npm - @digitaldefiance/node-express-suite - Versions diffs - 1.0.21 → 1.0.23 - Mend

@digitaldefiance/node-express-suite 1.0.21 → 1.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (633) hide show

package/README.md +9 -0
package/package.json +27 -32
package/src/application-base.ts +492 -0
package/src/application.ts +254 -0
package/src/backup-code.ts +336 -0
package/src/constants.ts +69 -0
package/src/controllers/base.ts +440 -0
package/{dist/controllers/index.d.ts → src/controllers/index.ts} +0 -1
package/src/controllers/user.ts +1451 -0
package/src/decorators/base-controller.ts +61 -0
package/src/decorators/controller.ts +109 -0
package/{dist/decorators/index.d.ts → src/decorators/index.ts} +0 -1
package/src/decorators/zod-validation.ts +57 -0
package/src/defaults.ts +94 -0
package/src/documents/base.ts +7 -0
package/src/documents/email-token.ts +14 -0
package/{dist/documents/index.d.ts → src/documents/index.ts} +0 -1
package/{dist/documents/mnemonic.d.ts → src/documents/mnemonic.ts} +5 -2
package/{dist/documents/role.d.ts → src/documents/role.ts} +5 -2
package/src/documents/used-direct-login-token.ts +7 -0
package/{dist/documents/user-role.d.ts → src/documents/user-role.ts} +5 -2
package/{dist/documents/user.d.ts → src/documents/user.ts} +4 -2
package/src/enumerations/base-model-name.ts +41 -0
package/{dist/enumerations/index.d.ts → src/enumerations/index.ts} +0 -1
package/src/enumerations/length-encoding-type.ts +6 -0
package/src/enumerations/schema-collection.ts +33 -0
package/src/enumerations/symmetric-error-type.ts +4 -0
package/src/environment.ts +770 -0
package/src/errors/express-validation.ts +21 -0
package/{dist/errors/index.d.ts → src/errors/index.ts} +0 -1
package/src/errors/invalid-backup-code-version.ts +14 -0
package/src/errors/invalid-jwt-token.ts +10 -0
package/src/errors/invalid-model.ts +11 -0
package/src/errors/invalid-new-password.ts +18 -0
package/src/errors/invalid-password.ts +13 -0
package/src/errors/missing-validated-data.ts +36 -0
package/src/errors/mnemonic-or-password-required.ts +12 -0
package/src/errors/model-not-registered.ts +11 -0
package/src/errors/mongoose-validation.ts +34 -0
package/src/errors/symmetric.ts +41 -0
package/src/errors/token-expired.ts +10 -0
package/src/get-language.ts +53 -0
package/src/get-timezone.ts +45 -0
package/{dist/index.d.ts → src/index.ts} +3 -2
package/{dist/interfaces/api-error-response.d.ts → src/interfaces/api-error-response.ts} +2 -2
package/src/interfaces/api-express-validation-error-response.ts +8 -0
package/src/interfaces/api-message-response.ts +3 -0
package/{dist/interfaces/api-mongo-validation-error-response.d.ts → src/interfaces/api-mongo-validation-error-response.ts} +2 -2
package/{dist/interfaces/api-responses/backup-codes-response.d.ts → src/interfaces/api-responses/backup-codes-response.ts} +2 -2
package/{dist/interfaces/api-responses/challenge-response.d.ts → src/interfaces/api-responses/challenge-response.ts} +3 -3
package/{dist/interfaces/api-responses/code-count-response.d.ts → src/interfaces/api-responses/code-count-response.ts} +2 -2
package/{dist/interfaces/api-responses/index.d.ts → src/interfaces/api-responses/index.ts} +0 -1
package/{dist/interfaces/api-responses/login-response.d.ts → src/interfaces/api-responses/login-response.ts} +4 -4
package/{dist/interfaces/api-responses/mnemonic-response.d.ts → src/interfaces/api-responses/mnemonic-response.ts} +2 -2
package/{dist/interfaces/api-responses/registration-response.d.ts → src/interfaces/api-responses/registration-response.ts} +3 -3
package/{dist/interfaces/api-responses/request-user-response.d.ts → src/interfaces/api-responses/request-user-response.ts} +2 -2
package/{dist/interfaces/application.d.ts → src/interfaces/application.ts} +7 -7
package/src/interfaces/backend-objects/email-token.ts +11 -0
package/{dist/interfaces/backend-objects/index.d.ts → src/interfaces/backend-objects/index.ts} +0 -1
package/{dist/interfaces/backend-objects/request-user.d.ts → src/interfaces/backend-objects/request-user.ts} +7 -2
package/{dist/interfaces/backend-objects/role.d.ts → src/interfaces/backend-objects/role.ts} +1 -1
package/src/interfaces/backend-objects/user.ts +9 -0
package/src/interfaces/checksum-config.ts +4 -0
package/src/interfaces/checksum-consts.ts +13 -0
package/{dist/interfaces/constants.d.ts → src/interfaces/constants.ts} +5 -5
package/src/interfaces/create-user-basics.ts +17 -0
package/src/interfaces/csp-config.ts +35 -0
package/src/interfaces/deep-partial.ts +3 -0
package/{dist/interfaces/discriminator-collections.d.ts → src/interfaces/discriminator-collections.ts} +3 -3
package/src/interfaces/email-service.ts +8 -0
package/src/interfaces/environment-mongo.ts +76 -0
package/src/interfaces/environment.ts +181 -0
package/src/interfaces/failable-result.ts +6 -0
package/src/interfaces/fec-consts.ts +4 -0
package/src/interfaces/handleable-error-options.ts +6 -0
package/{dist/interfaces/index.d.ts → src/interfaces/index.ts} +0 -1
package/src/interfaces/jwt-consts.ts +23 -0
package/src/interfaces/jwt-sign-response.ts +19 -0
package/src/interfaces/mongo-errors.ts +5 -0
package/src/interfaces/request-user.ts +50 -0
package/src/interfaces/required-string-keys.ts +26 -0
package/src/interfaces/schema.ts +31 -0
package/src/interfaces/server-init-result.ts +37 -0
package/src/interfaces/status-code-response.ts +7 -0
package/src/interfaces/symmetric-encryption-results.d.ts +5 -0
package/src/interfaces/symmetric-encryption-results.d.ts.map +1 -0
package/src/interfaces/symmetric-encryption-results.js.map +1 -0
package/src/interfaces/symmetric-encryption-results.ts +4 -0
package/{dist/interfaces/token-response.d.ts → src/interfaces/token-response.ts} +2 -2
package/src/middlewares/authenticate-crypto.ts +243 -0
package/src/middlewares/authenticate-token.ts +152 -0
package/src/middlewares/cleanup-crypto.ts +40 -0
package/{dist/middlewares/index.d.ts → src/middlewares/index.ts} +0 -1
package/src/middlewares/set-global-context-language.ts +24 -0
package/src/middlewares.ts +120 -0
package/src/model-registry.ts +75 -0
package/src/models/email-token.ts +19 -0
package/{dist/models/index.d.ts → src/models/index.ts} +0 -1
package/src/models/mnemonic.ts +19 -0
package/src/models/role.ts +19 -0
package/src/models/used-direct-login-token.ts +23 -0
package/src/models/user-role.ts +17 -0
package/src/models/user.ts +19 -0
package/src/registry/email-service-registry.ts +24 -0
package/{dist/registry/index.d.ts → src/registry/index.ts} +0 -1
package/src/routers/api.ts +151 -0
package/src/routers/app.ts +258 -0
package/src/routers/base.ts +17 -0
package/{dist/routers/index.d.ts → src/routers/index.ts} +0 -1
package/src/schemas/email-token.ts +91 -0
package/{dist/schemas/index.d.ts → src/schemas/index.ts} +1 -2
package/src/schemas/mnemonic.ts +37 -0
package/src/schemas/role.ts +127 -0
package/src/schemas/schema.ts +140 -0
package/src/schemas/used-direct-login-token.ts +38 -0
package/src/schemas/user-role.ts +75 -0
package/src/schemas/user.ts +202 -0
package/src/services/backup-code.ts +316 -0
package/src/services/base.ts +33 -0
package/src/services/checksum.ts +161 -0
package/src/services/crc.ts +213 -0
package/src/services/database-initialization.ts +1479 -0
package/src/services/db-init-cache.d.ts +16 -0
package/src/services/direct-login-token.ts +62 -0
package/src/services/fec-usage-example.ts +102 -0
package/src/services/fec.ts +296 -0
package/{dist/services/index.d.ts → src/services/index.ts} +0 -1
package/src/services/jwt.ts +134 -0
package/src/services/key-wrapping.ts +434 -0
package/src/services/mnemonic.ts +167 -0
package/src/services/request-user.ts +62 -0
package/src/services/role.ts +396 -0
package/src/services/symmetric.ts +139 -0
package/src/services/system-user.ts +82 -0
package/src/services/user.ts +2137 -0
package/src/services/xor.ts +34 -0
package/src/types.d.ts +44 -0
package/src/types.ts +128 -0
package/src/utils.ts +1022 -0
package/dist/application-base.d.ts +0 -112
package/dist/application-base.d.ts.map +0 -1
package/dist/application-base.js +0 -301
package/dist/application-base.js.map +0 -1
package/dist/application.d.ts +0 -23
package/dist/application.d.ts.map +0 -1
package/dist/application.js +0 -126
package/dist/application.js.map +0 -1
package/dist/backup-code.d.ts +0 -67
package/dist/backup-code.d.ts.map +0 -1
package/dist/backup-code.js +0 -270
package/dist/backup-code.js.map +0 -1
package/dist/constants.d.ts +0 -16
package/dist/constants.d.ts.map +0 -1
package/dist/constants.js +0 -54
package/dist/constants.js.map +0 -1
package/dist/controllers/base.d.ts +0 -63
package/dist/controllers/base.d.ts.map +0 -1
package/dist/controllers/base.js +0 -269
package/dist/controllers/base.js.map +0 -1
package/dist/controllers/index.d.ts.map +0 -1
package/dist/controllers/index.js +0 -19
package/dist/controllers/index.js.map +0 -1
package/dist/controllers/user.d.ts +0 -45
package/dist/controllers/user.d.ts.map +0 -1
package/dist/controllers/user.js +0 -750
package/dist/controllers/user.js.map +0 -1
package/dist/decorators/base-controller.d.ts +0 -14
package/dist/decorators/base-controller.d.ts.map +0 -1
package/dist/decorators/base-controller.js +0 -49
package/dist/decorators/base-controller.js.map +0 -1
package/dist/decorators/controller.d.ts +0 -32
package/dist/decorators/controller.d.ts.map +0 -1
package/dist/decorators/controller.js +0 -67
package/dist/decorators/controller.js.map +0 -1
package/dist/decorators/index.d.ts.map +0 -1
package/dist/decorators/index.js +0 -20
package/dist/decorators/index.js.map +0 -1
package/dist/decorators/zod-validation.d.ts +0 -5
package/dist/decorators/zod-validation.d.ts.map +0 -1
package/dist/decorators/zod-validation.js +0 -47
package/dist/decorators/zod-validation.js.map +0 -1
package/dist/defaults.d.ts +0 -7
package/dist/defaults.d.ts.map +0 -1
package/dist/defaults.js +0 -83
package/dist/defaults.js.map +0 -1
package/dist/documents/base.d.ts +0 -3
package/dist/documents/base.d.ts.map +0 -1
package/dist/documents/base.js +0 -3
package/dist/documents/base.js.map +0 -1
package/dist/documents/email-token.d.ts +0 -8
package/dist/documents/email-token.d.ts.map +0 -1
package/dist/documents/email-token.js +0 -3
package/dist/documents/email-token.js.map +0 -1
package/dist/documents/index.d.ts.map +0 -1
package/dist/documents/index.js +0 -3
package/dist/documents/index.js.map +0 -1
package/dist/documents/mnemonic.d.ts.map +0 -1
package/dist/documents/mnemonic.js +0 -3
package/dist/documents/mnemonic.js.map +0 -1
package/dist/documents/role.d.ts.map +0 -1
package/dist/documents/role.js +0 -3
package/dist/documents/role.js.map +0 -1
package/dist/documents/used-direct-login-token.d.ts +0 -5
package/dist/documents/used-direct-login-token.d.ts.map +0 -1
package/dist/documents/used-direct-login-token.js +0 -3
package/dist/documents/used-direct-login-token.js.map +0 -1
package/dist/documents/user-role.d.ts.map +0 -1
package/dist/documents/user-role.js +0 -3
package/dist/documents/user-role.js.map +0 -1
package/dist/documents/user.d.ts.map +0 -1
package/dist/documents/user.js +0 -3
package/dist/documents/user.js.map +0 -1
package/dist/enumerations/base-model-name.d.ts +0 -38
package/dist/enumerations/base-model-name.d.ts.map +0 -1
package/dist/enumerations/base-model-name.js +0 -34
package/dist/enumerations/base-model-name.js.map +0 -1
package/dist/enumerations/index.d.ts.map +0 -1
package/dist/enumerations/index.js +0 -21
package/dist/enumerations/index.js.map +0 -1
package/dist/enumerations/length-encoding-type.d.ts +0 -7
package/dist/enumerations/length-encoding-type.d.ts.map +0 -1
package/dist/enumerations/length-encoding-type.js +0 -11
package/dist/enumerations/length-encoding-type.js.map +0 -1
package/dist/enumerations/schema-collection.d.ts +0 -34
package/dist/enumerations/schema-collection.d.ts.map +0 -1
package/dist/enumerations/schema-collection.js +0 -38
package/dist/enumerations/schema-collection.js.map +0 -1
package/dist/enumerations/symmetric-error-type.d.ts +0 -5
package/dist/enumerations/symmetric-error-type.d.ts.map +0 -1
package/dist/enumerations/symmetric-error-type.js +0 -9
package/dist/enumerations/symmetric-error-type.js.map +0 -1
package/dist/environment.d.ts +0 -189
package/dist/environment.d.ts.map +0 -1
package/dist/environment.js +0 -618
package/dist/environment.js.map +0 -1
package/dist/errors/express-validation.d.ts +0 -9
package/dist/errors/express-validation.d.ts.map +0 -1
package/dist/errors/express-validation.js +0 -17
package/dist/errors/express-validation.js.map +0 -1
package/dist/errors/index.d.ts.map +0 -1
package/dist/errors/index.js +0 -29
package/dist/errors/index.js.map +0 -1
package/dist/errors/invalid-backup-code-version.d.ts +0 -6
package/dist/errors/invalid-backup-code-version.d.ts.map +0 -1
package/dist/errors/invalid-backup-code-version.js +0 -14
package/dist/errors/invalid-backup-code-version.js.map +0 -1
package/dist/errors/invalid-jwt-token.d.ts +0 -5
package/dist/errors/invalid-jwt-token.d.ts.map +0 -1
package/dist/errors/invalid-jwt-token.js +0 -11
package/dist/errors/invalid-jwt-token.js.map +0 -1
package/dist/errors/invalid-model.d.ts +0 -6
package/dist/errors/invalid-model.d.ts.map +0 -1
package/dist/errors/invalid-model.js +0 -13
package/dist/errors/invalid-model.js.map +0 -1
package/dist/errors/invalid-new-password.d.ts +0 -5
package/dist/errors/invalid-new-password.d.ts.map +0 -1
package/dist/errors/invalid-new-password.js +0 -14
package/dist/errors/invalid-new-password.js.map +0 -1
package/dist/errors/invalid-password.d.ts +0 -5
package/dist/errors/invalid-password.d.ts.map +0 -1
package/dist/errors/invalid-password.js +0 -14
package/dist/errors/invalid-password.js.map +0 -1
package/dist/errors/missing-validated-data.d.ts +0 -7
package/dist/errors/missing-validated-data.d.ts.map +0 -1
package/dist/errors/missing-validated-data.js +0 -34
package/dist/errors/missing-validated-data.js.map +0 -1
package/dist/errors/mnemonic-or-password-required.d.ts +0 -5
package/dist/errors/mnemonic-or-password-required.d.ts.map +0 -1
package/dist/errors/mnemonic-or-password-required.js +0 -13
package/dist/errors/mnemonic-or-password-required.js.map +0 -1
package/dist/errors/model-not-registered.d.ts +0 -5
package/dist/errors/model-not-registered.d.ts.map +0 -1
package/dist/errors/model-not-registered.js +0 -12
package/dist/errors/model-not-registered.js.map +0 -1
package/dist/errors/mongoose-validation.d.ts +0 -11
package/dist/errors/mongoose-validation.d.ts.map +0 -1
package/dist/errors/mongoose-validation.js +0 -16
package/dist/errors/mongoose-validation.js.map +0 -1
package/dist/errors/symmetric.d.ts +0 -8
package/dist/errors/symmetric.d.ts.map +0 -1
package/dist/errors/symmetric.js +0 -23
package/dist/errors/symmetric.js.map +0 -1
package/dist/errors/token-expired.d.ts +0 -5
package/dist/errors/token-expired.d.ts.map +0 -1
package/dist/errors/token-expired.js +0 -11
package/dist/errors/token-expired.js.map +0 -1
package/dist/get-language.d.ts +0 -2
package/dist/get-language.d.ts.map +0 -1
package/dist/get-language.js +0 -30
package/dist/get-language.js.map +0 -1
package/dist/get-timezone.d.ts +0 -3
package/dist/get-timezone.d.ts.map +0 -1
package/dist/get-timezone.js +0 -31
package/dist/get-timezone.js.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -40
package/dist/index.js.map +0 -1
package/dist/interfaces/api-error-response.d.ts.map +0 -1
package/dist/interfaces/api-error-response.js +0 -3
package/dist/interfaces/api-error-response.js.map +0 -1
package/dist/interfaces/api-express-validation-error-response.d.ts +0 -7
package/dist/interfaces/api-express-validation-error-response.d.ts.map +0 -1
package/dist/interfaces/api-express-validation-error-response.js +0 -3
package/dist/interfaces/api-express-validation-error-response.js.map +0 -1
package/dist/interfaces/api-message-response.d.ts +0 -4
package/dist/interfaces/api-message-response.d.ts.map +0 -1
package/dist/interfaces/api-message-response.js +0 -3
package/dist/interfaces/api-message-response.js.map +0 -1
package/dist/interfaces/api-mongo-validation-error-response.d.ts.map +0 -1
package/dist/interfaces/api-mongo-validation-error-response.js +0 -3
package/dist/interfaces/api-mongo-validation-error-response.js.map +0 -1
package/dist/interfaces/api-responses/backup-codes-response.d.ts.map +0 -1
package/dist/interfaces/api-responses/backup-codes-response.js +0 -3
package/dist/interfaces/api-responses/backup-codes-response.js.map +0 -1
package/dist/interfaces/api-responses/challenge-response.d.ts.map +0 -1
package/dist/interfaces/api-responses/challenge-response.js +0 -3
package/dist/interfaces/api-responses/challenge-response.js.map +0 -1
package/dist/interfaces/api-responses/code-count-response.d.ts.map +0 -1
package/dist/interfaces/api-responses/code-count-response.js +0 -3
package/dist/interfaces/api-responses/code-count-response.js.map +0 -1
package/dist/interfaces/api-responses/index.d.ts.map +0 -1
package/dist/interfaces/api-responses/index.js +0 -24
package/dist/interfaces/api-responses/index.js.map +0 -1
package/dist/interfaces/api-responses/login-response.d.ts.map +0 -1
package/dist/interfaces/api-responses/login-response.js +0 -3
package/dist/interfaces/api-responses/login-response.js.map +0 -1
package/dist/interfaces/api-responses/mnemonic-response.d.ts.map +0 -1
package/dist/interfaces/api-responses/mnemonic-response.js +0 -3
package/dist/interfaces/api-responses/mnemonic-response.js.map +0 -1
package/dist/interfaces/api-responses/registration-response.d.ts.map +0 -1
package/dist/interfaces/api-responses/registration-response.js +0 -3
package/dist/interfaces/api-responses/registration-response.js.map +0 -1
package/dist/interfaces/api-responses/request-user-response.d.ts.map +0 -1
package/dist/interfaces/api-responses/request-user-response.js +0 -3
package/dist/interfaces/api-responses/request-user-response.js.map +0 -1
package/dist/interfaces/application.d.ts.map +0 -1
package/dist/interfaces/application.js +0 -3
package/dist/interfaces/application.js.map +0 -1
package/dist/interfaces/backend-objects/email-token.d.ts +0 -4
package/dist/interfaces/backend-objects/email-token.d.ts.map +0 -1
package/dist/interfaces/backend-objects/email-token.js +0 -3
package/dist/interfaces/backend-objects/email-token.js.map +0 -1
package/dist/interfaces/backend-objects/index.d.ts.map +0 -1
package/dist/interfaces/backend-objects/index.js +0 -21
package/dist/interfaces/backend-objects/index.js.map +0 -1
package/dist/interfaces/backend-objects/request-user.d.ts.map +0 -1
package/dist/interfaces/backend-objects/request-user.js +0 -3
package/dist/interfaces/backend-objects/request-user.js.map +0 -1
package/dist/interfaces/backend-objects/role.d.ts.map +0 -1
package/dist/interfaces/backend-objects/role.js +0 -3
package/dist/interfaces/backend-objects/role.js.map +0 -1
package/dist/interfaces/backend-objects/user.d.ts +0 -4
package/dist/interfaces/backend-objects/user.d.ts.map +0 -1
package/dist/interfaces/backend-objects/user.js +0 -3
package/dist/interfaces/backend-objects/user.js.map +0 -1
package/dist/interfaces/checksum-config.d.ts +0 -5
package/dist/interfaces/checksum-config.d.ts.map +0 -1
package/dist/interfaces/checksum-config.js +0 -3
package/dist/interfaces/checksum-config.js.map +0 -1
package/dist/interfaces/checksum-consts.d.ts +0 -11
package/dist/interfaces/checksum-consts.d.ts.map +0 -1
package/dist/interfaces/checksum-consts.js +0 -3
package/dist/interfaces/checksum-consts.js.map +0 -1
package/dist/interfaces/constants.d.ts.map +0 -1
package/dist/interfaces/constants.js +0 -3
package/dist/interfaces/constants.js.map +0 -1
package/dist/interfaces/create-user-basics.d.ts +0 -18
package/dist/interfaces/create-user-basics.d.ts.map +0 -1
package/dist/interfaces/create-user-basics.js +0 -3
package/dist/interfaces/create-user-basics.js.map +0 -1
package/dist/interfaces/csp-config.d.ts +0 -14
package/dist/interfaces/csp-config.d.ts.map +0 -1
package/dist/interfaces/csp-config.js +0 -3
package/dist/interfaces/csp-config.js.map +0 -1
package/dist/interfaces/deep-partial.d.ts +0 -4
package/dist/interfaces/deep-partial.d.ts.map +0 -1
package/dist/interfaces/deep-partial.js +0 -3
package/dist/interfaces/deep-partial.js.map +0 -1
package/dist/interfaces/discriminator-collections.d.ts.map +0 -1
package/dist/interfaces/discriminator-collections.js +0 -3
package/dist/interfaces/discriminator-collections.js.map +0 -1
package/dist/interfaces/email-service.d.ts +0 -4
package/dist/interfaces/email-service.d.ts.map +0 -1
package/dist/interfaces/email-service.js +0 -3
package/dist/interfaces/email-service.js.map +0 -1
package/dist/interfaces/environment-mongo.d.ts +0 -76
package/dist/interfaces/environment-mongo.d.ts.map +0 -1
package/dist/interfaces/environment-mongo.js +0 -3
package/dist/interfaces/environment-mongo.js.map +0 -1
package/dist/interfaces/environment.d.ts +0 -181
package/dist/interfaces/environment.d.ts.map +0 -1
package/dist/interfaces/environment.js +0 -3
package/dist/interfaces/environment.js.map +0 -1
package/dist/interfaces/failable-result.d.ts +0 -7
package/dist/interfaces/failable-result.d.ts.map +0 -1
package/dist/interfaces/failable-result.js +0 -3
package/dist/interfaces/failable-result.js.map +0 -1
package/dist/interfaces/fec-consts.d.ts +0 -5
package/dist/interfaces/fec-consts.d.ts.map +0 -1
package/dist/interfaces/fec-consts.js +0 -3
package/dist/interfaces/fec-consts.js.map +0 -1
package/dist/interfaces/handleable-error-options.d.ts +0 -7
package/dist/interfaces/handleable-error-options.d.ts.map +0 -1
package/dist/interfaces/handleable-error-options.js +0 -3
package/dist/interfaces/handleable-error-options.js.map +0 -1
package/dist/interfaces/index.d.ts.map +0 -1
package/dist/interfaces/index.js +0 -46
package/dist/interfaces/index.js.map +0 -1
package/dist/interfaces/jwt-consts.d.ts +0 -11
package/dist/interfaces/jwt-consts.d.ts.map +0 -1
package/dist/interfaces/jwt-consts.js +0 -3
package/dist/interfaces/jwt-consts.js.map +0 -1
package/dist/interfaces/jwt-sign-response.d.ts +0 -11
package/dist/interfaces/jwt-sign-response.d.ts.map +0 -1
package/dist/interfaces/jwt-sign-response.js +0 -3
package/dist/interfaces/jwt-sign-response.js.map +0 -1
package/dist/interfaces/mongo-errors.d.ts +0 -5
package/dist/interfaces/mongo-errors.d.ts.map +0 -1
package/dist/interfaces/mongo-errors.js +0 -3
package/dist/interfaces/mongo-errors.js.map +0 -1
package/dist/interfaces/request-user.d.ts +0 -42
package/dist/interfaces/request-user.d.ts.map +0 -1
package/dist/interfaces/request-user.js +0 -3
package/dist/interfaces/request-user.js.map +0 -1
package/dist/interfaces/required-string-keys.d.ts +0 -22
package/dist/interfaces/required-string-keys.d.ts.map +0 -1
package/dist/interfaces/required-string-keys.js +0 -3
package/dist/interfaces/required-string-keys.js.map +0 -1
package/dist/interfaces/schema.d.ts +0 -29
package/dist/interfaces/schema.d.ts.map +0 -1
package/dist/interfaces/schema.js +0 -3
package/dist/interfaces/schema.js.map +0 -1
package/dist/interfaces/server-init-result.d.ts +0 -35
package/dist/interfaces/server-init-result.d.ts.map +0 -1
package/dist/interfaces/server-init-result.js +0 -3
package/dist/interfaces/server-init-result.js.map +0 -1
package/dist/interfaces/status-code-response.d.ts +0 -7
package/dist/interfaces/status-code-response.d.ts.map +0 -1
package/dist/interfaces/status-code-response.js +0 -3
package/dist/interfaces/status-code-response.js.map +0 -1
package/dist/interfaces/symmetric-encryption-results.d.ts +0 -5
package/dist/interfaces/symmetric-encryption-results.d.ts.map +0 -1
package/dist/interfaces/symmetric-encryption-results.js.map +0 -1
package/dist/interfaces/token-response.d.ts.map +0 -1
package/dist/interfaces/token-response.js +0 -3
package/dist/interfaces/token-response.js.map +0 -1
package/dist/middlewares/authenticate-crypto.d.ts +0 -13
package/dist/middlewares/authenticate-crypto.d.ts.map +0 -1
package/dist/middlewares/authenticate-crypto.js +0 -146
package/dist/middlewares/authenticate-crypto.js.map +0 -1
package/dist/middlewares/authenticate-token.d.ts +0 -24
package/dist/middlewares/authenticate-token.d.ts.map +0 -1
package/dist/middlewares/authenticate-token.js +0 -102
package/dist/middlewares/authenticate-token.js.map +0 -1
package/dist/middlewares/cleanup-crypto.d.ts +0 -7
package/dist/middlewares/cleanup-crypto.d.ts.map +0 -1
package/dist/middlewares/cleanup-crypto.js +0 -32
package/dist/middlewares/cleanup-crypto.js.map +0 -1
package/dist/middlewares/index.d.ts.map +0 -1
package/dist/middlewares/index.js +0 -21
package/dist/middlewares/index.js.map +0 -1
package/dist/middlewares/set-global-context-language.d.ts +0 -3
package/dist/middlewares/set-global-context-language.d.ts.map +0 -1
package/dist/middlewares/set-global-context-language.js +0 -14
package/dist/middlewares/set-global-context-language.js.map +0 -1
package/dist/middlewares.d.ts +0 -18
package/dist/middlewares.d.ts.map +0 -1
package/dist/middlewares.js +0 -76
package/dist/middlewares.js.map +0 -1
package/dist/model-registry.d.ts +0 -23
package/dist/model-registry.d.ts.map +0 -1
package/dist/model-registry.js +0 -47
package/dist/model-registry.js.map +0 -1
package/dist/models/email-token.d.ts +0 -11
package/dist/models/email-token.d.ts.map +0 -1
package/dist/models/email-token.js +0 -11
package/dist/models/email-token.js.map +0 -1
package/dist/models/index.d.ts.map +0 -1
package/dist/models/index.js +0 -23
package/dist/models/index.js.map +0 -1
package/dist/models/mnemonic.d.ts +0 -11
package/dist/models/mnemonic.d.ts.map +0 -1
package/dist/models/mnemonic.js +0 -11
package/dist/models/mnemonic.js.map +0 -1
package/dist/models/role.d.ts +0 -11
package/dist/models/role.d.ts.map +0 -1
package/dist/models/role.js +0 -11
package/dist/models/role.js.map +0 -1
package/dist/models/used-direct-login-token.d.ts +0 -11
package/dist/models/used-direct-login-token.d.ts.map +0 -1
package/dist/models/used-direct-login-token.js +0 -11
package/dist/models/used-direct-login-token.js.map +0 -1
package/dist/models/user-role.d.ts +0 -6
package/dist/models/user-role.d.ts.map +0 -1
package/dist/models/user-role.js +0 -10
package/dist/models/user-role.js.map +0 -1
package/dist/models/user.d.ts +0 -7
package/dist/models/user.d.ts.map +0 -1
package/dist/models/user.js +0 -11
package/dist/models/user.js.map +0 -1
package/dist/registry/email-service-registry.d.ts +0 -9
package/dist/registry/email-service-registry.d.ts.map +0 -1
package/dist/registry/email-service-registry.js +0 -17
package/dist/registry/email-service-registry.js.map +0 -1
package/dist/registry/index.d.ts.map +0 -1
package/dist/registry/index.js +0 -6
package/dist/registry/index.js.map +0 -1
package/dist/routers/api.d.ts +0 -27
package/dist/routers/api.d.ts.map +0 -1
package/dist/routers/api.js +0 -44
package/dist/routers/api.js.map +0 -1
package/dist/routers/app.d.ts +0 -28
package/dist/routers/app.d.ts.map +0 -1
package/dist/routers/app.js +0 -182
package/dist/routers/app.js.map +0 -1
package/dist/routers/base.d.ts +0 -12
package/dist/routers/base.d.ts.map +0 -1
package/dist/routers/base.js +0 -12
package/dist/routers/base.js.map +0 -1
package/dist/routers/index.d.ts.map +0 -1
package/dist/routers/index.js +0 -20
package/dist/routers/index.js.map +0 -1
package/dist/schemas/email-token.d.ts +0 -38
package/dist/schemas/email-token.d.ts.map +0 -1
package/dist/schemas/email-token.js +0 -56
package/dist/schemas/email-token.js.map +0 -1
package/dist/schemas/index.d.ts.map +0 -1
package/dist/schemas/index.js +0 -24
package/dist/schemas/index.js.map +0 -1
package/dist/schemas/mnemonic.d.ts +0 -20
package/dist/schemas/mnemonic.d.ts.map +0 -1
package/dist/schemas/mnemonic.js +0 -30
package/dist/schemas/mnemonic.js.map +0 -1
package/dist/schemas/role.d.ts +0 -32
package/dist/schemas/role.d.ts.map +0 -1
package/dist/schemas/role.js +0 -86
package/dist/schemas/role.js.map +0 -1
package/dist/schemas/schema.d.ts +0 -40
package/dist/schemas/schema.d.ts.map +0 -1
package/dist/schemas/schema.js +0 -64
package/dist/schemas/schema.js.map +0 -1
package/dist/schemas/used-direct-login-token.d.ts +0 -27
package/dist/schemas/used-direct-login-token.d.ts.map +0 -1
package/dist/schemas/used-direct-login-token.js +0 -23
package/dist/schemas/used-direct-login-token.js.map +0 -1
package/dist/schemas/user-role.d.ts +0 -29
package/dist/schemas/user-role.d.ts.map +0 -1
package/dist/schemas/user-role.js +0 -54
package/dist/schemas/user-role.js.map +0 -1
package/dist/schemas/user.d.ts +0 -21
package/dist/schemas/user.d.ts.map +0 -1
package/dist/schemas/user.js +0 -178
package/dist/schemas/user.js.map +0 -1
package/dist/services/backup-code.d.ts +0 -78
package/dist/services/backup-code.d.ts.map +0 -1
package/dist/services/backup-code.js +0 -180
package/dist/services/backup-code.js.map +0 -1
package/dist/services/base.d.ts +0 -13
package/dist/services/base.d.ts.map +0 -1
package/dist/services/base.js +0 -14
package/dist/services/base.js.map +0 -1
package/dist/services/checksum.d.ts +0 -67
package/dist/services/checksum.d.ts.map +0 -1
package/dist/services/checksum.js +0 -175
package/dist/services/checksum.js.map +0 -1
package/dist/services/crc.d.ts +0 -87
package/dist/services/crc.d.ts.map +0 -1
package/dist/services/crc.js +0 -198
package/dist/services/crc.js.map +0 -1
package/dist/services/database-initialization.d.ts +0 -105
package/dist/services/database-initialization.d.ts.map +0 -1
package/dist/services/database-initialization.js +0 -779
package/dist/services/database-initialization.js.map +0 -1
package/dist/services/direct-login-token.d.ts +0 -9
package/dist/services/direct-login-token.d.ts.map +0 -1
package/dist/services/direct-login-token.js +0 -41
package/dist/services/direct-login-token.js.map +0 -1
package/dist/services/fec-usage-example.d.ts +0 -38
package/dist/services/fec-usage-example.d.ts.map +0 -1
package/dist/services/fec-usage-example.js +0 -77
package/dist/services/fec-usage-example.js.map +0 -1
package/dist/services/fec.d.ts +0 -46
package/dist/services/fec.d.ts.map +0 -1
package/dist/services/fec.js +0 -192
package/dist/services/fec.js.map +0 -1
package/dist/services/index.d.ts.map +0 -1
package/dist/services/index.js +0 -35
package/dist/services/index.js.map +0 -1
package/dist/services/jwt.d.ts +0 -33
package/dist/services/jwt.d.ts.map +0 -1
package/dist/services/jwt.js +0 -90
package/dist/services/jwt.js.map +0 -1
package/dist/services/key-wrapping.d.ts +0 -60
package/dist/services/key-wrapping.d.ts.map +0 -1
package/dist/services/key-wrapping.js +0 -311
package/dist/services/key-wrapping.js.map +0 -1
package/dist/services/mnemonic.d.ts +0 -61
package/dist/services/mnemonic.d.ts.map +0 -1
package/dist/services/mnemonic.js +0 -112
package/dist/services/mnemonic.js.map +0 -1
package/dist/services/request-user.d.ts +0 -20
package/dist/services/request-user.d.ts.map +0 -1
package/dist/services/request-user.js +0 -50
package/dist/services/request-user.js.map +0 -1
package/dist/services/role.d.ts +0 -88
package/dist/services/role.d.ts.map +0 -1
package/dist/services/role.js +0 -263
package/dist/services/role.js.map +0 -1
package/dist/services/symmetric.d.ts +0 -42
package/dist/services/symmetric.d.ts.map +0 -1
package/dist/services/symmetric.js +0 -101
package/dist/services/symmetric.js.map +0 -1
package/dist/services/system-user.d.ts +0 -17
package/dist/services/system-user.d.ts.map +0 -1
package/dist/services/system-user.js +0 -46
package/dist/services/system-user.js.map +0 -1
package/dist/services/user.d.ts +0 -320
package/dist/services/user.d.ts.map +0 -1
package/dist/services/user.js +0 -1374
package/dist/services/user.js.map +0 -1
package/dist/services/xor.d.ts +0 -24
package/dist/services/xor.d.ts.map +0 -1
package/dist/services/xor.js +0 -37
package/dist/services/xor.js.map +0 -1
package/dist/types.d.ts +0 -70
package/dist/types.d.ts.map +0 -1
package/dist/types.js +0 -14
package/dist/types.js.map +0 -1
package/dist/utils.d.ts +0 -202
package/dist/utils.d.ts.map +0 -1
package/dist/utils.js +0 -786
package/dist/utils.js.map +0 -1
/package/{dist → src}/interfaces/symmetric-encryption-results.js +0 -0

package/src/controllers/user.ts ADDED Viewed

@@ -0,0 +1,1451 @@
+/// <reference path="../types.d.ts" />
+import {
+  ECIES,
+  EmailString,
+  SecureString,
+  UINT64_SIZE,
+} from '@digitaldefiance/ecies-lib';
+import {
+  CoreLanguageCode,
+  HandleableError,
+  isValidTimezone,
+  LanguageCodes,
+} from '@digitaldefiance/i18n-lib';
+import {
+  Member as BackendMember,
+  ECIESService,
+} from '@digitaldefiance/node-ecies-lib';
+import {
+  AccountStatus,
+  Constants as AppConstants,
+  EmailTokenType,
+  GenericValidationError,
+  getSuiteCoreTranslation,
+  ITokenRole,
+  ITokenUser,
+  IUserBase,
+  SuiteCoreStringKey,
+  UsernameOrEmailRequiredError,
+} from '@digitaldefiance/suite-core-lib';
+import type { NextFunction, Request, Response } from 'express';
+import { body } from 'express-validator';
+import { Types } from 'mongoose';
+import { z } from 'zod';
+import { BackupCode } from '../backup-code';
+import { DecoratorBaseController } from '../decorators/base-controller';
+import { Controller, Get, Post } from '../decorators/controller';
+import { IBaseDocument } from '../documents';
+import { IUserDocument } from '../documents/user';
+import { BaseModelName } from '../enumerations/base-model-name';
+import { Environment } from '../environment';
+import { MnemonicOrPasswordRequiredError } from '../errors/mnemonic-or-password-required';
+import {
+  IApiChallengeResponse,
+  IApiCodeCountResponse,
+  IApiLoginResponse,
+  IApiMessageResponse,
+  IApiMnemonicResponse,
+  IApiRegistrationResponse,
+  IApiRequestUserResponse,
+  IConstants,
+} from '../interfaces';
+import { IApiBackupCodesResponse } from '../interfaces/api-responses/backup-codes-response';
+import type { IApplication } from '../interfaces/application';
+import { IStatusCodeResponse } from '../interfaces/status-code-response';
+import { findAuthToken } from '../middlewares/authenticate-token';
+import { BackupCodeService } from '../services/backup-code';
+import { JwtService } from '../services/jwt';
+import { RequestUserService } from '../services/request-user';
+import { RoleService } from '../services/role';
+import { SystemUserService } from '../services/system-user';
+import { UserService } from '../services/user';
+import { ApiErrorResponse } from '../types';
+import { requireValidatedFieldsAsync, withTransaction } from '../utils';
+const isString = (v: unknown): v is string => typeof v === 'string';
+const RegisterSchema = z.object({
+  username: z.string(),
+  email: z.string(),
+  timezone: z.string(),
+  password: z.string().min(8).optional(),
+});
+const EmailLoginChallengeSchema = z.object({
+  token: z.string(),
+  signature: z.string(),
+  email: z.string().optional(),
+  username: z.string().optional(),
+});
+const DirectLoginChallengeSchema = z.object({
+  challenge: z.string(),
+  signature: z.string(),
+  email: z.string().optional(),
+  username: z.string().optional(),
+});
+@Controller()
+export class UserController<
+  I extends Types.ObjectId | string = Types.ObjectId,
+  D extends Date = Date,
+  S extends string = string,
+  A extends string = string,
+  TUser extends IUserBase<I, D, S, A> = IUserBase<I, D, S, A>,
+  TTokenRole extends ITokenRole<I, D> = ITokenRole<I, D>,
+  TTokenUser extends ITokenUser = ITokenUser,
+  TApplication extends IApplication<
+    any,
+    Types.ObjectId,
+    IBaseDocument<any, Types.ObjectId>,
+    Environment,
+    IConstants
+  > = IApplication<
+    any,
+    Types.ObjectId,
+    IBaseDocument<any, Types.ObjectId>,
+    Environment,
+    IConstants
+  >,
+  TLanguage extends CoreLanguageCode = CoreLanguageCode,
+> extends DecoratorBaseController<TLanguage> {
+  protected readonly userService: UserService<
+    any,
+    I,
+    D,
+    S,
+    A,
+    any,
+    any,
+    any,
+    TUser,
+    TTokenRole,
+    TApplication
+  >;
+  protected readonly jwtService: JwtService<
+    I,
+    D,
+    TTokenRole,
+    TTokenUser,
+    TApplication
+  >;
+  protected readonly backupCodeService: BackupCodeService<
+    I,
+    D,
+    TTokenRole,
+    TApplication
+  >;
+  protected readonly roleService: RoleService<I, D, TTokenRole>;
+  protected readonly eciesService: ECIESService;
+  protected readonly systemUser: BackendMember;
+  constructor(
+    application: IApplication<
+      any,
+      Types.ObjectId,
+      IBaseDocument<any, Types.ObjectId>,
+      Environment,
+      IConstants
+    >,
+    jwtService: JwtService<I, D, TTokenRole, TTokenUser, TApplication>,
+    userService: UserService<
+      any,
+      I,
+      D,
+      S,
+      A,
+      any,
+      any,
+      any,
+      TUser,
+      TTokenRole,
+      TApplication
+    >,
+    backupCodeService: BackupCodeService<I, D, TTokenRole, TApplication>,
+    roleService: RoleService<I, D, TTokenRole>,
+    eciesService: ECIESService,
+  ) {
+    super(application);
+    this.jwtService = jwtService;
+    this.userService = userService;
+    this.backupCodeService = backupCodeService;
+    this.roleService = roleService;
+    this.eciesService = eciesService;
+    this.systemUser = SystemUserService.getSystemUser(application.environment);
+  }
+  @Get('/verify', { auth: true })
+  async tokenVerifiedResponse(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiRequestUserResponse | ApiErrorResponse>> {
+    if (!req.user) {
+      throw new HandleableError(
+        new Error(
+          getSuiteCoreTranslation(SuiteCoreStringKey.Common_NoUserOnRequest),
+        ),
+        {
+          statusCode: 401,
+        },
+      );
+    }
+    return {
+      statusCode: 200,
+      response: {
+        message: getSuiteCoreTranslation(
+          SuiteCoreStringKey.Validation_TokenValid,
+        ),
+        user: req.user,
+      },
+    };
+  }
+  @Get('/refresh-token', { auth: true })
+  async refreshToken(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiLoginResponse | ApiErrorResponse>> {
+    const token = findAuthToken(req.headers);
+    if (!token) {
+      throw new GenericValidationError(
+        getSuiteCoreTranslation(SuiteCoreStringKey.Validation_TokenMissing),
+      );
+    }
+    const tokenUser = await this.jwtService.verifyToken(token);
+    if (!tokenUser) {
+      throw new GenericValidationError(
+        getSuiteCoreTranslation(SuiteCoreStringKey.Validation_TokenInvalid),
+      );
+    }
+    const UserModel = this.application.getModel<IUserDocument>(
+      BaseModelName.User,
+    );
+    const userDoc = await UserModel.findById(tokenUser.userId, {
+      password: 0,
+    });
+    if (!userDoc || userDoc.accountStatus !== AccountStatus.Active) {
+      throw new GenericValidationError(
+        getSuiteCoreTranslation(SuiteCoreStringKey.Validation_UserNotFound),
+      );
+    }
+    const { token: newToken, roles } = await this.jwtService.signToken(
+      userDoc,
+      this.application.environment.jwtSecret,
+      (req.user?.siteLanguage as string) ?? LanguageCodes.EN_US,
+    );
+    return {
+      statusCode: 200,
+      response: {
+        message: getSuiteCoreTranslation(SuiteCoreStringKey.TokenRefreshed),
+        user: RequestUserService.makeRequestUserDTO(userDoc, roles),
+        token: newToken,
+        serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+      },
+      headers: {
+        Authorization: `Bearer ${newToken}`,
+      },
+    };
+  }
+  @Post('/register', {
+    schema: RegisterSchema,
+    validation: (validationLanguage: TLanguage) => [
+      body('username')
+        .matches(AppConstants.UsernameRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('email')
+        .isEmail()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidEmail,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('timezone')
+        .isString()
+        .custom((value) => isValidTimezone(value))
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_TimezoneInvalid,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('password')
+        .optional()
+        .matches(AppConstants.PasswordRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate,
+          ),
+        ),
+    ],
+  })
+  async register(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiRegistrationResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        return await requireValidatedFieldsAsync(
+          req,
+          RegisterSchema,
+          async ({ username, email, timezone, password }) => {
+            if (
+              !isString(username) ||
+              !isString(email) ||
+              !isString(timezone)
+            ) {
+              throw new GenericValidationError(
+                getSuiteCoreTranslation(
+                  SuiteCoreStringKey.Validation_MissingValidatedData,
+                ),
+              );
+            }
+            const { user, mnemonic, backupCodes } =
+              await this.userService.newUser(
+                this.systemUser,
+                {
+                  username: username.trim(),
+                  email: email.trim(),
+                  timezone: timezone,
+                },
+                undefined,
+                undefined,
+                sess,
+                this.application.environment.debug,
+                password as string | undefined,
+              );
+            await this.userService.createAndSendEmailToken(
+              user,
+              EmailTokenType.AccountVerification,
+              sess,
+              this.application.environment.debug,
+            );
+            return {
+              statusCode: 201,
+              response: {
+                message: getSuiteCoreTranslation(
+                  SuiteCoreStringKey.Registration_Success,
+                  { MNEMONIC: mnemonic },
+                ),
+                mnemonic,
+                backupCodes,
+              },
+            };
+          },
+        );
+      },
+      {
+        timeoutMs: this.application.environment.mongo.transactionTimeout * 30,
+      },
+    );
+  }
+  @Post('/account-verification', {
+    validation: (validationLanguage: TLanguage) => [
+      body('token')
+        .not()
+        .isEmpty()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_TokenRequired,
+            undefined,
+            validationLanguage,
+          ),
+        )
+        .matches(new RegExp(`^[a-f0-9]{${AppConstants.EmailTokenLength * 2}}$`))
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidToken,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+    ],
+  })
+  async completeAccountVerification(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    const { token } = this.validatedBody;
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        await this.userService.verifyAccountTokenAndComplete(
+          token as string,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.EmailVerification_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Post('/language', {
+    auth: true,
+    validation: (validationLanguage: TLanguage) => [
+      body('language')
+        .isString()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidLanguage,
+            undefined,
+            validationLanguage,
+          ),
+        )
+        .isIn(Object.values(LanguageCodes))
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidLanguage,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+    ],
+  })
+  async setLanguage(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiRequestUserResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { language } = this.validatedBody;
+        if (!req.user) {
+          throw new HandleableError(
+            new Error(
+              getSuiteCoreTranslation(
+                SuiteCoreStringKey.Common_NoUserOnRequest,
+              ),
+            ),
+            { statusCode: 401 },
+          );
+        }
+        const user = await this.userService.updateSiteLanguage(
+          req.user.id,
+          language as string,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.LanguageUpdate_Success,
+            ),
+            user,
+          },
+        };
+      },
+    );
+  }
+  @Get('/backup-codes', { auth: true })
+  async getBackupCodeCount(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiCodeCountResponse | ApiErrorResponse>> {
+    if (!req.user) {
+      throw new HandleableError(
+        new Error(
+          getSuiteCoreTranslation(SuiteCoreStringKey.Common_NoUserOnRequest),
+        ),
+        { statusCode: 401 },
+      );
+    }
+    const UserModel = this.application.getModel<IUserDocument>(
+      BaseModelName.User,
+    );
+    const user = await UserModel.findById(req.user.id);
+    return {
+      statusCode: 200,
+      response: {
+        message: 'Backup codes retrieved',
+        codeCount: user?.backupCodes?.length || 0,
+      } as IApiCodeCountResponse,
+    };
+  }
+  @Post('/backup-codes', {
+    auth: true,
+    cryptoAuth: true,
+    validation: (validationLanguage: TLanguage) => [
+      body().custom((value, { req }) => {
+        if (!req.body?.password && !req.body?.mnemonic) {
+          throw new MnemonicOrPasswordRequiredError();
+        }
+        return true;
+      }),
+      body('password')
+        .optional()
+        .notEmpty()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_CurrentPasswordRequired,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('mnemonic')
+        .optional()
+        .notEmpty()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_MnemonicRequired,
+            undefined,
+            validationLanguage,
+          ),
+        )
+        .matches(AppConstants.MnemonicRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_MnemonicRegex,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+    ],
+  })
+  async resetBackupCodes(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiBackupCodesResponse | ApiErrorResponse>> {
+    if (!req.user || !req.eciesUser || !req.eciesUser.hasPrivateKey) {
+      throw new HandleableError(
+        new Error(
+          getSuiteCoreTranslation(SuiteCoreStringKey.Common_NoUserOnRequest),
+        ),
+        { statusCode: 401 },
+      );
+    }
+    const newBackupCodes = await this.userService.resetUserBackupCodes(
+      req.eciesUser,
+      this.systemUser,
+    );
+    const codes = newBackupCodes.map((c) => c.notNullValue);
+    newBackupCodes.forEach((c) => c.dispose());
+    return {
+      statusCode: 200,
+      response: {
+        message: getSuiteCoreTranslation(
+          SuiteCoreStringKey.BackupCodeRecovery_YourNewCodes,
+        ),
+        backupCodes: codes,
+      },
+    };
+  }
+  @Post('/recover-mnemonic', {
+    auth: true,
+    cryptoAuth: true,
+    validation: (validationLanguage: TLanguage) => [
+      body('password')
+        .isString()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_CurrentPasswordRequired,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+    ],
+  })
+  async recoverMnemonic(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMnemonicResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        if (!req.user) {
+          throw new HandleableError(
+            new Error(
+              getSuiteCoreTranslation(
+                SuiteCoreStringKey.Validation_InvalidCredentials,
+              ),
+            ),
+            { statusCode: 401 },
+          );
+        } else if (!req.eciesUser) {
+          throw new HandleableError(
+            new Error(
+              getSuiteCoreTranslation(
+                SuiteCoreStringKey.Validation_MnemonicOrPasswordRequired,
+              ),
+            ),
+            { statusCode: 401 },
+          );
+        }
+        const { password } = this.validatedBody;
+        if (!isString(password)) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        const userDoc = await this.userService.findUserById(
+          new Types.ObjectId(req.user.id),
+          true,
+          sess,
+        );
+        const mnemonic = await this.userService.recoverMnemonic(
+          req.eciesUser,
+          userDoc.mnemonicRecovery,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.MnemonicRecovery_Success,
+            ),
+            mnemonic: mnemonic.notNullValue,
+          },
+        };
+      },
+    );
+  }
+  @Post('/change-password', {
+    auth: true,
+    validation: (validationLanguage: TLanguage) => [
+      body('currentPassword')
+        .notEmpty()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_Required,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('newPassword')
+        .matches(AppConstants.PasswordRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate,
+          ),
+        )
+        .notEmpty()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_Required,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+    ],
+  })
+  async changePassword(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { currentPassword, newPassword } = this.validatedBody;
+        if (!req.user) {
+          throw new HandleableError(
+            new Error(
+              getSuiteCoreTranslation(
+                SuiteCoreStringKey.Common_NoUserOnRequest,
+              ),
+            ),
+            { statusCode: 401 },
+          );
+        }
+        if (!isString(currentPassword) || !isString(newPassword)) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        await this.userService.changePassword(
+          req.user.id,
+          currentPassword,
+          newPassword,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.PasswordChange_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Post('/request-direct-login')
+  async requestDirectLogin(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiChallengeResponse | ApiErrorResponse>> {
+    const challenge = this.userService.generateDirectLoginChallenge();
+    return {
+      statusCode: 200,
+      response: {
+        challenge: challenge,
+        message: getSuiteCoreTranslation(
+          SuiteCoreStringKey.Login_ChallengeGenerated,
+        ),
+        serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+      },
+    };
+  }
+  @Post('/direct-challenge', {
+    schema: DirectLoginChallengeSchema,
+    validation: (validationLanguage: TLanguage) => [
+      body('challenge')
+        .not()
+        .isEmpty()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidChallenge,
+            undefined,
+            validationLanguage,
+          ),
+        )
+        .matches(
+          new RegExp(
+            `^[a-f0-9]{${(UINT64_SIZE + 32 + ECIES.SIGNATURE_SIZE) * 2}}$`,
+          ),
+        )
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidChallenge,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('signature')
+        .not()
+        .isEmpty()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidSignature,
+          ),
+        )
+        .matches(new RegExp(`^[a-f0-9]{${ECIES.SIGNATURE_SIZE * 2}}$`))
+        .withMessage(SuiteCoreStringKey.Validation_InvalidSignature),
+      body().custom((value, { req }) => {
+        if (!req.body.username && !req.body.email) {
+          throw new UsernameOrEmailRequiredError();
+        }
+        return true;
+      }),
+      body('username')
+        .optional()
+        .matches(AppConstants.UsernameRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('email')
+        .optional()
+        .isEmail()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidEmail,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+    ],
+  })
+  async directLoginChallenge(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiLoginResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { username, email, challenge, signature } = this.validatedBody;
+        const { userDoc } = await this.userService.verifyDirectLoginChallenge(
+          String(challenge),
+          String(signature) as any,
+          username ? String(username) : undefined,
+          email ? String(email) : undefined,
+          sess,
+        );
+        const { token: jwtToken, roles } = await this.jwtService.signToken(
+          userDoc,
+          this.application.environment.jwtSecret,
+          (req.user?.siteLanguage as string) ?? LanguageCodes.EN_US,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            user: userDoc as any,
+            token: jwtToken,
+            serverPublicKey:
+              this.application.environment.systemPublicKeyHex ?? '',
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.LoggedIn_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Post('/request-email-login', {
+    validation: (validationLanguage: TLanguage) => [
+      body().custom((value, { req }) => {
+        if (!req.body.username && !req.body.email) {
+          throw new UsernameOrEmailRequiredError();
+        }
+        return true;
+      }),
+      body('username')
+        .optional()
+        .matches(AppConstants.UsernameRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('email')
+        .optional()
+        .isEmail()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidEmail,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+    ],
+  })
+  async requestEmailLogin(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    const { username, email } = this.validatedBody;
+    try {
+      await withTransaction(
+        this.application.db.connection,
+        this.application.environment.mongo.useTransactions,
+        undefined,
+        async (sess) => {
+          const userDoc = await this.userService.findUser(
+            email as string,
+            username as string,
+            sess,
+          );
+          await this.userService.createAndSendEmailToken(
+            userDoc,
+            EmailTokenType.LoginRequest,
+            sess,
+            this.application.environment.debug,
+          );
+        },
+      );
+    } catch (error) {
+      // Suppress user-related errors for security
+    }
+    return {
+      statusCode: 200,
+      response: {
+        message: getSuiteCoreTranslation(SuiteCoreStringKey.Email_TokenSent),
+      },
+    };
+  }
+  @Post('/email-challenge', {
+    schema: EmailLoginChallengeSchema,
+    validation: (validationLanguage: TLanguage) => [
+      body('token')
+        .not()
+        .isEmpty()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_TokenRequired,
+            undefined,
+            validationLanguage,
+          ),
+        )
+        .matches(new RegExp(`^[a-f0-9]{${AppConstants.EmailTokenLength * 2}}$`))
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidToken,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('signature')
+        .not()
+        .isEmpty()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidSignature,
+          ),
+        )
+        .matches(new RegExp(`^[a-f0-9]{${ECIES.SIGNATURE_SIZE * 2}}$`))
+        .withMessage(SuiteCoreStringKey.Validation_InvalidSignature),
+      body().custom((value, { req }) => {
+        if (!req.body.username && !req.body.email) {
+          throw new UsernameOrEmailRequiredError();
+        }
+        return true;
+      }),
+      body('username')
+        .optional()
+        .matches(AppConstants.UsernameRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('email')
+        .optional()
+        .isEmail()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidEmail,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+    ],
+  })
+  async emailLoginChallenge(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiLoginResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { token, signature } = this.validatedBody;
+        const userDoc = await this.userService.validateEmailLoginTokenChallenge(
+          String(token),
+          String(signature) as any,
+          sess,
+        );
+        const { token: jwtToken, roles } = await this.jwtService.signToken(
+          userDoc,
+          this.application.environment.jwtSecret,
+          (req.user?.siteLanguage as string) ?? LanguageCodes.EN_US,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            user: userDoc as any,
+            token: jwtToken,
+            serverPublicKey:
+              this.application.environment.systemPublicKeyHex ?? '',
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.LoggedIn_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Post('/resend-verification', {
+    validation: (validationLanguage: TLanguage) => [
+      body().custom((value, { req }) => {
+        if (!req.body.username && !req.body.email) {
+          throw new UsernameOrEmailRequiredError();
+        }
+        return true;
+      }),
+      body('username')
+        .optional()
+        .isString()
+        .matches(AppConstants.UsernameRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('email').optional().isEmail(),
+    ],
+  })
+  async resendVerification(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { username, email } = this.validatedBody;
+        const UserModel = this.application.getModel<IUserDocument>(
+          BaseModelName.User,
+        );
+        let query: { username?: string; email?: string } = {};
+        if (isString(username)) query.username = username;
+        else if (isString(email)) query.email = email;
+        else {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        const user = await UserModel.findOne(query).session(sess ?? null);
+        if (!user) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(SuiteCoreStringKey.Validation_UserNotFound),
+            { statusCode: 404 },
+          );
+        }
+        await this.userService.resendEmailToken(
+          user._id.toString(),
+          EmailTokenType.AccountVerification,
+          sess,
+          this.application.environment.debug,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.EmailVerification_Resent,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Post('/backup-code', {
+    validation: (validationLanguage: TLanguage) => [
+      body('email').optional().isEmail(),
+      body('username')
+        .optional()
+        .matches(AppConstants.UsernameRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('code')
+        .custom((value) => {
+          const normalized = BackupCode.normalizeCode(value);
+          return (
+            AppConstants.BACKUP_CODES.DisplayRegex.test(value) ||
+            AppConstants.BACKUP_CODES.NormalizedHexRegex.test(normalized)
+          );
+        })
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidBackupCode,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('recoverMnemonic').isBoolean().optional(),
+      body('newPassword')
+        .optional()
+        .matches(AppConstants.PasswordRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+    ],
+  })
+  async useBackupCodeLogin(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiLoginResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { code, newPassword, email, username } = this.validatedBody;
+        if (!code) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        const recoverMnemonic =
+          this.validatedBody?.['recoverMnemonic'] === 'true' ||
+          this.validatedBody?.['recoverMnemonic'] === true;
+        const userDoc = await this.userService.findUser(
+          email as string,
+          username as string,
+          sess,
+        );
+        const {
+          user,
+          userDoc: updatedUserDoc,
+          codeCount,
+        } = await this.backupCodeService.recoverKeyWithBackupCode(
+          userDoc,
+          code as string,
+          newPassword ? new SecureString(newPassword as string) : undefined,
+          sess,
+        );
+        let mnemonic: SecureString | undefined;
+        if (recoverMnemonic) {
+          const memberType = await this.roleService.getMemberType(
+            updatedUserDoc,
+            sess,
+          );
+          const freshUser = new BackendMember(
+            this.eciesService,
+            memberType,
+            updatedUserDoc.username,
+            new EmailString(updatedUserDoc.email),
+            Buffer.from(updatedUserDoc.publicKey, 'hex'),
+            user.privateKey,
+            undefined,
+            updatedUserDoc._id,
+            new Date(updatedUserDoc.createdAt),
+            new Date(updatedUserDoc.updatedAt),
+          );
+          mnemonic = await this.userService.recoverMnemonic(
+            freshUser,
+            updatedUserDoc.mnemonicRecovery,
+          );
+        }
+        const { token, roles } = await this.jwtService.signToken(
+          userDoc,
+          this.application.environment.jwtSecret,
+          LanguageCodes.EN_US,
+        );
+        this.userService.updateLastLogin(updatedUserDoc._id).catch(() => {});
+        return {
+          statusCode: 200,
+          response: {
+            user: RequestUserService.makeRequestUserDTO(userDoc, roles),
+            token: token,
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.BackupCodeRecovery_Success,
+            ),
+            codeCount,
+            ...(recoverMnemonic && mnemonic
+              ? { mnemonic: mnemonic.value }
+              : {}),
+            serverPublicKey:
+              this.application.environment.systemPublicKeyHex ?? '',
+          },
+        };
+      },
+    );
+  }
+  @Post('/forgot-password', {
+    validation: (validationLanguage: TLanguage) => [
+      body('email')
+        .isEmail()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidEmail,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+    ],
+  })
+  async forgotPassword(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { email } = this.validatedBody;
+        const UserModel = this.application.getModel<IUserDocument>(
+          BaseModelName.User,
+        );
+        if (!isString(email)) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        const user = await UserModel.findOne({
+          email: email.toLowerCase(),
+        }).session(sess ?? null);
+        if (!user || !user.passwordWrappedPrivateKey) {
+          return {
+            statusCode: 200,
+            response: {
+              message: getSuiteCoreTranslation(
+                SuiteCoreStringKey.PasswordReset_Success,
+              ),
+            },
+          };
+        }
+        await this.userService.createAndSendEmailToken(
+          user,
+          EmailTokenType.PasswordReset,
+          sess,
+          this.application.environment.debug,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.PasswordReset_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Get('/verify-reset-token')
+  async verifyResetToken(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    const token = req.query['token'] as string;
+    if (!token) {
+      throw new GenericValidationError(
+        getSuiteCoreTranslation(SuiteCoreStringKey.Validation_TokenMissing),
+      );
+    }
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        await this.userService.verifyEmailToken(
+          token,
+          EmailTokenType.PasswordReset,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: 'Token is valid',
+          },
+        };
+      },
+    );
+  }
+  @Post('/reset-password', {
+    validation: (validationLanguage: TLanguage) => [
+      body('token')
+        .not()
+        .isEmpty()
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_TokenRequired,
+            undefined,
+            validationLanguage,
+          ),
+        )
+        .matches(new RegExp(`^[a-f0-9]{${AppConstants.EmailTokenLength * 2}}$`))
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_InvalidToken,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('newPassword')
+        .optional()
+        .isLength({ min: 8 })
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_PasswordMinLengthTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        )
+        .matches(AppConstants.PasswordRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('password')
+        .optional()
+        .isLength({ min: 8 })
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_PasswordMinLengthTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        )
+        .matches(AppConstants.PasswordRegex)
+        .withMessage(
+          getSuiteCoreTranslation(
+            SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate,
+            undefined,
+            validationLanguage,
+          ),
+        ),
+      body('currentPassword').optional().isString(),
+      body('mnemonic').optional().isString(),
+    ],
+  })
+  async resetPassword(
+    req: Request,
+    res: Response,
+    next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { token, newPassword, password, currentPassword, mnemonic } =
+          this.validatedBody;
+        const selectedNewPassword = (newPassword ?? password) as
+          | string
+          | undefined;
+        if (!isString(token) || !isString(selectedNewPassword)) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        const credential =
+          (mnemonic as string | undefined) ??
+          (currentPassword as string | undefined);
+        if (!isString(credential)) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        await this.userService.resetPasswordWithToken(
+          token as string,
+          selectedNewPassword,
+          credential,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.PasswordChange_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+}