@smartive/datocms-utils 3.0.0-next.10 → 3.0.0-next.11

package/README.md

@@ -14,13 +14,13 @@ npm install @smartive/datocms-utils
 
 #### `classNames`
 
-Cleans and joins an array of class names, filtering out undefined and boolean values.
+Cleans and joins an array of class names (strings and numbers), filtering out undefined and boolean values.
 
 ```typescript
 import { classNames } from '@smartive/datocms-utils';
 
-const className = classNames('btn', isActive && 'btn-active', undefined, 'btn-primary');
-// Result: "btn btn-active btn-primary"
+const className = classNames('btn', isActive && 'btn-active', 42, undefined, 'btn-primary');
+// Result: "btn btn-active 42 btn-primary"
 ```
 
 #### `getTelLink`
@@ -118,7 +118,7 @@ npm install ioredis
 import { RedisCacheTagsProvider } from '@smartive/datocms-utils/cache-tags/redis';
 
 const provider = new RedisCacheTagsProvider({
-  url: process.env.REDIS_URL!,
+  connectionUrl: process.env.REDIS_URL!,
   keyPrefix: 'prod:', // Optional: namespace for multi-environment setups
 });
 

package/dist/cache-tags/provider/neon.d.ts

@@ -29,5 +29,12 @@ export declare class NeonCacheTagsProvider implements CacheTagsProvider {
     queriesReferencingCacheTags(cacheTags: CacheTag[]): Promise<string[]>;
     deleteCacheTags(cacheTags: CacheTag[]): Promise<number>;
     truncateCacheTags(): Promise<number>;
+    /**
+     * Validates and quotes a PostgreSQL identifier (table name, column name, etc.) to prevent SQL injection.
+     * @param identifier The identifier to validate and quote
+     * @returns The properly quoted identifier
+     * @throws Error if the identifier is invalid
+     */
+    private static quoteIdentifier;
 }
 export {};

package/dist/cache-tags/provider/neon.js

@@ -7,7 +7,7 @@ export class NeonCacheTagsProvider {
     table;
     constructor({ connectionUrl, table }) {
         this.sql = neon(connectionUrl, { fullResults: true });
-        this.table = table;
+        this.table = NeonCacheTagsProvider.quoteIdentifier(table);
     }
     async storeQueryCacheTags(queryId, cacheTags) {
         if (!cacheTags?.length) {
@@ -31,7 +31,7 @@ export class NeonCacheTagsProvider {
         }, []);
     }
     async deleteCacheTags(cacheTags) {
-        if (cacheTags.length === 0) {
+        if (!cacheTags?.length) {
             return 0;
         }
         const placeholders = cacheTags.map((_, i) => `$${i + 1}`).join(',');
@@ -40,5 +40,26 @@ export class NeonCacheTagsProvider {
     async truncateCacheTags() {
         return (await this.sql.query(`DELETE FROM ${this.table}`)).rowCount ?? 0;
     }
+    /**
+     * Validates and quotes a PostgreSQL identifier (table name, column name, etc.) to prevent SQL injection.
+     * @param identifier The identifier to validate and quote
+     * @returns The properly quoted identifier
+     * @throws Error if the identifier is invalid
+     */
+    static quoteIdentifier(identifier) {
+        // Validate that the identifier contains only valid characters
+        // PostgreSQL identifiers can contain letters, digits, underscores, and dollar signs
+        // They can also contain dots for schema-qualified names
+        if (!/^[a-zA-Z_$][a-zA-Z0-9_$]*(\.[a-zA-Z_$][a-zA-Z0-9_$]*)?$/.test(identifier)) {
+            throw new Error(`Invalid table name: ${identifier}. Table names must start with a letter, underscore, or dollar sign and contain only letters, digits, underscores, and dollar signs. Schema-qualified names (e.g., "schema.table") are supported.`);
+        }
+        // Quote the identifier using double quotes to prevent SQL injection
+        // Handle schema-qualified names (e.g., "schema.table")
+        // Escape any double quotes within the identifier by doubling them
+        return identifier
+            .split('.')
+            .map((part) => `"${part.replace(/"/g, '""')}"`)
+            .join('.');
+    }
 }
 //# sourceMappingURL=neon.js.map

package/dist/cache-tags/provider/neon.js.map

@@ -1 +1 @@
-{"version":3,"file":"neon.js","sourceRoot":"","sources":["../../../src/cache-tags/provider/neon.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAuBhD;;GAEG;AACH,MAAM,OAAO,qBAAqB;IACf,GAAG,CAAC;IACJ,KAAK,CAAC;IAEvB,YAAY,EAAE,aAAa,EAAE,KAAK,EAA+B;QAC/D,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,aAAa,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,OAAe,EAAE,SAAqB;QACrE,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzF,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,WAAW,YAAY,yBAAyB,EAAE,IAAI,CAAC,CAAC;IACxG,CAAC;IAEM,KAAK,CAAC,2BAA2B,CAAC,SAAqB;QAC5D,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;YACvB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpE,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CACnC,iCAAiC,IAAI,CAAC,KAAK,wBAAwB,YAAY,GAAG,EAClF,SAAS,CACV,CAAC;QAEF,OAAO,IAAI,CAAC,MAAM,CAAW,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE;YAC7C,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACrC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC,EAAE,EAAE,CAAC,CAAC;IACT,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,SAAqB;QAChD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,CAAC;QACX,CAAC;QACD,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpE,OAAO,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,wBAAwB,YAAY,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;IAC3H,CAAC;IAEM,KAAK,CAAC,iBAAiB;QAC5B,OAAO,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;IAC3E,CAAC;CACF"}
+{"version":3,"file":"neon.js","sourceRoot":"","sources":["../../../src/cache-tags/provider/neon.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAuBhD;;GAEG;AACH,MAAM,OAAO,qBAAqB;IACf,GAAG,CAAC;IACJ,KAAK,CAAC;IAEvB,YAAY,EAAE,aAAa,EAAE,KAAK,EAA+B;QAC/D,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,aAAa,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,GAAG,qBAAqB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,OAAe,EAAE,SAAqB;QACrE,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzF,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,WAAW,YAAY,yBAAyB,EAAE,IAAI,CAAC,CAAC;IACxG,CAAC;IAEM,KAAK,CAAC,2BAA2B,CAAC,SAAqB;QAC5D,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;YACvB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpE,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CACnC,iCAAiC,IAAI,CAAC,KAAK,wBAAwB,YAAY,GAAG,EAClF,SAAS,CACV,CAAC;QAEF,OAAO,IAAI,CAAC,MAAM,CAAW,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE;YAC7C,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACrC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC,EAAE,EAAE,CAAC,CAAC;IACT,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,SAAqB;QAChD,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;YACvB,OAAO,CAAC,CAAC;QACX,CAAC;QACD,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpE,OAAO,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,wBAAwB,YAAY,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;IAC3H,CAAC;IAEM,KAAK,CAAC,iBAAiB;QAC5B,OAAO,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;IAC3E,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,eAAe,CAAC,UAAkB;QAC/C,8DAA8D;QAC9D,oFAAoF;QACpF,wDAAwD;QACxD,IAAI,CAAC,yDAAyD,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAChF,MAAM,IAAI,KAAK,CACb,uBAAuB,UAAU,kMAAkM,CACpO,CAAC;QACJ,CAAC;QAED,oEAAoE;QACpE,uDAAuD;QACvD,kEAAkE;QAClE,OAAO,UAAU;aACd,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;aAC9C,IAAI,CAAC,GAAG,CAAC,CAAC;IACf,CAAC;CACF"}

package/dist/cache-tags/types.d.ts

@@ -50,7 +50,7 @@ export interface CacheTagsProvider {
      * run again, fresh cache tag mappings will be created.
      *
      * @param {CacheTag[]} cacheTags Array of cache tags to delete
-     * @returns Number of keys deleted, or null if there was an error
+     * @returns Number of keys deleted
      *
      */
     deleteCacheTags(cacheTags: CacheTag[]): Promise<number>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smartive/datocms-utils",
-  "version": "3.0.0-next.10",
+  "version": "3.0.0-next.11",
   "description": "A set of utilities and helpers to work with DatoCMS in a Next.js project.",
   "type": "module",
   "source": "./src/index.ts",

package/src/cache-tags/provider/neon.ts

@@ -30,7 +30,7 @@ export class NeonCacheTagsProvider implements CacheTagsProvider {
 
   constructor({ connectionUrl, table }: NeonCacheTagsProviderConfig) {
     this.sql = neon(connectionUrl, { fullResults: true });
-    this.table = table;
+    this.table = NeonCacheTagsProvider.quoteIdentifier(table);
   }
 
   public async storeQueryCacheTags(queryId: string, cacheTags: CacheTag[]) {
@@ -66,7 +66,7 @@ export class NeonCacheTagsProvider implements CacheTagsProvider {
   }
 
   public async deleteCacheTags(cacheTags: CacheTag[]) {
-    if (cacheTags.length === 0) {
+    if (!cacheTags?.length) {
       return 0;
     }
     const placeholders = cacheTags.map((_, i) => `$${i + 1}`).join(',');
@@ -77,4 +77,29 @@ export class NeonCacheTagsProvider implements CacheTagsProvider {
   public async truncateCacheTags() {
     return (await this.sql.query(`DELETE FROM ${this.table}`)).rowCount ?? 0;
   }
+
+  /**
+   * Validates and quotes a PostgreSQL identifier (table name, column name, etc.) to prevent SQL injection.
+   * @param identifier The identifier to validate and quote
+   * @returns The properly quoted identifier
+   * @throws Error if the identifier is invalid
+   */
+  private static quoteIdentifier(identifier: string): string {
+    // Validate that the identifier contains only valid characters
+    // PostgreSQL identifiers can contain letters, digits, underscores, and dollar signs
+    // They can also contain dots for schema-qualified names
+    if (!/^[a-zA-Z_$][a-zA-Z0-9_$]*(\.[a-zA-Z_$][a-zA-Z0-9_$]*)?$/.test(identifier)) {
+      throw new Error(
+        `Invalid table name: ${identifier}. Table names must start with a letter, underscore, or dollar sign and contain only letters, digits, underscores, and dollar signs. Schema-qualified names (e.g., "schema.table") are supported.`,
+      );
+    }
+
+    // Quote the identifier using double quotes to prevent SQL injection
+    // Handle schema-qualified names (e.g., "schema.table")
+    // Escape any double quotes within the identifier by doubling them
+    return identifier
+      .split('.')
+      .map((part) => `"${part.replace(/"/g, '""')}"`)
+      .join('.');
+  }
 }

package/src/cache-tags/types.ts

@@ -52,7 +52,7 @@ export interface CacheTagsProvider {
    * run again, fresh cache tag mappings will be created.
    *
    * @param {CacheTag[]} cacheTags Array of cache tags to delete
-   * @returns Number of keys deleted, or null if there was an error
+   * @returns Number of keys deleted
    *
    */
   deleteCacheTags(cacheTags: CacheTag[]): Promise<number>;