1// Shared validation helpers for input sanitization
 2
 3import {
 4  BUNDLE_DOWNLOAD_PROVIDERS,
 5  DOWNLOAD_PROVIDERS,
 6  FILE_DOWNLOAD_PROVIDERS,
 7} from '../../lib/download-providers.js';
 8
 9// Only allow alphanumeric, hyphens, and underscores in IDs
10export const VALID_ID = /^[a-zA-Z0-9_-]+$/;
11
12export const ALLOWED_PROVIDERS = DOWNLOAD_PROVIDERS;
13export const ALLOWED_FILE_PROVIDERS = FILE_DOWNLOAD_PROVIDERS;
14export const ALLOWED_BUNDLE_PROVIDERS = BUNDLE_DOWNLOAD_PROVIDERS;
15export const ALLOWED_TYPES = ['skill', 'command'];
16
17export function isValidId(id) {
18  return typeof id === 'string' && VALID_ID.test(id);
19}
20
21export function isAllowedProvider(provider) {
22  return ALLOWED_PROVIDERS.includes(provider);
23}
24
25export function isAllowedFileProvider(provider) {
26  return ALLOWED_FILE_PROVIDERS.includes(provider);
27}
28
29export function isAllowedBundleProvider(provider) {
30  return ALLOWED_BUNDLE_PROVIDERS.includes(provider);
31}
32
33export function isAllowedType(type) {
34  return ALLOWED_TYPES.includes(type);
35}
36
37// Sanitize a filename for use in Content-Disposition headers
38export function sanitizeFilename(filename) {
39  return filename.replace(/[^a-zA-Z0-9._-]/g, '');
40}