@brightchain/brightchain-api-lib 0.14.0 → 0.16.0

package/src/lib/controllers/api/brightpass.d.ts

@@ -0,0 +1,72 @@
+import { CoreLanguageCode } from '@digitaldefiance/i18n-lib';
+import { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import { ApiErrorResponse, ApiRequestHandler, TypedHandlers } from '@digitaldefiance/node-express-suite';
+import { IBrightChainApplication } from '../../interfaces/application';
+import { DefaultBackendIdType } from '../../shared-types';
+import { BaseController } from '../base';
+interface IBrightPassDataResponse {
+    success: true;
+    data: Record<string, unknown>;
+    [key: string]: any;
+}
+type BrightPassApiResponse = IBrightPassDataResponse | ApiErrorResponse;
+interface BrightPassHandlers extends TypedHandlers {
+    createVault: ApiRequestHandler<BrightPassApiResponse>;
+    listVaults: ApiRequestHandler<BrightPassApiResponse>;
+    openVault: ApiRequestHandler<BrightPassApiResponse>;
+    deleteVault: ApiRequestHandler<BrightPassApiResponse>;
+    createEntry: ApiRequestHandler<BrightPassApiResponse>;
+    getEntry: ApiRequestHandler<BrightPassApiResponse>;
+    updateEntry: ApiRequestHandler<BrightPassApiResponse>;
+    deleteEntry: ApiRequestHandler<BrightPassApiResponse>;
+    searchEntries: ApiRequestHandler<BrightPassApiResponse>;
+    generatePassword: ApiRequestHandler<BrightPassApiResponse>;
+    generateTotp: ApiRequestHandler<BrightPassApiResponse>;
+    validateTotp: ApiRequestHandler<BrightPassApiResponse>;
+    breachCheck: ApiRequestHandler<BrightPassApiResponse>;
+    autofill: ApiRequestHandler<BrightPassApiResponse>;
+    getAuditLog: ApiRequestHandler<BrightPassApiResponse>;
+    shareVault: ApiRequestHandler<BrightPassApiResponse>;
+    revokeShare: ApiRequestHandler<BrightPassApiResponse>;
+    configureEmergencyAccess: ApiRequestHandler<BrightPassApiResponse>;
+    recoverWithShares: ApiRequestHandler<BrightPassApiResponse>;
+    importEntries: ApiRequestHandler<BrightPassApiResponse>;
+}
+/**
+ * BrightPassController — REST API for the BrightPass password manager.
+ *
+ * Provides endpoints for vault CRUD, entry CRUD, search, password generation,
+ * TOTP, breach detection, autofill, audit log, sharing, emergency access, and import.
+ *
+ * All routes require JWT authentication.
+ *
+ * @requirements 5.1–5.11
+ */
+export declare class BrightPassController<TID extends PlatformID = DefaultBackendIdType> extends BaseController<TID, BrightPassApiResponse, BrightPassHandlers, CoreLanguageCode> {
+    private brightPassService;
+    constructor(application: IBrightChainApplication<TID>);
+    private getAuthMemberId;
+    protected initRouteDefinitions(): void;
+    private handleCreateVault;
+    private handleListVaults;
+    private handleOpenVault;
+    private handleDeleteVault;
+    private handleCreateEntry;
+    private handleGetEntry;
+    private handleUpdateEntry;
+    private handleDeleteEntry;
+    private handleSearchEntries;
+    private handleGeneratePassword;
+    private handleGenerateTotp;
+    private handleValidateTotp;
+    private handleBreachCheck;
+    private handleAutofill;
+    private handleGetAuditLog;
+    private handleShareVault;
+    private handleRevokeShare;
+    private handleConfigureEmergencyAccess;
+    private handleRecoverWithShares;
+    private handleImportEntries;
+}
+export {};
+//# sourceMappingURL=brightpass.d.ts.map

package/src/lib/controllers/api/brightpass.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"brightpass.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-api-lib/src/lib/controllers/api/brightpass.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EAEjB,aAAa,EAEd,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAQvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAO1D,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAKzC,UAAU,uBAAuB;IAC/B,OAAO,EAAE,IAAI,CAAC;IACd,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,KAAK,qBAAqB,GAAG,uBAAuB,GAAG,gBAAgB,CAAC;AAIxE,UAAU,kBAAmB,SAAQ,aAAa;IAChD,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACtD,UAAU,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACrD,SAAS,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACpD,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACtD,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACtD,QAAQ,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACnD,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACtD,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACtD,aAAa,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACxD,gBAAgB,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IAC3D,YAAY,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACvD,YAAY,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACvD,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACtD,QAAQ,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACnD,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACtD,UAAU,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACrD,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACtD,wBAAwB,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IACnE,iBAAiB,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;IAC5D,aAAa,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;CACzD;AA6DD;;;;;;;;;GASG;AACH,qBAAa,oBAAoB,CAC/B,GAAG,SAAS,UAAU,GAAG,oBAAoB,CAC7C,SAAQ,cAAc,CACtB,GAAG,EACH,qBAAqB,EACrB,kBAAkB,EAClB,gBAAgB,CACjB;IACC,OAAO,CAAC,iBAAiB,CAAoB;gBAEjC,WAAW,EAAE,uBAAuB,CAAC,GAAG,CAAC;IAKrD,OAAO,CAAC,eAAe;IAgBvB,SAAS,CAAC,oBAAoB,IAAI,IAAI;YAmPxB,iBAAiB;YAsBjB,gBAAgB;YAYhB,eAAe;YAsBf,iBAAiB;YAwBjB,iBAAiB;YAgBjB,cAAc;YAad,iBAAiB;YAkBjB,iBAAiB;YAajB,mBAAmB;YAmBnB,sBAAsB;YActB,kBAAkB;YAelB,kBAAkB;YAmBlB,iBAAiB;YAgBjB,cAAc;YAoBd,iBAAiB;YAcjB,gBAAgB;YAoBhB,iBAAiB;YAmBjB,8BAA8B;YA2B9B,uBAAuB;YAwBvB,mBAAmB;CAyBlC"}

package/src/lib/controllers/api/brightpass.js

@@ -0,0 +1,577 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BrightPassController = void 0;
+/* eslint-disable @typescript-eslint/no-explicit-any */
+const brightchain_lib_1 = require("@brightchain/brightchain-lib");
+const node_express_suite_1 = require("@digitaldefiance/node-express-suite");
+const brightpass_1 = require("../../services/brightpass");
+const errorResponse_1 = require("../../utils/errorResponse");
+const base_1 = require("../base");
+// ─── Helper ─────────────────────────────────────────────────────
+class AuthenticationRequiredError extends Error {
+    constructor() {
+        super('Authentication required');
+        this.name = 'AuthenticationRequiredError';
+    }
+}
+function mapBrightPassError(error) {
+    if (error instanceof AuthenticationRequiredError) {
+        return (0, errorResponse_1.unauthorizedError)();
+    }
+    if (error instanceof brightpass_1.VaultNotFoundError) {
+        return (0, errorResponse_1.notFoundError)('Vault', 'unknown');
+    }
+    if (error instanceof brightpass_1.VaultAuthenticationError) {
+        return (0, errorResponse_1.unauthorizedError)(error.message);
+    }
+    if (error instanceof brightpass_1.EntryNotFoundError) {
+        return (0, errorResponse_1.notFoundError)('Entry', 'unknown');
+    }
+    if (error instanceof brightpass_1.EmergencyAccessError) {
+        return (0, errorResponse_1.validationError)(error.message);
+    }
+    return (0, errorResponse_1.handleError)(error);
+}
+function ok(data) {
+    return { statusCode: 200, response: { success: true, data } };
+}
+// ─── Controller ─────────────────────────────────────────────────
+/**
+ * BrightPassController — REST API for the BrightPass password manager.
+ *
+ * Provides endpoints for vault CRUD, entry CRUD, search, password generation,
+ * TOTP, breach detection, autofill, audit log, sharing, emergency access, and import.
+ *
+ * All routes require JWT authentication.
+ *
+ * @requirements 5.1–5.11
+ */
+class BrightPassController extends base_1.BaseController {
+    constructor(application) {
+        super(application);
+        this.brightPassService = new brightpass_1.BrightPassService();
+    }
+    getAuthMemberId(req) {
+        const sessionsController = this.application.getController('sessions');
+        try {
+            const member = sessionsController.getMemberFromSession(req.headers.authorization);
+            if (!member) {
+                throw new Error('No member found');
+            }
+            return member.id.toString();
+        }
+        catch {
+            throw new AuthenticationRequiredError();
+        }
+    }
+    initRouteDefinitions() {
+        this.routeDefinitions = [
+            // Vault CRUD
+            (0, node_express_suite_1.routeConfig)('post', '/vaults', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'createVault',
+                openapi: {
+                    summary: 'Create a vault',
+                    tags: ['BrightPass'],
+                    requestBody: { schema: 'CreateVaultRequest' },
+                    responses: { 200: { description: 'Vault created' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('get', '/vaults', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'listVaults',
+                openapi: {
+                    summary: 'List vaults',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Vault list' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('post', '/vaults/:vaultId/open', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'openVault',
+                openapi: {
+                    summary: 'Open a vault',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Vault opened' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('delete', '/vaults/:vaultId', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'deleteVault',
+                openapi: {
+                    summary: 'Delete a vault',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Vault deleted' } },
+                },
+            }),
+            // Entry CRUD
+            (0, node_express_suite_1.routeConfig)('post', '/vaults/:vaultId/entries', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'createEntry',
+                openapi: {
+                    summary: 'Add entry to vault',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Entry created' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('get', '/vaults/:vaultId/entries/:entryId', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'getEntry',
+                openapi: {
+                    summary: 'Get entry by ID',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Entry retrieved' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('put', '/vaults/:vaultId/entries/:entryId', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'updateEntry',
+                openapi: {
+                    summary: 'Update entry',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Entry updated' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('delete', '/vaults/:vaultId/entries/:entryId', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'deleteEntry',
+                openapi: {
+                    summary: 'Delete entry',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Entry deleted' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('post', '/vaults/:vaultId/search', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'searchEntries',
+                openapi: {
+                    summary: 'Search entries',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Search results' } },
+                },
+            }),
+            // Utilities
+            (0, node_express_suite_1.routeConfig)('post', '/generate-password', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'generatePassword',
+                openapi: {
+                    summary: 'Generate password',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Password generated' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('post', '/totp/generate', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'generateTotp',
+                openapi: {
+                    summary: 'Generate TOTP code',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'TOTP code' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('post', '/totp/validate', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'validateTotp',
+                openapi: {
+                    summary: 'Validate TOTP code',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Validation result' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('post', '/breach-check', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'breachCheck',
+                openapi: {
+                    summary: 'Check password breach status',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Breach check result' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('post', '/vaults/:vaultId/autofill', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'autofill',
+                openapi: {
+                    summary: 'Get autofill payload',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Autofill payload' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('get', '/vaults/:vaultId/audit-log', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'getAuditLog',
+                openapi: {
+                    summary: 'Get vault audit log',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Audit log entries' } },
+                },
+            }),
+            // Sharing
+            (0, node_express_suite_1.routeConfig)('post', '/vaults/:vaultId/share', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'shareVault',
+                openapi: {
+                    summary: 'Share vault',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Vault shared' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('post', '/vaults/:vaultId/revoke-share', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'revokeShare',
+                openapi: {
+                    summary: 'Revoke vault share',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Share revoked' } },
+                },
+            }),
+            // Emergency access
+            (0, node_express_suite_1.routeConfig)('post', '/vaults/:vaultId/emergency-access', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'configureEmergencyAccess',
+                openapi: {
+                    summary: 'Configure emergency access',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Emergency access configured' } },
+                },
+            }),
+            (0, node_express_suite_1.routeConfig)('post', '/vaults/:vaultId/emergency-recover', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'recoverWithShares',
+                openapi: {
+                    summary: 'Recover vault with emergency shares',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Vault recovered' } },
+                },
+            }),
+            // Import
+            (0, node_express_suite_1.routeConfig)('post', '/vaults/:vaultId/import', {
+                useAuthentication: true,
+                useCryptoAuthentication: false,
+                handlerKey: 'importEntries',
+                openapi: {
+                    summary: 'Import entries from file',
+                    tags: ['BrightPass'],
+                    responses: { 200: { description: 'Import result' } },
+                },
+            }),
+        ];
+        node_express_suite_1.ControllerRegistry.register('/brightpass', 'BrightPassController', this.routeDefinitions);
+        this.handlers = {
+            createVault: this.handleCreateVault.bind(this),
+            listVaults: this.handleListVaults.bind(this),
+            openVault: this.handleOpenVault.bind(this),
+            deleteVault: this.handleDeleteVault.bind(this),
+            createEntry: this.handleCreateEntry.bind(this),
+            getEntry: this.handleGetEntry.bind(this),
+            updateEntry: this.handleUpdateEntry.bind(this),
+            deleteEntry: this.handleDeleteEntry.bind(this),
+            searchEntries: this.handleSearchEntries.bind(this),
+            generatePassword: this.handleGeneratePassword.bind(this),
+            generateTotp: this.handleGenerateTotp.bind(this),
+            validateTotp: this.handleValidateTotp.bind(this),
+            breachCheck: this.handleBreachCheck.bind(this),
+            autofill: this.handleAutofill.bind(this),
+            getAuditLog: this.handleGetAuditLog.bind(this),
+            shareVault: this.handleShareVault.bind(this),
+            revokeShare: this.handleRevokeShare.bind(this),
+            configureEmergencyAccess: this.handleConfigureEmergencyAccess.bind(this),
+            recoverWithShares: this.handleRecoverWithShares.bind(this),
+            importEntries: this.handleImportEntries.bind(this),
+        };
+    }
+    // ─── Vault CRUD Handlers ──────────────────────────────────────
+    async handleCreateVault(req) {
+        try {
+            const memberId = this.getAuthMemberId(req);
+            const { name, masterPassword } = req.body;
+            if (!name || !masterPassword) {
+                return (0, errorResponse_1.validationError)('Missing required fields: name, masterPassword');
+            }
+            const metadata = await this.brightPassService.createVault(memberId, name, masterPassword);
+            return ok({ vault: metadata });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleListVaults(req) {
+        try {
+            const memberId = this.getAuthMemberId(req);
+            const vaults = await this.brightPassService.listVaults(memberId);
+            return ok({ vaults: vaults });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleOpenVault(req) {
+        try {
+            const memberId = this.getAuthMemberId(req);
+            const { vaultId } = req.params;
+            const { masterPassword } = req
+                .body;
+            if (!masterPassword) {
+                return (0, errorResponse_1.validationError)('Missing required field: masterPassword');
+            }
+            const vault = await this.brightPassService.openVault(memberId, vaultId, masterPassword);
+            return ok({ vault: vault });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleDeleteVault(req) {
+        try {
+            const memberId = this.getAuthMemberId(req);
+            const { vaultId } = req.params;
+            const { masterPassword } = req
+                .body;
+            if (!masterPassword) {
+                return (0, errorResponse_1.validationError)('Missing required field: masterPassword');
+            }
+            await this.brightPassService.deleteVault(memberId, vaultId, masterPassword);
+            return ok({ deleted: true });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    // ─── Entry CRUD Handlers ──────────────────────────────────────
+    async handleCreateEntry(req) {
+        try {
+            const { vaultId } = req.params;
+            const entry = req.body;
+            if (!entry || !entry.type || !entry.title) {
+                return (0, errorResponse_1.validationError)('Missing required fields: type, title');
+            }
+            const created = await this.brightPassService.addEntry(vaultId, entry);
+            return ok({ entry: created });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleGetEntry(req) {
+        try {
+            const { vaultId, entryId } = req
+                .params;
+            const entry = await this.brightPassService.getEntry(vaultId, entryId);
+            return ok({ entry: entry });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleUpdateEntry(req) {
+        try {
+            const { vaultId, entryId } = req
+                .params;
+            const updates = req.body;
+            const updated = await this.brightPassService.updateEntry(vaultId, entryId, updates);
+            return ok({ entry: updated });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleDeleteEntry(req) {
+        try {
+            const { vaultId, entryId } = req
+                .params;
+            await this.brightPassService.deleteEntry(vaultId, entryId);
+            return ok({ deleted: true });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleSearchEntries(req) {
+        try {
+            const { vaultId } = req
+                .params;
+            const query = req.body;
+            const results = await this.brightPassService.searchEntries(vaultId, query);
+            return ok({ results: results });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    // ─── Utility Handlers ─────────────────────────────────────────
+    async handleGeneratePassword(req) {
+        try {
+            const options = req.body;
+            // validate throws on invalid options
+            brightchain_lib_1.PasswordGenerator.validate(options);
+            const password = brightchain_lib_1.PasswordGenerator.generate(options);
+            return ok({ password });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleGenerateTotp(req) {
+        try {
+            const { secret } = req.body;
+            if (!secret) {
+                return (0, errorResponse_1.validationError)('Missing required field: secret');
+            }
+            const code = brightchain_lib_1.TOTPEngine.generate(secret);
+            return ok({ code });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleValidateTotp(req) {
+        try {
+            const { code, secret, window } = req.body;
+            if (!code || !secret) {
+                return (0, errorResponse_1.validationError)('Missing required fields: code, secret');
+            }
+            const valid = brightchain_lib_1.TOTPEngine.validate(code, secret, window);
+            return ok({ valid });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleBreachCheck(req) {
+        try {
+            const { password } = req
+                .body;
+            if (!password) {
+                return (0, errorResponse_1.validationError)('Missing required field: password');
+            }
+            const result = await brightchain_lib_1.BreachDetector.check(password);
+            return ok(result);
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleAutofill(req) {
+        try {
+            const { vaultId } = req.params;
+            const { siteUrl } = req
+                .body;
+            if (!siteUrl) {
+                return (0, errorResponse_1.validationError)('Missing required field: siteUrl');
+            }
+            const payload = await this.brightPassService.getAutofillPayload(vaultId, siteUrl);
+            return ok(payload);
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleGetAuditLog(req) {
+        try {
+            const { vaultId } = req.params;
+            const entries = await this.brightPassService.getAuditLog(vaultId);
+            return ok({ entries: entries });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    // ─── Sharing Handlers ─────────────────────────────────────────
+    async handleShareVault(req) {
+        try {
+            const { vaultId } = req.params;
+            const { recipientMemberIds } = req.body;
+            if (!recipientMemberIds || !Array.isArray(recipientMemberIds)) {
+                return (0, errorResponse_1.validationError)('Missing required field: recipientMemberIds (array)');
+            }
+            await this.brightPassService.shareVault(vaultId, recipientMemberIds);
+            return ok({ shared: true });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleRevokeShare(req) {
+        try {
+            const { vaultId } = req.params;
+            const { memberId } = req
+                .body;
+            if (!memberId) {
+                return (0, errorResponse_1.validationError)('Missing required field: memberId');
+            }
+            await this.brightPassService.revokeShare(vaultId, memberId);
+            return ok({ revoked: true });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    // ─── Emergency Access Handlers ────────────────────────────────
+    async handleConfigureEmergencyAccess(req) {
+        try {
+            const { vaultId } = req
+                .params;
+            const { threshold, trustees } = req.body;
+            if (!threshold || !trustees || !Array.isArray(trustees)) {
+                return (0, errorResponse_1.validationError)('Missing required fields: threshold, trustees (array)');
+            }
+            const config = await this.brightPassService.configureEmergencyAccess(vaultId, threshold, trustees);
+            return ok(config);
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    async handleRecoverWithShares(req) {
+        try {
+            const { vaultId } = req
+                .params;
+            const { shares } = req.body;
+            if (!shares || !Array.isArray(shares)) {
+                return (0, errorResponse_1.validationError)('Missing required field: shares (array)');
+            }
+            const vault = await this.brightPassService.recoverWithShares(vaultId, shares);
+            return ok({ vault: vault });
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+    // ─── Import Handler ───────────────────────────────────────────
+    async handleImportEntries(req) {
+        try {
+            const { vaultId } = req
+                .params;
+            const { format, fileContent } = req.body;
+            if (!format || !fileContent) {
+                return (0, errorResponse_1.validationError)('Missing required fields: format, fileContent');
+            }
+            const buf = Buffer.from(fileContent, 'base64');
+            const result = await this.brightPassService.importFromFile(vaultId, format, buf);
+            return ok(result);
+        }
+        catch (error) {
+            return mapBrightPassError(error);
+        }
+    }
+}
+exports.BrightPassController = BrightPassController;
+//# sourceMappingURL=brightpass.js.map