npm - @digitaldefiance/node-express-suite-mongo - Versions diffs - 4.23.0 - Mend

@digitaldefiance/node-express-suite-mongo 4.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (390) hide show

package/README.md +152 -0
package/package.json +51 -0
package/src/__tests__/fixtures/index.d.ts +2 -0
package/src/__tests__/fixtures/index.d.ts.map +1 -0
package/src/__tests__/fixtures/index.js +5 -0
package/src/__tests__/fixtures/index.js.map +1 -0
package/src/__tests__/fixtures/model-mocks.mock.d.ts +12 -0
package/src/__tests__/fixtures/model-mocks.mock.d.ts.map +1 -0
package/src/__tests__/fixtures/model-mocks.mock.js +102 -0
package/src/__tests__/fixtures/model-mocks.mock.js.map +1 -0
package/src/__tests__/helpers/application.mock.d.ts +4 -0
package/src/__tests__/helpers/application.mock.d.ts.map +1 -0
package/src/__tests__/helpers/application.mock.js +35 -0
package/src/__tests__/helpers/application.mock.js.map +1 -0
package/src/__tests__/helpers/index.d.ts +5 -0
package/src/__tests__/helpers/index.d.ts.map +1 -0
package/src/__tests__/helpers/index.js +8 -0
package/src/__tests__/helpers/index.js.map +1 -0
package/src/__tests__/helpers/mongoose-memory.d.ts +14 -0
package/src/__tests__/helpers/mongoose-memory.d.ts.map +1 -0
package/src/__tests__/helpers/mongoose-memory.js +49 -0
package/src/__tests__/helpers/mongoose-memory.js.map +1 -0
package/src/__tests__/helpers/setup-test-env.d.ts +13 -0
package/src/__tests__/helpers/setup-test-env.d.ts.map +1 -0
package/src/__tests__/helpers/setup-test-env.js +131 -0
package/src/__tests__/helpers/setup-test-env.js.map +1 -0
package/src/__tests__/index.d.ts +3 -0
package/src/__tests__/index.d.ts.map +1 -0
package/src/__tests__/index.js +6 -0
package/src/__tests__/index.js.map +1 -0
package/src/builders/application-builder.d.ts +38 -0
package/src/builders/application-builder.d.ts.map +1 -0
package/src/builders/application-builder.js +82 -0
package/src/builders/application-builder.js.map +1 -0
package/src/builders/index.d.ts +2 -0
package/src/builders/index.d.ts.map +1 -0
package/src/builders/index.js +5 -0
package/src/builders/index.js.map +1 -0
package/src/controllers/index.d.ts +3 -0
package/src/controllers/index.d.ts.map +1 -0
package/src/controllers/index.js +6 -0
package/src/controllers/index.js.map +1 -0
package/src/controllers/mongo-base.d.ts +55 -0
package/src/controllers/mongo-base.d.ts.map +1 -0
package/src/controllers/mongo-base.js +108 -0
package/src/controllers/mongo-base.js.map +1 -0
package/src/controllers/user.d.ts +61 -0
package/src/controllers/user.d.ts.map +1 -0
package/src/controllers/user.js +944 -0
package/src/controllers/user.js.map +1 -0
package/src/documents/base.d.ts +15 -0
package/src/documents/base.d.ts.map +1 -0
package/src/documents/base.js +8 -0
package/src/documents/base.js.map +1 -0
package/src/documents/email-token.d.ts +15 -0
package/src/documents/email-token.d.ts.map +1 -0
package/src/documents/email-token.js +8 -0
package/src/documents/email-token.js.map +1 -0
package/src/documents/index.d.ts +8 -0
package/src/documents/index.d.ts.map +1 -0
package/src/documents/index.js +3 -0
package/src/documents/index.js.map +1 -0
package/src/documents/mnemonic.d.ts +16 -0
package/src/documents/mnemonic.d.ts.map +1 -0
package/src/documents/mnemonic.js +8 -0
package/src/documents/mnemonic.js.map +1 -0
package/src/documents/role.d.ts +15 -0
package/src/documents/role.d.ts.map +1 -0
package/src/documents/role.js +8 -0
package/src/documents/role.js.map +1 -0
package/src/documents/used-direct-login-token.d.ts +16 -0
package/src/documents/used-direct-login-token.d.ts.map +1 -0
package/src/documents/used-direct-login-token.js +8 -0
package/src/documents/used-direct-login-token.js.map +1 -0
package/src/documents/user-role.d.ts +16 -0
package/src/documents/user-role.d.ts.map +1 -0
package/src/documents/user-role.js +8 -0
package/src/documents/user-role.js.map +1 -0
package/src/documents/user.d.ts +16 -0
package/src/documents/user.d.ts.map +1 -0
package/src/documents/user.js +8 -0
package/src/documents/user.js.map +1 -0
package/src/enumerations/base-model-name.d.ts +43 -0
package/src/enumerations/base-model-name.d.ts.map +1 -0
package/src/enumerations/base-model-name.js +39 -0
package/src/enumerations/base-model-name.js.map +1 -0
package/src/enumerations/index.d.ts +3 -0
package/src/enumerations/index.d.ts.map +1 -0
package/src/enumerations/index.js +6 -0
package/src/enumerations/index.js.map +1 -0
package/src/enumerations/schema-collection.d.ts +39 -0
package/src/enumerations/schema-collection.d.ts.map +1 -0
package/src/enumerations/schema-collection.js +43 -0
package/src/enumerations/schema-collection.js.map +1 -0
package/src/errors/index.d.ts +5 -0
package/src/errors/index.d.ts.map +1 -0
package/src/errors/index.js +8 -0
package/src/errors/index.js.map +1 -0
package/src/errors/invalid-backup-code-version.d.ts +5 -0
package/src/errors/invalid-backup-code-version.d.ts.map +1 -0
package/src/errors/invalid-backup-code-version.js +14 -0
package/src/errors/invalid-backup-code-version.js.map +1 -0
package/src/errors/invalid-model.d.ts +18 -0
package/src/errors/invalid-model.d.ts.map +1 -0
package/src/errors/invalid-model.js +26 -0
package/src/errors/invalid-model.js.map +1 -0
package/src/errors/model-not-registered.d.ts +18 -0
package/src/errors/model-not-registered.d.ts.map +1 -0
package/src/errors/model-not-registered.js +26 -0
package/src/errors/model-not-registered.js.map +1 -0
package/src/errors/mongoose-validation.d.ts +28 -0
package/src/errors/mongoose-validation.d.ts.map +1 -0
package/src/errors/mongoose-validation.js +33 -0
package/src/errors/mongoose-validation.js.map +1 -0
package/src/index.d.ts +19 -0
package/src/index.d.ts.map +1 -0
package/src/index.js +31 -0
package/src/index.js.map +1 -0
package/src/interfaces/api-mongo-validation-error-response.d.ts +16 -0
package/src/interfaces/api-mongo-validation-error-response.d.ts.map +1 -0
package/src/interfaces/api-mongo-validation-error-response.js +8 -0
package/src/interfaces/api-mongo-validation-error-response.js.map +1 -0
package/src/interfaces/database-init-result-tx.d.ts +27 -0
package/src/interfaces/database-init-result-tx.d.ts.map +1 -0
package/src/interfaces/database-init-result-tx.js +3 -0
package/src/interfaces/database-init-result-tx.js.map +1 -0
package/src/interfaces/db-init-result.d.ts +16 -0
package/src/interfaces/db-init-result.d.ts.map +1 -0
package/src/interfaces/db-init-result.js +8 -0
package/src/interfaces/db-init-result.js.map +1 -0
package/src/interfaces/discriminator-collections.d.ts +17 -0
package/src/interfaces/discriminator-collections.d.ts.map +1 -0
package/src/interfaces/discriminator-collections.js +8 -0
package/src/interfaces/discriminator-collections.js.map +1 -0
package/src/interfaces/environment-mongo.d.ts +88 -0
package/src/interfaces/environment-mongo.d.ts.map +1 -0
package/src/interfaces/environment-mongo.js +8 -0
package/src/interfaces/environment-mongo.js.map +1 -0
package/src/interfaces/index.d.ts +13 -0
package/src/interfaces/index.d.ts.map +1 -0
package/src/interfaces/index.js +16 -0
package/src/interfaces/index.js.map +1 -0
package/src/interfaces/models/email-token.d.ts +12 -0
package/src/interfaces/models/email-token.d.ts.map +1 -0
package/src/interfaces/models/email-token.js +8 -0
package/src/interfaces/models/email-token.js.map +1 -0
package/src/interfaces/models/index.d.ts +8 -0
package/src/interfaces/models/index.d.ts.map +1 -0
package/src/interfaces/models/index.js +11 -0
package/src/interfaces/models/index.js.map +1 -0
package/src/interfaces/models/mnemonic.d.ts +13 -0
package/src/interfaces/models/mnemonic.d.ts.map +1 -0
package/src/interfaces/models/mnemonic.js +8 -0
package/src/interfaces/models/mnemonic.js.map +1 -0
package/src/interfaces/models/role.d.ts +12 -0
package/src/interfaces/models/role.d.ts.map +1 -0
package/src/interfaces/models/role.js +8 -0
package/src/interfaces/models/role.js.map +1 -0
package/src/interfaces/models/token-role.d.ts +19 -0
package/src/interfaces/models/token-role.d.ts.map +1 -0
package/src/interfaces/models/token-role.js +8 -0
package/src/interfaces/models/token-role.js.map +1 -0
package/src/interfaces/models/used-direct-login-token.d.ts +19 -0
package/src/interfaces/models/used-direct-login-token.d.ts.map +1 -0
package/src/interfaces/models/used-direct-login-token.js +8 -0
package/src/interfaces/models/used-direct-login-token.js.map +1 -0
package/src/interfaces/models/user-role.d.ts +19 -0
package/src/interfaces/models/user-role.d.ts.map +1 -0
package/src/interfaces/models/user-role.js +8 -0
package/src/interfaces/models/user-role.js.map +1 -0
package/src/interfaces/models/user.d.ts +21 -0
package/src/interfaces/models/user.d.ts.map +1 -0
package/src/interfaces/models/user.js +8 -0
package/src/interfaces/models/user.js.map +1 -0
package/src/interfaces/mongo-application.d.ts +47 -0
package/src/interfaces/mongo-application.d.ts.map +1 -0
package/src/interfaces/mongo-application.js +10 -0
package/src/interfaces/mongo-application.js.map +1 -0
package/src/interfaces/mongo-errors.d.ts +13 -0
package/src/interfaces/mongo-errors.d.ts.map +1 -0
package/src/interfaces/mongo-errors.js +8 -0
package/src/interfaces/mongo-errors.js.map +1 -0
package/src/interfaces/mongoose-document-store.d.ts +42 -0
package/src/interfaces/mongoose-document-store.d.ts.map +1 -0
package/src/interfaces/mongoose-document-store.js +10 -0
package/src/interfaces/mongoose-document-store.js.map +1 -0
package/src/interfaces/schema.d.ts +37 -0
package/src/interfaces/schema.d.ts.map +1 -0
package/src/interfaces/schema.js +8 -0
package/src/interfaces/schema.js.map +1 -0
package/src/interfaces/server-init-result.d.ts +45 -0
package/src/interfaces/server-init-result.d.ts.map +1 -0
package/src/interfaces/server-init-result.js +8 -0
package/src/interfaces/server-init-result.js.map +1 -0
package/src/interfaces/test-environment.d.ts +22 -0
package/src/interfaces/test-environment.d.ts.map +1 -0
package/src/interfaces/test-environment.js +8 -0
package/src/interfaces/test-environment.js.map +1 -0
package/src/model-registry.d.ts +79 -0
package/src/model-registry.d.ts.map +1 -0
package/src/model-registry.js +97 -0
package/src/model-registry.js.map +1 -0
package/src/models/email-token.d.ts +24 -0
package/src/models/email-token.d.ts.map +1 -0
package/src/models/email-token.js +16 -0
package/src/models/email-token.js.map +1 -0
package/src/models/index.d.ts +7 -0
package/src/models/index.d.ts.map +1 -0
package/src/models/index.js +10 -0
package/src/models/index.js.map +1 -0
package/src/models/mnemonic.d.ts +24 -0
package/src/models/mnemonic.d.ts.map +1 -0
package/src/models/mnemonic.js +27 -0
package/src/models/mnemonic.js.map +1 -0
package/src/models/role.d.ts +24 -0
package/src/models/role.d.ts.map +1 -0
package/src/models/role.js +27 -0
package/src/models/role.js.map +1 -0
package/src/models/used-direct-login-token.d.ts +24 -0
package/src/models/used-direct-login-token.d.ts.map +1 -0
package/src/models/used-direct-login-token.js +16 -0
package/src/models/used-direct-login-token.js.map +1 -0
package/src/models/user-role.d.ts +23 -0
package/src/models/user-role.d.ts.map +1 -0
package/src/models/user-role.js +26 -0
package/src/models/user-role.js.map +1 -0
package/src/models/user.d.ts +24 -0
package/src/models/user.d.ts.map +1 -0
package/src/models/user.js +27 -0
package/src/models/user.js.map +1 -0
package/src/mongo-application-concrete.d.ts +30 -0
package/src/mongo-application-concrete.d.ts.map +1 -0
package/src/mongo-application-concrete.js +46 -0
package/src/mongo-application-concrete.js.map +1 -0
package/src/plugins/index.d.ts +2 -0
package/src/plugins/index.d.ts.map +1 -0
package/src/plugins/index.js +5 -0
package/src/plugins/index.js.map +1 -0
package/src/plugins/mongo-database-plugin.d.ts +116 -0
package/src/plugins/mongo-database-plugin.d.ts.map +1 -0
package/src/plugins/mongo-database-plugin.js +230 -0
package/src/plugins/mongo-database-plugin.js.map +1 -0
package/src/routers/api.d.ts +29 -0
package/src/routers/api.d.ts.map +1 -0
package/src/routers/api.js +84 -0
package/src/routers/api.js.map +1 -0
package/src/routers/index.d.ts +2 -0
package/src/routers/index.d.ts.map +1 -0
package/src/routers/index.js +5 -0
package/src/routers/index.js.map +1 -0
package/src/schemas/email-token.d.ts +65 -0
package/src/schemas/email-token.d.ts.map +1 -0
package/src/schemas/email-token.js +68 -0
package/src/schemas/email-token.js.map +1 -0
package/src/schemas/index.d.ts +8 -0
package/src/schemas/index.d.ts.map +1 -0
package/src/schemas/index.js +11 -0
package/src/schemas/index.js.map +1 -0
package/src/schemas/mnemonic.d.ts +37 -0
package/src/schemas/mnemonic.d.ts.map +1 -0
package/src/schemas/mnemonic.js +41 -0
package/src/schemas/mnemonic.js.map +1 -0
package/src/schemas/role.d.ts +57 -0
package/src/schemas/role.d.ts.map +1 -0
package/src/schemas/role.js +102 -0
package/src/schemas/role.js.map +1 -0
package/src/schemas/schema.d.ts +62 -0
package/src/schemas/schema.d.ts.map +1 -0
package/src/schemas/schema.js +81 -0
package/src/schemas/schema.js.map +1 -0
package/src/schemas/used-direct-login-token.d.ts +49 -0
package/src/schemas/used-direct-login-token.d.ts.map +1 -0
package/src/schemas/used-direct-login-token.js +35 -0
package/src/schemas/used-direct-login-token.js.map +1 -0
package/src/schemas/user-role.d.ts +52 -0
package/src/schemas/user-role.d.ts.map +1 -0
package/src/schemas/user-role.js +67 -0
package/src/schemas/user-role.js.map +1 -0
package/src/schemas/user.d.ts +43 -0
package/src/schemas/user.d.ts.map +1 -0
package/src/schemas/user.js +214 -0
package/src/schemas/user.js.map +1 -0
package/src/services/backup-code.d.ts +118 -0
package/src/services/backup-code.d.ts.map +1 -0
package/src/services/backup-code.js +320 -0
package/src/services/backup-code.js.map +1 -0
package/src/services/database-initialization.d.ts +137 -0
package/src/services/database-initialization.d.ts.map +1 -0
package/src/services/database-initialization.js +911 -0
package/src/services/database-initialization.js.map +1 -0
package/src/services/db-init-cache.d.ts +18 -0
package/src/services/db-init-cache.d.ts.map +1 -0
package/src/services/db-init-cache.js +7 -0
package/src/services/db-init-cache.js.map +1 -0
package/src/services/direct-login-token.d.ts +28 -0
package/src/services/direct-login-token.d.ts.map +1 -0
package/src/services/direct-login-token.js +62 -0
package/src/services/direct-login-token.js.map +1 -0
package/src/services/index.d.ts +17 -0
package/src/services/index.d.ts.map +1 -0
package/src/services/index.js +20 -0
package/src/services/index.js.map +1 -0
package/src/services/jwt.d.ts +20 -0
package/src/services/jwt.d.ts.map +1 -0
package/src/services/jwt.js +79 -0
package/src/services/jwt.js.map +1 -0
package/src/services/mnemonic.d.ts +30 -0
package/src/services/mnemonic.d.ts.map +1 -0
package/src/services/mnemonic.js +80 -0
package/src/services/mnemonic.js.map +1 -0
package/src/services/mongo-authentication-provider.d.ts +27 -0
package/src/services/mongo-authentication-provider.d.ts.map +1 -0
package/src/services/mongo-authentication-provider.js +97 -0
package/src/services/mongo-authentication-provider.js.map +1 -0
package/src/services/mongo-backup-code-store.d.ts +40 -0
package/src/services/mongo-backup-code-store.d.ts.map +1 -0
package/src/services/mongo-backup-code-store.js +104 -0
package/src/services/mongo-backup-code-store.js.map +1 -0
package/src/services/mongo-base.d.ts +24 -0
package/src/services/mongo-base.d.ts.map +1 -0
package/src/services/mongo-base.js +28 -0
package/src/services/mongo-base.js.map +1 -0
package/src/services/mongoose-collection.d.ts +52 -0
package/src/services/mongoose-collection.d.ts.map +1 -0
package/src/services/mongoose-collection.js +326 -0
package/src/services/mongoose-collection.js.map +1 -0
package/src/services/mongoose-database.d.ts +64 -0
package/src/services/mongoose-database.d.ts.map +1 -0
package/src/services/mongoose-database.js +121 -0
package/src/services/mongoose-database.js.map +1 -0
package/src/services/mongoose-document-store.d.ts +108 -0
package/src/services/mongoose-document-store.d.ts.map +1 -0
package/src/services/mongoose-document-store.js +265 -0
package/src/services/mongoose-document-store.js.map +1 -0
package/src/services/mongoose-session-adapter.d.ts +39 -0
package/src/services/mongoose-session-adapter.d.ts.map +1 -0
package/src/services/mongoose-session-adapter.js +63 -0
package/src/services/mongoose-session-adapter.js.map +1 -0
package/src/services/request-user.d.ts +22 -0
package/src/services/request-user.d.ts.map +1 -0
package/src/services/request-user.js +66 -0
package/src/services/request-user.js.map +1 -0
package/src/services/role.d.ts +97 -0
package/src/services/role.d.ts.map +1 -0
package/src/services/role.js +288 -0
package/src/services/role.js.map +1 -0
package/src/services/user.d.ts +362 -0
package/src/services/user.d.ts.map +1 -0
package/src/services/user.js +1504 -0
package/src/services/user.js.map +1 -0
package/src/testing.d.ts +9 -0
package/src/testing.d.ts.map +1 -0
package/src/testing.js +12 -0
package/src/testing.js.map +1 -0
package/src/transactions/index.d.ts +2 -0
package/src/transactions/index.d.ts.map +1 -0
package/src/transactions/index.js +5 -0
package/src/transactions/index.js.map +1 -0
package/src/transactions/transaction-manager.d.ts +37 -0
package/src/transactions/transaction-manager.d.ts.map +1 -0
package/src/transactions/transaction-manager.js +50 -0
package/src/transactions/transaction-manager.js.map +1 -0
package/src/types/index.d.ts +26 -0
package/src/types/index.d.ts.map +1 -0
package/src/types/index.js +9 -0
package/src/types/index.js.map +1 -0
package/src/types/mongoose-helpers.d.ts +16 -0
package/src/types/mongoose-helpers.d.ts.map +1 -0
package/src/types/mongoose-helpers.js +8 -0
package/src/types/mongoose-helpers.js.map +1 -0
package/src/utils/default-mongo-uri-validator.d.ts +15 -0
package/src/utils/default-mongo-uri-validator.d.ts.map +1 -0
package/src/utils/default-mongo-uri-validator.js +46 -0
package/src/utils/default-mongo-uri-validator.js.map +1 -0
package/src/utils/index.d.ts +5 -0
package/src/utils/index.d.ts.map +1 -0
package/src/utils/index.js +8 -0
package/src/utils/index.js.map +1 -0
package/src/utils/mongo-error-response.d.ts +17 -0
package/src/utils/mongo-error-response.d.ts.map +1 -0
package/src/utils/mongo-error-response.js +21 -0
package/src/utils/mongo-error-response.js.map +1 -0
package/src/utils/mongo-transaction.d.ts +39 -0
package/src/utils/mongo-transaction.d.ts.map +1 -0
package/src/utils/mongo-transaction.js +131 -0
package/src/utils/mongo-transaction.js.map +1 -0
package/src/utils/object-id.d.ts +11 -0
package/src/utils/object-id.d.ts.map +1 -0
package/src/utils/object-id.js +17 -0
package/src/utils/object-id.js.map +1 -0

package/src/services/backup-code.js ADDED Viewed

@@ -0,0 +1,320 @@
+"use strict";
+/**
+ * @fileoverview Backup code service for secure account recovery.
+ * Implements v1.0.0 backup code scheme with Argon2id KDF and HKDF-SHA256 checksums.
+ *
+ * Storage-agnostic: accepts an optional {@link IBackupCodeStore} for persistence.
+ * When no store is provided, falls back to direct UserDocument manipulation
+ * (backward-compatible Mongoose path).
+ *
+ * @module services/backup-code
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BackupCodeService = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
+const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
+const crypto_1 = require("crypto");
+const node_express_suite_1 = require("@digitaldefiance/node-express-suite");
+const invalid_backup_code_version_1 = require("../errors/invalid-backup-code-version");
+/**
+ * Service for backup code generation, validation, and key recovery.
+ * Implements secure backup code scheme with constant-time validation and key wrapping.
+ *
+ * Storage is abstracted via {@link IBackupCodeStore}. When a store is provided,
+ * all persistence goes through the store interface. When omitted, the service
+ * falls back to direct UserDocument manipulation for backward compatibility
+ * with existing Mongoose-based consumers.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TDate - Date type (defaults to Date)
+ * @template TTokenRole - Token role interface type
+ * @template TApplication - Application interface type
+ * @extends {BaseService<TID>}
+ */
+class BackupCodeService extends node_express_suite_1.BaseService {
+    eciesService;
+    systemUser;
+    keyWrappingService;
+    roleService;
+    store;
+    /**
+     * Construct a BackupCodeService.
+     * @param application - The application instance
+     * @param eciesService - ECIES cryptographic service
+     * @param keyWrappingService - Key wrapping service for password-based key protection
+     * @param roleService - Role service for member type resolution
+     * @param store - Optional storage adapter. When omitted, falls back to direct
+     *   UserDocument manipulation (Mongoose). Provide an IBackupCodeStore implementation
+     *   for non-Mongoose backends (e.g. BrightDB).
+     */
+    constructor(application, eciesService, keyWrappingService, roleService, store) {
+        super(application);
+        this.eciesService = eciesService;
+        this.keyWrappingService = keyWrappingService;
+        this.roleService = roleService;
+        this.store = store;
+    }
+    /**
+     * Get the lazily-initialized system user for key wrapping/unwrapping.
+     */
+    getSystemUser() {
+        if (!this.systemUser) {
+            this.systemUser = node_express_suite_1.SystemUserService.getSystemUser(this.application.environment, this.application.constants);
+        }
+        return this.systemUser;
+    }
+    /**
+     * Forcibly set the system user (for database initialization)
+     * @param user
+     */
+    setSystemUser(user) {
+        this.systemUser = user;
+    }
+    // ── Pure crypto operations (no storage dependency) ─────────────────────
+    /**
+     * v1: Consume (validate and remove) a backup code via constant-time checksum match.
+     */
+    useBackupCodeV1(encryptedBackupCodes, backupCode) {
+        const normalizedCode = node_express_suite_1.BackupCode.normalizeCode(backupCode);
+        if (!node_express_suite_1.LocalhostConstants.BACKUP_CODES.NormalizedHexRegex.test(normalizedCode)) {
+            throw new suite_core_lib_1.InvalidBackupCodeError();
+        }
+        const codeBytes = Buffer.from(normalizedCode, 'utf8');
+        try {
+            for (const code of encryptedBackupCodes) {
+                if (code.version !== node_express_suite_1.BackupCode.BackupCodeVersion)
+                    continue;
+                const checksumSalt = Buffer.from(code.checksumSalt, 'hex');
+                const expected = node_express_suite_1.BackupCode.hkdfSha256(codeBytes, checksumSalt, Buffer.from('backup-checksum'), 32);
+                if (code.checksum.length === expected.length * 2 &&
+                    (0, crypto_1.timingSafeEqual)(Buffer.from(code.checksum, 'hex'), expected)) {
+                    const checksumHex = expected.toString('hex');
+                    return {
+                        newCodesArray: encryptedBackupCodes.filter((c) => c.checksum !== checksumHex),
+                        code,
+                    };
+                }
+            }
+            throw new suite_core_lib_1.InvalidBackupCodeError();
+        }
+        finally {
+            codeBytes.fill(0);
+        }
+    }
+    /**
+     * Consume a backup code by first detecting the version and then dispatching to the appropriate handler.
+     */
+    useBackupCode(encryptedBackupCodes, backupCode) {
+        const version = node_express_suite_1.BackupCode.detectBackupCodeVersion(encryptedBackupCodes, backupCode);
+        switch (version) {
+            case node_express_suite_1.BackupCode.BackupCodeVersion:
+                return this.useBackupCodeV1(encryptedBackupCodes.filter((c) => c.version === node_express_suite_1.BackupCode.BackupCodeVersion), backupCode);
+            default:
+                throw new invalid_backup_code_version_1.InvalidBackupCodeVersionError(version);
+        }
+    }
+    // ── Storage-agnostic recovery ──────────────────────────────────────────
+    /**
+     * Recover a user's private key using a backup code.
+     * Storage-agnostic: uses IBackupCodeStore when available, otherwise
+     * falls back to the legacy UserDocument path.
+     *
+     * @param userOrId - Either a UserDocument (legacy) or a user ID (store-based)
+     * @param backupCode - The plaintext backup code
+     * @param newPassword - Optional new password to re-wrap the private key
+     * @param session - Optional database session for transactional consistency
+     */
+    async recoverKeyWithBackupCodeV1(userOrId, backupCode, newPassword, session) {
+        // Store-based path
+        if (this.store && !userOrId.save) {
+            return this._recoverViaStore(userOrId, backupCode, newPassword);
+        }
+        // Legacy Mongoose path
+        return this._recoverViaUserDoc(userOrId, backupCode, newPassword, session);
+    }
+    /**
+     * Recover a user's private key using a backup code (version-dispatched).
+     * Accepts either a UserDocument (legacy) or a user ID (store-based).
+     */
+    async recoverKeyWithBackupCode(userOrId, backupCode, newPassword, session) {
+        // Determine backup codes source
+        let backupCodes;
+        if (this.store && !userOrId.save) {
+            const record = await this.store.getUserRecord(userOrId);
+            if (!record)
+                throw new suite_core_lib_1.InvalidBackupCodeError();
+            backupCodes = record.backupCodes;
+        }
+        else {
+            backupCodes = userOrId.backupCodes;
+        }
+        const version = node_express_suite_1.BackupCode.detectBackupCodeVersion(backupCodes, backupCode);
+        switch (version) {
+            case node_express_suite_1.BackupCode.BackupCodeVersion:
+                return this.recoverKeyWithBackupCodeV1(userOrId, backupCode, newPassword, session);
+            default:
+                throw new invalid_backup_code_version_1.InvalidBackupCodeVersionError(version);
+        }
+    }
+    // ── Rewrap (key rotation) ─────────────────────────────────────────────
+    /**
+     * Rewrap system-wrapped AEAD blobs from old system key to new one.
+     *
+     * When a store is provided, uses the store's fetchBatch/updateUserRecord.
+     * Otherwise falls back to the legacy callback-based approach.
+     */
+    async rewrapAllUsersBackupCodes(fetchBatchOrOldSystem, saveUserOrNewSystem, oldSystemOrOptions, newSystemOrUndefined, options) {
+        // Detect which overload is being used
+        if (this.store && typeof fetchBatchOrOldSystem !== 'function') {
+            // Store-based: rewrapAllUsersBackupCodes(oldSystem, newSystem, options?)
+            return this._rewrapViaStore(fetchBatchOrOldSystem, saveUserOrNewSystem, oldSystemOrOptions);
+        }
+        // Legacy callback-based: rewrapAllUsersBackupCodes(fetchBatch, saveUser, oldSystem, newSystem, options?)
+        return this._rewrapViaCallbacks(fetchBatchOrOldSystem, saveUserOrNewSystem, oldSystemOrOptions, newSystemOrUndefined, options);
+    }
+    // ── Private: store-based recovery ─────────────────────────────────────
+    async _recoverViaStore(userId, backupCode, newPassword) {
+        const store = this.store;
+        const record = await store.getUserRecord(userId);
+        if (!record)
+            throw new suite_core_lib_1.InvalidBackupCodeError();
+        const normalizedCode = node_express_suite_1.BackupCode.normalizeCode(backupCode);
+        const { code, newCodesArray } = this.useBackupCodeV1(record.backupCodes, normalizedCode);
+        let decryptionKey;
+        try {
+            const adminMember = this.getSystemUser();
+            decryptionKey = await node_express_suite_1.BackupCode.getBackupKeyV1(code.checksumSalt, normalizedCode, this.application.constants);
+            const privateKeyUnwrapped = await adminMember.decryptData(Buffer.from(code.encrypted, 'hex'));
+            const decryptedPrivateKey = new ecies_lib_1.SecureBuffer(node_express_suite_1.SymmetricService.decryptBuffer(privateKeyUnwrapped, decryptionKey));
+            const memberType = await store.getMemberType(userId);
+            const user = new node_ecies_lib_1.Member(this.eciesService, memberType, record.username, new ecies_lib_1.EmailString(record.email), Buffer.from(record.publicKey, 'hex'), decryptedPrivateKey, undefined, record._id, new Date(record.createdAt), new Date(record.updatedAt));
+            const updates = {
+                backupCodes: newCodesArray,
+            };
+            if (newPassword) {
+                updates.passwordWrappedPrivateKey = this.keyWrappingService.wrapSecret(decryptedPrivateKey, newPassword, this.application.constants);
+            }
+            await store.updateUserRecord(userId, updates);
+            // Update the record in-place for the caller
+            record.backupCodes = newCodesArray;
+            if (updates.passwordWrappedPrivateKey) {
+                record.passwordWrappedPrivateKey = updates.passwordWrappedPrivateKey;
+            }
+            return { userRecord: record, user, codeCount: newCodesArray.length };
+        }
+        finally {
+            if (decryptionKey)
+                decryptionKey.fill(0);
+        }
+    }
+    // ── Private: legacy Mongoose recovery ─────────────────────────────────
+    async _recoverViaUserDoc(userDoc, backupCode, newPassword, session) {
+        const normalizedCode = node_express_suite_1.BackupCode.normalizeCode(backupCode);
+        return await this.withTransaction(async (_sess) => {
+            const sess = _sess;
+            const { code, newCodesArray } = this.useBackupCodeV1(userDoc.backupCodes, normalizedCode);
+            userDoc.backupCodes = newCodesArray;
+            let decryptionKey;
+            try {
+                const adminMember = this.getSystemUser();
+                decryptionKey = await node_express_suite_1.BackupCode.getBackupKeyV1(code.checksumSalt, normalizedCode, this.application.constants);
+                const privateKeyUnwrapped = await adminMember.decryptData(Buffer.from(code.encrypted, 'hex'));
+                const decryptedPrivateKey = new ecies_lib_1.SecureBuffer(node_express_suite_1.SymmetricService.decryptBuffer(privateKeyUnwrapped, decryptionKey));
+                const memberType = await this.roleService.getMemberType(userDoc, session);
+                const user = new node_ecies_lib_1.Member(this.eciesService, memberType, userDoc.username, new ecies_lib_1.EmailString(userDoc.email), Buffer.from(userDoc.publicKey, 'hex'), decryptedPrivateKey, undefined, userDoc._id, new Date(userDoc.createdAt), new Date(userDoc.updatedAt));
+                if (!newPassword) {
+                    await userDoc.save({ session: sess });
+                    return {
+                        userDoc,
+                        user,
+                        codeCount: newCodesArray.length,
+                    };
+                }
+                const wrapped = this.keyWrappingService.wrapSecret(decryptedPrivateKey, newPassword, this.application.constants);
+                userDoc.passwordWrappedPrivateKey = wrapped;
+                await userDoc.save({ session: sess });
+                return { userDoc, user, codeCount: newCodesArray.length };
+            }
+            finally {
+                if (decryptionKey)
+                    decryptionKey.fill(0);
+            }
+        }, session, {
+            timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
+        });
+    }
+    // ── Private: store-based rewrap ───────────────────────────────────────
+    async _rewrapViaStore(oldSystem, newSystem, options) {
+        const store = this.store;
+        const batchSize = options?.batchSize ?? 500;
+        let processed = 0;
+        let afterId;
+        for (;;) {
+            const records = await store.fetchBatch(afterId, batchSize);
+            if (!records.length)
+                break;
+            for (const record of records) {
+                let modified = false;
+                for (const bc of record.backupCodes ?? []) {
+                    try {
+                        const sealed = await oldSystem.decryptData(Buffer.from(bc.encrypted, 'hex'));
+                        const rewrapped = (await newSystem.encryptData(sealed)).toString('hex');
+                        if (rewrapped !== bc.encrypted) {
+                            bc.encrypted = rewrapped;
+                            modified = true;
+                        }
+                    }
+                    catch (e) {
+                        throw new Error(`Failed to rewrap backup code for user ${record._id}: ${e.message}`);
+                    }
+                }
+                if (modified) {
+                    await store.updateUserRecord(record._id, {
+                        backupCodes: record.backupCodes,
+                    });
+                    processed++;
+                    options?.onProgress?.(processed);
+                }
+            }
+            afterId = records[records.length - 1]?._id?.toString() ?? undefined;
+        }
+        return processed;
+    }
+    // ── Private: legacy callback-based rewrap ─────────────────────────────
+    async _rewrapViaCallbacks(fetchBatch, saveUser, oldSystem, newSystem, options) {
+        const batchSize = options?.batchSize ?? 500;
+        let processed = 0;
+        let afterId;
+        for (;;) {
+            const users = await fetchBatch(afterId, batchSize);
+            if (!users.length)
+                break;
+            for (const user of users) {
+                let modified = false;
+                for (const bc of user.backupCodes ?? []) {
+                    try {
+                        const sealed = await oldSystem.decryptData(Buffer.from(bc.encrypted, 'hex'));
+                        const rewrapped = (await newSystem.encryptData(sealed)).toString('hex');
+                        if (rewrapped !== bc.encrypted) {
+                            bc.encrypted = rewrapped;
+                            modified = true;
+                        }
+                    }
+                    catch (e) {
+                        throw new Error(`Failed to rewrap backup code for user ${user._id}: ${e.message}`);
+                    }
+                }
+                if (modified) {
+                    await saveUser(user);
+                    processed++;
+                    options?.onProgress?.(processed);
+                }
+            }
+            afterId = users[users.length - 1]?._id?.toString() ?? undefined;
+        }
+        return processed;
+    }
+}
+exports.BackupCodeService = BackupCodeService;
+//# sourceMappingURL=backup-code.js.map

package/src/services/backup-code.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"backup-code.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite-mongo/src/services/backup-code.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAEH,0DAKoC;AAEpC,oEAIyC;AACzC,oEAIyC;AACzC,mCAAyC;AACzC,4EAO6C;AAO7C,uFAAsF;AAGtF;;;;;;;;;;;;;;GAcG;AACH,MAAa,iBAKX,SAAQ,gCAAgB;IACP,YAAY,CAAoB;IACzC,UAAU,CAAsB;IACvB,kBAAkB,CAAqB;IACvC,WAAW,CAAsC;IACjD,KAAK,CAAyB;IAE/C;;;;;;;;;OASG;IACH,YACE,WAAyB,EACzB,YAA+B,EAC/B,kBAAsC,EACtC,WAAgD,EAChD,KAA6B;QAE7B,KAAK,CAAC,WAAW,CAAC,CAAC;QACnB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,aAAa;QACnB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,IAAI,CAAC,UAAU,GAAG,sCAAiB,CAAC,aAAa,CAC/C,IAAI,CAAC,WAAW,CAAC,WAAW,EAC5B,IAAI,CAAC,WAAW,CAAC,SAAS,CACM,CAAC;QACrC,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;OAGG;IACI,aAAa,CAAC,IAAwB;QAC3C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAED,0EAA0E;IAE1E;;OAEG;IACI,eAAe,CACpB,oBAAwC,EACxC,UAAkB;QAElB,MAAM,cAAc,GAAG,+BAAU,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC5D,IAAI,CAAC,uCAAY,CAAC,YAAY,CAAC,kBAAkB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACvE,MAAM,IAAI,uCAAsB,EAAE,CAAC;QACrC,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC;YACH,KAAK,MAAM,IAAI,IAAI,oBAAoB,EAAE,CAAC;gBACxC,IAAI,IAAI,CAAC,OAAO,KAAK,+BAAU,CAAC,iBAAiB;oBAAE,SAAS;gBAC5D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBAC3D,MAAM,QAAQ,GAAG,+BAAU,CAAC,UAAU,CACpC,SAAS,EACT,YAAY,EACZ,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAC9B,EAAE,CACH,CAAC;gBACF,IACE,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,GAAG,CAAC;oBAC5C,IAAA,wBAAe,EAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,EAC5D,CAAC;oBACD,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;oBAC7C,OAAO;wBACL,aAAa,EAAE,oBAAoB,CAAC,MAAM,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAClC;wBACD,IAAI;qBACL,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,MAAM,IAAI,uCAAsB,EAAE,CAAC;QACrC,CAAC;gBAAS,CAAC;YACT,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAED;;OAEG;IACI,aAAa,CAClB,oBAAwC,EACxC,UAAkB;QAElB,MAAM,OAAO,GAAG,+BAAU,CAAC,uBAAuB,CAChD,oBAAoB,EACpB,UAAU,CACX,CAAC;QACF,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,+BAAU,CAAC,iBAAiB;gBAC/B,OAAO,IAAI,CAAC,eAAe,CACzB,oBAAoB,CAAC,MAAM,CACzB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,+BAAU,CAAC,iBAAiB,CAClD,EACD,UAAU,CACX,CAAC;YACJ;gBACE,MAAM,IAAI,2DAA6B,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,0EAA0E;IAE1E;;;;;;;;;OASG;IACI,KAAK,CAAC,0BAA0B,CACrC,QAAyC,EACzC,UAAkB,EAClB,WAA0B,EAC1B,OAAuB;QAOvB,mBAAmB;QACnB,IAAI,IAAI,CAAC,KAAK,IAAI,CAAE,QAAgB,CAAC,IAAI,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC,gBAAgB,CAAC,QAAe,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QACzE,CAAC;QAED,uBAAuB;QACvB,OAAO,IAAI,CAAC,kBAAkB,CAC5B,QAAqC,EACrC,UAAU,EACV,WAAW,EACX,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,wBAAwB,CACnC,QAAyC,EACzC,UAAkB,EAClB,WAA0B,EAC1B,OAAuB;QAOvB,gCAAgC;QAChC,IAAI,WAA+B,CAAC;QACpC,IAAI,IAAI,CAAC,KAAK,IAAI,CAAE,QAAgB,CAAC,IAAI,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,QAAe,CAAC,CAAC;YAC/D,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,uCAAsB,EAAE,CAAC;YAChD,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,WAAW,GAAI,QAAsC,CAAC,WAAW,CAAC;QACpE,CAAC;QAED,MAAM,OAAO,GAAG,+BAAU,CAAC,uBAAuB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAC5E,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,+BAAU,CAAC,iBAAiB;gBAC/B,OAAO,IAAI,CAAC,0BAA0B,CACpC,QAAQ,EACR,UAAU,EACV,WAAW,EACX,OAAO,CACR,CAAC;YACJ;gBACE,MAAM,IAAI,2DAA6B,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,yEAAyE;IAEzE;;;;;OAKG;IACI,KAAK,CAAC,yBAAyB,CACpC,qBAKiB,EACjB,mBAEiB,EACjB,kBAEgE,EAChE,oBAAoC,EACpC,OAAsE;QAEtE,sCAAsC;QACtC,IAAI,IAAI,CAAC,KAAK,IAAI,OAAO,qBAAqB,KAAK,UAAU,EAAE,CAAC;YAC9D,yEAAyE;YACzE,OAAO,IAAI,CAAC,eAAe,CACzB,qBAAsC,EACtC,mBAAoC,EACpC,kBAEa,CACd,CAAC;QACJ,CAAC;QAED,yGAAyG;QACzG,OAAO,IAAI,CAAC,mBAAmB,CAC7B,qBAGyC,EACzC,mBAAyE,EACzE,kBAAmC,EACnC,oBAAqC,EACrC,OAAO,CACR,CAAC;IACJ,CAAC;IAED,yEAAyE;IAEjE,KAAK,CAAC,gBAAgB,CAC5B,MAAW,EACX,UAAkB,EAClB,WAA0B;QAM1B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAM,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,uCAAsB,EAAE,CAAC;QAEhD,MAAM,cAAc,GAAG,+BAAU,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC5D,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,eAAe,CAClD,MAAM,CAAC,WAAW,EAClB,cAAc,CACf,CAAC;QAEF,IAAI,aAAiC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YACzC,aAAa,GAAG,MAAM,+BAAU,CAAC,cAAc,CAC7C,IAAI,CAAC,YAAY,EACjB,cAAc,EACd,IAAI,CAAC,WAAW,CAAC,SAAS,CAC3B,CAAC;YACF,MAAM,mBAAmB,GAAG,MAAM,WAAW,CAAC,WAAW,CACvD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CACnC,CAAC;YACF,MAAM,mBAAmB,GAAG,IAAI,wBAAY,CAC1C,qCAAgB,CAAC,aAAa,CAAC,mBAAmB,EAAE,aAAa,CAAC,CACnE,CAAC;YAEF,MAAM,UAAU,GAAe,MAAM,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACjE,MAAM,IAAI,GAAG,IAAI,uBAAa,CAC5B,IAAI,CAAC,YAAY,EACjB,UAAU,EACV,MAAM,CAAC,QAAQ,EACf,IAAI,uBAAW,CAAC,MAAM,CAAC,KAAK,CAAC,EAC7B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,EACpC,mBAAmB,EACnB,SAAS,EACT,MAAM,CAAC,GAAG,EACV,IAAI,IAAI,CAAC,MAAM,CAAC,SAAmB,CAAC,EACpC,IAAI,IAAI,CAAC,MAAM,CAAC,SAAmB,CAAC,CACrC,CAAC;YAEF,MAAM,OAAO,GAGT;gBACF,WAAW,EAAE,aAAa;aAC3B,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,yBAAyB,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CACpE,mBAAmB,EACnB,WAAW,EACX,IAAI,CAAC,WAAW,CAAC,SAAS,CAC3B,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,CAAC,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAE9C,4CAA4C;YAC5C,MAAM,CAAC,WAAW,GAAG,aAAa,CAAC;YACnC,IAAI,OAAO,CAAC,yBAAyB,EAAE,CAAC;gBACtC,MAAM,CAAC,yBAAyB,GAAG,OAAO,CAAC,yBAAyB,CAAC;YACvE,CAAC;YAED,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC;QACvE,CAAC;gBAAS,CAAC;YACT,IAAI,aAAa;gBAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,yEAAyE;IAEjE,KAAK,CAAC,kBAAkB,CAC9B,OAAkC,EAClC,UAAkB,EAClB,WAA0B,EAC1B,OAAuB;QAMvB,MAAM,cAAc,GAAG,+BAAU,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC5D,OAAO,MAAM,IAAI,CAAC,eAAe,CAK/B,KAAK,EAAE,KAAc,EAAE,EAAE;YACvB,MAAM,IAAI,GAAG,KAAkC,CAAC;YAChD,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,eAAe,CAClD,OAAO,CAAC,WAAW,EACnB,cAAc,CACf,CAAC;YACF,OAAO,CAAC,WAAW,GAAG,aAAa,CAAC;YAEpC,IAAI,aAAiC,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;gBACzC,aAAa,GAAG,MAAM,+BAAU,CAAC,cAAc,CAC7C,IAAI,CAAC,YAAY,EACjB,cAAc,EACd,IAAI,CAAC,WAAW,CAAC,SAAS,CAC3B,CAAC;gBACF,MAAM,mBAAmB,GAAG,MAAM,WAAW,CAAC,WAAW,CACvD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CACnC,CAAC;gBACF,MAAM,mBAAmB,GAAG,IAAI,wBAAY,CAC1C,qCAAgB,CAAC,aAAa,CAAC,mBAAmB,EAAE,aAAa,CAAC,CACnE,CAAC;gBAEF,MAAM,UAAU,GAAe,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CACjE,OAAO,EACP,OAAO,CACR,CAAC;gBACF,MAAM,IAAI,GAAG,IAAI,uBAAa,CAC5B,IAAI,CAAC,YAAY,EACjB,UAAU,EACV,OAAO,CAAC,QAAQ,EAChB,IAAI,uBAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,EACrC,mBAAmB,EACnB,SAAS,EACT,OAAO,CAAC,GAAG,EACX,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAC3B,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAC5B,CAAC;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;oBACtC,OAAO;wBACL,OAAO;wBACP,IAAI;wBACJ,SAAS,EAAE,aAAa,CAAC,MAAM;qBAChC,CAAC;gBACJ,CAAC;gBAED,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAChD,mBAAmB,EACnB,WAAW,EACX,IAAI,CAAC,WAAW,CAAC,SAAS,CAC3B,CAAC;gBACF,OAAO,CAAC,yBAAyB,GAAG,OAAO,CAAC;gBAC5C,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBACtC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC;YAC5D,CAAC;oBAAS,CAAC;gBACT,IAAI,aAAa;oBAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,EACD,OAAO,EACP;YACE,SAAS,EACN,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,kBAA6B,GAAG,CAAC;SACxE,CACF,CAAC;IACJ,CAAC;IAED,yEAAyE;IAEjE,KAAK,CAAC,eAAe,CAC3B,SAAwB,EACxB,SAAwB,EACxB,OAAsE;QAEtE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAM,CAAC;QAC1B,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,GAAG,CAAC;QAC5C,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,OAA2B,CAAC;QAEhC,SAAS,CAAC;YACR,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC3D,IAAI,CAAC,OAAO,CAAC,MAAM;gBAAE,MAAM;YAE3B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,IAAI,QAAQ,GAAG,KAAK,CAAC;gBACrB,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;oBAC1C,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CACxC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,CACjC,CAAC;wBACF,MAAM,SAAS,GAAG,CAAC,MAAM,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAC9D,KAAK,CACN,CAAC;wBACF,IAAI,SAAS,KAAK,EAAE,CAAC,SAAS,EAAE,CAAC;4BAC/B,EAAE,CAAC,SAAS,GAAG,SAAS,CAAC;4BACzB,QAAQ,GAAG,IAAI,CAAC;wBAClB,CAAC;oBACH,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,IAAI,KAAK,CACb,yCAAyC,MAAM,CAAC,GAAG,KAChD,CAAW,CAAC,OACf,EAAE,CACH,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,GAAG,EAAE;wBACvC,WAAW,EAAE,MAAM,CAAC,WAAW;qBAChC,CAAC,CAAC;oBACH,SAAS,EAAE,CAAC;oBACZ,OAAO,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,CAAC;gBACnC,CAAC;YACH,CAAC;YAED,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,SAAS,CAAC;QACtE,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,yEAAyE;IAEjE,KAAK,CAAC,mBAAmB,CAC/B,UAGyC,EACzC,QAA4D,EAC5D,SAAwB,EACxB,SAAwB,EACxB,OAAsE;QAEtE,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,GAAG,CAAC;QAC5C,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,OAA2B,CAAC;QAEhC,SAAS,CAAC;YACR,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACnD,IAAI,CAAC,KAAK,CAAC,MAAM;gBAAE,MAAM;YAEzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,QAAQ,GAAG,KAAK,CAAC;gBACrB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;oBACxC,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CACxC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,CACjC,CAAC;wBACF,MAAM,SAAS,GAAG,CAAC,MAAM,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAC9D,KAAK,CACN,CAAC;wBACF,IAAI,SAAS,KAAK,EAAE,CAAC,SAAS,EAAE,CAAC;4BAC/B,EAAE,CAAC,SAAS,GAAG,SAAS,CAAC;4BACzB,QAAQ,GAAG,IAAI,CAAC;wBAClB,CAAC;oBACH,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,CAAC,GAAG,KAC9C,CAAW,CAAC,OACf,EAAE,CACH,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;oBACrB,SAAS,EAAE,CAAC;oBACZ,OAAO,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,CAAC;gBACnC,CAAC;YACH,CAAC;YAED,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,SAAS,CAAC;QAClE,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAxgBD,8CAwgBC"}

package/src/services/database-initialization.d.ts ADDED Viewed

@@ -0,0 +1,137 @@
+/**
+ * @fileoverview Service for initializing the database with default users, roles, and relationships.
+ * Handles creation of system, admin, and member users with encrypted credentials and backup codes.
+ * @module services/database-initialization
+ */
+import { EmailString, MemberType, SecureString } from '@digitaldefiance/ecies-lib';
+import { Connection } from '@digitaldefiance/mongoose-types';
+import { Member as BackendMember, ECIESService, PlatformID } from '@digitaldefiance/node-ecies-lib';
+import { IFailableResult } from '@digitaldefiance/suite-core-lib';
+import { BackupCode, KeyWrappingService } from '@digitaldefiance/node-express-suite';
+import { MnemonicService } from './mnemonic';
+import { IServerInitResult } from '../interfaces/server-init-result';
+import { IDBInitResult } from '../interfaces';
+import { IMongoApplication } from '../interfaces/mongo-application';
+import { BackupCodeService } from './backup-code';
+import { RoleService } from './role';
+/**
+ * Service for initializing the database with default users, roles, and relationships.
+ * Manages creation of system, admin, and member accounts with encrypted credentials.
+ */
+export declare abstract class DatabaseInitializationService {
+    /**
+     * Static initialization state management to prevent concurrent initialization.
+     * @private
+     */
+    protected static initializationPromises: Map<string, Promise<IFailableResult<IServerInitResult<Buffer<ArrayBufferLike>>>>>;
+    /** Initialization lock to prevent race conditions */
+    protected static initializationLock: Map<string, boolean>;
+    /**
+     * Default i18n translation function for database initialization messages.
+     * @param str String key to translate
+     * @param variables Template variables
+     * @param language Target language
+     * @param application Application instance
+     * @returns Translated string
+     */
+    protected static defaultI18nTFunc(str: string, variables?: Record<string, unknown>, language?: string, application?: IMongoApplication): string;
+    /**
+     * Gets the mnemonic or generates a new one if not present.
+     * @template TID Platform-specific ID type
+     * @param mnemonic Existing mnemonic or undefined
+     * @param eciesService ECIES service to generate a new mnemonic
+     * @returns Existing or new mnemonic
+     */
+    static mnemonicOrNew<TID extends PlatformID = Buffer>(mnemonic: SecureString | undefined, eciesService: ECIESService<TID>): SecureString;
+    /**
+     * Generates a cache key for a user based on their details.
+     * @template TID Platform-specific ID type
+     * @param username Username
+     * @param email Email address
+     * @param mnemonic Mnemonic
+     * @param id User ID
+     * @returns Generated cache key as hex string
+     */
+    static cacheKey<TID extends PlatformID = Buffer>(username: string, email: EmailString, mnemonic: SecureString, id: TID): string;
+    /**
+     * Gets a cached BackendMember or creates a new one if not cached.
+     * @template TID Platform-specific ID type
+     * @param username Username
+     * @param email Email address
+     * @param mnemonic Mnemonic or undefined to generate a new one
+     * @param memberType Type of member (Admin, Member, System)
+     * @param eciesService ECIES service to handle key generation
+     * @param memberId Optional specific member ID to use
+     * @param createdBy Optional ID of the user who created this member
+     * @returns Cached or newly created BackendMember and the mnemonic used
+     */
+    static cacheOrNew<TID extends PlatformID = Buffer>(username: string, email: EmailString, mnemonic: SecureString | undefined, memberType: MemberType, eciesService: ECIESService<TID>, memberId?: TID, createdBy?: TID): {
+        member: BackendMember<TID>;
+        mnemonic: SecureString;
+    };
+    /**
+     * Generates a random password meeting security requirements.
+     * @param length Length of the password
+     * @returns Generated password string
+     */
+    static generatePassword(length: number): string;
+    /**
+     * Drops the database.
+     * @param connection Database connection
+     * @returns True if the database was dropped, false if not connected
+     */
+    static dropDatabase(connection: Connection): Promise<boolean>;
+    static getInitOptions<TID extends PlatformID = Buffer>(application: IMongoApplication<TID>): {
+        adminId?: TID;
+        adminMnemonic?: SecureString;
+        adminPassword?: SecureString;
+        adminRoleId?: TID;
+        adminUserRoleId?: TID;
+        adminBackupCodes?: BackupCode[];
+        memberId?: TID;
+        memberMnemonic?: SecureString;
+        memberPassword?: SecureString;
+        memberRoleId?: TID;
+        memberUserRoleId?: TID;
+        memberBackupCodes?: BackupCode[];
+        systemId?: TID;
+        systemMnemonic?: SecureString;
+        systemPassword?: SecureString;
+        systemRoleId?: TID;
+        systemUserRoleId?: TID;
+        systemBackupCodes?: BackupCode[];
+    };
+    static serverInitResultHash<TID extends PlatformID = Buffer>(serverInitResult: IServerInitResult<TID>): string;
+    /**
+     * Initializes the user database with default users and roles using dependency injection.
+     * @template TID Platform-specific ID type
+     * @param application Application instance
+     * @param keyWrappingService Key wrapping service
+     * @param mnemonicService Mnemonic service
+     * @param eciesService ECIES service
+     * @param roleService Role service
+     * @param backupCodeService Backup code service
+     * @returns Result of the initialization
+     */
+    static initUserDbWithServices<TID extends PlatformID = Buffer>(application: IMongoApplication<TID>, keyWrappingService: KeyWrappingService, mnemonicService: MnemonicService<TID>, eciesService: ECIESService<TID>, roleService: RoleService<TID>, backupCodeService: BackupCodeService<TID>): Promise<IDBInitResult<IServerInitResult<TID>>>;
+    static serverInitResultsToDotEnv<TID extends PlatformID = Buffer>(serverInitResult: IServerInitResult<TID>): string;
+    static printServerInitResults<TID extends PlatformID = Buffer>(result: IServerInitResult<TID>, printDotEnv?: boolean): void;
+    static setEnvFromInitResults<TID extends PlatformID = Buffer>(result: IServerInitResult<TID>): void;
+    /**
+     * Write initialization results to a .env file
+     * Updates or adds the credential variables in the specified .env file
+     * @param envFilePath Path to the .env file to update
+     * @param result The initialization results containing credentials
+     * @param idToString Function to convert IDs to strings
+     */
+    static writeEnvFile<TID extends PlatformID = Buffer>(envFilePath: string, result: IServerInitResult<TID>): void;
+    /**
+     * Initializes the user database with default users and roles (convenience method).
+     * Creates necessary services and calls initUserDbWithServices.
+     * @template TID Platform-specific ID type
+     * @param application Application instance
+     * @returns Result of the initialization
+     */
+    static initUserDb<TID extends PlatformID = Buffer>(application: IMongoApplication<TID>): Promise<IFailableResult<IServerInitResult<TID>>>;
+}
+//# sourceMappingURL=database-initialization.d.ts.map

package/src/services/database-initialization.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"database-initialization.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite-mongo/src/services/database-initialization.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAEL,WAAW,EAEX,UAAU,EAEV,YAAY,EAEb,MAAM,4BAA4B,CAAC;AAKpC,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EACL,MAAM,IAAI,aAAa,EACvB,YAAY,EAEZ,UAAU,EACX,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAGL,eAAe,EAIhB,MAAM,iCAAiC,CAAC;AAKzC,OAAO,EACL,UAAU,EAEV,kBAAkB,EAInB,MAAM,qCAAqC,CAAC;AAG7C,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAMrE,OAAO,EAEL,aAAa,EACd,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAErC;;;GAGG;AACH,8BAAsB,6BAA6B;IACjD;;;OAGG;IACH,SAAS,CAAC,MAAM,CAAC,sBAAsB,oFAGnC;IACJ,qDAAqD;IACrD,SAAS,CAAC,MAAM,CAAC,kBAAkB,uBAA8B;IAEjE;;;;;;;OAOG;IACH,SAAS,CAAC,MAAM,CAAC,gBAAgB,CAC/B,GAAG,EAAE,MAAM,EACX,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnC,QAAQ,CAAC,EAAE,MAAM,EACjB,WAAW,CAAC,EAAE,iBAAiB,GAC9B,MAAM;IAOT;;;;;;OAMG;WACW,aAAa,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EACzD,QAAQ,EAAE,YAAY,GAAG,SAAS,EAClC,YAAY,EAAE,YAAY,CAAC,GAAG,CAAC,GAC9B,YAAY;IAKf;;;;;;;;OAQG;WACW,QAAQ,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EACpD,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,WAAW,EAClB,QAAQ,EAAE,YAAY,EACtB,EAAE,EAAE,GAAG,GACN,MAAM;IAST;;;;;;;;;;;OAWG;WACW,UAAU,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EACtD,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,WAAW,EAClB,QAAQ,EAAE,YAAY,GAAG,SAAS,EAClC,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,YAAY,CAAC,GAAG,CAAC,EAC/B,QAAQ,CAAC,EAAE,GAAG,EACd,SAAS,CAAC,EAAE,GAAG,GACd;QACD,MAAM,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;QAC3B,QAAQ,EAAE,YAAY,CAAC;KACxB;IAwDD;;;;OAIG;WACW,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAmCtD;;;;OAIG;WACiB,YAAY,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;WAU5D,cAAc,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EAC1D,WAAW,EAAE,iBAAiB,CAAC,GAAG,CAAC,GAClC;QACD,OAAO,CAAC,EAAE,GAAG,CAAC;QACd,aAAa,CAAC,EAAE,YAAY,CAAC;QAC7B,aAAa,CAAC,EAAE,YAAY,CAAC;QAC7B,WAAW,CAAC,EAAE,GAAG,CAAC;QAClB,eAAe,CAAC,EAAE,GAAG,CAAC;QACtB,gBAAgB,CAAC,EAAE,UAAU,EAAE,CAAC;QAChC,QAAQ,CAAC,EAAE,GAAG,CAAC;QACf,cAAc,CAAC,EAAE,YAAY,CAAC;QAC9B,cAAc,CAAC,EAAE,YAAY,CAAC;QAC9B,YAAY,CAAC,EAAE,GAAG,CAAC;QACnB,gBAAgB,CAAC,EAAE,GAAG,CAAC;QACvB,iBAAiB,CAAC,EAAE,UAAU,EAAE,CAAC;QACjC,QAAQ,CAAC,EAAE,GAAG,CAAC;QACf,cAAc,CAAC,EAAE,YAAY,CAAC;QAC9B,cAAc,CAAC,EAAE,YAAY,CAAC;QAC9B,YAAY,CAAC,EAAE,GAAG,CAAC;QACnB,gBAAgB,CAAC,EAAE,GAAG,CAAC;QACvB,iBAAiB,CAAC,EAAE,UAAU,EAAE,CAAC;KAClC;WAoCa,oBAAoB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EAChE,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,GACvC,MAAM;IAiCT;;;;;;;;;;OAUG;WACiB,sBAAsB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EACxE,WAAW,EAAE,iBAAiB,CAAC,GAAG,CAAC,EACnC,kBAAkB,EAAE,kBAAkB,EACtC,eAAe,EAAE,eAAe,CAAC,GAAG,CAAC,EACrC,YAAY,EAAE,YAAY,CAAC,GAAG,CAAC,EAC/B,WAAW,EAAE,WAAW,CAAC,GAAG,CAAC,EAC7B,iBAAiB,EAAE,iBAAiB,CAAC,GAAG,CAAC,GACxC,OAAO,CAAC,aAAa,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC;WAosBnC,yBAAyB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EACrE,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,GACvC,MAAM;WAwBK,sBAAsB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EAClE,MAAM,EAAE,iBAAiB,CAAC,GAAG,CAAC,EAC9B,WAAW,GAAE,OAAc,GAC1B,IAAI;WAyUO,qBAAqB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EACjE,MAAM,EAAE,iBAAiB,CAAC,GAAG,CAAC,GAC7B,IAAI;IA6CP;;;;;;OAMG;WACW,YAAY,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EACxD,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,iBAAiB,CAAC,GAAG,CAAC,GAC7B,IAAI;IA0EP;;;;;;OAMG;WACiB,UAAU,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EAC5D,WAAW,EAAE,iBAAiB,CAAC,GAAG,CAAC,GAClC,OAAO,CAAC,eAAe,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC;CAsCpD"}