@tantainnovative/ndpr-toolkit 1.0.2 → 1.0.3

package/src/lib/dpiaQuestions.ts

@@ -0,0 +1,148 @@
+import { RiskAssessmentQuestion } from '@/types';
+
+export const dpiaQuestions: RiskAssessmentQuestion[] = [
+  {
+    id: 'data-collection-1',
+    text: 'Does your project involve collecting personal data directly from individuals?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'No personal data is collected' },
+      { value: "2", label: 'Limited personal data is collected with clear consent' },
+      { value: "3", label: 'Significant personal data is collected with consent' },
+      { value: "4", label: 'Extensive personal data is collected' }
+    ]
+  },
+  {
+    id: 'data-collection-2',
+    text: 'Does your project involve collecting sensitive personal data (e.g., health, biometric, religious beliefs)?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'No sensitive data is collected' },
+      { value: "2", label: 'Limited sensitive data with explicit consent' },
+      { value: "3", label: 'Significant sensitive data with explicit consent' },
+      { value: "4", label: 'Extensive sensitive data collection' }
+    ]
+  },
+  {
+    id: 'data-collection-3',
+    text: 'Does your project collect data from children or vulnerable individuals?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'No data from children or vulnerable individuals' },
+      { value: "2", label: 'Limited data with parental/guardian consent' },
+      { value: "3", label: 'Significant data with enhanced safeguards' },
+      { value: "4", label: 'Extensive data from vulnerable groups' }
+    ]
+  },
+  {
+    id: 'data-processing-1',
+    text: 'Does your project involve automated decision-making or profiling?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'No automated decision-making' },
+      { value: "2", label: 'Limited automation with human oversight' },
+      { value: "3", label: 'Significant automation with opt-out options' },
+      { value: "4", label: 'Extensive automated decisions affecting individuals' }
+    ]
+  },
+  {
+    id: 'data-processing-2',
+    text: 'Does your project involve processing data for purposes beyond what was initially collected for?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'Processing only for original purpose' },
+      { value: "2", label: 'Limited secondary processing with notice' },
+      { value: "3", label: 'Significant secondary processing with consent' },
+      { value: "4", label: 'Extensive repurposing of data' }
+    ]
+  },
+  {
+    id: 'data-processing-3',
+    text: 'Does your project combine data from multiple sources?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'No data combination' },
+      { value: "2", label: 'Limited combination from controlled sources' },
+      { value: "3", label: 'Significant combination with transparency' },
+      { value: "4", label: 'Extensive data aggregation from various sources' }
+    ]
+  },
+  {
+    id: 'data-sharing-1',
+    text: 'Does your project involve sharing personal data with third parties?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'No third-party sharing' },
+      { value: "2", label: 'Limited sharing with contractual safeguards' },
+      { value: "3", label: 'Significant sharing with data processing agreements' },
+      { value: "4", label: 'Extensive sharing with multiple third parties' }
+    ]
+  },
+  {
+    id: 'data-sharing-2',
+    text: 'Does your project involve transferring data outside Nigeria?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'No international transfers' },
+      { value: "2", label: 'Limited transfers to countries with adequate protection' },
+      { value: "3", label: 'Significant transfers with standard contractual clauses' },
+      { value: "4", label: 'Extensive transfers to countries without adequate protection' }
+    ]
+  },
+  {
+    id: 'security-1',
+    text: 'What level of security measures does your project implement?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'Comprehensive security with encryption, access controls, and regular audits' },
+      { value: "2", label: 'Strong security measures with some monitoring' },
+      { value: "3", label: 'Basic security measures meeting minimum requirements' },
+      { value: "4", label: 'Limited security measures' }
+    ]
+  },
+  {
+    id: 'security-2',
+    text: 'Does your project have a data breach response plan?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'Comprehensive breach plan with regular testing' },
+      { value: "2", label: 'Documented breach plan with assigned responsibilities' },
+      { value: "3", label: 'Basic breach notification procedure' },
+      { value: "4", label: 'No formal breach response plan' }
+    ]
+  },
+  {
+    id: 'data-subject-rights-1',
+    text: 'How does your project facilitate data subject rights (access, rectification, erasure, etc.)?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'Automated self-service portal for all rights' },
+      { value: "2", label: 'Documented procedures with reasonable response times' },
+      { value: "3", label: 'Basic manual process for handling requests' },
+      { value: "4", label: 'Limited or no formal process for rights requests' }
+    ]
+  },
+  {
+    id: 'data-subject-rights-2',
+    text: 'Does your project provide clear privacy information to data subjects?',
+    type: 'radio',
+    required: true,
+    options: [
+      { value: "1", label: 'Comprehensive, layered privacy notices in plain language' },
+      { value: "2", label: 'Clear privacy policy with all required information' },
+      { value: "3", label: 'Basic privacy notice covering essential elements' },
+      { value: "4", label: 'Minimal or complex privacy information' }
+    ]
+  }
+];

package/src/lib/requestService.ts

@@ -0,0 +1,75 @@
+'use client';
+
+import { DataSubjectRequest, RequestStatus } from '@/types';
+import { v4 as uuidv4 } from 'uuid';
+import { storage } from './storage';
+
+const REQUEST_STORAGE_KEY = 'ndpr_requests';
+
+const getStoredRequests = (): DataSubjectRequest[] => {
+  return storage.getItem<DataSubjectRequest[]>(REQUEST_STORAGE_KEY, []) || [];
+};
+
+export const requestService = {
+  createRequest: (
+    requestType: DataSubjectRequest['type'],
+    requesterName: string,
+    requesterEmail: string,
+    details: string,
+    consent: boolean
+  ): DataSubjectRequest => {
+    const request: DataSubjectRequest = {
+      id: uuidv4(),
+      type: requestType,
+      status: 'pending',
+      createdAt: Date.now(),
+      updatedAt: Date.now(),
+      subject: {
+        name: requesterName,
+        email: requesterEmail,
+      },
+      description: details,
+    };
+
+    const requests = getStoredRequests();
+    requests.push(request);
+    const saved = storage.setItem(REQUEST_STORAGE_KEY, requests);
+    
+    if (!saved) {
+      throw new Error('Failed to save request. Storage may be full or unavailable.');
+    }
+
+    return request;
+  },
+
+  updateStatus: (id: string, status: RequestStatus): DataSubjectRequest | null => {
+    const requests = getStoredRequests();
+    const idx = requests.findIndex(r => r.id === id);
+    if (idx === -1) return null;
+    
+    requests[idx].status = status;
+    requests[idx].updatedAt = Date.now();
+    
+    const saved = storage.setItem(REQUEST_STORAGE_KEY, requests);
+    if (!saved) {
+      throw new Error('Failed to update request status.');
+    }
+    
+    return requests[idx];
+  },
+
+  getRequest: (id: string): DataSubjectRequest | null => {
+    const requests = getStoredRequests();
+    return requests.find(r => r.id === id) || null;
+  },
+
+  getAllRequests: (): DataSubjectRequest[] => {
+    return getStoredRequests();
+  },
+
+  clear: (): boolean => {
+    return storage.removeItem(REQUEST_STORAGE_KEY);
+  },
+};
+
+export default requestService;

package/src/lib/sanitize.ts

@@ -0,0 +1,108 @@
+/**
+ * Sanitization utilities for preventing XSS attacks
+ * In production, consider using a library like DOMPurify
+ */
+
+/**
+ * Escapes HTML special characters to prevent XSS
+ */
+export function escapeHtml(unsafe: string): string {
+  return unsafe
+    .replace(/&/g, "&")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;")
+    .replace(/"/g, "&quot;")
+    .replace(/'/g, "&#039;");
+}
+
+/**
+ * Sanitizes user input for safe display
+ * Removes dangerous tags and attributes
+ */
+export function sanitizeInput(input: string): string {
+  // Remove script tags and their content
+  let sanitized = input.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
+  
+  // Remove on* event handlers
+  sanitized = sanitized.replace(/\s*on\w+\s*=\s*["'][^"']*["']/gi, '');
+  
+  // Remove javascript: protocol
+  sanitized = sanitized.replace(/javascript:/gi, '');
+  
+  // Escape remaining HTML
+  return escapeHtml(sanitized);
+}
+
+/**
+ * Validates and sanitizes email addresses
+ */
+export function sanitizeEmail(email: string): string {
+  // Basic email validation
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  
+  if (!emailRegex.test(email)) {
+    throw new Error('Invalid email format');
+  }
+  
+  // Remove any HTML tags
+  return email.replace(/<[^>]*>/g, '').trim().toLowerCase();
+}
+
+/**
+ * Sanitizes file names to prevent directory traversal attacks
+ */
+export function sanitizeFileName(fileName: string): string {
+  // Remove path separators and null bytes
+  return fileName
+    .replace(/[\/\\]/g, '')
+    .replace(/\0/g, '')
+    .replace(/\.{2,}/g, '.')
+    .trim();
+}
+
+/**
+ * Creates a safe HTML structure from markdown
+ * This is a basic implementation - for production use a proper markdown parser
+ */
+export function markdownToSafeHtml(markdown: string): string {
+  let html = escapeHtml(markdown);
+  
+  // Convert markdown syntax to HTML
+  html = html
+    // Headers
+    .replace(/^### (.*$)/gim, '<h3>$1</h3>')
+    .replace(/^## (.*$)/gim, '<h2>$1</h2>')
+    .replace(/^# (.*$)/gim, '<h1>$1</h1>')
+    // Bold
+    .replace(/\*\*([^*]+)\*\*/g, '<strong>$1</strong>')
+    // Italic
+    .replace(/\*([^*]+)\*/g, '<em>$1</em>')
+    // Line breaks
+    .replace(/\n/g, '<br />');
+  
+  return html;
+}
+
+/**
+ * Validates and sanitizes URL to prevent open redirect vulnerabilities
+ */
+export function sanitizeUrl(url: string, allowedHosts?: string[]): string {
+  try {
+    const parsed = new URL(url);
+    
+    // Check if protocol is safe
+    if (!['http:', 'https:'].includes(parsed.protocol)) {
+      throw new Error('Invalid protocol');
+    }
+    
+    // Check if host is allowed
+    if (allowedHosts && !allowedHosts.includes(parsed.hostname)) {
+      throw new Error('Host not allowed');
+    }
+    
+    return parsed.toString();
+  } catch {
+    // If URL parsing fails, return a safe default
+    return '#';
+  }
+}

package/src/lib/storage.ts

@@ -0,0 +1,222 @@
+"use client";
+
+/**
+ * Safe localStorage wrapper with error handling
+ */
+export class SafeStorage {
+  private static isStorageAvailable(): boolean {
+    if (typeof window === "undefined") return false;
+
+    try {
+      const testKey = "__storage_test__";
+      window.localStorage.setItem(testKey, "test");
+      window.localStorage.removeItem(testKey);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+
+  static getItem<T = unknown>(key: string, defaultValue?: T): T | null {
+    if (!this.isStorageAvailable()) {
+      console.warn("localStorage is not available");
+      return defaultValue ?? null;
+    }
+
+    try {
+      const item = window.localStorage.getItem(key);
+      if (item === null) return defaultValue ?? null;
+
+      // Try to parse as JSON, otherwise return as string
+      try {
+        return JSON.parse(item) as T;
+      } catch {
+        return item as unknown as T;
+      }
+    } catch (error) {
+      console.error(`Error reading from localStorage: ${key}`, error);
+      return defaultValue ?? null;
+    }
+  }
+
+  static setItem(key: string, value: unknown): boolean {
+    if (!this.isStorageAvailable()) {
+      console.warn("localStorage is not available");
+      return false;
+    }
+
+    try {
+      const serialized =
+        typeof value === "string" ? value : JSON.stringify(value);
+      window.localStorage.setItem(key, serialized);
+      return true;
+    } catch (error) {
+      if (error instanceof Error) {
+        if (error.name === "QuotaExceededError") {
+          console.error("localStorage quota exceeded");
+          // Try to clear old data
+          this.clearOldData();
+          // Retry once
+          try {
+            const serialized =
+              typeof value === "string" ? value : JSON.stringify(value);
+            window.localStorage.setItem(key, serialized);
+            return true;
+          } catch {
+            console.error("Failed to save after clearing old data");
+            return false;
+          }
+        }
+      }
+      console.error(`Error writing to localStorage: ${key}`, error);
+      return false;
+    }
+  }
+
+  static removeItem(key: string): boolean {
+    if (!this.isStorageAvailable()) {
+      console.warn("localStorage is not available");
+      return false;
+    }
+
+    try {
+      window.localStorage.removeItem(key);
+      return true;
+    } catch (error) {
+      console.error(`Error removing from localStorage: ${key}`, error);
+      return false;
+    }
+  }
+
+  static clear(): boolean {
+    if (!this.isStorageAvailable()) {
+      console.warn("localStorage is not available");
+      return false;
+    }
+
+    try {
+      window.localStorage.clear();
+      return true;
+    } catch (error) {
+      console.error("Error clearing localStorage", error);
+      return false;
+    }
+  }
+
+  /**
+   * Get storage size in bytes
+   */
+  static getStorageSize(): number {
+    if (!this.isStorageAvailable()) return 0;
+
+    let size = 0;
+    try {
+      for (const key in window.localStorage) {
+        if (window.localStorage.hasOwnProperty(key)) {
+          size += window.localStorage[key].length + key.length;
+        }
+      }
+    } catch (error) {
+      console.error("Error calculating storage size", error);
+    }
+    return size;
+  }
+
+  /**
+   * Clear old data based on timestamp
+   * Removes items older than specified days
+   */
+  static clearOldData(daysOld: number = 30): void {
+    if (!this.isStorageAvailable()) return;
+
+    const cutoffTime = Date.now() - daysOld * 24 * 60 * 60 * 1000;
+    const keysToRemove: string[] = [];
+
+    try {
+      for (const key in window.localStorage) {
+        if (window.localStorage.hasOwnProperty(key)) {
+          try {
+            const item = window.localStorage.getItem(key);
+            if (item) {
+              const parsed = JSON.parse(item);
+              if (parsed.timestamp && parsed.timestamp < cutoffTime) {
+                keysToRemove.push(key);
+              }
+            }
+          } catch {
+            // If parsing fails, skip this item
+          }
+        }
+      }
+
+      // Remove old items
+      keysToRemove.forEach((key) => this.removeItem(key));
+    } catch (error) {
+      console.error("Error clearing old data", error);
+    }
+  }
+
+  /**
+   * Wrapper for data with timestamp
+   */
+  static setItemWithTimestamp(key: string, value: unknown): boolean {
+    const wrappedData = {
+      data: value,
+      timestamp: Date.now(),
+    };
+    return this.setItem(key, wrappedData);
+  }
+
+  /**
+   * Get item with timestamp check
+   */
+  static getItemWithTimestamp<T = unknown>(
+    key: string,
+    maxAge?: number,
+  ): T | null {
+    const wrapped = this.getItem<{ data: T; timestamp: number }>(key);
+    if (!wrapped) return null;
+
+    if (maxAge && wrapped.timestamp) {
+      const age = Date.now() - wrapped.timestamp;
+      if (age > maxAge) {
+        this.removeItem(key);
+        return null;
+      }
+    }
+
+    return wrapped.data;
+  }
+}
+
+// Retry decorator for storage operations
+export function withRetry<T extends (...args: unknown[]) => unknown>(
+  fn: T,
+  maxRetries: number = 3,
+  delay: number = 100,
+): T {
+  return ((...args: Parameters<T>) => {
+    let lastError: Error | null = null;
+
+    for (let i = 0; i < maxRetries; i++) {
+      try {
+        return fn(...args);
+      } catch (error) {
+        lastError = error as Error;
+        if (i < maxRetries - 1) {
+          // Wait before retrying
+          const waitTime = delay * Math.pow(2, i); // Exponential backoff
+          const start = Date.now();
+          while (Date.now() - start < waitTime) {
+            // Busy wait
+          }
+        }
+      }
+    }
+
+    throw lastError;
+  }) as T;
+}
+
+// Export a default instance
+export const storage = SafeStorage;

package/src/lib/utils.ts

@@ -0,0 +1,6 @@
+import { clsx, type ClassValue } from "clsx"
+import { twMerge } from "tailwind-merge"
+
+export function cn(...inputs: ClassValue[]) {
+  return twMerge(clsx(inputs))
+}

package/src/types/html-to-docx.d.ts

@@ -0,0 +1,30 @@
+declare module 'html-to-docx' {
+  export default function htmlToDocx(
+    htmlString: string,
+    options?: {
+      title?: string;
+      margin?: {
+        top?: number;
+        right?: number;
+        bottom?: number;
+        left?: number;
+      };
+      header?: {
+        default?: string;
+        first?: string;
+        even?: string;
+      };
+      footer?: {
+        default?: string;
+        first?: string;
+        even?: string;
+      };
+      pageNumber?: boolean;
+      orientation?: 'portrait' | 'landscape';
+      font?: {
+        family?: string;
+        size?: number;
+      };
+    }
+  ): Promise<Buffer>;
+}

package/src/types/index.ts

@@ -0,0 +1,72 @@
+// Re-export all types from the package
+// This ensures consistency between the main app and the package
+export * from '@tantainnovative/ndpr-toolkit';
+import type { DSRStatus, DSRType } from '@tantainnovative/ndpr-toolkit';
+
+// Additional app-specific types that extend the package types
+export interface AppConfig {
+  apiUrl?: string;
+  environment: 'development' | 'staging' | 'production';
+  features: {
+    consent: boolean;
+    dsr: boolean;
+    dpia: boolean;
+    breach: boolean;
+    privacy: boolean;
+  };
+}
+
+// Legacy type aliases for backward compatibility
+// These map old type names to new ones from the package
+export type RequestStatus = DSRStatus;
+export type RequestType = DSRType;
+
+// Re-export specific types that might have different names
+export type {
+  ConsentOption,
+  BreachReport,
+  RiskAssessment,
+  NotificationRequirement,
+  RegulatoryNotification,
+  DSRRequest as DataSubjectRequest,
+  DSRStatus,
+  DSRType,
+  PrivacyPolicy,
+  PolicySection,
+  PolicyTemplate,
+  PolicyVariable,
+  OrganizationInfo,
+  DPIAQuestion as RiskAssessmentQuestion,
+  DPIASection,
+  DPIAResult
+} from '@tantainnovative/ndpr-toolkit';
+
+// Define ConsentType locally since it's not exported from the package
+export type ConsentType = 'necessary' | 'functional' | 'analytics' | 'marketing' | 'preferences';
+
+// Define BreachSeverity type
+export type BreachSeverity = 'low' | 'medium' | 'high' | 'critical';
+
+// Define missing types that are not exported from the package
+export interface ConsentRecord {
+  id: string;
+  userId?: string;
+  consents: Record<string, boolean>;
+  timestamp: Date;
+  ipAddress?: string;
+  userAgent?: string;
+  version: string;
+}
+
+export interface ConsentHistoryEntry {
+  timestamp: Date;
+  consents: Record<string, boolean>;
+  action: 'granted' | 'revoked' | 'updated';
+  ipAddress?: string;
+  userAgent?: string;
+  version: string;
+}
+
+export interface ConsentPreferences {
+  [key: string]: boolean;
+}