@koloseum/utils 0.3.0 → 0.3.1

package/dist/client.d.ts

@@ -1,7 +1,7 @@
 import type { BrowserInfo, Microservice, MicroserviceFeature, MicroserviceGroup, MicroserviceObject, MicroserviceRole, UserWithCustomMetadata } from "@koloseum/types/general";
 import type { PronounsCheckboxes } from "@koloseum/types/public-auth";
 import type { IOptions } from "@suprsend/web-components/dist/types/interface.d.ts";
-import type { Page } from "@sveltejs/kit";
+import type { Page, SubmitFunction } from "@sveltejs/kit";
 export declare const Browser: {
     /**
      * Checks if a specific feature is supported by the browser.
@@ -93,6 +93,12 @@ export declare const Access: {
     roleHasAccessToFeature: (role: MicroserviceRole, feature: MicroserviceFeature, type: "backroom" | "lounges") => boolean;
 };
 export declare const Interface: {
+    /**
+     * Progressive-enhancement submit function for SvelteKit.
+     * Disables the submit button and shows a loading spinner; navigates via `goto` on redirect, otherwise calls `update` and restores the button.
+     * Buttons with class `otp-button` are not restored on failure/error so OTP flows can keep the loading state.
+     */
+    formEnhance: SubmitFunction;
     /**
      * Returns the URL for a menu item based on the slug.
      * @param {string} base - The base URL

package/dist/client.js

@@ -445,6 +445,37 @@ export const Access = {
 };
 /* INTERFACE HELPERS */
 export const Interface = {
+    /**
+     * Progressive-enhancement submit function for SvelteKit.
+     * Disables the submit button and shows a loading spinner; navigates via `goto` on redirect, otherwise calls `update` and restores the button.
+     * Buttons with class `otp-button` are not restored on failure/error so OTP flows can keep the loading state.
+     */
+    formEnhance: (({ submitter }) => {
+        if (submitter) {
+            const button = submitter;
+            const innerHTML = button.innerHTML;
+            // Disable button and show loading spinner if not an OTP button
+            if (!button.classList.contains("otp-button")) {
+                button.disabled = true;
+                button.innerHTML = `<span class="loading loading-bars loading-sm"></span>`;
+            }
+            // Handle form submission
+            return async ({ update, result }) => {
+                // Navigate via `goto` on redirect
+                if (result.type === "redirect" && result.location) {
+                    const { goto } = await import("$app/navigation");
+                    await goto(result.location);
+                    return;
+                }
+                // Update form and restore button if not an OTP button
+                await update();
+                if (result.type === "failure" || result.type === "error" || !button.classList.contains("otp-button")) {
+                    button.disabled = false;
+                    button.innerHTML = innerHTML;
+                }
+            };
+        }
+    }),
     /**
      * Returns the URL for a menu item based on the slug.
      * @param {string} base - The base URL

package/dist/formatting.d.ts

@@ -99,6 +99,12 @@ export declare const Validate: {
      * - at least one symbol
      */
     passwordRegex: RegExp;
+    /**
+     * Returns a regular expression for a Koloseum platform ID.
+     * @param {string} type - The type of platform ID to return
+     * @returns A regular expression for the platform ID, or `null` if the type is invalid
+     */
+    platformIdRegex: (type: "lounge" | "loungeBranch" | "player") => RegExp | null;
     /**
      * A regular expression for social media handles, without a leading slash or @ character.
      *

package/dist/formatting.js

@@ -333,6 +333,20 @@ export const Validate = {
      * - at least one symbol
      */
     passwordRegex: /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()\-_+=|{}\[\]:;'<>,.?/~]).{8,}$/,
+    /**
+     * Returns a regular expression for a Koloseum platform ID.
+     * @param {string} type - The type of platform ID to return
+     * @returns A regular expression for the platform ID, or `null` if the type is invalid
+     */
+    platformIdRegex: (type) => {
+        if (type === "lounge")
+            return /^KL\d{7}$/;
+        if (type === "loungeBranch")
+            return /^KLB\d{7}$/;
+        if (type === "player")
+            return /^KP\d{7}$/;
+        return null;
+    },
     /**
      * A regular expression for social media handles, without a leading slash or @ character.
      *

package/dist/general.d.ts

@@ -11,6 +11,10 @@ export declare const Status: {
      * A generic password reset request message.
      */
     PASSWORD_RESET_REQUESTED: string;
+    /**
+     * A generic password reset confirmation message.
+     */
+    PASSWORD_RESET_COMPLETED: string;
 };
 export declare const Cache: {
     /**

package/dist/general.js

@@ -11,7 +11,11 @@ export const Status = {
     /**
      * A generic password reset request message.
      */
-    PASSWORD_RESET_REQUESTED: "If the provided email address is registered, you will receive a password reset link shortly."
+    PASSWORD_RESET_REQUESTED: "If the provided email address is registered, you will receive a password reset link shortly.",
+    /**
+     * A generic password reset confirmation message.
+     */
+    PASSWORD_RESET_COMPLETED: "Your password has been reset successfully. You can now log in with your new password."
 };
 /* CACHE HELPERS */
 export const Cache = {

package/dist/platform.d.ts

@@ -1,4 +1,4 @@
-import type { MicroserviceGroup, MicroserviceObject, UserWithCustomMetadata } from "@koloseum/types/general";
+import type { CustomError, MicroserviceGroup, MicroserviceObject, UserWithCustomMetadata } from "@koloseum/types/general";
 import type { BranchAddressObject, County } from "@koloseum/types/public-auth";
 export declare const Config: {
     /**
@@ -45,6 +45,23 @@ export declare const Resource: {
         url?: string;
         error?: any;
     };
+    /**
+     * Processes a redirect URI and returns a validated, safe redirect URL. Callers in SvelteKit can pass `dev` from `$app/environment`.
+     * @param uri - The URI to process (e.g. `players:competitions/leagues`)
+     * @param dev - Whether the environment is development/test; defaults to `false`
+     * @returns An object with the safe redirect `url`, or an `error` if the URI or URL is invalid or unsafe
+     */
+    getSafeRedirectUrl: (uri: string, dev?: boolean) => {
+        url?: string;
+        error?: CustomError;
+    };
+    /**
+     * Returns whether the given URL points to a local Supabase instance (localhost or 127.0.0.1, any port).
+     * Use for cookie domain, redirects, and MSW so non-default local ports (e.g. 54621) behave like default (54321).
+     * @param url - Supabase API URL (e.g. PUBLIC_SUPABASE_URL)
+     * @returns `true` if the URL host is localhost or 127.0.0.1, `false` otherwise
+     */
+    isLocalSupabase: (url: string | undefined) => boolean;
     /**
      * Parses a resource request and returns the URL and path.
      * @param request - The request to parse.
@@ -63,4 +80,11 @@ export declare const Resource: {
         address?: BranchAddressObject;
         error?: any;
     }>;
+    /**
+     * Validates that a redirect URL is safe and allowed. Callers in SvelteKit can pass `dev` from `$app/environment`.
+     * @param url - The URL to validate
+     * @param dev - Whether the environment is development/test. Defaults to `false`
+     * @returns `true` if the URL is safe, `false` otherwise
+     */
+    validateRedirectUrl: (url: string, dev?: boolean) => boolean;
 };

package/dist/platform.js

@@ -1,4 +1,5 @@
 import { Transform } from "./formatting.js";
+import { Exception } from "./server.js";
 import { v4 as uuidv4 } from "uuid";
 import validator from "validator";
 /* HELPERS */
@@ -597,26 +598,36 @@ export const Resource = {
                 if (env === "development")
                     path = path.replace("account", "");
             }
-            if (path.startsWith("fgc")) {
+            if (path.startsWith("sessions")) {
                 port = 5178;
                 if (env === "development")
-                    path = path.replace("fgc", "");
+                    path = path.replace("sessions", "");
             }
-            if (path.startsWith("commerce")) {
+            if (path.startsWith("competitions")) {
                 port = 5179;
+                if (env === "development")
+                    path = path.replace("competitions", "");
+            }
+            if (path.startsWith("commerce")) {
+                port = 5180;
                 if (env === "development")
                     path = path.replace("commerce", "");
             }
         }
         // Handle Lounges microservices
         if (microserviceGroup === "lounges") {
-            if (path.startsWith("branches")) {
+            if (path.startsWith("account")) {
                 port = 5181;
                 if (env === "development")
-                    path = path.replace("branches", "");
+                    path = path.replace("account", "");
+            }
+            if (path.startsWith("operations")) {
+                port = 5182;
+                if (env === "development")
+                    path = path.replace("operations", "");
             }
             if (path.startsWith("staff")) {
-                port = 5182;
+                port = 5183;
                 if (env === "development")
                     path = path.replace("staff", "");
             }
@@ -628,18 +639,13 @@ export const Resource = {
                 if (env === "development")
                     path = path.replace("compliance", "");
             }
-            if (path.startsWith("competitions")) {
-                port = 5177;
-                if (env === "development")
-                    path = path.replace("competitions", "");
-            }
             if (path.startsWith("commerce")) {
-                port = 5180;
+                port = 5184;
                 if (env === "development")
                     path = path.replace("commerce", "");
             }
             if (path.startsWith("staff")) {
-                port = 5183;
+                port = 5185;
                 if (env === "development")
                     path = path.replace("staff", "");
             }
@@ -651,6 +657,39 @@ export const Resource = {
                 : `http://127.0.0.1:${port}${path || ""}`
         };
     },
+    /**
+     * Processes a redirect URI and returns a validated, safe redirect URL. Callers in SvelteKit can pass `dev` from `$app/environment`.
+     * @param uri - The URI to process (e.g. `players:competitions/leagues`)
+     * @param dev - Whether the environment is development/test; defaults to `false`
+     * @returns An object with the safe redirect `url`, or an `error` if the URI or URL is invalid or unsafe
+     */
+    getSafeRedirectUrl: (uri, dev = false) => {
+        const { url, error } = Resource.getRedirectUrl(uri, dev ? "development" : "production");
+        if (error)
+            return {
+                error: Exception.customError(error.code ?? 400, error.message ?? "Redirect URI is invalid.")
+            };
+        if (!url || !Resource.validateRedirectUrl(url, dev))
+            return { error: Exception.customError(400, "Redirect URL is invalid or unsafe.") };
+        return { url };
+    },
+    /**
+     * Returns whether the given URL points to a local Supabase instance (localhost or 127.0.0.1, any port).
+     * Use for cookie domain, redirects, and MSW so non-default local ports (e.g. 54621) behave like default (54321).
+     * @param url - Supabase API URL (e.g. PUBLIC_SUPABASE_URL)
+     * @returns `true` if the URL host is localhost or 127.0.0.1, `false` otherwise
+     */
+    isLocalSupabase: (url) => {
+        if (!url || typeof url !== "string")
+            return false;
+        try {
+            const host = new URL(url).hostname;
+            return host === "localhost" || host === "127.0.0.1";
+        }
+        catch {
+            return false;
+        }
+    },
     /**
      * Parses a resource request and returns the URL and path.
      * @param request - The request to parse.
@@ -760,5 +799,26 @@ export const Resource = {
         };
         // Return data
         return { address };
+    },
+    /**
+     * Validates that a redirect URL is safe and allowed. Callers in SvelteKit can pass `dev` from `$app/environment`.
+     * @param url - The URL to validate
+     * @param dev - Whether the environment is development/test. Defaults to `false`
+     * @returns `true` if the URL is safe, `false` otherwise
+     */
+    validateRedirectUrl: (url, dev = false) => {
+        try {
+            const parsedUrl = new URL(url);
+            if (!dev && parsedUrl.protocol !== "https:")
+                return false;
+            if (dev && parsedUrl.hostname === "127.0.0.1")
+                return true;
+            if (!parsedUrl.hostname.endsWith(".koloseum.ke") && parsedUrl.hostname !== "koloseum.ke")
+                return false;
+            return true;
+        }
+        catch {
+            return false;
+        }
     }
 };

package/dist/server.js

@@ -36,7 +36,7 @@ export const Instance = {
                                 const errorData = await error.context.json();
                                 message = errorData.message || message;
                                 // Assign attempt ID to context if present
-                                if (path.includes("verify-id") && errorData.attemptId)
+                                if ((path.includes("verify-id") || path.includes("smile-id")) && errorData.attemptId)
                                     context.attemptId = errorData.attemptId;
                             }
                             catch (jsonError) {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@koloseum/utils",
-	"version": "0.3.0",
+	"version": "0.3.1",
 	"author": "Koloseum Technologies Limited",
 	"type": "module",
 	"description": "Utility logic for use across Koloseum web apps (TypeScript)",