC7E,WAAW,MAAM;AAAA,QACjB,gBAAgB,MAAM;AAAA,MACxB,CAAC;AACD;AAAA,IACF;AAIA,QAAI,CAAC,MAAM,gBAAgB;AACzB,cAAQ,KAAK,0DAA0D;AAAA,QACrE,QAAQ,MAAM;AAAA,QACd,WAAW,MAAM;AAAA,QACjB,MAAM;AAAA,MACR,CAAC;AAAA,IACH;AAEA,QAAI;AAGF,UAAI,CAAC,MAAM,gBAAgB;AACzB,gBAAQ,KAAK,wFAAwF;AAAA,UACnG,QAAQ,MAAM;AAAA,UACd,WAAW,MAAM;AAAA,UACjB,MAAM;AAAA,QACR,CAAC;AAAA,MACH;AAIA,YAAM,YAAY,YAAY,QAAQ,MAAM,SAAS;AACrD,YAAM,YAAY;AAClB,YAAM,oBAAoB,aAAa,UAAU,KAAK,SAAS;AAC/D,YAAM,aAA+B,oBAAqB,YAAqB;AAC/E,YAAM,aAAiC,aAAa,CAAC,oBAAoB,YAAY;AAErF,YAAM,aAAwD;AAAA,QAC5D,YAAY,MAAM;AAAA,QAClB,SAAS,MAAM;AAAA;AAAA;AAAA,QAGf,iBAAiB,MAAM,kBAAkB;AAAA;AAAA,QACzC,UAAU,aAAa,QAAQ,MAAM,UAAU;AAAA,QAC/C,QAAQ,WAAW,QAAQ,MAAM,QAAQ;AAAA,QACzC,SAAS;AAAA;AAAA,QACT,YAAY,gBAAgB,QAAQ,MAAM,aAAa;AAAA,QACvD,UAAU,cAAc,QAAQ,MAAM,WAAW;AAAA,QACjD,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA;AAAA,QAC3C,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,QAC3C,aAAa,iBAAiB,QAAQ,MAAM,cAAc;AAAA,QAC1D,UAAU;AAAA,UACR,GAAG,MAAM;AAAA,UACT,WAAW,eAAe,QAAQ,MAAM,YAAY;AAAA,UACpD,cAAc,kBAAkB,QAAQ,MAAM,eAAe;AAAA;AAAA,UAE7D,yBAAyB,CAAC,MAAM;AAAA;AAAA,UAEhC,WAAW;AAAA,QACb;AAAA,MACF;AAEA,YAAM,EAAE,MAAM,IAAI,MAAO,KAAK,SAC3B,KAAK,mBAAmB,EACxB,OAAO,CAAC,UAAU,CAAC;AAEtB,UAAI,OAAO;AAET,gBAAQ,KAAK,8CAA8C;AAAA,UACzD,OAAO,MAAM;AAAA,UACb,MAAM,MAAM;AAAA,UACZ,SAAS,MAAM;AAAA,UACf,MAAM,MAAM;AAAA,UACZ,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF,SAAS,OAAO;AAEd,cAAQ,MAAM,uDAAuD,KAAK;AAAA,IAC5E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,oBAAoB,OAA+D;AACvF,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,qBAAqB,OAAgE;AACzF,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAgB,OAA2D;AAC/E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAgB,OAA2D;AAC/E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,OAAyD;AAC3E,UAAM,KAAK,UAAU;AAAA,MACnB,MAAM;AAAA,MACN,GAAG;AAAA,IACL,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,mBAAmB,QAAc,QAAgB,KAAgC;AACrF,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,mBAAmB,EACxB,OAAO,GAAG,EACV,GAAG,WAAW,MAAM,EACpB,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,KAAK;AAEd,QAAI,OAAO;AACT,YAAM,IAAI,MAAM,+BAA+B,MAAM,OAAO,EAAE;AAAA,IAChE;AAEA,WAAO,QAAQ,CAAC;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,2BAA2B,gBAAsB,QAAgB,KAAgC;AACrG,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,KAAK,SAChC,KAAK,mBAAmB,EACxB,OAAO,GAAG,EACV,GAAG,mBAAmB,cAAc,EACpC,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,KAAK;AAEd,QAAI,OAAO;AACT,YAAM,IAAI,MAAM,+BAA+B,MAAM,OAAO,EAAE;AAAA,IAChE;AAEA,WAAO,QAAQ,CAAC;AAAA,EAClB;AACF;AAQO,SAAS,mBAAmB,UAAsD;AACvF,SAAO,IAAI,iBAAiB,QAAQ;AACtC;AAOA,IAAI,qBAA8C;AAO3C,SAAS,sBAAsB,SAAiC;AACrE,uBAAqB;AACvB;AAOO,SAAS,wBAAiD;AAC/D,SAAO;AACT;AAOA,eAAsB,eAAe,OAAyC;AAC5E,MAAI,oBAAoB;AACtB,UAAM,mBAAmB,UAAU,KAAK;AAAA,EAC1C;AACF;","names":[]}

package/dist/chunk-5CDJCTOO.js DELETED Viewed

@@ -1,190 +0,0 @@
-// src/utils/secureStorage.ts
-var SecureStorageImpl = class {
-  constructor() {
-    this.encryptionKey = null;
-    this.initialized = false;
-  }
-  /**
-   * Initialize secure storage with encryption
-   */
-  async init() {
-    if (this.initialized) return;
-    try {
-      if (window.crypto && window.crypto.subtle) {
-        const keyData = localStorage.getItem("_sec_key");
-        if (keyData) {
-          try {
-            const keyBuffer = this.base64ToArrayBuffer(keyData);
-            this.encryptionKey = await window.crypto.subtle.importKey(
-              "raw",
-              keyBuffer,
-              { name: "AES-GCM" },
-              false,
-              ["encrypt", "decrypt"]
-            );
-          } catch (error) {
-            await this.generateNewKey();
-          }
-        } else {
-          await this.generateNewKey();
-        }
-      }
-      this.initialized = true;
-    } catch (error) {
-      this.initialized = true;
-    }
-  }
-  /**
-   * Store item securely
-   */
-  async setItem(key, value, options = {}) {
-    await this.init();
-    const data = {
-      value,
-      timestamp: Date.now(),
-      expiry: options.expiry ? Date.now() + options.expiry : void 0
-    };
-    const serialized = JSON.stringify(data);
-    if (options.encrypt && this.encryptionKey) {
-      try {
-        const encrypted = await this.encrypt(serialized);
-        localStorage.setItem(`_sec_${key}`, encrypted);
-        return;
-      } catch (error) {
-      }
-    }
-    localStorage.setItem(key, serialized);
-  }
-  /**
-   * Retrieve item securely
-   */
-  async getItem(key) {
-    await this.init();
-    const encryptedData = localStorage.getItem(`_sec_${key}`);
-    if (encryptedData && this.encryptionKey) {
-      try {
-        const decrypted = await this.decrypt(encryptedData);
-        const parsed = JSON.parse(decrypted);
-        if (parsed.expiry && Date.now() > parsed.expiry) {
-          await this.removeItem(key);
-          return null;
-        }
-        return parsed.value;
-      } catch (error) {
-      }
-    }
-    const plainData = localStorage.getItem(key);
-    if (!plainData) return null;
-    try {
-      const parsed = JSON.parse(plainData);
-      if (parsed.expiry && Date.now() > parsed.expiry) {
-        await this.removeItem(key);
-        return null;
-      }
-      return parsed.value || plainData;
-    } catch (error) {
-      return plainData;
-    }
-  }
-  /**
-   * Remove item
-   */
-  async removeItem(key) {
-    localStorage.removeItem(key);
-    localStorage.removeItem(`_sec_${key}`);
-  }
-  /**
-   * Clear all secure storage
-   */
-  async clear() {
-    const keys = Object.keys(localStorage);
-    for (const key of keys) {
-      if (key.startsWith("_sec_")) {
-        localStorage.removeItem(key);
-      }
-    }
-  }
-  /**
-   * Generate new encryption key
-   */
-  async generateNewKey() {
-    if (!window.crypto?.subtle) return;
-    try {
-      this.encryptionKey = await window.crypto.subtle.generateKey(
-        { name: "AES-GCM", length: 256 },
-        true,
-        ["encrypt", "decrypt"]
-      );
-      const exportedKey = await window.crypto.subtle.exportKey("raw", this.encryptionKey);
-      const keyData = this.arrayBufferToBase64(exportedKey);
-      localStorage.setItem("_sec_key", keyData);
-    } catch (error) {
-    }
-  }
-  /**
-   * Encrypt data
-   */
-  async encrypt(data) {
-    if (!this.encryptionKey || !window.crypto?.subtle) {
-      throw new Error("Encryption not available");
-    }
-    const encoder = new TextEncoder();
-    const dataBuffer = encoder.encode(data);
-    const iv = window.crypto.getRandomValues(new Uint8Array(12));
-    const encrypted = await window.crypto.subtle.encrypt(
-      { name: "AES-GCM", iv },
-      this.encryptionKey,
-      dataBuffer
-    );
-    const combined = new Uint8Array(iv.length + encrypted.byteLength);
-    combined.set(iv);
-    combined.set(new Uint8Array(encrypted), iv.length);
-    return this.arrayBufferToBase64(combined.buffer);
-  }
-  /**
-   * Decrypt data
-   */
-  async decrypt(encryptedData) {
-    if (!this.encryptionKey || !window.crypto?.subtle) {
-      throw new Error("Decryption not available");
-    }
-    const combined = this.base64ToArrayBuffer(encryptedData);
-    const iv = combined.slice(0, 12);
-    const encrypted = combined.slice(12);
-    const decrypted = await window.crypto.subtle.decrypt(
-      { name: "AES-GCM", iv },
-      this.encryptionKey,
-      encrypted
-    );
-    const decoder = new TextDecoder();
-    return decoder.decode(decrypted);
-  }
-  /**
-   * Convert ArrayBuffer to base64
-   */
-  arrayBufferToBase64(buffer) {
-    const bytes = new Uint8Array(buffer);
-    let binary = "";
-    for (let i = 0; i < bytes.byteLength; i++) {
-      binary += String.fromCharCode(bytes[i]);
-    }
-    return btoa(binary);
-  }
-  /**
-   * Convert base64 to ArrayBuffer
-   */
-  base64ToArrayBuffer(base64) {
-    const binary = atob(base64);
-    const bytes = new Uint8Array(binary.length);
-    for (let i = 0; i < binary.length; i++) {
-      bytes[i] = binary.charCodeAt(i);
-    }
-    return bytes.buffer;
-  }
-};
-var secureStorage = new SecureStorageImpl();
-export {
-  secureStorage
-};
-//# sourceMappingURL=chunk-5CDJCTOO.js.map