@digitaldefiance/node-express-suite 1.0.21 → 1.0.23

package/dist/services/database-initialization.js

@@ -1,779 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DatabaseInitializationService = void 0;
-const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
-const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
-const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
-const crypto_1 = require("crypto");
-const mongodb_1 = require("mongodb");
-const mongoose_1 = require("mongoose");
-const zlib_1 = require("zlib");
-const backup_code_1 = require("../backup-code");
-const base_model_name_1 = require("../enumerations/base-model-name");
-const model_registry_1 = require("../model-registry");
-const key_wrapping_1 = require("../services/key-wrapping");
-const utils_1 = require("../utils");
-const backup_code_2 = require("./backup-code");
-const mnemonic_1 = require("./mnemonic");
-const role_1 = require("./role");
-const system_user_1 = require("./system-user");
-class DatabaseInitializationService {
-    /**
-     * Get the mnemonic or generate a new one if not present
-     * @param mnemonic The existing mnemonic or undefined
-     * @param eciesService The ECIES service to generate a new mnemonic
-     * @returns The existing or new mnemonic
-     */
-    static mnemonicOrNew(mnemonic, eciesService) {
-        return mnemonic && mnemonic.hasValue
-            ? mnemonic
-            : eciesService.generateNewMnemonic();
-    }
-    /**
-     * Generate a cache key for a user based on their details
-     * @param username The username
-     * @param email The email address
-     * @param mnemonic The mnemonic
-     * @param id The user ID
-     * @returns The generated cache key
-     */
-    static cacheKey(username, email, mnemonic, id) {
-        const combined = `${username}|${email.email}|${mnemonic.value}|${id.toString()}`;
-        const buffer = Buffer.from(combined, 'utf-8');
-        const crcHash = (0, zlib_1.crc32)(buffer);
-        return crcHash.toString(16).padStart(8, '0');
-    }
-    /**
-     * Get a cached BackendMember or create a new one if not cached
-     * @param username The username
-     * @param email The email address
-     * @param mnemonic The mnemonic or undefined to generate a new one
-     * @param memberType The type of member (Admin, Member, System)
-     * @param eciesService The ECIES service to handle key generation
-     * @param memberId Optional specific member ID to use
-     * @param createdBy Optional ID of the user who created this member
-     * @returns The cached or newly created BackendMember and the mnemonic used
-     */
-    static cacheOrNew(username, email, mnemonic, memberType, eciesService, memberId, createdBy) {
-        const m = this.mnemonicOrNew(mnemonic, eciesService);
-        const newId = memberId ? memberId : new mongodb_1.ObjectId();
-        const key = DatabaseInitializationService.cacheKey(username, email, m, newId);
-        if (!global.__MEMBER_CACHE__) {
-            global.__MEMBER_CACHE__ = new Map();
-        }
-        if (!global.__MEMBER_CACHE__.has(key)) {
-            const { wallet } = eciesService.walletAndSeedFromMnemonic(m);
-            // Get private key from wallet
-            const privateKey = wallet.getPrivateKey();
-            // Get public key with 0x04 prefix
-            const publicKeyWithPrefix = Buffer.concat([
-                Buffer.from([ecies_lib_1.ECIES.PUBLIC_KEY_MAGIC]),
-                wallet.getPublicKey(),
-            ]);
-            const user = new node_ecies_lib_1.Member(eciesService, memberType, username, email, publicKeyWithPrefix, new ecies_lib_1.SecureBuffer(privateKey), wallet, newId, undefined, undefined, createdBy);
-            global.__MEMBER_CACHE__.set(key, { mnemonic: m, member: user });
-            return { mnemonic: m, member: user };
-        }
-        else {
-            return global.__MEMBER_CACHE__.get(key);
-        }
-    }
-    /**
-     * Generate a random password
-     * @param length The length of the password
-     * @returns The generated password
-     */
-    static generatePassword(length) {
-        const specialCharacters = "!@#$%^&*()_+-=[]{};':|,.<>/?";
-        const numbers = '0123456789';
-        const letters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-        // Get a random character from a string
-        const getRandomChar = (chars) => {
-            // amazonq-ignore-next-line false positive
-            const randomIndex = (0, crypto_1.randomBytes)(1)[0] % chars.length;
-            return chars[randomIndex];
-        };
-        // Start with one of each required character type
-        // amazonq-ignore-next-line false positive
-        let password = '';
-        password += getRandomChar(letters);
-        password += getRandomChar(numbers);
-        password += getRandomChar(specialCharacters);
-        // Fill the rest with random characters from all types
-        const allCharacters = specialCharacters + numbers + letters;
-        for (let i = password.length; i < length; i++) {
-            password += getRandomChar(allCharacters);
-        }
-        // Shuffle the password characters to avoid predictable pattern
-        const chars = password.split('');
-        for (let i = chars.length - 1; i > 0; i--) {
-            // amazonq-ignore-next-line already fixed
-            const j = (0, crypto_1.randomBytes)(1)[0] % (i + 1);
-            [chars[i], chars[j]] = [chars[j], chars[i]];
-        }
-        return chars.join('');
-    }
-    /**
-     * Drops the database
-     * @param connection The database connection
-     * @returns True if the database was dropped, false if not connected
-     */
-    static async dropDatabase(connection) {
-        if (!connection.db)
-            return false;
-        (0, utils_1.debugLog)(true, 'warn', this.defaultI18nTFunc('{{StringName.Admin_DroppingDatabase}}'));
-        return connection.db.dropDatabase();
-    }
-    static getInitOptions(application) {
-        return {
-            adminId: application.environment.adminId
-                ? application.environment.adminId
-                : undefined,
-            adminMnemonic: application.environment.adminMnemonic?.hasValue
-                ? application.environment.adminMnemonic
-                : undefined,
-            adminPassword: application.environment.adminPassword?.hasValue
-                ? application.environment.adminPassword
-                : undefined,
-            adminRoleId: application.environment.adminRoleId
-                ? application.environment.adminRoleId
-                : undefined,
-            adminUserRoleId: application.environment.adminUserRoleId
-                ? application.environment.adminUserRoleId
-                : undefined,
-            adminBackupCodes: application.environment.adminBackupCodes
-                ? application.environment.adminBackupCodes
-                : undefined,
-            memberId: application.environment.memberId
-                ? application.environment.memberId
-                : undefined,
-            memberMnemonic: application.environment.memberMnemonic?.hasValue
-                ? application.environment.memberMnemonic
-                : undefined,
-            memberPassword: application.environment.memberPassword?.hasValue
-                ? application.environment.memberPassword
-                : undefined,
-            memberRoleId: application.environment.memberRoleId
-                ? application.environment.memberRoleId
-                : undefined,
-            memberUserRoleId: application.environment.memberUserRoleId
-                ? application.environment.memberUserRoleId
-                : undefined,
-            memberBackupCodes: application.environment.memberBackupCodes
-                ? application.environment.memberBackupCodes
-                : undefined,
-            systemId: application.environment.systemId
-                ? application.environment.systemId
-                : undefined,
-            systemMnemonic: application.environment.systemMnemonic?.hasValue
-                ? application.environment.systemMnemonic
-                : undefined,
-            systemPassword: application.environment.systemPassword?.hasValue
-                ? application.environment.systemPassword
-                : undefined,
-            systemRoleId: application.environment.systemRoleId
-                ? application.environment.systemRoleId
-                : undefined,
-            systemUserRoleId: application.environment.systemUserRoleId
-                ? application.environment.systemUserRoleId
-                : undefined,
-            systemBackupCodes: application.environment.systemBackupCodes
-                ? application.environment.systemBackupCodes
-                : undefined,
-        };
-    }
-    static serverInitResultHash(serverInitResult) {
-        const h = (0, crypto_1.createHash)('sha256');
-        h.update(serverInitResult.adminUser._id.toHexString());
-        h.update(serverInitResult.adminRole._id.toHexString());
-        h.update(serverInitResult.adminUserRole._id.toHexString());
-        h.update(serverInitResult.adminUsername);
-        h.update(serverInitResult.adminEmail);
-        h.update(serverInitResult.adminMnemonic);
-        h.update(serverInitResult.adminPassword);
-        h.update(serverInitResult.adminUser.publicKey);
-        serverInitResult.adminBackupCodes.map((bc) => h.update(bc));
-        h.update(serverInitResult.memberUser._id.toHexString());
-        h.update(serverInitResult.memberRole._id.toHexString());
-        h.update(serverInitResult.memberUserRole._id.toHexString());
-        h.update(serverInitResult.memberUsername);
-        h.update(serverInitResult.memberEmail);
-        h.update(serverInitResult.memberMnemonic);
-        h.update(serverInitResult.memberPassword);
-        h.update(serverInitResult.memberUser.publicKey);
-        serverInitResult.memberBackupCodes.map((bc) => h.update(bc));
-        h.update(serverInitResult.systemUser._id.toHexString());
-        h.update(serverInitResult.systemRole._id.toHexString());
-        h.update(serverInitResult.systemUserRole._id.toHexString());
-        h.update(serverInitResult.systemUsername);
-        h.update(serverInitResult.systemEmail);
-        h.update(serverInitResult.systemMnemonic);
-        h.update(serverInitResult.systemPassword);
-        h.update(serverInitResult.systemUser.publicKey);
-        serverInitResult.systemBackupCodes.map((bc) => h.update(bc));
-        return h.digest('hex');
-    }
-    /**
-     * Initialize the user database with default users and roles (with dependency injection)
-     * @param application The application
-     * @param keyWrappingService The key wrapping service
-     * @param mnemonicService The mnemonic service
-     * @param eciesService The ECIES service
-     * @param roleService The role service
-     * @param backupCodeService The backup code service
-     * @returns The result of the initialization
-     */
-    static async initUserDbWithServices(application, keyWrappingService, mnemonicService, eciesService, roleService, backupCodeService) {
-        const isTestEnvironment = process.env['NODE_ENV'] === 'test';
-        const options = DatabaseInitializationService.getInitOptions(application);
-        const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
-        const RoleModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.Role);
-        const adminUserId = options.adminId ?? new mongoose_1.Types.ObjectId();
-        const adminRoleId = options.adminRoleId ?? new mongoose_1.Types.ObjectId();
-        const adminUserRoleId = options.adminUserRoleId ?? new mongoose_1.Types.ObjectId();
-        const memberUserId = options.memberId ?? new mongoose_1.Types.ObjectId();
-        const memberRoleId = options.memberRoleId ?? new mongoose_1.Types.ObjectId();
-        const memberUserRoleId = options.memberUserRoleId ?? new mongoose_1.Types.ObjectId();
-        const systemUserId = options.systemId ?? new mongoose_1.Types.ObjectId();
-        const systemRoleId = options.systemRoleId ?? new mongoose_1.Types.ObjectId();
-        const systemUserRoleId = options.systemUserRoleId ?? new mongoose_1.Types.ObjectId();
-        // Check for existing users and roles with optimized queries
-        // Use lean() for better performance on read-only operations
-        const [existingUsers, existingRoles] = await Promise.all([
-            UserModel.find({
-                username: {
-                    $in: [
-                        suite_core_lib_1.Constants.SystemUser,
-                        suite_core_lib_1.Constants.AdministratorUser,
-                        suite_core_lib_1.Constants.MemberUser,
-                    ],
-                },
-            }).lean(),
-            RoleModel.find({
-                name: {
-                    $in: [
-                        suite_core_lib_1.Constants.AdministratorRole,
-                        suite_core_lib_1.Constants.MemberRole,
-                        suite_core_lib_1.Constants.SystemRole,
-                    ],
-                },
-            }).lean(),
-        ]);
-        if (existingUsers.length > 0 || existingRoles.length > 0) {
-            // Database is already initialized, return the existing data
-            const existingAdminUser = existingUsers.find((u) => u.username === suite_core_lib_1.Constants.AdministratorUser);
-            const existingMemberUser = existingUsers.find((u) => u.username === suite_core_lib_1.Constants.MemberUser);
-            const existingSystemUser = existingUsers.find((u) => u.username === suite_core_lib_1.Constants.SystemUser);
-            if (existingAdminUser && existingMemberUser && existingSystemUser) {
-                // Try to construct a minimal result from existing data
-                // Note: This is a fallback case and some data may not be available
-                const UserRoleModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.UserRole);
-                const [adminRole, memberRole, systemRole, adminUserRole, memberUserRole, systemUserRole,] = await Promise.all([
-                    RoleModel.findOne({ name: suite_core_lib_1.Constants.AdministratorRole }),
-                    RoleModel.findOne({ name: suite_core_lib_1.Constants.MemberRole }),
-                    RoleModel.findOne({ name: suite_core_lib_1.Constants.SystemRole }),
-                    UserRoleModel.findOne({ userId: existingAdminUser._id }),
-                    UserRoleModel.findOne({ userId: existingMemberUser._id }),
-                    UserRoleModel.findOne({ userId: existingSystemUser._id }),
-                ]);
-                if (adminRole &&
-                    memberRole &&
-                    systemRole &&
-                    adminUserRole &&
-                    memberUserRole &&
-                    systemUserRole) {
-                    return {
-                        success: true,
-                        data: {
-                            adminRole,
-                            adminUserRole,
-                            adminUser: existingAdminUser,
-                            adminUsername: existingAdminUser.username,
-                            adminEmail: existingAdminUser.email,
-                            adminMnemonic: '', // Not available in fallback
-                            adminPassword: '', // Not available in fallback
-                            adminBackupCodes: [], // Not available in fallback
-                            adminMember: {}, // Not available in fallback
-                            memberRole,
-                            memberUserRole,
-                            memberUser: existingMemberUser,
-                            memberUsername: existingMemberUser.username,
-                            memberEmail: existingMemberUser.email,
-                            memberMnemonic: '', // Not available in fallback
-                            memberPassword: '', // Not available in fallback
-                            memberBackupCodes: [], // Not available in fallback
-                            memberMember: {}, // Not available in fallback
-                            systemRole,
-                            systemUserRole,
-                            systemUser: existingSystemUser,
-                            systemUsername: existingSystemUser.username,
-                            systemEmail: existingSystemUser.email,
-                            systemMnemonic: '', // Not available in fallback
-                            systemPassword: '', // Not available in fallback
-                            systemBackupCodes: [], // Not available in fallback
-                            systemMember: {}, // Not available in fallback
-                        },
-                    };
-                }
-            }
-            return {
-                success: false,
-                message: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_DatabaseAlreadyInitialized),
-                error: new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_DatabaseAlreadyInitialized)),
-            };
-        }
-        (0, utils_1.debugLog)(application.environment.detailedDebug, 'log', (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_SettingUpUsersAndRoles));
-        const now = new Date();
-        // Add a small random delay in test environments to reduce collision probability
-        if (isTestEnvironment) {
-            const delay = (0, crypto_1.randomBytes)(1)[0] % 50 + 10; // 10-60ms random delay (reduced)
-            await new Promise((resolve) => setTimeout(resolve, delay));
-        }
-        try {
-            // Use test-optimized settings for better performance
-            const transactionOptions = isTestEnvironment
-                ? { timeoutMs: 15000, retryAttempts: 2 } // Reduced timeout and retries for tests
-                : { timeoutMs: 120000 }; // Keep original production timeout
-            const result = await (0, utils_1.withTransaction)(application.db.connection, application.environment.mongo.useTransactions, undefined, async (sess) => {
-                // Check if admin role already exists
-                let adminRole = await RoleModel.findOne({
-                    name: suite_core_lib_1.Constants.AdministratorRole,
-                }).session(sess ?? null);
-                if (!adminRole) {
-                    const adminRoleDocs = await RoleModel.create([
-                        {
-                            _id: adminRoleId,
-                            name: suite_core_lib_1.Constants.AdministratorRole,
-                            admin: true,
-                            member: true,
-                            system: false,
-                            child: false,
-                            createdAt: now,
-                            updatedAt: now,
-                            createdBy: systemUserId,
-                            updatedBy: systemUserId,
-                        },
-                    ], { session: sess });
-                    if (adminRoleDocs.length !== 1) {
-                        throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateRoleTemplate, {
-                            NAME: suite_core_lib_1.Constants.AdministratorRole,
-                        });
-                    }
-                    adminRole = adminRoleDocs[0];
-                }
-                // Check if member role already exists
-                let memberRole = await RoleModel.findOne({
-                    name: suite_core_lib_1.Constants.MemberRole,
-                }).session(sess ?? null);
-                if (!memberRole) {
-                    const memberRoleDocs = await RoleModel.create([
-                        {
-                            _id: memberRoleId,
-                            name: suite_core_lib_1.Constants.MemberRole,
-                            admin: false,
-                            member: true,
-                            child: false,
-                            system: false,
-                            createdAt: now,
-                            updatedAt: now,
-                            createdBy: systemUserId,
-                            updatedBy: systemUserId,
-                        },
-                    ], { session: sess });
-                    if (memberRoleDocs.length !== 1) {
-                        throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateRoleTemplate, {
-                            NAME: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Member),
-                        });
-                    }
-                    memberRole = memberRoleDocs[0];
-                }
-                // Check if system role already exists
-                let systemRole = await RoleModel.findOne({
-                    name: suite_core_lib_1.Constants.SystemRole,
-                }).session(sess ?? null);
-                if (!systemRole) {
-                    const systemRoleDocs = await RoleModel.create([
-                        {
-                            _id: systemRoleId,
-                            name: suite_core_lib_1.Constants.SystemRole,
-                            admin: true,
-                            member: true,
-                            system: true,
-                            child: false,
-                            createdAt: now,
-                            updatedAt: now,
-                            createdBy: systemUserId,
-                            updatedBy: systemUserId,
-                        },
-                    ], { session: sess });
-                    if (systemRoleDocs.length !== 1) {
-                        throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateRoleTemplate);
-                    }
-                    systemRole = systemRoleDocs[0];
-                }
-                const systemUser = DatabaseInitializationService.cacheOrNew(suite_core_lib_1.Constants.SystemUser, new ecies_lib_1.EmailString(suite_core_lib_1.Constants.SystemEmail), options.systemMnemonic, ecies_lib_1.MemberType.System, eciesService, options.systemId, options.systemId);
-                backupCodeService.setSystemUser(systemUser.member);
-                system_user_1.SystemUserService.setSystemUser(systemUser.member);
-                // Encrypt mnemonic for recovery
-                const systemEncryptedMnemonic = systemUser.member
-                    .encryptData(Buffer.from(systemUser.mnemonic.value ?? '', 'utf-8'))
-                    .toString('hex');
-                const systemMnemonicDoc = await mnemonicService.addMnemonic(systemUser.mnemonic, sess);
-                if (!systemMnemonicDoc) {
-                    throw new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToStoreUserMnemonicTemplate, {
-                        NAME: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_System),
-                    }));
-                }
-                const systemPasswordSecure = options.systemPassword
-                    ? options.systemPassword
-                    : new ecies_lib_1.SecureString(this.generatePassword(16));
-                const systemWrapped = keyWrappingService.wrapSecret(systemUser.member.privateKey, systemPasswordSecure);
-                const systemBackupCodes = options.systemBackupCodes ?? backup_code_1.BackupCode.generateBackupCodes();
-                const encryptedSystemBackupCodes = await backup_code_1.BackupCode.encryptBackupCodes(systemUser.member, systemUser.member, systemBackupCodes);
-                const systemDocs = await UserModel.create([
-                    {
-                        _id: systemUserId,
-                        username: suite_core_lib_1.Constants.SystemUser,
-                        email: suite_core_lib_1.Constants.SystemEmail,
-                        publicKey: systemUser.member.publicKey.toString('hex'),
-                        duressPasswords: [],
-                        mnemonicRecovery: systemEncryptedMnemonic,
-                        mnemonicId: systemMnemonicDoc._id,
-                        passwordWrappedPrivateKey: systemWrapped,
-                        backupCodes: encryptedSystemBackupCodes,
-                        timezone: application.environment.timezone.value,
-                        siteLanguage: 'en-US',
-                        emailVerified: true,
-                        accountStatus: suite_core_lib_1.AccountStatus.Active,
-                        createdAt: now,
-                        updatedAt: now,
-                        createdBy: systemUserId,
-                        updatedBy: systemUserId,
-                    },
-                ], { session: sess });
-                if (systemDocs.length !== 1) {
-                    throw new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateUserTemplate, {
-                        NAME: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_System),
-                    }));
-                }
-                const systemDoc = systemDocs[0];
-                // Create admin user-role relationship
-                const systemUserRoleDoc = await roleService.addUserToRole(systemRoleId, systemUserId, systemUserId, sess, systemUserRoleId);
-                if (!systemUser.mnemonic.value) {
-                    throw new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_MnemonicIsNullTemplate, {
-                        NAME: suite_core_lib_1.SuiteCoreStringKey.Common_System,
-                    }));
-                }
-                const adminUser = DatabaseInitializationService.cacheOrNew(suite_core_lib_1.Constants.AdministratorUser, new ecies_lib_1.EmailString(suite_core_lib_1.Constants.AdministratorEmail), options.adminMnemonic, ecies_lib_1.MemberType.User, eciesService, options.adminId, systemDoc._id);
-                // Encrypt mnemonic for recovery
-                const adminEncryptedMnemonic = adminUser.member
-                    .encryptData(Buffer.from(adminUser.mnemonic.value ?? '', 'utf-8'))
-                    .toString('hex');
-                const adminMnemonicDoc = await mnemonicService.addMnemonic(adminUser.mnemonic, sess);
-                if (!adminMnemonicDoc) {
-                    throw new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToStoreUserMnemonicTemplate, {
-                        NAME: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Admin),
-                    }));
-                }
-                const adminPasswordSecure = options.adminPassword
-                    ? options.adminPassword
-                    : new ecies_lib_1.SecureString(this.generatePassword(16));
-                const adminWrapped = keyWrappingService.wrapSecret(adminUser.member.privateKey, adminPasswordSecure);
-                const adminBackupCodes = options.adminBackupCodes ?? backup_code_1.BackupCode.generateBackupCodes();
-                const encryptedAdminBackupCodes = await backup_code_1.BackupCode.encryptBackupCodes(adminUser.member, systemUser.member, adminBackupCodes);
-                const adminDocs = await UserModel.create([
-                    {
-                        _id: adminUserId,
-                        username: suite_core_lib_1.Constants.AdministratorUser,
-                        email: suite_core_lib_1.Constants.AdministratorEmail,
-                        publicKey: adminUser.member.publicKey.toString('hex'),
-                        duressPasswords: [],
-                        mnemonicRecovery: adminEncryptedMnemonic,
-                        mnemonicId: adminMnemonicDoc._id,
-                        passwordWrappedPrivateKey: adminWrapped,
-                        backupCodes: encryptedAdminBackupCodes,
-                        timezone: application.environment.timezone.value,
-                        siteLanguage: 'en-US',
-                        emailVerified: true,
-                        accountStatus: suite_core_lib_1.AccountStatus.Active,
-                        createdAt: now,
-                        updatedAt: now,
-                        createdBy: systemUserId,
-                        updatedBy: systemUserId,
-                    },
-                ], { session: sess });
-                if (adminDocs.length !== 1) {
-                    throw new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateUserTemplate, {
-                        NAME: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Admin),
-                    }));
-                }
-                const adminDoc = adminDocs[0];
-                // Create admin user-role relationship
-                const adminUserRoleDoc = await roleService.addUserToRole(adminRoleId, adminUserId, systemUserId, sess, adminUserRoleId);
-                if (!adminUser.mnemonic.value) {
-                    throw new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_MnemonicIsNullTemplate, {
-                        NAME: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Admin),
-                    }));
-                }
-                const memberUser = DatabaseInitializationService.cacheOrNew(suite_core_lib_1.Constants.MemberUser, new ecies_lib_1.EmailString(suite_core_lib_1.Constants.MemberEmail), options.memberMnemonic, ecies_lib_1.MemberType.User, eciesService, options.memberId, systemDoc._id);
-                const memberPasswordSecure = options.memberPassword
-                    ? options.memberPassword
-                    : new ecies_lib_1.SecureString(this.generatePassword(16));
-                const memberMnemonicDoc = await mnemonicService.addMnemonic(memberUser.mnemonic, sess);
-                if (!memberMnemonicDoc) {
-                    throw new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToStoreUserMnemonicTemplate, {
-                        NAME: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Member),
-                    }));
-                }
-                // Encrypt mnemonic for recovery
-                const encryptedMemberMnemonic = memberUser.member
-                    .encryptData(Buffer.from(memberUser.mnemonic.value ?? '', 'utf-8'))
-                    .toString('hex');
-                const memberWrapped = keyWrappingService.wrapSecret(memberUser.member.privateKey, memberPasswordSecure);
-                const memberBackupCodes = options.memberBackupCodes ?? backup_code_1.BackupCode.generateBackupCodes();
-                const encryptedMemberBackupCodes = await backup_code_1.BackupCode.encryptBackupCodes(memberUser.member, systemUser.member, memberBackupCodes);
-                const memberDocs = await UserModel.create([
-                    {
-                        _id: memberUserId,
-                        username: suite_core_lib_1.Constants.MemberUser,
-                        email: suite_core_lib_1.Constants.MemberEmail,
-                        publicKey: memberUser.member.publicKey.toString('hex'),
-                        mnemonicId: memberMnemonicDoc._id,
-                        mnemonicRecovery: encryptedMemberMnemonic,
-                        passwordWrappedPrivateKey: memberWrapped,
-                        backupCodes: encryptedMemberBackupCodes,
-                        duressPasswords: [],
-                        timezone: application.environment.timezone.value,
-                        siteLanguage: 'en-US',
-                        emailVerified: true,
-                        accountStatus: suite_core_lib_1.AccountStatus.Active,
-                        createdAt: now,
-                        updatedAt: now,
-                        createdBy: systemUserId,
-                        updatedBy: systemUserId,
-                    },
-                ], { session: sess });
-                if (memberDocs.length !== 1) {
-                    throw new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateUserTemplate, {
-                        NAME: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Member),
-                    }));
-                }
-                const memberDoc = memberDocs[0];
-                // Create member user-role relationship
-                const memberUserRoleDoc = await roleService.addUserToRole(memberRoleId, memberUserId, systemUserId, sess, memberUserRoleId);
-                if (!memberUser.mnemonic.value) {
-                    throw new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_MnemonicIsNullTemplate, {
-                        NAME: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Member),
-                    }));
-                }
-                return {
-                    adminRole,
-                    memberRole,
-                    systemRole,
-                    systemDoc,
-                    systemUserRoleDoc,
-                    systemPassword: systemPasswordSecure.notNullValue,
-                    systemMnemonic: systemUser.mnemonic.notNullValue,
-                    systemBackupCodes: systemBackupCodes,
-                    systemMember: systemUser.member,
-                    adminDoc,
-                    adminUserRoleDoc,
-                    adminPassword: adminPasswordSecure.notNullValue,
-                    adminMnemonic: adminUser.mnemonic.notNullValue,
-                    adminBackupCodes: adminBackupCodes,
-                    adminMember: adminUser.member,
-                    memberDoc,
-                    memberUserRoleDoc,
-                    memberPassword: memberPasswordSecure.notNullValue,
-                    memberMnemonic: memberUser.mnemonic.notNullValue,
-                    memberBackupCodes: memberBackupCodes,
-                    memberUser: memberUser.member,
-                };
-            }, transactionOptions);
-            return {
-                success: true,
-                data: {
-                    adminRole: result.adminRole,
-                    adminUserRole: result.adminUserRoleDoc,
-                    adminUser: result.adminDoc,
-                    adminUsername: result.adminDoc.username,
-                    adminEmail: result.adminDoc.email,
-                    adminMnemonic: result.adminMnemonic,
-                    adminPassword: result.adminPassword,
-                    adminBackupCodes: result.adminBackupCodes.map((bc) => bc.value ?? ''),
-                    adminMember: result.adminMember,
-                    memberRole: result.memberRole,
-                    memberUserRole: result.memberUserRoleDoc,
-                    memberUser: result.memberDoc,
-                    memberUsername: result.memberDoc.username,
-                    memberEmail: result.memberDoc.email,
-                    memberMnemonic: result.memberMnemonic,
-                    memberPassword: result.memberPassword,
-                    memberBackupCodes: result.memberBackupCodes.map((bc) => bc.value ?? ''),
-                    memberMember: result.memberUser,
-                    systemRole: result.systemRole,
-                    systemUserRole: result.systemUserRoleDoc,
-                    systemUser: result.systemDoc,
-                    systemUsername: result.systemDoc.username,
-                    systemEmail: result.systemDoc.email,
-                    systemMnemonic: result.systemMnemonic,
-                    systemPassword: result.systemPassword,
-                    systemBackupCodes: result.systemBackupCodes.map((bc) => bc.value ?? ''),
-                    systemMember: result.systemMember,
-                },
-            };
-        }
-        catch (error) {
-            return {
-                success: false,
-                message: (0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_Error_FailedToInitializeUserDatabase),
-                error: error instanceof Error
-                    ? error
-                    : new Error((0, suite_core_lib_1.getSuiteCoreI18nEngine)().translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_Error_FailedToInitializeUserDatabase)),
-            };
-        }
-    }
-    static printServerInitResults(result) {
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('\n=== {{StringName.Admin_AccountCredentials}} ==='));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_System}} {{StringName.Common_ID}}: {id}', undefined, {
-            id: result.systemUser._id.toHexString(),
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_System}} {{StringName.Common_Role}}: {roleName}', undefined, {
-            roleName: result.systemRole.name,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_System}} {{StringName.Common_Role}} {{StringName.Common_ID}}: {roleId}', undefined, {
-            roleId: result.systemRole._id.toString(),
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_System}} {{StringName.Common_User}} {{StringName.Common_Role}} {{StringName.Common_ID}}: {userRoleId}', undefined, {
-            userRoleId: result.systemUserRole._id.toString(),
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_System}} {{StringName.Common_Username}}: {username}', undefined, {
-            username: result.systemUsername,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_System}} {{StringName.Common_Email}}: {email}', undefined, {
-            email: result.systemEmail,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_System}} {{StringName.Common_Password}}: {password}', undefined, {
-            password: result.systemPassword,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_System}} {{StringName.Common_Mnemonic}}: {mnemonic}', undefined, {
-            mnemonic: result.systemMnemonic,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_System}} {{StringName.Common_PublicKey}}: {publicKey}', undefined, {
-            publicKey: result.systemUser.publicKey,
-        }));
-        (0, utils_1.debugLog)(true, 'log', `${this.defaultI18nTFunc('{{StringName.Common_System}} {{StringName.Common_BackupCodes}}')}: ${result.systemBackupCodes.join(', ')}`);
-        (0, utils_1.debugLog)(true, 'log', '');
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Admin}} {{StringName.Common_ID}}: {id}', undefined, {
-            id: result.adminUser._id.toHexString(),
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Admin}} {{StringName.Common_Role}}: {roleName}', undefined, {
-            roleName: result.adminRole.name,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Admin}} {{StringName.Common_Role}} {{StringName.Common_ID}}: {roleId}', undefined, {
-            roleId: result.adminRole._id.toString(),
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Admin}} {{StringName.Common_User}} {{StringName.Common_Role}} {{StringName.Common_ID}}: {userRoleId}', undefined, {
-            userRoleId: result.adminUserRole._id.toString(),
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Admin}} {{StringName.Common_Username}}: {username}', undefined, {
-            username: result.adminUsername,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Admin}} {{StringName.Common_Email}}: {email}', undefined, {
-            email: result.adminEmail,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Admin}} {{StringName.Common_Password}}: {password}', undefined, {
-            password: result.adminPassword,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Admin}} {{StringName.Common_Mnemonic}}: {mnemonic}', undefined, {
-            mnemonic: result.adminMnemonic,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Admin}} {{StringName.Common_PublicKey}}: {publicKey}', undefined, {
-            publicKey: result.adminUser.publicKey,
-        }));
-        (0, utils_1.debugLog)(true, 'log', `${this.defaultI18nTFunc('{{StringName.Common_Admin}} {{StringName.Common_BackupCodes}}')}: ${result.adminBackupCodes.join(', ')}`);
-        (0, utils_1.debugLog)(true, 'log', '');
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Member}} {{StringName.Common_ID}}: {id}', undefined, {
-            id: result.memberUser._id.toHexString(),
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Member}} {{StringName.Common_Role}}: {roleName}', undefined, {
-            roleName: result.memberRole.name,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Member}} {{StringName.Common_Role}} {{StringName.Common_ID}}: {roleId}', undefined, {
-            roleId: result.memberRole._id.toString(),
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Member}} {{StringName.Common_User}} {{StringName.Common_Role}} {{StringName.Common_ID}}: {userRoleId}', undefined, {
-            userRoleId: result.memberUserRole._id.toString(),
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Member}} {{StringName.Common_Username}}: {username}', undefined, {
-            username: result.memberUsername,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Member}} {{StringName.Common_Email}}: {email}', undefined, {
-            email: result.memberEmail,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Member}} {{StringName.Common_Password}}: {password}', undefined, {
-            password: result.memberPassword,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Member}} {{StringName.Common_Mnemonic}}: {mnemonic}', undefined, {
-            mnemonic: result.memberMnemonic,
-        }));
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('{{StringName.Common_Member}} {{StringName.Common_PublicKey}}: {publicKey}', undefined, {
-            publicKey: result.memberUser.publicKey,
-        }));
-        (0, utils_1.debugLog)(true, 'log', `${this.defaultI18nTFunc('{{StringName.Common_Member}} {{StringName.Common_BackupCodes}}')}: ${result.memberBackupCodes.join(', ')}`);
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('\n=== {{StringName.Admin_EndCredentials}} ==='));
-    }
-    static setEnvFromInitResults(result) {
-        process.env['ADMIN_ID'] = result.adminUser._id.toHexString();
-        process.env['ADMIN_PUBLIC_KEY'] = result.adminUser.publicKey;
-        process.env['ADMIN_MNEMONIC'] = result.adminMnemonic;
-        process.env['ADMIN_PASSWORD'] = result.adminPassword;
-        process.env['ADMIN_ROLE_ID'] = result.adminRole._id.toHexString();
-        process.env['ADMIN_USER_ROLE_ID'] = result.adminUserRole._id.toHexString();
-        //
-        process.env['MEMBER_ID'] = result.memberUser._id.toHexString();
-        process.env['MEMBER_PUBLIC_KEY'] = result.memberUser.publicKey;
-        process.env['MEMBER_MNEMONIC'] = result.memberMnemonic;
-        process.env['MEMBER_PASSWORD'] = result.memberPassword;
-        process.env['MEMBER_ROLE_ID'] = result.memberRole._id.toHexString();
-        process.env['MEMBER_USER_ROLE_ID'] =
-            result.memberUserRole._id.toHexString();
-        //
-        process.env['SYSTEM_ID'] = result.systemUser._id.toHexString();
-        process.env['SYSTEM_PUBLIC_KEY'] = result.systemUser.publicKey;
-        process.env['SYSTEM_MNEMONIC'] = result.systemMnemonic;
-        process.env['SYSTEM_PASSWORD'] = result.systemPassword;
-        process.env['SYSTEM_ROLE_ID'] = result.systemRole._id.toHexString();
-        process.env['SYSTEM_USER_ROLE_ID'] =
-            result.systemUserRole._id.toHexString();
-    }
-    /**
-     * Initialize the user database with default users and roles (convenience method)
-     * This method creates the necessary services and calls initUserDbWithServices
-     * @param application The application
-     * @returns The result of the initialization
-     */
-    static async initUserDb(application) {
-        const mnemonicModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.Mnemonic);
-        const keyWrappingService = new key_wrapping_1.KeyWrappingService();
-        const mnemonicService = new mnemonic_1.MnemonicService(mnemonicModel, application.environment.mnemonicHmacSecret, keyWrappingService);
-        const config = {
-            curveName: ecies_lib_1.ECIES.CURVE_NAME,
-            primaryKeyDerivationPath: ecies_lib_1.ECIES.PRIMARY_KEY_DERIVATION_PATH,
-            mnemonicStrength: ecies_lib_1.ECIES.MNEMONIC_STRENGTH,
-            symmetricAlgorithm: ecies_lib_1.ECIES.SYMMETRIC_ALGORITHM_CONFIGURATION,
-            symmetricKeyBits: ecies_lib_1.ECIES.SYMMETRIC.KEY_BITS,
-            symmetricKeyMode: ecies_lib_1.ECIES.SYMMETRIC.MODE,
-        };
-        const eciesService = new node_ecies_lib_1.ECIESService(config);
-        const roleService = new role_1.RoleService(application);
-        const backupCodeService = new backup_code_2.BackupCodeService(application, eciesService, keyWrappingService, roleService);
-        return this.initUserDbWithServices(application, keyWrappingService, mnemonicService, eciesService, roleService, backupCodeService);
-    }
-}
-exports.DatabaseInitializationService = DatabaseInitializationService;
-// Static initialization state management
-DatabaseInitializationService.initializationPromises = new Map();
-DatabaseInitializationService.initializationLock = new Map();
-DatabaseInitializationService.defaultI18nTFunc = (0, suite_core_lib_1.getSuiteCoreI18nEngine)().t;
-//# sourceMappingURL=database-initialization.js.map