@brightchain/brightchain-api-lib 0.27.1 → 0.29.0

package/src/lib/controllers/api/user.js

@@ -3,12 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.UserController = void 0;
 const tslib_1 = require("tslib");
 const brightchain_lib_1 = require("@brightchain/brightchain-lib");
-const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
 const i18n_lib_1 = require("@digitaldefiance/i18n-lib");
 const node_express_suite_1 = require("@digitaldefiance/node-express-suite");
+const node_express_suite_2 = require("@brightchain/node-express-suite");
 const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
-const crypto_1 = require("crypto");
-const userValidation_1 = require("../../validation/userValidation");
 /** Extract the member ID from req.user, preferring memberId over id. */
 function getUserId(user) {
     const id = user.memberId ?? user.id;
@@ -16,315 +14,87 @@ function getUserId(user) {
         throw new Error('No member ID on request user');
     return id;
 }
-let UserController = class UserController extends node_express_suite_1.DecoratorBaseController {
+/**
+ * BrightChain domain-specific UserController.
+ *
+ * Extends BrightDbUserController with:
+ * - BrightHub social profile creation on registration
+ * - Backup code routes (generate, regenerate, get count, recover-with-backup)
+ * - Direct challenge verification route (ECIES signature-based login)
+ */
+let UserController = class UserController extends node_express_suite_2.BrightDbUserController {
     constructor(application) {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
         super(application);
     }
-    async register(req, _res, _next) {
-        const validation = (0, userValidation_1.validateRegistration)(req.body);
-        if (!validation.valid) {
-            return {
-                statusCode: 400,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData),
-                    errors: validation.errors,
-                },
-            };
-        }
-        try {
-            const { username, email, password } = req.body;
-            const authService = this.application.services.get('auth');
-            const result = await authService.register(username, email, new ecies_lib_1.SecureString(password));
-            // Create BrightHub social profile for the new user
-            try {
-                const userProfileService = this.application.services.get('userProfileService');
-                if (userProfileService) {
-                    await userProfileService.createProfileForUser(result.memberId, username);
-                }
-            }
-            catch {
-                // Non-fatal: profile can be created lazily if this fails
-            }
-            const authResponse = {
-                token: result.token,
-                memberId: result.memberId,
-                energyBalance: result.energyBalance,
-            };
-            return {
-                statusCode: 201,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Registration_Success),
-                    data: authResponse,
-                },
-            };
-        }
-        catch (error) {
-            const errorMessage = error instanceof Error
-                ? error.message
-                : (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError);
-            return {
-                statusCode: 400,
-                response: {
-                    message: errorMessage,
-                    error: errorMessage,
-                },
-            };
-        }
-    }
-    async login(req, _res, _next) {
-        const validation = (0, userValidation_1.validateLogin)(req.body);
-        if (!validation.valid) {
-            return {
-                statusCode: 400,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData),
-                    errors: validation.errors,
-                },
-            };
-        }
-        try {
-            const { username, password } = req.body;
-            const authService = this.application.services.get('auth');
-            const result = await authService.login({
-                username,
-                password: new ecies_lib_1.SecureString(password),
-            });
-            const authResponse = {
-                token: result.token,
-                memberId: result.memberId,
-                energyBalance: result.energyBalance,
-            };
-            return {
-                statusCode: 200,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.LoggedIn_Success),
-                    data: authResponse,
-                },
-            };
-        }
-        catch {
-            return {
-                statusCode: 401,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials),
-                    error: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials),
-                },
-            };
-        }
-    }
-    async getProfile(req, _res, _next) {
-        const user = req.user;
-        if (!user) {
-            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
-        }
-        try {
-            const memberId = getUserId(user);
-            const sp = brightchain_lib_1.ServiceProvider.getInstance();
-            const typedId = sp.idProvider.idFromString(memberId);
-            const idRawBytes = sp.idProvider.toBytes(typedId);
-            const memberChecksum = sp.checksumService.calculateChecksum(idRawBytes);
-            const energyStore = this.application.services.get('energyStore');
-            const energyAccount = await energyStore.getOrCreate(memberChecksum);
-            let email = '';
-            const memberStore = this.application.services.get('memberStore');
-            try {
-                if (memberStore) {
-                    const member = await memberStore.getMember(typedId);
-                    email = member.email.toString();
-                }
-            }
-            catch {
-                // Member lookup failed, continue with empty email
-            }
-            let memberProfile;
-            try {
-                if (memberStore) {
-                    const profile = await memberStore.getMemberProfile(typedId);
-                    if (profile.publicProfile) {
-                        memberProfile = {
-                            status: profile.publicProfile.status,
-                            storageQuota: profile.publicProfile.storageQuota?.toString(),
-                            storageUsed: profile.publicProfile.storageUsed?.toString(),
-                            lastActive: profile.publicProfile.lastActive?.toISOString(),
-                            dateCreated: profile.publicProfile.dateCreated?.toISOString(),
-                        };
-                    }
-                }
-            }
-            catch {
-                // MemberStore profile not available
-            }
-            const userProfile = {
-                memberId,
-                username: user.username,
-                email,
-                energyBalance: energyAccount.balance,
-                availableBalance: energyAccount.availableBalance,
-                earned: energyAccount.earned,
-                spent: energyAccount.spent,
-                reserved: energyAccount.reserved,
-                reputation: energyAccount.reputation,
-                createdAt: energyAccount.createdAt.toISOString(),
-                lastUpdated: energyAccount.lastUpdated.toISOString(),
-                ...(memberProfile && { profile: memberProfile }),
-            };
-            return {
-                statusCode: 200,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Settings_RetrievedSuccess),
-                    data: userProfile,
-                },
-            };
-        }
-        catch {
-            return {
-                statusCode: 500,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                    error: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                },
-            };
-        }
-    }
-    async updateProfile(req, _res, _next) {
-        const user = req.user;
-        if (!user) {
-            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
-        }
+    /**
+     * Hook called after successful registration.
+     * Creates a BrightHub social profile for the new user.
+     */
+    async onPostRegister(memberId, username) {
         try {
-            const memberId = getUserId(user);
-            const updateData = req.body;
-            const sp = brightchain_lib_1.ServiceProvider.getInstance();
-            const typedId = sp.idProvider.idFromString(memberId);
-            const idRawBytes = sp.idProvider.toBytes(typedId);
-            const memberChecksum = sp.checksumService.calculateChecksum(idRawBytes);
-            const memberStore = this.application.services.get('memberStore');
-            if (memberStore && updateData.settings) {
-                const completeSettings = {
-                    autoReplication: updateData.settings.autoReplication ?? true,
-                    minRedundancy: updateData.settings.minRedundancy ?? 3,
-                    preferredRegions: updateData.settings.preferredRegions ?? [],
-                };
-                await memberStore.updateMember(typedId, {
-                    id: typedId,
-                    privateChanges: {
-                        settings: completeSettings,
-                    },
-                });
-            }
-            const energyStore = this.application.services.get('energyStore');
-            const energyAccount = await energyStore.getOrCreate(memberChecksum);
-            let email = '';
-            try {
-                if (memberStore) {
-                    const member = await memberStore.getMember(typedId);
-                    email = member.email.toString();
-                }
-            }
-            catch {
-                // Member lookup failed
+            const userProfileService = this.application.services.get('userProfileService');
+            if (userProfileService) {
+                await userProfileService.createProfileForUser(memberId, username);
             }
-            let memberProfile;
-            try {
-                if (memberStore) {
-                    const profile = await memberStore.getMemberProfile(typedId);
-                    if (profile.publicProfile) {
-                        memberProfile = {
-                            status: profile.publicProfile.status,
-                            storageQuota: profile.publicProfile.storageQuota?.toString(),
-                            storageUsed: profile.publicProfile.storageUsed?.toString(),
-                            lastActive: profile.publicProfile.lastActive?.toISOString(),
-                            dateCreated: profile.publicProfile.dateCreated?.toISOString(),
-                        };
-                    }
-                }
-            }
-            catch {
-                // MemberStore profile not available
-            }
-            const userProfile = {
-                memberId,
-                username: user.username,
-                email,
-                energyBalance: energyAccount.balance,
-                availableBalance: energyAccount.availableBalance,
-                earned: energyAccount.earned,
-                spent: energyAccount.spent,
-                reserved: energyAccount.reserved,
-                reputation: energyAccount.reputation,
-                createdAt: energyAccount.createdAt.toISOString(),
-                lastUpdated: energyAccount.lastUpdated.toISOString(),
-                ...(memberProfile && { profile: memberProfile }),
-            };
-            return {
-                statusCode: 200,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Settings_SaveSuccess),
-                    data: userProfile,
-                },
-            };
         }
         catch {
-            return {
-                statusCode: 500,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                    error: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                },
-            };
+            // Non-fatal: profile can be created lazily if this fails
         }
     }
-    async changePassword(req, _res, _next) {
-        const validation = (0, userValidation_1.validatePasswordChange)(req.body);
-        if (!validation.valid) {
-            return {
-                statusCode: 400,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData),
-                    errors: validation.errors,
-                },
-            };
-        }
-        const user = req.user;
-        if (!user) {
-            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
-        }
+    async directChallenge(req, _res, _next) {
+        const { challenge, signature, username, email } = req.body;
         try {
-            const memberId = getUserId(user);
-            const { currentPassword, newPassword } = req.body;
-            const sp = brightchain_lib_1.ServiceProvider.getInstance();
-            const typedId = sp.idProvider.idFromString(memberId);
             const authService = this.application.services.get('auth');
-            await authService.changePassword(typedId, currentPassword, newPassword);
-            return {
-                statusCode: 200,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.PasswordChange_Success),
-                    data: {
-                        memberId,
-                        success: true,
+            const { member, memberId, userDTO } = await authService.verifyDirectLoginChallenge(String(challenge), String(signature), username ? String(username) : undefined, email ? String(email) : undefined);
+            const token = authService.signToken(memberId, member.name, member.type);
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const env = this.application.environment;
+            const serverPublicKey = env.systemPublicKeyHex ?? '';
+            const response = {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.LoggedIn_Success),
+                user: userDTO ?? {
+                    id: memberId,
+                    username: member.name,
+                    email: member.email.toString(),
+                    roles: [],
+                    rolePrivileges: {
+                        admin: false,
+                        member: true,
+                        child: false,
+                        system: false,
                     },
+                    emailVerified: true,
+                    timezone: 'UTC',
+                    siteLanguage: 'en',
+                    darkMode: false,
+                    currency: 'USD',
+                    directChallenge: false,
                 },
+                token,
+                serverPublicKey,
             };
+            return { statusCode: 200, response };
         }
         catch (error) {
-            const errorMessage = error instanceof Error
-                ? error.message
-                : (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Error_PasswordChange);
-            if (errorMessage === 'Invalid credentials') {
+            const msg = error instanceof Error ? error.message : 'Unexpected error';
+            if (msg === 'Challenge expired' ||
+                msg === 'Invalid challenge' ||
+                msg === 'Invalid credentials' ||
+                msg === 'Challenge already used') {
                 return {
                     statusCode: 401,
                     response: {
                         message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials),
-                        error: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials),
+                        error: msg,
                     },
                 };
             }
             return {
                 statusCode: 500,
                 response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Error_PasswordChange),
-                    error: errorMessage,
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
+                    error: msg,
                 },
             };
         }
@@ -471,375 +241,14 @@ let UserController = class UserController extends node_express_suite_1.Decorator
             };
         }
     }
-    async recover(req, _res, _next) {
-        const validation = (0, userValidation_1.validateRecovery)(req.body);
-        if (!validation.valid) {
-            return {
-                statusCode: 400,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData),
-                    errors: validation.errors,
-                },
-            };
-        }
-        try {
-            const { email, mnemonic, newPassword } = req.body;
-            const authService = this.application.services.get('auth');
-            const result = await authService.recoverWithMnemonic(email, new ecies_lib_1.SecureString(mnemonic), newPassword);
-            return {
-                statusCode: 200,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.MnemonicRecovery_Success),
-                    data: result,
-                },
-            };
-        }
-        catch (error) {
-            const errorMessage = error instanceof Error
-                ? error.message
-                : (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError);
-            if (errorMessage === 'Invalid credentials' ||
-                errorMessage === 'Invalid mnemonic') {
-                return {
-                    statusCode: 401,
-                    response: {
-                        message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials),
-                        error: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials),
-                    },
-                };
-            }
-            return {
-                statusCode: 500,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                    error: errorMessage,
-                },
-            };
-        }
-    }
-    async logout(req, _res, _next) {
-        const user = req.user;
-        if (!user) {
-            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
-        }
-        try {
-            const authHeader = String(req.headers
-                ?.authorization ?? '');
-            if (!authHeader.startsWith('Bearer ')) {
-                return {
-                    statusCode: 401,
-                    response: {
-                        message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenMissing),
-                        error: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenMissing),
-                    },
-                };
-            }
-            const token = authHeader.slice('Bearer '.length);
-            const sessionAdapter = this.application.services.get('sessionAdapter');
-            const session = await sessionAdapter.validateToken(token);
-            if (session) {
-                await sessionAdapter.deleteSession(session.sessionId);
-            }
-            return {
-                statusCode: 200,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_Success),
-                },
-            };
-        }
-        catch {
-            return {
-                statusCode: 500,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                    error: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                },
-            };
-        }
-    }
-    async requestDirectLogin(_req, _res, _next) {
-        const systemUser = node_express_suite_1.SystemUserService.getSystemUser(
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        this.application.environment, this.application.constants);
-        const time = Buffer.alloc(8);
-        time.writeBigUInt64BE(BigInt(new Date().getTime()));
-        const nonce = (0, crypto_1.randomBytes)(32);
-        const signature = systemUser.sign(Buffer.concat([time, nonce]));
-        const challenge = Buffer.concat([time, nonce, signature]).toString('hex');
-        return {
-            statusCode: 200,
-            response: {
-                challenge,
-                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Login_ChallengeGenerated),
-                serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
-            },
-        };
-    }
-    async directChallenge(req, _res, _next) {
-        const { challenge, signature, username, email } = req.body;
-        try {
-            const authService = this.application.services.get('auth');
-            const { member, memberId, userDTO } = await authService.verifyDirectLoginChallenge(String(challenge), String(signature), username ? String(username) : undefined, email ? String(email) : undefined);
-            const token = authService.signToken(memberId, member.name, member.type);
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            const env = this.application.environment;
-            const serverPublicKey = env.systemPublicKeyHex ?? '';
-            const response = {
-                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.LoggedIn_Success),
-                user: userDTO ?? {
-                    id: memberId,
-                    username: member.name,
-                    email: member.email.toString(),
-                    roles: [],
-                    rolePrivileges: {
-                        admin: false,
-                        member: true,
-                        child: false,
-                        system: false,
-                    },
-                    emailVerified: true,
-                    timezone: 'UTC',
-                    siteLanguage: 'en',
-                    darkMode: false,
-                    currency: 'USD',
-                    directChallenge: false,
-                },
-                token,
-                serverPublicKey,
-            };
-            return { statusCode: 200, response };
-        }
-        catch (error) {
-            const msg = error instanceof Error ? error.message : 'Unexpected error';
-            if (msg === 'Challenge expired' ||
-                msg === 'Invalid challenge' ||
-                msg === 'Invalid credentials' ||
-                msg === 'Challenge already used') {
-                return {
-                    statusCode: 401,
-                    response: {
-                        message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials),
-                        error: msg,
-                    },
-                };
-            }
-            return {
-                statusCode: 500,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                    error: msg,
-                },
-            };
-        }
-    }
-    /**
-     * GET /verify — returns the authenticated user's DTO.
-     * The auth middleware already populates req.user with a full IRequestUserDTO
-     * via buildRequestUserDTO, so we just return it.
-     */
-    async verify(req, _res, _next) {
-        if (!req.user) {
-            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
-        }
-        const user = req.user;
-        return {
-            statusCode: 200,
-            response: {
-                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenValid),
-                user: {
-                    id: user.id,
-                    email: user.email,
-                    username: user.username,
-                    roles: user.roles || [],
-                    rolePrivileges: user.rolePrivileges,
-                    timezone: user.timezone,
-                    currency: user.currency,
-                    emailVerified: user.emailVerified,
-                    darkMode: user.darkMode,
-                    siteLanguage: user.siteLanguage,
-                    directChallenge: user.directChallenge,
-                    ...(user.lastLogin && { lastLogin: user.lastLogin }),
-                },
-            },
-        };
-    }
-    /**
-     * GET /settings — returns the authenticated user's settings.
-     */
-    async getSettings(req, _res, _next) {
-        if (!req.user) {
-            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
-        }
-        const user = req.user;
-        return {
-            statusCode: 200,
-            response: {
-                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Settings_RetrievedSuccess),
-                settings: {
-                    email: user.email || '',
-                    timezone: user.timezone || '',
-                    currency: user.currency || '',
-                    siteLanguage: user.siteLanguage || '',
-                    darkMode: user.darkMode || false,
-                    directChallenge: user.directChallenge || false,
-                },
-            },
-        };
-    }
-    /**
-     * POST /settings — updates the authenticated user's settings.
-     */
-    async updateSettings(req, _res, _next) {
-        if (!req.user) {
-            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
-        }
-        try {
-            const user = req.user;
-            const memberId = user.id;
-            const { email, timezone, siteLanguage, currency, darkMode, directChallenge, } = req.body;
-            const sp = brightchain_lib_1.ServiceProvider.getInstance();
-            const typedId = sp.idProvider.idFromString(memberId);
-            const idHex = sp.idProvider.toString(typedId, 'hex');
-            // Update user-facing settings (timezone, darkMode, etc.) in the DB
-            // users collection. These are NOT part of the member store's
-            // IPrivateMemberData.settings (which tracks replication/storage config).
-            try {
-                const db = this.application.services.get('db');
-                if (db) {
-                    const usersCol = db.collection('user_settings');
-                    const updateFields = {};
-                    if (email !== undefined)
-                        updateFields['email'] = email;
-                    if (timezone !== undefined)
-                        updateFields['timezone'] = timezone;
-                    if (siteLanguage !== undefined)
-                        updateFields['siteLanguage'] = siteLanguage;
-                    if (currency !== undefined)
-                        updateFields['currency'] = currency;
-                    if (darkMode !== undefined)
-                        updateFields['darkMode'] = darkMode;
-                    if (directChallenge !== undefined)
-                        updateFields['directChallenge'] = directChallenge;
-                    if (Object.keys(updateFields).length > 0) {
-                        await usersCol.updateOne({ _id: idHex }, { $set: updateFields }, { upsert: true });
-                    }
-                }
-            }
-            catch {
-                // DB update is best-effort
-            }
-            // Build updated user DTO
-            const updatedUser = {
-                ...user,
-                ...(email !== undefined && { email }),
-                ...(timezone !== undefined && { timezone }),
-                ...(siteLanguage !== undefined && { siteLanguage }),
-                ...(currency !== undefined && { currency }),
-                ...(darkMode !== undefined && { darkMode }),
-                ...(directChallenge !== undefined && { directChallenge }),
-            };
-            return {
-                statusCode: 200,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Settings_SaveSuccess),
-                    user: updatedUser,
-                },
-            };
-        }
-        catch {
-            return {
-                statusCode: 500,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                    error: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                },
-            };
-        }
-    }
-    /**
-     * GET /refresh-token — re-signs the JWT and returns a new token + user DTO.
-     */
-    async refreshToken(req, _res, _next) {
-        if (!req.user) {
-            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
-        }
-        try {
-            const user = req.user;
-            const authService = this.application.services.get('auth');
-            // Verify the current token is still valid
-            const authHeader = String(req.headers
-                ?.authorization ?? '');
-            if (!authHeader.startsWith('Bearer ')) {
-                return {
-                    statusCode: 401,
-                    response: {
-                        message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenMissing),
-                        error: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenMissing),
-                    },
-                };
-            }
-            const oldToken = authHeader.slice('Bearer '.length);
-            const decoded = await authService.verifyToken(oldToken);
-            // Re-sign with fresh expiry
-            const newToken = authService.signToken(decoded.memberId, decoded.username, decoded.type);
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            const env = this.application.environment;
-            const serverPublicKey = env.systemPublicKeyHex ?? '';
-            return {
-                statusCode: 200,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_Success),
-                    user,
-                    token: newToken,
-                    serverPublicKey,
-                },
-                headers: {
-                    Authorization: `Bearer ${newToken}`,
-                },
-            };
-        }
-        catch {
-            return {
-                statusCode: 500,
-                response: {
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                    error: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
-                },
-            };
-        }
-    }
 };
 exports.UserController = UserController;
 tslib_1.__decorate([
-    (0, node_express_suite_1.Post)('/register'),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "register", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Post)('/login'),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "login", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Get)('/profile', { auth: true }),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "getProfile", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Put)('/profile', { auth: true }),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "updateProfile", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Post)('/change-password', { auth: true }),
+    (0, node_express_suite_1.Post)('/direct-challenge'),
     tslib_1.__metadata("design:type", Function),
     tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
     tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "changePassword", null);
+], UserController.prototype, "directChallenge", null);
 tslib_1.__decorate([
     (0, node_express_suite_1.Post)('/backup-codes', { auth: true }),
     tslib_1.__metadata("design:type", Function),
@@ -864,54 +273,6 @@ tslib_1.__decorate([
     tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
     tslib_1.__metadata("design:returntype", Promise)
 ], UserController.prototype, "recoverWithBackupCode", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Post)('/recover'),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "recover", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Post)('/logout', { auth: true }),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "logout", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Post)('/request-direct-login'),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "requestDirectLogin", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Post)('/direct-challenge'),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "directChallenge", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Get)('/verify', { auth: true }),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "verify", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Get)('/settings', { auth: true }),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "getSettings", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Post)('/settings', { auth: true }),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "updateSettings", null);
-tslib_1.__decorate([
-    (0, node_express_suite_1.Get)('/refresh-token', { auth: true }),
-    tslib_1.__metadata("design:type", Function),
-    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
-    tslib_1.__metadata("design:returntype", Promise)
-], UserController.prototype, "refreshToken", null);
 exports.UserController = UserController = tslib_1.__decorate([
     (0, node_express_suite_1.Controller)(),
     tslib_1.__metadata("design:paramtypes", [Object])