@digitaldefiance/node-express-suite 1.0.2

package/dist/controllers/user.js

@@ -0,0 +1,750 @@
+"use strict";
+/// <reference path="../types.d.ts" />
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserController = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const i18n_lib_1 = require("@digitaldefiance/i18n-lib");
+const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
+const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
+const express_validator_1 = require("express-validator");
+const mongoose_1 = require("mongoose");
+const zod_1 = require("zod");
+const backup_code_1 = require("../backup-code");
+const base_controller_1 = require("../decorators/base-controller");
+const controller_1 = require("../decorators/controller");
+const base_model_name_1 = require("../enumerations/base-model-name");
+const mnemonic_or_password_required_1 = require("../errors/mnemonic-or-password-required");
+const authenticate_token_1 = require("../middlewares/authenticate-token");
+const backup_code_2 = require("../services/backup-code");
+const jwt_1 = require("../services/jwt");
+const request_user_1 = require("../services/request-user");
+const role_1 = require("../services/role");
+const system_user_1 = require("../services/system-user");
+const user_1 = require("../services/user");
+const utils_1 = require("../utils");
+const isString = (v) => typeof v === 'string';
+const RegisterSchema = zod_1.z.object({
+    username: zod_1.z.string(),
+    email: zod_1.z.string(),
+    timezone: zod_1.z.string(),
+    password: zod_1.z.string().min(8).optional(),
+});
+const EmailLoginChallengeSchema = zod_1.z.object({
+    token: zod_1.z.string(),
+    signature: zod_1.z.string(),
+    email: zod_1.z.string().optional(),
+    username: zod_1.z.string().optional(),
+});
+const DirectLoginChallengeSchema = zod_1.z.object({
+    challenge: zod_1.z.string(),
+    signature: zod_1.z.string(),
+    email: zod_1.z.string().optional(),
+    username: zod_1.z.string().optional(),
+});
+let UserController = class UserController extends base_controller_1.DecoratorBaseController {
+    constructor(application, jwtService, userService, backupCodeService, roleService, eciesService) {
+        super(application);
+        this.jwtService = jwtService;
+        this.userService = userService;
+        this.backupCodeService = backupCodeService;
+        this.roleService = roleService;
+        this.eciesService = eciesService;
+        this.systemUser = system_user_1.SystemUserService.getSystemUser(application.environment);
+    }
+    async tokenVerifiedResponse(req, res, next) {
+        if (!req.user) {
+            throw new ecies_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), {
+                statusCode: 401,
+            });
+        }
+        return {
+            statusCode: 200,
+            response: {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenValid),
+                user: req.user,
+            },
+        };
+    }
+    async refreshToken(req, res, next) {
+        const token = (0, authenticate_token_1.findAuthToken)(req.headers);
+        if (!token) {
+            throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenMissing));
+        }
+        const tokenUser = await this.jwtService.verifyToken(token);
+        if (!tokenUser) {
+            throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenInvalid));
+        }
+        const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
+        const userDoc = await UserModel.findById(tokenUser.userId, {
+            password: 0,
+        });
+        if (!userDoc || userDoc.accountStatus !== suite_core_lib_1.AccountStatus.Active) {
+            throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UserNotFound));
+        }
+        const { token: newToken, roles } = await this.jwtService.signToken(userDoc, this.application.environment.jwtSecret, req.user?.siteLanguage ?? i18n_lib_1.LanguageCodes.EN_US);
+        return {
+            statusCode: 200,
+            response: {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.TokenRefreshed),
+                user: request_user_1.RequestUserService.makeRequestUserDTO(userDoc, roles),
+                token: newToken,
+                serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+            },
+            headers: {
+                Authorization: `Bearer ${newToken}`,
+            },
+        };
+    }
+    async register(req, res, next) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            return await (0, utils_1.requireValidatedFieldsAsync)(req, RegisterSchema, async ({ username, email, timezone, password }) => {
+                if (!isString(username) ||
+                    !isString(email) ||
+                    !isString(timezone)) {
+                    throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+                }
+                const { user, mnemonic, backupCodes } = await this.userService.newUser(this.systemUser, {
+                    username: username.trim(),
+                    email: email.trim(),
+                    timezone: timezone,
+                }, undefined, undefined, sess, this.application.environment.debug, password);
+                await this.userService.createAndSendEmailToken(user, suite_core_lib_1.EmailTokenType.AccountVerification, sess, this.application.environment.debug);
+                return {
+                    statusCode: 201,
+                    response: {
+                        message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Registration_Success, { MNEMONIC: mnemonic }),
+                        mnemonic,
+                        backupCodes,
+                    },
+                };
+            });
+        }, {
+            timeoutMs: this.application.environment.mongo.transactionTimeout * 30,
+        });
+    }
+    async completeAccountVerification(req, res, next) {
+        const { token } = this.validatedBody;
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            await this.userService.verifyAccountTokenAndComplete(token, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.EmailVerification_Success),
+                },
+            };
+        });
+    }
+    async setLanguage(req, res, next) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { language } = this.validatedBody;
+            if (!req.user) {
+                throw new ecies_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+            }
+            const user = await this.userService.updateSiteLanguage(req.user.id, language, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.LanguageUpdate_Success),
+                    user,
+                },
+            };
+        });
+    }
+    async getBackupCodeCount(req, res, next) {
+        if (!req.user) {
+            throw new ecies_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+        }
+        const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
+        const user = await UserModel.findById(req.user.id);
+        return {
+            statusCode: 200,
+            response: {
+                message: 'Backup codes retrieved',
+                codeCount: user?.backupCodes?.length || 0,
+            },
+        };
+    }
+    async resetBackupCodes(req, res, next) {
+        if (!req.user || !req.eciesUser || !req.eciesUser.hasPrivateKey) {
+            throw new ecies_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+        }
+        const newBackupCodes = await this.userService.resetUserBackupCodes(req.eciesUser, this.systemUser);
+        const codes = newBackupCodes.map((c) => c.notNullValue);
+        newBackupCodes.forEach((c) => c.dispose());
+        return {
+            statusCode: 200,
+            response: {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.BackupCodeRecovery_YourNewCodes),
+                backupCodes: codes,
+            },
+        };
+    }
+    async recoverMnemonic(req, res, next) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            if (!req.user) {
+                throw new ecies_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials)), { statusCode: 401 });
+            }
+            else if (!req.eciesUser) {
+                throw new ecies_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicOrPasswordRequired)), { statusCode: 401 });
+            }
+            const { password } = this.validatedBody;
+            if (!isString(password)) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            const userDoc = await this.userService.findUserById(new mongoose_1.Types.ObjectId(req.user.id), true, sess);
+            const mnemonic = await this.userService.recoverMnemonic(req.eciesUser, userDoc.mnemonicRecovery);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.MnemonicRecovery_Success),
+                    mnemonic: mnemonic.notNullValue,
+                },
+            };
+        });
+    }
+    async changePassword(req, res, next) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { currentPassword, newPassword } = this.validatedBody;
+            if (!req.user) {
+                throw new ecies_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+            }
+            if (!isString(currentPassword) || !isString(newPassword)) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            await this.userService.changePassword(req.user.id, currentPassword, newPassword, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.PasswordChange_Success),
+                },
+            };
+        });
+    }
+    async requestDirectLogin(req, res, next) {
+        const challenge = this.userService.generateDirectLoginChallenge();
+        return {
+            statusCode: 200,
+            response: {
+                challenge: challenge,
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Login_ChallengeGenerated),
+                serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+            },
+        };
+    }
+    async directLoginChallenge(req, res, next) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { username, email, challenge, signature } = this.validatedBody;
+            const { userDoc } = await this.userService.verifyDirectLoginChallenge(String(challenge), String(signature), username ? String(username) : undefined, email ? String(email) : undefined, sess);
+            const { token: jwtToken, roles } = await this.jwtService.signToken(userDoc, this.application.environment.jwtSecret, req.user?.siteLanguage ?? i18n_lib_1.LanguageCodes.EN_US);
+            return {
+                statusCode: 200,
+                response: {
+                    user: userDoc,
+                    token: jwtToken,
+                    serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.LoggedIn_Success),
+                },
+            };
+        });
+    }
+    async requestEmailLogin(req, res, next) {
+        const { username, email } = this.validatedBody;
+        try {
+            await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+                const userDoc = await this.userService.findUser(email, username, sess);
+                await this.userService.createAndSendEmailToken(userDoc, suite_core_lib_1.EmailTokenType.LoginRequest, sess, this.application.environment.debug);
+            });
+        }
+        catch (error) {
+            // Suppress user-related errors for security
+        }
+        return {
+            statusCode: 200,
+            response: {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Email_TokenSent),
+            },
+        };
+    }
+    async emailLoginChallenge(req, res, next) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { token, signature } = this.validatedBody;
+            const userDoc = await this.userService.validateEmailLoginTokenChallenge(String(token), String(signature), sess);
+            const { token: jwtToken, roles } = await this.jwtService.signToken(userDoc, this.application.environment.jwtSecret, req.user?.siteLanguage ?? i18n_lib_1.LanguageCodes.EN_US);
+            return {
+                statusCode: 200,
+                response: {
+                    user: userDoc,
+                    token: jwtToken,
+                    serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.LoggedIn_Success),
+                },
+            };
+        });
+    }
+    async resendVerification(req, res, next) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { username, email } = this.validatedBody;
+            const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
+            let query = {};
+            if (isString(username))
+                query.username = username;
+            else if (isString(email))
+                query.email = email;
+            else {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            const user = await UserModel.findOne(query).session(sess ?? null);
+            if (!user) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UserNotFound), { statusCode: 404 });
+            }
+            await this.userService.resendEmailToken(user._id.toString(), suite_core_lib_1.EmailTokenType.AccountVerification, sess, this.application.environment.debug);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.EmailVerification_Resent),
+                },
+            };
+        });
+    }
+    async useBackupCodeLogin(req, res, next) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { code, newPassword, email, username } = this.validatedBody;
+            if (!code) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            const recoverMnemonic = this.validatedBody?.['recoverMnemonic'] === 'true' ||
+                this.validatedBody?.['recoverMnemonic'] === true;
+            const userDoc = await this.userService.findUser(email, username, sess);
+            const { user, userDoc: updatedUserDoc, codeCount, } = await this.backupCodeService.recoverKeyWithBackupCode(userDoc, code, newPassword ? new ecies_lib_1.SecureString(newPassword) : undefined, sess);
+            let mnemonic;
+            if (recoverMnemonic) {
+                const memberType = await this.roleService.getMemberType(updatedUserDoc, sess);
+                const freshUser = new node_ecies_lib_1.Member(this.eciesService, memberType, updatedUserDoc.username, new ecies_lib_1.EmailString(updatedUserDoc.email), Buffer.from(updatedUserDoc.publicKey, 'hex'), user.privateKey, undefined, updatedUserDoc._id, new Date(updatedUserDoc.createdAt), new Date(updatedUserDoc.updatedAt));
+                mnemonic = await this.userService.recoverMnemonic(freshUser, updatedUserDoc.mnemonicRecovery);
+            }
+            const { token, roles } = await this.jwtService.signToken(userDoc, this.application.environment.jwtSecret, i18n_lib_1.LanguageCodes.EN_US);
+            this.userService.updateLastLogin(updatedUserDoc._id).catch(() => { });
+            return {
+                statusCode: 200,
+                response: {
+                    user: request_user_1.RequestUserService.makeRequestUserDTO(userDoc, roles),
+                    token: token,
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.BackupCodeRecovery_Success),
+                    codeCount,
+                    ...(recoverMnemonic && mnemonic
+                        ? { mnemonic: mnemonic.value }
+                        : {}),
+                    serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+                },
+            };
+        });
+    }
+    async forgotPassword(req, res, next) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { email } = this.validatedBody;
+            const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
+            if (!isString(email)) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            const user = await UserModel.findOne({
+                email: email.toLowerCase(),
+            }).session(sess ?? null);
+            if (!user || !user.passwordWrappedPrivateKey) {
+                return {
+                    statusCode: 200,
+                    response: {
+                        message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.PasswordReset_Success),
+                    },
+                };
+            }
+            await this.userService.createAndSendEmailToken(user, suite_core_lib_1.EmailTokenType.PasswordReset, sess, this.application.environment.debug);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.PasswordReset_Success),
+                },
+            };
+        });
+    }
+    async verifyResetToken(req, res, next) {
+        const token = req.query['token'];
+        if (!token) {
+            throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenMissing));
+        }
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            await this.userService.verifyEmailToken(token, suite_core_lib_1.EmailTokenType.PasswordReset, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: 'Token is valid',
+                },
+            };
+        });
+    }
+    async resetPassword(req, res, next) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { token, newPassword, password, currentPassword, mnemonic } = this.validatedBody;
+            const selectedNewPassword = (newPassword ?? password);
+            if (!isString(token) || !isString(selectedNewPassword)) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            const credential = mnemonic ??
+                currentPassword;
+            if (!isString(credential)) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            await this.userService.resetPasswordWithToken(token, selectedNewPassword, credential, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.PasswordChange_Success),
+                },
+            };
+        });
+    }
+};
+exports.UserController = UserController;
+__decorate([
+    (0, controller_1.Get)('/verify', { auth: true }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "tokenVerifiedResponse", null);
+__decorate([
+    (0, controller_1.Get)('/refresh-token', { auth: true }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "refreshToken", null);
+__decorate([
+    (0, controller_1.Post)('/register', {
+        schema: RegisterSchema,
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)('username')
+                .matches(suite_core_lib_1.Constants.UsernameRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+            (0, express_validator_1.body)('email')
+                .isEmail()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+            (0, express_validator_1.body)('timezone')
+                .isString()
+                .custom((value) => (0, i18n_lib_1.isValidTimezone)(value))
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TimezoneInvalid, undefined, validationLanguage)),
+            (0, express_validator_1.body)('password')
+                .optional()
+                .matches(suite_core_lib_1.Constants.PasswordRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "register", null);
+__decorate([
+    (0, controller_1.Post)('/account-verification', {
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)('token')
+                .not()
+                .isEmpty()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenRequired, undefined, validationLanguage))
+                .matches(new RegExp(`^[a-f0-9]{${suite_core_lib_1.Constants.EmailTokenLength * 2}}$`))
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidToken, undefined, validationLanguage)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "completeAccountVerification", null);
+__decorate([
+    (0, controller_1.Post)('/language', {
+        auth: true,
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)('language')
+                .isString()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidLanguage, undefined, validationLanguage))
+                .isIn(Object.values(i18n_lib_1.LanguageCodes))
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidLanguage, undefined, validationLanguage)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "setLanguage", null);
+__decorate([
+    (0, controller_1.Get)('/backup-codes', { auth: true }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "getBackupCodeCount", null);
+__decorate([
+    (0, controller_1.Post)('/backup-codes', {
+        auth: true,
+        cryptoAuth: true,
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)().custom((value, { req }) => {
+                if (!req.body?.password && !req.body?.mnemonic) {
+                    throw new mnemonic_or_password_required_1.MnemonicOrPasswordRequiredError();
+                }
+                return true;
+            }),
+            (0, express_validator_1.body)('password')
+                .optional()
+                .notEmpty()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_CurrentPasswordRequired, undefined, validationLanguage)),
+            (0, express_validator_1.body)('mnemonic')
+                .optional()
+                .notEmpty()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicRequired, undefined, validationLanguage))
+                .matches(suite_core_lib_1.Constants.MnemonicRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicRegex, undefined, validationLanguage)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "resetBackupCodes", null);
+__decorate([
+    (0, controller_1.Post)('/recover-mnemonic', {
+        auth: true,
+        cryptoAuth: true,
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)('password')
+                .isString()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_CurrentPasswordRequired, undefined, validationLanguage)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "recoverMnemonic", null);
+__decorate([
+    (0, controller_1.Post)('/change-password', {
+        auth: true,
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)('currentPassword')
+                .notEmpty()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_Required, undefined, validationLanguage)),
+            (0, express_validator_1.body)('newPassword')
+                .matches(suite_core_lib_1.Constants.PasswordRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate))
+                .notEmpty()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_Required, undefined, validationLanguage)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "changePassword", null);
+__decorate([
+    (0, controller_1.Post)('/request-direct-login'),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "requestDirectLogin", null);
+__decorate([
+    (0, controller_1.Post)('/direct-challenge', {
+        schema: DirectLoginChallengeSchema,
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)('challenge')
+                .not()
+                .isEmpty()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidChallenge, undefined, validationLanguage))
+                .matches(new RegExp(`^[a-f0-9]{${(ecies_lib_1.UINT64_SIZE + 32 + ecies_lib_1.ECIES.SIGNATURE_SIZE) * 2}}$`))
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidChallenge, undefined, validationLanguage)),
+            (0, express_validator_1.body)('signature')
+                .not()
+                .isEmpty()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidSignature))
+                .matches(new RegExp(`^[a-f0-9]{${ecies_lib_1.ECIES.SIGNATURE_SIZE * 2}}$`))
+                .withMessage(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidSignature),
+            (0, express_validator_1.body)().custom((value, { req }) => {
+                if (!req.body.username && !req.body.email) {
+                    throw new suite_core_lib_1.UsernameOrEmailRequiredError();
+                }
+                return true;
+            }),
+            (0, express_validator_1.body)('username')
+                .optional()
+                .matches(suite_core_lib_1.Constants.UsernameRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+            (0, express_validator_1.body)('email')
+                .optional()
+                .isEmail()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "directLoginChallenge", null);
+__decorate([
+    (0, controller_1.Post)('/request-email-login', {
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)().custom((value, { req }) => {
+                if (!req.body.username && !req.body.email) {
+                    throw new suite_core_lib_1.UsernameOrEmailRequiredError();
+                }
+                return true;
+            }),
+            (0, express_validator_1.body)('username')
+                .optional()
+                .matches(suite_core_lib_1.Constants.UsernameRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+            (0, express_validator_1.body)('email')
+                .optional()
+                .isEmail()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "requestEmailLogin", null);
+__decorate([
+    (0, controller_1.Post)('/email-challenge', {
+        schema: EmailLoginChallengeSchema,
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)('token')
+                .not()
+                .isEmpty()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenRequired, undefined, validationLanguage))
+                .matches(new RegExp(`^[a-f0-9]{${suite_core_lib_1.Constants.EmailTokenLength * 2}}$`))
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidToken, undefined, validationLanguage)),
+            (0, express_validator_1.body)('signature')
+                .not()
+                .isEmpty()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidSignature))
+                .matches(new RegExp(`^[a-f0-9]{${ecies_lib_1.ECIES.SIGNATURE_SIZE * 2}}$`))
+                .withMessage(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidSignature),
+            (0, express_validator_1.body)().custom((value, { req }) => {
+                if (!req.body.username && !req.body.email) {
+                    throw new suite_core_lib_1.UsernameOrEmailRequiredError();
+                }
+                return true;
+            }),
+            (0, express_validator_1.body)('username')
+                .optional()
+                .matches(suite_core_lib_1.Constants.UsernameRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+            (0, express_validator_1.body)('email')
+                .optional()
+                .isEmail()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "emailLoginChallenge", null);
+__decorate([
+    (0, controller_1.Post)('/resend-verification', {
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)().custom((value, { req }) => {
+                if (!req.body.username && !req.body.email) {
+                    throw new suite_core_lib_1.UsernameOrEmailRequiredError();
+                }
+                return true;
+            }),
+            (0, express_validator_1.body)('username')
+                .optional()
+                .isString()
+                .matches(suite_core_lib_1.Constants.UsernameRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+            (0, express_validator_1.body)('email').optional().isEmail(),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "resendVerification", null);
+__decorate([
+    (0, controller_1.Post)('/backup-code', {
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)('email').optional().isEmail(),
+            (0, express_validator_1.body)('username')
+                .optional()
+                .matches(suite_core_lib_1.Constants.UsernameRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+            (0, express_validator_1.body)('code')
+                .custom((value) => {
+                const normalized = backup_code_1.BackupCode.normalizeCode(value);
+                return (suite_core_lib_1.Constants.BACKUP_CODES.DisplayRegex.test(value) ||
+                    suite_core_lib_1.Constants.BACKUP_CODES.NormalizedHexRegex.test(normalized));
+            })
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidBackupCode, undefined, validationLanguage)),
+            (0, express_validator_1.body)('recoverMnemonic').isBoolean().optional(),
+            (0, express_validator_1.body)('newPassword')
+                .optional()
+                .matches(suite_core_lib_1.Constants.PasswordRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate, undefined, validationLanguage)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "useBackupCodeLogin", null);
+__decorate([
+    (0, controller_1.Post)('/forgot-password', {
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)('email')
+                .isEmail()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "forgotPassword", null);
+__decorate([
+    (0, controller_1.Get)('/verify-reset-token'),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "verifyResetToken", null);
+__decorate([
+    (0, controller_1.Post)('/reset-password', {
+        validation: (validationLanguage) => [
+            (0, express_validator_1.body)('token')
+                .not()
+                .isEmpty()
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenRequired, undefined, validationLanguage))
+                .matches(new RegExp(`^[a-f0-9]{${suite_core_lib_1.Constants.EmailTokenLength * 2}}$`))
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidToken, undefined, validationLanguage)),
+            (0, express_validator_1.body)('newPassword')
+                .optional()
+                .isLength({ min: 8 })
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordMinLengthTemplate, undefined, validationLanguage))
+                .matches(suite_core_lib_1.Constants.PasswordRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate, undefined, validationLanguage)),
+            (0, express_validator_1.body)('password')
+                .optional()
+                .isLength({ min: 8 })
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordMinLengthTemplate, undefined, validationLanguage))
+                .matches(suite_core_lib_1.Constants.PasswordRegex)
+                .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate, undefined, validationLanguage)),
+            (0, express_validator_1.body)('currentPassword').optional().isString(),
+            (0, express_validator_1.body)('mnemonic').optional().isString(),
+        ],
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Function]),
+    __metadata("design:returntype", Promise)
+], UserController.prototype, "resetPassword", null);
+exports.UserController = UserController = __decorate([
+    (0, controller_1.Controller)(),
+    __metadata("design:paramtypes", [Object, jwt_1.JwtService,
+        user_1.UserService,
+        backup_code_2.BackupCodeService,
+        role_1.RoleService,
+        node_ecies_lib_1.ECIESService])
+], UserController);
+//# sourceMappingURL=user.js.map