@crowi/api 2.0.0-alpha.0

package/dist/hono/handlers/admin/users.js

@@ -0,0 +1,316 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerAdminUsersRoutes = void 0;
+/**
+ * RFC-0006 Phase 4 Batch 9 — `admin.users` resource Hono port.
+ *
+ * Replaces `packages/api/src/routes/ts-rest/admin/users.ts`. 10 admin-only
+ * endpoints — see the contract header for the full list.
+ *
+ * Auth:
+ *   - Admin-only via broad `createJwtAdminRequired(crowi)` apply on
+ *     `/admin/users/*` + the bare `/admin/users` path.
+ *
+ * Logic parity:
+ *   - Same `buildSearchFilter` regex-escape semantics as the legacy ts-rest
+ *     era. Per-email `inviteUsers` row disambiguation (created / exists /
+ *     failed) uses the same `$in` follow-up over null-row emails.
+ */
+const api_contract_1 = require("@crowi/api-contract");
+const debug_1 = __importDefault(require("debug"));
+const admin_pager_1 = require("../../../util/admin-pager");
+const map_duplicate_key_error_1 = require("../../../util/map-duplicate-key-error");
+const ts_rest_helpers_1 = require("../../../util/ts-rest-helpers");
+const admin_1 = require("../../middleware/admin");
+const errors_1 = require("../_helpers/errors");
+const debug = (0, debug_1.default)('crowi:hono:handlers:admin:users');
+const ADMIN_PAGINATE_SORT = { status: 1, username: 1, createdAt: 1 };
+const ADMIN_PAGINATE_SELECT = '-password -googleId -githubId';
+const REGEX_META = /[-/\\^$*+?.()|[\]{}]/g;
+const escapeRegex = (s) => s.replace(REGEX_META, '\\$&');
+const buildSearchFilter = (q) => {
+    if (!q)
+        return {};
+    const trimmed = q.trim();
+    if (trimmed.length === 0)
+        return {};
+    const firstSpace = trimmed.indexOf(' ');
+    const $regex = firstSpace === -1 ? escapeRegex(trimmed) : `${escapeRegex(trimmed.slice(0, firstSpace))}|${escapeRegex(trimmed.slice(firstSpace + 1))}`;
+    return {
+        $or: ['username', 'name', 'email'].map((field) => ({
+            [field]: { $regex, $options: 'i' },
+        })),
+    };
+};
+const invalidIdBody = (id) => ({
+    error: { code: 'VALIDATION_ERROR', message: `Invalid user id: ${id}` },
+});
+const userNotFoundBody = { error: { code: 'NOT_FOUND', message: 'User not found' } };
+const emailConflictBody = { error: { code: 'CONFLICT', message: 'Email is already in use by another user' } };
+const notInvitedConflictBody = {
+    error: { code: 'CONFLICT', message: 'Only invited (never-activated) users can be removed' },
+};
+const createUsersByInvitationAsync = (User, emailList, toSendEmail) => new Promise((resolve, reject) => {
+    User.createUsersByInvitation(emailList, toSendEmail, (err, list) => {
+        if (err)
+            return reject(err);
+        resolve(list);
+    });
+});
+const promisifyMethod = (invoker) => new Promise((resolve, reject) => {
+    invoker((err, data) => {
+        if (err)
+            return reject(err);
+        resolve(data);
+    });
+});
+const findExistingEmails = async (User, emails) => {
+    const docs = (await User.find({ email: { $in: emails } }, 'email').lean());
+    return new Set(docs.map((doc) => doc.email));
+};
+const toInvitedUserResults = async (User, rows) => {
+    const nullEmails = rows.filter((row) => !row.user).map((row) => row.email);
+    const existingEmails = nullEmails.length === 0 ? new Set() : await findExistingEmails(User, nullEmails);
+    return rows.map((row) => {
+        if (row.user)
+            return { email: row.email, status: 'created', userId: row.user._id.toString() };
+        if (existingEmails.has(row.email))
+            return { email: row.email, status: 'exists' };
+        return { email: row.email, status: 'failed' };
+    });
+};
+const registerAdminUsersRoutes = (app, crowi) => {
+    const User = crowi.model('User');
+    app.use('/admin/users/*', (0, admin_1.createJwtAdminRequired)(crowi));
+    app.use('/admin/users', (0, admin_1.createJwtAdminRequired)(crowi));
+    return app
+        .openapi(api_contract_1.adminUsersRoutes.listUsersRoute, async (c) => {
+        try {
+            const { q, status, page, limit } = c.req.valid('query');
+            const filter = { ...buildSearchFilter(q), ...(status !== undefined ? { status } : {}) };
+            const result = await User.paginate(filter, {
+                page,
+                limit,
+                sort: ADMIN_PAGINATE_SORT,
+                select: ADMIN_PAGINATE_SELECT,
+            });
+            // mongoose-paginate-v2 renames total→totalDocs and pages→totalPages;
+            // absorb the rename here so the AdminPager JSON contract is unchanged.
+            const pager = (0, admin_pager_1.createPager)(result.totalDocs, result.page ?? page, result.totalPages, admin_pager_1.MAX_PAGE_LIST);
+            return c.json({
+                users: result.docs.map(ts_rest_helpers_1.toUserPublic),
+                pager,
+            }, 200);
+        }
+        catch (err) {
+            debug('listUsers error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.searchUsersByEmailRoute, async (c) => {
+        try {
+            const { email } = c.req.valid('query');
+            const users = await User.findUsersByPartOfEmail(email, {});
+            return c.json({ users: users.map(ts_rest_helpers_1.toUserPublic) }, 200);
+        }
+        catch (err) {
+            debug('searchUsersByEmail error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.inviteUsersRoute, async (c) => {
+        const body = c.req.valid('json');
+        const emailList = body.emailList.map((email) => email.trim()).filter((email) => email.length > 0);
+        if (emailList.length === 0) {
+            return c.json({
+                error: {
+                    code: 'VALIDATION_ERROR',
+                    message: 'emailList must contain at least one non-empty email',
+                },
+            }, 400);
+        }
+        try {
+            const rows = await createUsersByInvitationAsync(User, emailList, body.sendEmail ?? false);
+            const results = await toInvitedUserResults(User, rows);
+            return c.json({ results }, 200);
+        }
+        catch (err) {
+            debug('inviteUsers error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.editUserRoute, async (c) => {
+        const { id } = c.req.valid('param');
+        const body = c.req.valid('json');
+        if (!(0, ts_rest_helpers_1.isValidObjectId)(id))
+            return c.json(invalidIdBody(id), 400);
+        try {
+            const [user, duplicate] = (await Promise.all([User.findById(id).exec(), User.findUserByEmail(body.email)]));
+            if (!user)
+                return c.json(userNotFoundBody, 404);
+            if (duplicate && !user.equals(duplicate))
+                return c.json(emailConflictBody, 409);
+            const updated = (await user.updateNameAndEmail(body.name, body.email));
+            return c.json({ user: (0, ts_rest_helpers_1.toUserPublic)(updated) }, 200);
+        }
+        catch (err) {
+            // The email findUserByEmail pre-check can be raced; the unique index is
+            // the final defence. Surface its E11000 as the same 409 conflict
+            // instead of a 500 (this route's contract codes the conflict CONFLICT).
+            if ((0, map_duplicate_key_error_1.isDuplicateKeyError)(err))
+                return c.json(emailConflictBody, 409);
+            debug('editUser error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.makeAdminRoute, async (c) => {
+        const { id } = c.req.valid('param');
+        if (!(0, ts_rest_helpers_1.isValidObjectId)(id))
+            return c.json(invalidIdBody(id), 400);
+        try {
+            const user = (await User.findById(id));
+            if (!user)
+                return c.json(userNotFoundBody, 404);
+            const updated = await promisifyMethod((cb) => user.makeAdmin(cb));
+            return c.json({ user: (0, ts_rest_helpers_1.toUserPublic)(updated) }, 200);
+        }
+        catch (err) {
+            debug('makeAdmin error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.removeFromAdminRoute, async (c) => {
+        const { id } = c.req.valid('param');
+        if (!(0, ts_rest_helpers_1.isValidObjectId)(id))
+            return c.json(invalidIdBody(id), 400);
+        try {
+            const user = (await User.findById(id));
+            if (!user)
+                return c.json(userNotFoundBody, 404);
+            const updated = await promisifyMethod((cb) => user.removeFromAdmin(cb));
+            return c.json({ user: (0, ts_rest_helpers_1.toUserPublic)(updated) }, 200);
+        }
+        catch (err) {
+            debug('removeFromAdmin error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.activateUserRoute, async (c) => {
+        const { id } = c.req.valid('param');
+        if (!(0, ts_rest_helpers_1.isValidObjectId)(id))
+            return c.json(invalidIdBody(id), 400);
+        try {
+            const user = (await User.findById(id));
+            if (!user)
+                return c.json(userNotFoundBody, 404);
+            const updated = await promisifyMethod((cb) => user.statusActivate(cb));
+            return c.json({ user: (0, ts_rest_helpers_1.toUserPublic)(updated) }, 200);
+        }
+        catch (err) {
+            debug('activateUser error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.suspendUserRoute, async (c) => {
+        const { id } = c.req.valid('param');
+        if (!(0, ts_rest_helpers_1.isValidObjectId)(id))
+            return c.json(invalidIdBody(id), 400);
+        try {
+            const user = (await User.findById(id));
+            if (!user)
+                return c.json(userNotFoundBody, 404);
+            const updated = await promisifyMethod((cb) => user.statusSuspend(cb));
+            return c.json({ user: (0, ts_rest_helpers_1.toUserPublic)(updated) }, 200);
+        }
+        catch (err) {
+            debug('suspendUser error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.resetPasswordRoute, async (c) => {
+        const { id } = c.req.valid('param');
+        if (!(0, ts_rest_helpers_1.isValidObjectId)(id))
+            return c.json(invalidIdBody(id), 400);
+        try {
+            const exists = (await User.findById(id));
+            if (!exists)
+                return c.json(userNotFoundBody, 404);
+            const { user, newPassword } = await User.resetPasswordByRandomString(exists._id);
+            return c.json({ user: (0, ts_rest_helpers_1.toUserPublic)(user), newPassword }, 200);
+        }
+        catch (err) {
+            debug('resetPassword error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.updateUserEmailRoute, async (c) => {
+        const { id } = c.req.valid('param');
+        const body = c.req.valid('json');
+        if (!(0, ts_rest_helpers_1.isValidObjectId)(id))
+            return c.json(invalidIdBody(id), 400);
+        try {
+            const [user, duplicate] = (await Promise.all([User.findById(id).exec(), User.findUserByEmail(body.email)]));
+            if (!user)
+                return c.json(userNotFoundBody, 404);
+            if (duplicate && !user.equals(duplicate))
+                return c.json(emailConflictBody, 409);
+            const updated = (await user.updateEmail(body.email));
+            return c.json({ user: (0, ts_rest_helpers_1.toUserPublic)(updated) }, 200);
+        }
+        catch (err) {
+            // The findUserByEmail pre-check can be raced; the unique index is the
+            // final defence. Surface its E11000 as the same 409 conflict.
+            if ((0, map_duplicate_key_error_1.isDuplicateKeyError)(err))
+                return c.json(emailConflictBody, 409);
+            debug('updateUserEmail error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.pendingUsersCountRoute, async (c) => {
+        try {
+            const count = await User.countDocuments({ status: User.STATUS_REGISTERED });
+            return c.json({ count }, 200);
+        }
+        catch (err) {
+            debug('pendingUsersCount error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminUsersRoutes.deleteUserRoute, async (c) => {
+        const { id } = c.req.valid('param');
+        if (!(0, ts_rest_helpers_1.isValidObjectId)(id))
+            return c.json(invalidIdBody(id), 400);
+        try {
+            const user = (await User.findById(id));
+            if (!user)
+                return c.json(userNotFoundBody, 404);
+            // Physical removal is restricted to never-activated (INVITED) users;
+            // activated users must go through the suspend/logical-delete flow.
+            if (user.status !== User.STATUS_INVITED)
+                return c.json(notInvitedConflictBody, 409);
+            try {
+                await promisifyMethod((cb) => User.removeCompletelyById(id, cb));
+            }
+            catch (removeErr) {
+                // removeCompletelyById re-checks the status and rejects if the user
+                // is no longer INVITED (e.g. activated by a concurrent request
+                // between our pre-check and the delete). Re-read to tell that race
+                // apart from a genuine failure and surface it as 409, not 500.
+                const current = (await User.findById(id));
+                if (current && current.status !== User.STATUS_INVITED)
+                    return c.json(notInvitedConflictBody, 409);
+                throw removeErr;
+            }
+            return c.json({ deletedId: id }, 200);
+        }
+        catch (err) {
+            debug('deleteUser error: %s', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    });
+};
+exports.registerAdminUsersRoutes = registerAdminUsersRoutes;
+//# sourceMappingURL=users.js.map

package/dist/hono/handlers/admin/users.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../src/hono/handlers/admin/users.ts"],"names":[],"mappings":";;;;;;AAAA;;;;;;;;;;;;;;GAcG;AACH,sDAA+E;AAE/E,kDAA0B;AAI1B,sDAAkE;AAClE,8EAAuE;AACvE,8DAAyE;AAGzE,kDAAgE;AAChE,+CAAyD;AAEzD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,iCAAiC,CAAC,CAAC;AAEvD,MAAM,mBAAmB,GAAG,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAW,CAAC;AAC9E,MAAM,qBAAqB,GAAG,+BAA+B,CAAC;AAC9D,MAAM,UAAU,GAAG,uBAAuB,CAAC;AAC3C,MAAM,WAAW,GAAG,CAAC,CAAS,EAAU,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AAEzE,MAAM,iBAAiB,GAAG,CAAC,CAAqB,EAAoE,EAAE;IACpH,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACzB,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,IAAI,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACvJ,OAAO;QACL,GAAG,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACjD,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE;SACnC,CAAC,CAAC;KACJ,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,aAAa,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,CAAC;IACrC,KAAK,EAAE,EAAE,IAAI,EAAE,kBAA2B,EAAE,OAAO,EAAE,oBAAoB,EAAE,EAAE,EAAE;CAChF,CAAC,CAAC;AACH,MAAM,gBAAgB,GAAG,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAoB,EAAE,OAAO,EAAE,gBAAyB,EAAE,EAAW,CAAC;AAChH,MAAM,iBAAiB,GAAG,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,UAAmB,EAAE,OAAO,EAAE,yCAAkD,EAAE,EAAW,CAAC;AACzI,MAAM,sBAAsB,GAAG;IAC7B,KAAK,EAAE,EAAE,IAAI,EAAE,UAAmB,EAAE,OAAO,EAAE,qDAA8D,EAAE;CACrG,CAAC;AAQX,MAAM,4BAA4B,GAAG,CAAC,IAAe,EAAE,SAAmB,EAAE,WAAoB,EAAmC,EAAE,CACnI,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;IAC9B,IAAI,CAAC,uBAAuB,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,GAAiB,EAAE,IAA4B,EAAE,EAAE;QACvG,IAAI,GAAG;YAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,MAAM,eAAe,GAAG,CAAI,OAA2D,EAAc,EAAE,CACrG,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;IAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QACpB,IAAI,GAAG;YAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,MAAM,kBAAkB,GAAG,KAAK,EAAE,IAAe,EAAE,MAAgB,EAAwB,EAAE;IAC3F,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAwB,CAAC;IAClG,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;AAC/C,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,KAAK,EAAE,IAAe,EAAE,IAA4B,EAAgC,EAAE;IACjH,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3E,MAAM,cAAc,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAU,CAAC,CAAC,CAAC,MAAM,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAEhH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,IAAI,GAAG,CAAC,IAAI;YAAE,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,SAAkB,EAAE,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;QACvG,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,QAAiB,EAAE,CAAC;QAC1F,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,QAAiB,EAAE,CAAC;IACzD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEK,MAAM,wBAAwB,GAAG,CAA2C,GAAM,EAAE,KAAY,EAAE,EAAE;IACzG,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjC,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAA,8BAAsB,EAAC,KAAK,CAAC,CAAC,CAAC;IACzD,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,IAAA,8BAAsB,EAAC,KAAK,CAAC,CAAC,CAAC;IAEvD,OAAO,GAAG;SACP,OAAO,CAAC,+BAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACpD,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACxD,MAAM,MAAM,GAAG,EAAE,GAAG,iBAAiB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;YACxF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE;gBACzC,IAAI;gBACJ,KAAK;gBACL,IAAI,EAAE,mBAAmB;gBACzB,MAAM,EAAE,qBAAqB;aAC9B,CAAC,CAAC;YACH,qEAAqE;YACrE,uEAAuE;YACvE,MAAM,KAAK,GAAG,IAAA,yBAAW,EAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,IAAI,IAAI,EAAE,MAAM,CAAC,UAAU,EAAE,2BAAa,CAAC,CAAC;YACnG,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,8BAAY,CAAC;gBACpC,KAAK;aACN,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,qBAAqB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACrD,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,uBAAuB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC7D,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvC,MAAM,KAAK,GAAmB,MAAM,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC3E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,8BAAY,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,8BAA8B,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAC9D,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,gBAAgB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACtD,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAClH,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,KAAK,EAAE;oBACL,IAAI,EAAE,kBAA2B;oBACjC,OAAO,EAAE,qDAAqD;iBAC/D;aACF,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,4BAA4B,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,CAAC;YAC1F,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACvD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,uBAAuB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACvD,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,aAAa,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnD,MAAM,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,IAAA,iCAAe,EAAC,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAEhE,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAGzG,CAAC;YACF,IAAI,CAAC,IAAI;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,SAAS,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;YAEhF,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAiB,CAAC;YACvF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAA,8BAAY,EAAC,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wEAAwE;YACxE,iEAAiE;YACjE,wEAAwE;YACxE,IAAI,IAAA,6CAAmB,EAAC,GAAG,CAAC;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;YACpE,KAAK,CAAC,oBAAoB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACpD,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACpD,MAAM,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,CAAC,IAAA,iCAAe,EAAC,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAwB,CAAC;YAC9D,IAAI,CAAC,IAAI;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAChD,MAAM,OAAO,GAAG,MAAM,eAAe,CAAe,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;YAChF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAA,8BAAY,EAAC,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,qBAAqB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACrD,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,oBAAoB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1D,MAAM,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,CAAC,IAAA,iCAAe,EAAC,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAwB,CAAC;YAC9D,IAAI,CAAC,IAAI;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAChD,MAAM,OAAO,GAAG,MAAM,eAAe,CAAe,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC;YACtF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAA,8BAAY,EAAC,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,2BAA2B,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAC3D,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,iBAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACvD,MAAM,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,CAAC,IAAA,iCAAe,EAAC,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAwB,CAAC;YAC9D,IAAI,CAAC,IAAI;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAChD,MAAM,OAAO,GAAG,MAAM,eAAe,CAAe,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC;YACrF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAA,8BAAY,EAAC,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,wBAAwB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACxD,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,gBAAgB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACtD,MAAM,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,CAAC,IAAA,iCAAe,EAAC,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAwB,CAAC;YAC9D,IAAI,CAAC,IAAI;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAChD,MAAM,OAAO,GAAG,MAAM,eAAe,CAAe,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC;YACpF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAA,8BAAY,EAAC,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,uBAAuB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACvD,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxD,MAAM,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,CAAC,IAAA,iCAAe,EAAC,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAwB,CAAC;YAChE,IAAI,CAAC,MAAM;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAClD,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAA,8BAAY,EAAC,IAAI,CAAC,EAAE,WAAW,EAAE,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,yBAAyB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACzD,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,oBAAoB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1D,MAAM,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,IAAA,iCAAe,EAAC,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAGzG,CAAC;YACF,IAAI,CAAC,IAAI;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,SAAS,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;YAChF,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAiB,CAAC;YACrE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAA,8BAAY,EAAC,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,sEAAsE;YACtE,8DAA8D;YAC9D,IAAI,IAAA,6CAAmB,EAAC,GAAG,CAAC;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;YACpE,KAAK,CAAC,2BAA2B,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAC3D,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC5D,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC;YAC5E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,GAAG,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,6BAA6B,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAC7D,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,+BAAgB,CAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACrD,MAAM,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,CAAC,IAAA,iCAAe,EAAC,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAwB,CAAC;YAC9D,IAAI,CAAC,IAAI;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAChD,qEAAqE;YACrE,mEAAmE;YACnE,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,cAAc;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;YACpF,IAAI,CAAC;gBACH,MAAM,eAAe,CAAW,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAC7E,CAAC;YAAC,OAAO,SAAS,EAAE,CAAC;gBACnB,oEAAoE;gBACpE,+DAA+D;gBAC/D,mEAAmE;gBACnE,+DAA+D;gBAC/D,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAwB,CAAC;gBACjE,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,cAAc;oBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;gBAClG,MAAM,SAAS,CAAC;YAClB,CAAC;YACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,sBAAsB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACtD,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC,CAAC;AAlNW,QAAA,wBAAwB,4BAkNnC"}

package/dist/hono/handlers/adminCrypto.d.ts

@@ -0,0 +1,110 @@
+import type { OpenAPIHono } from '@hono/zod-openapi';
+import type Crowi from '../../crowi';
+import type { CrowiHonoBindings } from '../app';
+export declare const registerAdminCryptoRoutes: <E extends OpenAPIHono<CrowiHonoBindings>>(app: E, crowi: Crowi) => OpenAPIHono<CrowiHonoBindings, {
+    "/admin/crypto/status": {
+        $get: {
+            input: {};
+            output: {
+                encryptionConfigured: boolean;
+                unencryptedCount: number;
+                encryptedCount: number;
+                entries: {
+                    ns: string;
+                    key: string;
+                    present: boolean;
+                    encrypted: boolean;
+                }[];
+            };
+            outputFormat: "json";
+            status: 200;
+        } | {
+            input: {};
+            output: {
+                error: {
+                    code: "AUTHENTICATION_REQUIRED";
+                    message: "Authentication is required";
+                    redirectTo?: string | undefined;
+                };
+            };
+            outputFormat: "json";
+            status: 401;
+        } | {
+            input: {};
+            output: {
+                error: {
+                    code: "ADMIN_REQUIRED";
+                    message: "Admin permission required";
+                    redirectTo?: string | undefined;
+                };
+            };
+            outputFormat: "json";
+            status: 403;
+        } | {
+            input: {};
+            output: {
+                error: {
+                    code: "INTERNAL_ERROR";
+                    message: "Internal server error";
+                };
+            };
+            outputFormat: "json";
+            status: 500;
+        };
+    };
+} & {
+    "/admin/crypto/reencrypt": {
+        $post: {
+            input: {};
+            output: {
+                rewritten: number;
+                alreadyEncrypted: number;
+                missing: number;
+            };
+            outputFormat: "json";
+            status: 200;
+        } | {
+            input: {};
+            output: {
+                error: {
+                    code: "AUTHENTICATION_REQUIRED";
+                    message: "Authentication is required";
+                    redirectTo?: string | undefined;
+                };
+            };
+            outputFormat: "json";
+            status: 401;
+        } | {
+            input: {};
+            output: {
+                error: {
+                    code: "ADMIN_REQUIRED";
+                    message: "Admin permission required";
+                    redirectTo?: string | undefined;
+                };
+            };
+            outputFormat: "json";
+            status: 403;
+        } | {
+            input: {};
+            output: {
+                error: {
+                    code: "INTERNAL_ERROR";
+                    message: "Internal server error";
+                };
+            };
+            outputFormat: "json";
+            status: 500;
+        } | {
+            input: {};
+            output: {
+                error: {
+                    code: "ENCRYPTION_NOT_CONFIGURED";
+                    message: string;
+                };
+            };
+            outputFormat: "json";
+            status: 503;
+        };
+    };
+}, "/">;

package/dist/hono/handlers/adminCrypto.js

@@ -0,0 +1,151 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerAdminCryptoRoutes = void 0;
+/**
+ * RFC-0006 Phase 4 Batch 8 — `adminCrypto` resource Hono port.
+ *
+ * Replaces `packages/api/src/routes/ts-rest/adminCrypto.ts`. Two
+ * admin-only endpoints:
+ *
+ *   GET  /admin/crypto/status      — report which sensitive Config rows
+ *                                    are still plaintext
+ *   POST /admin/crypto/reencrypt   — re-encrypt every plaintext row
+ *                                    with the current key
+ *
+ * Auth:
+ *   - This handler is the FIRST Hono migration to install
+ *     `createJwtAdminRequired(crowi)`. The middleware chains the
+ *     `jwtAuth` factory internally (so `c.get('user')` is populated)
+ *     then enforces `user.admin === true`, returning a 403
+ *     `AdminRequiredError` envelope on failure. Wire shape is identical
+ *     to the legacy `jwtAdminRequired` Express middleware.
+ *   - Install is per-path (same idiom as `search` / `autocomplete`'s
+ *     `/users/autocomplete`) on the two literal paths only. No other
+ *     handler owns `/admin/crypto/*`, so there is no double-apply risk.
+ *     Batch 9 adds the rest of the admin sub-contracts — each one
+ *     installs its own `createJwtAdminRequired(crowi)` on its own
+ *     prefix, mirroring the per-path pattern.
+ *
+ * Wire-format parity:
+ *   - `getCryptoStatus` reads the raw `value` column (not via
+ *     `loadAllConfig`) so the encrypted-vs-plaintext determination can
+ *     branch on the `enc:v1:` prefix.
+ *   - `reencryptAll` returns 503 `ENCRYPTION_NOT_CONFIGURED` when
+ *     `CROWI_ENCRYPTION_KEY` is missing — same precondition as the
+ *     ts-rest era. The `reencryptAll` body is `JSON.stringify`'d once
+ *     by Express `body-parser` so we wrap it verbatim with `encrypt()`
+ *     and no parse / stringify round-trip happens on the migration
+ *     path.
+ */
+const api_contract_1 = require("@crowi/api-contract");
+const debug_1 = __importDefault(require("debug"));
+const config_sensitive_1 = require("../../models/config-sensitive");
+const crypto_1 = require("../../util/crypto");
+const admin_1 = require("../middleware/admin");
+const errors_1 = require("./_helpers/errors");
+const debug = (0, debug_1.default)('crowi:hono:handlers:adminCrypto');
+/**
+ * 503 envelope returned when `CROWI_ENCRYPTION_KEY` is not configured.
+ * Body literal preserved verbatim from the ts-rest era — clients (the
+ * admin dashboard `crypto-status-card`) match on the `code` field.
+ */
+const ENCRYPTION_NOT_CONFIGURED_BODY = {
+    error: {
+        code: 'ENCRYPTION_NOT_CONFIGURED',
+        message: 'CROWI_ENCRYPTION_KEY is not set on the server.',
+    },
+};
+const registerAdminCryptoRoutes = (app, crowi) => {
+    const Config = crowi.model('Config');
+    // `/admin/crypto/*` is admin-only — install `createJwtAdminRequired`
+    // on the two literal paths. The middleware chains `jwtAuth` so
+    // `c.get('user')` is populated before the admin gate runs. No other
+    // handler owns these paths, so there is no double-apply risk.
+    app.use('/admin/crypto/status', (0, admin_1.createJwtAdminRequired)(crowi));
+    app.use('/admin/crypto/reencrypt', (0, admin_1.createJwtAdminRequired)(crowi));
+    return app
+        .openapi(api_contract_1.adminCryptoRoutes.getCryptoStatusRoute, async (c) => {
+        debug('getCryptoStatus called');
+        try {
+            const registry = (0, config_sensitive_1.listSensitiveConfigKeys)();
+            const docs = (await Config.find({
+                $or: registry.map(({ ns, key }) => ({ ns, key })),
+            })
+                .lean()
+                .exec());
+            const docByCompound = new Map();
+            for (const doc of docs) {
+                docByCompound.set(`${doc.ns}:${doc.key}`, { value: doc.value });
+            }
+            let unencryptedCount = 0;
+            let encryptedCount = 0;
+            const entries = registry.map(({ ns, key }) => {
+                const stored = docByCompound.get(`${ns}:${key}`);
+                if (!stored) {
+                    return { ns, key, present: false, encrypted: false };
+                }
+                const encrypted = (0, crypto_1.isEncrypted)(stored.value);
+                if (encrypted)
+                    encryptedCount += 1;
+                else
+                    unencryptedCount += 1;
+                return { ns, key, present: true, encrypted };
+            });
+            return c.json({
+                encryptionConfigured: (0, crypto_1.isEncryptionConfigured)(),
+                unencryptedCount,
+                encryptedCount,
+                entries,
+            }, 200);
+        }
+        catch (err) {
+            debug('Error in getCryptoStatus:', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    })
+        .openapi(api_contract_1.adminCryptoRoutes.reencryptAllRoute, async (c) => {
+        debug('reencryptAll called');
+        if (!(0, crypto_1.isEncryptionConfigured)()) {
+            return c.json(ENCRYPTION_NOT_CONFIGURED_BODY, 503);
+        }
+        try {
+            const registry = (0, config_sensitive_1.listSensitiveConfigKeys)();
+            const docs = (await Config.find({
+                $or: registry.map(({ ns, key }) => ({ ns, key })),
+            })
+                .lean()
+                .exec());
+            const presentByCompound = new Map();
+            for (const doc of docs)
+                presentByCompound.set(`${doc.ns}:${doc.key}`, doc.value);
+            let rewritten = 0;
+            let alreadyEncrypted = 0;
+            let missing = 0;
+            for (const { ns, key } of registry) {
+                const value = presentByCompound.get(`${ns}:${key}`);
+                if (value === undefined) {
+                    missing += 1;
+                    continue;
+                }
+                if ((0, crypto_1.isEncrypted)(value)) {
+                    alreadyEncrypted += 1;
+                    continue;
+                }
+                const next = (0, crypto_1.encrypt)(value);
+                await Config.findOneAndUpdate({ ns, key }, { ns, key, value: next }, { upsert: true }).exec();
+                debug('re-encrypted %s:%s', ns, key);
+                rewritten += 1;
+            }
+            return c.json({ rewritten, alreadyEncrypted, missing }, 200);
+        }
+        catch (err) {
+            debug('Error in reencryptAll:', err.message);
+            return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
+        }
+    });
+};
+exports.registerAdminCryptoRoutes = registerAdminCryptoRoutes;
+//# sourceMappingURL=adminCrypto.js.map

package/dist/hono/handlers/adminCrypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adminCrypto.js","sourceRoot":"","sources":["../../../src/hono/handlers/adminCrypto.ts"],"names":[],"mappings":";;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,sDAAmF;AAEnF,kDAA0B;AAG1B,kEAAsE;AACtE,4CAA+E;AAG/E,+CAA6D;AAC7D,8CAAwD;AAExD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,iCAAiC,CAAC,CAAC;AAEvD;;;;GAIG;AACH,MAAM,8BAA8B,GAAG;IACrC,KAAK,EAAE;QACL,IAAI,EAAE,2BAAoC;QAC1C,OAAO,EAAE,gDAAyD;KACnE;CACF,CAAC;AAEK,MAAM,yBAAyB,GAAG,CAA2C,GAAM,EAAE,KAAY,EAAE,EAAE;IAC1G,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAErC,qEAAqE;IACrE,+DAA+D;IAC/D,oEAAoE;IACpE,8DAA8D;IAC9D,GAAG,CAAC,GAAG,CAAC,sBAAsB,EAAE,IAAA,8BAAsB,EAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,GAAG,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAA,8BAAsB,EAAC,KAAK,CAAC,CAAC,CAAC;IAElE,OAAO,GAAG;SACP,OAAO,CAAC,gCAAiB,CAAC,oBAAoB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC3D,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAEhC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAA,0CAAuB,GAAE,CAAC;YAE3C,MAAM,IAAI,GAAG,CAAC,MAAM,MAAM,CAAC,IAAI,CAAC;gBAC9B,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;aAClD,CAAC;iBACC,IAAI,EAAE;iBACN,IAAI,EAAE,CAAsD,CAAC;YAEhE,MAAM,aAAa,GAAG,IAAI,GAAG,EAA6B,CAAC;YAC3D,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,aAAa,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YAClE,CAAC;YAED,IAAI,gBAAgB,GAAG,CAAC,CAAC;YACzB,IAAI,cAAc,GAAG,CAAC,CAAC;YACvB,MAAM,OAAO,GAA2B,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;gBACnE,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;gBACjD,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;gBACvD,CAAC;gBACD,MAAM,SAAS,GAAG,IAAA,oBAAW,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC5C,IAAI,SAAS;oBAAE,cAAc,IAAI,CAAC,CAAC;;oBAC9B,gBAAgB,IAAI,CAAC,CAAC;gBAC3B,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YAC/C,CAAC,CAAC,CAAC;YAEH,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,oBAAoB,EAAE,IAAA,+BAAsB,GAAE;gBAC9C,gBAAgB;gBAChB,cAAc;gBACd,OAAO;aACR,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,2BAA2B,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAC3D,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,gCAAiB,CAAC,iBAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxD,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAE7B,IAAI,CAAC,IAAA,+BAAsB,GAAE,EAAE,CAAC;YAC9B,OAAO,CAAC,CAAC,IAAI,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAA,0CAAuB,GAAE,CAAC;YAE3C,MAAM,IAAI,GAAG,CAAC,MAAM,MAAM,CAAC,IAAI,CAAC;gBAC9B,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;aAClD,CAAC;iBACC,IAAI,EAAE;iBACN,IAAI,EAAE,CAAsD,CAAC;YAEhE,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAkB,CAAC;YACpD,KAAK,MAAM,GAAG,IAAI,IAAI;gBAAE,iBAAiB,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,GAAG,EAAE,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;YAEjF,IAAI,SAAS,GAAG,CAAC,CAAC;YAClB,IAAI,gBAAgB,GAAG,CAAC,CAAC;YACzB,IAAI,OAAO,GAAG,CAAC,CAAC;YAEhB,KAAK,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,QAAQ,EAAE,CAAC;gBACnC,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;gBACpD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC,CAAC;oBACb,SAAS;gBACX,CAAC;gBACD,IAAI,IAAA,oBAAW,EAAC,KAAK,CAAC,EAAE,CAAC;oBACvB,gBAAgB,IAAI,CAAC,CAAC;oBACtB,SAAS;gBACX,CAAC;gBACD,MAAM,IAAI,GAAG,IAAA,gBAAO,EAAC,KAAK,CAAC,CAAC;gBAC5B,MAAM,MAAM,CAAC,gBAAgB,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC9F,KAAK,CAAC,oBAAoB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;gBACrC,SAAS,IAAI,CAAC,CAAC;YACjB,CAAC;YAED,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,wBAAwB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACxD,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC,CAAC;AApGW,QAAA,yBAAyB,6BAoGpC"}

package/dist/hono/handlers/app.d.ts

@@ -0,0 +1,26 @@
+import type { OpenAPIHono } from '@hono/zod-openapi';
+import type Crowi from '../../crowi';
+import type { CrowiHonoBindings } from '../app';
+export declare const registerAppRoutes: <E extends OpenAPIHono<CrowiHonoBindings>>(app: E, crowi: Crowi) => OpenAPIHono<CrowiHonoBindings, {
+    "/app/info": {
+        $get: {
+            input: {};
+            output: {
+                title: string | null;
+                confidential: string | null;
+            };
+            outputFormat: "json";
+            status: 200;
+        } | {
+            input: {};
+            output: {
+                error: {
+                    code: "INTERNAL_ERROR";
+                    message: "Internal server error";
+                };
+            };
+            outputFormat: "json";
+            status: 500;
+        };
+    };
+}, "/">;