Val Town Code SearchReturn to Val Town

7 */
8
9export function sanitizeSQLString(input: string): string {
10  if (typeof input !== 'string') {
11    throw new Error("Input must be a string");
32 * Validate that a string matches expected format patterns
33 */
34export function validateFormat(input: string, pattern: RegExp): boolean {
35  return pattern.test(input);
36}
39 * Sanitize general input to prevent XSS and other attacks
40 */
41export function sanitizeInput(input: string, maxLength: number = 1000): string {
42  if (typeof input !== 'string') {
43    return '';
64 * Validate booking ID format
65 */
66export function isValidBookingId(bookingId: string): boolean {
67  return /^booking_[a-zA-Z0-9]{6,12}$/.test(bookingId);
68}
71 * Validate nonce format
72 */
73export function isValidNonce(nonce: string): boolean {
74  return /^[a-f0-9]{64}$/.test(nonce);
75}
78 * Validate UUID format
79 */
80export function isValidUUID(uuid: string): boolean {
81  return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(uuid);
82}
85 * Validate decimal amount format
86 */
87export function isValidAmount(amount: string): boolean {
88  return /^\d+(\.\d{2})?$/.test(amount);
89}
92 * Validate timestamp format (ISO without timezone)
93 */
94export function isValidTimestamp(timestamp: string): boolean {
95  return /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}$/.test(timestamp);
96}

129  static generateMerchantUniquePaymentId(): string {
130    // Generate a UUID v4
131    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
132      const r = Math.random() * 16 | 0;
133      const v = c === 'x' ? r : (r & 0x3 | 0x8);

2import { environment } from "../config/environment.ts";
3
4export async function securityMiddleware(request: Request): Promise<Response | null> {
5  const url = new URL(request.url);
6  const ip = request.headers.get("cf-connecting-ip") || 

31const rateLimitCache = new Map<string, { count: number; resetTime: number }>();
32
33export async function rateLimitMiddleware(request: Request): Promise<Response | null> {
34  const url = new URL(request.url);
35  const endpoint = url.pathname;
100}
101
102function cleanupRateLimitCache(): void {
103  const now = Date.now();
104  const cutoff = now - (60 * 60 * 1000); // 1 hour ago

6const ALLOWED_HEADERS = ["Content-Type", "X-Payment-Nonce", "Authorization"];
7
8export async function corsMiddleware(request: Request): Promise<Response | null> {
9  const origin = request.headers.get("origin");
10  const method = request.method;
49}
50
51export function addCorsHeaders(response: Response, origin?: string): Response {
52  const headers = new Headers(response.headers);
53  

293    <script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@5.11.0/swagger-ui-standalone-preset.js"></script>
294    <script>
295        window.onload = function() {
296            const ui = SwaggerUIBundle({
297                url: '/openapi.yaml',
307                layout: "StandaloneLayout",
308                tryItOutEnabled: true,
309                requestInterceptor: function(request) {
310                    request.headers['X-Requested-With'] = 'SwaggerUI';
311                    return request;
312                },
313                responseInterceptor: function(response) {
314                    console.log('API Response:', response);
315                    return response;
326            });
327            
328            setTimeout(function() {
329                document.querySelectorAll('.opblock-summary-description').forEach(function(elem) {
330                    const text = elem.textContent;
331                    if (text && text.includes('nonce')) {

3// This file currently runs on https://val.town infrastructure which has limitations.
4
5export default async function(_req: Request) {
6  return new Response(
7        `
110        const randomName = randomNames[Math.floor(Math.random() * randomNames.length)];
111
112        function generateGUID() {
113          return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) {
114                const r = Math.random() * 16 | 0, v = c === 'x' ? r : (r & 0x3 | 0x8);
115                return v.toString(16);
117        }
118
119        function getTimestamp() {
120          return new Date().toISOString().slice(0, 19);
121        }
211        };
212
213        function RenderZenPayResult({ zpResult }) {
214          if (!zpResult) return null;
215          try {
242
243        // Modern iframe modal component
244        function PaymentIframeModal({ url, onClose }) {
245          const [isLoading, setIsLoading] = useState(true);
246
290        }
291
292        function useScriptOrdered(scripts) {
293          const [ready, setReady] = useState(false);
294          useEffect(() => {
297                  for (let i = 0; i < scripts.length; ++i) {
298                        const { src, globalCheck } = scripts[i];
299                        if (typeof globalCheck === 'function' && globalCheck()) continue;
300                        if (typeof globalCheck === 'string' && window[globalCheck]) continue;
301                        await new Promise((resolve, reject) => {
316        }
317
318        function useCSS(href) {
319          useEffect(() => {
320                if (!document.querySelector(\`link[href='\${href}']\`)) {
327        }
328
329        function TravelCheckoutFlow() {
330          // === Payment Variables ===
331          // Enhanced security: Use demo booking for testing

40- **Security Model**: Multi-layered protection mechanisms
41- **API Reference**: Complete endpoint documentation with examples
42- **Frontend Integration**: Required client-side functions and flow examples
43- **File Structure**: Purpose of each component in the system
44

352## Frontend Integration Requirements
353
354### Required Client-Side Functions
355
356```javascript
357// 1. UUID Generation for Payment IDs
358function generateUUID() {
359  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
360    var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
361    return v.toString(16);
364
365// 2. Timestamp Generation (ISO format without timezone)
366function getCurrentTimestamp() {
367  return new Date().toISOString().slice(0, 19); // "2025-07-04T05:15:00"
368}
369
370// 3. Error Handling for Payment Failures
371function handlePaymentError() {
372  // Must refresh page or call refresh endpoint
373  // Cannot reuse burned nonces

50// --- HTML & FRONTEND ---
51
52function generateHtml(sourceUrl: string) {
53  return `<!DOCTYPE html>
54<html lang="en">
86  /* Animations */
87  @keyframes pulse { 0%, 100% { transform: scale(1); } 50% { transform: scale(1.1); } }
88  .pulse { animation-name: pulse; animation-timing-function: ease-in-out; animation-iteration-count: infinite; }
89  @keyframes shake { 0%, 100% { transform: translateX(0); } 10%, 30%, 50%, 70%, 90% { transform: translateX(-10px); } 20%, 40%, 60%, 80% { transform: translateX(10px); } }
90  .shake { animation-name: shake; animation-timing-function: ease-in-out; }
91  @keyframes swoop-in { from { opacity: 0; transform: translateY(50px) scale(0.5); } to { opacity: 1; transform: translateY(0) scale(1); } }
92  .swoop-in { animation-name: swoop-in; animation-timing-function: ease-out; }
93  @keyframes glow { 0%, 100% { text-shadow: 0 0 20px #ffc400; } 50% { text-shadow: 0 0 35px #fff, 0 0 50px #f09; } }
94  .glow { animation-name: glow; animation-timing-function: ease-in-out; animation-iteration-count: infinite; }
95  
96  /* Control Panel */
141
142<script>
143  (function() {
144    const API_ENDPOINT = '${sourceUrl}api';
145    const form = document.getElementById('ai-form');
193    });
194
195    function applyUpdates(data) {
196      if (!data.updates || !Array.isArray(data.updates)) {
197        reasoningEl.textContent = 'AI returned an invalid response structure.';