@jmruthers/pace-core 0.6.5 → 0.6.7

package/dist/{chunk-VBXEHIUJ.js → chunk-HF6O3O37.js}

@@ -1,78 +1,3 @@
-import {
-  createLogger
-} from "./chunk-PWLANIRT.js";
-
-// src/utils/context/organisationContext.ts
-var log = createLogger("organisationContext");
-async function setOrganisationContext(supabase, organisationId) {
-  if (!supabase || !organisationId) {
-    return;
-  }
-  try {
-    const timeoutPromise = new Promise((_, reject) => {
-      setTimeout(() => reject(new Error("RPC timeout after 3 seconds")), 3e3);
-    });
-    const rpcPromise = supabase.rpc("set_organisation_context", {
-      org_id: organisationId
-    });
-    const { error } = await Promise.race([rpcPromise, timeoutPromise]);
-    if (error) {
-      log.debug("RPC function not available or failed, continuing without database context");
-    } else {
-      log.debug("Organisation context set in database successfully");
-    }
-  } catch (error) {
-    log.debug("Failed to set database context, continuing without it:", error);
-  }
-}
-async function clearOrganisationContext(supabase) {
-  if (!supabase) {
-    return;
-  }
-  try {
-    const { error } = await supabase.rpc("rbac_audit_log", {
-      p_event_type: "organisation_switched",
-      p_metadata: { action: "clear_context" }
-    });
-    if (error) {
-    } else {
-    }
-  } catch (error) {
-  }
-}
-async function getOrganisationContext(supabase) {
-  if (!supabase) {
-    return null;
-  }
-  try {
-    const data = null;
-    const error = null;
-    if (error) {
-      return null;
-    }
-    if (typeof data === "string") {
-      return data;
-    }
-    return null;
-  } catch (error) {
-    return null;
-  }
-}
-async function isOrganisationContextAvailable(supabase) {
-  if (!supabase) {
-    return false;
-  }
-  try {
-    const { error } = await supabase.rpc("get_organisation_context");
-    if (error) {
-      return false;
-    }
-    return true;
-  } catch (error) {
-    return false;
-  }
-}
-
 // src/utils/security/secureStorage.ts
 var SecureStorageImpl = class {
   constructor() {
@@ -97,7 +22,7 @@ var SecureStorageImpl = class {
               false,
               ["encrypt", "decrypt"]
             );
-          } catch (error) {
+          } catch (_error) {
             await this.generateNewKey();
           }
         } else {
@@ -105,7 +30,7 @@ var SecureStorageImpl = class {
         }
       }
       this.initialized = true;
-    } catch (error) {
+    } catch (_error) {
       this.initialized = true;
     }
   }
@@ -145,7 +70,7 @@ var SecureStorageImpl = class {
           return null;
         }
         return parsed.value;
-      } catch (error) {
+      } catch (_error) {
       }
     }
     const plainData = localStorage.getItem(key);
@@ -157,7 +82,7 @@ var SecureStorageImpl = class {
         return null;
       }
       return parsed.value || plainData;
-    } catch (error) {
+    } catch (_error) {
       return plainData;
     }
   }
@@ -193,7 +118,7 @@ var SecureStorageImpl = class {
       const exportedKey = await window.crypto.subtle.exportKey("raw", this.encryptionKey);
       const keyData = this.arrayBufferToBase64(exportedKey);
       localStorage.setItem("_sec_key", keyData);
-    } catch (error) {
+    } catch (_error) {
     }
   }
   /**
@@ -259,11 +184,4 @@ var SecureStorageImpl = class {
 };
 var secureStorage = new SecureStorageImpl();
 
-export {
-  setOrganisationContext,
-  clearOrganisationContext,
-  getOrganisationContext,
-  isOrganisationContextAvailable,
-  secureStorage
-};
-//# sourceMappingURL=chunk-VBXEHIUJ.js.map
+export { secureStorage };

package/dist/{chunk-FFQEQTNW.js → chunk-IUBRCBSY.js}

@@ -1,10 +1,8 @@
-import {
-  formatInTimeZone,
-  getTimezoneAbbreviation
-} from "./chunk-J36DSWQK.js";
-import {
-  createLogger
-} from "./chunk-PWLANIRT.js";
+import { formatInTimeZone, getTimezoneAbbreviation } from './chunk-FEJLJNWA.js';
+import { createLogger } from './chunk-TTRFSOKR.js';
+import { z } from 'zod';
+import { createClient } from '@supabase/supabase-js';
+import { parseISO, isValid } from 'date-fns';
 
 // src/utils/context/sessionTracking.ts
 var log = createLogger("SessionTracking");
@@ -83,9 +81,6 @@ function useSessionTracking(supabaseClient, appName) {
     trackSessionExpired
   };
 }
-
-// src/utils/validation/common.ts
-import { z } from "zod";
 var emailSchema = z.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long");
 var nameSchema = z.string().min(1, "Name is required").max(100, "Name too long").regex(/^[a-zA-Z\s'-]+$/, "Name contains invalid characters");
 var phoneSchema = z.string().regex(/^\+?[\d\s\-\(\)]+$/, "Invalid phone number format").min(10, "Phone number too short").max(20, "Phone number too long");
@@ -94,9 +89,6 @@ var dateSchema = z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "Date must be in YYYY-M
   const parsed = new Date(date);
   return !isNaN(parsed.getTime());
 }, "Invalid date");
-
-// src/utils/validation/passwordSchema.ts
-import { z as z2 } from "zod";
 var COMMON_PASSWORDS = /* @__PURE__ */ new Set([
   "password",
   "123456",
@@ -119,7 +111,7 @@ var WEAK_PATTERNS = [
   /^(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz)+/i
   // Sequential letters
 ];
-var securePasswordSchema = z2.string().min(8, "Password must be at least 8 characters long").max(128, "Password must not exceed 128 characters").refine(
+z.string().min(8, "Password must be at least 8 characters long").max(128, "Password must not exceed 128 characters").refine(
   (password) => /[a-z]/.test(password),
   "Password must contain at least one lowercase letter"
 ).refine(
@@ -146,7 +138,7 @@ var securePasswordSchema = z2.string().min(8, "Password must be at least 8 chara
   },
   "Password contains keyboard patterns. Please choose a more secure password"
 );
-var passwordSchema = z2.string().min(6, "Password must be at least 6 characters long").max(128, "Password must not exceed 128 characters");
+var passwordSchema = z.string().min(6, "Password must be at least 6 characters long").max(128, "Password must not exceed 128 characters");
 function calculatePasswordStrength(password) {
   let score = 0;
   const feedback = [];
@@ -179,6 +171,89 @@ function calculatePasswordStrength(password) {
   else level = "strong";
   return { score: Math.max(0, Math.min(100, score)), feedback, level };
 }
+var DEFAULT_OPTIONS = {
+  allowHtml: false,
+  allowedTags: [],
+  maxLength: 1e3,
+  trim: true,
+  removeScripts: true,
+  removeEvents: true
+};
+function sanitizeUserInput(input, options = {}) {
+  if (typeof input !== "string") {
+    return "";
+  }
+  const opts = { ...DEFAULT_OPTIONS, ...options };
+  let sanitized = input;
+  if (opts.trim) {
+    sanitized = sanitized.trim();
+  }
+  if (opts.maxLength && sanitized.length > opts.maxLength) {
+    sanitized = sanitized.substring(0, opts.maxLength);
+  }
+  if (!opts.allowHtml) {
+    sanitized = sanitized.replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#x27;").replace(/\//g, "&#x2F;");
+  } else if (opts.allowedTags && opts.allowedTags.length > 0) {
+    const allowedTagsRegex = new RegExp(`<(?!/?(?:${opts.allowedTags.join("|")})s*/?>)[^>]+>`, "gi");
+    sanitized = sanitized.replace(allowedTagsRegex, "");
+  }
+  if (opts.removeScripts) {
+    sanitized = sanitized.replace(/<script[^>]*>.*?<\/script>/gi, "").replace(/javascript:/gi, "").replace(/vbscript:/gi, "").replace(/data:/gi, "");
+  }
+  if (opts.removeEvents) {
+    sanitized = sanitized.replace(/on\w+\s*=/gi, "");
+  }
+  return sanitized;
+}
+function sanitizeEmail(email) {
+  if (typeof email !== "string") {
+    return "";
+  }
+  return email.trim().toLowerCase().replace(/[^\w@.-]/g, "");
+}
+function sanitizeFormData(data, schema, sanitizationRules) {
+  try {
+    if (sanitizationRules && typeof data === "object" && data !== null) {
+      const sanitizedData = { ...data };
+      Object.entries(sanitizationRules).forEach(([field, options]) => {
+        if (typeof sanitizedData[field] === "string") {
+          sanitizedData[field] = sanitizeUserInput(sanitizedData[field], options);
+        }
+      });
+      data = sanitizedData;
+    }
+    const result = schema.parse(data);
+    return { success: true, data: result };
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return {
+        success: false,
+        error: error.errors.map((e) => e.message).join(", ")
+      };
+    }
+    return {
+      success: false,
+      error: "Validation failed"
+    };
+  }
+}
+var secureEmailSchema = z.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long").refine(
+  (email) => {
+    if (!email || typeof email !== "string") return false;
+    const domain = email.split("@")[1];
+    return domain && domain.includes(".") && domain.length > 3;
+  },
+  "Invalid email domain"
+).transform((email) => sanitizeEmail(email));
+z.string().min(1, "Email is required").email("Invalid email format");
+z.string().min(1, "Name is required").max(100, "Name too long").regex(/^[a-zA-Z\s'-]+$/, "Name contains invalid characters");
+z.string().regex(/^[\+]?[1-9][\d]{0,15}$/, "Invalid phone number format");
+z.string().url("Invalid URL format");
+z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "Invalid date format (YYYY-MM-DD)");
+z.object({
+  email: secureEmailSchema,
+  password: z.string().min(1, "Password is required")
+});
 
 // src/utils/app/appConfig.ts
 var currentAppConfig = null;
@@ -201,9 +276,49 @@ function getCurrentAppName() {
 function getCurrentAppId() {
   return getAppConfig().appId;
 }
-
-// src/utils/formatting/formatting.ts
-import { parseISO, isValid } from "date-fns";
+var ALLOWED_FILE_PATTERNS = [
+  /[\/\\]main\.(tsx?|jsx?)(\?|:|\s|$)/i,
+  /[\/\\]App\.(tsx?|jsx?)(\?|:|\s|$)/i,
+  /[\/\\]lib[\/\\]supabase\.(tsx?|jsx?)(\?|:|\s|$)/i,
+  /[\/\\]src[\/\\]supabase\.(tsx?|jsx?)(\?|:|\s|$)/i
+];
+function isAllowedContext() {
+  if (typeof process !== "undefined" && true) {
+    return true;
+  }
+  try {
+    const stack = new Error().stack;
+    if (!stack) return false;
+    const stackLines = stack.split("\n");
+    for (const line of stackLines) {
+      for (const pattern of ALLOWED_FILE_PATTERNS) {
+        if (pattern.test(line)) {
+          return true;
+        }
+      }
+    }
+    return false;
+  } catch {
+    return true;
+  }
+}
+function createBaseClient(supabaseUrl, supabaseKey) {
+  if (!isAllowedContext()) {
+    const error = new Error(
+      "createBaseClient() can only be called from main.tsx, App.tsx, or lib/supabase.ts.\nThis is a security requirement to ensure the base client is only created once and passed to UnifiedAuthProvider.\nSee: https://github.com/jmruthers/pace-core/blob/main/packages/core/docs/standards/00-pace-core-compliance.md"
+    );
+    console.error("[pace-core Security Error]", error);
+    throw error;
+  }
+  return createClient(supabaseUrl, supabaseKey, {
+    auth: {
+      autoRefreshToken: true,
+      persistSession: true,
+      detectSessionInUrl: true,
+      flowType: "pkce"
+    }
+  });
+}
 function formatDate(date) {
   const dateObj = typeof date === "string" || typeof date === "number" ? new Date(date) : date;
   return dateObj.toLocaleDateString("en-GB", {
@@ -357,30 +472,4 @@ function formatDateTimeForMap(utcDate, timezone) {
   }
 }
 
-export {
-  useSessionTracking,
-  emailSchema,
-  nameSchema,
-  phoneSchema,
-  urlSchema,
-  dateSchema,
-  passwordSchema,
-  calculatePasswordStrength,
-  setAppConfig,
-  getAppConfig,
-  getCurrentAppName,
-  getCurrentAppId,
-  formatDate,
-  formatTime,
-  formatDateTime,
-  formatCurrency,
-  formatNumber,
-  formatPercent,
-  formatCompactNumber,
-  formatFileSize,
-  formatDateTimeForDisplay,
-  formatDateOnlyForDisplay,
-  formatDateTimeForTable,
-  formatDateTimeForMap
-};
-//# sourceMappingURL=chunk-FFQEQTNW.js.map
+export { calculatePasswordStrength, createBaseClient, dateSchema, emailSchema, formatCompactNumber, formatCurrency, formatDate, formatDateOnlyForDisplay, formatDateTime, formatDateTimeForDisplay, formatDateTimeForMap, formatDateTimeForTable, formatFileSize, formatNumber, formatPercent, formatTime, getAppConfig, getCurrentAppId, getCurrentAppName, nameSchema, passwordSchema, phoneSchema, sanitizeFormData, sanitizeUserInput, setAppConfig, urlSchema, useSessionTracking };