@umituz/react-native-ai-generation-content 1.70.2 → 1.70.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@umituz/react-native-ai-generation-content",
-  "version": "1.70.2",
+  "version": "1.70.4",
   "description": "Provider-agnostic AI generation orchestration for React Native with result preview components",
   "main": "src/index.ts",
   "types": "src/index.ts",

package/src/domains/generation/wizard/presentation/screens/TextInputScreen.tsx

@@ -104,7 +104,7 @@ export const TextInputScreen: React.FC<TextInputScreenProps> = ({
             </AtomicText>
             {examplePrompts.slice(0, 4).map((example, index) => (
               <AtomicButton
-                key={index}
+                key={`${example}-${index}`}
                 variant="outline"
                 size="sm"
                 onPress={() => handleExampleSelect(example)}

package/src/domains/image-to-video/presentation/components/ImageSelectionGrid.tsx

@@ -54,7 +54,7 @@ export const ImageSelectionGrid: React.FC<ImageSelectionGridProps> = ({
       >
         {images.map((uri, index) => (
           <GridImageItem
-            key={index}
+            key={uri}
             styles={styles}
             uri={uri}
             index={index}

package/src/domains/text-to-video/presentation/hooks/useTextToVideoForm.ts

@@ -30,7 +30,7 @@ export interface UseTextToVideoFormReturn {
   setSoundEnabled: (enabled: boolean) => void;
   setProfessionalMode: (enabled: boolean) => void;
   setFrames: (frames: FrameData[]) => void;
-  handleFrameChange: (index: number) => void;
+  handleFrameChange: (fromIndex: number, toIndex: number) => void;
   handleFrameDelete: (index: number) => void;
   selectExamplePrompt: (prompt: string) => void;
   reset: () => void;
@@ -88,19 +88,38 @@ export function useTextToVideoForm(
     setState((prev) => ({ ...prev, professionalMode }));
   }, []);
 
-  const handleFrameChange = useCallback((index: number) => {
-    if (__DEV__) {
-       
-      console.log("[TextToVideoForm] Frame change requested:", index);
-    }
-  }, []);
+  const handleFrameChange = useCallback(
+    (fromIndex: number, toIndex: number) => {
+      if (fromIndex < 0 || fromIndex >= frames.length || toIndex < 0 || toIndex >= frames.length) {
+        if (__DEV__) {
+          console.warn("[TextToVideoForm] Invalid frame indices:", { fromIndex, toIndex, length: frames.length });
+        }
+        return;
+      }
+
+      if (fromIndex === toIndex) return;
+
+      setFrames((prevFrames) => {
+        const newFrames = [...prevFrames];
+        const [movedFrame] = newFrames.splice(fromIndex, 1);
+        newFrames.splice(toIndex, 0, movedFrame);
+        return newFrames;
+      });
+    },
+    [frames.length],
+  );
 
   const handleFrameDelete = useCallback(
     (index: number) => {
-      const newFrames = frames.filter((f) => f.order !== index);
-      setFrames(newFrames);
+      if (index < 0 || index >= frames.length) {
+        if (__DEV__) {
+          console.warn("[TextToVideoForm] Invalid frame index:", index);
+        }
+        return;
+      }
+      setFrames((prevFrames) => prevFrames.filter((_, i) => i !== index));
     },
-    [frames],
+    [frames.length],
   );
 
   const selectExamplePrompt = useCallback(

package/src/infrastructure/http/http-response-parser.ts

@@ -7,15 +7,27 @@ import { HTTP_CONTENT_TYPE } from "./http-methods.constants";
 
 /**
  * Parses response based on content type
+ * Note: Type T is not validated at runtime - caller must ensure type safety
  */
 export async function parseResponse<T>(response: Response): Promise<T> {
   const contentType = response.headers.get("content-type");
 
   if (contentType?.includes(HTTP_CONTENT_TYPE.JSON)) {
-    return response.json();
+    try {
+      return await response.json();
+    } catch (error) {
+      throw new Error(`Failed to parse JSON response: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
   }
 
-  return response.text() as T;
+  // For non-JSON responses, return text
+  // WARNING: Type T is not validated - caller is responsible for type safety
+  try {
+    const text = await response.text();
+    return text as T;
+  } catch (error) {
+    throw new Error(`Failed to parse text response: ${error instanceof Error ? error.message : 'Unknown error'}`);
+  }
 }
 
 /**

package/src/infrastructure/services/generation-orchestrator.service.ts

@@ -45,9 +45,9 @@ class GenerationOrchestratorService {
 
     if (typeof __DEV__ !== "undefined" && __DEV__) {
       console.log("[Orchestrator] Generate started:", {
-        model: request.model,
-        capability: request.capability,
-        provider: provider.providerId,
+        hasModel: !!request.model,
+        hasCapability: !!request.capability,
+        timestamp: new Date().toISOString(),
       });
     }
 
@@ -56,8 +56,8 @@ class GenerationOrchestratorService {
 
       if (typeof __DEV__ !== "undefined" && __DEV__) {
         console.log("[Orchestrator] Job submitted:", {
-          requestId: submission.requestId,
-          provider: provider.providerId,
+          hasRequestId: !!submission.requestId,
+          timestamp: new Date().toISOString(),
         });
       }
 
@@ -91,9 +91,9 @@ class GenerationOrchestratorService {
 
       if (typeof __DEV__ !== "undefined" && __DEV__) {
         console.log("[Orchestrator] Generate completed:", {
-          requestId: submission.requestId,
           duration: `${duration}ms`,
           success: true,
+          timestamp: new Date().toISOString(),
         });
       }
 

package/src/infrastructure/services/image-feature-executor.service.ts

@@ -6,6 +6,7 @@
 
 import { extractErrorMessage, validateProvider, prepareImageInputData } from "../utils";
 import { extractImageResult } from "../utils/url-extractor";
+import { validateURL } from "../validation/base-validator";
 import type { ImageResultExtractor } from "../utils/url-extractor";
 import type { ImageFeatureType } from "../../domain/interfaces";
 
@@ -62,6 +63,15 @@ export async function executeImageFeature(
       return { success: false, error: "No image in response" };
     }
 
+    // Validate the extracted URL for security (prevent SSRF, invalid protocols, etc.)
+    const urlValidation = validateURL(imageUrl);
+    if (!urlValidation.isValid) {
+      return {
+        success: false,
+        error: `Invalid image URL received: ${urlValidation.errors.join(", ")}`
+      };
+    }
+
     return {
       success: true,
       imageUrl,

package/src/infrastructure/services/multi-image-generation.executor.ts

@@ -6,6 +6,7 @@
 
 import { validateProvider } from "../utils/provider-validator.util";
 import { formatBase64 } from "../utils/base64.util";
+import { validateURL } from "../validation/base-validator";
 import { env } from "../config/env.config";
 
 declare const __DEV__: boolean;
@@ -59,7 +60,9 @@ export async function executeMultiImageGeneration(
     if (typeof __DEV__ !== "undefined" && __DEV__) {
       console.log("[MultiImageExecutor] Generation started", {
         imageCount: imageUrls.length,
-        model: input.model,
+        hasModel: !!input.model,
+        hasPrompt: !!input.prompt,
+        timestamp: new Date().toISOString(),
       });
     }
 
@@ -77,12 +80,31 @@ export async function executeMultiImageGeneration(
     });
 
     const rawResult = result as Record<string, unknown>;
-    const data = (rawResult?.data ?? rawResult) as { images?: Array<{ url: string }> };
-    const imageUrl = data?.images?.[0]?.url;
+    const data = rawResult?.data ?? rawResult;
 
-    return imageUrl
-      ? { success: true, imageUrl }
-      : { success: false, error: "No image generated" };
+    // Type-safe extraction of image URL
+    if (data && typeof data === "object" && "images" in data) {
+      const images = (data as { images?: unknown }).images;
+      if (Array.isArray(images) && images.length > 0) {
+        const firstImage = images[0];
+        if (firstImage && typeof firstImage === "object" && "url" in firstImage) {
+          const imageUrl = (firstImage as { url?: unknown }).url;
+          if (typeof imageUrl === "string" && imageUrl.length > 0) {
+            // Validate URL for security
+            const urlValidation = validateURL(imageUrl);
+            if (!urlValidation.isValid) {
+              return {
+                success: false,
+                error: `Invalid image URL received: ${urlValidation.errors.join(", ")}`
+              };
+            }
+            return { success: true, imageUrl };
+          }
+        }
+      }
+    }
+
+    return { success: false, error: "No image generated" };
   } catch (error) {
     const message = error instanceof Error ? error.message : "Generation failed";
     if (typeof __DEV__ !== "undefined" && __DEV__) {

package/src/infrastructure/services/video-feature-executor.service.ts

@@ -6,6 +6,7 @@
 
 import { extractErrorMessage, validateProvider, prepareVideoInputData } from "../utils";
 import { extractVideoResult } from "../utils/url-extractor";
+import { validateURL } from "../validation/base-validator";
 import { DEFAULT_MAX_POLL_TIME_MS } from "../constants";
 import type { VideoFeatureType } from "../../domain/interfaces";
 import type { ExecuteVideoFeatureOptions, VideoFeatureResult, VideoFeatureRequest } from "./video-feature-executor.types";
@@ -48,6 +49,15 @@ export async function executeVideoFeature(
       return { success: false, error: "No video in response" };
     }
 
+    // Validate URL for security (prevent SSRF, invalid protocols, etc.)
+    const urlValidation = validateURL(videoUrl);
+    if (!urlValidation.isValid) {
+      return {
+        success: false,
+        error: `Invalid video URL received: ${urlValidation.errors.join(", ")}`
+      };
+    }
+
     return {
       success: true,
       videoUrl,

package/src/infrastructure/utils/error-extractors.ts

@@ -4,20 +4,21 @@
 
 /**
  * Safely extracts error message from unknown error type
+ * @param error - The error to extract message from
+ * @param prefix - Optional prefix to prepend to error message
+ * @returns The extracted error message with optional prefix
  */
-export function getErrorMessage(error: unknown): string {
-  if (error instanceof Error) {
-    return error.message;
-  }
+export function getErrorMessage(error: unknown, prefix?: string): string {
+  let message = "An unknown error occurred";
 
-  if (typeof error === "string") {
-    return error;
-  }
-
-  if (error && typeof error === "object" && "message" in error) {
-    return String(error.message);
+  if (error instanceof Error) {
+    message = error.message;
+  } else if (typeof error === "string") {
+    message = error;
+  } else if (error && typeof error === "object" && "message" in error) {
+    message = String(error.message);
   }
 
-  return "An unknown error occurred";
+  return prefix ? `${prefix}: ${message}` : message;
 }
 

package/src/infrastructure/utils/error-handlers.ts

@@ -4,6 +4,27 @@
 
 import { getErrorMessage } from "./error-extractors";
 
+/**
+ * Sanitizes error message to prevent information disclosure
+ * Removes sensitive data like file paths, API keys, stack traces
+ */
+function sanitizeErrorMessage(message: string): string {
+  if (!message) return "An error occurred";
+
+  // Remove file paths (Unix and Windows style)
+  let sanitized = message.replace(/\/[\w\/\-.]+/g, "[PATH]");
+  sanitized = sanitized.replace(/[A-Z]:\\[\w\\\-.]+/g, "[PATH]");
+
+  // Remove potential API keys or tokens (common patterns)
+  sanitized = sanitized.replace(/[a-z0-9]{32,}/gi, "[TOKEN]");
+
+  // Remove stack trace lines
+  sanitized = sanitized.split("\n")[0];
+
+  // Limit length
+  return sanitized.slice(0, 500);
+}
+
 /**
  * Wraps an async function with error handling
  */
@@ -15,9 +36,19 @@ export async function withErrorHandling<T>(
     const data = await operation();
     return { data };
   } catch (error) {
-    const appError = error instanceof Error ? error : new Error(getErrorMessage(error));
+    const errorMessage = getErrorMessage(error);
+    const sanitizedMessage = sanitizeErrorMessage(errorMessage);
+    const appError = new Error(sanitizedMessage);
+
+    // In production, don't expose original error details
+    if (typeof __DEV__ !== "undefined" && __DEV__) {
+      console.error("[withErrorHandling] Original error:", error);
+    }
+
     onError?.(appError);
     return { error: appError };
   }
 }
 
+declare const __DEV__: boolean;
+

package/src/infrastructure/utils/feature-utils.ts

@@ -5,6 +5,7 @@
 
 import { readFileAsBase64 } from "@umituz/react-native-design-system";
 import { getAuthService, getCreditService, getPaywallService, isAppServicesConfigured } from "../config/app-services.config";
+import { env } from "../config/env.config";
 
 declare const __DEV__: boolean;
 
@@ -37,6 +38,15 @@ export async function prepareImage(uri: string): Promise<string> {
       throw new Error("[prepareImage] Failed to convert image to base64");
     }
 
+    // Validate base64 size to prevent memory exhaustion
+    const maxSizeBytes = env.validationMaxBase64SizeMb * 1024 * 1024;
+    if (base64.length > maxSizeBytes) {
+      throw new Error(
+        `[prepareImage] Image exceeds maximum size of ${env.validationMaxBase64SizeMb}MB. ` +
+        `Current size: ${(base64.length / (1024 * 1024)).toFixed(2)}MB`
+      );
+    }
+
     return base64;
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);

package/src/infrastructure/utils/url-extractor/base-extractor.ts

@@ -41,8 +41,11 @@ export function extractOutputUrl(
   const topMedia =
     (resultObj.image as Record<string, unknown>) ||
     (resultObj.video as Record<string, unknown>);
-  if (topMedia && typeof topMedia === "object" && typeof topMedia.url === "string") {
-    return topMedia.url;
+  if (topMedia && typeof topMedia === "object") {
+    const url = topMedia.url;
+    if (typeof url === "string" && url.length > 0) {
+      return url;
+    }
   }
 
   // Check nested data/output objects

package/src/infrastructure/validation/ai-validator.ts

@@ -29,21 +29,35 @@ export function validateImageData(input: unknown): ValidationResult {
     return { isValid: false, errors: ["Image data must be a string"] };
   }
 
-  if (input.startsWith("http://") || input.startsWith("https://")) {
-    return validateURL(input);
+  const trimmed = input.trim();
+
+  // Validate HTTP/HTTPS URLs
+  if (trimmed.startsWith("http://") || trimmed.startsWith("https://")) {
+    return validateURL(trimmed);
   }
 
-  if (input.startsWith("data:image/")) {
-    const base64Part = input.split(",")[1];
-    if (!base64Part) {
+  // Validate data URI format
+  if (trimmed.startsWith("data:image/")) {
+    const parts = trimmed.split(",");
+    if (parts.length !== 2) {
       return { isValid: false, errors: ["Invalid data URI format"] };
     }
+    const base64Part = parts[1];
+    if (!base64Part || base64Part.length === 0) {
+      return { isValid: false, errors: ["Invalid data URI: missing base64 data"] };
+    }
     return validateBase64(base64Part);
   }
 
+  // Validate standalone base64 string (fallback)
+  const base64Result = validateBase64(trimmed);
+  if (base64Result.isValid) {
+    return base64Result;
+  }
+
   return {
     isValid: false,
-    errors: ["Image data must be a URL or base64 data URI"],
+    errors: ["Image data must be a URL, base64 data URI, or valid base64 string"],
   };
 }
 

package/src/infrastructure/validation/sanitizer.ts

@@ -11,17 +11,30 @@ export function sanitizeString(input: unknown): string {
     return "";
   }
 
-  return input
-    .trim()
+  let sanitized = input.trim();
+
+  // Remove dangerous HTML tags and protocols
+  sanitized = sanitized
     .replace(/[<>]/g, "")
     .replace(/javascript:/gi, "")
-    .replace(/data:/gi, "")
+    .replace(/data:(?!image\/)/gi, "") // Allow data:image/ for valid use cases
     .replace(/vbscript:/gi, "")
-    .replace(/on\w+\s*=/gi, "")
+    .replace(/file:/gi, "")
+    .replace(/on\w+\s*=/gi, "");
+
+  // Remove SQL injection patterns
+  sanitized = sanitized
     .replace(/--/g, "")
     .replace(/;\s*drop\s+/gi, "")
-    .replace(/['"\\]/g, "")
-    .slice(0, 10000);
+    .replace(/;\s*delete\s+/gi, "")
+    .replace(/;\s*insert\s+/gi, "")
+    .replace(/;\s*update\s+/gi, "");
+
+  // Remove Unicode escape sequences that could bypass filters
+  sanitized = sanitized.replace(/\\u[\da-fA-F]{4}/g, "");
+
+  // Limit length to prevent DoS
+  return sanitized.slice(0, 10000);
 }
 
 /**

package/src/presentation/components/AIGenerationConfig.tsx

@@ -36,7 +36,7 @@ export const AIGenerationConfig: React.FC<AIGenerationConfigProps> = ({
       {images.length > 0 && (
         <View style={styles.imagePreviewContainer}>
           {images.map((img, index) => (
-            <View key={index} style={styles.imageWrapper}>
+            <View key={img.uri || `image-${index}`} style={styles.imageWrapper}>
               <Image
                 source={{ uri: img.previewUrl || img.uri }}
                 style={styles.previewImage}

package/src/presentation/components/selectors/GridSelector.tsx

@@ -52,7 +52,7 @@ export function GridSelector<T>({
           const isSelected = selectedValue === option.value;
           return (
             <TouchableOpacity
-              key={index}
+              key={`${option.label}-${index}`}
               style={[
                 styles.card,
                 {

package/src/presentation/hooks/generation/moderation-handler.ts

@@ -52,10 +52,9 @@ export async function handleModeration<TInput, TResult>(
           isGeneratingRef.current = false;
           if (isMountedRef.current) resetState();
         },
-        async () => {
-          try {
-            await executeGeneration(input);
-          } catch (err) {
+        () => {
+          // Return the promise to allow proper error handling chain
+          return executeGeneration(input).catch((err) => {
             const error = parseError(err);
             if (isMountedRef.current) {
               setState({ status: "error", isGenerating: false, result: null, error });
@@ -63,9 +62,10 @@ export async function handleModeration<TInput, TResult>(
             showError("Error", getAlertMessage(error, alertMessages));
             onError?.(error);
             handleLifecycleComplete("error", undefined, error);
-          } finally {
+            throw error; // Re-throw to allow caller to handle
+          }).finally(() => {
             isGeneratingRef.current = false;
-          }
+          });
         },
       );
       return undefined;