@jmruthers/pace-core 0.5.135 → 0.5.137

package/dist/validation.js

@@ -1,479 +1,24 @@
 import {
-  changePasswordSchema,
-  combineSchemas,
-  contactFormSchema,
-  dateSchema,
-  emailSchema,
-  loginSchema,
-  nameSchema,
-  passwordResetSchema,
-  passwordSchema,
-  phoneSchema,
-  pickSchema,
-  registrationSchema,
-  secureLoginSchema,
-  securePasswordSchema,
-  urlSchema,
-  userProfileSchema
-} from "./chunk-24MKLB7U.js";
-import {
-  init_secureStorage,
-  secureStorage
-} from "./chunk-UJI6WSMD.js";
+  deepMerge,
+  isEmpty,
+  isObject,
+  isStrongPassword,
+  isValidDate,
+  isValidEmail,
+  isValidUrl,
+  isWithinRange,
+  matchesPattern
+} from "./chunk-JISYG63F.js";
 import "./chunk-PLDDJCW6.js";
-
-// src/validation/sanitization.ts
-import { z } from "zod";
-var secureEmailSchema = z.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long").refine(
-  (email) => {
-    if (!email || typeof email !== "string") return false;
-    const domain = email.split("@")[1];
-    return domain && domain.includes(".") && domain.length > 3;
-  },
-  "Invalid email domain"
-).transform((email) => sanitizeEmail(email));
-var emailSchema2 = z.string().min(1, "Email is required").email("Invalid email format");
-var nameSchema2 = z.string().min(1, "Name is required").max(100, "Name too long").regex(/^[a-zA-Z\s'-]+$/, "Name contains invalid characters");
-var phoneSchema2 = z.string().regex(/^[\+]?[1-9][\d]{0,15}$/, "Invalid phone number format");
-var urlSchema2 = z.string().url("Invalid URL format");
-var dateSchema2 = z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "Invalid date format (YYYY-MM-DD)");
-var secureLoginSchema2 = z.object({
-  email: secureEmailSchema,
-  password: z.string().min(1, "Password is required")
-});
-function sanitizeEmail(email) {
-  if (!email || typeof email !== "string") {
-    return "";
-  }
-  return email.toLowerCase().trim();
-}
-function sanitizeString(input) {
-  if (!input || typeof input !== "string") {
-    return "";
-  }
-  return input.replace(/[<>]/g, "").replace(/javascript:/gi, "").replace(/on\w+=/gi, "").trim();
-}
-
-// src/validation/csrf.ts
-init_secureStorage();
-var CSRFManager = class {
-  constructor() {
-    this.tokenCache = /* @__PURE__ */ new Map();
-    this.TOKEN_EXPIRY = 30 * 60 * 1e3;
-    // 30 minutes
-    this.MAX_TOKENS_PER_SESSION = 10;
-  }
-  /**
-   * Generate a new CSRF token for the current session
-   */
-  async generateToken(sessionId) {
-    try {
-      await this.cleanupExpiredTokens();
-      const sessionTokens = Array.from(this.tokenCache.values()).filter((data) => data.sessionId === sessionId && !data.used);
-      if (sessionTokens.length >= this.MAX_TOKENS_PER_SESSION) {
-        const oldest = sessionTokens.sort((a, b) => a.timestamp - b.timestamp)[0];
-        this.tokenCache.delete(oldest.token);
-      }
-      const tokenBytes = new Uint8Array(32);
-      crypto.getRandomValues(tokenBytes);
-      const token = Array.from(
-        tokenBytes,
-        (byte) => byte.toString(16).padStart(2, "0")
-      ).join("");
-      const tokenData = {
-        token,
-        sessionId,
-        timestamp: Date.now(),
-        used: false
-      };
-      this.tokenCache.set(token, tokenData);
-      await this.persistTokens();
-      return token;
-    } catch (error) {
-      throw new Error("CSRF token generation failed");
-    }
-  }
-  /**
-   * Validate and consume a CSRF token
-   */
-  async validateToken(token, sessionId) {
-    try {
-      if (this.tokenCache.size === 0) {
-        await this.loadTokens();
-      }
-      const tokenData = this.tokenCache.get(token);
-      if (!tokenData) {
-        return false;
-      }
-      if (tokenData.sessionId !== sessionId) {
-        return false;
-      }
-      if (tokenData.used) {
-        return false;
-      }
-      if (Date.now() - tokenData.timestamp > this.TOKEN_EXPIRY) {
-        this.tokenCache.delete(token);
-        await this.persistTokens();
-        return false;
-      }
-      tokenData.used = true;
-      this.tokenCache.set(token, tokenData);
-      await this.persistTokens();
-      return true;
-    } catch (error) {
-      return false;
-    }
-  }
-  /**
-   * Get current valid token for session
-   */
-  async getCurrentToken(sessionId) {
-    if (this.tokenCache.size === 0) {
-      await this.loadTokens();
-    }
-    for (const [token, data] of this.tokenCache.entries()) {
-      if (data.sessionId === sessionId && !data.used && Date.now() - data.timestamp < this.TOKEN_EXPIRY) {
-        return token;
-      }
-    }
-    return await this.generateToken(sessionId);
-  }
-  /**
-   * Clean up expired and used tokens
-   */
-  async cleanupExpiredTokens() {
-    const now = Date.now();
-    const expiredTokens = [];
-    for (const [token, data] of this.tokenCache.entries()) {
-      if (data.used || now - data.timestamp > this.TOKEN_EXPIRY) {
-        expiredTokens.push(token);
-      }
-    }
-    expiredTokens.forEach((token) => this.tokenCache.delete(token));
-    if (expiredTokens.length > 0) {
-      await this.persistTokens();
-    }
-  }
-  /**
-   * Persist tokens to secure storage
-   */
-  async persistTokens() {
-    try {
-      const tokensArray = Array.from(this.tokenCache.entries());
-      await secureStorage.setItem(
-        "csrf_tokens",
-        JSON.stringify(tokensArray),
-        { encrypt: true, expiry: this.TOKEN_EXPIRY }
-      );
-    } catch (error) {
-    }
-  }
-  /**
-   * Load tokens from secure storage
-   */
-  async loadTokens() {
-    try {
-      const tokensData = await secureStorage.getItem("csrf_tokens");
-      if (tokensData) {
-        const tokensArray = JSON.parse(tokensData);
-        this.tokenCache = new Map(tokensArray);
-        await this.cleanupExpiredTokens();
-      }
-    } catch (error) {
-      this.tokenCache.clear();
-    }
-  }
-  /**
-   * Clear all tokens for session
-   */
-  async clearSession(sessionId) {
-    const tokensToRemove = [];
-    for (const [token, data] of this.tokenCache.entries()) {
-      if (data.sessionId === sessionId) {
-        tokensToRemove.push(token);
-      }
-    }
-    tokensToRemove.forEach((token) => this.tokenCache.delete(token));
-    await this.persistTokens();
-  }
-};
-var csrfManager = new CSRFManager();
-async function generateCSRFToken(sessionId) {
-  return csrfManager.generateToken(sessionId);
-}
-async function validateCSRFToken(token, sessionId) {
-  return csrfManager.validateToken(token, sessionId);
-}
-async function getCSRFToken(sessionId) {
-  return csrfManager.getCurrentToken(sessionId);
-}
-
-// src/validation/sqlInjectionProtection.ts
-import { z as z2 } from "zod";
-var SQL_INJECTION_PATTERNS = [
-  /(\b(SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER|EXEC|EXECUTE|UNION|SCRIPT|JAVASCRIPT)\b)/i,
-  /(\'|(\\\')|(\'\')|(\"|(\\\")|(\\")))|(\\x)|(\\u)/i,
-  /((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52))/i,
-  // '|%27|' OR
-  /((%27)|(')|(%55)|u|(%55)|(%4E)|n|(%4E)|(%49)|i|(%49)|(%4F)|o|(%4F)|(%4E)|n|(%4E))/i,
-  // '|%27|' UNION
-  /((%3D)|(=))[^\n]*((%27)|(')|((\\x27))|((\\x2D))|((\\x23)))/i,
-  /(w*((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52)))/i,
-  /((%27)|(')|(''))+union/i,
-  /exec(\+|\s)+(s|x)p\w+/i,
-  /\b(and|or)\b.+?(=|<|>|\bin\b|\blike\b)/i,
-  /\bunion\b.+?\bselect\b/i,
-  /\bdrop\b.+?\btable\b/i,
-  /\binsert\b.+?\binto\b/i,
-  /\bdelete\b.+?\bfrom\b/i,
-  /\bupdate\b.+?\bset\b/i,
-  /(;|(\\x3B)).+?(drop|create|alter|exec|execute|insert|update|delete)/i,
-  /(%3B|;).+?(%44|%64|d)(%52|%72|r)(%4F|%6F|o)(%50|%70|p)/i
-];
-var DANGEROUS_CHARS = /[';\"\\%]/g;
-var searchQuerySchema = z2.string().max(500, "Search query too long").refine(
-  (query) => {
-    return !SQL_INJECTION_PATTERNS.some((pattern) => pattern.test(query));
-  },
-  "Invalid characters detected in search query"
-).transform((query) => sanitizeSearchQuery(query));
-var sqlIdentifierSchema = z2.string().min(1, "Identifier cannot be empty").max(63, "Identifier too long").regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/, "Invalid identifier format").refine(
-  (identifier) => {
-    const reservedWords = [
-      "SELECT",
-      "INSERT",
-      "UPDATE",
-      "DELETE",
-      "DROP",
-      "CREATE",
-      "ALTER",
-      "FROM",
-      "WHERE",
-      "JOIN",
-      "UNION",
-      "ORDER",
-      "GROUP",
-      "HAVING"
-    ];
-    return !reservedWords.includes(identifier.toUpperCase());
-  },
-  "Identifier cannot be a reserved SQL keyword"
-);
-var orderBySchema = z2.string().regex(/^[a-zA-Z_][a-zA-Z0-9_]*(\s+(ASC|DESC|asc|desc))?$/, "Invalid order by format");
-var limitOffsetSchema = z2.number().int("Must be an integer").min(0, "Must be non-negative").max(1e3, "Limit too large");
-function sanitizeSearchQuery(query) {
-  return query.replace(DANGEROUS_CHARS, "").replace(/\s+/g, " ").trim().slice(0, 500);
-}
-function escapeLikeQuery(query) {
-  return query.replace(/\\/g, "\\\\").replace(/%/g, "\\%").replace(/_/g, "\\_");
-}
-function sanitizeFilters(filters) {
-  const sanitized = {};
-  for (const [key, value] of Object.entries(filters)) {
-    const keyValidation = sqlIdentifierSchema.safeParse(key);
-    if (!keyValidation.success) {
-      console.warn(`[SECURITY] Invalid filter key detected and removed: ${key}`);
-      continue;
-    }
-    if (typeof value === "string") {
-      const valueValidation = searchQuerySchema.safeParse(value);
-      if (valueValidation.success) {
-        sanitized[key] = valueValidation.data;
-      }
-    } else if (typeof value === "number") {
-      if (Number.isFinite(value)) {
-        sanitized[key] = value;
-      }
-    } else if (typeof value === "boolean") {
-      sanitized[key] = value;
-    } else if (Array.isArray(value)) {
-      const sanitizedArray = value.filter((item) => typeof item === "string" || typeof item === "number").map((item) => typeof item === "string" ? sanitizeSearchQuery(item) : item).slice(0, 100);
-      if (sanitizedArray.length > 0) {
-        sanitized[key] = sanitizedArray;
-      }
-    }
-  }
-  return sanitized;
-}
-function buildSafeQueryParams(params) {
-  const safe = {};
-  if (params.select) {
-    const selectFields = params.select.split(",").map((field) => field.trim());
-    const validFields = selectFields.filter((field) => {
-      return sqlIdentifierSchema.safeParse(field).success;
-    });
-    if (validFields.length > 0) {
-      safe.select = validFields.join(", ");
-    }
-  }
-  if (params.filters) {
-    safe.filters = sanitizeFilters(params.filters);
-  }
-  if (params.orderBy) {
-    const orderByValidation = orderBySchema.safeParse(params.orderBy);
-    if (orderByValidation.success) {
-      safe.orderBy = orderByValidation.data;
-    }
-  }
-  if (params.limit !== void 0) {
-    const limitValidation = limitOffsetSchema.safeParse(params.limit);
-    if (limitValidation.success) {
-      safe.limit = limitValidation.data;
-    }
-  }
-  if (params.offset !== void 0) {
-    const offsetValidation = limitOffsetSchema.safeParse(params.offset);
-    if (offsetValidation.success) {
-      safe.offset = offsetValidation.data;
-    }
-  }
-  if (params.search) {
-    const searchValidation = searchQuerySchema.safeParse(params.search);
-    if (searchValidation.success) {
-      safe.search = searchValidation.data;
-    }
-  }
-  return safe;
-}
-function detectSQLInjection(input) {
-  const detectedPatterns = [];
-  let maxRisk = "low";
-  SQL_INJECTION_PATTERNS.forEach((pattern, index) => {
-    if (pattern.test(input)) {
-      detectedPatterns.push(`Pattern ${index + 1}`);
-      if (index < 3) {
-        maxRisk = "critical";
-      } else if (index < 7 && maxRisk !== "critical") {
-        maxRisk = "high";
-      } else if (index < 12 && !["critical", "high"].includes(maxRisk)) {
-        maxRisk = "medium";
-      }
-    }
-  });
-  return {
-    isSuspicious: detectedPatterns.length > 0,
-    patterns: detectedPatterns,
-    riskLevel: maxRisk
-  };
-}
-
-// src/validation/passwordSchema.ts
-import { z as z3 } from "zod";
-var COMMON_PASSWORDS = /* @__PURE__ */ new Set([
-  "password",
-  "123456",
-  "123456789",
-  "qwerty",
-  "abc123",
-  "password123",
-  "admin",
-  "letmein",
-  "welcome",
-  "monkey",
-  "1234567890",
-  "password1"
-]);
-var WEAK_PATTERNS = [
-  /^(.)\1+$/,
-  // All same character
-  /^(012|123|234|345|456|567|678|789|890|987|876|765|654|543|432|321|210)+/,
-  // Sequential numbers
-  /^(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz)+/i
-  // Sequential letters
-];
-var securePasswordSchema2 = z3.string().min(8, "Password must be at least 8 characters long").max(128, "Password must not exceed 128 characters").refine(
-  (password) => /[a-z]/.test(password),
-  "Password must contain at least one lowercase letter"
-).refine(
-  (password) => /[A-Z]/.test(password),
-  "Password must contain at least one uppercase letter"
-).refine(
-  (password) => /\d/.test(password),
-  "Password must contain at least one number"
-).refine(
-  (password) => /[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password),
-  "Password must contain at least one special character"
-).refine(
-  (password) => !COMMON_PASSWORDS.has(password.toLowerCase()),
-  "Password is too common. Please choose a stronger password"
-).refine(
-  (password) => !WEAK_PATTERNS.some((pattern) => pattern.test(password)),
-  "Password contains weak patterns. Please choose a more complex password"
-).refine(
-  (password) => {
-    const keyboardPatterns = ["qwerty", "asdfgh", "zxcvbn", "1234567890"];
-    return !keyboardPatterns.some(
-      (pattern) => password.toLowerCase().includes(pattern)
-    );
-  },
-  "Password contains keyboard patterns. Please choose a more secure password"
-);
-var passwordSchema2 = z3.string().min(6, "Password must be at least 6 characters long").max(128, "Password must not exceed 128 characters");
-function calculatePasswordStrength(password) {
-  let score = 0;
-  const feedback = [];
-  if (password.length >= 8) score += 20;
-  else if (password.length >= 6) score += 10;
-  else feedback.push("Use at least 8 characters");
-  if (/[a-z]/.test(password)) score += 15;
-  else feedback.push("Add lowercase letters");
-  if (/[A-Z]/.test(password)) score += 15;
-  else feedback.push("Add uppercase letters");
-  if (/\d/.test(password)) score += 15;
-  else feedback.push("Add numbers");
-  if (/[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password)) score += 15;
-  else feedback.push("Add special characters");
-  if (password.length >= 12) score += 10;
-  if (/[^a-zA-Z0-9]/.test(password)) score += 10;
-  if (COMMON_PASSWORDS.has(password.toLowerCase())) {
-    score -= 30;
-    feedback.push("Avoid common passwords");
-  }
-  if (WEAK_PATTERNS.some((pattern) => pattern.test(password))) {
-    score -= 20;
-    feedback.push("Avoid predictable patterns");
-  }
-  let level;
-  if (score < 30) level = "very-weak";
-  else if (score < 50) level = "weak";
-  else if (score < 70) level = "fair";
-  else if (score < 90) level = "good";
-  else level = "strong";
-  return { score: Math.max(0, Math.min(100, score)), feedback, level };
-}
 export {
-  buildSafeQueryParams,
-  calculatePasswordStrength,
-  changePasswordSchema,
-  combineSchemas,
-  contactFormSchema,
-  csrfManager,
-  dateSchema,
-  detectSQLInjection,
-  emailSchema,
-  escapeLikeQuery,
-  generateCSRFToken,
-  getCSRFToken,
-  limitOffsetSchema,
-  loginSchema,
-  nameSchema,
-  orderBySchema,
-  passwordResetSchema,
-  passwordSchema,
-  phoneSchema,
-  pickSchema,
-  registrationSchema,
-  sanitizeEmail,
-  sanitizeFilters,
-  sanitizeSearchQuery,
-  sanitizeString,
-  searchQuerySchema,
-  secureEmailSchema,
-  secureLoginSchema,
-  securePasswordSchema,
-  sqlIdentifierSchema,
-  urlSchema,
-  userProfileSchema,
-  validateCSRFToken
+  deepMerge,
+  isEmpty,
+  isObject,
+  isStrongPassword,
+  isValidDate,
+  isValidEmail,
+  isValidUrl,
+  isWithinRange,
+  matchesPattern
 };
 //# sourceMappingURL=validation.js.map

package/dist/validation.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/validation/sanitization.ts","../src/validation/csrf.ts","../src/validation/sqlInjectionProtection.ts","../src/validation/passwordSchema.ts"],"sourcesContent":["\n/**\n * @file Input sanitization and validation schemas\n * @description Enhanced validation schemas with security features\n */\n\nimport { z } from 'zod';\n\n/**\n * Enhanced email schema with security checks\n */\nexport const secureEmailSchema = z\n  .string()\n  .min(1, 'Email is required')\n  .email('Invalid email format')\n  .max(254, 'Email too long')\n  .refine(\n    (email) => {\n      if (!email || typeof email !== 'string') return false;\n      // Basic domain validation\n      const domain = email.split('@')[1];\n      return domain && domain.includes('.') && domain.length > 3;\n    },\n    'Invalid email domain'\n  )\n  .transform((email) => sanitizeEmail(email));\n\n/**\n * Basic email schema for common use\n */\nexport const emailSchema = z\n  .string()\n  .min(1, 'Email is required')\n  .email('Invalid email format');\n\n/**\n * Name validation schema\n */\nexport const nameSchema = z\n  .string()\n  .min(1, 'Name is required')\n  .max(100, 'Name too long')\n  .regex(/^[a-zA-Z\\s'-]+$/, 'Name contains invalid characters');\n\n/**\n * Phone validation schema\n */\nexport const phoneSchema = z\n  .string()\n  .regex(/^[\\+]?[1-9][\\d]{0,15}$/, 'Invalid phone number format');\n\n/**\n * URL validation schema\n */\nexport const urlSchema = z\n  .string()\n  .url('Invalid URL format');\n\n/**\n * Date validation schema\n */\nexport const dateSchema = z\n  .string()\n  .regex(/^\\d{4}-\\d{2}-\\d{2}$/, 'Invalid date format (YYYY-MM-DD)');\n\n/**\n * Secure login schema\n */\nexport const secureLoginSchema = z.object({\n  email: secureEmailSchema,\n  password: z.string().min(1, 'Password is required'),\n});\n\n/**\n * Sanitize email input\n */\nexport function sanitizeEmail(email: string): string {\n  if (!email || typeof email !== 'string') {\n    return '';\n  }\n  return email.toLowerCase().trim();\n}\n\n/**\n * Sanitize string input\n */\nexport function sanitizeString(input: string): string {\n  if (!input || typeof input !== 'string') {\n    return '';\n  }\n  return input\n    .replace(/[<>]/g, '') // Remove angle brackets\n    .replace(/javascript:/gi, '') // Remove javascript: protocol\n    .replace(/on\\w+=/gi, '') // Remove event handlers\n    .trim();\n}\n","/**\n * @file CSRF Protection Implementation\n * @description Session-based CSRF token management with security enhancements\n */\n\nimport { secureStorage } from '../utils/secureStorage';\n\nexport interface CSRFTokenData {\n  token: string;\n  sessionId: string;\n  timestamp: number;\n  used: boolean;\n}\n\nclass CSRFManager {\n  private tokenCache = new Map<string, CSRFTokenData>();\n  private readonly TOKEN_EXPIRY = 30 * 60 * 1000; // 30 minutes\n  private readonly MAX_TOKENS_PER_SESSION = 10;\n\n  /**\n   * Generate a new CSRF token for the current session\n   */\n  async generateToken(sessionId: string): Promise<string> {\n    try {\n      // Clean up expired tokens\n      await this.cleanupExpiredTokens();\n\n      // Limit tokens per session\n      const sessionTokens = Array.from(this.tokenCache.values())\n        .filter(data => data.sessionId === sessionId && !data.used);\n      \n      if (sessionTokens.length >= this.MAX_TOKENS_PER_SESSION) {\n        // Remove oldest token\n        const oldest = sessionTokens.sort((a, b) => a.timestamp - b.timestamp)[0];\n        this.tokenCache.delete(oldest.token);\n      }\n\n      // Generate cryptographically secure token\n      const tokenBytes = new Uint8Array(32);\n      crypto.getRandomValues(tokenBytes);\n      const token = Array.from(tokenBytes, byte => \n        byte.toString(16).padStart(2, '0')\n      ).join('');\n\n      const tokenData: CSRFTokenData = {\n        token,\n        sessionId,\n        timestamp: Date.now(),\n        used: false,\n      };\n\n      // Store in memory and secure storage\n      this.tokenCache.set(token, tokenData);\n      await this.persistTokens();\n\n      return token;\n    } catch (error) {\n      throw new Error('CSRF token generation failed');\n    }\n  }\n\n  /**\n   * Validate and consume a CSRF token\n   */\n  async validateToken(token: string, sessionId: string): Promise<boolean> {\n    try {\n      // Load tokens from storage if cache is empty\n      if (this.tokenCache.size === 0) {\n        await this.loadTokens();\n      }\n\n      const tokenData = this.tokenCache.get(token);\n      \n      if (!tokenData) {\n        return false;\n      }\n\n      // Check if token belongs to the session\n      if (tokenData.sessionId !== sessionId) {\n        return false;\n      }\n\n      // Check if token is already used\n      if (tokenData.used) {\n        return false;\n      }\n\n      // Check if token is expired\n      if (Date.now() - tokenData.timestamp > this.TOKEN_EXPIRY) {\n        this.tokenCache.delete(token);\n        await this.persistTokens();\n        return false;\n      }\n\n      // Mark token as used (one-time use)\n      tokenData.used = true;\n      this.tokenCache.set(token, tokenData);\n      await this.persistTokens();\n\n      return true;\n    } catch (error) {\n      return false;\n    }\n  }\n\n  /**\n   * Get current valid token for session\n   */\n  async getCurrentToken(sessionId: string): Promise<string | null> {\n    // Load tokens from storage if needed\n    if (this.tokenCache.size === 0) {\n      await this.loadTokens();\n    }\n\n    // Find valid unused token for session\n    for (const [token, data] of this.tokenCache.entries()) {\n      if (\n        data.sessionId === sessionId &&\n        !data.used &&\n        (Date.now() - data.timestamp) < this.TOKEN_EXPIRY\n      ) {\n        return token;\n      }\n    }\n\n    // Generate new token if none found\n    return await this.generateToken(sessionId);\n  }\n\n  /**\n   * Clean up expired and used tokens\n   */\n  private async cleanupExpiredTokens(): Promise<void> {\n    const now = Date.now();\n    const expiredTokens: string[] = [];\n\n    for (const [token, data] of this.tokenCache.entries()) {\n      if (data.used || (now - data.timestamp) > this.TOKEN_EXPIRY) {\n        expiredTokens.push(token);\n      }\n    }\n\n    expiredTokens.forEach(token => this.tokenCache.delete(token));\n    \n    if (expiredTokens.length > 0) {\n      await this.persistTokens();\n    }\n  }\n\n  /**\n   * Persist tokens to secure storage\n   */\n  private async persistTokens(): Promise<void> {\n    try {\n      const tokensArray = Array.from(this.tokenCache.entries());\n      await secureStorage.setItem(\n        'csrf_tokens',\n        JSON.stringify(tokensArray),\n        { encrypt: true, expiry: this.TOKEN_EXPIRY }\n      );\n    } catch (error) {\n      // Silent fail - tokens will be regenerated if needed\n    }\n  }\n\n  /**\n   * Load tokens from secure storage\n   */\n  private async loadTokens(): Promise<void> {\n    try {\n      const tokensData = await secureStorage.getItem('csrf_tokens');\n      if (tokensData) {\n        const tokensArray = JSON.parse(tokensData);\n        this.tokenCache = new Map(tokensArray);\n        // Clean up on load\n        await this.cleanupExpiredTokens();\n      }\n    } catch (error) {\n      this.tokenCache.clear();\n    }\n  }\n\n  /**\n   * Clear all tokens for session\n   */\n  async clearSession(sessionId: string): Promise<void> {\n    const tokensToRemove: string[] = [];\n    \n    for (const [token, data] of this.tokenCache.entries()) {\n      if (data.sessionId === sessionId) {\n        tokensToRemove.push(token);\n      }\n    }\n    \n    tokensToRemove.forEach(token => this.tokenCache.delete(token));\n    await this.persistTokens();\n  }\n}\n\n// Export singleton instance\nexport const csrfManager = new CSRFManager();\n\n// Convenience functions\nexport async function generateCSRFToken(sessionId: string): Promise<string> {\n  return csrfManager.generateToken(sessionId);\n}\n\nexport async function validateCSRFToken(token: string, sessionId: string): Promise<boolean> {\n  return csrfManager.validateToken(token, sessionId);\n}\n\nexport async function getCSRFToken(sessionId: string): Promise<string | null> {\n  return csrfManager.getCurrentToken(sessionId);\n}\n","\n/**\n * @file SQL Injection Protection\n * @description Utilities to prevent SQL injection attacks in dynamic queries\n */\n\nimport { z } from 'zod';\n\n// Common SQL injection patterns\nconst SQL_INJECTION_PATTERNS = [\n  /(\\b(SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER|EXEC|EXECUTE|UNION|SCRIPT|JAVASCRIPT)\\b)/i,\n  /(\\'|(\\\\\\')|(\\'\\')|(\\\"|(\\\\\\\")|(\\\\\")))|(\\\\x)|(\\\\u)/i,\n  /((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52))/i, // '|%27|' OR\n  /((%27)|(')|(%55)|u|(%55)|(%4E)|n|(%4E)|(%49)|i|(%49)|(%4F)|o|(%4F)|(%4E)|n|(%4E))/i, // '|%27|' UNION\n  /((%3D)|(=))[^\\n]*((%27)|(')|((\\\\x27))|((\\\\x2D))|((\\\\x23)))/i,\n  /(w*((%27)|(')|(%6F)|o|(%4F)|(%72)|r|(%52)))/i,\n  /((%27)|(')|(''))+union/i,\n  /exec(\\+|\\s)+(s|x)p\\w+/i,\n  /\\b(and|or)\\b.+?(=|<|>|\\bin\\b|\\blike\\b)/i,\n  /\\bunion\\b.+?\\bselect\\b/i,\n  /\\bdrop\\b.+?\\btable\\b/i,\n  /\\binsert\\b.+?\\binto\\b/i,\n  /\\bdelete\\b.+?\\bfrom\\b/i,\n  /\\bupdate\\b.+?\\bset\\b/i,\n  /(;|(\\\\x3B)).+?(drop|create|alter|exec|execute|insert|update|delete)/i,\n  /(%3B|;).+?(%44|%64|d)(%52|%72|r)(%4F|%6F|o)(%50|%70|p)/i\n];\n\n// Characters that should be escaped or removed\nconst DANGEROUS_CHARS = /[';\\\"\\\\%]/g;\n\n/**\n * Schema for validating and sanitizing search queries\n */\nexport const searchQuerySchema = z\n  .string()\n  .max(500, 'Search query too long')\n  .refine(\n    (query) => {\n      return !SQL_INJECTION_PATTERNS.some(pattern => pattern.test(query));\n    },\n    'Invalid characters detected in search query'\n  )\n  .transform((query) => sanitizeSearchQuery(query));\n\n/**\n * Schema for validating table/column names\n */\nexport const sqlIdentifierSchema = z\n  .string()\n  .min(1, 'Identifier cannot be empty')\n  .max(63, 'Identifier too long') // PostgreSQL limit\n  .regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/, 'Invalid identifier format')\n  .refine(\n    (identifier) => {\n      const reservedWords = [\n        'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE', 'ALTER',\n        'FROM', 'WHERE', 'JOIN', 'UNION', 'ORDER', 'GROUP', 'HAVING'\n      ];\n      return !reservedWords.includes(identifier.toUpperCase());\n    },\n    'Identifier cannot be a reserved SQL keyword'\n  );\n\n/**\n * Schema for validating order by clauses\n */\nexport const orderBySchema = z\n  .string()\n  .regex(/^[a-zA-Z_][a-zA-Z0-9_]*(\\s+(ASC|DESC|asc|desc))?$/, 'Invalid order by format');\n\n/**\n * Schema for validating limit/offset values\n */\nexport const limitOffsetSchema = z\n  .number()\n  .int('Must be an integer')\n  .min(0, 'Must be non-negative')\n  .max(1000, 'Limit too large'); // Reasonable maximum\n\n/**\n * Sanitize search query by removing dangerous characters\n */\nexport function sanitizeSearchQuery(query: string): string {\n  return query\n    .replace(DANGEROUS_CHARS, '') // Remove dangerous characters\n    .replace(/\\s+/g, ' ') // Normalize whitespace\n    .trim()\n    .slice(0, 500); // Enforce length limit\n}\n\n/**\n * Escape special characters for LIKE queries\n */\nexport function escapeLikeQuery(query: string): string {\n  return query\n    .replace(/\\\\/g, '\\\\\\\\') // Escape backslashes\n    .replace(/%/g, '\\\\%')   // Escape percent signs\n    .replace(/_/g, '\\\\_');  // Escape underscores\n}\n\n/**\n * Validate and sanitize a dynamic filter object\n */\nexport function sanitizeFilters(filters: Record<string, unknown>): Record<string, unknown> {\n  const sanitized: Record<string, unknown> = {};\n  \n  for (const [key, value] of Object.entries(filters)) {\n    // Validate the key (column name)\n    const keyValidation = sqlIdentifierSchema.safeParse(key);\n    if (!keyValidation.success) {\n      // Log warning for invalid filter keys\n      console.warn(`[SECURITY] Invalid filter key detected and removed: ${key}`);\n      continue;\n    }\n    \n    // Sanitize the value based on type\n    if (typeof value === 'string') {\n      const valueValidation = searchQuerySchema.safeParse(value);\n      if (valueValidation.success) {\n        sanitized[key] = valueValidation.data;\n      }\n    } else if (typeof value === 'number') {\n      if (Number.isFinite(value)) {\n        sanitized[key] = value;\n      }\n    } else if (typeof value === 'boolean') {\n      sanitized[key] = value;\n    } else if (Array.isArray(value)) {\n      // For IN queries, validate each item\n      const sanitizedArray = value\n        .filter(item => typeof item === 'string' || typeof item === 'number')\n        .map(item => typeof item === 'string' ? sanitizeSearchQuery(item) : item)\n        .slice(0, 100); // Limit array size\n      \n      if (sanitizedArray.length > 0) {\n        sanitized[key] = sanitizedArray;\n      }\n    }\n  }\n  \n  return sanitized;\n}\n\n/**\n * Build safe query parameters for Supabase\n */\nexport interface SafeQueryParams {\n  select?: string;\n  filters?: Record<string, unknown>;\n  orderBy?: string;\n  limit?: number;\n  offset?: number;\n  search?: string;\n}\n\nexport function buildSafeQueryParams(params: SafeQueryParams): SafeQueryParams {\n  const safe: SafeQueryParams = {};\n  \n  // Validate select clause\n  if (params.select) {\n    const selectFields = params.select.split(',').map(field => field.trim());\n    const validFields = selectFields.filter(field => {\n      return sqlIdentifierSchema.safeParse(field).success;\n    });\n    \n    if (validFields.length > 0) {\n      safe.select = validFields.join(', ');\n    }\n  }\n  \n  // Sanitize filters\n  if (params.filters) {\n    safe.filters = sanitizeFilters(params.filters);\n  }\n  \n  // Validate order by\n  if (params.orderBy) {\n    const orderByValidation = orderBySchema.safeParse(params.orderBy);\n    if (orderByValidation.success) {\n      safe.orderBy = orderByValidation.data;\n    }\n  }\n  \n  // Validate limit and offset\n  if (params.limit !== undefined) {\n    const limitValidation = limitOffsetSchema.safeParse(params.limit);\n    if (limitValidation.success) {\n      safe.limit = limitValidation.data;\n    }\n  }\n  \n  if (params.offset !== undefined) {\n    const offsetValidation = limitOffsetSchema.safeParse(params.offset);\n    if (offsetValidation.success) {\n      safe.offset = offsetValidation.data;\n    }\n  }\n  \n  // Sanitize search query\n  if (params.search) {\n    const searchValidation = searchQuerySchema.safeParse(params.search);\n    if (searchValidation.success) {\n      safe.search = searchValidation.data;\n    }\n  }\n  \n  return safe;\n}\n\n/**\n * Detect potential SQL injection attempts\n */\nexport function detectSQLInjection(input: string): {\n  isSuspicious: boolean;\n  patterns: string[];\n  riskLevel: 'low' | 'medium' | 'high' | 'critical';\n} {\n  const detectedPatterns: string[] = [];\n  let maxRisk: 'low' | 'medium' | 'high' | 'critical' = 'low';\n  \n  SQL_INJECTION_PATTERNS.forEach((pattern, index) => {\n    if (pattern.test(input)) {\n      detectedPatterns.push(`Pattern ${index + 1}`);\n      \n      // Assign risk levels based on pattern severity\n      if (index < 3) { // Most dangerous patterns first\n        maxRisk = 'critical';\n      } else if (index < 7 && maxRisk !== 'critical') {\n        maxRisk = 'high';\n      } else if (index < 12 && !['critical', 'high'].includes(maxRisk)) {\n        maxRisk = 'medium';\n      }\n    }\n  });\n  \n  return {\n    isSuspicious: detectedPatterns.length > 0,\n    patterns: detectedPatterns,\n    riskLevel: maxRisk\n  };\n}\n","\n/**\n * @file Enhanced Password Schema with Security Validations\n * @description Comprehensive password validation with security checks\n */\n\nimport { z } from 'zod';\n\n// Common weak passwords to check against\nconst COMMON_PASSWORDS = new Set([\n  'password', '123456', '123456789', 'qwerty', 'abc123', 'password123',\n  'admin', 'letmein', 'welcome', 'monkey', '1234567890', 'password1'\n]);\n\n// Common password patterns to avoid\nconst WEAK_PATTERNS = [\n  /^(.)\\1+$/, // All same character\n  /^(012|123|234|345|456|567|678|789|890|987|876|765|654|543|432|321|210)+/, // Sequential numbers\n  /^(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz)+/i, // Sequential letters\n];\n\n/**\n * Enhanced password validation schema with security checks\n */\nexport const securePasswordSchema = z\n  .string()\n  .min(8, 'Password must be at least 8 characters long')\n  .max(128, 'Password must not exceed 128 characters')\n  .refine(\n    (password) => /[a-z]/.test(password),\n    'Password must contain at least one lowercase letter'\n  )\n  .refine(\n    (password) => /[A-Z]/.test(password),\n    'Password must contain at least one uppercase letter'\n  )\n  .refine(\n    (password) => /\\d/.test(password),\n    'Password must contain at least one number'\n  )\n  .refine(\n    (password) => /[!@#$%^&*()_+\\-=\\[\\]{};':\"\\\\|,.<>\\/?]/.test(password),\n    'Password must contain at least one special character'\n  )\n  .refine(\n    (password) => !COMMON_PASSWORDS.has(password.toLowerCase()),\n    'Password is too common. Please choose a stronger password'\n  )\n  .refine(\n    (password) => !WEAK_PATTERNS.some(pattern => pattern.test(password)),\n    'Password contains weak patterns. Please choose a more complex password'\n  )\n  .refine(\n    (password) => {\n      // Check for keyboard patterns (qwerty, asdf, etc.)\n      const keyboardPatterns = ['qwerty', 'asdfgh', 'zxcvbn', '1234567890'];\n      return !keyboardPatterns.some(pattern => \n        password.toLowerCase().includes(pattern)\n      );\n    },\n    'Password contains keyboard patterns. Please choose a more secure password'\n  );\n\n/**\n * Basic password schema for less strict requirements\n */\nexport const passwordSchema = z\n  .string()\n  .min(6, 'Password must be at least 6 characters long')\n  .max(128, 'Password must not exceed 128 characters');\n\n/**\n * Password strength calculator\n */\nexport function calculatePasswordStrength(password: string): {\n  score: number;\n  feedback: string[];\n  level: 'very-weak' | 'weak' | 'fair' | 'good' | 'strong';\n} {\n  let score = 0;\n  const feedback: string[] = [];\n\n  // Length check\n  if (password.length >= 8) score += 20;\n  else if (password.length >= 6) score += 10;\n  else feedback.push('Use at least 8 characters');\n\n  // Character variety\n  if (/[a-z]/.test(password)) score += 15;\n  else feedback.push('Add lowercase letters');\n\n  if (/[A-Z]/.test(password)) score += 15;\n  else feedback.push('Add uppercase letters');\n\n  if (/\\d/.test(password)) score += 15;\n  else feedback.push('Add numbers');\n\n  if (/[!@#$%^&*()_+\\-=\\[\\]{};':\"\\\\|,.<>\\/?]/.test(password)) score += 15;\n  else feedback.push('Add special characters');\n\n  // Additional complexity\n  if (password.length >= 12) score += 10;\n  if (/[^a-zA-Z0-9]/.test(password)) score += 10;\n\n  // Penalties\n  if (COMMON_PASSWORDS.has(password.toLowerCase())) {\n    score -= 30;\n    feedback.push('Avoid common passwords');\n  }\n\n  if (WEAK_PATTERNS.some(pattern => pattern.test(password))) {\n    score -= 20;\n    feedback.push('Avoid predictable patterns');\n  }\n\n  // Determine level\n  let level: 'very-weak' | 'weak' | 'fair' | 'good' | 'strong';\n  if (score < 30) level = 'very-weak';\n  else if (score < 50) level = 'weak';\n  else if (score < 70) level = 'fair';\n  else if (score < 90) level = 'good';\n  else level = 'strong';\n\n  return { score: Math.max(0, Math.min(100, score)), feedback, level };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAMA,SAAS,SAAS;AAKX,IAAM,oBAAoB,EAC9B,OAAO,EACP,IAAI,GAAG,mBAAmB,EAC1B,MAAM,sBAAsB,EAC5B,IAAI,KAAK,gBAAgB,EACzB;AAAA,EACC,CAAC,UAAU;AACT,QAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAEhD,UAAM,SAAS,MAAM,MAAM,GAAG,EAAE,CAAC;AACjC,WAAO,UAAU,OAAO,SAAS,GAAG,KAAK,OAAO,SAAS;AAAA,EAC3D;AAAA,EACA;AACF,EACC,UAAU,CAAC,UAAU,cAAc,KAAK,CAAC;AAKrC,IAAMA,eAAc,EACxB,OAAO,EACP,IAAI,GAAG,mBAAmB,EAC1B,MAAM,sBAAsB;AAKxB,IAAMC,cAAa,EACvB,OAAO,EACP,IAAI,GAAG,kBAAkB,EACzB,IAAI,KAAK,eAAe,EACxB,MAAM,mBAAmB,kCAAkC;AAKvD,IAAMC,eAAc,EACxB,OAAO,EACP,MAAM,0BAA0B,6BAA6B;AAKzD,IAAMC,aAAY,EACtB,OAAO,EACP,IAAI,oBAAoB;AAKpB,IAAMC,cAAa,EACvB,OAAO,EACP,MAAM,uBAAuB,kCAAkC;AAK3D,IAAMC,qBAAoB,EAAE,OAAO;AAAA,EACxC,OAAO;AAAA,EACP,UAAU,EAAE,OAAO,EAAE,IAAI,GAAG,sBAAsB;AACpD,CAAC;AAKM,SAAS,cAAc,OAAuB;AACnD,MAAI,CAAC,SAAS,OAAO,UAAU,UAAU;AACvC,WAAO;AAAA,EACT;AACA,SAAO,MAAM,YAAY,EAAE,KAAK;AAClC;AAKO,SAAS,eAAe,OAAuB;AACpD,MAAI,CAAC,SAAS,OAAO,UAAU,UAAU;AACvC,WAAO;AAAA,EACT;AACA,SAAO,MACJ,QAAQ,SAAS,EAAE,EACnB,QAAQ,iBAAiB,EAAE,EAC3B,QAAQ,YAAY,EAAE,EACtB,KAAK;AACV;;;AC1FA;AASA,IAAM,cAAN,MAAkB;AAAA,EAAlB;AACE,SAAQ,aAAa,oBAAI,IAA2B;AACpD,SAAiB,eAAe,KAAK,KAAK;AAC1C;AAAA,SAAiB,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA,EAK1C,MAAM,cAAc,WAAoC;AACtD,QAAI;AAEF,YAAM,KAAK,qBAAqB;AAGhC,YAAM,gBAAgB,MAAM,KAAK,KAAK,WAAW,OAAO,CAAC,EACtD,OAAO,UAAQ,KAAK,cAAc,aAAa,CAAC,KAAK,IAAI;AAE5D,UAAI,cAAc,UAAU,KAAK,wBAAwB;AAEvD,cAAM,SAAS,cAAc,KAAK,CAAC,GAAG,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;AACxE,aAAK,WAAW,OAAO,OAAO,KAAK;AAAA,MACrC;AAGA,YAAM,aAAa,IAAI,WAAW,EAAE;AACpC,aAAO,gBAAgB,UAAU;AACjC,YAAM,QAAQ,MAAM;AAAA,QAAK;AAAA,QAAY,UACnC,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,MACnC,EAAE,KAAK,EAAE;AAET,YAAM,YAA2B;AAAA,QAC/B;AAAA,QACA;AAAA,QACA,WAAW,KAAK,IAAI;AAAA,QACpB,MAAM;AAAA,MACR;AAGA,WAAK,WAAW,IAAI,OAAO,SAAS;AACpC,YAAM,KAAK,cAAc;AAEzB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAc,OAAe,WAAqC;AACtE,QAAI;AAEF,UAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,cAAM,KAAK,WAAW;AAAA,MACxB;AAEA,YAAM,YAAY,KAAK,WAAW,IAAI,KAAK;AAE3C,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,MACT;AAGA,UAAI,UAAU,cAAc,WAAW;AACrC,eAAO;AAAA,MACT;AAGA,UAAI,UAAU,MAAM;AAClB,eAAO;AAAA,MACT;AAGA,UAAI,KAAK,IAAI,IAAI,UAAU,YAAY,KAAK,cAAc;AACxD,aAAK,WAAW,OAAO,KAAK;AAC5B,cAAM,KAAK,cAAc;AACzB,eAAO;AAAA,MACT;AAGA,gBAAU,OAAO;AACjB,WAAK,WAAW,IAAI,OAAO,SAAS;AACpC,YAAM,KAAK,cAAc;AAEzB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,WAA2C;AAE/D,QAAI,KAAK,WAAW,SAAS,GAAG;AAC9B,YAAM,KAAK,WAAW;AAAA,IACxB;AAGA,eAAW,CAAC,OAAO,IAAI,KAAK,KAAK,WAAW,QAAQ,GAAG;AACrD,UACE,KAAK,cAAc,aACnB,CAAC,KAAK,QACL,KAAK,IAAI,IAAI,KAAK,YAAa,KAAK,cACrC;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAGA,WAAO,MAAM,KAAK,cAAc,SAAS;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,uBAAsC;AAClD,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,gBAA0B,CAAC;AAEjC,eAAW,CAAC,OAAO,IAAI,KAAK,KAAK,WAAW,QAAQ,GAAG;AACrD,UAAI,KAAK,QAAS,MAAM,KAAK,YAAa,KAAK,cAAc;AAC3D,sBAAc,KAAK,KAAK;AAAA,MAC1B;AAAA,IACF;AAEA,kBAAc,QAAQ,WAAS,KAAK,WAAW,OAAO,KAAK,CAAC;AAE5D,QAAI,cAAc,SAAS,GAAG;AAC5B,YAAM,KAAK,cAAc;AAAA,IAC3B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,gBAA+B;AAC3C,QAAI;AACF,YAAM,cAAc,MAAM,KAAK,KAAK,WAAW,QAAQ,CAAC;AACxD,YAAM,cAAc;AAAA,QAClB;AAAA,QACA,KAAK,UAAU,WAAW;AAAA,QAC1B,EAAE,SAAS,MAAM,QAAQ,KAAK,aAAa;AAAA,MAC7C;AAAA,IACF,SAAS,OAAO;AAAA,IAEhB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,aAA4B;AACxC,QAAI;AACF,YAAM,aAAa,MAAM,cAAc,QAAQ,aAAa;AAC5D,UAAI,YAAY;AACd,cAAM,cAAc,KAAK,MAAM,UAAU;AACzC,aAAK,aAAa,IAAI,IAAI,WAAW;AAErC,cAAM,KAAK,qBAAqB;AAAA,MAClC;AAAA,IACF,SAAS,OAAO;AACd,WAAK,WAAW,MAAM;AAAA,IACxB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,WAAkC;AACnD,UAAM,iBAA2B,CAAC;AAElC,eAAW,CAAC,OAAO,IAAI,KAAK,KAAK,WAAW,QAAQ,GAAG;AACrD,UAAI,KAAK,cAAc,WAAW;AAChC,uBAAe,KAAK,KAAK;AAAA,MAC3B;AAAA,IACF;AAEA,mBAAe,QAAQ,WAAS,KAAK,WAAW,OAAO,KAAK,CAAC;AAC7D,UAAM,KAAK,cAAc;AAAA,EAC3B;AACF;AAGO,IAAM,cAAc,IAAI,YAAY;AAG3C,eAAsB,kBAAkB,WAAoC;AAC1E,SAAO,YAAY,cAAc,SAAS;AAC5C;AAEA,eAAsB,kBAAkB,OAAe,WAAqC;AAC1F,SAAO,YAAY,cAAc,OAAO,SAAS;AACnD;AAEA,eAAsB,aAAa,WAA2C;AAC5E,SAAO,YAAY,gBAAgB,SAAS;AAC9C;;;AC/MA,SAAS,KAAAC,UAAS;AAGlB,IAAM,yBAAyB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,IAAM,kBAAkB;AAKjB,IAAM,oBAAoBA,GAC9B,OAAO,EACP,IAAI,KAAK,uBAAuB,EAChC;AAAA,EACC,CAAC,UAAU;AACT,WAAO,CAAC,uBAAuB,KAAK,aAAW,QAAQ,KAAK,KAAK,CAAC;AAAA,EACpE;AAAA,EACA;AACF,EACC,UAAU,CAAC,UAAU,oBAAoB,KAAK,CAAC;AAK3C,IAAM,sBAAsBA,GAChC,OAAO,EACP,IAAI,GAAG,4BAA4B,EACnC,IAAI,IAAI,qBAAqB,EAC7B,MAAM,4BAA4B,2BAA2B,EAC7D;AAAA,EACC,CAAC,eAAe;AACd,UAAM,gBAAgB;AAAA,MACpB;AAAA,MAAU;AAAA,MAAU;AAAA,MAAU;AAAA,MAAU;AAAA,MAAQ;AAAA,MAAU;AAAA,MAC1D;AAAA,MAAQ;AAAA,MAAS;AAAA,MAAQ;AAAA,MAAS;AAAA,MAAS;AAAA,MAAS;AAAA,IACtD;AACA,WAAO,CAAC,cAAc,SAAS,WAAW,YAAY,CAAC;AAAA,EACzD;AAAA,EACA;AACF;AAKK,IAAM,gBAAgBA,GAC1B,OAAO,EACP,MAAM,qDAAqD,yBAAyB;AAKhF,IAAM,oBAAoBA,GAC9B,OAAO,EACP,IAAI,oBAAoB,EACxB,IAAI,GAAG,sBAAsB,EAC7B,IAAI,KAAM,iBAAiB;AAKvB,SAAS,oBAAoB,OAAuB;AACzD,SAAO,MACJ,QAAQ,iBAAiB,EAAE,EAC3B,QAAQ,QAAQ,GAAG,EACnB,KAAK,EACL,MAAM,GAAG,GAAG;AACjB;AAKO,SAAS,gBAAgB,OAAuB;AACrD,SAAO,MACJ,QAAQ,OAAO,MAAM,EACrB,QAAQ,MAAM,KAAK,EACnB,QAAQ,MAAM,KAAK;AACxB;AAKO,SAAS,gBAAgB,SAA2D;AACzF,QAAM,YAAqC,CAAC;AAE5C,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,GAAG;AAElD,UAAM,gBAAgB,oBAAoB,UAAU,GAAG;AACvD,QAAI,CAAC,cAAc,SAAS;AAE1B,cAAQ,KAAK,uDAAuD,GAAG,EAAE;AACzE;AAAA,IACF;AAGA,QAAI,OAAO,UAAU,UAAU;AAC7B,YAAM,kBAAkB,kBAAkB,UAAU,KAAK;AACzD,UAAI,gBAAgB,SAAS;AAC3B,kBAAU,GAAG,IAAI,gBAAgB;AAAA,MACnC;AAAA,IACF,WAAW,OAAO,UAAU,UAAU;AACpC,UAAI,OAAO,SAAS,KAAK,GAAG;AAC1B,kBAAU,GAAG,IAAI;AAAA,MACnB;AAAA,IACF,WAAW,OAAO,UAAU,WAAW;AACrC,gBAAU,GAAG,IAAI;AAAA,IACnB,WAAW,MAAM,QAAQ,KAAK,GAAG;AAE/B,YAAM,iBAAiB,MACpB,OAAO,UAAQ,OAAO,SAAS,YAAY,OAAO,SAAS,QAAQ,EACnE,IAAI,UAAQ,OAAO,SAAS,WAAW,oBAAoB,IAAI,IAAI,IAAI,EACvE,MAAM,GAAG,GAAG;AAEf,UAAI,eAAe,SAAS,GAAG;AAC7B,kBAAU,GAAG,IAAI;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAcO,SAAS,qBAAqB,QAA0C;AAC7E,QAAM,OAAwB,CAAC;AAG/B,MAAI,OAAO,QAAQ;AACjB,UAAM,eAAe,OAAO,OAAO,MAAM,GAAG,EAAE,IAAI,WAAS,MAAM,KAAK,CAAC;AACvE,UAAM,cAAc,aAAa,OAAO,WAAS;AAC/C,aAAO,oBAAoB,UAAU,KAAK,EAAE;AAAA,IAC9C,CAAC;AAED,QAAI,YAAY,SAAS,GAAG;AAC1B,WAAK,SAAS,YAAY,KAAK,IAAI;AAAA,IACrC;AAAA,EACF;AAGA,MAAI,OAAO,SAAS;AAClB,SAAK,UAAU,gBAAgB,OAAO,OAAO;AAAA,EAC/C;AAGA,MAAI,OAAO,SAAS;AAClB,UAAM,oBAAoB,cAAc,UAAU,OAAO,OAAO;AAChE,QAAI,kBAAkB,SAAS;AAC7B,WAAK,UAAU,kBAAkB;AAAA,IACnC;AAAA,EACF;AAGA,MAAI,OAAO,UAAU,QAAW;AAC9B,UAAM,kBAAkB,kBAAkB,UAAU,OAAO,KAAK;AAChE,QAAI,gBAAgB,SAAS;AAC3B,WAAK,QAAQ,gBAAgB;AAAA,IAC/B;AAAA,EACF;AAEA,MAAI,OAAO,WAAW,QAAW;AAC/B,UAAM,mBAAmB,kBAAkB,UAAU,OAAO,MAAM;AAClE,QAAI,iBAAiB,SAAS;AAC5B,WAAK,SAAS,iBAAiB;AAAA,IACjC;AAAA,EACF;AAGA,MAAI,OAAO,QAAQ;AACjB,UAAM,mBAAmB,kBAAkB,UAAU,OAAO,MAAM;AAClE,QAAI,iBAAiB,SAAS;AAC5B,WAAK,SAAS,iBAAiB;AAAA,IACjC;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,mBAAmB,OAIjC;AACA,QAAM,mBAA6B,CAAC;AACpC,MAAI,UAAkD;AAEtD,yBAAuB,QAAQ,CAAC,SAAS,UAAU;AACjD,QAAI,QAAQ,KAAK,KAAK,GAAG;AACvB,uBAAiB,KAAK,WAAW,QAAQ,CAAC,EAAE;AAG5C,UAAI,QAAQ,GAAG;AACb,kBAAU;AAAA,MACZ,WAAW,QAAQ,KAAK,YAAY,YAAY;AAC9C,kBAAU;AAAA,MACZ,WAAW,QAAQ,MAAM,CAAC,CAAC,YAAY,MAAM,EAAE,SAAS,OAAO,GAAG;AAChE,kBAAU;AAAA,MACZ;AAAA,IACF;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,cAAc,iBAAiB,SAAS;AAAA,IACxC,UAAU;AAAA,IACV,WAAW;AAAA,EACb;AACF;;;AC3OA,SAAS,KAAAC,UAAS;AAGlB,IAAM,mBAAmB,oBAAI,IAAI;AAAA,EAC/B;AAAA,EAAY;AAAA,EAAU;AAAA,EAAa;AAAA,EAAU;AAAA,EAAU;AAAA,EACvD;AAAA,EAAS;AAAA,EAAW;AAAA,EAAW;AAAA,EAAU;AAAA,EAAc;AACzD,CAAC;AAGD,IAAM,gBAAgB;AAAA,EACpB;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAKO,IAAMC,wBAAuBD,GACjC,OAAO,EACP,IAAI,GAAG,6CAA6C,EACpD,IAAI,KAAK,yCAAyC,EAClD;AAAA,EACC,CAAC,aAAa,QAAQ,KAAK,QAAQ;AAAA,EACnC;AACF,EACC;AAAA,EACC,CAAC,aAAa,QAAQ,KAAK,QAAQ;AAAA,EACnC;AACF,EACC;AAAA,EACC,CAAC,aAAa,KAAK,KAAK,QAAQ;AAAA,EAChC;AACF,EACC;AAAA,EACC,CAAC,aAAa,wCAAwC,KAAK,QAAQ;AAAA,EACnE;AACF,EACC;AAAA,EACC,CAAC,aAAa,CAAC,iBAAiB,IAAI,SAAS,YAAY,CAAC;AAAA,EAC1D;AACF,EACC;AAAA,EACC,CAAC,aAAa,CAAC,cAAc,KAAK,aAAW,QAAQ,KAAK,QAAQ,CAAC;AAAA,EACnE;AACF,EACC;AAAA,EACC,CAAC,aAAa;AAEZ,UAAM,mBAAmB,CAAC,UAAU,UAAU,UAAU,YAAY;AACpE,WAAO,CAAC,iBAAiB;AAAA,MAAK,aAC5B,SAAS,YAAY,EAAE,SAAS,OAAO;AAAA,IACzC;AAAA,EACF;AAAA,EACA;AACF;AAKK,IAAME,kBAAiBF,GAC3B,OAAO,EACP,IAAI,GAAG,6CAA6C,EACpD,IAAI,KAAK,yCAAyC;AAK9C,SAAS,0BAA0B,UAIxC;AACA,MAAI,QAAQ;AACZ,QAAM,WAAqB,CAAC;AAG5B,MAAI,SAAS,UAAU,EAAG,UAAS;AAAA,WAC1B,SAAS,UAAU,EAAG,UAAS;AAAA,MACnC,UAAS,KAAK,2BAA2B;AAG9C,MAAI,QAAQ,KAAK,QAAQ,EAAG,UAAS;AAAA,MAChC,UAAS,KAAK,uBAAuB;AAE1C,MAAI,QAAQ,KAAK,QAAQ,EAAG,UAAS;AAAA,MAChC,UAAS,KAAK,uBAAuB;AAE1C,MAAI,KAAK,KAAK,QAAQ,EAAG,UAAS;AAAA,MAC7B,UAAS,KAAK,aAAa;AAEhC,MAAI,wCAAwC,KAAK,QAAQ,EAAG,UAAS;AAAA,MAChE,UAAS,KAAK,wBAAwB;AAG3C,MAAI,SAAS,UAAU,GAAI,UAAS;AACpC,MAAI,eAAe,KAAK,QAAQ,EAAG,UAAS;AAG5C,MAAI,iBAAiB,IAAI,SAAS,YAAY,CAAC,GAAG;AAChD,aAAS;AACT,aAAS,KAAK,wBAAwB;AAAA,EACxC;AAEA,MAAI,cAAc,KAAK,aAAW,QAAQ,KAAK,QAAQ,CAAC,GAAG;AACzD,aAAS;AACT,aAAS,KAAK,4BAA4B;AAAA,EAC5C;AAGA,MAAI;AACJ,MAAI,QAAQ,GAAI,SAAQ;AAAA,WACf,QAAQ,GAAI,SAAQ;AAAA,WACpB,QAAQ,GAAI,SAAQ;AAAA,WACpB,QAAQ,GAAI,SAAQ;AAAA,MACxB,SAAQ;AAEb,SAAO,EAAE,OAAO,KAAK,IAAI,GAAG,KAAK,IAAI,KAAK,KAAK,CAAC,GAAG,UAAU,MAAM;AACrE;","names":["emailSchema","nameSchema","phoneSchema","urlSchema","dateSchema","secureLoginSchema","z","z","securePasswordSchema","passwordSchema"]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/docs/api/classes/ColumnFactory.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.135](../README.md) / [Exports](../modules.md) / ColumnFactory
+[@jmruthers/pace-core - v0.5.137](../README.md) / [Exports](../modules.md) / ColumnFactory
 
 # Class: ColumnFactory\<TData\>
 

package/docs/api/classes/ErrorBoundary.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.135](../README.md) / [Exports](../modules.md) / ErrorBoundary
+[@jmruthers/pace-core - v0.5.137](../README.md) / [Exports](../modules.md) / ErrorBoundary
 
 # Class: ErrorBoundary
 
@@ -60,7 +60,7 @@ Component\<ErrorBoundaryProps, ErrorBoundaryState\>.constructor
 
 #### Defined in
 
-[packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx:144](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx#L144)
+[packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx:145](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx#L145)
 
 ## Methods
 
@@ -80,7 +80,7 @@ Component\<ErrorBoundaryProps, ErrorBoundaryState\>.constructor
 
 #### Defined in
 
-[packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx:152](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx#L152)
+[packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx:153](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx#L153)
 
 ___
 
@@ -105,7 +105,7 @@ Component.componentDidCatch
 
 #### Defined in
 
-[packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx:161](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx#L161)
+[packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx:162](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx#L162)
 
 ___
 
@@ -123,7 +123,7 @@ Component.componentWillUnmount
 
 #### Defined in
 
-[packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx:215](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx#L215)
+[packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx:216](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx#L216)
 
 ___
 
@@ -141,4 +141,4 @@ Component.render
 
 #### Defined in
 
-[packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx:221](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx#L221)
+[packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx:222](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/components/ErrorBoundary/ErrorBoundary.tsx#L222)

package/docs/api/classes/InvalidScopeError.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.135](../README.md) / [Exports](../modules.md) / InvalidScopeError
+[@jmruthers/pace-core - v0.5.137](../README.md) / [Exports](../modules.md) / InvalidScopeError
 
 # Class: InvalidScopeError
 

package/docs/api/classes/MissingUserContextError.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.135](../README.md) / [Exports](../modules.md) / MissingUserContextError
+[@jmruthers/pace-core - v0.5.137](../README.md) / [Exports](../modules.md) / MissingUserContextError
 
 # Class: MissingUserContextError
 

package/docs/api/classes/OrganisationContextRequiredError.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.135](../README.md) / [Exports](../modules.md) / OrganisationContextRequiredError
+[@jmruthers/pace-core - v0.5.137](../README.md) / [Exports](../modules.md) / OrganisationContextRequiredError
 
 # Class: OrganisationContextRequiredError
 

package/docs/api/classes/PermissionDeniedError.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.135](../README.md) / [Exports](../modules.md) / PermissionDeniedError
+[@jmruthers/pace-core - v0.5.137](../README.md) / [Exports](../modules.md) / PermissionDeniedError
 
 # Class: PermissionDeniedError
 

package/docs/api/classes/PublicErrorBoundary.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.135](../README.md) / [Exports](../modules.md) / PublicErrorBoundary
+[@jmruthers/pace-core - v0.5.137](../README.md) / [Exports](../modules.md) / PublicErrorBoundary
 
 # Class: PublicErrorBoundary