@plyaz/db 0.0.0

package/dist/repository/BaseRepository.d.ts

@@ -0,0 +1,209 @@
+/**
+ * @fileoverview Base Repository for @plyaz/db package
+ *
+ * This module provides the BaseRepository abstract class that serves as the foundation
+ * for all domain-specific repositories in the @plyaz/db package. It provides type-safe
+ * CRUD operations and consistent interface patterns.
+ *
+ */
+import type { DatabaseResult, PaginatedResult, QueryOptions, Filter, DatabaseServiceType } from "@plyaz/types/db";
+/**
+ * BASE REPOSITORY - Repository Layer Foundation
+ *
+ * Base repository providing common CRUD operations for domain entities.
+ * All domain-specific repositories extend this class for type-safe database operations.
+ *
+ * **Application Flow Position:**
+ * Service Layer � **Repository Layer** � DatabaseService � Adapter Chain
+ *
+ * **What this class provides:**
+ * - Type-safe CRUD operations for domain entities
+ * - Consistent interface across all repositories
+ * - Delegation to DatabaseService with proper table mapping
+ * - Foundation for domain-specific repository methods
+ *
+ * **Called by:** Service layer (UserService, OrderService, etc.)
+ * **Calls:** DatabaseService methods (get, create, update, delete, etc.)
+ * **Extended by:** Domain repositories (UserRepository, OrderRepository, etc.)
+ *
+ * @template T The entity type this repository manages
+ *
+ * @example
+ * ### Creating a Domain Repository
+ * ```typescript
+ * interface User {
+ *   id: string;
+ *   name: string;
+ *   email: string;
+ *   createdAt: Date;
+ * }
+ *
+ * class UserRepository extends BaseRepository<User> {
+ *   constructor(db: IDatabaseService) {
+ *     super(db, Tables.USERS);
+ *   }
+ *
+ *   // Domain-specific methods
+ *   async findByEmail(email: string) {
+ *     return this.db.query(this.tableName, {
+ *       filter: { field: 'email', operator: 'eq', value: email }
+ *     });
+ *   }
+ * }
+ * ```
+ *
+ * @example
+ * ### Usage in Service Layer
+ * ```typescript
+ * class UserService {
+ *   constructor(private userRepo: UserRepository) {}
+ *
+ *   async getUserById(id: string) {
+ *     // Calls BaseRepository.findById() � DatabaseService.get()
+ *     return this.userRepo.findById(id);
+ *   }
+ * }
+ * ```
+ */
+export declare abstract class BaseRepository<T> {
+    protected readonly db: DatabaseServiceType;
+    protected readonly tableName: string;
+    constructor(db: DatabaseServiceType, tableName: string);
+    /**
+     * Find a single entity by its primary key ID
+     *
+     * @param {string} id - The primary key ID of the entity to retrieve
+     * @returns {Promise<DatabaseResult<T | null>>} Promise resolving to the entity or null if not found
+     *
+     * @example
+     * ```typescript
+     * const result = await userRepository.findById('user-123');
+     * if (result.success && result.value) {
+     *   console.log('Found user:', result.value.name);
+     * }
+     * ```
+     */
+    findById(id: string): Promise<DatabaseResult<T | null>>;
+    /**
+     * Find multiple entities with optional filtering, sorting, and pagination
+     *
+     * @param {QueryOptions} [options] - Optional query configuration
+     * @returns {Promise<DatabaseResult<PaginatedResult<T>>>} Promise resolving to paginated results
+     *
+     * @example
+     * ```typescript
+     * const result = await userRepository.findMany({
+     *   filter: { field: 'status', operator: 'eq', value: 'active' },
+     *   sort: [{ field: 'createdAt', direction: 'desc' }],
+     *   pagination: { limit: 20, offset: 0 }
+     * });
+     * ```
+     */
+    findMany(options?: QueryOptions): Promise<DatabaseResult<PaginatedResult<T>>>;
+    /**
+     * Create a new entity in the database
+     *
+     * @param {T} data - The entity data to create
+     * @returns {Promise<DatabaseResult<T>>} Promise resolving to the created entity
+     *
+     * @example
+     * ```typescript
+     * const result = await userRepository.create({
+     *   name: 'John Doe',
+     *   email: 'john@example.com'
+     * });
+     * ```
+     */
+    create(data: T): Promise<DatabaseResult<T>>;
+    /**
+     * Update an existing entity by ID
+     *
+     * @param {string} id - The primary key ID of the entity to update
+     * @param {Partial<T>} data - Partial entity data containing fields to update
+     * @returns {Promise<DatabaseResult<T>>} Promise resolving to the updated entity
+     *
+     * @example
+     * ```typescript
+     * const result = await userRepository.update('user-123', {
+     *   email: 'newemail@example.com',
+     *   updatedAt: new Date()
+     * });
+     * ```
+     */
+    update(id: string, data: Partial<T>): Promise<DatabaseResult<T>>;
+    /**
+     * Delete an entity by ID (hard delete)
+     *
+     * @param {string} id - The primary key ID of the entity to delete
+     * @returns {Promise<DatabaseResult<void>>} Promise resolving when deletion is complete
+     *
+     * @warning This is a permanent operation that cannot be undone
+     * @see {@link softDelete} For recoverable deletion
+     *
+     * @example
+     * ```typescript
+     * const result = await userRepository.delete('user-123');
+     * ```
+     */
+    delete(id: string): Promise<DatabaseResult<void>>;
+    /**
+     * Count entities matching optional filter criteria
+     *
+     * @param {Filter} [filter] - Optional filter conditions
+     * @returns {Promise<DatabaseResult<number>>} Promise resolving to the count
+     *
+     * @example
+     * ```typescript
+     * const totalResult = await userRepository.count();
+     * const activeResult = await userRepository.count({
+     *   field: 'status', operator: 'eq', value: 'active'
+     * });
+     * ```
+     */
+    count(filter?: Filter): Promise<DatabaseResult<number>>;
+    /**
+     * Check if an entity exists by ID
+     *
+     * @param {string} id - The primary key ID to check
+     * @returns {Promise<DatabaseResult<boolean>>} Promise resolving to existence status
+     *
+     * @example
+     * ```typescript
+     * const existsResult = await userRepository.exists('user-123');
+     * if (existsResult.success && existsResult.value) {
+     *   console.log('User exists');
+     * }
+     * ```
+     */
+    exists(id: string): Promise<DatabaseResult<boolean>>;
+    /**
+     * Find the first entity matching filter criteria
+     *
+     * @param {Filter} filter - Filter conditions to match
+     * @returns {Promise<DatabaseResult<T | null>>} Promise resolving to first match or null
+     *
+     * @example
+     * ```typescript
+     * const result = await userRepository.findOne({
+     *   field: 'email', operator: 'eq', value: 'john@example.com'
+     * });
+     * ```
+     */
+    findOne(filter: Filter): Promise<DatabaseResult<T | null>>;
+    /**
+     * Soft delete an entity by ID (recoverable deletion)
+     *
+     * @param {string} id - The primary key ID of the entity to soft delete
+     * @returns {Promise<DatabaseResult<void>>} Promise resolving when soft deletion is complete
+     *
+     * @see {@link delete} For permanent deletion
+     *
+     * @example
+     * ```typescript
+     * const result = await userRepository.softDelete('user-123');
+     * // User is hidden but can be recovered
+     * ```
+     */
+    softDelete(id: string): Promise<DatabaseResult<void>>;
+}
+//# sourceMappingURL=BaseRepository.d.ts.map

package/dist/repository/BaseRepository.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BaseRepository.d.ts","sourceRoot":"","sources":["../../src/repository/BaseRepository.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,eAAe,EACf,YAAY,EACZ,MAAM,EACN,mBAAmB,EACpB,MAAM,iBAAiB,CAAC;AAEzB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyDG;AACH,8BAAsB,cAAc,CAAC,CAAC;IAIlC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,mBAAmB;IAC1C,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM;gBADjB,EAAE,EAAE,mBAAmB,EACvB,SAAS,EAAE,MAAM;IAGtC;;;;;;;;;;;;;OAaG;IACG,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAI7D;;;;;;;;;;;;;;OAcG;IACG,QAAQ,CACZ,OAAO,CAAC,EAAE,YAAY,GACrB,OAAO,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IAI9C;;;;;;;;;;;;;OAaG;IACG,MAAM,CAAC,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;IAIjD;;;;;;;;;;;;;;OAcG;IACG,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;IAItE;;;;;;;;;;;;;OAaG;IACG,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IAIvD;;;;;;;;;;;;;OAaG;IACG,KAAK,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAI7D;;;;;;;;;;;;;OAaG;IACG,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IAI1D;;;;;;;;;;;;OAYG;IACG,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAIhE;;;;;;;;;;;;;OAaG;IACG,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;CAG5D"}

package/dist/repository/index.d.ts

@@ -0,0 +1,80 @@
+/**
+ * @fileoverview Repository Pattern Implementation for Database Operations
+ *
+ * Provides the `BaseRepository` class, which implements the Repository pattern
+ * to achieve a clean separation between domain logic and data access.
+ * This abstraction ensures consistent, testable, and maintainable database interaction
+ * across all entities and services.
+ *
+ * ---
+ *
+ * **Repository Pattern Benefits:**
+ * - **Separation of Concerns** → Domain logic isolated from persistence layer
+ * - **Testability** → Easy to mock repositories for unit testing
+ * - **Consistency** → Unified CRUD interface for all entities
+ * - **Type Safety** → Full TypeScript support with generics
+ * - **Extensibility** → Easily extendable for entity-specific operations
+ *
+ * ---
+ *
+ * **Application Flow Context:**
+ * ```
+ * Domain Layer → Repository Layer → Service Layer → Database
+ *      ↓               ↓                 ↓              ↓
+ *  UserService → UserRepository → DatabaseService → Adapters
+ *  OrderService → OrderRepository → CRUD Operations → PostgreSQL
+ * ```
+ *
+ * ---
+ *
+ * @example
+ * ```typescript
+ * // Define an entity-specific repository
+ * interface User {
+ *   id: string;
+ *   name: string;
+ *   email: string;
+ *   status: 'active' | 'inactive';
+ * }
+ *
+ * class UserRepository extends BaseRepository<User> {
+ *   constructor(db: IDatabaseService) {
+ *     super(db, Tables.USERS);
+ *   }
+ *
+ *   // Add entity-specific methods
+ *   async findByEmail(email: string): Promise<DatabaseResult<User | null>> {
+ *     const result = await this.findMany({
+ *       filter: { field: 'email', operator: 'eq', value: email }
+ *     });
+ *
+ *     if (result.success && result.value.data.length > 0) {
+ *       return success(result.value.data[0]);
+ *     }
+ *     return success();
+ *   }
+ *
+ *   async findActiveUsers(): Promise<DatabaseResult<PaginatedResult<User>>> {
+ *     return this.findMany({
+ *       filter: { field: 'status', operator: 'eq', value: 'active' }
+ *     });
+ *   }
+ * }
+ *
+ * // Example usage in a service layer
+ * class UserService {
+ *   constructor(private userRepo: UserRepository) {}
+ *
+ *   async createUser(userData: CreateInput<User>): Promise<User> {
+ *     const result = await this.userRepo.create(userData);
+ *     if (!result.success) {
+ *       throw new DatabaseError(`Failed to create user: ${result.error?.message}`, DATABASE_ERROR_CODES.INIT_FAILED);
+ *     }
+ *     return result.value;
+ *   }
+ * }
+ * ```
+ */
+/** Base repository class implementing the Repository pattern */
+export { BaseRepository } from "./BaseRepository";
+//# sourceMappingURL=index.d.ts.map

package/dist/repository/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/repository/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4EG;AAEH,gEAAgE;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/security/index.cjs

@@ -0,0 +1,118 @@
+'use strict';
+
+var common = require('@nestjs/common');
+var sanitizeHtml = require('sanitize-html');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var sanitizeHtml__default = /*#__PURE__*/_interopDefault(sanitizeHtml);
+
+// @plyaz package - Built with tsup
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (decorator(result)) || result;
+  return result;
+};
+
+// src/utils/typeGuards.ts
+function isString(value) {
+  return typeof value === "string";
+}
+__name(isString, "isString");
+function isObject(value) {
+  return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+__name(isObject, "isObject");
+
+// src/security/sanitizers/html.sanitizer.ts
+exports.SanitizeHtmlPipe = class SanitizeHtmlPipe {
+  /**
+   * Transforms and sanitizes the provided value.
+   * - Strings are sanitized using `sanitize-html`.
+   * - Arrays and objects are recursively sanitized.
+   * - Other primitive types (e.g., numbers, booleans) are returned as-is.
+   *
+   * @template T
+   * @param {T} value - The value to sanitize.
+   * @returns {string | Record<string, unknown> | unknown[]} - The sanitized value.
+   */
+  transform(value) {
+    if (isString(value)) {
+      return this.sanitizeString(value);
+    }
+    if (Array.isArray(value)) {
+      return value.map((v) => this.transform(v));
+    }
+    if (isObject(value)) {
+      const result = {};
+      for (const [key, val] of Object.entries(value)) {
+        result[key] = this.transform(val);
+      }
+      return result;
+    }
+    return value;
+  }
+  /**
+   * Sanitizes a single string by removing all HTML tags and attributes,
+   * allowing only safe URL schemes like `http`, `https`, and `mailto`.
+   *
+   * @param {string} str - The string to sanitize.
+   * @returns {string} - The sanitized string.
+   * @private
+   */
+  sanitizeString(str) {
+    return sanitizeHtml__default.default(str, {
+      allowedTags: [],
+      allowedAttributes: {},
+      allowedSchemes: ["http", "https", "mailto"]
+    });
+  }
+};
+__name(exports.SanitizeHtmlPipe, "SanitizeHtmlPipe");
+exports.SanitizeHtmlPipe = __decorateClass([
+  common.Injectable()
+], exports.SanitizeHtmlPipe);
+exports.DataValidationPipe = class DataValidationPipe {
+  /**
+   * Creates a new DataValidationPipe instance with the provided Zod schema.
+   *
+   * @param {ZodType} schema - The Zod schema used to validate sanitized data.
+   */
+  constructor(schema) {
+    this.schema = schema;
+  }
+  sanitizeHtmlPipe = new exports.SanitizeHtmlPipe();
+  /**
+   * Sanitizes and validates incoming data.
+   * - First, all string values are sanitized to remove unsafe HTML.
+   * - Then, the sanitized data is validated against the provided Zod schema.
+   *
+   * Throws a `BadRequestException` if validation fails.
+   *
+   * @param {unknown} value - The incoming value to sanitize and validate.
+   * @returns {unknown} - The sanitized and validated data.
+   * @throws {BadRequestException} - If validation fails.
+   */
+  transform(value) {
+    const sanitizedValue = this.sanitizeHtmlPipe.transform(value);
+    try {
+      return this.schema.parse(sanitizedValue);
+    } catch (error) {
+      if (error instanceof Error) {
+        throw new common.BadRequestException(`Validation failed: ${error.message}`);
+      }
+      throw new common.BadRequestException(`Invalid request data.`);
+    }
+  }
+};
+__name(exports.DataValidationPipe, "DataValidationPipe");
+exports.DataValidationPipe = __decorateClass([
+  common.Injectable()
+], exports.DataValidationPipe);
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/security/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/typeGuards.ts","../../src/security/sanitizers/html.sanitizer.ts","../../src/security/serializers/DataValidation.ts"],"names":["SanitizeHtmlPipe","sanitizeHtml","Injectable","DataValidationPipe","BadRequestException"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAyBO,SAAS,SAAS,KAAA,EAAiC;AACxD,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA;AAC1B;AAFgB,MAAA,CAAA,QAAA,EAAA,UAAA,CAAA;AAwCT,SAAS,SAAS,KAAA,EAAiC;AACxD,EAAA,OAAO,KAAA,KAAU,QAAQ,OAAO,KAAA,KAAU,YAAY,CAAC,KAAA,CAAM,QAAQ,KAAK,CAAA;AAC5E;AAFgB,MAAA,CAAA,QAAA,EAAA,UAAA,CAAA;;;ACrDHA,2BAAN,sBAAA,CAAgD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWrD,UAAa,KAAA,EAAwD;AACnE,IAAA,IAAI,QAAA,CAAS,KAAK,CAAA,EAAG;AACnB,MAAA,OAAO,IAAA,CAAK,eAAe,KAAK,CAAA;AAAA,IAClC;AAEA,IAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACxB,MAAA,OAAO,MAAM,GAAA,CAAI,CAAC,MAAM,IAAA,CAAK,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,IAC3C;AAEA,IAAA,IAAI,QAAA,CAAS,KAAK,CAAA,EAAG;AACnB,MAAA,MAAM,SAAkC,EAAC;AACzC,MAAA,KAAA,MAAW,CAAC,GAAA,EAAK,GAAG,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC9C,QAAA,MAAA,CAAO,GAAG,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,GAAG,CAAA;AAAA,MAClC;AACA,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUQ,eAAe,GAAA,EAAqB;AAC1C,IAAA,OAAOC,8BAAa,GAAA,EAAK;AAAA,MACvB,aAAa,EAAC;AAAA,MACd,mBAAmB,EAAC;AAAA,MACpB,cAAA,EAAgB,CAAC,MAAA,EAAQ,OAAA,EAAS,QAAQ;AAAA,KAC3C,CAAA;AAAA,EACH;AACF;AA9CuD,MAAA,CAAAD,wBAAA,EAAA,kBAAA,CAAA;AAA1CA,wBAAA,GAAN,eAAA,CAAA;AAAA,EADNE,iBAAA;AAAW,CAAA,EACCF,wBAAA,CAAA;ACEAG,6BAAN,wBAAA,CAAkD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQvD,YAAoB,MAAA,EAAiB;AAAjB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAkB;AAAA,EAPrB,gBAAA,GAAmB,IAAIH,wBAAA,EAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBzD,UAAU,KAAA,EAAyB;AACjC,IAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,gBAAA,CAAiB,SAAA,CAAU,KAAK,CAAA;AAE5D,IAAA,IAAI;AACF,MAAA,OAAO,IAAA,CAAK,MAAA,CAAO,KAAA,CAAM,cAAc,CAAA;AAAA,IACzC,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,QAAA,MAAM,IAAII,0BAAA,CAAoB,CAAA,mBAAA,EAAsB,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,MACrE;AACA,MAAA,MAAM,IAAIA,2BAAoB,CAAA,qBAAA,CAAuB,CAAA;AAAA,IACvD;AAAA,EACF;AACF;AAjCyD,MAAA,CAAAD,0BAAA,EAAA,oBAAA,CAAA;AAA5CA,0BAAA,GAAN,eAAA,CAAA;AAAA,EADND,iBAAAA;AAAW,CAAA,EACCC,0BAAA,CAAA","file":"index.cjs","sourcesContent":["/**\n * @fileoverview Type Guard Utilities for @plyaz/db package\n *\n * This module provides type guard functions for runtime type checking throughout\n * the @plyaz/db package. These utilities replace direct typeof checks with\n * consistent, reusable type validation functions.\n *\n */\n\n/**\n * Type guard to check if a value is a string\n *\n * @param {unknown} value - The value to check\n * @returns {value is string} True if value is a string, false otherwise\n *\n * @example\n * ```typescript\n * import { isString } from '@plyaz/db/utils';\n *\n * if (isString(userInput)) {\n *   // userInput is now typed as string\n *   console.log(userInput.toLowerCase());\n * }\n * ```\n */\nexport function isString(value: unknown): value is string {\n  return typeof value === \"string\";\n}\n\n/**\n * Type guard to check if a value is a non-empty string\n *\n * @param {unknown} value - The value to check\n * @returns {value is string} True if value is a non-empty string, false otherwise\n *\n * @example\n * ```typescript\n * import { isNonEmptyString } from '@plyaz/db/utils';\n *\n * if (isNonEmptyString(tableName)) {\n *   // tableName is guaranteed to be a non-empty string\n *   const query = `SELECT * FROM ${tableName}`;\n * }\n * ```\n */\nexport function isNonEmptyString(value: unknown): value is string {\n  return isString(value) && value.length > 0;\n}\n\n/**\n * Type guard to check if a value is a number\n *\n * @param {unknown} value - The value to check\n * @returns {value is number} True if value is a number, false otherwise\n */\nexport function isNumber(value: unknown): value is number {\n  return typeof value === \"number\";\n}\n\n/**\n * Type guard to check if a value is an object (not null, not array)\n *\n * @param {unknown} value - The value to check\n * @returns {value is object} True if value is an object, false otherwise\n */\nexport function isObject(value: unknown): value is object {\n  return value !== null && typeof value === \"object\" && !Array.isArray(value);\n}\n","import { PipeTransform, Injectable } from \"@nestjs/common\";\nimport sanitizeHtml from \"sanitize-html\";\nimport { isString, isObject } from \"@utils/typeGuards\";\n\n/**\n * A NestJS pipe that recursively sanitizes input data to remove any potentially unsafe HTML.\n *\n * This pipe can handle strings, arrays, and objects. It ensures that\n * all string values within the provided data are sanitized using the `sanitize-html` library.\n *\n */\n@Injectable()\nexport class SanitizeHtmlPipe implements PipeTransform {\n  /**\n   * Transforms and sanitizes the provided value.\n   * - Strings are sanitized using `sanitize-html`.\n   * - Arrays and objects are recursively sanitized.\n   * - Other primitive types (e.g., numbers, booleans) are returned as-is.\n   *\n   * @template T\n   * @param {T} value - The value to sanitize.\n   * @returns {string | Record<string, unknown> | unknown[]} - The sanitized value.\n   */\n  transform<T>(value: T): string | Record<string, unknown> | unknown[] {\n    if (isString(value)) {\n      return this.sanitizeString(value);\n    }\n\n    if (Array.isArray(value)) {\n      return value.map((v) => this.transform(v));\n    }\n\n    if (isObject(value)) {\n      const result: Record<string, unknown> = {};\n      for (const [key, val] of Object.entries(value)) {\n        result[key] = this.transform(val);\n      }\n      return result;\n    }\n\n    return value as unknown[];\n  }\n\n  /**\n   * Sanitizes a single string by removing all HTML tags and attributes,\n   * allowing only safe URL schemes like `http`, `https`, and `mailto`.\n   *\n   * @param {string} str - The string to sanitize.\n   * @returns {string} - The sanitized string.\n   * @private\n   */\n  private sanitizeString(str: string): string {\n    return sanitizeHtml(str, {\n      allowedTags: [],\n      allowedAttributes: {},\n      allowedSchemes: [\"http\", \"https\", \"mailto\"],\n    });\n  }\n}\n","import { BadRequestException, Injectable, PipeTransform } from \"@nestjs/common\";\nimport { ZodType } from \"zod\";\nimport { SanitizeHtmlPipe } from \"../sanitizers/html.sanitizer\";\n\n/**\n * A NestJS pipe that combines input sanitization and validation.\n *\n * This pipe first sanitizes incoming data using {@link SanitizeHtmlPipe}\n * to remove any potentially unsafe HTML, and then validates the sanitized\n * data using a provided Zod schema.\n *\n * If validation fails, a `BadRequestException` is thrown.\n */\n@Injectable()\nexport class DataValidationPipe implements PipeTransform {\n  private readonly sanitizeHtmlPipe = new SanitizeHtmlPipe();\n\n  /**\n   * Creates a new DataValidationPipe instance with the provided Zod schema.\n   *\n   * @param {ZodType} schema - The Zod schema used to validate sanitized data.\n   */\n  constructor(private schema: ZodType) {}\n\n  /**\n   * Sanitizes and validates incoming data.\n   * - First, all string values are sanitized to remove unsafe HTML.\n   * - Then, the sanitized data is validated against the provided Zod schema.\n   *\n   * Throws a `BadRequestException` if validation fails.\n   *\n   * @param {unknown} value - The incoming value to sanitize and validate.\n   * @returns {unknown} - The sanitized and validated data.\n   * @throws {BadRequestException} - If validation fails.\n   */\n  transform(value: unknown): unknown {\n    const sanitizedValue = this.sanitizeHtmlPipe.transform(value);\n\n    try {\n      return this.schema.parse(sanitizedValue);\n    } catch (error) {\n      if (error instanceof Error) {\n        throw new BadRequestException(`Validation failed: ${error.message}`);\n      }\n      throw new BadRequestException(`Invalid request data.`);\n    }\n  }\n}\n"]}

package/dist/security/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./sanitizers/html.sanitizer";
+export * from "./serializers/DataValidation";
+//# sourceMappingURL=index.d.ts.map

package/dist/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,cAAc,6BAA6B,CAAC;AAC5C,cAAc,8BAA8B,CAAC"}

package/dist/security/index.mjs

@@ -0,0 +1,114 @@
+import { Injectable, BadRequestException } from '@nestjs/common';
+import sanitizeHtml from 'sanitize-html';
+
+// @plyaz package - Built with tsup
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (decorator(result)) || result;
+  return result;
+};
+
+// src/utils/typeGuards.ts
+function isString(value) {
+  return typeof value === "string";
+}
+__name(isString, "isString");
+function isObject(value) {
+  return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+__name(isObject, "isObject");
+
+// src/security/sanitizers/html.sanitizer.ts
+var SanitizeHtmlPipe = class {
+  /**
+   * Transforms and sanitizes the provided value.
+   * - Strings are sanitized using `sanitize-html`.
+   * - Arrays and objects are recursively sanitized.
+   * - Other primitive types (e.g., numbers, booleans) are returned as-is.
+   *
+   * @template T
+   * @param {T} value - The value to sanitize.
+   * @returns {string | Record<string, unknown> | unknown[]} - The sanitized value.
+   */
+  transform(value) {
+    if (isString(value)) {
+      return this.sanitizeString(value);
+    }
+    if (Array.isArray(value)) {
+      return value.map((v) => this.transform(v));
+    }
+    if (isObject(value)) {
+      const result = {};
+      for (const [key, val] of Object.entries(value)) {
+        result[key] = this.transform(val);
+      }
+      return result;
+    }
+    return value;
+  }
+  /**
+   * Sanitizes a single string by removing all HTML tags and attributes,
+   * allowing only safe URL schemes like `http`, `https`, and `mailto`.
+   *
+   * @param {string} str - The string to sanitize.
+   * @returns {string} - The sanitized string.
+   * @private
+   */
+  sanitizeString(str) {
+    return sanitizeHtml(str, {
+      allowedTags: [],
+      allowedAttributes: {},
+      allowedSchemes: ["http", "https", "mailto"]
+    });
+  }
+};
+__name(SanitizeHtmlPipe, "SanitizeHtmlPipe");
+SanitizeHtmlPipe = __decorateClass([
+  Injectable()
+], SanitizeHtmlPipe);
+var DataValidationPipe = class {
+  /**
+   * Creates a new DataValidationPipe instance with the provided Zod schema.
+   *
+   * @param {ZodType} schema - The Zod schema used to validate sanitized data.
+   */
+  constructor(schema) {
+    this.schema = schema;
+  }
+  sanitizeHtmlPipe = new SanitizeHtmlPipe();
+  /**
+   * Sanitizes and validates incoming data.
+   * - First, all string values are sanitized to remove unsafe HTML.
+   * - Then, the sanitized data is validated against the provided Zod schema.
+   *
+   * Throws a `BadRequestException` if validation fails.
+   *
+   * @param {unknown} value - The incoming value to sanitize and validate.
+   * @returns {unknown} - The sanitized and validated data.
+   * @throws {BadRequestException} - If validation fails.
+   */
+  transform(value) {
+    const sanitizedValue = this.sanitizeHtmlPipe.transform(value);
+    try {
+      return this.schema.parse(sanitizedValue);
+    } catch (error) {
+      if (error instanceof Error) {
+        throw new BadRequestException(`Validation failed: ${error.message}`);
+      }
+      throw new BadRequestException(`Invalid request data.`);
+    }
+  }
+};
+__name(DataValidationPipe, "DataValidationPipe");
+DataValidationPipe = __decorateClass([
+  Injectable()
+], DataValidationPipe);
+
+export { DataValidationPipe, SanitizeHtmlPipe };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map

package/dist/security/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/typeGuards.ts","../../src/security/sanitizers/html.sanitizer.ts","../../src/security/serializers/DataValidation.ts"],"names":["Injectable"],"mappings":";;;;;;;;;;;;;;;;AAyBO,SAAS,SAAS,KAAA,EAAiC;AACxD,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA;AAC1B;AAFgB,MAAA,CAAA,QAAA,EAAA,UAAA,CAAA;AAwCT,SAAS,SAAS,KAAA,EAAiC;AACxD,EAAA,OAAO,KAAA,KAAU,QAAQ,OAAO,KAAA,KAAU,YAAY,CAAC,KAAA,CAAM,QAAQ,KAAK,CAAA;AAC5E;AAFgB,MAAA,CAAA,QAAA,EAAA,UAAA,CAAA;;;ACrDT,IAAM,mBAAN,MAAgD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWrD,UAAa,KAAA,EAAwD;AACnE,IAAA,IAAI,QAAA,CAAS,KAAK,CAAA,EAAG;AACnB,MAAA,OAAO,IAAA,CAAK,eAAe,KAAK,CAAA;AAAA,IAClC;AAEA,IAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACxB,MAAA,OAAO,MAAM,GAAA,CAAI,CAAC,MAAM,IAAA,CAAK,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,IAC3C;AAEA,IAAA,IAAI,QAAA,CAAS,KAAK,CAAA,EAAG;AACnB,MAAA,MAAM,SAAkC,EAAC;AACzC,MAAA,KAAA,MAAW,CAAC,GAAA,EAAK,GAAG,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC9C,QAAA,MAAA,CAAO,GAAG,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,GAAG,CAAA;AAAA,MAClC;AACA,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUQ,eAAe,GAAA,EAAqB;AAC1C,IAAA,OAAO,aAAa,GAAA,EAAK;AAAA,MACvB,aAAa,EAAC;AAAA,MACd,mBAAmB,EAAC;AAAA,MACpB,cAAA,EAAgB,CAAC,MAAA,EAAQ,OAAA,EAAS,QAAQ;AAAA,KAC3C,CAAA;AAAA,EACH;AACF;AA9CuD,MAAA,CAAA,gBAAA,EAAA,kBAAA,CAAA;AAA1C,gBAAA,GAAN,eAAA,CAAA;AAAA,EADN,UAAA;AAAW,CAAA,EACC,gBAAA,CAAA;ACEN,IAAM,qBAAN,MAAkD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQvD,YAAoB,MAAA,EAAiB;AAAjB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAkB;AAAA,EAPrB,gBAAA,GAAmB,IAAI,gBAAA,EAAiB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBzD,UAAU,KAAA,EAAyB;AACjC,IAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,gBAAA,CAAiB,SAAA,CAAU,KAAK,CAAA;AAE5D,IAAA,IAAI;AACF,MAAA,OAAO,IAAA,CAAK,MAAA,CAAO,KAAA,CAAM,cAAc,CAAA;AAAA,IACzC,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,QAAA,MAAM,IAAI,mBAAA,CAAoB,CAAA,mBAAA,EAAsB,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,MACrE;AACA,MAAA,MAAM,IAAI,oBAAoB,CAAA,qBAAA,CAAuB,CAAA;AAAA,IACvD;AAAA,EACF;AACF;AAjCyD,MAAA,CAAA,kBAAA,EAAA,oBAAA,CAAA;AAA5C,kBAAA,GAAN,eAAA,CAAA;AAAA,EADNA,UAAAA;AAAW,CAAA,EACC,kBAAA,CAAA","file":"index.mjs","sourcesContent":["/**\n * @fileoverview Type Guard Utilities for @plyaz/db package\n *\n * This module provides type guard functions for runtime type checking throughout\n * the @plyaz/db package. These utilities replace direct typeof checks with\n * consistent, reusable type validation functions.\n *\n */\n\n/**\n * Type guard to check if a value is a string\n *\n * @param {unknown} value - The value to check\n * @returns {value is string} True if value is a string, false otherwise\n *\n * @example\n * ```typescript\n * import { isString } from '@plyaz/db/utils';\n *\n * if (isString(userInput)) {\n *   // userInput is now typed as string\n *   console.log(userInput.toLowerCase());\n * }\n * ```\n */\nexport function isString(value: unknown): value is string {\n  return typeof value === \"string\";\n}\n\n/**\n * Type guard to check if a value is a non-empty string\n *\n * @param {unknown} value - The value to check\n * @returns {value is string} True if value is a non-empty string, false otherwise\n *\n * @example\n * ```typescript\n * import { isNonEmptyString } from '@plyaz/db/utils';\n *\n * if (isNonEmptyString(tableName)) {\n *   // tableName is guaranteed to be a non-empty string\n *   const query = `SELECT * FROM ${tableName}`;\n * }\n * ```\n */\nexport function isNonEmptyString(value: unknown): value is string {\n  return isString(value) && value.length > 0;\n}\n\n/**\n * Type guard to check if a value is a number\n *\n * @param {unknown} value - The value to check\n * @returns {value is number} True if value is a number, false otherwise\n */\nexport function isNumber(value: unknown): value is number {\n  return typeof value === \"number\";\n}\n\n/**\n * Type guard to check if a value is an object (not null, not array)\n *\n * @param {unknown} value - The value to check\n * @returns {value is object} True if value is an object, false otherwise\n */\nexport function isObject(value: unknown): value is object {\n  return value !== null && typeof value === \"object\" && !Array.isArray(value);\n}\n","import { PipeTransform, Injectable } from \"@nestjs/common\";\nimport sanitizeHtml from \"sanitize-html\";\nimport { isString, isObject } from \"@utils/typeGuards\";\n\n/**\n * A NestJS pipe that recursively sanitizes input data to remove any potentially unsafe HTML.\n *\n * This pipe can handle strings, arrays, and objects. It ensures that\n * all string values within the provided data are sanitized using the `sanitize-html` library.\n *\n */\n@Injectable()\nexport class SanitizeHtmlPipe implements PipeTransform {\n  /**\n   * Transforms and sanitizes the provided value.\n   * - Strings are sanitized using `sanitize-html`.\n   * - Arrays and objects are recursively sanitized.\n   * - Other primitive types (e.g., numbers, booleans) are returned as-is.\n   *\n   * @template T\n   * @param {T} value - The value to sanitize.\n   * @returns {string | Record<string, unknown> | unknown[]} - The sanitized value.\n   */\n  transform<T>(value: T): string | Record<string, unknown> | unknown[] {\n    if (isString(value)) {\n      return this.sanitizeString(value);\n    }\n\n    if (Array.isArray(value)) {\n      return value.map((v) => this.transform(v));\n    }\n\n    if (isObject(value)) {\n      const result: Record<string, unknown> = {};\n      for (const [key, val] of Object.entries(value)) {\n        result[key] = this.transform(val);\n      }\n      return result;\n    }\n\n    return value as unknown[];\n  }\n\n  /**\n   * Sanitizes a single string by removing all HTML tags and attributes,\n   * allowing only safe URL schemes like `http`, `https`, and `mailto`.\n   *\n   * @param {string} str - The string to sanitize.\n   * @returns {string} - The sanitized string.\n   * @private\n   */\n  private sanitizeString(str: string): string {\n    return sanitizeHtml(str, {\n      allowedTags: [],\n      allowedAttributes: {},\n      allowedSchemes: [\"http\", \"https\", \"mailto\"],\n    });\n  }\n}\n","import { BadRequestException, Injectable, PipeTransform } from \"@nestjs/common\";\nimport { ZodType } from \"zod\";\nimport { SanitizeHtmlPipe } from \"../sanitizers/html.sanitizer\";\n\n/**\n * A NestJS pipe that combines input sanitization and validation.\n *\n * This pipe first sanitizes incoming data using {@link SanitizeHtmlPipe}\n * to remove any potentially unsafe HTML, and then validates the sanitized\n * data using a provided Zod schema.\n *\n * If validation fails, a `BadRequestException` is thrown.\n */\n@Injectable()\nexport class DataValidationPipe implements PipeTransform {\n  private readonly sanitizeHtmlPipe = new SanitizeHtmlPipe();\n\n  /**\n   * Creates a new DataValidationPipe instance with the provided Zod schema.\n   *\n   * @param {ZodType} schema - The Zod schema used to validate sanitized data.\n   */\n  constructor(private schema: ZodType) {}\n\n  /**\n   * Sanitizes and validates incoming data.\n   * - First, all string values are sanitized to remove unsafe HTML.\n   * - Then, the sanitized data is validated against the provided Zod schema.\n   *\n   * Throws a `BadRequestException` if validation fails.\n   *\n   * @param {unknown} value - The incoming value to sanitize and validate.\n   * @returns {unknown} - The sanitized and validated data.\n   * @throws {BadRequestException} - If validation fails.\n   */\n  transform(value: unknown): unknown {\n    const sanitizedValue = this.sanitizeHtmlPipe.transform(value);\n\n    try {\n      return this.schema.parse(sanitizedValue);\n    } catch (error) {\n      if (error instanceof Error) {\n        throw new BadRequestException(`Validation failed: ${error.message}`);\n      }\n      throw new BadRequestException(`Invalid request data.`);\n    }\n  }\n}\n"]}

package/dist/security/sanitizers/html.sanitizer.d.ts

@@ -0,0 +1,31 @@
+import { PipeTransform } from "@nestjs/common";
+/**
+ * A NestJS pipe that recursively sanitizes input data to remove any potentially unsafe HTML.
+ *
+ * This pipe can handle strings, arrays, and objects. It ensures that
+ * all string values within the provided data are sanitized using the `sanitize-html` library.
+ *
+ */
+export declare class SanitizeHtmlPipe implements PipeTransform {
+    /**
+     * Transforms and sanitizes the provided value.
+     * - Strings are sanitized using `sanitize-html`.
+     * - Arrays and objects are recursively sanitized.
+     * - Other primitive types (e.g., numbers, booleans) are returned as-is.
+     *
+     * @template T
+     * @param {T} value - The value to sanitize.
+     * @returns {string | Record<string, unknown> | unknown[]} - The sanitized value.
+     */
+    transform<T>(value: T): string | Record<string, unknown> | unknown[];
+    /**
+     * Sanitizes a single string by removing all HTML tags and attributes,
+     * allowing only safe URL schemes like `http`, `https`, and `mailto`.
+     *
+     * @param {string} str - The string to sanitize.
+     * @returns {string} - The sanitized string.
+     * @private
+     */
+    private sanitizeString;
+}
+//# sourceMappingURL=html.sanitizer.d.ts.map

package/dist/security/sanitizers/html.sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"html.sanitizer.d.ts","sourceRoot":"","sources":["../../../src/security/sanitizers/html.sanitizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAc,MAAM,gBAAgB,CAAC;AAI3D;;;;;;GAMG;AACH,qBACa,gBAAiB,YAAW,aAAa;IACpD;;;;;;;;;OASG;IACH,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,EAAE;IAoBpE;;;;;;;OAOG;IACH,OAAO,CAAC,cAAc;CAOvB"}

package/dist/security/serializers/DataValidation.d.ts

@@ -0,0 +1,34 @@
+import { PipeTransform } from "@nestjs/common";
+import { ZodType } from "zod";
+/**
+ * A NestJS pipe that combines input sanitization and validation.
+ *
+ * This pipe first sanitizes incoming data using {@link SanitizeHtmlPipe}
+ * to remove any potentially unsafe HTML, and then validates the sanitized
+ * data using a provided Zod schema.
+ *
+ * If validation fails, a `BadRequestException` is thrown.
+ */
+export declare class DataValidationPipe implements PipeTransform {
+    private schema;
+    private readonly sanitizeHtmlPipe;
+    /**
+     * Creates a new DataValidationPipe instance with the provided Zod schema.
+     *
+     * @param {ZodType} schema - The Zod schema used to validate sanitized data.
+     */
+    constructor(schema: ZodType);
+    /**
+     * Sanitizes and validates incoming data.
+     * - First, all string values are sanitized to remove unsafe HTML.
+     * - Then, the sanitized data is validated against the provided Zod schema.
+     *
+     * Throws a `BadRequestException` if validation fails.
+     *
+     * @param {unknown} value - The incoming value to sanitize and validate.
+     * @returns {unknown} - The sanitized and validated data.
+     * @throws {BadRequestException} - If validation fails.
+     */
+    transform(value: unknown): unknown;
+}
+//# sourceMappingURL=DataValidation.d.ts.map

package/dist/security/serializers/DataValidation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DataValidation.d.ts","sourceRoot":"","sources":["../../../src/security/serializers/DataValidation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmC,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAChF,OAAO,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AAG9B;;;;;;;;GAQG;AACH,qBACa,kBAAmB,YAAW,aAAa;IAQ1C,OAAO,CAAC,MAAM;IAP1B,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAA0B;IAE3D;;;;OAIG;gBACiB,MAAM,EAAE,OAAO;IAEnC;;;;;;;;;;OAUG;IACH,SAAS,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;CAYnC"}