@jmruthers/pace-core 0.5.136 → 0.5.139

package/dist/utils.d.ts

@@ -1,15 +1,15 @@
 export { S as SecureDataAccess, a as cn, j as formatCompactNumber, e as formatCurrency, f as formatDate, k as formatFileSize, h as formatNumber, i as formatPercent, g as getAppConfig, d as getCurrentAppId, s as setAppConfig, u as useSessionTracking } from './formatting-CvUXy2mF.js';
 import { SupabaseClient } from '@supabase/supabase-js';
 import { D as Database } from './database-C6jy7EOu.js';
-export { g as changePasswordSchema, t as combineSchemas, i as contactFormSchema, l as loginSchema, f as passwordResetSchema, q as pickSchema, r as registrationSchema, c as secureLoginSchema, s as securePasswordSchema, h as userProfileSchema } from './validation-8npbysjg.js';
-export { CSRFTokenData, SafeQueryParams, SanitizationOptions, buildSafeQueryParams, calculatePasswordStrength, csrfManager, dateSchema, deepMerge, detectSQLInjection, emailSchema, enhancedEmailSchema, enhancedNameSchema, enhancedPasswordSchema, enhancedPhoneSchema, enhancedUrlSchema, escapeLikeQuery, generateCSRFToken, getCSRFToken, isEmpty, isObject, isStrongPassword, isValidDate, isValidEmail, isValidUrl, isWithinRange, limitOffsetSchema, matchesPattern, nameSchema, orderBySchema, passwordSchema, phoneSchema, renderSafeHtml, sanitizeFilters, sanitizeFormData, sanitizeHtml, sanitizeHtml as sanitizeHtmlAdvanced, sanitizeSearchQuery, sanitizeUserInput, sanitizeUserInput_deprecated, searchQuerySchema, sqlIdentifierSchema, urlSchema, userPreferencesSchema, userSettingsSchema, usernameSchema, validateCSRFToken, validateHtml, validateUserInput } from './validation.js';
+export { deepMerge, isEmpty, isObject, isStrongPassword, isValidDate, isValidEmail, isValidUrl, isWithinRange, matchesPattern } from './validation.js';
+import { z } from 'zod';
+export { c as combineSchemas, p as pickSchema } from './schema-DTDZQe2u.js';
 export { u as useComponentPerformance } from './useComponentPerformance-DE9l5RkL.js';
 import * as date_fns from 'date-fns';
 import { D as DataTable } from './DataTable-CWAZZcXC.js';
 import './types-Dfz9dmVH.js';
 import React__default, { ComponentType } from 'react';
 import 'clsx';
-import 'zod';
 import 'react/jsx-runtime';
 import '@tanstack/react-table';
 
@@ -239,6 +239,91 @@ declare class CachedAppIdResolver {
 }
 declare const cachedAppIdResolver: CachedAppIdResolver;
 
+/**
+ * @file Input Sanitization Layer
+ * @package @jmruthers/pace-core
+ * @module Utils/Validation/Sanitization
+ * @since 0.1.0
+ *
+ * Comprehensive input sanitization utilities to prevent XSS, injection attacks,
+ * and other security vulnerabilities.
+ */
+
+/**
+ * Sanitization options for different contexts
+ */
+interface SanitizationOptions {
+    allowHtml?: boolean;
+    allowedTags?: string[];
+    maxLength?: number;
+    trim?: boolean;
+    removeScripts?: boolean;
+    removeEvents?: boolean;
+}
+/**
+ * Sanitizes user input by removing potentially dangerous characters and patterns
+ */
+declare function sanitizeUserInput(input: string, options?: SanitizationOptions): string;
+/**
+ * Validates and sanitizes form data using Zod schemas
+ */
+declare function sanitizeFormData<T>(data: unknown, schema: z.ZodSchema<T>, sanitizationRules?: Record<string, SanitizationOptions>): {
+    success: boolean;
+    data?: T;
+    error?: string;
+};
+
+/**
+ * @file Validation utilities
+ *
+ * Shared validation utilities with enhanced security
+ */
+
+/**
+ * Validates user input against a schema with automatic sanitization
+ */
+declare function validateUserInput<T>(schema: z.ZodSchema<T>, data: unknown, sanitizationRules?: Record<string, SanitizationOptions>): {
+    success: boolean;
+    data?: T;
+    error?: string;
+};
+/**
+ * Username validation with sanitization
+ */
+declare const usernameSchema: z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>;
+
+/**
+ * @file Common validation schemas
+ * @description Reusable validation schemas for common data types
+ */
+
+/**
+ * Email validation schema
+ */
+declare const emailSchema: z.ZodString;
+/**
+ * Name validation schema
+ */
+declare const nameSchema: z.ZodString;
+/**
+ * Phone number validation schema
+ */
+declare const phoneSchema: z.ZodString;
+/**
+ * URL validation schema
+ */
+declare const urlSchema: z.ZodString;
+
+/**
+ * @file Enhanced Password Schema with Security Validations
+ * @description Comprehensive password validation with security checks
+ */
+
+/**
+ * Basic password schema for less strict requirements
+ */
+declare const passwordSchema: z.ZodString;
+
 interface SecurityEvent$1 {
     type: string;
     timestamp: Date;
@@ -560,4 +645,4 @@ declare function getOrganisationContext(supabase: SupabaseClient): Promise<strin
  */
 declare function isOrganisationContextAvailable(supabase: SupabaseClient): Promise<boolean>;
 
-export { CachedAppIdResolver, DebugLogger, LazyDataTable, LogLevel, Logger, type LoggerConfig, PERFORMANCE_BUDGETS, PERFORMANCE_THRESHOLDS, type PerformanceMetrics$1 as PerformanceMetrics, PermissionType, type SecurityEvent$1 as SecurityEvent, auditLog, auditLogger, bundleAnalyzer, cachedAppIdResolver, clearOrganisationContext, createLazyComponent, createLazyUtility, createLogger, createPerformanceBenchmark, generateDeviceFingerprint, getAppId, getAppIds, getAppNameFromBuildTime, getAppNameFromEnvironment, getAppNameFromGlobal, getAppNameFromPackageJson, getCurrentAppName, getCurrentAppNameWithFallback, getOrganisationContext, getSecurityHeaders, hasAllPermissions, hasAnyPermission, hasPermission, isOrganisationContextAvailable, lazyCSVUtils, lazyChartUtils, lazyDateUtils, lazyFormUtils, lazyLodash, loadCSVUtils, loadChartUtils, loadDateUtils, loadFormUtils, loadLodash, logAuditEvent, logAuthEvent, logPermissionEvent, logSecurityEvent, logger, measureRenderPerformance, parsePermission, performanceBudgetMonitor, securityMonitor, setOrganisationContext, setRBACAppName, trackDynamicImport, transformPermissionMapToBoolean, validateDeviceFingerprint, validateImportPattern, validateSecurityHeaders };
+export { CachedAppIdResolver, DebugLogger, LazyDataTable, LogLevel, Logger, type LoggerConfig, PERFORMANCE_BUDGETS, PERFORMANCE_THRESHOLDS, type PerformanceMetrics$1 as PerformanceMetrics, PermissionType, type SecurityEvent$1 as SecurityEvent, auditLog, auditLogger, bundleAnalyzer, cachedAppIdResolver, clearOrganisationContext, createLazyComponent, createLazyUtility, createLogger, createPerformanceBenchmark, emailSchema, generateDeviceFingerprint, getAppId, getAppIds, getAppNameFromBuildTime, getAppNameFromEnvironment, getAppNameFromGlobal, getAppNameFromPackageJson, getCurrentAppName, getCurrentAppNameWithFallback, getOrganisationContext, getSecurityHeaders, hasAllPermissions, hasAnyPermission, hasPermission, isOrganisationContextAvailable, lazyCSVUtils, lazyChartUtils, lazyDateUtils, lazyFormUtils, lazyLodash, loadCSVUtils, loadChartUtils, loadDateUtils, loadFormUtils, loadLodash, logAuditEvent, logAuthEvent, logPermissionEvent, logSecurityEvent, logger, measureRenderPerformance, nameSchema, parsePermission, passwordSchema, performanceBudgetMonitor, phoneSchema, sanitizeFormData, sanitizeUserInput, securityMonitor, setOrganisationContext, setRBACAppName, trackDynamicImport, transformPermissionMapToBoolean, urlSchema, usernameSchema, validateDeviceFingerprint, validateImportPattern, validateSecurityHeaders, validateUserInput };

package/dist/utils.js

@@ -17,6 +17,7 @@ import {
   getAppId,
   getAppIds
 } from "./chunk-S5OFRT4M.js";
+import "./chunk-OWAG3GSU.js";
 import {
   getAppNameFromBuildTime,
   getAppNameFromEnvironment,
@@ -27,17 +28,7 @@ import {
   setRBACAppName
 } from "./chunk-Q5QRDWKI.js";
 import {
-  buildSafeQueryParams,
-  calculatePasswordStrength,
-  csrfManager,
-  dateSchema,
   deepMerge,
-  detectSQLInjection,
-  emailSchema,
-  emailSchema2,
-  escapeLikeQuery,
-  generateCSRFToken,
-  getCSRFToken,
   isEmpty,
   isObject,
   isStrongPassword,
@@ -45,35 +36,8 @@ import {
   isValidEmail,
   isValidUrl,
   isWithinRange,
-  limitOffsetSchema,
-  matchesPattern,
-  nameSchema,
-  nameSchema2,
-  orderBySchema,
-  passwordSchema,
-  passwordSchema2,
-  phoneSchema,
-  phoneSchema2,
-  sanitizeFilters,
-  sanitizeFormData,
-  sanitizeSearchQuery,
-  sanitizeUserInput,
-  sanitizeUserInput_deprecated,
-  searchQuerySchema,
-  sqlIdentifierSchema,
-  urlSchema,
-  urlSchema2,
-  userPreferencesSchema,
-  userSettingsSchema,
-  usernameSchema,
-  validateCSRFToken,
-  validateUserInput
-} from "./chunk-APIBCTL2.js";
-import {
-  renderSafeHtml,
-  sanitizeHtml,
-  validateHtml
-} from "./chunk-5DPZ5EAT.js";
+  matchesPattern
+} from "./chunk-JISYG63F.js";
 import {
   useComponentPerformance
 } from "./chunk-ANBQRTPX.js";
@@ -88,25 +52,15 @@ import {
   clearOrganisationContext,
   getOrganisationContext,
   init_organisationContext,
+  init_secureStorage,
   isOrganisationContextAvailable,
+  secureStorage,
   setOrganisationContext
-} from "./chunk-K2WWTH7O.js";
-import {
-  init_secureStorage,
-  secureStorage
-} from "./chunk-444EZN6N.js";
+} from "./chunk-7QCC6MCP.js";
 import {
-  changePasswordSchema,
   combineSchemas,
-  contactFormSchema,
-  loginSchema,
-  passwordResetSchema,
-  pickSchema,
-  registrationSchema,
-  secureLoginSchema,
-  securePasswordSchema,
-  userProfileSchema
-} from "./chunk-LMC26NLJ.js";
+  pickSchema
+} from "./chunk-BJPBT3CU.js";
 import {
   LogLevel,
   Logger,
@@ -169,11 +123,210 @@ var DebugLogger = class {
 // src/utils/index.ts
 init_logger();
 
+// src/utils/validation/validationUtils.ts
+import { z as z2 } from "zod";
+
+// src/utils/validation/sanitization.ts
+import { z } from "zod";
+var DEFAULT_OPTIONS = {
+  allowHtml: false,
+  allowedTags: [],
+  maxLength: 1e3,
+  trim: true,
+  removeScripts: true,
+  removeEvents: true
+};
+function sanitizeUserInput(input, options = {}) {
+  if (typeof input !== "string") {
+    return "";
+  }
+  const opts = { ...DEFAULT_OPTIONS, ...options };
+  let sanitized = input;
+  if (opts.trim) {
+    sanitized = sanitized.trim();
+  }
+  if (opts.maxLength && sanitized.length > opts.maxLength) {
+    sanitized = sanitized.substring(0, opts.maxLength);
+  }
+  if (!opts.allowHtml) {
+    sanitized = sanitized.replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#x27;").replace(/\//g, "&#x2F;");
+  } else if (opts.allowedTags && opts.allowedTags.length > 0) {
+    const allowedTagsRegex = new RegExp(`<(?!/?(?:${opts.allowedTags.join("|")})s*/?>)[^>]+>`, "gi");
+    sanitized = sanitized.replace(allowedTagsRegex, "");
+  }
+  if (opts.removeScripts) {
+    sanitized = sanitized.replace(/<script[^>]*>.*?<\/script>/gi, "").replace(/javascript:/gi, "").replace(/vbscript:/gi, "").replace(/data:/gi, "");
+  }
+  if (opts.removeEvents) {
+    sanitized = sanitized.replace(/on\w+\s*=/gi, "");
+  }
+  return sanitized;
+}
+function sanitizeEmail(email) {
+  if (typeof email !== "string") {
+    return "";
+  }
+  return email.trim().toLowerCase().replace(/[^\w@.-]/g, "");
+}
+function sanitizeFormData(data, schema, sanitizationRules) {
+  try {
+    if (sanitizationRules && typeof data === "object" && data !== null) {
+      const sanitizedData = { ...data };
+      Object.entries(sanitizationRules).forEach(([field, options]) => {
+        if (typeof sanitizedData[field] === "string") {
+          sanitizedData[field] = sanitizeUserInput(sanitizedData[field], options);
+        }
+      });
+      data = sanitizedData;
+    }
+    const result = schema.parse(data);
+    return { success: true, data: result };
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return {
+        success: false,
+        error: error.errors.map((e) => e.message).join(", ")
+      };
+    }
+    return {
+      success: false,
+      error: "Validation failed"
+    };
+  }
+}
+var secureEmailSchema = z.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long").refine(
+  (email) => {
+    if (!email || typeof email !== "string") return false;
+    const domain = email.split("@")[1];
+    return domain && domain.includes(".") && domain.length > 3;
+  },
+  "Invalid email domain"
+).transform((email) => sanitizeEmail(email));
+var emailSchema = z.string().min(1, "Email is required").email("Invalid email format");
+var nameSchema = z.string().min(1, "Name is required").max(100, "Name too long").regex(/^[a-zA-Z\s'-]+$/, "Name contains invalid characters");
+var phoneSchema = z.string().regex(/^[\+]?[1-9][\d]{0,15}$/, "Invalid phone number format");
+var urlSchema = z.string().url("Invalid URL format");
+var dateSchema = z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "Invalid date format (YYYY-MM-DD)");
+var secureLoginSchema = z.object({
+  email: secureEmailSchema,
+  password: z.string().min(1, "Password is required")
+});
+
+// src/utils/validation/validationUtils.ts
+init_logger();
+var log = createLogger("ValidationUtils");
+function validateUserInput(schema, data, sanitizationRules) {
+  return sanitizeFormData(data, schema, sanitizationRules);
+}
+var emailSchema2 = z2.string().transform((email) => email.toLowerCase().trim()).pipe(z2.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long"));
+var passwordSchema = z2.string().min(8, "Password must be at least 8 characters").max(128, "Password too long").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number").regex(/[^A-Za-z0-9]/, "Password must contain at least one special character");
+var usernameSchema = z2.string().transform((username) => username.toLowerCase().trim()).pipe(z2.string().min(3, "Username must be at least 3 characters").max(30, "Username too long").regex(/^[a-zA-Z0-9_-]+$/, "Username can only contain letters, numbers, hyphens, and underscores"));
+var nameSchema2 = z2.string().min(1, "Name is required").max(100, "Name too long").refine((name) => {
+  const dangerousPatterns = [
+    /<script/i,
+    /<img/i,
+    /on\w+\s*=/i,
+    /javascript:/i,
+    /data:/i,
+    /vbscript:/i
+  ];
+  return !dangerousPatterns.some((pattern) => pattern.test(name));
+}, "Name contains invalid characters").transform((name) => sanitizeUserInput(name, {
+  allowHtml: false,
+  maxLength: 100,
+  trim: true
+}));
+var phoneSchema2 = z2.string().min(10, "Phone number must be at least 10 digits").max(20, "Phone number too long").regex(/^[\+]?[0-9\s\-\(\)\.]+$/, "Invalid phone number format").refine((phone) => {
+  const digitsOnly = phone.replace(/\D/g, "");
+  return digitsOnly.length >= 10 && digitsOnly.length <= 15;
+}, "Phone number must be between 10 and 15 digits");
+var urlSchema2 = z2.string().min(1, "URL is required").max(2048, "URL too long").refine((url) => {
+  try {
+    const parsed = new URL(url);
+    return ["http:", "https:"].includes(parsed.protocol);
+  } catch {
+    return false;
+  }
+}, "Invalid URL format").refine((url) => {
+  const dangerousPatterns = [
+    /javascript:/i,
+    /data:/i,
+    /vbscript:/i,
+    /file:/i,
+    /mailto:/i
+  ];
+  return !dangerousPatterns.some((pattern) => pattern.test(url));
+}, "URL contains invalid protocol");
+
+// src/utils/validation/common.ts
+import { z as z3 } from "zod";
+var emailSchema3 = z3.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long");
+var nameSchema3 = z3.string().min(1, "Name is required").max(100, "Name too long").regex(/^[a-zA-Z\s'-]+$/, "Name contains invalid characters");
+var phoneSchema3 = z3.string().regex(/^\+?[\d\s\-\(\)]+$/, "Invalid phone number format").min(10, "Phone number too short").max(20, "Phone number too long");
+var urlSchema3 = z3.string().url("Invalid URL format").max(2048, "URL too long");
+var dateSchema2 = z3.string().regex(/^\d{4}-\d{2}-\d{2}$/, "Date must be in YYYY-MM-DD format").refine((date) => {
+  const parsed = new Date(date);
+  return !isNaN(parsed.getTime());
+}, "Invalid date");
+
+// src/utils/validation/passwordSchema.ts
+import { z as z4 } from "zod";
+var COMMON_PASSWORDS = /* @__PURE__ */ new Set([
+  "password",
+  "123456",
+  "123456789",
+  "qwerty",
+  "abc123",
+  "password123",
+  "admin",
+  "letmein",
+  "welcome",
+  "monkey",
+  "1234567890",
+  "password1"
+]);
+var WEAK_PATTERNS = [
+  /^(.)\1+$/,
+  // All same character
+  /^(012|123|234|345|456|567|678|789|890|987|876|765|654|543|432|321|210)+/,
+  // Sequential numbers
+  /^(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz)+/i
+  // Sequential letters
+];
+var securePasswordSchema = z4.string().min(8, "Password must be at least 8 characters long").max(128, "Password must not exceed 128 characters").refine(
+  (password) => /[a-z]/.test(password),
+  "Password must contain at least one lowercase letter"
+).refine(
+  (password) => /[A-Z]/.test(password),
+  "Password must contain at least one uppercase letter"
+).refine(
+  (password) => /\d/.test(password),
+  "Password must contain at least one number"
+).refine(
+  (password) => /[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]/.test(password),
+  "Password must contain at least one special character"
+).refine(
+  (password) => !COMMON_PASSWORDS.has(password.toLowerCase()),
+  "Password is too common. Please choose a stronger password"
+).refine(
+  (password) => !WEAK_PATTERNS.some((pattern) => pattern.test(password)),
+  "Password contains weak patterns. Please choose a more complex password"
+).refine(
+  (password) => {
+    const keyboardPatterns = ["qwerty", "asdfgh", "zxcvbn", "1234567890"];
+    return !keyboardPatterns.some(
+      (pattern) => password.toLowerCase().includes(pattern)
+    );
+  },
+  "Password contains keyboard patterns. Please choose a more secure password"
+);
+var passwordSchema2 = z4.string().min(6, "Password must be at least 6 characters long").max(128, "Password must not exceed 128 characters");
+
 // src/utils/security/security.ts
 init_logger();
-var log = createLogger("Security");
+var log2 = createLogger("Security");
 function logSecurityEvent(event) {
-  log.warn("Security event:", {
+  log2.warn("Security event:", {
     ...event,
     timestamp: event.timestamp.toISOString()
   });
@@ -449,7 +602,7 @@ function createLazyComponent(importFn, componentName, options = {}) {
   return WrappedComponent;
 }
 var LazyDataTable = createLazyComponent(
-  () => import("./DataTable-CYOHOX3O.js").then((module) => ({ default: module.DataTable })),
+  () => import("./DataTable-JXFCA2BJ.js").then((module) => ({ default: module.DataTable })),
   "DataTable"
 );
 
@@ -726,37 +879,23 @@ export {
   PermissionType,
   auditLog,
   auditLogger,
-  buildSafeQueryParams,
   bundleAnalyzer,
   cachedAppIdResolver,
-  calculatePasswordStrength,
-  changePasswordSchema,
   clearOrganisationContext,
   cn,
   combineSchemas,
-  contactFormSchema,
   createLazyComponent,
   createLazyUtility,
   createLogger,
   createPerformanceBenchmark,
-  csrfManager,
-  dateSchema,
   deepMerge,
-  detectSQLInjection,
-  emailSchema2 as emailSchema,
-  emailSchema as enhancedEmailSchema,
-  nameSchema as enhancedNameSchema,
-  passwordSchema as enhancedPasswordSchema,
-  phoneSchema as enhancedPhoneSchema,
-  urlSchema as enhancedUrlSchema,
-  escapeLikeQuery,
+  emailSchema3 as emailSchema,
   formatCompactNumber,
   formatCurrency,
   formatDate,
   formatFileSize,
   formatNumber,
   formatPercent,
-  generateCSRFToken,
   generateDeviceFingerprint,
   getAppConfig,
   getAppId,
@@ -765,7 +904,6 @@ export {
   getAppNameFromEnvironment,
   getAppNameFromGlobal,
   getAppNameFromPackageJson,
-  getCSRFToken,
   getCurrentAppId,
   getCurrentAppName,
   getCurrentAppNameWithFallback,
@@ -787,7 +925,6 @@ export {
   lazyDateUtils,
   lazyFormUtils,
   lazyLodash,
-  limitOffsetSchema,
   loadCSVUtils,
   loadChartUtils,
   loadDateUtils,
@@ -798,46 +935,27 @@ export {
   logPermissionEvent,
   logSecurityEvent2 as logSecurityEvent,
   logger,
-  loginSchema,
   matchesPattern,
   measureRenderPerformance,
-  nameSchema2 as nameSchema,
-  orderBySchema,
+  nameSchema3 as nameSchema,
   parsePermission,
-  passwordResetSchema,
   passwordSchema2 as passwordSchema,
   performanceBudgetMonitor,
-  phoneSchema2 as phoneSchema,
+  phoneSchema3 as phoneSchema,
   pickSchema,
-  registrationSchema,
-  renderSafeHtml,
-  sanitizeFilters,
   sanitizeFormData,
-  sanitizeHtml,
-  sanitizeHtml as sanitizeHtmlAdvanced,
-  sanitizeSearchQuery,
   sanitizeUserInput,
-  sanitizeUserInput_deprecated,
-  searchQuerySchema,
-  secureLoginSchema,
-  securePasswordSchema,
   securityMonitor,
   setAppConfig,
   setOrganisationContext,
   setRBACAppName,
-  sqlIdentifierSchema,
   trackDynamicImport,
   transformPermissionMapToBoolean,
-  urlSchema2 as urlSchema,
+  urlSchema3 as urlSchema,
   useComponentPerformance,
   useSessionTracking,
-  userPreferencesSchema,
-  userProfileSchema,
-  userSettingsSchema,
   usernameSchema,
-  validateCSRFToken,
   validateDeviceFingerprint,
-  validateHtml,
   validateImportPattern,
   validateSecurityHeaders,
   validateUserInput