@jmruthers/pace-core 0.5.121 → 0.5.123

package/dist/validation 3.js

@@ -1,479 +0,0 @@
-import {
-  changePasswordSchema,
-  combineSchemas,
-  contactFormSchema,
-  dateSchema,
-  emailSchema,
-  loginSchema,
-  nameSchema,
-  passwordResetSchema,
-  passwordSchema,
-  phoneSchema,
-  pickSchema,
-  registrationSchema,
-  secureLoginSchema,
-  securePasswordSchema,
-  urlSchema,
-  userProfileSchema
-} from "./chunk-24MKLB7U.js";
-import {
-  init_secureStorage,
-  secureStorage
-} from "./chunk-UJI6WSMD.js";
-import "./chunk-PLDDJCW6.js";
-
-// src/validation/sanitization.ts
-import { z } from "zod";
-var secureEmailSchema = z.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long").refine(
-  (email) => {
-    if (!email || typeof email !== "string") return false;
-    const domain = email.split("@")[1];
-    return domain && domain.includes(".") && domain.length > 3;
-  },
-  "Invalid email domain"
-).transform((email) => sanitizeEmail(email));
-var emailSchema2 = z.string().min(1, "Email is required").email("Invalid email format");
-var nameSchema2 = z.string().min(1, "Name is required").max(100, "Name too long").regex(/^[a-zA-Z\s'-]+$/, "Name contains invalid characters");
-var phoneSchema2 = z.string().regex(/^[\+]?[1-9][\d]{0,15}$/, "Invalid phone number format");
-var urlSchema2 = z.string().url("Invalid URL format");
-var dateSchema2 = z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "Invalid date format (YYYY-MM-DD)");
-var secureLoginSchema2 = z.object({
-  email: secureEmailSchema,
-  password: z.string().min(1, "Password is required")
-});
-function sanitizeEmail(email) {
-  if (!email || typeof email !== "string") {
-    return "";
-  }
-  return email.toLowerCase().trim();
-}
-function sanitizeString(input) {
-  if (!input || typeof input !== "string") {
-    return "";
-  }
-  return input.replace(/[<>]/g, "").replace(/javascript:/gi, "").replace(/on\w+=/gi, "").trim();
-}
-
-// src/validation/csrf.ts
-init_secureStorage();
-var CSRFManager = class {
-  constructor() {
-    this.tokenCache = /* @__PURE__ */ new Map();
-    this.TOKEN_EXPIRY = 30 * 60 * 1e3;
-    // 30 minutes
-    this.MAX_TOKENS_PER_SESSION = 10;
-  }
-  /**
-   * Generate a new CSRF token for the current session
-   */
-  async generateToken(sessionId) {
-    try {
-      await this.cleanupExpiredTokens();
-      const sessionTokens = Array.from(this.tokenCache.values()).filter((data) => data.sessionId === sessionId && !data.used);
-      if (sessionTokens.length >= this.MAX_TOKENS_PER_SESSION) {
-        const oldest = sessionTokens.sort((a, b) => a.timestamp - b.timestamp)[0];
-        this.tokenCache.delete(oldest.token);
-      }
-      const tokenBytes = new Uint8Array(32);
-      crypto.getRandomValues(tokenBytes);
-      const token = Array.from(
-        tokenBytes,
-        (byte) => byte.toString(16).padStart(2, "0")
-      ).join("");
-      const tokenData = {
-        token,
-        sessionId,
-        timestamp: Date.now(),
-        used: false
-      };
-      this.tokenCache.set(token, tokenData);
-      await this.persistTokens();
-      return token;
-    } catch (error) {
-      throw new Error("CSRF token generation failed");
-    }
-  }
-  /**
-   * Validate and consume a CSRF token
-   */
-  async validateToken(token, sessionId) {
-    try {
-      if (this.tokenCache.size === 0) {
-        await this.loadTokens();
-      }
-      const tokenData = this.tokenCache.get(token);
-      if (!tokenData) {
-        return false;
-      }
-      if (tokenData.sessionId !== sessionId) {
-        return false;
-      }
-      if (tokenData.used) {
-        return false;
-      }
-      if (Date.now() - tokenData.timestamp > this.TOKEN_EXPIRY) {
-        this.tokenCache.delete(token);
-        await this.persistTokens();
-        return false;
-      }
-      tokenData.used = true;
-      this.tokenCache.set(token, tokenData);
-      await this.persistTokens();
-      return true;
-    } catch (error) {
-      return false;
-    }
-  }
-  /**
-   * Get current valid token for session
-   */
-  async getCurrentToken(sessionId) {
-    if (this.tokenCache.size === 0) {
-      await this.loadTokens();
-    }
-    for (const [token, data] of this.tokenCache.entries()) {
-      if (data.sessionId === sessionId && !data.used && Date.now() - data.timestamp < this.TOKEN_EXPIRY) {
-        return token;
-      }
-    }
-    return await this.generateToken(sessionId);
-  }
-  /**
-   * Clean up expired and used tokens
-   */
-  async cleanupExpiredTokens() {
-    const now = Date.now();
-    const expiredTokens = [];
-    for (const [token, data] of this.tokenCache.entries()) {
-      if (data.used || now - data.timestamp > this.TOKEN_EXPIRY) {
-        expiredTokens.push(token);
-      }
-    }
-    expiredTokens.forEach((token) => this.tokenCache.delete(token));
-    if (expiredTokens.length > 0) {
-      await this.persistTokens();
-    }
-  }
-  /**
-   * Persist tokens to secure storage
-   */
-  async persistTokens() {
-    try {
-      const tokensArray = Array.from(this.tokenCache.entries());
-      await secureStorage.setItem(
-        "csrf_tokens",
-        JSON.stringify(tokensArray),
-        { encrypt: true, expiry: this.TOKEN_EXPIRY }
-      );
-    } catch (error) {
-    }
-  }
-  /**
-   * Load tokens from secure storage
-   */
-  async loadTokens() {
-    try {
-      const tokensData = await secureStorage.getItem("csrf_tokens");
-      if (tokensData) {
-        const tokensArray = JSON.parse(tokensData);
-        this.tokenCache = new Map(tokensArray);
-        await this.cleanupExpiredTokens();
-      }
-    } catch (error) {
-      this.tokenCache.clear();
-    }
-  }
-  /**
-   * Clear all tokens for session
-   */
-  async clearSession(sessionId) {
-    const tokensToRemove = [];
-    for (const [token, data] of this.tokenCache.entries()) {
-      if (data.sessionId === sessionId) {
-        tokensToRemove.push(token);
-      }
-    }
-    tokensToRemove.forEach((token) => this.tokenCache.delete(token));
-    await this.persistTokens();
-  }
-};
-var csrfManager = new CSRFManager();
-async function generateCSRFToken(sessionId) {
-  return csrfManager.generateToken(sessionId);
-}
-async function validateCSRFToken(token, sessionId) {
-  return csrfManager.validateToken(token, sessionId);
-}
-async function getCSRFToken(sessionId) {
-  return csrfManager.getCurrentToken(sessionId);
-}
-
-// src/validation/sqlInjectionProtection.ts
-import { z as z2 } from "zod";
-var SQL_INJECTION_PATTERNS = [
-  /(\b(SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER|EXEC|EXECUTE|UNION|SCRIPT|JAVASCRIPT)\b)/i,
-  /(\'|(\\\')|(\'\')|(\"|(\\\")|(\\")))|(\\x)|(\\u)/i,
-  /((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52))/i,
-  // '|%27|' OR
-  /((%27)|(')|(%55)|u|(%55)|(%4E)|n|(%4E)|(%49)|i|(%49)|(%4F)|o|(%4F)|(%4E)|n|(%4E))/i,
-  // '|%27|' UNION
-  /((%3D)|(=))[^\n]*((%27)|(')|((\\x27))|((\\x2D))|((\\x23)))/i,
-  /(w*((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52)))/i,
-  /((%27)|(')|(''))+union/i,
-  /exec(\+|\s)+(s|x)p\w+/i,
-  /\b(and|or)\b.+?(=|<|>|\bin\b|\blike\b)/i,
-  /\bunion\b.+?\bselect\b/i,
-  /\bdrop\b.+?\btable\b/i,
-  /\binsert\b.+?\binto\b/i,
-  /\bdelete\b.+?\bfrom\b/i,
-  /\bupdate\b.+?\bset\b/i,
-  /(;|(\\x3B)).+?(drop|create|alter|exec|execute|insert|update|delete)/i,
-  /(%3B|;).+?(%44|%64|d)(%52|%72|r)(%4F|%6F|o)(%50|%70|p)/i
-];
-var DANGEROUS_CHARS = /[';\"\\%]/g;
-var searchQuerySchema = z2.string().max(500, "Search query too long").refine(
-  (query) => {
-    return !SQL_INJECTION_PATTERNS.some((pattern) => pattern.test(query));
-  },
-  "Invalid characters detected in search query"
-).transform((query) => sanitizeSearchQuery(query));
-var sqlIdentifierSchema = z2.string().min(1, "Identifier cannot be empty").max(63, "Identifier too long").regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/, "Invalid identifier format").refine(
-  (identifier) => {
-    const reservedWords = [
-      "SELECT",
-      "INSERT",
-      "UPDATE",
-      "DELETE",
-      "DROP",
-      "CREATE",
-      "ALTER",
-      "FROM",
-      "WHERE",
-      "JOIN",
-      "UNION",
-      "ORDER",
-      "GROUP",
-      "HAVING"
-    ];
-    return !reservedWords.includes(identifier.toUpperCase());
-  },
-  "Identifier cannot be a reserved SQL keyword"
-);
-var orderBySchema = z2.string().regex(/^[a-zA-Z_][a-zA-Z0-9_]*(\s+(ASC|DESC|asc|desc))?$/, "Invalid order by format");
-var limitOffsetSchema = z2.number().int("Must be an integer").min(0, "Must be non-negative").max(1e3, "Limit too large");
-function sanitizeSearchQuery(query) {
-  return query.replace(DANGEROUS_CHARS, "").replace(/\s+/g, " ").trim().slice(0, 500);
-}
-function escapeLikeQuery(query) {
-  return query.replace(/\\/g, "\\\\").replace(/%/g, "\\%").replace(/_/g, "\\_");
-}
-function sanitizeFilters(filters) {
-  const sanitized = {};
-  for (const [key, value] of Object.entries(filters)) {
-    const keyValidation = sqlIdentifierSchema.safeParse(key);
-    if (!keyValidation.success) {
-      console.warn(`[SECURITY] Invalid filter key detected and removed: ${key}`);
-      continue;
-    }
-    if (typeof value === "string") {
-      const valueValidation = searchQuerySchema.safeParse(value);
-      if (valueValidation.success) {
-        sanitized[key] = valueValidation.data;
-      }
-    } else if (typeof value === "number") {
-      if (Number.isFinite(value)) {
-        sanitized[key] = value;
-      }
-    } else if (typeof value === "boolean") {
-      sanitized[key] = value;
-    } else if (Array.isArray(value)) {
-      const sanitizedArray = value.filter((item) => typeof item === "string" || typeof item === "number").map((item) => typeof item === "string" ? sanitizeSearchQuery(item) : item).slice(0, 100);
-      if (sanitizedArray.length > 0) {
-        sanitized[key] = sanitizedArray;
-      }
-    }
-  }
-  return sanitized;
-}
-function buildSafeQueryParams(params) {
-  const safe = {};
-  if (params.select) {
-    const selectFields = params.select.split(",").map((field) => field.trim());
-    const validFields = selectFields.filter((field) => {
-      return sqlIdentifierSchema.safeParse(field).success;
-    });
-    if (validFields.length > 0) {
-      safe.select = validFields.join(", ");
-    }
-  }
-  if (params.filters) {
-    safe.filters = sanitizeFilters(params.filters);
-  }
-  if (params.orderBy) {
-    const orderByValidation = orderBySchema.safeParse(params.orderBy);
-    if (orderByValidation.success) {
-      safe.orderBy = orderByValidation.data;
-    }
-  }
-  if (params.limit !== void 0) {
-    const limitValidation = limitOffsetSchema.safeParse(params.limit);
-    if (limitValidation.success) {
-      safe.limit = limitValidation.data;
-    }
-  }
-  if (params.offset !== void 0) {
-    const offsetValidation = limitOffsetSchema.safeParse(params.offset);
-    if (offsetValidation.success) {
-      safe.offset = offsetValidation.data;
-    }
-  }
-  if (params.search) {
-    const searchValidation = searchQuerySchema.safeParse(params.search);
-    if (searchValidation.success) {
-      safe.search = searchValidation.data;
-    }
-  }
-  return safe;
-}
-function detectSQLInjection(input) {
-  const detectedPatterns = [];
-  let maxRisk = "low";
-  SQL_INJECTION_PATTERNS.forEach((pattern, index) => {
-    if (pattern.test(input)) {
-      detectedPatterns.push(`Pattern ${index + 1}`);
-      if (index < 3) {
-        maxRisk = "critical";
-      } else if (index < 7 && maxRisk !== "critical") {
-        maxRisk = "high";
-      } else if (index < 12 && !["critical", "high"].includes(maxRisk)) {
-        maxRisk = "medium";
-      }
-    }
-  });
-  return {
-    isSuspicious: detectedPatterns.length > 0,
-    patterns: detectedPatterns,
-    riskLevel: maxRisk
-  };
-}
-
-// src/validation/passwordSchema.ts
-import { z as z3 } from "zod";
-var COMMON_PASSWORDS = /* @__PURE__ */ new Set([
-  "password",
-  "123456",
-  "123456789",
-  "qwerty",
-  "abc123",
-  "password123",
-  "admin",
-  "letmein",
-  "welcome",
-  "monkey",
-  "1234567890",
-  "password1"
-]);
-var WEAK_PATTERNS = [
-  /^(.)\1+$/,
-  // All same character
-  /^(012|123|234|345|456|567|678|789|890|987|876|765|654|543|432|321|210)+/,
-  // Sequential numbers
-  /^(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz)+/i
-  // Sequential letters
-];
-var securePasswordSchema2 = z3.string().min(8, "Password must be at least 8 characters long").max(128, "Password must not exceed 128 characters").refine(
-  (password) => /[a-z]/.test(password),
-  "Password must contain at least one lowercase letter"
-).refine(
-  (password) => /[A-Z]/.test(password),
-  "Password must contain at least one uppercase letter"
-).refine(
-  (password) => /\d/.test(password),
-  "Password must contain at least one number"
-).refine(
-  (password) => /[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password),
-  "Password must contain at least one special character"
-).refine(
-  (password) => !COMMON_PASSWORDS.has(password.toLowerCase()),
-  "Password is too common. Please choose a stronger password"
-).refine(
-  (password) => !WEAK_PATTERNS.some((pattern) => pattern.test(password)),
-  "Password contains weak patterns. Please choose a more complex password"
-).refine(
-  (password) => {
-    const keyboardPatterns = ["qwerty", "asdfgh", "zxcvbn", "1234567890"];
-    return !keyboardPatterns.some(
-      (pattern) => password.toLowerCase().includes(pattern)
-    );
-  },
-  "Password contains keyboard patterns. Please choose a more secure password"
-);
-var passwordSchema2 = z3.string().min(6, "Password must be at least 6 characters long").max(128, "Password must not exceed 128 characters");
-function calculatePasswordStrength(password) {
-  let score = 0;
-  const feedback = [];
-  if (password.length >= 8) score += 20;
-  else if (password.length >= 6) score += 10;
-  else feedback.push("Use at least 8 characters");
-  if (/[a-z]/.test(password)) score += 15;
-  else feedback.push("Add lowercase letters");
-  if (/[A-Z]/.test(password)) score += 15;
-  else feedback.push("Add uppercase letters");
-  if (/\d/.test(password)) score += 15;
-  else feedback.push("Add numbers");
-  if (/[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password)) score += 15;
-  else feedback.push("Add special characters");
-  if (password.length >= 12) score += 10;
-  if (/[^a-zA-Z0-9]/.test(password)) score += 10;
-  if (COMMON_PASSWORDS.has(password.toLowerCase())) {
-    score -= 30;
-    feedback.push("Avoid common passwords");
-  }
-  if (WEAK_PATTERNS.some((pattern) => pattern.test(password))) {
-    score -= 20;
-    feedback.push("Avoid predictable patterns");
-  }
-  let level;
-  if (score < 30) level = "very-weak";
-  else if (score < 50) level = "weak";
-  else if (score < 70) level = "fair";
-  else if (score < 90) level = "good";
-  else level = "strong";
-  return { score: Math.max(0, Math.min(100, score)), feedback, level };
-}
-export {
-  buildSafeQueryParams,
-  calculatePasswordStrength,
-  changePasswordSchema,
-  combineSchemas,
-  contactFormSchema,
-  csrfManager,
-  dateSchema,
-  detectSQLInjection,
-  emailSchema,
-  escapeLikeQuery,
-  generateCSRFToken,
-  getCSRFToken,
-  limitOffsetSchema,
-  loginSchema,
-  nameSchema,
-  orderBySchema,
-  passwordResetSchema,
-  passwordSchema,
-  phoneSchema,
-  pickSchema,
-  registrationSchema,
-  sanitizeEmail,
-  sanitizeFilters,
-  sanitizeSearchQuery,
-  sanitizeString,
-  searchQuerySchema,
-  secureEmailSchema,
-  secureLoginSchema,
-  securePasswordSchema,
-  sqlIdentifierSchema,
-  urlSchema,
-  userProfileSchema,
-  validateCSRFToken
-};
-//# sourceMappingURL=validation.js.map

package/src/styles/semantic.css

@@ -1,24 +0,0 @@
-@import "tailwindcss";
-
-@theme inline {
-  /* Semantic token mapping */
-  --color-border: var(--color-app-main-500);
-  --color-input: var(--color-app-sec-200);
-  --color-ring: var(--color-app-main-950);
-  --color-background: var(--color-app-main-50);
-  --color-foreground: var(--color-app-main-950);
-  --color-primary: var(--color-app-main-600);
-  --color-primary-foreground: var(--color-app-main-50);
-  --color-secondary: var(--color-app-sec-400);
-  --color-secondary-foreground: var(--color-app-main-950);
-  --color-destructive: var(--color-app-acc-700);
-  --color-destructive-foreground: var(--color-app-main-50);
-  --color-muted: var(--color-app-sec-100);
-  --color-muted-foreground: var(--color-app-main-700);
-  --color-accent: var(--color-app-acc-400);
-  --color-accent-foreground: var(--color-app-main-950);
-  --color-popover: var(--color-app-main-50);
-  --color-popover-foreground: var(--color-app-main-950);
-  --color-card: var(--color-app-main-50);
-  --color-card-foreground: var(--color-app-main-950);
-}