@mifistix-cloud/shared

v2.0.10

Published

Shared utilities for Mifistix Cloud modules - Common validation, error handling, and security functions

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

vlado_bossowvlado_bossow

Keywords

mifistixcloudsharedsdk

Readme

@mifistix-cloud/shared

Shared utilities for Mifistix Cloud modules - Common validation, error handling, and security functions.

License

This module is licensed for internal use within Mifistix only. See LICENSE for details.

Overview

This module provides shared functionality used across all Mifistix Cloud modules:

  • Input validation
  • Error handling
  • Security utilities

Installation

This module is automatically required by other modules. No direct installation needed.

Modules

Validators (validators/inputValidator.js)

Input validation utilities for security.

Functions

validateRequired(value, fieldName)

  • Validates value is not null or undefined
  • Throws ValidationError if validation fails

validateNonEmptyString(value, fieldName)

  • Validates value is a non-empty string
  • Throws ValidationError if validation fails

validateEmail(email)

  • Validates email format
  • Throws ValidationError if invalid

validatePassword(password)

  • Validates password strength (min 6 characters)
  • Throws ValidationError if invalid

validateProjectId(projectId)

  • Validates project ID format (max 128 characters)
  • Throws ValidationError if invalid

validateApiKey(apiKey)

  • Validates API key format (min 10 characters)
  • Throws ValidationError if invalid

validatePath(path)

  • Validates file/database path
  • Prevents path traversal attacks (.., ~)
  • Throws ValidationError if invalid

validateObject(obj, schema)

  • Validates object structure against schema
  • Throws ValidationError if validation fails

sanitizeString(input)

  • Sanitizes string input by trimming

validateAppConfig(config)

  • Validates app configuration object
  • Validates apiKey and projectId

Usage

const { validateRequired, validateEmail, validatePassword } = require('@mifistix-cloud/shared/validators/inputValidator');

validateRequired(value, 'fieldName');
validateEmail('[email protected]');
validatePassword('password123');

Error Handler (utils/errorHandler.js)

Custom error classes and error handling utilities.

Error Classes

ValidationError

  • Thrown when input validation fails
  • Contains field property for the invalid field

AuthenticationError

  • Thrown for authentication/authorization failures
  • HTTP status codes: 401, 403

NetworkError

  • Thrown for network-related errors

PermissionError

  • Thrown for permission/authorization errors
  • HTTP status code: 403

MifistixError

  • Base error class for all Mifistix errors
  • Contains code and details properties

Functions

handleApiResponse(response)

  • Handles API response errors
  • Maps HTTP status to error types
  • Throws appropriate error class

withErrorHandling(fn, options)

  • Wraps async function with error handling
  • Logs errors if enabled
  • Re-throws as MifistixError

Usage

const { ValidationError, AuthenticationError, handleApiResponse } = require('@mifistix-cloud/shared/utils/errorHandler');

try {
  await handleApiResponse(response);
} catch (error) {
  if (error instanceof AuthenticationError) {
    console.error('Auth failed:', error.message);
  }
}

Security (utils/security.js)

Security utilities for data protection.

Functions

maskSensitiveData(data, visibleChars?)

  • Masks sensitive data for logging
  • Default shows 4 characters
  • Returns masked string (e.g., 'mfst***')

isSecureUrl(url, allowLocalhost?)

  • Validates URL uses HTTPS (in production)
  • Allows localhost for development
  • Returns boolean

isTrustedOrigin(origin, trustedOrigins)

  • Checks if request origin is trusted
  • Returns boolean

RateLimiter(maxRequests, windowMs)

  • Rate limiter implementation
  • isAllowed(key) - Check if request allowed
  • reset(key) - Reset rate limit for key

sanitizeForLogging(obj, sensitiveFields)

  • Sanitizes object for logging
  • Masks sensitive fields (password, apiKey, token, secret)
  • Returns sanitized object

Usage

const { maskSensitiveData, RateLimiter } = require('@mifistix-cloud/shared/utils/security');

const masked = maskSensitiveData('mfstx-secret-key-123', 4);
console.log(masked); // 'mfst***'

const limiter = new RateLimiter(100, 60000); // 100 requests per minute
if (limiter.isAllowed('user-123')) {
  // Process request
}

Architecture

shared/
├── validators/
│   └── inputValidator.js      # Input validation utilities
├── utils/
│   ├── errorHandler.js        # Error handling
│   └── security.js           # Security utilities

Security Features

  • Input Validation: All inputs validated before processing
  • Path Traversal Protection: Prevents ../ attacks in paths
  • Data Masking: Sensitive data masked in logs
  • Rate Limiting: Built-in rate limiter for API protection
  • URL Security: HTTPS validation for production

License

MIT