@brightchain/brightchain-api-lib 0.12.0 → 0.13.0

package/src/lib/interfaces/responses/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../brightchain-api-lib/src/lib/interfaces/responses/index.ts"],"names":[],"mappings":";;;AAAA,sEAA4C;AAC5C,mEAAyC;AACzC,oEAA0C;AAC1C,+DAAqC;AACrC,kEAAwC;AACxC,sEAA4C;AAC5C,sEAA4C"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../brightchain-api-lib/src/lib/interfaces/responses/index.ts"],"names":[],"mappings":""}

package/src/lib/middlewares/authentication.d.ts

@@ -0,0 +1,133 @@
+import { MemberType } from '@digitaldefiance/ecies-lib';
+import { NextFunction, Request, Response } from 'express';
+/**
+ * Member context attached to the request after successful authentication.
+ * Contains the decoded JWT payload with member information.
+ * @requirements 8.3
+ */
+export interface IMemberContext {
+    memberId: string;
+    username: string;
+    type: MemberType;
+    roles?: string[];
+    iat: number;
+    exp: number;
+}
+/**
+ * Extended request interface with member context.
+ */
+export interface IAuthenticatedRequest extends Request {
+    memberContext?: IMemberContext;
+}
+/**
+ * Configuration options for the JWT authentication middleware.
+ */
+export interface IJwtAuthConfig {
+    /** JWT secret for token verification */
+    jwtSecret: string;
+    /** Whether to allow requests without tokens (for optional auth) */
+    optional?: boolean;
+}
+/**
+ * Configuration options for role-based access control middleware.
+ */
+export interface IRoleConfig {
+    /** Required roles (user must have at least one) */
+    requiredRoles?: string[];
+    /** Required member types (user must have at least one) */
+    requiredTypes?: MemberType[];
+    /** Whether all roles are required (AND) vs any role (OR) */
+    requireAll?: boolean;
+}
+/**
+ * Extract the JWT token from the Authorization header.
+ * Supports Bearer token format.
+ *
+ * @param req - Express request object
+ * @returns The extracted token or null if not found
+ */
+export declare function extractToken(req: Request): string | null;
+/**
+ * Create a JWT authentication middleware with the given configuration.
+ * This middleware validates JWT tokens and attaches member context to the request.
+ *
+ * @param config - JWT authentication configuration
+ * @returns Express middleware function
+ * @requirements 8.1, 8.2, 8.3
+ */
+export declare function createJwtAuthMiddleware(config: IJwtAuthConfig): (req: IAuthenticatedRequest, res: Response, next: NextFunction) => void;
+/**
+ * Create a role-based access control middleware.
+ * This middleware checks if the authenticated user has the required roles or member types.
+ *
+ * @param config - Role configuration
+ * @returns Express middleware function
+ * @requirements 8.4
+ */
+export declare function createRoleMiddleware(config: IRoleConfig): (req: IAuthenticatedRequest, res: Response, next: NextFunction) => void;
+/**
+ * Convenience function to create a middleware that requires authentication.
+ * This is a shorthand for createJwtAuthMiddleware with optional=false.
+ *
+ * @param jwtSecret - JWT secret for token verification
+ * @returns Express middleware function
+ * @requirements 8.1, 8.2, 8.3
+ */
+export declare function requireAuth(jwtSecret: string): (req: IAuthenticatedRequest, res: Response, next: NextFunction) => void;
+/**
+ * Convenience function to create a middleware that optionally authenticates.
+ * If a token is present, it will be validated and member context attached.
+ * If no token is present, the request continues without member context.
+ *
+ * @param jwtSecret - JWT secret for token verification
+ * @returns Express middleware function
+ */
+export declare function optionalAuth(jwtSecret: string): (req: IAuthenticatedRequest, res: Response, next: NextFunction) => void;
+/**
+ * Convenience function to create a middleware that requires specific roles.
+ * Must be used after authentication middleware.
+ *
+ * @param roles - Required roles (user must have at least one)
+ * @returns Express middleware function
+ * @requirements 8.4
+ */
+export declare function requireRoles(...roles: string[]): (req: IAuthenticatedRequest, res: Response, next: NextFunction) => void;
+/**
+ * Convenience function to create a middleware that requires all specified roles.
+ * Must be used after authentication middleware.
+ *
+ * @param roles - Required roles (user must have all)
+ * @returns Express middleware function
+ * @requirements 8.4
+ */
+export declare function requireAllRoles(...roles: string[]): (req: IAuthenticatedRequest, res: Response, next: NextFunction) => void;
+/**
+ * Convenience function to create a middleware that requires specific member types.
+ * Must be used after authentication middleware.
+ *
+ * @param types - Required member types (user must have at least one)
+ * @returns Express middleware function
+ * @requirements 8.4
+ */
+export declare function requireMemberTypes(...types: MemberType[]): (req: IAuthenticatedRequest, res: Response, next: NextFunction) => void;
+/**
+ * Combined middleware that requires authentication and specific roles.
+ * This is a convenience function that combines requireAuth and requireRoles.
+ *
+ * @param jwtSecret - JWT secret for token verification
+ * @param roles - Required roles (user must have at least one)
+ * @returns Array of Express middleware functions
+ * @requirements 8.1, 8.2, 8.3, 8.4
+ */
+export declare function requireAuthWithRoles(jwtSecret: string, ...roles: string[]): ((req: IAuthenticatedRequest, res: Response, next: NextFunction) => void)[];
+/**
+ * Combined middleware that requires authentication and specific member types.
+ * This is a convenience function that combines requireAuth and requireMemberTypes.
+ *
+ * @param jwtSecret - JWT secret for token verification
+ * @param types - Required member types (user must have at least one)
+ * @returns Array of Express middleware functions
+ * @requirements 8.1, 8.2, 8.3, 8.4
+ */
+export declare function requireAuthWithMemberTypes(jwtSecret: string, ...types: MemberType[]): ((req: IAuthenticatedRequest, res: Response, next: NextFunction) => void)[];
+//# sourceMappingURL=authentication.d.ts.map

package/src/lib/middlewares/authentication.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/middlewares/authentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAS1D;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,UAAU,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,qBAAsB,SAAQ,OAAO;IACpD,aAAa,CAAC,EAAE,cAAc,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,mDAAmD;IACnD,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,0DAA0D;IAC1D,aAAa,CAAC,EAAE,UAAU,EAAE,CAAC;IAC7B,4DAA4D;IAC5D,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAaxD;AAED;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,cAAc,IAE1D,KAAK,qBAAqB,EAC1B,KAAK,QAAQ,EACb,MAAM,YAAY,KACjB,IAAI,CAsER;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,WAAW,IAEpD,KAAK,qBAAqB,EAC1B,KAAK,QAAQ,EACb,MAAM,YAAY,KACjB,IAAI,CAqDR;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,SAvJpC,qBAAqB,OACrB,QAAQ,QACP,YAAY,KACjB,IAAI,CAsJR;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,SAnKrC,qBAAqB,OACrB,QAAQ,QACP,YAAY,KACjB,IAAI,CAkKR;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,SA1FtC,qBAAqB,OACrB,QAAQ,QACP,YAAY,KACjB,IAAI,CAyFR;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,SAtGzC,qBAAqB,OACrB,QAAQ,QACP,YAAY,KACjB,IAAI,CAqGR;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,KAAK,EAAE,UAAU,EAAE,SAlHhD,qBAAqB,OACrB,QAAQ,QACP,YAAY,KACjB,IAAI,CAiHR;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,UApNjE,qBAAqB,OACrB,QAAQ,QACP,YAAY,KACjB,IAAI,IAmNR;AAED;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,CACxC,SAAS,EAAE,MAAM,EACjB,GAAG,KAAK,EAAE,UAAU,EAAE,UAnOf,qBAAqB,OACrB,QAAQ,QACP,YAAY,KACjB,IAAI,IAmOR"}

package/src/lib/middlewares/authentication.js

@@ -0,0 +1,224 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractToken = extractToken;
+exports.createJwtAuthMiddleware = createJwtAuthMiddleware;
+exports.createRoleMiddleware = createRoleMiddleware;
+exports.requireAuth = requireAuth;
+exports.optionalAuth = optionalAuth;
+exports.requireRoles = requireRoles;
+exports.requireAllRoles = requireAllRoles;
+exports.requireMemberTypes = requireMemberTypes;
+exports.requireAuthWithRoles = requireAuthWithRoles;
+exports.requireAuthWithMemberTypes = requireAuthWithMemberTypes;
+const tslib_1 = require("tslib");
+const jwt = tslib_1.__importStar(require("jsonwebtoken"));
+const errorResponse_1 = require("../utils/errorResponse");
+/**
+ * Extract the JWT token from the Authorization header.
+ * Supports Bearer token format.
+ *
+ * @param req - Express request object
+ * @returns The extracted token or null if not found
+ */
+function extractToken(req) {
+    const authHeader = req.headers.authorization;
+    if (!authHeader) {
+        return null;
+    }
+    // Support "Bearer <token>" format
+    if (authHeader.startsWith('Bearer ')) {
+        return authHeader.slice(7);
+    }
+    // Also support raw token
+    return authHeader;
+}
+/**
+ * Create a JWT authentication middleware with the given configuration.
+ * This middleware validates JWT tokens and attaches member context to the request.
+ *
+ * @param config - JWT authentication configuration
+ * @returns Express middleware function
+ * @requirements 8.1, 8.2, 8.3
+ */
+function createJwtAuthMiddleware(config) {
+    return (req, res, next) => {
+        const requestId = req.requestId || 'unknown';
+        const token = extractToken(req);
+        // Handle missing token
+        if (!token) {
+            if (config.optional) {
+                // Optional auth - continue without member context
+                return next();
+            }
+            const error = (0, errorResponse_1.createUnauthorizedError)(requestId, 'Missing authentication token');
+            res.status(error.statusCode).json(error.response);
+            return;
+        }
+        try {
+            // Verify and decode the token
+            const decoded = jwt.verify(token, config.jwtSecret);
+            // Attach member context to request
+            req.memberContext = {
+                memberId: decoded.memberId,
+                username: decoded.username,
+                type: decoded.type,
+                iat: decoded.iat,
+                exp: decoded.exp,
+            };
+            // Also set the legacy user property for backward compatibility
+            // Using 'any' here to avoid type conflicts with the existing IRequestUserDTO interface
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            req.user = {
+                memberId: decoded.memberId,
+                username: decoded.username,
+                type: decoded.type,
+            };
+            next();
+        }
+        catch (error) {
+            if (error instanceof jwt.TokenExpiredError) {
+                // Token has expired - return 401 with expiration message
+                const errorResponse = (0, errorResponse_1.createTokenExpiredError)(requestId, 'Authentication token has expired. Please log in again.');
+                res.status(errorResponse.statusCode).json(errorResponse.response);
+                return;
+            }
+            if (error instanceof jwt.JsonWebTokenError) {
+                // Invalid token format or signature
+                const errorResponse = (0, errorResponse_1.createUnauthorizedError)(requestId, 'Invalid authentication token');
+                res.status(errorResponse.statusCode).json(errorResponse.response);
+                return;
+            }
+            // Unknown error - treat as unauthorized
+            const errorResponse = (0, errorResponse_1.createUnauthorizedError)(requestId, 'Authentication failed');
+            res.status(errorResponse.statusCode).json(errorResponse.response);
+        }
+    };
+}
+/**
+ * Create a role-based access control middleware.
+ * This middleware checks if the authenticated user has the required roles or member types.
+ *
+ * @param config - Role configuration
+ * @returns Express middleware function
+ * @requirements 8.4
+ */
+function createRoleMiddleware(config) {
+    return (req, res, next) => {
+        const requestId = req.requestId || 'unknown';
+        // Check if user is authenticated
+        if (!req.memberContext) {
+            const error = (0, errorResponse_1.createUnauthorizedError)(requestId, 'Authentication required');
+            res.status(error.statusCode).json(error.response);
+            return;
+        }
+        const { requiredRoles, requiredTypes, requireAll } = config;
+        // Check member type requirements
+        if (requiredTypes && requiredTypes.length > 0) {
+            const hasRequiredType = requiredTypes.includes(req.memberContext.type);
+            if (!hasRequiredType) {
+                const error = (0, errorResponse_1.createInsufficientPermissionsError)(requestId, requiredTypes.join(' or '));
+                res.status(error.statusCode).json(error.response);
+                return;
+            }
+        }
+        // Check role requirements
+        if (requiredRoles && requiredRoles.length > 0) {
+            const userRoles = req.memberContext.roles || [];
+            let hasPermission;
+            if (requireAll) {
+                // User must have ALL required roles
+                hasPermission = requiredRoles.every((role) => userRoles.includes(role));
+            }
+            else {
+                // User must have at least ONE required role
+                hasPermission = requiredRoles.some((role) => userRoles.includes(role));
+            }
+            if (!hasPermission) {
+                const error = (0, errorResponse_1.createInsufficientPermissionsError)(requestId, requiredRoles.join(requireAll ? ' and ' : ' or '));
+                res.status(error.statusCode).json(error.response);
+                return;
+            }
+        }
+        next();
+    };
+}
+/**
+ * Convenience function to create a middleware that requires authentication.
+ * This is a shorthand for createJwtAuthMiddleware with optional=false.
+ *
+ * @param jwtSecret - JWT secret for token verification
+ * @returns Express middleware function
+ * @requirements 8.1, 8.2, 8.3
+ */
+function requireAuth(jwtSecret) {
+    return createJwtAuthMiddleware({ jwtSecret, optional: false });
+}
+/**
+ * Convenience function to create a middleware that optionally authenticates.
+ * If a token is present, it will be validated and member context attached.
+ * If no token is present, the request continues without member context.
+ *
+ * @param jwtSecret - JWT secret for token verification
+ * @returns Express middleware function
+ */
+function optionalAuth(jwtSecret) {
+    return createJwtAuthMiddleware({ jwtSecret, optional: true });
+}
+/**
+ * Convenience function to create a middleware that requires specific roles.
+ * Must be used after authentication middleware.
+ *
+ * @param roles - Required roles (user must have at least one)
+ * @returns Express middleware function
+ * @requirements 8.4
+ */
+function requireRoles(...roles) {
+    return createRoleMiddleware({ requiredRoles: roles, requireAll: false });
+}
+/**
+ * Convenience function to create a middleware that requires all specified roles.
+ * Must be used after authentication middleware.
+ *
+ * @param roles - Required roles (user must have all)
+ * @returns Express middleware function
+ * @requirements 8.4
+ */
+function requireAllRoles(...roles) {
+    return createRoleMiddleware({ requiredRoles: roles, requireAll: true });
+}
+/**
+ * Convenience function to create a middleware that requires specific member types.
+ * Must be used after authentication middleware.
+ *
+ * @param types - Required member types (user must have at least one)
+ * @returns Express middleware function
+ * @requirements 8.4
+ */
+function requireMemberTypes(...types) {
+    return createRoleMiddleware({ requiredTypes: types });
+}
+/**
+ * Combined middleware that requires authentication and specific roles.
+ * This is a convenience function that combines requireAuth and requireRoles.
+ *
+ * @param jwtSecret - JWT secret for token verification
+ * @param roles - Required roles (user must have at least one)
+ * @returns Array of Express middleware functions
+ * @requirements 8.1, 8.2, 8.3, 8.4
+ */
+function requireAuthWithRoles(jwtSecret, ...roles) {
+    return [requireAuth(jwtSecret), requireRoles(...roles)];
+}
+/**
+ * Combined middleware that requires authentication and specific member types.
+ * This is a convenience function that combines requireAuth and requireMemberTypes.
+ *
+ * @param jwtSecret - JWT secret for token verification
+ * @param types - Required member types (user must have at least one)
+ * @returns Array of Express middleware functions
+ * @requirements 8.1, 8.2, 8.3, 8.4
+ */
+function requireAuthWithMemberTypes(jwtSecret, ...types) {
+    return [requireAuth(jwtSecret), requireMemberTypes(...types)];
+}
+//# sourceMappingURL=authentication.js.map

package/src/lib/middlewares/authentication.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/middlewares/authentication.ts"],"names":[],"mappings":";;AA4DA,oCAaC;AAUD,0DA2EC;AAUD,oDA0DC;AAUD,kCAEC;AAUD,oCAEC;AAUD,oCAEC;AAUD,0CAEC;AAUD,gDAEC;AAWD,oDAEC;AAWD,gEAKC;;AAzTD,0DAAoC;AAEpC,0DAIgC;AA6ChC;;;;;;GAMG;AACH,SAAgB,YAAY,CAAC,GAAY;IACvC,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kCAAkC;IAClC,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAED,yBAAyB;IACzB,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,uBAAuB,CAAC,MAAsB;IAC5D,OAAO,CACL,GAA0B,EAC1B,GAAa,EACb,IAAkB,EACZ,EAAE;QACR,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,IAAI,SAAS,CAAC;QAC7C,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAEhC,uBAAuB;QACvB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,kDAAkD;gBAClD,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YACD,MAAM,KAAK,GAAG,IAAA,uCAAuB,EACnC,SAAS,EACT,8BAA8B,CAC/B,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAClD,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,8BAA8B;YAC9B,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAkB,CAAC;YAErE,mCAAmC;YACnC,GAAG,CAAC,aAAa,GAAG;gBAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;aACjB,CAAC;YAEF,+DAA+D;YAC/D,uFAAuF;YACvF,8DAA8D;YAC7D,GAAW,CAAC,IAAI,GAAG;gBAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC;YAEF,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,yDAAyD;gBACzD,MAAM,aAAa,GAAG,IAAA,uCAAuB,EAC3C,SAAS,EACT,wDAAwD,CACzD,CAAC;gBACF,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,IAAI,KAAK,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,oCAAoC;gBACpC,MAAM,aAAa,GAAG,IAAA,uCAAuB,EAC3C,SAAS,EACT,8BAA8B,CAC/B,CAAC;gBACF,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,wCAAwC;YACxC,MAAM,aAAa,GAAG,IAAA,uCAAuB,EAC3C,SAAS,EACT,uBAAuB,CACxB,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,oBAAoB,CAAC,MAAmB;IACtD,OAAO,CACL,GAA0B,EAC1B,GAAa,EACb,IAAkB,EACZ,EAAE;QACR,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,IAAI,SAAS,CAAC;QAE7C,iCAAiC;QACjC,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,IAAA,uCAAuB,EACnC,SAAS,EACT,yBAAyB,CAC1B,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAClD,OAAO;QACT,CAAC;QAED,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC;QAE5D,iCAAiC;QACjC,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,eAAe,GAAG,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YACvE,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,MAAM,KAAK,GAAG,IAAA,kDAAkC,EAC9C,SAAS,EACT,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAC3B,CAAC;gBACF,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAClD,OAAO;YACT,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,SAAS,GAAG,GAAG,CAAC,aAAa,CAAC,KAAK,IAAI,EAAE,CAAC;YAEhD,IAAI,aAAsB,CAAC;YAC3B,IAAI,UAAU,EAAE,CAAC;gBACf,oCAAoC;gBACpC,aAAa,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC1E,CAAC;iBAAM,CAAC;gBACN,4CAA4C;gBAC5C,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YACzE,CAAC;YAED,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,MAAM,KAAK,GAAG,IAAA,kDAAkC,EAC9C,SAAS,EACT,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAClD,CAAC;gBACF,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAClD,OAAO;YACT,CAAC;QACH,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,WAAW,CAAC,SAAiB;IAC3C,OAAO,uBAAuB,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,YAAY,CAAC,SAAiB;IAC5C,OAAO,uBAAuB,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AAChE,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,YAAY,CAAC,GAAG,KAAe;IAC7C,OAAO,oBAAoB,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,eAAe,CAAC,GAAG,KAAe;IAChD,OAAO,oBAAoB,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAAC,GAAG,KAAmB;IACvD,OAAO,oBAAoB,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;AACxD,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAAC,SAAiB,EAAE,GAAG,KAAe;IACxE,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,0BAA0B,CACxC,SAAiB,EACjB,GAAG,KAAmB;IAEtB,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC;AAChE,CAAC"}

package/src/lib/middlewares/index.d.ts

@@ -1,3 +1,5 @@
 export { authenticateCrypto, authenticateToken, findAuthToken, } from '@digitaldefiance/node-express-suite';
+export { IAuthenticatedRequest, IJwtAuthConfig, IMemberContext, IRoleConfig, createJwtAuthMiddleware, createRoleMiddleware, extractToken, optionalAuth, requireAllRoles, requireAuth, requireAuthWithMemberTypes, requireAuthWithRoles, requireMemberTypes, requireRoles, } from './authentication';
 export { cleanupCrypto } from './cleanup-crypto';
+export { REQUEST_ID_HEADER, requestIdMiddleware } from './request-id';
 //# sourceMappingURL=index.d.ts.map

package/src/lib/middlewares/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/middlewares/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,aAAa,GACd,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/middlewares/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,aAAa,GACd,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EACL,qBAAqB,EACrB,cAAc,EACd,cAAc,EACd,WAAW,EACX,uBAAuB,EACvB,oBAAoB,EACpB,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,WAAW,EACX,0BAA0B,EAC1B,oBAAoB,EACpB,kBAAkB,EAClB,YAAY,GACb,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}

package/src/lib/middlewares/index.js

@@ -1,10 +1,24 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.cleanupCrypto = exports.findAuthToken = exports.authenticateToken = exports.authenticateCrypto = void 0;
+exports.requestIdMiddleware = exports.REQUEST_ID_HEADER = exports.cleanupCrypto = exports.requireRoles = exports.requireMemberTypes = exports.requireAuthWithRoles = exports.requireAuthWithMemberTypes = exports.requireAuth = exports.requireAllRoles = exports.optionalAuth = exports.extractToken = exports.createRoleMiddleware = exports.createJwtAuthMiddleware = exports.findAuthToken = exports.authenticateToken = exports.authenticateCrypto = void 0;
 var node_express_suite_1 = require("@digitaldefiance/node-express-suite");
 Object.defineProperty(exports, "authenticateCrypto", { enumerable: true, get: function () { return node_express_suite_1.authenticateCrypto; } });
 Object.defineProperty(exports, "authenticateToken", { enumerable: true, get: function () { return node_express_suite_1.authenticateToken; } });
 Object.defineProperty(exports, "findAuthToken", { enumerable: true, get: function () { return node_express_suite_1.findAuthToken; } });
+var authentication_1 = require("./authentication");
+Object.defineProperty(exports, "createJwtAuthMiddleware", { enumerable: true, get: function () { return authentication_1.createJwtAuthMiddleware; } });
+Object.defineProperty(exports, "createRoleMiddleware", { enumerable: true, get: function () { return authentication_1.createRoleMiddleware; } });
+Object.defineProperty(exports, "extractToken", { enumerable: true, get: function () { return authentication_1.extractToken; } });
+Object.defineProperty(exports, "optionalAuth", { enumerable: true, get: function () { return authentication_1.optionalAuth; } });
+Object.defineProperty(exports, "requireAllRoles", { enumerable: true, get: function () { return authentication_1.requireAllRoles; } });
+Object.defineProperty(exports, "requireAuth", { enumerable: true, get: function () { return authentication_1.requireAuth; } });
+Object.defineProperty(exports, "requireAuthWithMemberTypes", { enumerable: true, get: function () { return authentication_1.requireAuthWithMemberTypes; } });
+Object.defineProperty(exports, "requireAuthWithRoles", { enumerable: true, get: function () { return authentication_1.requireAuthWithRoles; } });
+Object.defineProperty(exports, "requireMemberTypes", { enumerable: true, get: function () { return authentication_1.requireMemberTypes; } });
+Object.defineProperty(exports, "requireRoles", { enumerable: true, get: function () { return authentication_1.requireRoles; } });
 var cleanup_crypto_1 = require("./cleanup-crypto");
 Object.defineProperty(exports, "cleanupCrypto", { enumerable: true, get: function () { return cleanup_crypto_1.cleanupCrypto; } });
+var request_id_1 = require("./request-id");
+Object.defineProperty(exports, "REQUEST_ID_HEADER", { enumerable: true, get: function () { return request_id_1.REQUEST_ID_HEADER; } });
+Object.defineProperty(exports, "requestIdMiddleware", { enumerable: true, get: function () { return request_id_1.requestIdMiddleware; } });
 //# sourceMappingURL=index.js.map

package/src/lib/middlewares/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/middlewares/index.ts"],"names":[],"mappings":";;;AAAA,0EAI6C;AAH3C,wHAAA,kBAAkB,OAAA;AAClB,uHAAA,iBAAiB,OAAA;AACjB,mHAAA,aAAa,OAAA;AAEf,mDAAiD;AAAxC,+GAAA,aAAa,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/middlewares/index.ts"],"names":[],"mappings":";;;AAAA,0EAI6C;AAH3C,wHAAA,kBAAkB,OAAA;AAClB,uHAAA,iBAAiB,OAAA;AACjB,mHAAA,aAAa,OAAA;AAEf,mDAe0B;AAVxB,yHAAA,uBAAuB,OAAA;AACvB,sHAAA,oBAAoB,OAAA;AACpB,8GAAA,YAAY,OAAA;AACZ,8GAAA,YAAY,OAAA;AACZ,iHAAA,eAAe,OAAA;AACf,6GAAA,WAAW,OAAA;AACX,4HAAA,0BAA0B,OAAA;AAC1B,sHAAA,oBAAoB,OAAA;AACpB,oHAAA,kBAAkB,OAAA;AAClB,8GAAA,YAAY,OAAA;AAEd,mDAAiD;AAAxC,+GAAA,aAAa,OAAA;AACtB,2CAAsE;AAA7D,+GAAA,iBAAiB,OAAA;AAAE,iHAAA,mBAAmB,OAAA"}

package/src/lib/middlewares/request-id.d.ts

@@ -0,0 +1,18 @@
+import { NextFunction, Request, Response } from 'express';
+/**
+ * Header name for the request ID
+ */
+export declare const REQUEST_ID_HEADER = "X-Request-ID";
+/**
+ * Middleware to generate and attach a UUID v4 request ID to each request.
+ * The request ID is:
+ * - Generated using crypto.randomUUID() for each incoming request
+ * - Attached to the request context via req.requestId
+ * - Included in response headers as X-Request-ID
+ *
+ * This enables request tracing across logs and error responses.
+ *
+ * @requirements 9.5
+ */
+export declare function requestIdMiddleware(req: Request, res: Response, next: NextFunction): void;
+//# sourceMappingURL=request-id.d.ts.map

package/src/lib/middlewares/request-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-id.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/middlewares/request-id.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE1D;;GAEG;AACH,eAAO,MAAM,iBAAiB,iBAAiB,CAAC;AAEhD;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,IAAI,CAWN"}

package/src/lib/middlewares/request-id.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.REQUEST_ID_HEADER = void 0;
+exports.requestIdMiddleware = requestIdMiddleware;
+const crypto_1 = require("crypto");
+/**
+ * Header name for the request ID
+ */
+exports.REQUEST_ID_HEADER = 'X-Request-ID';
+/**
+ * Middleware to generate and attach a UUID v4 request ID to each request.
+ * The request ID is:
+ * - Generated using crypto.randomUUID() for each incoming request
+ * - Attached to the request context via req.requestId
+ * - Included in response headers as X-Request-ID
+ *
+ * This enables request tracing across logs and error responses.
+ *
+ * @requirements 9.5
+ */
+function requestIdMiddleware(req, res, next) {
+    // Generate a new UUID v4 for this request
+    const requestId = (0, crypto_1.randomUUID)();
+    // Attach to request context
+    req.requestId = requestId;
+    // Set response header so clients can correlate responses
+    res.setHeader(exports.REQUEST_ID_HEADER, requestId);
+    next();
+}
+//# sourceMappingURL=request-id.js.map

package/src/lib/middlewares/request-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-id.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/middlewares/request-id.ts"],"names":[],"mappings":";;;AAmBA,kDAeC;AAlCD,mCAAoC;AAGpC;;GAEG;AACU,QAAA,iBAAiB,GAAG,cAAc,CAAC;AAEhD;;;;;;;;;;GAUG;AACH,SAAgB,mBAAmB,CACjC,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,0CAA0C;IAC1C,MAAM,SAAS,GAAG,IAAA,mBAAU,GAAE,CAAC;IAE/B,4BAA4B;IAC5B,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC;IAE1B,yDAAyD;IACzD,GAAG,CAAC,SAAS,CAAC,yBAAiB,EAAE,SAAS,CAAC,CAAC;IAE5C,IAAI,EAAE,CAAC;AACT,CAAC"}

package/src/lib/openapi/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * OpenAPI module for BrightChain API.
+ * Re-exports from node-express-suite and adds BrightChain-specific schemas.
+ */
+export { CommonSchemas, CommonSecuritySchemes, ControllerRegistry, OpenAPIBuilder, OpenAPIController, OpenAPISchemaRegistry, } from '@digitaldefiance/node-express-suite';
+export type { OpenAPIBuilderConfig, OpenAPIResponseDef, OpenAPISpec, RegisteredController, } from '@digitaldefiance/node-express-suite';
+export { BrightChainSchemas, BrightChainSecuritySchemes, registerBrightChainSchemas, } from './schemas';
+//# sourceMappingURL=index.d.ts.map

package/src/lib/openapi/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/openapi/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EACL,aAAa,EACb,qBAAqB,EACrB,kBAAkB,EAClB,cAAc,EACd,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,qCAAqC,CAAC;AAE7C,YAAY,EACV,oBAAoB,EACpB,kBAAkB,EAClB,WAAW,EACX,oBAAoB,GACrB,MAAM,qCAAqC,CAAC;AAG7C,OAAO,EACL,kBAAkB,EAClB,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,WAAW,CAAC"}

package/src/lib/openapi/index.js

@@ -0,0 +1,21 @@
+"use strict";
+/**
+ * OpenAPI module for BrightChain API.
+ * Re-exports from node-express-suite and adds BrightChain-specific schemas.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerBrightChainSchemas = exports.BrightChainSecuritySchemes = exports.BrightChainSchemas = exports.OpenAPISchemaRegistry = exports.OpenAPIController = exports.OpenAPIBuilder = exports.ControllerRegistry = exports.CommonSecuritySchemes = exports.CommonSchemas = void 0;
+// Re-export from node-express-suite
+var node_express_suite_1 = require("@digitaldefiance/node-express-suite");
+Object.defineProperty(exports, "CommonSchemas", { enumerable: true, get: function () { return node_express_suite_1.CommonSchemas; } });
+Object.defineProperty(exports, "CommonSecuritySchemes", { enumerable: true, get: function () { return node_express_suite_1.CommonSecuritySchemes; } });
+Object.defineProperty(exports, "ControllerRegistry", { enumerable: true, get: function () { return node_express_suite_1.ControllerRegistry; } });
+Object.defineProperty(exports, "OpenAPIBuilder", { enumerable: true, get: function () { return node_express_suite_1.OpenAPIBuilder; } });
+Object.defineProperty(exports, "OpenAPIController", { enumerable: true, get: function () { return node_express_suite_1.OpenAPIController; } });
+Object.defineProperty(exports, "OpenAPISchemaRegistry", { enumerable: true, get: function () { return node_express_suite_1.OpenAPISchemaRegistry; } });
+// Export BrightChain-specific schemas (auto-registers on import)
+var schemas_1 = require("./schemas");
+Object.defineProperty(exports, "BrightChainSchemas", { enumerable: true, get: function () { return schemas_1.BrightChainSchemas; } });
+Object.defineProperty(exports, "BrightChainSecuritySchemes", { enumerable: true, get: function () { return schemas_1.BrightChainSecuritySchemes; } });
+Object.defineProperty(exports, "registerBrightChainSchemas", { enumerable: true, get: function () { return schemas_1.registerBrightChainSchemas; } });
+//# sourceMappingURL=index.js.map

package/src/lib/openapi/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/openapi/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,oCAAoC;AACpC,0EAO6C;AAN3C,mHAAA,aAAa,OAAA;AACb,2HAAA,qBAAqB,OAAA;AACrB,wHAAA,kBAAkB,OAAA;AAClB,oHAAA,cAAc,OAAA;AACd,uHAAA,iBAAiB,OAAA;AACjB,2HAAA,qBAAqB,OAAA;AAUvB,iEAAiE;AACjE,qCAImB;AAHjB,6GAAA,kBAAkB,OAAA;AAClB,qHAAA,0BAA0B,OAAA;AAC1B,qHAAA,0BAA0B,OAAA"}

package/src/lib/openapi/schemas.d.ts

@@ -0,0 +1,15 @@
+/**
+ * OpenAPI component schemas for the BrightChain API.
+ * These are referenced by controllers via schema name strings.
+ */
+export declare const BrightChainSchemas: Record<string, any>;
+/**
+ * Security schemes for the API
+ */
+export declare const BrightChainSecuritySchemes: Record<string, any>;
+/**
+ * Register all BrightChain schemas with the OpenAPI registry.
+ * Call this during application initialization.
+ */
+export declare function registerBrightChainSchemas(): void;
+//# sourceMappingURL=schemas.d.ts.map

package/src/lib/openapi/schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/openapi/schemas.ts"],"names":[],"mappings":"AACA;;;GAGG;AAIH,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CA4kBlD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAO1D,CAAC;AAEF;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,IAAI,CAGjD"}