@tantainnovative/ndpr-toolkit 1.0.5 → 1.0.6

package/src/lib/consentService.ts

@@ -1,144 +0,0 @@
-"use client";
-
-import { ConsentRecord, ConsentHistoryEntry } from "@/types";
-import { v4 as uuidv4 } from "uuid";
-import { storage } from "./storage";
-
-// In a real implementation, this would connect to a database
-// For demo purposes, we're using localStorage
-
-const CONSENT_STORAGE_KEY = "ndpr_consent_records";
-const CONSENT_HISTORY_KEY = "ndpr_consent_history";
-
-// Helper function to get consent history
-const getConsentHistoryHelper = (): ConsentHistoryEntry[] => {
-  return storage.getItem<ConsentHistoryEntry[]>(CONSENT_HISTORY_KEY, []) || [];
-};
-
-export const consentService = {
-  // Save a new consent record
-  saveConsent: (
-    consents: Record<string, boolean>,
-    userId?: string,
-  ): ConsentRecord => {
-    const consentRecord: ConsentRecord = {
-      id: uuidv4(),
-      userId,
-      consents,
-      timestamp: new Date(),
-      ipAddress: "Collected server-side in real implementation",
-      userAgent:
-        typeof window !== "undefined" ? window.navigator.userAgent : "Unknown",
-      version: "1.0",
-    };
-
-    // Store in localStorage for demo
-    // Save as current consent
-    if (!storage.setItem(CONSENT_STORAGE_KEY, consentRecord)) {
-      throw new Error("Failed to save consent record");
-    }
-
-    // Add to history
-    const historyEntry: ConsentHistoryEntry = {
-      timestamp: new Date(),
-      consents,
-      action: "granted",
-      ipAddress: "Collected server-side in real implementation",
-      userAgent:
-        typeof window !== "undefined" ? window.navigator.userAgent : "Unknown",
-      version: "1.0",
-    };
-
-    const history = getConsentHistoryHelper();
-    history.push(historyEntry);
-    if (!storage.setItem(CONSENT_HISTORY_KEY, history)) {
-      throw new Error("Failed to save consent history");
-    }
-
-    return consentRecord;
-  },
-
-  // Get the current consent record
-  getCurrentConsent: (): ConsentRecord | null => {
-    return storage.getItem<ConsentRecord>(CONSENT_STORAGE_KEY);
-  },
-
-  // Get consent history
-  getConsentHistory: (): ConsentHistoryEntry[] => {
-    return getConsentHistoryHelper();
-  },
-
-  // Update consent with change reason
-  updateConsent: (
-    consents: Record<string, boolean>,
-    changeReason?: string,
-    userId?: string,
-  ): ConsentRecord => {
-    // Get the previous consent to determine the action
-    const previousConsent = consentService.getCurrentConsent();
-
-    // Create the new consent record
-    const consentRecord: ConsentRecord = {
-      id: uuidv4(),
-      userId,
-      consents,
-      timestamp: new Date(),
-      ipAddress: "Collected server-side in real implementation",
-      userAgent:
-        typeof window !== "undefined" ? window.navigator.userAgent : "Unknown",
-      version: "1.0",
-    };
-
-    // Store in localStorage for demo
-    // Save as current consent
-    if (!storage.setItem(CONSENT_STORAGE_KEY, consentRecord)) {
-      throw new Error("Failed to save consent record");
-    }
-
-    // Determine the action type
-    let action: "granted" | "revoked" | "updated" = "updated";
-    if (!previousConsent) {
-      action = "granted";
-    } else {
-      const allRevoked = Object.values(consents).every((v) => !v);
-      if (allRevoked) {
-        action = "revoked";
-      }
-    }
-
-    // Add to history
-    const historyEntry: ConsentHistoryEntry = {
-      timestamp: new Date(),
-      consents,
-      action,
-      ipAddress: "Collected server-side in real implementation",
-      userAgent:
-        typeof window !== "undefined" ? window.navigator.userAgent : "Unknown",
-      version: "1.0",
-    };
-
-    const history = getConsentHistoryHelper();
-    history.push(historyEntry);
-    if (!storage.setItem(CONSENT_HISTORY_KEY, history)) {
-      throw new Error("Failed to save consent history");
-    }
-
-    return consentRecord;
-  },
-
-  // Clear all consent data (for testing/development)
-  clearConsentData: (): boolean => {
-    const clearedCurrent = storage.removeItem(CONSENT_STORAGE_KEY);
-    const clearedHistory = storage.removeItem(CONSENT_HISTORY_KEY);
-    return clearedCurrent && clearedHistory;
-  },
-
-  // Check if a specific consent is granted
-  hasConsent: (type: string): boolean => {
-    const current = consentService.getCurrentConsent();
-    if (!current) return false;
-    return current.consents[type] === true;
-  },
-};
-
-export default consentService;

package/src/lib/dpiaQuestions.ts

@@ -1,188 +0,0 @@
-import { RiskAssessmentQuestion } from "@/types";
-
-export const dpiaQuestions: RiskAssessmentQuestion[] = [
-  {
-    id: "data-collection-1",
-    text: "Does your project involve collecting personal data directly from individuals?",
-    type: "radio",
-    required: true,
-    options: [
-      { value: "1", label: "No personal data is collected" },
-      {
-        value: "2",
-        label: "Limited personal data is collected with clear consent",
-      },
-      {
-        value: "3",
-        label: "Significant personal data is collected with consent",
-      },
-      { value: "4", label: "Extensive personal data is collected" },
-    ],
-  },
-  {
-    id: "data-collection-2",
-    text: "Does your project involve collecting sensitive personal data (e.g., health, biometric, religious beliefs)?",
-    type: "radio",
-    required: true,
-    options: [
-      { value: "1", label: "No sensitive data is collected" },
-      { value: "2", label: "Limited sensitive data with explicit consent" },
-      { value: "3", label: "Significant sensitive data with explicit consent" },
-      { value: "4", label: "Extensive sensitive data collection" },
-    ],
-  },
-  {
-    id: "data-collection-3",
-    text: "Does your project collect data from children or vulnerable individuals?",
-    type: "radio",
-    required: true,
-    options: [
-      { value: "1", label: "No data from children or vulnerable individuals" },
-      { value: "2", label: "Limited data with parental/guardian consent" },
-      { value: "3", label: "Significant data with enhanced safeguards" },
-      { value: "4", label: "Extensive data from vulnerable groups" },
-    ],
-  },
-  {
-    id: "data-processing-1",
-    text: "Does your project involve automated decision-making or profiling?",
-    type: "radio",
-    required: true,
-    options: [
-      { value: "1", label: "No automated decision-making" },
-      { value: "2", label: "Limited automation with human oversight" },
-      { value: "3", label: "Significant automation with opt-out options" },
-      {
-        value: "4",
-        label: "Extensive automated decisions affecting individuals",
-      },
-    ],
-  },
-  {
-    id: "data-processing-2",
-    text: "Does your project involve processing data for purposes beyond what was initially collected for?",
-    type: "radio",
-    required: true,
-    options: [
-      { value: "1", label: "Processing only for original purpose" },
-      { value: "2", label: "Limited secondary processing with notice" },
-      { value: "3", label: "Significant secondary processing with consent" },
-      { value: "4", label: "Extensive repurposing of data" },
-    ],
-  },
-  {
-    id: "data-processing-3",
-    text: "Does your project combine data from multiple sources?",
-    type: "radio",
-    required: true,
-    options: [
-      { value: "1", label: "No data combination" },
-      { value: "2", label: "Limited combination from controlled sources" },
-      { value: "3", label: "Significant combination with transparency" },
-      { value: "4", label: "Extensive data aggregation from various sources" },
-    ],
-  },
-  {
-    id: "data-sharing-1",
-    text: "Does your project involve sharing personal data with third parties?",
-    type: "radio",
-    required: true,
-    options: [
-      { value: "1", label: "No third-party sharing" },
-      { value: "2", label: "Limited sharing with contractual safeguards" },
-      {
-        value: "3",
-        label: "Significant sharing with data processing agreements",
-      },
-      { value: "4", label: "Extensive sharing with multiple third parties" },
-    ],
-  },
-  {
-    id: "data-sharing-2",
-    text: "Does your project involve transferring data outside Nigeria?",
-    type: "radio",
-    required: true,
-    options: [
-      { value: "1", label: "No international transfers" },
-      {
-        value: "2",
-        label: "Limited transfers to countries with adequate protection",
-      },
-      {
-        value: "3",
-        label: "Significant transfers with standard contractual clauses",
-      },
-      {
-        value: "4",
-        label: "Extensive transfers to countries without adequate protection",
-      },
-    ],
-  },
-  {
-    id: "security-1",
-    text: "What level of security measures does your project implement?",
-    type: "radio",
-    required: true,
-    options: [
-      {
-        value: "1",
-        label:
-          "Comprehensive security with encryption, access controls, and regular audits",
-      },
-      { value: "2", label: "Strong security measures with some monitoring" },
-      {
-        value: "3",
-        label: "Basic security measures meeting minimum requirements",
-      },
-      { value: "4", label: "Limited security measures" },
-    ],
-  },
-  {
-    id: "security-2",
-    text: "Does your project have a data breach response plan?",
-    type: "radio",
-    required: true,
-    options: [
-      { value: "1", label: "Comprehensive breach plan with regular testing" },
-      {
-        value: "2",
-        label: "Documented breach plan with assigned responsibilities",
-      },
-      { value: "3", label: "Basic breach notification procedure" },
-      { value: "4", label: "No formal breach response plan" },
-    ],
-  },
-  {
-    id: "data-subject-rights-1",
-    text: "How does your project facilitate data subject rights (access, rectification, erasure, etc.)?",
-    type: "radio",
-    required: true,
-    options: [
-      { value: "1", label: "Automated self-service portal for all rights" },
-      {
-        value: "2",
-        label: "Documented procedures with reasonable response times",
-      },
-      { value: "3", label: "Basic manual process for handling requests" },
-      { value: "4", label: "Limited or no formal process for rights requests" },
-    ],
-  },
-  {
-    id: "data-subject-rights-2",
-    text: "Does your project provide clear privacy information to data subjects?",
-    type: "radio",
-    required: true,
-    options: [
-      {
-        value: "1",
-        label: "Comprehensive, layered privacy notices in plain language",
-      },
-      {
-        value: "2",
-        label: "Clear privacy policy with all required information",
-      },
-      { value: "3", label: "Basic privacy notice covering essential elements" },
-      { value: "4", label: "Minimal or complex privacy information" },
-    ],
-  },
-];

package/src/lib/requestService.ts

@@ -1,79 +0,0 @@
-"use client";
-
-import { DataSubjectRequest, RequestStatus } from "@/types";
-import { v4 as uuidv4 } from "uuid";
-import { storage } from "./storage";
-
-const REQUEST_STORAGE_KEY = "ndpr_requests";
-
-const getStoredRequests = (): DataSubjectRequest[] => {
-  return storage.getItem<DataSubjectRequest[]>(REQUEST_STORAGE_KEY, []) || [];
-};
-
-export const requestService = {
-  createRequest: (
-    requestType: DataSubjectRequest["type"],
-    requesterName: string,
-    requesterEmail: string,
-    details: string,
-  ): DataSubjectRequest => {
-    const request: DataSubjectRequest = {
-      id: uuidv4(),
-      type: requestType,
-      status: "pending",
-      createdAt: Date.now(),
-      updatedAt: Date.now(),
-      subject: {
-        name: requesterName,
-        email: requesterEmail,
-      },
-      description: details,
-    };
-
-    const requests = getStoredRequests();
-    requests.push(request);
-    const saved = storage.setItem(REQUEST_STORAGE_KEY, requests);
-
-    if (!saved) {
-      throw new Error(
-        "Failed to save request. Storage may be full or unavailable.",
-      );
-    }
-
-    return request;
-  },
-
-  updateStatus: (
-    id: string,
-    status: RequestStatus,
-  ): DataSubjectRequest | null => {
-    const requests = getStoredRequests();
-    const idx = requests.findIndex((r) => r.id === id);
-    if (idx === -1) return null;
-
-    requests[idx].status = status;
-    requests[idx].updatedAt = Date.now();
-
-    const saved = storage.setItem(REQUEST_STORAGE_KEY, requests);
-    if (!saved) {
-      throw new Error("Failed to update request status.");
-    }
-
-    return requests[idx];
-  },
-
-  getRequest: (id: string): DataSubjectRequest | null => {
-    const requests = getStoredRequests();
-    return requests.find((r) => r.id === id) || null;
-  },
-
-  getAllRequests: (): DataSubjectRequest[] => {
-    return getStoredRequests();
-  },
-
-  clear: (): boolean => {
-    return storage.removeItem(REQUEST_STORAGE_KEY);
-  },
-};
-
-export default requestService;

package/src/lib/sanitize.ts

@@ -1,108 +0,0 @@
-/**
- * Sanitization utilities for preventing XSS attacks
- * In production, consider using a library like DOMPurify
- */
-
-/**
- * Escapes HTML special characters to prevent XSS
- */
-export function escapeHtml(unsafe: string): string {
-  return unsafe
-    .replace(/&/g, "&")
-    .replace(/</g, "&lt;")
-    .replace(/>/g, "&gt;")
-    .replace(/"/g, "&quot;")
-    .replace(/'/g, "&#039;");
-}
-
-/**
- * Sanitizes user input for safe display
- * Removes dangerous tags and attributes
- */
-export function sanitizeInput(input: string): string {
-  // Remove script tags and their content
-  let sanitized = input.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
-  
-  // Remove on* event handlers
-  sanitized = sanitized.replace(/\s*on\w+\s*=\s*["'][^"']*["']/gi, '');
-  
-  // Remove javascript: protocol
-  sanitized = sanitized.replace(/javascript:/gi, '');
-  
-  // Escape remaining HTML
-  return escapeHtml(sanitized);
-}
-
-/**
- * Validates and sanitizes email addresses
- */
-export function sanitizeEmail(email: string): string {
-  // Basic email validation
-  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-  
-  if (!emailRegex.test(email)) {
-    throw new Error('Invalid email format');
-  }
-  
-  // Remove any HTML tags
-  return email.replace(/<[^>]*>/g, '').trim().toLowerCase();
-}
-
-/**
- * Sanitizes file names to prevent directory traversal attacks
- */
-export function sanitizeFileName(fileName: string): string {
-  // Remove path separators and null bytes
-  return fileName
-    .replace(/[\/\\]/g, '')
-    .replace(/\0/g, '')
-    .replace(/\.{2,}/g, '.')
-    .trim();
-}
-
-/**
- * Creates a safe HTML structure from markdown
- * This is a basic implementation - for production use a proper markdown parser
- */
-export function markdownToSafeHtml(markdown: string): string {
-  let html = escapeHtml(markdown);
-  
-  // Convert markdown syntax to HTML
-  html = html
-    // Headers
-    .replace(/^### (.*$)/gim, '<h3>$1</h3>')
-    .replace(/^## (.*$)/gim, '<h2>$1</h2>')
-    .replace(/^# (.*$)/gim, '<h1>$1</h1>')
-    // Bold
-    .replace(/\*\*([^*]+)\*\*/g, '<strong>$1</strong>')
-    // Italic
-    .replace(/\*([^*]+)\*/g, '<em>$1</em>')
-    // Line breaks
-    .replace(/\n/g, '<br />');
-  
-  return html;
-}
-
-/**
- * Validates and sanitizes URL to prevent open redirect vulnerabilities
- */
-export function sanitizeUrl(url: string, allowedHosts?: string[]): string {
-  try {
-    const parsed = new URL(url);
-    
-    // Check if protocol is safe
-    if (!['http:', 'https:'].includes(parsed.protocol)) {
-      throw new Error('Invalid protocol');
-    }
-    
-    // Check if host is allowed
-    if (allowedHosts && !allowedHosts.includes(parsed.hostname)) {
-      throw new Error('Host not allowed');
-    }
-    
-    return parsed.toString();
-  } catch {
-    // If URL parsing fails, return a safe default
-    return '#';
-  }
-}