npm - @tuturuuu/utils - Versions diffs - 0.0.3 → 0.6.0 - Mend

@tuturuuu/utils 0.0.3 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (186) hide show

package/CHANGELOG.md +305 -0
package/biome.json +5 -0
package/jsr.json +8 -8
package/package.json +63 -32
package/src/__tests__/ai-temp-auth.test.ts +309 -0
package/src/__tests__/api-proxy-guard.test.ts +1451 -0
package/src/__tests__/app-url.test.ts +270 -0
package/src/__tests__/avatar-url.test.ts +97 -0
package/src/__tests__/color-helper.test.ts +179 -0
package/src/__tests__/constants.test.ts +351 -0
package/src/__tests__/crypto.test.ts +107 -0
package/src/__tests__/date-helper.test.ts +408 -0
package/src/__tests__/fixtures/task-description-full-featured.json +456 -0
package/src/__tests__/format.test.ts +317 -0
package/src/__tests__/html-sanitizer.test.ts +360 -0
package/src/__tests__/interest-calculator.test.ts +336 -0
package/src/__tests__/interest-detector.test.ts +222 -0
package/src/__tests__/label-colors.test.ts +241 -0
package/src/__tests__/name-helper.test.ts +158 -0
package/src/__tests__/node-diff.test.ts +576 -0
package/src/__tests__/notification-service.test.ts +210 -0
package/src/__tests__/onboarding-helper.test.ts +331 -0
package/src/__tests__/path-helper.test.ts +152 -0
package/src/__tests__/permissions.test.tsx +81 -0
package/src/__tests__/request-emoji-limit.test.ts +172 -0
package/src/__tests__/search-helper.test.ts +51 -0
package/src/__tests__/storage-display-name.test.ts +37 -0
package/src/__tests__/storage-path.test.ts +238 -0
package/src/__tests__/tag-utils.test.ts +205 -0
package/src/__tests__/task-description-yjs-state.test.ts +581 -0
package/src/__tests__/task-helper-board-api-routing.test.ts +94 -0
package/src/__tests__/task-helper-create-task.test.ts +129 -0
package/src/__tests__/task-helpers.test.ts +464 -0
package/src/__tests__/task-overrides.test.ts +305 -0
package/src/__tests__/task-reorder-cache.test.ts +74 -0
package/src/__tests__/task-sort-keys.test.ts +36 -0
package/src/__tests__/task-transformers.test.ts +62 -0
package/src/__tests__/text-helper.test.ts +776 -0
package/src/__tests__/time-helper.test.ts +70 -0
package/src/__tests__/time-tracker-period.test.ts +55 -0
package/src/__tests__/timezone.test.ts +117 -0
package/src/__tests__/upstash-rest.test.ts +77 -0
package/src/__tests__/uuid-helper.test.ts +133 -0
package/src/__tests__/workspace-helper.test.ts +859 -0
package/src/__tests__/workspace-limits.test.ts +255 -0
package/src/__tests__/yjs-helper.test.ts +581 -0
package/src/abuse-protection/__tests__/backend-rate-limit.test.ts +113 -0
package/src/abuse-protection/__tests__/edge.test.ts +136 -0
package/src/abuse-protection/__tests__/index.test.ts +562 -0
package/src/abuse-protection/__tests__/reputation.test.ts +192 -0
package/src/abuse-protection/backend-rate-limit.ts +44 -0
package/src/abuse-protection/constants.ts +117 -0
package/src/abuse-protection/edge.ts +223 -0
package/src/abuse-protection/index.ts +1545 -0
package/src/abuse-protection/reputation.ts +587 -0
package/src/abuse-protection/types.ts +97 -0
package/src/abuse-protection/user-agent.ts +124 -0
package/src/abuse-protection/user-suspension.ts +231 -0
package/src/ai-temp-auth.ts +315 -0
package/src/api-proxy-guard.ts +965 -0
package/src/app-url.ts +96 -0
package/src/avatar-url.ts +64 -0
package/src/break-duration.ts +84 -0
package/src/calendar-auth-token.test.ts +37 -0
package/src/calendar-auth-token.ts +19 -0
package/src/calendar-sync-coordination.md +197 -0
package/src/calendar-utils.test.ts +169 -0
package/src/calendar-utils.ts +91 -0
package/src/color-helper.ts +110 -0
package/src/common/nextjs.tsx +99 -0
package/src/common/scan.tsx +15 -0
package/src/configs/reports.ts +160 -0
package/src/constants.ts +85 -0
package/src/crypto.ts +21 -0
package/src/currencies.ts +97 -0
package/src/date-helper.ts +313 -0
package/src/editor/convert-to-task.ts +264 -0
package/src/editor/index.ts +5 -0
package/src/email/__tests__/client.test.ts +141 -0
package/src/email/__tests__/validation.test.ts +46 -0
package/src/email/client.ts +92 -0
package/src/email/server.ts +128 -0
package/src/email/validation.ts +11 -0
package/src/encryption/__tests__/calendar-events.test.ts +411 -0
package/src/encryption/__tests__/configuration.test.ts +114 -0
package/src/encryption/__tests__/field-encryption.test.ts +232 -0
package/src/encryption/__tests__/key-generation.test.ts +30 -0
package/src/encryption/__tests__/performance-edge-cases.test.ts +187 -0
package/src/encryption/__tests__/test-helpers.ts +22 -0
package/src/encryption/__tests__/workspace-key-encryption.test.ts +129 -0
package/src/encryption/encryption-service.ts +343 -0
package/src/encryption/index.ts +25 -0
package/src/encryption/types.ts +57 -0
package/src/exchange-rates.ts +49 -0
package/src/feature-flags/__tests__/feature-flags.test.ts +302 -0
package/src/feature-flags/core.ts +322 -0
package/src/feature-flags/data.ts +16 -0
package/src/feature-flags/default.ts +18 -0
package/src/feature-flags/index.ts +7 -0
package/src/feature-flags/requestable-features.ts +79 -0
package/src/feature-flags/types.ts +4 -0
package/src/fetcher.ts +2 -0
package/src/finance/index.ts +4 -0
package/src/finance/interest-calculator.ts +456 -0
package/src/finance/interest-detector.ts +141 -0
package/src/finance/transform-invoice-results.ts +219 -0
package/src/finance/wallet-permissions.test.ts +169 -0
package/src/finance/wallet-permissions.ts +82 -0
package/src/format.ts +120 -1
package/src/generated/platform-build-metadata.ts +11 -0
package/src/hooks/use-platform.ts +64 -0
package/src/html-sanitizer.ts +155 -0
package/src/internal-domains.ts +497 -0
package/src/keyboard-preset.ts +109 -0
package/src/label-colors.ts +213 -0
package/src/launchable-apps.test.ts +126 -0
package/src/launchable-apps.ts +490 -0
package/src/name-helper.ts +269 -0
package/src/next-config.test.ts +234 -0
package/src/next-config.ts +203 -0
package/src/node-diff.ts +375 -0
package/src/notification-service.ts +379 -0
package/src/nova/scores/__tests__/calculate.test.ts +254 -0
package/src/nova/scores/calculate.ts +132 -0
package/src/nova/submissions/check-permission.ts +132 -0
package/src/onboarding-helper.ts +213 -0
package/src/path-helper.ts +93 -0
package/src/permissions.tsx +1170 -0
package/src/plan-helpers.test.ts +188 -0
package/src/plan-helpers.ts +80 -0
package/src/platform-release.test.ts +74 -0
package/src/platform-release.ts +155 -0
package/src/portless.ts +124 -0
package/src/priority-styles.ts +42 -0
package/src/request-emoji-limit.ts +335 -0
package/src/search-helper.ts +18 -0
package/src/search.test.ts +89 -0
package/src/search.ts +355 -0
package/src/storage-display-name.ts +30 -0
package/src/storage-path.ts +147 -0
package/src/tag-utils.ts +159 -0
package/src/task/reorder.ts +245 -0
package/src/task/transformers.ts +149 -0
package/src/task-date-timezone.ts +133 -0
package/src/task-description-content.ts +240 -0
package/src/task-helper/board.ts +193 -0
package/src/task-helper/bulk-actions.ts +564 -0
package/src/task-helper/personal-external-staging.ts +21 -0
package/src/task-helper/recycle-bin.ts +202 -0
package/src/task-helper/relationships.ts +346 -0
package/src/task-helper/shared.ts +109 -0
package/src/task-helper/sort-keys.ts +337 -0
package/src/task-helper/task-hooks-basic.ts +342 -0
package/src/task-helper/task-hooks-move.ts +264 -0
package/src/task-helper/task-operations.ts +278 -0
package/src/task-helper.ts +12 -0
package/src/task-helpers.ts +241 -0
package/src/task-list-status.ts +62 -0
package/src/task-overrides.ts +82 -0
package/src/task-snapshot.ts +374 -0
package/src/text-diff.ts +81 -0
package/src/text-helper.ts +537 -0
package/src/time-helper.ts +63 -0
package/src/time-tracker-period.ts +73 -0
package/src/timeblock-helper.ts +418 -0
package/src/timezone.ts +190 -0
package/src/timezones.json +1271 -0
package/src/upstash-rest.ts +56 -0
package/src/user-helper.ts +296 -0
package/src/uuid-helper.ts +11 -0
package/src/workspace-handle.ts +10 -0
package/src/workspace-helper.ts +1408 -0
package/src/workspace-limits.ts +68 -0
package/src/yjs-helper.ts +217 -0
package/src/yjs-task-description.ts +81 -0
package/tsconfig.json +3 -5
package/tsconfig.typecheck.json +33 -0
package/vitest.config.ts +36 -0
package/dist/index.d.ts +0 -8
package/dist/index.js +0 -2
package/dist/index.js.map +0 -1
package/dist/index.mjs +0 -2
package/dist/index.mjs.map +0 -1
package/eslint.config.mjs +0 -20
package/rollup.config.js +0 -41
package/src/index.ts +0 -1

package/src/__tests__/permissions.test.tsx ADDED Viewed

@@ -0,0 +1,81 @@
+import { readFileSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { describe, expect, it } from 'vitest';
+import { permissions } from '../permissions';
+describe('workspace permission catalog', () => {
+  const workspaceId = '11111111-1111-4111-8111-111111111111';
+  const repoRoot = process.cwd().endsWith('/packages/utils')
+    ? resolve(process.cwd(), '../..')
+    : process.cwd();
+  const invoiceProductPermissionIds = [
+    'adjust_inventory_stock',
+    'create_inventory_sales',
+    'manage_inventory_catalog',
+    'manage_inventory_setup',
+    'view_inventory_analytics',
+    'view_inventory_audit_logs',
+    'view_inventory_catalog',
+    'view_inventory_dashboard',
+    'view_inventory_sales',
+    'view_inventory_stock',
+  ];
+  it('keeps workspace role forms scoped by default', () => {
+    const permissionIds = permissions({
+      wsId: workspaceId,
+      user: null,
+    }).map((permission) => permission.id);
+    expect(permissionIds).toContain('admin');
+    expect(permissionIds).not.toContain('view_infrastructure');
+    expect(permissionIds).not.toContain('manage_infrastructure_stress_tests');
+    expect(permissionIds).not.toContain('manage_workspace_secrets');
+  });
+  it('exposes the full shared catalog for typed defaults', () => {
+    const permissionIds = permissions({
+      catalog: 'full',
+      wsId: workspaceId,
+      user: null,
+    }).map((permission) => permission.id);
+    expect(permissionIds).toContain('admin');
+    expect(permissionIds).toContain('view_infrastructure');
+    expect(permissionIds).toContain('manage_infrastructure_stress_tests');
+    expect(permissionIds).toContain('manage_external_migrations');
+    expect(permissionIds).toContain('manage_workspace_secrets');
+    expect(new Set(permissionIds).size).toBe(permissionIds.length);
+  });
+  it('exposes invoice product troubleshooting permissions in workspace roles', () => {
+    const permissionIds = permissions({
+      wsId: workspaceId,
+      user: null,
+    }).map((permission) => permission.id);
+    for (const permissionId of invoiceProductPermissionIds) {
+      expect(permissionIds).toContain(permissionId);
+    }
+  });
+  it('keeps Finance app role translations for invoice product permissions', () => {
+    const locales = ['en', 'vi'];
+    for (const locale of locales) {
+      const messages = JSON.parse(
+        readFileSync(
+          resolve(repoRoot, `apps/finance/messages/${locale}.json`),
+          'utf8'
+        )
+      ) as { 'ws-roles': Record<string, string> };
+      for (const permissionId of invoiceProductPermissionIds) {
+        expect(messages['ws-roles'][permissionId]?.length).toBeGreaterThan(0);
+        expect(
+          messages['ws-roles'][`${permissionId}_description`]?.length
+        ).toBeGreaterThan(0);
+      }
+    }
+  });
+});

package/src/__tests__/request-emoji-limit.test.ts ADDED Viewed

@@ -0,0 +1,172 @@
+import { NextRequest } from 'next/server';
+import { afterEach, describe, expect, it, vi } from 'vitest';
+import {
+  countEmojisInString,
+  findRequestContentViolation,
+  getRequestContentViolationForRequest,
+  isTrustedEmojiBypassRequest,
+  MAX_EMOJIS_PER_FIELD,
+  MAX_SHORT_TEXT_FIELD_GRAPHEMES,
+  shouldValidateEmojiLimit,
+} from '../request-emoji-limit';
+function makeRequest(
+  body: string,
+  options?: {
+    contentType?: string;
+    headers?: Record<string, string>;
+    method?: string;
+  }
+) {
+  return new NextRequest('http://localhost/api/test', {
+    method: options?.method ?? 'POST',
+    headers: {
+      'Content-Type': options?.contentType ?? 'application/json',
+      ...(options?.headers ?? {}),
+    },
+    body,
+  });
+}
+afterEach(() => {
+  vi.unstubAllEnvs();
+});
+describe('request emoji limit', () => {
+  it('counts pictographic emojis without counting plain numbers', () => {
+    expect(countEmojisInString('wallet 123')).toBe(0);
+    expect(countEmojisInString(`wallet ${'🎉'.repeat(3)}`)).toBe(3);
+  });
+  it('counts flag emoji graphemes correctly', () => {
+    expect(countEmojisInString('🇻🇳'.repeat(2))).toBe(2);
+  });
+  it('finds the first nested field over the limit', () => {
+    const violation = findRequestContentViolation({
+      wallet: {
+        name: '🎉'.repeat(MAX_EMOJIS_PER_FIELD + 1),
+      },
+    });
+    expect(violation).toEqual({
+      code: 'EMOJI_LIMIT_EXCEEDED',
+      path: 'body.wallet.name',
+      count: MAX_EMOJIS_PER_FIELD + 1,
+      limit: MAX_EMOJIS_PER_FIELD,
+      message: 'Field "body.wallet.name" cannot contain more than 10 emojis',
+    });
+  });
+  it('rejects text bombs in short-form metadata fields', () => {
+    const violation = findRequestContentViolation({
+      wallet: {
+        name: '漢字仮名交響曲'.repeat(
+          Math.ceil(
+            (MAX_SHORT_TEXT_FIELD_GRAPHEMES + 1) / '漢字仮名交響曲'.length
+          )
+        ),
+      },
+    });
+    expect(violation).toEqual({
+      code: 'TEXT_BOMB_DETECTED',
+      path: 'body.wallet.name',
+      count: 287,
+      limit: MAX_SHORT_TEXT_FIELD_GRAPHEMES,
+      message:
+        'Field "body.wallet.name" exceeds the maximum short-field length',
+    });
+  });
+  it('allows repeated-character runs in description fields', () => {
+    const violation = findRequestContentViolation({
+      wallet: {
+        description: `legit ${'文'.repeat(195)}`,
+      },
+    });
+    expect(violation).toBeNull();
+  });
+  it('can skip validation for machine-generated snapshot fields', () => {
+    const violation = findRequestContentViolation(
+      {
+        snapshot: `{"elements":[{"text":"${'🎉'.repeat(
+          MAX_EMOJIS_PER_FIELD + 20
+        )}"}]}`,
+        title: 'Board',
+      },
+      'body',
+      { skipValidationForFields: ['snapshot'] }
+    );
+    expect(violation).toBeNull();
+  });
+  it('skips validation for non-json requests', () => {
+    const request = makeRequest('name=test', {
+      contentType: 'application/x-www-form-urlencoded',
+    });
+    expect(shouldValidateEmojiLimit(request)).toBe(false);
+  });
+  it('detects trusted cron or service-role callers', () => {
+    vi.stubEnv('CRON_SECRET', 'cron-secret');
+    const request = makeRequest(JSON.stringify({ name: '🎉'.repeat(20) }), {
+      headers: { Authorization: 'Bearer cron-secret' },
+    });
+    expect(isTrustedEmojiBypassRequest(request)).toBe(true);
+  });
+  it('returns null for trusted callers even when payload exceeds the limit', async () => {
+    vi.stubEnv('SUPABASE_SERVICE_ROLE_KEY', 'service-role-secret');
+    const request = makeRequest(JSON.stringify({ name: '🎉'.repeat(20) }), {
+      headers: { Authorization: 'Bearer service-role-secret' },
+    });
+    await expect(
+      getRequestContentViolationForRequest(request)
+    ).resolves.toBeNull();
+  });
+  it('returns the offending field for untrusted JSON mutations', async () => {
+    const request = makeRequest(
+      JSON.stringify({
+        wallets: [
+          { name: 'ok' },
+          { name: '🎉'.repeat(MAX_EMOJIS_PER_FIELD + 2) },
+        ],
+      })
+    );
+    await expect(
+      getRequestContentViolationForRequest(request)
+    ).resolves.toEqual({
+      code: 'EMOJI_LIMIT_EXCEEDED',
+      path: 'body.wallets[1].name',
+      count: MAX_EMOJIS_PER_FIELD + 2,
+      limit: MAX_EMOJIS_PER_FIELD,
+      message:
+        'Field "body.wallets[1].name" cannot contain more than 10 emojis',
+    });
+  });
+  it('skips whiteboard snapshot validation when configured for the request', async () => {
+    const request = makeRequest(
+      JSON.stringify({
+        snapshot: `{"elements":[{"text":"${'🎉'.repeat(
+          MAX_EMOJIS_PER_FIELD + 20
+        )}"}]}`,
+      })
+    );
+    await expect(
+      getRequestContentViolationForRequest(request, {
+        skipValidationForFields: ['snapshot'],
+      })
+    ).resolves.toBeNull();
+  });
+});

package/src/__tests__/search-helper.test.ts ADDED Viewed

@@ -0,0 +1,51 @@
+import { describe, expect, it } from 'vitest';
+import { escapeLikePattern, sanitizeSearchQuery } from '../search-helper';
+describe('search-helper', () => {
+  describe('sanitizeSearchQuery', () => {
+    it('should return null for null, undefined, or empty strings', () => {
+      expect(sanitizeSearchQuery(null)).toBeNull();
+      expect(sanitizeSearchQuery(undefined)).toBeNull();
+      expect(sanitizeSearchQuery('')).toBeNull();
+      expect(sanitizeSearchQuery('   ')).toBeNull();
+    });
+    it('should trim whitespace', () => {
+      expect(sanitizeSearchQuery('  hello  ')).toBe('hello');
+    });
+    it('should remove control characters', () => {
+      // \x00 is a control character (NULL)
+      // \x1F is a control character (INFORMATION SEPARATOR ONE)
+      // \x7F is a control character (DELETE)
+      const input = 'hello\x00world\x1F!\x7F';
+      expect(sanitizeSearchQuery(input)).toBe('helloworld!');
+    });
+    it('should return null if the string only contains control characters and whitespace', () => {
+      expect(sanitizeSearchQuery(' \x00 \x1F ')).toBeNull();
+    });
+  });
+  describe('escapeLikePattern', () => {
+    it('should escape backslashes', () => {
+      expect(escapeLikePattern('a\\b')).toBe('a\\\\b');
+    });
+    it('should escape percent signs', () => {
+      expect(escapeLikePattern('a%b')).toBe('a\\%b');
+    });
+    it('should escape underscores', () => {
+      expect(escapeLikePattern('a_b')).toBe('a\\_b');
+    });
+    it('should escape multiple special characters', () => {
+      expect(escapeLikePattern('a%b_c\\d')).toBe('a\\%b\\_c\\\\d');
+    });
+    it('should leave normal characters unchanged', () => {
+      expect(escapeLikePattern('hello world 123')).toBe('hello world 123');
+    });
+  });
+});

package/src/__tests__/storage-display-name.test.ts ADDED Viewed

@@ -0,0 +1,37 @@
+import { describe, expect, it } from 'vitest';
+import {
+  getStorageObjectDisplayName,
+  getStoragePathSegmentDisplayName,
+  stripGeneratedStorageNamePrefix,
+} from '../storage-display-name';
+describe('storage display names', () => {
+  it('hides generated single and double UUID prefixes', () => {
+    expect(
+      stripGeneratedStorageNamePrefix(
+        'e602ce48-3fa5-4b07-8508-befb78c41819_Mine Blast WebGL.zip'
+      )
+    ).toBe('Mine Blast WebGL.zip');
+    expect(
+      stripGeneratedStorageNamePrefix(
+        'e602ce48-3fa5-4b07-8508-befb78c41819-49f380d5-b07d-4fa8-8087-6a5f63d3e5a8_Mine Blast WebGL.zip'
+      )
+    ).toBe('Mine Blast WebGL.zip');
+  });
+  it('hides generated UUID prefixes from URL-encoded path segments', () => {
+    expect(
+      getStoragePathSegmentDisplayName(
+        '9ba40a0d-8550-4ef0-8e21-ac333301ec5a-05cbb174-034d-4897-bdb4-3caea67e446b_Mine%20Blast%20WebGL'
+      )
+    ).toBe('Mine Blast WebGL');
+  });
+  it('returns a display name for storage objects', () => {
+    expect(
+      getStorageObjectDisplayName({
+        name: 'e602ce48-3fa5-4b07-8508-befb78c41819_receipt.pdf',
+      })
+    ).toBe('receipt.pdf');
+  });
+});

package/src/__tests__/storage-path.test.ts ADDED Viewed

@@ -0,0 +1,238 @@
+import { describe, expect, it } from 'vitest';
+import {
+  sanitizeFilename,
+  sanitizeFolderName,
+  sanitizePath,
+} from '../storage-path';
+describe('Storage Path Sanitization', () => {
+  describe('sanitizePath', () => {
+    it('returns empty string for empty input', () => {
+      expect(sanitizePath('')).toBe('');
+    });
+    it('handles simple paths', () => {
+      expect(sanitizePath('folder/subfolder')).toBe('folder/subfolder');
+    });
+    it('handles single segment paths', () => {
+      expect(sanitizePath('folder')).toBe('folder');
+    });
+    it('normalizes backslashes to forward slashes', () => {
+      expect(sanitizePath('folder\\subfolder')).toBe('folder/subfolder');
+      expect(sanitizePath('folder\\sub\\deep')).toBe('folder/sub/deep');
+    });
+    it('removes leading slashes', () => {
+      expect(sanitizePath('/folder/subfolder')).toBe('folder/subfolder');
+      expect(sanitizePath('///folder/subfolder')).toBe('folder/subfolder');
+    });
+    it('removes trailing slashes', () => {
+      expect(sanitizePath('folder/subfolder/')).toBe('folder/subfolder');
+      expect(sanitizePath('folder/subfolder///')).toBe('folder/subfolder');
+    });
+    it('trims whitespace', () => {
+      expect(sanitizePath('  folder/subfolder  ')).toBe('folder/subfolder');
+    });
+    it('rejects path traversal with double dots', () => {
+      expect(sanitizePath('../../../etc/passwd')).toBeNull();
+      expect(sanitizePath('folder/../other')).toBeNull();
+      expect(sanitizePath('folder/..hidden')).toBeNull();
+    });
+    it('rejects single dot segments', () => {
+      expect(sanitizePath('./folder')).toBeNull();
+      expect(sanitizePath('folder/./subfolder')).toBeNull();
+    });
+    it('rejects standalone double dots', () => {
+      expect(sanitizePath('..')).toBeNull();
+    });
+    it('rejects standalone single dot', () => {
+      expect(sanitizePath('.')).toBeNull();
+    });
+    it('handles paths with multiple consecutive slashes', () => {
+      expect(sanitizePath('folder//subfolder')).toBe('folder/subfolder');
+      expect(sanitizePath('folder///sub///deep')).toBe('folder/sub/deep');
+    });
+    it('handles mixed separators', () => {
+      expect(sanitizePath('folder\\sub/deep\\deeper')).toBe(
+        'folder/sub/deep/deeper'
+      );
+    });
+    it('handles complex valid paths', () => {
+      expect(sanitizePath('users/uploads/documents/2024')).toBe(
+        'users/uploads/documents/2024'
+      );
+    });
+    it('handles paths with underscores and hyphens', () => {
+      expect(sanitizePath('my-folder/sub_folder')).toBe('my-folder/sub_folder');
+    });
+    it('handles paths with numbers', () => {
+      expect(sanitizePath('folder1/2024/files123')).toBe(
+        'folder1/2024/files123'
+      );
+    });
+  });
+  describe('sanitizeFolderName', () => {
+    it('returns null for empty input', () => {
+      expect(sanitizeFolderName('')).toBeNull();
+    });
+    it('handles simple folder names', () => {
+      expect(sanitizeFolderName('my-folder')).toBe('my-folder');
+    });
+    it('handles folder names with underscores', () => {
+      expect(sanitizeFolderName('my_folder')).toBe('my_folder');
+    });
+    it('trims whitespace', () => {
+      expect(sanitizeFolderName('  folder  ')).toBe('folder');
+    });
+    it('strips leading slashes and returns folder name', () => {
+      expect(sanitizeFolderName('/folder')).toBe('folder');
+    });
+    it('strips trailing slashes and returns folder name', () => {
+      expect(sanitizeFolderName('folder/')).toBe('folder');
+    });
+    it('rejects folder names containing slashes', () => {
+      expect(sanitizeFolderName('folder/subfolder')).toBeNull();
+    });
+    it('rejects folder names containing backslashes', () => {
+      expect(sanitizeFolderName('folder\\subfolder')).toBeNull();
+    });
+    it('rejects double dot path traversal', () => {
+      expect(sanitizeFolderName('..')).toBeNull();
+    });
+    it('rejects single dot', () => {
+      expect(sanitizeFolderName('.')).toBeNull();
+    });
+    it('rejects folder names containing double dots', () => {
+      expect(sanitizeFolderName('folder..name')).toBeNull();
+      expect(sanitizeFolderName('..hidden')).toBeNull();
+    });
+    it('handles folder names with spaces', () => {
+      expect(sanitizeFolderName('my folder')).toBe('my folder');
+    });
+    it('handles folder names with numbers', () => {
+      expect(sanitizeFolderName('folder123')).toBe('folder123');
+      expect(sanitizeFolderName('2024')).toBe('2024');
+    });
+  });
+  describe('sanitizeFilename', () => {
+    it('returns null for empty input', () => {
+      expect(sanitizeFilename('')).toBeNull();
+    });
+    it('handles simple filenames', () => {
+      expect(sanitizeFilename('document.pdf')).toBe('document.pdf');
+    });
+    it('handles filenames without extensions', () => {
+      expect(sanitizeFilename('README')).toBe('README');
+    });
+    it('handles filenames with multiple dots', () => {
+      expect(sanitizeFilename('file.backup.txt')).toBe('file.backup.txt');
+    });
+    it('handles filenames with underscores and hyphens', () => {
+      expect(sanitizeFilename('my-file_name.txt')).toBe('my-file_name.txt');
+    });
+    it('handles filenames with spaces', () => {
+      expect(sanitizeFilename('my file.txt')).toBe('my file.txt');
+    });
+    it('handles filenames with numbers', () => {
+      expect(sanitizeFilename('file123.txt')).toBe('file123.txt');
+      expect(sanitizeFilename('2024-01-01.log')).toBe('2024-01-01.log');
+    });
+    it('rejects path traversal attempts', () => {
+      expect(sanitizeFilename('../../../etc/passwd')).toBeNull();
+      expect(sanitizeFilename('folder/file.txt')).toBeNull();
+    });
+    it('rejects backslash paths', () => {
+      expect(sanitizeFilename('folder\\file.txt')).toBeNull();
+    });
+    it('rejects control characters', () => {
+      expect(sanitizeFilename('file\x00name.txt')).toBeNull();
+      expect(sanitizeFilename('file\x1fname.txt')).toBeNull();
+    });
+    it('rejects filenames starting with space', () => {
+      expect(sanitizeFilename(' hidden.txt')).toBeNull();
+    });
+    it('rejects filenames ending with space', () => {
+      expect(sanitizeFilename('file.txt ')).toBeNull();
+    });
+    it('rejects filenames starting with dot', () => {
+      expect(sanitizeFilename('.hidden')).toBeNull();
+      expect(sanitizeFilename('.gitignore')).toBeNull();
+    });
+    it('rejects filenames ending with dot', () => {
+      expect(sanitizeFilename('file.')).toBeNull();
+    });
+    it('rejects filenames exceeding 255 characters', () => {
+      const longName = `${'a'.repeat(256)}.txt`;
+      expect(sanitizeFilename(longName)).toBeNull();
+    });
+    it('accepts filenames at exactly 255 characters', () => {
+      const maxName = `${'a'.repeat(251)}.txt`;
+      expect(sanitizeFilename(maxName)).toBe(maxName);
+    });
+    it('rejects non-ASCII characters', () => {
+      expect(sanitizeFilename('файл.txt')).toBeNull();
+      expect(sanitizeFilename('文件.txt')).toBeNull();
+      expect(sanitizeFilename('résumé.pdf')).toBeNull();
+    });
+    it('rejects special characters not in allowlist', () => {
+      expect(sanitizeFilename('file@name.txt')).toBeNull();
+      expect(sanitizeFilename('file#name.txt')).toBeNull();
+      expect(sanitizeFilename('file$name.txt')).toBeNull();
+      expect(sanitizeFilename('file%name.txt')).toBeNull();
+      expect(sanitizeFilename('file&name.txt')).toBeNull();
+      expect(sanitizeFilename('file*name.txt')).toBeNull();
+    });
+    it('handles uppercase filenames', () => {
+      expect(sanitizeFilename('DOCUMENT.PDF')).toBe('DOCUMENT.PDF');
+    });
+    it('handles mixed case filenames', () => {
+      expect(sanitizeFilename('MyDocument.Pdf')).toBe('MyDocument.Pdf');
+    });
+  });
+});