@jmruthers/pace-core 0.5.76 → 0.5.78

package/src/components/DataTable/utils/exportUtils.ts

@@ -13,7 +13,12 @@
  * - Data sanitization
  * - Custom filename support
  * - Browser download handling
- * 
+ */
+
+import { createLogger } from '../../../utils/logger';
+import type { DataRecord } from '../types';
+
+/**
  * @example
  * ```tsx
  * // Basic export
@@ -37,6 +42,73 @@
  * ```
  */
 
+/**
+ * Column definition for export
+ */
+export interface ExportColumn {
+  header?: string;
+  id?: string;
+  accessorKey?: string;
+}
+
+/**
+ * Escapes a value for CSV format according to RFC 4180
+ * - Encloses in quotes if value contains comma, newline, or quote
+ * - Escapes existing quotes by doubling them
+ * - Prevents CSV injection by sanitizing dangerous characters
+ */
+function escapeCSVValue(value: unknown, sanitizeForSecurity: boolean = true): string {
+  if (value === null || value === undefined) {
+    return sanitizeForSecurity ? '""' : '';
+  }
+  
+  let stringValue = String(value);
+  
+  if (sanitizeForSecurity) {
+    // Sanitize to prevent CSV injection
+    // Check for dangerous patterns that could be interpreted as formulas
+    // If starts with =, +, -, @, or \t, it could be a formula
+    if (/^[=+\-@]/.test(stringValue) || stringValue.startsWith('\t')) {
+      // Prefix with single quote to prevent formula interpretation in Excel
+      stringValue = "'" + stringValue;
+    }
+    
+    // Remove control characters except newline (which is handled below)
+    stringValue = stringValue.replace(/[\x00-\x08\x0B-\x0C\x0E-\x1F]/g, '');
+    
+    // Always quote values for consistency and safety
+    const escaped = stringValue.replace(/"/g, '""');
+    return `"${escaped}"`;
+  } else {
+    // Minimal escaping - only escape quotes in quoted strings
+    const escaped = stringValue.replace(/"/g, '""');
+    return `"${escaped}"`;
+  }
+}
+
+/**
+ * Formats a value according to locale preferences
+ */
+function formatLocaleValue(value: unknown, locale?: string): string {
+  if (value === null || value === undefined) {
+    return '';
+  }
+  
+  if (typeof value === 'number') {
+    return new Intl.NumberFormat(locale).format(value);
+  }
+  
+  if (value instanceof Date) {
+    return new Intl.DateTimeFormat(locale).format(value);
+  }
+  
+  if (typeof value === 'boolean') {
+    return ''; // Don't format booleans in formatLocaleValue, let them pass through as-is
+  }
+  
+  return String(value);
+}
+
 /**
  * Generates CSV content from data without triggering download
  * 
@@ -45,26 +117,42 @@
  * @param options - Export options
  * @returns CSV content as string
  */
-export function generateCSVContent<TData>(
+export function generateCSVContent<TData extends DataRecord>(
   data: TData[],
-  columns: any[],
-  options: { includeHeaders?: boolean } = {}
+  columns: ExportColumn[],
+  options: { 
+    includeHeaders?: boolean;
+    locale?: string;
+    sanitizeForSecurity?: boolean; // Default: true
+  } = {}
 ): string {
   if (!data.length) return '';
 
-  const { includeHeaders = true } = options;
+  const { 
+    includeHeaders = true,
+    locale,
+    sanitizeForSecurity = true
+  } = options;
 
   // Create CSV header row
-  const headers = columns.map(col => col.header || col.id || "Column");
+  const headers = columns.map(col => {
+    const headerValue = col.header || col.id || "Column";
+    return escapeCSVValue(headerValue, sanitizeForSecurity);
+  });
   
   // Format data into CSV rows
   const csvData = data.map(row => {
     return columns.map(col => {
       const key = col.accessorKey || col.id;
-      const value = (row as any)[key];
-      // Escape commas and quotes
-      const escapedValue = String(value || '').replace(/"/g, '""');
-      return `"${escapedValue}"`;
+      let value = key ? row[key] : undefined;
+      
+      // Format according to locale if provided
+      if (locale && (typeof value === 'number' || value instanceof Date || typeof value === 'boolean')) {
+        value = formatLocaleValue(value, locale);
+      }
+      
+      // Escape the value for CSV
+      return escapeCSVValue(value, sanitizeForSecurity);
     }).join(",");
   });
   
@@ -82,6 +170,7 @@ export function generateCSVContent<TData>(
  * @param data - Array of data objects to export
  * @param columns - Column definitions for mapping
  * @param filename - Optional filename for download (default: "download.csv")
+ * @param options - Optional export configuration
  * @returns Promise that resolves when export is complete, rejects on error
  * 
  * @example
@@ -98,7 +187,7 @@ export function generateCSVContent<TData>(
  * ];
  * 
  * try {
- *   await exportToCSV(users, columns, 'users.csv');
+ *   await exportToCSV(users, columns, 'users.csv', { locale: 'en-US' });
  *   showSuccessToast('Data exported successfully');
  * } catch (error) {
  *   showErrorToast('Failed to export data');
@@ -112,13 +201,22 @@ export function generateCSVContent<TData>(
  * - Triggers browser download
  * - Throws error if export fails
  */
-export function exportToCSV<TData>(
+export function exportToCSV<TData extends DataRecord>(
   data: TData[],
-  columns: any[],
-  filename: string = "download.csv"
+  columns: ExportColumn[],
+  filename: string = "download.csv",
+  options: {
+    locale?: string;
+    sanitizeForSecurity?: boolean;
+  } = {}
 ): Promise<void> {
+  const logger = createLogger('ExportUtils');
   return new Promise((resolve, reject) => {
     try {
+      if (typeof window === 'undefined') {
+        throw new Error('CSV export is only available in browser environments');
+      }
+
       if (!data || data.length === 0) {
         throw new Error('No data to export');
       }
@@ -127,7 +225,7 @@ export function exportToCSV<TData>(
         throw new Error('No columns defined for export');
       }
 
-      const csvContent = generateCSVContent(data, columns);
+      const csvContent = generateCSVContent(data, columns, options);
       
       // Create and trigger download
       const blob = new Blob([csvContent], { type: "text/csv;charset=utf-8;" });
@@ -150,7 +248,7 @@ export function exportToCSV<TData>(
       link.click();
       document.body.removeChild(link);
     } catch (error) {
-      console.error('Failed to export data to CSV:', error);
+      logger.error('Failed to export data to CSV:', error);
       reject(error);
     }
   });

package/src/components/DataTable/utils/flexibleImport.ts

@@ -8,6 +8,9 @@
  * This utility can be used across different data tables with different column structures.
  */
 
+import { createLogger } from '../../../utils/logger';
+import type { CellValue } from '../types';
+
 export interface ColumnMapping {
   [targetField: string]: string[];
 }
@@ -16,9 +19,20 @@ export interface ImportOptions {
   columnMappings?: ColumnMapping;
   dateFormats?: readonly string[];
   dateFormatHints?: Record<string, readonly string[]>; // Field-specific date format hints
-  defaultValues?: Record<string, any>;
+  defaultValues?: Record<string, CellValue>;
   timezone?: string; // Default timezone for date parsing
   strictDateParsing?: boolean; // Whether to be strict about date format matching
+  maxRows?: number; // Maximum number of rows to import (default: 10000)
+  maxStringLength?: number; // Maximum length for string values (default: 10000)
+  allowControlChars?: boolean; // Whether to allow control characters (default: false)
+  schemaValidation?: Record<string, {
+    required?: boolean;
+    type?: 'string' | 'number' | 'boolean' | 'date';
+    min?: number;
+    max?: number;
+    pattern?: RegExp;
+    allowEmpty?: boolean;
+  }>; // Schema validation rules
 }
 
 // Predefined date format sets for common use cases
@@ -140,15 +154,117 @@ export const DATE_FORMAT_SETS = {
  * });
  * ```
  */
-export function flexibleImport<T = any>(
-  csvData: any[],
+export interface ImportError {
+  row: number;
+  field: string;
+  message: string;
+}
+
+export interface ImportWarning {
+  row: number;
+  field: string;
+  message: string;
+}
+
+/**
+ * Sanitizes a string value by removing or escaping dangerous characters
+ */
+function sanitizeString(value: string, options: ImportOptions): string {
+  const maxLength = options.maxStringLength || 10000;
+  let sanitized = value;
+  
+  // Truncate to max length
+  if (sanitized.length > maxLength) {
+    sanitized = sanitized.substring(0, maxLength);
+  }
+  
+  // Remove control characters if not allowed
+  if (!options.allowControlChars) {
+    // Keep tabs, newlines, carriage returns
+    sanitized = sanitized.replace(/[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]/g, '');
+  }
+  
+  // Remove null bytes
+  sanitized = sanitized.replace(/\0/g, '');
+  
+  // Remove SQL injection attempts
+  sanitized = sanitized.replace(/['";]/g, (char) => {
+    // Escape quotes and semicolons
+    return char === '"' ? '&quot;' : char === "'" ? '&apos;' : '&semi;';
+  });
+  
+  return sanitized;
+}
+
+/**
+ * Validates a value against schema rules
+ */
+function validateValue(field: string, value: unknown, rules: ImportOptions['schemaValidation']): {
+  valid: boolean;
+  message?: string;
+} {
+  if (!rules || !rules[field]) {
+    return { valid: true };
+  }
+  
+  const rule = rules[field];
+  
+  // Check required
+  if (rule.required && (value === null || value === undefined || value === '')) {
+    return { valid: false, message: `Field '${field}' is required` };
+  }
+  
+  // Check empty allowed
+  if (!rule.allowEmpty && value === '') {
+    return { valid: false, message: `Field '${field}' cannot be empty` };
+  }
+  
+  // Check type
+  if (rule.type) {
+    if (rule.type === 'number') {
+      if (typeof value !== 'number' && (typeof value !== 'string' || isNaN(Number(value)))) {
+        return { valid: false, message: `Field '${field}' must be a number` };
+      }
+      const numValue = typeof value === 'number' ? value : Number(value);
+      
+      if (rule.min !== undefined && numValue < rule.min) {
+        return { valid: false, message: `Field '${field}' must be at least ${rule.min}` };
+      }
+      
+      if (rule.max !== undefined && numValue > rule.max) {
+        return { valid: false, message: `Field '${field}' must be at most ${rule.max}` };
+      }
+    } else if (rule.type === 'boolean') {
+      if (typeof value !== 'boolean' && value !== 'true' && value !== 'false') {
+        return { valid: false, message: `Field '${field}' must be a boolean` };
+      }
+    } else if (rule.type === 'date') {
+      const dateValue = typeof value === 'string' ? new Date(value) : value;
+      if (!(dateValue instanceof Date) || isNaN(dateValue.getTime())) {
+        return { valid: false, message: `Field '${field}' must be a valid date` };
+      }
+    }
+  }
+  
+  // Check pattern
+  if (rule.pattern && typeof value === 'string') {
+    if (!rule.pattern.test(value)) {
+      return { valid: false, message: `Field '${field}' does not match required pattern` };
+    }
+  }
+  
+  return { valid: true };
+}
+
+export function flexibleImport<T extends Record<string, unknown>>(
+  csvData: Record<string, unknown>[],
   targetFields: string[],
   options: ImportOptions = {}
 ): {
   mappedData: T[];
   mappings: Record<string, string | null>;
-  errors: any[];
-  warnings: any[];
+  errors: ImportError[];
+  warnings: ImportWarning[];
   stats: {
     totalRows: number;
     successfulRows: number;
@@ -156,9 +272,34 @@ export function flexibleImport<T = any>(
     warningRows: number;
   };
 } {
-  console.log('🔄 Starting flexible import...');
-  console.log('🔄 Available CSV columns:', Object.keys(csvData[0] || {}));
-  console.log('🔄 Target fields:', targetFields);
+  const logger = createLogger('FlexibleImport');
+  logger.info('Starting flexible import...');
+  logger.debug('Available CSV columns:', Object.keys(csvData[0] || {}));
+  logger.debug('Target fields:', targetFields);
+  
+  const maxRows = options.maxRows || 10000;
+  
+  // Check row limit
+  if (csvData.length > maxRows) {
+    const error: ImportError = {
+      row: 0,
+      field: 'global',
+      message: `Import exceeds maximum row limit of ${maxRows}. Found ${csvData.length} rows.`
+    };
+    logger.error('Import exceeds row limit', { rowCount: csvData.length, limit: maxRows });
+    return {
+      mappedData: [],
+      mappings: {},
+      errors: [error],
+      warnings: [],
+      stats: {
+        totalRows: csvData.length,
+        successfulRows: 0,
+        errorRows: csvData.length,
+        warningRows: 0
+      }
+    };
+  }
   
   // Default column mappings
   const defaultMappings: ColumnMapping = {
@@ -192,11 +333,11 @@ export function flexibleImport<T = any>(
         possibleName.toLowerCase().includes(col.toLowerCase())
       );
       if (found) {
-        console.log(`✅ Mapped ${targetField} -> ${found}`);
+        logger.debug(`Mapped ${targetField} -> ${found}`);
         return found;
       }
     }
-    console.log(`❌ No mapping found for ${targetField}`);
+    logger.warn(`No mapping found for ${targetField}`);
     return null;
   };
   
@@ -206,7 +347,7 @@ export function flexibleImport<T = any>(
     mappings[field] = findColumn(field);
   });
   
-  console.log('🔄 Column mappings:', mappings);
+  logger.debug('Column mappings:', mappings);
   
   // Enhanced date parsing with multiple format support
   const parseDate = (dateStr: string, fieldName?: string): Date | null => {
@@ -320,16 +461,19 @@ export function flexibleImport<T = any>(
   
   
   // Parse different data types
-  const parseValue = (value: any, fieldName: string): any => {
+  const parseValue = (value: unknown, fieldName: string): unknown => {
     if (value === null || value === undefined || value === '') {
       return options.defaultValues?.[fieldName] || '';
     }
     
     // Auto-detect and parse different data types
     if (typeof value === 'string') {
+      // Sanitize string values
+      const sanitized = sanitizeString(value, options);
+      
       // Try to parse as date first (for fields that might contain dates)
       if (fieldName.toLowerCase().includes('date') || fieldName.toLowerCase().includes('time')) {
-        const dateValue = parseDate(value, fieldName);
+        const dateValue = parseDate(sanitized, fieldName);
         if (dateValue) {
           // Return ISO string for consistent date handling
           return dateValue.toISOString();
@@ -337,57 +481,83 @@ export function flexibleImport<T = any>(
       }
       
       // Try to parse as boolean
-      if (value.toLowerCase() === 'true') return true;
-      if (value.toLowerCase() === 'false') return false;
+      if (sanitized.toLowerCase() === 'true') return true;
+      if (sanitized.toLowerCase() === 'false') return false;
       
       // Try to parse as array (comma-separated)
-      if (value.includes(',') && (fieldName.toLowerCase().includes('tag') || fieldName.toLowerCase().includes('category'))) {
-        return value.split(',').map((item: string) => item.trim()).filter((item: string) => item);
+      if (sanitized.includes(',') && (fieldName.toLowerCase().includes('tag') || fieldName.toLowerCase().includes('category'))) {
+        return sanitized.split(',').map((item: string) => item.trim()).filter((item: string) => item);
       }
       
       // Try to parse as number (only if not a date field)
       if (!fieldName.toLowerCase().includes('date') && !fieldName.toLowerCase().includes('time')) {
-        const numValue = parseFloat(value);
+        const numValue = parseFloat(sanitized);
         if (!isNaN(numValue) && isFinite(numValue)) {
           return numValue;
         }
       }
+      
+      return sanitized;
     }
     
     return value;
   };
   
-  const mappedData = csvData.map((row, index) => {
-    console.log(`🔄 Processing row ${index + 1}:`, row);
+  const validationErrors: ImportError[] = [];
+  const validationWarnings: ImportWarning[] = [];
+  const mappedData: T[] = [];
+  
+  for (let index = 0; index < csvData.length; index++) {
+    const row = csvData[index];
+    logger.debug(`Processing row ${index + 1}:`, row);
     
-    const transformedRow: any = {};
+    const transformedRow: Record<string, unknown> = {};
+    let hasErrors = false;
     
     targetFields.forEach(field => {
       const sourceColumn = mappings[field];
+      let value: unknown;
+      
       if (sourceColumn && row[sourceColumn] !== undefined) {
-        transformedRow[field] = parseValue(row[sourceColumn], field);
+        value = parseValue(row[sourceColumn], field);
       } else {
-        transformedRow[field] = options.defaultValues?.[field] || '';
+        value = options.defaultValues?.[field] || '';
+      }
+      
+      transformedRow[field] = value;
+      
+      // Validate against schema
+      const validation = validateValue(field, value, options.schemaValidation);
+      if (!validation.valid) {
+        validationErrors.push({
+          row: index + 1,
+          field,
+          message: validation.message || `Validation failed for field '${field}'`
+        });
+        hasErrors = true;
       }
     });
     
-    console.log(`🔄 Transformed row ${index + 1}:`, transformedRow);
-    return transformedRow;
-  });
-
-  // Validation and error handling
-  const validationErrors: any[] = [];
-  const validationWarnings: any[] = [];
+    // Only add row if validation passed (or if no validation rules)
+    if (!options.schemaValidation || !hasErrors) {
+      mappedData.push(transformedRow as T);
+    }
+    
+    logger.debug(`Transformed row ${index + 1}:`, transformedRow);
+  }
 
+  // Calculate unique error rows (multiple errors per row still count as 1 error row)
+  const errorRowSet = new Set(validationErrors.map(e => e.row));
+  
   return {
-    mappedData,
+    mappedData: mappedData,
     mappings,
     errors: validationErrors,
     warnings: validationWarnings,
     stats: {
       totalRows: csvData.length,
       successfulRows: mappedData.length,
-      errorRows: validationErrors.length,
+      errorRows: errorRowSet.size,
       warningRows: validationWarnings.length,
     }
   };

package/src/components/DataTable/utils/hierarchicalUtils.ts

@@ -91,7 +91,7 @@ export function groupHierarchicalData<TData extends HierarchicalDataRow>(
  * Optimized depth cache to avoid recalculating depth for the same row
  * This prevents O(n²) behavior when calculating depths for all rows
  */
-const depthCache = new WeakMap<any[], Map<string, number>>();
+const depthCache = new WeakMap<unknown[], Map<string, number>>();
 
 /**
  * Gets the depth level of a row in the hierarchy

package/src/components/DataTable/utils/index.ts

@@ -2,5 +2,7 @@ export * from './exportUtils';
 export * from './rowUtils';
 export * from './hierarchicalUtils';
 export * from './hierarchicalSorting';
+export * from './a11yUtils';
+export * from './paginationUtils';
 // Stubs for legacy error handling (kept for useDataTablePerformance compatibility)
 export * from './errorHandling';