@jmruthers/pace-core 0.6.4 → 0.6.6

package/src/utils/__tests__/organisationContext.unit.test.ts

@@ -24,16 +24,16 @@ describe('organisationContext', () => {
   });
 
     describe('setOrganisationContext', () => {
-    it('should set organisation context successfully', async () => {
+    it('should set organisation context successfully (no-op)', async () => {
       const organisationId = 'org-123';
       const mockRpc = vi.fn().mockResolvedValue({ error: null });
       mockSupabase.rpc = mockRpc;
 
+      // setOrganisationContext is now a no-op (deprecated)
       await setOrganisationContext(mockSupabase, organisationId);
 
-      expect(mockRpc).toHaveBeenCalledWith('set_organisation_context', {
-        org_id: organisationId
-      });
+      // Should not call rpc since it's a no-op
+      expect(mockRpc).not.toHaveBeenCalled();
     });
 
     it('should handle missing supabase client gracefully', async () => {
@@ -153,14 +153,13 @@ describe('organisationContext', () => {
   });
 
   describe('isOrganisationContextAvailable', () => {
-    it('should return true when functions are available', async () => {
-      const mockRpc = vi.fn().mockResolvedValue({ error: null });
-      mockSupabase.rpc = mockRpc;
-
+    it('should return false (deprecated function)', async () => {
+      // isOrganisationContextAvailable is deprecated and always returns false
       const result = await isOrganisationContextAvailable(mockSupabase);
 
-      expect(mockRpc).toHaveBeenCalledWith('get_organisation_context');
-      expect(result).toBe(true);
+      // Should not call RPC since function is deprecated
+      expect(mockSupabase.rpc).not.toHaveBeenCalled();
+      expect(result).toBe(false);
     });
 
     it('should return false when supabase client is missing', async () => {

package/src/utils/context/organisationContext.test.ts

@@ -29,17 +29,13 @@ describe('Organisation Context', () => {
   });
 
     describe('setOrganisationContext', () => {
-    it('sets organisation context successfully', async () => {
-      mockSupabase.rpc.mockResolvedValue({
-        data: null,
-        error: null
-      });
-
+    it('sets organisation context successfully (no-op)', async () => {
+      // setOrganisationContext is now a no-op (deprecated)
+      // It should complete without calling rpc
       await setOrganisationContext(mockSupabase, 'org-123');
 
-      expect(mockSupabase.rpc).toHaveBeenCalledWith('set_organisation_context', {
-        org_id: 'org-123'
-      });
+      // Should not call rpc since it's a no-op
+      expect(mockSupabase.rpc).not.toHaveBeenCalled();
     });
 
     it('handles missing supabase client gracefully', async () => {
@@ -180,20 +176,14 @@ describe('Organisation Context', () => {
     });
 
     it('handles complete workflow', async () => {
-      // Set context
-      mockSupabase.rpc.mockResolvedValueOnce({
-        data: null,
-        error: null
-      });
-
+      // setOrganisationContext is now a no-op, so it won't call rpc
       await setOrganisationContext(mockSupabase, 'org-123');
 
-      // Get context
+      // getOrganisationContext always returns null (deprecated)
       const result = await getOrganisationContext(mockSupabase);
-
       expect(result).toBeNull();
 
-      // Clear context
+      // clearOrganisationContext still calls rpc
       mockSupabase.rpc.mockResolvedValueOnce({
         data: null,
         error: null
@@ -201,25 +191,20 @@ describe('Organisation Context', () => {
 
       await clearOrganisationContext(mockSupabase);
 
-      expect(mockSupabase.rpc).toHaveBeenCalledTimes(2);
+      // Only clearOrganisationContext should call rpc (once)
+      expect(mockSupabase.rpc).toHaveBeenCalledTimes(1);
     });
 
     it('handles multiple organisation switches', async () => {
       const organisations = ['org-123', 'org-456', 'org-789'];
 
+      // setOrganisationContext is now a no-op, so it won't call rpc
       for (const orgId of organisations) {
-        mockSupabase.rpc.mockResolvedValue({
-          data: null,
-          error: null
-        });
-
         await setOrganisationContext(mockSupabase, orgId);
       }
 
-      expect(mockSupabase.rpc).toHaveBeenCalledTimes(3);
-      expect(mockSupabase.rpc).toHaveBeenCalledWith('set_organisation_context', { org_id: 'org-123' });
-      expect(mockSupabase.rpc).toHaveBeenCalledWith('set_organisation_context', { org_id: 'org-456' });
-      expect(mockSupabase.rpc).toHaveBeenCalledWith('set_organisation_context', { org_id: 'org-789' });
+      // setOrganisationContext is deprecated and doesn't call rpc anymore
+      expect(mockSupabase.rpc).not.toHaveBeenCalled();
     });
   });
 

package/src/utils/context/organisationContext.ts

@@ -16,47 +16,25 @@ const log = createLogger('organisationContext');
 /**
  * Set organisation context in the database session
  * 
- * This function attempts to set the organisation context using a database function.
- * If the function is not available, it falls back gracefully without throwing errors.
+ * @deprecated This function is a no-op. Organisation context is now handled via:
+ * - Secure Supabase client headers (useSecureSupabase hook)
+ * - Explicit p_organisation_id parameters in RPC calls
+ * - RLS policies that use auth.uid() and organisation_id columns
  * 
- * @param supabase - Supabase client instance
- * @param organisationId - The organisation ID to set as context
- * @returns Promise that resolves when context is set (or falls back gracefully)
+ * This function is kept for backward compatibility but does nothing.
+ * 
+ * @param supabase - Supabase client instance (unused)
+ * @param organisationId - The organisation ID (unused)
+ * @returns Promise that resolves immediately
  */
 export async function setOrganisationContext(
   supabase: SupabaseClient,
   organisationId: string
 ): Promise<void> {
-  if (!supabase || !organisationId) {
-    // TODO: Replace with proper logging service integration
-    return;
-  }
-
-  try {
-    // Add timeout to prevent hanging RPC calls
-    const timeoutPromise = new Promise((_, reject) => {
-      setTimeout(() => reject(new Error('RPC timeout after 3 seconds')), 3000);
-    });
-    
-    // Call the database function to set organisation context
-    const rpcPromise = supabase.rpc('set_organisation_context', {
-      org_id: organisationId
-    });
-
-    const { error } = await Promise.race([rpcPromise, timeoutPromise]) as any;
-
-    if (error) {
-      // Function might not exist yet - this is expected during migration
-      // Silent fail - will fall back to client-side filtering
-      log.debug('RPC function not available or failed, continuing without database context');
-    } else {
-      log.debug('Organisation context set in database successfully');
-    }
-  } catch (error) {
-    // Handle any other errors gracefully
-    // Silent fail - will fall back to client-side filtering
-    log.debug('Failed to set database context, continuing without it:', error);
-  }
+  // No-op: Organisation context is now handled via secure client and explicit parameters
+  // This function is kept for backward compatibility
+  log.debug('setOrganisationContext called but is a no-op - context handled via secure client');
+  return Promise.resolve();
 }
 
 /**
@@ -132,25 +110,16 @@ export async function getOrganisationContext(
 /**
  * Check if organisation context functions are available in the database
  * 
- * @param supabase - Supabase client instance
- * @returns Promise that resolves to true if functions are available
+ * @deprecated This function always returns false. Organisation context functions have been removed.
+ * Organisation context is now handled via secure client and explicit parameters.
+ * 
+ * @param supabase - Supabase client instance (unused)
+ * @returns Promise that resolves to false
  */
 export async function isOrganisationContextAvailable(
   supabase: SupabaseClient
 ): Promise<boolean> {
-  if (!supabase) {
-    return false;
-  }
-
-  try {
-    const { error } = await supabase.rpc('get_organisation_context');
-    
-    if (error) {
-      return false;
-    }
-    
-    return true;
-  } catch (error) {
-    return false;
-  }
+  // Always return false - organisation context functions have been removed
+  // Context is now handled via secure client and explicit parameters
+  return false;
 } 

package/src/utils/dynamic/dynamicUtils.ts

@@ -73,7 +73,7 @@ export const loadFormUtils = async (): Promise<{
 
 // Dynamic CSV utilities
 export const loadCSVUtils = async (): Promise<unknown> => {
-  // @ts-ignore - papaparse is an optional dependency provided by consuming apps
+  // @ts-ignore - papaparse is a dependency of pace-core, should be available via node_modules
   const papaparse = await import('papaparse');
   return papaparse.default;
 };

package/src/utils/file-reference/index.ts

@@ -87,6 +87,26 @@ export class FileReferenceServiceImpl implements FileReferenceService {
         log.debug('Using authenticated user ID for user-scoped file upload', { userId: authenticatedUserId });
       }
 
+      // CRITICAL: Check super admin status in application layer (consistent with pace-core pattern)
+      // Super admins bypass all permission checks - this is handled in the application layer,
+      // not in RLS policies. The RPC function still validates input and handles the insert,
+      // but permission checks are bypassed for super admins.
+      let isSuperAdminUser = false;
+      const userIdForCheck = authenticatedUserId || options.userId;
+      if (userIdForCheck) {
+        try {
+          // Import isSuperAdmin from rbac/api - this is the standard way to check super admin
+          const { isSuperAdmin } = await import('../../rbac/api');
+          isSuperAdminUser = await isSuperAdmin(userIdForCheck);
+          if (isSuperAdminUser) {
+            log.debug('Super admin detected - bypassing permission checks', { userId: userIdForCheck });
+          }
+        } catch (superAdminCheckError) {
+          // If super admin check fails, continue with normal permission flow
+          log.warn('Failed to check super-admin status, proceeding with normal permission checks', superAdminCheckError);
+        }
+      }
+
       // Step 1: Upload file to storage bucket first
       // This generates a unique path: {orgId}/{folder}/{timestamp-uuid-filename} or users/{auth.uid()}/{folder}/{timestamp-uuid-filename}
       // Bucket is automatically selected based on is_public flag
@@ -123,6 +143,22 @@ export class FileReferenceServiceImpl implements FileReferenceService {
 
       // Step 4: Create file reference in database using RPC function
       // This links the storage path to the record in core_file_references table
+      // CRITICAL: Always pass the authenticated user ID to SECURITY DEFINER functions
+      // In SECURITY DEFINER functions, auth.uid() returns the function owner's ID,
+      // not the caller's ID, so we must explicitly pass the user ID
+      let rpcUserId: string | null = null;
+      if (authenticatedUserId) {
+        rpcUserId = authenticatedUserId;
+      } else if (options.userId) {
+        rpcUserId = options.userId;
+      } else {
+        // Get authenticated user ID from session as fallback
+        const { data: { user: authUser } } = await this.supabase.auth.getUser();
+        if (authUser) {
+          rpcUserId = authUser.id;
+        }
+      }
+
       const { data, error } = await this.supabase
         .rpc('data_file_reference_create', {
           p_table_name: options.table_name,
@@ -141,7 +177,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
             ...options.custom_metadata
           },
           p_is_public: options.is_public || false,
-          p_user_id: authenticatedUserId || options.userId || null // Pass authenticated user ID for user-scoped files
+          p_user_id: rpcUserId // Always pass authenticated user ID for SECURITY DEFINER functions
         });
 
       // Step 5: Rollback - if database insert fails, clean up uploaded file
@@ -152,19 +188,6 @@ export class FileReferenceServiceImpl implements FileReferenceService {
 
       // Check if RPC returned null (permission denied or other failure)
       if (!data || data === null) {
-        // Before throwing permission error, check if user is super-admin
-        // If super-admin, the RPC should have allowed the upload, so this is likely a different issue
-        let isSuperAdminUser = false;
-        try {
-          const { data: { user: authUser } } = await this.supabase.auth.getUser();
-          if (authUser) {
-            isSuperAdminUser = await isSuperAdmin(authUser.id);
-          }
-        } catch (superAdminCheckError) {
-          // If super-admin check fails, continue with permission error
-          log.warn('Failed to check super-admin status', superAdminCheckError);
-        }
-
         // Clean up the uploaded file since DB insert failed
         await deleteFile(this.supabase, filePath, options.is_public || false);
 
@@ -173,7 +196,8 @@ export class FileReferenceServiceImpl implements FileReferenceService {
         const pageContextDisplay = options.pageContext || 'undefined';
         
         if (isSuperAdminUser) {
-          // Super-admin should have been allowed - this suggests a different issue
+          // Super-admin should have been allowed - this suggests a database or RPC function issue
+          // Since we already checked super admin in the application layer, this is unexpected
           throw new Error(
             `File upload failed for super-admin user. This may indicate a database issue. ` +
             `Page context: '${pageContextDisplay}', App: '${appName}'. ` +

package/src/utils/formatting/formatDateTime.test.ts

@@ -161,8 +161,9 @@ describe('formatDateTime Utility', () => {
       }
       const end = performance.now();
       
-      // Should complete in reasonable time (less than 100ms for 1000 calls)
-      expect(end - start).toBeLessThan(100);
+      // Should complete in reasonable time (less than 200ms for 1000 calls in test environment)
+      // Increased threshold to account for test environment overhead
+      expect(end - start).toBeLessThan(200);
     });
   });
 

package/src/utils/formatting/formatTime.test.ts

@@ -161,8 +161,9 @@ describe('formatTime Utility', () => {
       }
       const end = performance.now();
       
-      // Should complete in reasonable time (less than 100ms for 1000 calls)
-      expect(end - start).toBeLessThan(100);
+      // Should complete in reasonable time (less than 200ms for 1000 calls)
+      // Increased threshold to account for test environment variability
+      expect(end - start).toBeLessThan(200);
     });
   });
 

package/src/utils/google-places/loadGoogleMapsScript.ts

@@ -127,13 +127,19 @@ export function loadGoogleMapsScript(
       return;
     }
 
-    // Check if script is already being loaded
+    // Check if script is already being loaded or exists
     const existingScript = document.querySelector(
       `script[src*="maps.googleapis.com/maps/api/js"]`
     );
     if (existingScript) {
+      // If Google Maps is already loaded, resolve immediately
+      if (window.google?.maps?.places) {
+        resolve();
+        return;
+      }
+      
       // Wait for existing script to load
-      existingScript.addEventListener('load', () => {
+      const handleLoad = () => {
         // Wait for the library to initialize with multiple retries
         let attempts = 0;
         const maxAttempts = 20; // 2 seconds total
@@ -150,10 +156,26 @@ export function loadGoogleMapsScript(
         };
         
         checkPlaces();
-      });
+      };
+      
+      // Check if script already loaded
+      const scriptElement = existingScript as HTMLScriptElement;
+      if (scriptElement.getAttribute('data-loaded') === 'true') {
+        handleLoad();
+        return;
+      }
+      
+      // Check if script is already complete (using type assertion for readyState which exists at runtime)
+      const scriptReadyState = (scriptElement as any).readyState;
+      if (scriptReadyState === 'complete' || scriptReadyState === 'loaded') {
+        handleLoad();
+        return;
+      }
+      
+      existingScript.addEventListener('load', handleLoad, { once: true });
       existingScript.addEventListener('error', () => {
         reject(new Error('Failed to load Google Maps script'));
-      });
+      }, { once: true });
       return;
     }
 
@@ -164,6 +186,9 @@ export function loadGoogleMapsScript(
     script.defer = true;
 
     script.onload = () => {
+      // Mark script as loaded
+      script.setAttribute('data-loaded', 'true');
+      
       // Wait for the library to initialize with multiple retries
       let attempts = 0;
       const maxAttempts = 20; // 2 seconds total (20 * 100ms)

package/src/utils/index.ts

@@ -21,7 +21,7 @@ export * from './validation';
 // Explicitly re-export commonly used validation utilities to ensure they're available
 // Import from source modules to avoid re-export issues
 export { validateUserInput, usernameSchema } from './validation/validationUtils';
-export { sanitizeUserInput, sanitizeFormData } from './validation/sanitization';
+export { sanitizeUserInput, sanitizeFormData, sanitizeHtml } from './validation/sanitization';
 export { emailSchema, nameSchema, phoneSchema, urlSchema } from './validation/common';
 export { passwordSchema } from './validation/passwordSchema';
 export { pickSchema, combineSchemas } from './validation/schema';
@@ -178,3 +178,6 @@ export {
   getInFlightRequestStats,
   deduplicatedQuery
 } from './request-deduplication';
+
+// Supabase client creation (restricted wrapper)
+export { createBaseClient } from './supabase/createBaseClient';

package/src/utils/persistence/__tests__/keyDerivation.test.ts

@@ -0,0 +1,135 @@
+/**
+ * @file Key Derivation Tests
+ * @package @jmruthers/pace-core
+ * @module Utils/Persistence/__tests__
+ */
+
+import { describe, it, expect } from 'vitest';
+import {
+  deriveDataTableKey,
+  deriveDialogKey,
+  deriveFormKey,
+  hashStableFingerprint,
+} from '../keyDerivation';
+
+describe('keyDerivation', () => {
+  describe('deriveDataTableKey', () => {
+    it('should use rbacPageId as primary key', () => {
+      const key = deriveDataTableKey({
+        rbacPageId: 'user-management',
+      });
+      expect(key).toBe('datatable:user-management');
+    });
+
+    it('should fall back to title when rbacPageId not available', () => {
+      const key = deriveDataTableKey({
+        title: 'Users Table',
+      });
+      expect(key).toBe('datatable:users-table');
+    });
+
+    it('should use route pathname as fallback', () => {
+      const key = deriveDataTableKey(
+        {},
+        { pathname: '/users' }
+      );
+      expect(key).toBe('datatable:/users');
+    });
+
+    it('should use column IDs hash as last resort', () => {
+      const key = deriveDataTableKey({
+        columnIds: ['id', 'name', 'email'],
+      });
+      expect(key).toMatch(/^datatable:[a-f0-9]+$/);
+    });
+
+    it('should return null if no stable key can be determined', () => {
+      const key = deriveDataTableKey({});
+      expect(key).toBeNull();
+    });
+  });
+
+  describe('deriveDialogKey', () => {
+    it('should use title as primary key', () => {
+      const key = deriveDialogKey({
+        title: 'Edit User',
+      });
+      expect(key).toBe('dialog:edit-user');
+    });
+
+    it('should use route pathname as fallback', () => {
+      const key = deriveDialogKey(
+        {},
+        { pathname: '/users/edit' }
+      );
+      expect(key).toBe('dialog:/users/edit');
+    });
+
+    it('should return null if no stable key can be determined', () => {
+      const key = deriveDialogKey({});
+      expect(key).toBeNull();
+    });
+  });
+
+  describe('deriveFormKey', () => {
+    it('should use parent dialog title when available', () => {
+      const key = deriveFormKey(
+        {},
+        { dialogTitle: 'Edit User' }
+      );
+      expect(key).toBe('form:edit-user');
+    });
+
+    it('should use route + field names hash as fallback', () => {
+      const key = deriveFormKey(
+        {
+          fieldNames: ['name', 'email'],
+        },
+        null,
+        { pathname: '/users' }
+      );
+      expect(key).toMatch(/^form:\/users:[a-f0-9]+$/);
+    });
+
+    it('should use route pathname as last resort', () => {
+      const key = deriveFormKey(
+        {},
+        null,
+        { pathname: '/users' }
+      );
+      expect(key).toBe('form:/users');
+    });
+
+    it('should return null if no stable key can be determined', () => {
+      const key = deriveFormKey({});
+      expect(key).toBeNull();
+    });
+  });
+
+  describe('hashStableFingerprint', () => {
+    it('should create stable hash from array of strings', () => {
+      const hash1 = hashStableFingerprint(['a', 'b', 'c']);
+      const hash2 = hashStableFingerprint(['a', 'b', 'c']);
+      expect(hash1).toBe(hash2);
+    });
+
+    it('should be order-independent', () => {
+      const hash1 = hashStableFingerprint(['a', 'b', 'c']);
+      const hash2 = hashStableFingerprint(['c', 'b', 'a']);
+      expect(hash1).toBe(hash2);
+    });
+
+    it('should normalize strings (lowercase, trim)', () => {
+      const hash1 = hashStableFingerprint(['A', ' B ', 'C']);
+      const hash2 = hashStableFingerprint(['a', 'b', 'c']);
+      expect(hash1).toBe(hash2);
+    });
+
+    it('should filter out empty values', () => {
+      const hash1 = hashStableFingerprint(['a', '', 'b', 'c']);
+      const hash2 = hashStableFingerprint(['a', 'b', 'c']);
+      expect(hash1).toBe(hash2);
+    });
+  });
+});
+

package/src/utils/persistence/__tests__/sensitiveFieldDetection.test.ts

@@ -0,0 +1,123 @@
+/**
+ * @file Sensitive Field Detection Tests
+ * @package @jmruthers/pace-core
+ * @module Utils/Persistence/__tests__
+ */
+
+import { describe, it, expect } from 'vitest';
+import {
+  isSensitiveField,
+  filterSensitiveFields,
+  getSensitiveFieldNames,
+} from '../sensitiveFieldDetection';
+
+describe('sensitiveFieldDetection', () => {
+  describe('isSensitiveField', () => {
+    it('should detect password input type', () => {
+      expect(isSensitiveField('password', 'password')).toBe(true);
+      expect(isSensitiveField('userPassword', 'password')).toBe(true);
+    });
+
+    it('should detect hidden input type', () => {
+      expect(isSensitiveField('token', 'hidden')).toBe(true);
+    });
+
+    it('should detect sensitive field names by pattern', () => {
+      expect(isSensitiveField('password', 'text')).toBe(true);
+      expect(isSensitiveField('user_password', 'text')).toBe(true);
+      expect(isSensitiveField('api_key', 'text')).toBe(true);
+      expect(isSensitiveField('secretToken', 'text')).toBe(true);
+      expect(isSensitiveField('credit_card', 'text')).toBe(true);
+      expect(isSensitiveField('ssn', 'text')).toBe(true);
+    });
+
+    it('should not detect non-sensitive fields', () => {
+      expect(isSensitiveField('name', 'text')).toBe(false);
+      expect(isSensitiveField('email', 'email')).toBe(false);
+      expect(isSensitiveField('age', 'number')).toBe(false);
+    });
+
+    it('should be case-insensitive', () => {
+      expect(isSensitiveField('PASSWORD', 'text')).toBe(true);
+      expect(isSensitiveField('Api_Key', 'text')).toBe(true);
+    });
+  });
+
+  describe('filterSensitiveFields', () => {
+    it('should filter out sensitive fields', () => {
+      const data = {
+        name: 'John',
+        email: 'john@example.com',
+        password: 'secret123',
+        api_key: 'key123',
+      };
+
+      const filtered = filterSensitiveFields(data, ['name', 'email', 'password', 'api_key']);
+
+      expect(filtered).toEqual({
+        name: 'John',
+        email: 'john@example.com',
+      });
+      expect(filtered).not.toHaveProperty('password');
+      expect(filtered).not.toHaveProperty('api_key');
+    });
+
+    it('should filter by input type', () => {
+      const data = {
+        name: 'John',
+        password: 'secret123',
+      };
+
+      const filtered = filterSensitiveFields(data, ['name', 'password'], {
+        password: 'password',
+      });
+
+      expect(filtered).toEqual({
+        name: 'John',
+      });
+      expect(filtered).not.toHaveProperty('password');
+    });
+
+    it('should return empty object if all fields are sensitive', () => {
+      const data = {
+        password: 'secret123',
+        api_key: 'key123',
+      };
+
+      const filtered = filterSensitiveFields(data, ['password', 'api_key']);
+
+      expect(filtered).toEqual({});
+    });
+
+    it('should return all fields if none are sensitive', () => {
+      const data = {
+        name: 'John',
+        email: 'john@example.com',
+      };
+
+      const filtered = filterSensitiveFields(data, ['name', 'email']);
+
+      expect(filtered).toEqual(data);
+    });
+  });
+
+  describe('getSensitiveFieldNames', () => {
+    it('should return list of sensitive field names', () => {
+      const sensitive = getSensitiveFieldNames(
+        ['name', 'email', 'password', 'api_key'],
+        {
+          password: 'password',
+        }
+      );
+
+      expect(sensitive).toEqual(['password', 'api_key']);
+    });
+
+    it('should return empty array if no sensitive fields', () => {
+      const sensitive = getSensitiveFieldNames(['name', 'email']);
+
+      expect(sensitive).toEqual([]);
+    });
+  });
+});
+