@jmruthers/pace-core 0.6.5 → 0.6.7

package/dist/types.js

@@ -1,50 +1,8 @@
-import {
-  FileCategory
-} from "./chunk-ZSAAAMVR.js";
-import {
-  AuthErrorCode,
-  PermissionErrorCode,
-  assertAppId,
-  assertEventId,
-  assertOrganisationId,
-  assertPageId,
-  assertUserId,
-  createAppId,
-  createEventId,
-  createOrganisationId,
-  createPageId,
-  createPermissionString,
-  createRequestId,
-  createSessionToken,
-  createUserId,
-  isAppId,
-  isEventId,
-  isOrganisationId,
-  isPageId,
-  isPermissionString,
-  isRequestId,
-  isSessionToken,
-  isUserId
-} from "./chunk-QXHPKYJV.js";
-import {
-  changePasswordSchema,
-  combineSchemas,
-  contactFormSchema,
-  dateSchema,
-  emailSchema,
-  loginSchema,
-  nameSchema,
-  passwordResetSchema,
-  passwordSchema,
-  phoneSchema,
-  pickSchema,
-  registrationSchema,
-  secureLoginSchema,
-  securePasswordSchema,
-  urlSchema,
-  userProfileSchema
-} from "./chunk-LMC26NLJ.js";
-import "./chunk-DGUM43GV.js";
+export { FileCategory } from './chunk-6QYDGKQY.js';
+import { AuthErrorCode } from './chunk-4SXLQIZO.js';
+export { AuthErrorCode, PermissionErrorCode, assertAppId, assertEventId, assertOrganisationId, assertPageId, assertUserId, createAppId, createEventId, createOrganisationId, createPageId, createPermissionString, createRequestId, createSessionToken, createUserId, isAppId, isEventId, isOrganisationId, isPageId, isPermissionString, isRequestId, isSessionToken, isUserId } from './chunk-4SXLQIZO.js';
+export { changePasswordSchema, combineSchemas, contactFormSchema, dateSchema, emailSchema, loginSchema, nameSchema, passwordResetSchema, passwordSchema, phoneSchema, pickSchema, registrationSchema, secureLoginSchema, securePasswordSchema, urlSchema, userProfileSchema } from './chunk-MBADTM7L.js';
+import './chunk-3RG5ZIWI.js';
 
 // src/types/organisation.ts
 var ORGANISATION_ROLE_PERMISSIONS = {
@@ -66,50 +24,5 @@ function isSession(obj) {
   const candidate = obj;
   return candidate != null && typeof candidate === "object" && typeof candidate.access_token === "string" && candidate.user != null && typeof candidate.user === "object";
 }
-export {
-  AuthErrorCode,
-  FileCategory,
-  ORGANISATION_ROLE_PERMISSIONS,
-  PermissionErrorCode,
-  assertAppId,
-  assertEventId,
-  assertOrganisationId,
-  assertPageId,
-  assertUserId,
-  changePasswordSchema,
-  combineSchemas,
-  contactFormSchema,
-  createAppId,
-  createEventId,
-  createOrganisationId,
-  createPageId,
-  createPermissionString,
-  createRequestId,
-  createSessionToken,
-  createUserId,
-  dateSchema,
-  emailSchema,
-  isAppId,
-  isAuthErrorCode,
-  isEventId,
-  isOrganisationId,
-  isPageId,
-  isPermissionString,
-  isRequestId,
-  isSession,
-  isSessionToken,
-  isUser,
-  isUserId,
-  loginSchema,
-  nameSchema,
-  passwordResetSchema,
-  passwordSchema,
-  phoneSchema,
-  pickSchema,
-  registrationSchema,
-  secureLoginSchema,
-  securePasswordSchema,
-  urlSchema,
-  userProfileSchema
-};
-//# sourceMappingURL=types.js.map
+
+export { ORGANISATION_ROLE_PERMISSIONS, isAuthErrorCode, isSession, isUser };

package/dist/{usePublicRouteParams-ClnV4tnv.d.ts → usePublicRouteParams-MamNgwqe.d.ts}

@@ -2,7 +2,7 @@ import * as react_hook_form from 'react-hook-form';
 import { z } from 'zod';
 import { l as OrganisationRole, m as OrganisationPermission, S as SuperAdminContext, E as Event } from './event-CW5YB_2p.js';
 import { SupabaseClient } from '@supabase/supabase-js';
-import { D as Database } from './database.generated-CzIvgcPu.js';
+import { D as Database } from './database.generated-CcnC_DRc.js';
 import { F as FileCategory, a as FileReference } from './file-reference-BavO2eQj.js';
 
 interface UseZodFormProps<T extends z.ZodTypeAny> {
@@ -242,9 +242,9 @@ declare const useOrganisationSecurity: () => OrganisationSecurityHook;
  * function MyComponent() {
  *   const { appName, isLoading } = useAppConfig();
  *
- *   if (isLoading) return <div>Loading...</div>;
+ *   if (isLoading) return <p>Loading...</p>;
  *
- *   return <div>App: {appName}</div>;
+ *   return <p>App: {appName}</p>;
  * }
  * ```
  */
@@ -464,16 +464,16 @@ interface StorageConfig {
  *   const { eventCode } = usePublicRouteParams();
  *   const { event, isLoading, error, refetch } = usePublicEvent(eventCode);
  *
- *   if (isLoading) return <div>Loading event...</div>;
- *   if (error) return <div>Error: {error.message}</div>;
- *   if (!event) return <div>Event not found</div>;
+ *   if (isLoading) return <p>Loading event...</p>;
+ *   if (error) return <p>Error: {error.message}</p>;
+ *   if (!event) return <p>Event not found</p>;
  *
  *   return (
- *     <div>
+ *     <section>
  *       <h1>{event.event_name}</h1>
  *       <p>Date: {event.event_date}</p>
  *       <p>Venue: {event.event_venue}</p>
- *     </div>
+ *     </section>
  *   );
  * }
  * ```
@@ -575,8 +575,8 @@ declare function getPublicEventCacheStats(): {
  *     { supabase }
  *   );
  *
- *   if (isLoading) return <div>Loading...</div>;
- *   if (error) return <div>Error: {error.message}</div>;
+ *   if (isLoading) return <p>Loading...</p>;
+ *   if (error) return <p>Error: {error.message}</p>;
  *
  *   return fileUrl ? <img src={fileUrl} alt="File" /> : null;
  * }
@@ -668,17 +668,17 @@ declare function getPublicFileDisplayCacheStats(): {
  *     organisationId
  *   );
  *
- *   if (isLoading) return <div>Loading logo...</div>;
- *   if (error) return <div>Error: {error.message}</div>;
+ *   if (isLoading) return <p>Loading logo...</p>;
+ *   if (error) return <p>Error: {error.message}</p>;
  *
  *   return (
- *     <div>
+ *     <section>
  *       {logoUrl ? (
  *         <img src={logoUrl} alt={`${eventName} logo`} />
  *       ) : (
- *         <div className="logo-fallback">{fallbackText}</div>
+ *         <p className="logo-fallback">{fallbackText}</p>
  *       )}
- *     </div>
+ *     </section>
  *   );
  * }
  * ```
@@ -783,15 +783,15 @@ declare function getPublicLogoCacheStats(): {
  * function PublicEventPage() {
  *   const { eventCode, eventId, event, error, isLoading } = usePublicRouteParams();
  *
- *   if (isLoading) return <div>Loading...</div>;
- *   if (error) return <div>Error: {error.message}</div>;
- *   if (!event) return <div>Event not found</div>;
+ *   if (isLoading) return <p>Loading...</p>;
+ *   if (error) return <p>Error: {error.message}</p>;
+ *   if (!event) return <p>Event not found</p>;
  *
  *   return (
- *     <div>
+ *     <section>
  *       <h1>{event.event_name}</h1>
  *       <p>Event Code: {eventCode}</p>
- *     </div>
+ *     </section>
  *   );
  * }
  * ```

package/dist/utils.d.ts

@@ -1,12 +1,13 @@
-export { K as DateTimeFormatOptions, j as LogLevel, L as Logger, k as LoggerConfig, S as SecureDataAccess, N as calculatePasswordStrength, d as cn, i as createLogger, M as dateSchema, e as emailSchema, w as formatCompactNumber, r as formatCurrency, m as formatDate, H as formatDateOnlyForDisplay, q as formatDateTime, G as formatDateTimeForDisplay, J as formatDateTimeForMap, I as formatDateTimeForTable, x as formatFileSize, y as formatInTimeZone, t as formatNumber, v as formatPercent, o as formatTime, A as formatTimeInTimeZone, D as fromZonedTime, g as getAppConfig, h as getCurrentAppId, F as getTimeZoneDifference, z as getTimezoneAbbreviation, B as getUserTimeZone, l as logger, n as nameSchema, b as passwordSchema, p as phoneSchema, E as roundToNearestMinutes, s as setAppConfig, C as toZonedTime, a as urlSchema, u as useSessionTracking } from './timezone-CHhWg6b4.js';
+import { S as SanitizationOptions } from './timezone-BZe_eUxx.js';
+export { Q as DateTimeFormatOptions, q as LogLevel, L as Logger, r as LoggerConfig, K as SecureDataAccess, V as calculatePasswordStrength, g as cn, l as createBaseClient, o as createLogger, U as dateSchema, e as emailSchema, A as formatCompactNumber, x as formatCurrency, t as formatDate, N as formatDateOnlyForDisplay, w as formatDateTime, M as formatDateTimeForDisplay, P as formatDateTimeForMap, O as formatDateTimeForTable, B as formatFileSize, C as formatInTimeZone, y as formatNumber, z as formatPercent, v as formatTime, E as formatTimeInTimeZone, H as fromZonedTime, i as getAppConfig, k as getCurrentAppId, J as getTimeZoneDifference, D as getTimezoneAbbreviation, F as getUserTimeZone, m as logger, n as nameSchema, b as passwordSchema, p as phoneSchema, T as renderSafeHtml, I as roundToNearestMinutes, c as sanitizeFormData, d as sanitizeHtml, s as sanitizeUserInput, h as setAppConfig, G as toZonedTime, a as urlSchema, u as useSessionTracking, R as validateHtml } from './timezone-BZe_eUxx.js';
 import { SupabaseClient } from '@supabase/supabase-js';
-import { D as Database } from './database.generated-CzIvgcPu.js';
+import { D as Database } from './database.generated-CcnC_DRc.js';
 export { g as changePasswordSchema, t as combineSchemas, i as contactFormSchema, l as loginSchema, f as passwordResetSchema, q as pickSchema, r as registrationSchema, c as secureLoginSchema, s as securePasswordSchema, h as userProfileSchema } from './validation-643vUDZW.js';
 import { z } from 'zod';
 export { u as useComponentPerformance } from './useComponentPerformance-DE9l5RkL.js';
 import * as date_fns from 'date-fns';
-import { D as DataTable } from './DataTable-BMRU8a1j.js';
-import { A as AutocompleteOptions, m as GooglePlaceAutocompletePrediction, P as ParsedAddress } from './types-CkbwOr4Y.js';
+import { D as DataTable } from './DataTable-DRUIgtUH.js';
+import { A as AutocompleteOptions, m as GooglePlaceAutocompletePrediction, P as ParsedAddress } from './types-DXstZpNI.js';
 import React__default, { ComponentType } from 'react';
 import 'clsx';
 import 'react/jsx-runtime';
@@ -298,107 +299,6 @@ declare function deepMerge<T extends Record<string, unknown>>(target: T, source:
  */
 declare function isObject(item: unknown): item is Record<string, unknown>;
 
-/**
- * @file HTML Sanitization Utilities
- * @package @jmruthers/pace-core
- * @module Utils/Validation/HTMLSanitization
- * @since 0.4.36
- *
- * Utilities for safely rendering HTML content.
- * Provides sanitization and validation for basic HTML elements.
- */
-/**
- * Basic HTML sanitization function using regex-based approach
- * Removes potentially dangerous elements and attributes while preserving basic formatting
- * This approach is more reliable in SSR environments and doesn't require DOM manipulation
- *
- * @param html - The HTML string to sanitize
- * @returns Sanitized HTML string safe for rendering
- *
- * @example
- * ```tsx
- * const safeHtml = sanitizeHtml('<p>Hello <strong>world</strong>!</p>');
- * // Returns: '<p>Hello <strong>world</strong>!</p>'
- *
- * const dangerousHtml = sanitizeHtml('<script>alert("xss")</script><p>Safe content</p>');
- * // Returns: '<p>Safe content</p>'
- * ```
- */
-declare function sanitizeHtml(html: string): string;
-/**
- * Validates if HTML content is safe for rendering
- *
- * @param html - The HTML string to validate
- * @returns Object with validation result and any warnings
- *
- * @example
- * ```tsx
- * const validation = validateHtml('<p>Safe content</p>');
- * console.log(validation.isValid); // true
- * console.log(validation.warnings); // []
- * ```
- */
-declare function validateHtml(html: string): {
-    isValid: boolean;
-    warnings: string[];
-};
-/**
- * Safely renders HTML content with sanitization
- *
- * @param html - The HTML string to render
- * @param options - Rendering options
- * @returns Object with sanitized HTML and validation info
- *
- * @example
- * ```tsx
- * const result = renderSafeHtml('<p>Hello <strong>world</strong>!</p>');
- * console.log(result.html); // Sanitized HTML
- * console.log(result.isValid); // true
- * ```
- */
-declare function renderSafeHtml(html: string, options?: {
-    strict?: boolean;
-    logWarnings?: boolean;
-}): {
-    html: string;
-    isValid: boolean;
-    warnings: string[];
-};
-
-/**
- * @file Input Sanitization Layer
- * @package @jmruthers/pace-core
- * @module Utils/Validation/Sanitization
- * @since 0.1.0
- *
- * Comprehensive input sanitization utilities to prevent XSS, injection attacks,
- * and other security vulnerabilities.
- */
-
-/**
- * Sanitization options for different contexts
- */
-interface SanitizationOptions {
-    allowHtml?: boolean;
-    allowedTags?: string[];
-    maxLength?: number;
-    trim?: boolean;
-    removeScripts?: boolean;
-    removeEvents?: boolean;
-}
-/**
- * Sanitizes user input by removing potentially dangerous characters and patterns
- */
-declare function sanitizeUserInput(input: string, options?: SanitizationOptions): string;
-/**
- * Validates and sanitizes form data using Zod schemas
- */
-declare function sanitizeFormData<T>(data: unknown, schema: z.ZodSchema<T>, sanitizationRules?: Record<string, SanitizationOptions>): {
-    success: boolean;
-    data?: T;
-    error?: string;
-};
-
 /**
  * @file Validation utilities
  *
@@ -536,17 +436,17 @@ declare const userSettingsSchema: z.ZodObject<{
     }>;
     language: z.ZodString;
 }, "strip", z.ZodTypeAny, {
-    language: string;
     notifications: {
         push: boolean;
         email: boolean;
     };
-}, {
     language: string;
+}, {
     notifications: {
         push: boolean;
         email: boolean;
     };
+    language: string;
 }>;
 /**
  * Schema for user preferences
@@ -558,13 +458,13 @@ declare const userPreferencesSchema: z.ZodObject<{
     currency: z.ZodString;
 }, "strip", z.ZodTypeAny, {
     currency: string;
-    timezone: string;
     displayName: string;
+    timezone: string;
     dateFormat: string;
 }, {
     currency: string;
-    timezone: string;
     displayName: string;
+    timezone: string;
     dateFormat: string;
 }>;
 
@@ -870,12 +770,16 @@ declare function validateDeviceFingerprint(storedFingerprint: DeviceFingerprint,
 /**
  * Set organisation context in the database session
  *
- * This function attempts to set the organisation context using a database function.
- * If the function is not available, it falls back gracefully without throwing errors.
+ * @deprecated This function is a no-op. Organisation context is now handled via:
+ * - Secure Supabase client headers (useSecureSupabase hook)
+ * - Explicit p_organisation_id parameters in RPC calls
+ * - RLS policies that use auth.uid() and organisation_id columns
  *
- * @param supabase - Supabase client instance
- * @param organisationId - The organisation ID to set as context
- * @returns Promise that resolves when context is set (or falls back gracefully)
+ * This function is kept for backward compatibility but does nothing.
+ *
+ * @param supabase - Supabase client instance (unused)
+ * @param organisationId - The organisation ID (unused)
+ * @returns Promise that resolves immediately
  */
 declare function setOrganisationContext(supabase: SupabaseClient, organisationId: string): Promise<void>;
 /**
@@ -895,8 +799,11 @@ declare function getOrganisationContext(supabase: SupabaseClient): Promise<strin
 /**
  * Check if organisation context functions are available in the database
  *
- * @param supabase - Supabase client instance
- * @returns Promise that resolves to true if functions are available
+ * @deprecated This function always returns false. Organisation context functions have been removed.
+ * Organisation context is now handled via secure client and explicit parameters.
+ *
+ * @param supabase - Supabase client instance (unused)
+ * @returns Promise that resolves to false
  */
 declare function isOrganisationContextAvailable(supabase: SupabaseClient): Promise<boolean>;
 
@@ -1098,4 +1005,4 @@ declare function getInFlightRequestStats(): {
  */
 declare function deduplicatedQuery<T>(supabase: any, table: string, filters: Record<string, any>, select: string, requestFn: () => Promise<T>): Promise<T>;
 
-export { AutocompleteOptions, type CSRFTokenData, CachedAppIdResolver, type Coordinates, DebugLogger, GooglePlaceAutocompletePrediction, LazyDataTable, PERFORMANCE_BUDGETS, PERFORMANCE_THRESHOLDS, ParsedAddress, type PerformanceMetrics$1 as PerformanceMetrics, PermissionType, type SafeQueryParams, type SanitizationOptions, type SecurityEvent$1 as SecurityEvent, areCoordinatesEqual, auditLogger, buildSafeQueryParams, bundleAnalyzer, cachedAppIdResolver, clearInFlightRequests, clearOrganisationContext, createAddressFromPlaceResult, createLazyComponent, createLazyUtility, createPerformanceBenchmark, csrfManager, deduplicatedQuery, deepMerge, detectSQLInjection, escapeLikeQuery, fetchPlaceAutocomplete, fetchPlaceDetails, formatCoordinates, generateCSRFToken, generateDeviceFingerprint, generateRequestKey, getAddressByPlaceId, getAppId, getAppIds, getAppNameFromBuildTime, getAppNameFromEnvironment, getAppNameFromGlobal, getAppNameFromPackageJson, getCSRFToken, getCurrentAppName, getCurrentAppNameWithFallback, getGoogleMapsUrl, getInFlightRequestStats, getOrCreateRequest, getOrganisationContext, getSecurityHeaders, hasAllPermissions, hasAnyPermission, hasPermission, hasValidCoordinates, isEmpty, isObject, isOrganisationContextAvailable, isStrongPassword, isValidDate, isValidEmail, isValidUrl, isWithinRange, lazyCSVUtils, lazyChartUtils, lazyDateUtils, lazyFormUtils, lazyLodash, limitOffsetSchema, loadCSVUtils, loadChartUtils, loadDateUtils, loadFormUtils, loadLodash, logAuditEvent, logAuthEvent, logPermissionEvent, logSecurityEvent, matchesPattern, measureRenderPerformance, orderBySchema, parseAddressComponents, parsePermission, performanceBudgetMonitor, renderSafeHtml, sanitizeFilters, sanitizeFormData, sanitizeHtml, sanitizeSearchQuery, sanitizeUserInput, searchQuerySchema, securityMonitor, setOrganisationContext, setRBACAppName, sqlIdentifierSchema, trackDynamicImport, transformPermissionMapToBoolean, userPreferencesSchema, userSettingsSchema, usernameSchema, validateCSRFToken, validateDeviceFingerprint, validateHtml, validateImportPattern, validateSecurityHeaders, validateUserInput };
+export { AutocompleteOptions, type CSRFTokenData, CachedAppIdResolver, type Coordinates, DebugLogger, GooglePlaceAutocompletePrediction, LazyDataTable, PERFORMANCE_BUDGETS, PERFORMANCE_THRESHOLDS, ParsedAddress, type PerformanceMetrics$1 as PerformanceMetrics, PermissionType, type SafeQueryParams, SanitizationOptions, type SecurityEvent$1 as SecurityEvent, areCoordinatesEqual, auditLogger, buildSafeQueryParams, bundleAnalyzer, cachedAppIdResolver, clearInFlightRequests, clearOrganisationContext, createAddressFromPlaceResult, createLazyComponent, createLazyUtility, createPerformanceBenchmark, csrfManager, deduplicatedQuery, deepMerge, detectSQLInjection, escapeLikeQuery, fetchPlaceAutocomplete, fetchPlaceDetails, formatCoordinates, generateCSRFToken, generateDeviceFingerprint, generateRequestKey, getAddressByPlaceId, getAppId, getAppIds, getAppNameFromBuildTime, getAppNameFromEnvironment, getAppNameFromGlobal, getAppNameFromPackageJson, getCSRFToken, getCurrentAppName, getCurrentAppNameWithFallback, getGoogleMapsUrl, getInFlightRequestStats, getOrCreateRequest, getOrganisationContext, getSecurityHeaders, hasAllPermissions, hasAnyPermission, hasPermission, hasValidCoordinates, isEmpty, isObject, isOrganisationContextAvailable, isStrongPassword, isValidDate, isValidEmail, isValidUrl, isWithinRange, lazyCSVUtils, lazyChartUtils, lazyDateUtils, lazyFormUtils, lazyLodash, limitOffsetSchema, loadCSVUtils, loadChartUtils, loadDateUtils, loadFormUtils, loadLodash, logAuditEvent, logAuthEvent, logPermissionEvent, logSecurityEvent, matchesPattern, measureRenderPerformance, orderBySchema, parseAddressComponents, parsePermission, performanceBudgetMonitor, sanitizeFilters, sanitizeSearchQuery, searchQuerySchema, securityMonitor, setOrganisationContext, setRBACAppName, sqlIdentifierSchema, trackDynamicImport, transformPermissionMapToBoolean, userPreferencesSchema, userSettingsSchema, usernameSchema, validateCSRFToken, validateDeviceFingerprint, validateImportPattern, validateSecurityHeaders, validateUserInput };