@plasius/schema 1.0.18 → 1.1.1

package/src/validation/phone.E.164.ts

@@ -1,9 +0,0 @@
-/**
- *  Validates a phone number string in strict E.164 format.
- *  Returns true for strings like "+441632960960" (max 15 digits, starting with a '+').
- */
-export const validatePhone = (value: unknown): boolean => {
-  if (typeof value !== "string") return false;
-  const phoneRegex = /^\+[1-9]\d{1,14}$/; // E.164 format
-  return phoneRegex.test(value);
-};

package/src/validation/richtext.OWASP.ts

@@ -1,34 +0,0 @@
-/**
- * Validates rich text input to ensure it contains only safe HTML/Markdown.
- * Global Standard: OWASP HTML Sanitization Guidelines (2024).
- * This validator checks for dangerous patterns — does not sanitize — assumes text will be sanitized downstream.
- */
-export function validateRichText(value: unknown): boolean {
-  if (typeof value !== "string") return false;
-  const trimmed = value.trim();
-  if (trimmed.length === 0) return true; // Allow empty rich text
-
-  // Reject known dangerous tags
-  if (
-    /<(script|iframe|object|embed|style|link|meta|base|form|input|button|textarea|select)\b/i.test(
-      trimmed
-    )
-  ) {
-    return false;
-  }
-
-  // Reject javascript: links
-  if (/javascript:/i.test(trimmed)) {
-    return false;
-  }
-
-  // Reject event handlers (onload, onclick, etc)
-  if (/on\w+=["']?/i.test(trimmed)) {
-    return false;
-  }
-
-  // Optionally: limit max length (e.g. 10,000 chars)
-  if (trimmed.length > 10000) return false;
-
-  return true;
-}

package/src/validation/url.WHATWG.ts

@@ -1,16 +0,0 @@
-/**
- * Validates a URL string using the WHATWG URL API.
- * Accepts only 'http' or 'https' protocols.
- * Returns true if the URL is syntactically valid.
- */
-export const validateUrl = (value: unknown): boolean => {
-  if (typeof value !== "string") return false;
-  try {
-    const url = new URL(value);
-    // Enforce scheme:
-    if (url.protocol !== "http:" && url.protocol !== "https:") return false;
-    return true;
-  } catch {
-    return false;
-  }
-};

package/src/validation/user.MS-GOOGLE-APPLE.ts

@@ -1,31 +0,0 @@
-/**
- * Validates that a user ID is a valid `sub` from one of the supported identity providers.
- * Global Standard: OpenID Connect Core 1.0 `sub` claim.
- */
-export function validateUserId(value: unknown): boolean {
-  if (typeof value !== "string") return false;
-
-  const trimmed = value.trim();
-  if (trimmed.length === 0) return false;
-
-  // Google: all digits
-  const googlePattern = /^\d{21,22}$/;
-
-  // Microsoft: UUID v4
-  const microsoftPattern =
-    /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
-
-  // Apple: opaque, usually UUID but allow any printable string up to 255 chars
-  const applePattern = /^[\w\-.]{6,255}$/; // Alphanumeric + - . _ (common safe characters)
-
-  return (
-    googlePattern.test(trimmed) ||
-    microsoftPattern.test(trimmed) ||
-    applePattern.test(trimmed)
-  );
-}
-
-export function validateUserIdArray(value: unknown): boolean {
-  if (!Array.isArray(value)) return false;
-  return value.every(validateUserId);
-}

package/src/validation/uuid.RFC4122.ts

@@ -1,10 +0,0 @@
-/** 
- * Validates a string against the RFC 4122 format for UUIDs. 
- * Matches UUIDs of versions 1 to 5, e.g., "123e4567-e89b-12d3-a456-426614174000".
- */ 
-export const validateUUID = (value: unknown): boolean => {
-  if (typeof value !== "string") return false;
-  const uuidRegex =
-    /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
-  return uuidRegex.test(value);
-};

package/src/validation/version.SEMVER2.0.0.ts

@@ -1,8 +0,0 @@
-/**
- * Validates that a version string conforms to Semantic Versioning (SemVer 2.0.0).
- * Global Standard: https://semver.org/
- */
-export function validateSemVer(value: unknown): boolean {
-  if (typeof value !== "string") return false;
-  return /^(\d+)\.(\d+)\.(\d+)$/.test(value);
-}

package/tests/pii.test.ts

@@ -1,139 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { createSchema } from "../src/schema.js";
-import { field } from "../src/field.js";
-import { expectValid, expectInvalid } from "./test-utils.js";
-
-// --- PII: sanitizeForLog should clean output correctly ---
-describe("PII log sanitization", () => {
-  const LogSchema = createSchema(
-    {
-      email: field.string().PID({
-        classification: "high",
-        action: "encrypt",
-        logHandling: "redact",
-        purpose: "user contact",
-      }),
-      sessionId: field.string().PID({
-        classification: "low",
-        action: "hash",
-        logHandling: "pseudonym",
-        purpose: "session correlation",
-      }),
-      nickname: field.string().PID({
-        classification: "none",
-        action: "none",
-        logHandling: "plain",
-      }),
-      internalNote: field.string().PID({
-        classification: "low",
-        action: "clear",
-        logHandling: "omit",
-        purpose: "ops-only",
-      }),
-    },
-    "LogSchema",
-    { version: "1.0", piiEnforcement: "strict" }
-  );
-
-  it("should redact, pseudonymize, pass-through, and omit according to logHandling", () => {
-    const input = {
-      email: "a@b.com",
-      sessionId: "abc123",
-      nickname: "phil",
-      internalNote: "sensitive",
-      other: "visible-but-not-in-shape",
-    } as const;
-
-    const pseudo = (v: any) => `pseudo(${String(v).length})`;
-    const out = LogSchema.sanitizeForLog(input as any, pseudo);
-
-    // redact
-    expect(out.email).toBe("[REDACTED]");
-    // pseudonym
-    expect(out.sessionId).toBe("pseudo(6)");
-    // plain
-    expect(out.nickname).toBe("phil");
-    // omitted entirely
-    expect(Object.prototype.hasOwnProperty.call(out, "internalNote")).toBe(
-      false
-    );
-    // unknown fields are not included (shape-driven)
-    expect(Object.prototype.hasOwnProperty.call(out, "other")).toBe(false);
-
-    // ensure no storage artifacts leak into logs
-    expect(Object.keys(out).some((k) => k.endsWith("Encrypted"))).toBe(false);
-    expect(Object.keys(out).some((k) => k.endsWith("Hash"))).toBe(false);
-  });
-
-  it("should handle missing optional fields by simply excluding them from sanitized output", () => {
-    const minimal = { email: "x@y.com", sessionId: "id" } as const;
-    const out = LogSchema.sanitizeForLog(minimal as any, (v) => `p(${v})`);
-    expect(out.email).toBe("[REDACTED]");
-    expect(out.sessionId).toBe("p(id)");
-    // nickname/internalNote omitted if not present
-    expect(out.nickname).toBe(undefined);
-    expect(Object.prototype.hasOwnProperty.call(out, "internalNote")).toBe(
-      false
-    );
-  });
-
-  // --- PII: auditing of shape metadata ---
-  describe("PII auditing", () => {
-    it("getPiiAudit should include only fields with classification !== 'none' and capture action/logHandling/purpose", () => {
-      const audit = LogSchema.getPiiAudit();
-      expect(audit).toEqual([
-        {
-          field: "email",
-          classification: "high",
-          action: "encrypt",
-          logHandling: "redact",
-          purpose: "user contact",
-        },
-        {
-          field: "sessionId",
-          classification: "low",
-          action: "hash",
-          logHandling: "pseudonym",
-          purpose: "session correlation",
-        },
-        {
-          field: "internalNote",
-          classification: "low",
-          action: "clear",
-          logHandling: "omit",
-          purpose: "ops-only",
-        },
-      ]);
-    });
-
-    it("getPiiAudit should not include fields with classification 'none' (e.g., nickname)", () => {
-      const audit = LogSchema.getPiiAudit();
-      const fields = audit?.map((a) => a.field);
-      expect(fields?.includes("nickname")).toBe(false);
-      expect(fields).toEqual(["email", "sessionId", "internalNote"]);
-    });
-
-    it("audit content should be independent of enforcement mode", () => {
-      const AltSchema = createSchema(
-        {
-          email: field.string().PID({
-            classification: "high",
-            action: "encrypt",
-            logHandling: "redact",
-          }),
-        },
-        "Alt",
-        { version: "1.0", piiEnforcement: "none" }
-      );
-      expect(AltSchema.getPiiAudit()).toEqual([
-        {
-          field: "email",
-          classification: "high",
-          action: "encrypt",
-          logHandling: "redact",
-          purpose: undefined,
-        },
-      ]);
-    });
-  });
-});