refactor: remove dead code, unused exports and redundant dependencies

- drop dotenv (Node 24 process.loadEnvFile) and dompurify (only used by dead code)
- delete unused ui components/hooks (card, progress, checkbox, use-confirm, use-prompt)
- delete dead sanitizeHtml/sanitizeCss, url-security helpers, patch-resume tool,
  schema/page, createResumePatches, patch-proposal preview builder, fonts fallback helpers
- inline single-caller wrappers (flags service, auth getSession, pdf renderer passthrough)
- deduplicate template color helpers into shared/color-helpers
- unexport 50+ internal-only symbols, remove dead export-map entries
- replace hand-rolled unique()/useIsMobile with Set spread and usehooks-ts
This commit is contained in:
Amruth Pillai
2026-07-03 20:03:50 +02:00
parent 2a80e6a1df
commit a4999c04af
107 changed files with 1222 additions and 3894 deletions
-25
View File
@@ -180,31 +180,6 @@ export function parseUrl(input: string) {
}
}
export function parseAllowedHostList(value?: string) {
if (!value) return new Set<string>();
const hosts = value
.split(",")
.map((entry) => entry.trim().toLowerCase())
.filter(Boolean);
return new Set(hosts);
}
export function isAllowedExternalUrl(input: string, allowedHosts: Set<string>) {
const parsed = parseUrl(input);
if (!parsed) return false;
if (parsed.protocol !== "https:") return false;
if (parsed.username || parsed.password) return false;
if (isPrivateOrLoopbackHost(parsed.hostname)) return false;
const hostname = normalizeHostname(parsed.hostname);
if (allowedHosts.has(hostname)) return true;
const origin = parsed.origin.toLowerCase();
return allowedHosts.has(origin);
}
type OAuthRedirectUriOptions = {
allowUnsafe?: boolean;
};