npm - @digitaldefiance/node-express-suite - Versions diffs - 1.0.23 → 1.0.24 - Mend

@digitaldefiance/node-express-suite 1.0.23 → 1.0.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (629) hide show

package/README.md +4 -0
package/package.json +8 -7
package/src/application-base.d.ts +112 -0
package/src/application-base.d.ts.map +1 -0
package/src/application-base.js +335 -0
package/src/application-base.js.map +1 -0
package/src/application.d.ts +20 -0
package/src/application.d.ts.map +1 -0
package/src/application.js +124 -0
package/src/application.js.map +1 -0
package/src/backup-code.d.ts +67 -0
package/src/backup-code.d.ts.map +1 -0
package/src/backup-code.js +238 -0
package/src/backup-code.js.map +1 -0
package/src/constants.d.ts +16 -0
package/src/constants.d.ts.map +1 -0
package/src/constants.js +54 -0
package/src/constants.js.map +1 -0
package/src/controllers/base.d.ts +63 -0
package/src/controllers/base.d.ts.map +1 -0
package/src/controllers/base.js +272 -0
package/src/controllers/base.js.map +1 -0
package/src/controllers/{index.ts → index.d.ts} +1 -0
package/src/controllers/index.d.ts.map +1 -0
package/src/controllers/index.js +6 -0
package/src/controllers/index.js.map +1 -0
package/src/controllers/user.d.ts +45 -0
package/src/controllers/user.d.ts.map +1 -0
package/src/controllers/user.js +748 -0
package/src/controllers/user.js.map +1 -0
package/src/decorators/base-controller.d.ts +14 -0
package/src/decorators/base-controller.d.ts.map +1 -0
package/src/decorators/base-controller.js +49 -0
package/src/decorators/base-controller.js.map +1 -0
package/src/decorators/controller.d.ts +32 -0
package/src/decorators/controller.d.ts.map +1 -0
package/src/decorators/controller.js +67 -0
package/src/decorators/controller.js.map +1 -0
package/src/decorators/{index.ts → index.d.ts} +1 -0
package/src/decorators/index.d.ts.map +1 -0
package/src/decorators/index.js +7 -0
package/src/decorators/index.js.map +1 -0
package/src/decorators/zod-validation.d.ts +5 -0
package/src/decorators/zod-validation.d.ts.map +1 -0
package/src/decorators/zod-validation.js +47 -0
package/src/decorators/zod-validation.js.map +1 -0
package/src/defaults.d.ts +7 -0
package/src/defaults.d.ts.map +1 -0
package/src/defaults.js +83 -0
package/src/defaults.js.map +1 -0
package/src/documents/base.d.ts +3 -0
package/src/documents/base.d.ts.map +1 -0
package/src/documents/base.js +3 -0
package/src/documents/base.js.map +1 -0
package/src/documents/email-token.d.ts +8 -0
package/src/documents/email-token.d.ts.map +1 -0
package/src/documents/email-token.js +3 -0
package/src/documents/email-token.js.map +1 -0
package/src/documents/{index.ts → index.d.ts} +1 -0
package/src/documents/index.d.ts.map +1 -0
package/src/documents/index.js +3 -0
package/src/documents/index.js.map +1 -0
package/src/documents/{mnemonic.ts → mnemonic.d.ts} +2 -5
package/src/documents/mnemonic.d.ts.map +1 -0
package/src/documents/mnemonic.js +3 -0
package/src/documents/mnemonic.js.map +1 -0
package/src/documents/{role.ts → role.d.ts} +2 -5
package/src/documents/role.d.ts.map +1 -0
package/src/documents/role.js +3 -0
package/src/documents/role.js.map +1 -0
package/src/documents/used-direct-login-token.d.ts +5 -0
package/src/documents/used-direct-login-token.d.ts.map +1 -0
package/src/documents/used-direct-login-token.js +3 -0
package/src/documents/used-direct-login-token.js.map +1 -0
package/src/documents/{user-role.ts → user-role.d.ts} +2 -5
package/src/documents/user-role.d.ts.map +1 -0
package/src/documents/user-role.js +3 -0
package/src/documents/user-role.js.map +1 -0
package/src/documents/{user.ts → user.d.ts} +2 -4
package/src/documents/user.d.ts.map +1 -0
package/src/documents/user.js +3 -0
package/src/documents/user.js.map +1 -0
package/src/enumerations/base-model-name.d.ts +38 -0
package/src/enumerations/base-model-name.d.ts.map +1 -0
package/src/enumerations/base-model-name.js +34 -0
package/src/enumerations/base-model-name.js.map +1 -0
package/src/enumerations/{index.ts → index.d.ts} +1 -0
package/src/enumerations/index.d.ts.map +1 -0
package/src/enumerations/index.js +8 -0
package/src/enumerations/index.js.map +1 -0
package/src/enumerations/length-encoding-type.d.ts +7 -0
package/src/enumerations/length-encoding-type.d.ts.map +1 -0
package/src/enumerations/length-encoding-type.js +11 -0
package/src/enumerations/length-encoding-type.js.map +1 -0
package/src/enumerations/schema-collection.d.ts +34 -0
package/src/enumerations/schema-collection.d.ts.map +1 -0
package/src/enumerations/schema-collection.js +38 -0
package/src/enumerations/schema-collection.js.map +1 -0
package/src/enumerations/symmetric-error-type.d.ts +5 -0
package/src/enumerations/symmetric-error-type.d.ts.map +1 -0
package/src/enumerations/symmetric-error-type.js +9 -0
package/src/enumerations/symmetric-error-type.js.map +1 -0
package/src/environment.d.ts +189 -0
package/src/environment.d.ts.map +1 -0
package/src/environment.js +620 -0
package/src/environment.js.map +1 -0
package/src/errors/express-validation.d.ts +9 -0
package/src/errors/express-validation.d.ts.map +1 -0
package/src/errors/express-validation.js +18 -0
package/src/errors/express-validation.js.map +1 -0
package/src/errors/{index.ts → index.d.ts} +1 -0
package/src/errors/index.d.ts.map +1 -0
package/src/errors/index.js +16 -0
package/src/errors/index.js.map +1 -0
package/src/errors/invalid-backup-code-version.d.ts +6 -0
package/src/errors/invalid-backup-code-version.d.ts.map +1 -0
package/src/errors/invalid-backup-code-version.js +15 -0
package/src/errors/invalid-backup-code-version.js.map +1 -0
package/src/errors/invalid-jwt-token.d.ts +5 -0
package/src/errors/invalid-jwt-token.d.ts.map +1 -0
package/src/errors/invalid-jwt-token.js +11 -0
package/src/errors/invalid-jwt-token.js.map +1 -0
package/src/errors/invalid-model.d.ts +6 -0
package/src/errors/invalid-model.d.ts.map +1 -0
package/src/errors/invalid-model.js +14 -0
package/src/errors/invalid-model.js.map +1 -0
package/src/errors/invalid-new-password.d.ts +5 -0
package/src/errors/invalid-new-password.d.ts.map +1 -0
package/src/errors/invalid-new-password.js +14 -0
package/src/errors/invalid-new-password.js.map +1 -0
package/src/errors/invalid-password.d.ts +5 -0
package/src/errors/invalid-password.d.ts.map +1 -0
package/src/errors/invalid-password.js +14 -0
package/src/errors/invalid-password.js.map +1 -0
package/src/errors/missing-validated-data.d.ts +7 -0
package/src/errors/missing-validated-data.d.ts.map +1 -0
package/src/errors/missing-validated-data.js +36 -0
package/src/errors/missing-validated-data.js.map +1 -0
package/src/errors/mnemonic-or-password-required.d.ts +5 -0
package/src/errors/mnemonic-or-password-required.d.ts.map +1 -0
package/src/errors/mnemonic-or-password-required.js +13 -0
package/src/errors/mnemonic-or-password-required.js.map +1 -0
package/src/errors/model-not-registered.d.ts +5 -0
package/src/errors/model-not-registered.d.ts.map +1 -0
package/src/errors/model-not-registered.js +12 -0
package/src/errors/model-not-registered.js.map +1 -0
package/src/errors/mongoose-validation.d.ts +11 -0
package/src/errors/mongoose-validation.d.ts.map +1 -0
package/src/errors/mongoose-validation.js +17 -0
package/src/errors/mongoose-validation.js.map +1 -0
package/src/errors/symmetric.d.ts +8 -0
package/src/errors/symmetric.d.ts.map +1 -0
package/src/errors/symmetric.js +23 -0
package/src/errors/symmetric.js.map +1 -0
package/src/errors/token-expired.d.ts +5 -0
package/src/errors/token-expired.d.ts.map +1 -0
package/src/errors/token-expired.js +11 -0
package/src/errors/token-expired.js.map +1 -0
package/src/get-language.d.ts +2 -0
package/src/get-language.d.ts.map +1 -0
package/src/get-language.js +30 -0
package/src/get-language.js.map +1 -0
package/src/get-timezone.d.ts +3 -0
package/src/get-timezone.d.ts.map +1 -0
package/src/get-timezone.js +31 -0
package/src/get-timezone.js.map +1 -0
package/src/{index.ts → index.d.ts} +1 -1
package/src/index.d.ts.map +1 -0
package/src/index.js +28 -0
package/src/index.js.map +1 -0
package/src/interfaces/{api-error-response.ts → api-error-response.d.ts} +2 -2
package/src/interfaces/api-error-response.d.ts.map +1 -0
package/src/interfaces/api-error-response.js +3 -0
package/src/interfaces/api-error-response.js.map +1 -0
package/src/interfaces/api-express-validation-error-response.d.ts +7 -0
package/src/interfaces/api-express-validation-error-response.d.ts.map +1 -0
package/src/interfaces/api-express-validation-error-response.js +3 -0
package/src/interfaces/api-express-validation-error-response.js.map +1 -0
package/src/interfaces/api-message-response.d.ts +4 -0
package/src/interfaces/api-message-response.d.ts.map +1 -0
package/src/interfaces/api-message-response.js +3 -0
package/src/interfaces/api-message-response.js.map +1 -0
package/src/interfaces/{api-mongo-validation-error-response.ts → api-mongo-validation-error-response.d.ts} +2 -2
package/src/interfaces/api-mongo-validation-error-response.d.ts.map +1 -0
package/src/interfaces/api-mongo-validation-error-response.js +3 -0
package/src/interfaces/api-mongo-validation-error-response.js.map +1 -0
package/src/interfaces/api-responses/{backup-codes-response.ts → backup-codes-response.d.ts} +2 -2
package/src/interfaces/api-responses/backup-codes-response.d.ts.map +1 -0
package/src/interfaces/api-responses/backup-codes-response.js +3 -0
package/src/interfaces/api-responses/backup-codes-response.js.map +1 -0
package/src/interfaces/api-responses/{challenge-response.ts → challenge-response.d.ts} +3 -3
package/src/interfaces/api-responses/challenge-response.d.ts.map +1 -0
package/src/interfaces/api-responses/challenge-response.js +3 -0
package/src/interfaces/api-responses/challenge-response.js.map +1 -0
package/src/interfaces/api-responses/{code-count-response.ts → code-count-response.d.ts} +2 -2
package/src/interfaces/api-responses/code-count-response.d.ts.map +1 -0
package/src/interfaces/api-responses/code-count-response.js +3 -0
package/src/interfaces/api-responses/code-count-response.js.map +1 -0
package/src/interfaces/api-responses/{index.ts → index.d.ts} +1 -0
package/src/interfaces/api-responses/index.d.ts.map +1 -0
package/src/interfaces/api-responses/index.js +11 -0
package/src/interfaces/api-responses/index.js.map +1 -0
package/src/interfaces/api-responses/{login-response.ts → login-response.d.ts} +4 -4
package/src/interfaces/api-responses/login-response.d.ts.map +1 -0
package/src/interfaces/api-responses/login-response.js +3 -0
package/src/interfaces/api-responses/login-response.js.map +1 -0
package/src/interfaces/api-responses/{mnemonic-response.ts → mnemonic-response.d.ts} +2 -2
package/src/interfaces/api-responses/mnemonic-response.d.ts.map +1 -0
package/src/interfaces/api-responses/mnemonic-response.js +3 -0
package/src/interfaces/api-responses/mnemonic-response.js.map +1 -0
package/src/interfaces/api-responses/{registration-response.ts → registration-response.d.ts} +3 -3
package/src/interfaces/api-responses/registration-response.d.ts.map +1 -0
package/src/interfaces/api-responses/registration-response.js +3 -0
package/src/interfaces/api-responses/registration-response.js.map +1 -0
package/src/interfaces/api-responses/{request-user-response.ts → request-user-response.d.ts} +2 -2
package/src/interfaces/api-responses/request-user-response.d.ts.map +1 -0
package/src/interfaces/api-responses/request-user-response.js +3 -0
package/src/interfaces/api-responses/request-user-response.js.map +1 -0
package/src/interfaces/{application.ts → application.d.ts} +7 -7
package/src/interfaces/application.d.ts.map +1 -0
package/src/interfaces/application.js +3 -0
package/src/interfaces/application.js.map +1 -0
package/src/interfaces/backend-objects/email-token.d.ts +4 -0
package/src/interfaces/backend-objects/email-token.d.ts.map +1 -0
package/src/interfaces/backend-objects/email-token.js +3 -0
package/src/interfaces/backend-objects/email-token.js.map +1 -0
package/src/interfaces/backend-objects/{index.ts → index.d.ts} +1 -0
package/src/interfaces/backend-objects/index.d.ts.map +1 -0
package/src/interfaces/backend-objects/index.js +8 -0
package/src/interfaces/backend-objects/index.js.map +1 -0
package/src/interfaces/backend-objects/{request-user.ts → request-user.d.ts} +2 -7
package/src/interfaces/backend-objects/request-user.d.ts.map +1 -0
package/src/interfaces/backend-objects/request-user.js +3 -0
package/src/interfaces/backend-objects/request-user.js.map +1 -0
package/src/interfaces/backend-objects/{role.ts → role.d.ts} +1 -1
package/src/interfaces/backend-objects/role.d.ts.map +1 -0
package/src/interfaces/backend-objects/role.js +3 -0
package/src/interfaces/backend-objects/role.js.map +1 -0
package/src/interfaces/backend-objects/user.d.ts +4 -0
package/src/interfaces/backend-objects/user.d.ts.map +1 -0
package/src/interfaces/backend-objects/user.js +3 -0
package/src/interfaces/backend-objects/user.js.map +1 -0
package/src/interfaces/checksum-config.d.ts +5 -0
package/src/interfaces/checksum-config.d.ts.map +1 -0
package/src/interfaces/checksum-config.js +3 -0
package/src/interfaces/checksum-config.js.map +1 -0
package/src/interfaces/checksum-consts.d.ts +11 -0
package/src/interfaces/checksum-consts.d.ts.map +1 -0
package/src/interfaces/checksum-consts.js +3 -0
package/src/interfaces/checksum-consts.js.map +1 -0
package/src/interfaces/{constants.ts → constants.d.ts} +5 -5
package/src/interfaces/constants.d.ts.map +1 -0
package/src/interfaces/constants.js +3 -0
package/src/interfaces/constants.js.map +1 -0
package/src/interfaces/create-user-basics.d.ts +18 -0
package/src/interfaces/create-user-basics.d.ts.map +1 -0
package/src/interfaces/create-user-basics.js +3 -0
package/src/interfaces/create-user-basics.js.map +1 -0
package/src/interfaces/csp-config.d.ts +14 -0
package/src/interfaces/csp-config.d.ts.map +1 -0
package/src/interfaces/csp-config.js +3 -0
package/src/interfaces/csp-config.js.map +1 -0
package/src/interfaces/deep-partial.d.ts +4 -0
package/src/interfaces/deep-partial.d.ts.map +1 -0
package/src/interfaces/deep-partial.js +3 -0
package/src/interfaces/deep-partial.js.map +1 -0
package/src/interfaces/{discriminator-collections.ts → discriminator-collections.d.ts} +3 -3
package/src/interfaces/discriminator-collections.d.ts.map +1 -0
package/src/interfaces/discriminator-collections.js +3 -0
package/src/interfaces/discriminator-collections.js.map +1 -0
package/src/interfaces/email-service.d.ts +4 -0
package/src/interfaces/email-service.d.ts.map +1 -0
package/src/interfaces/email-service.js +3 -0
package/src/interfaces/email-service.js.map +1 -0
package/src/interfaces/environment-mongo.d.ts +76 -0
package/src/interfaces/environment-mongo.d.ts.map +1 -0
package/src/interfaces/environment-mongo.js +3 -0
package/src/interfaces/environment-mongo.js.map +1 -0
package/src/interfaces/environment.d.ts +181 -0
package/src/interfaces/environment.d.ts.map +1 -0
package/src/interfaces/environment.js +3 -0
package/src/interfaces/environment.js.map +1 -0
package/src/interfaces/failable-result.d.ts +7 -0
package/src/interfaces/failable-result.d.ts.map +1 -0
package/src/interfaces/failable-result.js +3 -0
package/src/interfaces/failable-result.js.map +1 -0
package/src/interfaces/fec-consts.d.ts +5 -0
package/src/interfaces/fec-consts.d.ts.map +1 -0
package/src/interfaces/fec-consts.js +3 -0
package/src/interfaces/fec-consts.js.map +1 -0
package/src/interfaces/handleable-error-options.d.ts +7 -0
package/src/interfaces/handleable-error-options.d.ts.map +1 -0
package/src/interfaces/handleable-error-options.js +3 -0
package/src/interfaces/handleable-error-options.js.map +1 -0
package/src/interfaces/{index.ts → index.d.ts} +1 -0
package/src/interfaces/index.d.ts.map +1 -0
package/src/interfaces/index.js +33 -0
package/src/interfaces/index.js.map +1 -0
package/src/interfaces/jwt-consts.d.ts +11 -0
package/src/interfaces/jwt-consts.d.ts.map +1 -0
package/src/interfaces/jwt-consts.js +3 -0
package/src/interfaces/jwt-consts.js.map +1 -0
package/src/interfaces/jwt-sign-response.d.ts +11 -0
package/src/interfaces/jwt-sign-response.d.ts.map +1 -0
package/src/interfaces/jwt-sign-response.js +3 -0
package/src/interfaces/jwt-sign-response.js.map +1 -0
package/src/interfaces/mongo-errors.d.ts +5 -0
package/src/interfaces/mongo-errors.d.ts.map +1 -0
package/src/interfaces/mongo-errors.js +3 -0
package/src/interfaces/mongo-errors.js.map +1 -0
package/src/interfaces/request-user.d.ts +42 -0
package/src/interfaces/request-user.d.ts.map +1 -0
package/src/interfaces/request-user.js +3 -0
package/src/interfaces/request-user.js.map +1 -0
package/src/interfaces/required-string-keys.d.ts +22 -0
package/src/interfaces/required-string-keys.d.ts.map +1 -0
package/src/interfaces/required-string-keys.js +3 -0
package/src/interfaces/required-string-keys.js.map +1 -0
package/src/interfaces/schema.d.ts +29 -0
package/src/interfaces/schema.d.ts.map +1 -0
package/src/interfaces/schema.js +3 -0
package/src/interfaces/schema.js.map +1 -0
package/src/interfaces/server-init-result.d.ts +35 -0
package/src/interfaces/server-init-result.d.ts.map +1 -0
package/src/interfaces/server-init-result.js +3 -0
package/src/interfaces/server-init-result.js.map +1 -0
package/src/interfaces/status-code-response.d.ts +7 -0
package/src/interfaces/status-code-response.d.ts.map +1 -0
package/src/interfaces/status-code-response.js +3 -0
package/src/interfaces/status-code-response.js.map +1 -0
package/src/interfaces/symmetric-encryption-results.d.ts +3 -3
package/src/interfaces/symmetric-encryption-results.d.ts.map +1 -1
package/src/interfaces/symmetric-encryption-results.js.map +1 -1
package/src/interfaces/{token-response.ts → token-response.d.ts} +2 -2
package/src/interfaces/token-response.d.ts.map +1 -0
package/src/interfaces/token-response.js +3 -0
package/src/interfaces/token-response.js.map +1 -0
package/src/middlewares/authenticate-crypto.d.ts +13 -0
package/src/middlewares/authenticate-crypto.d.ts.map +1 -0
package/src/middlewares/authenticate-crypto.js +146 -0
package/src/middlewares/authenticate-crypto.js.map +1 -0
package/src/middlewares/authenticate-token.d.ts +24 -0
package/src/middlewares/authenticate-token.d.ts.map +1 -0
package/src/middlewares/authenticate-token.js +102 -0
package/src/middlewares/authenticate-token.js.map +1 -0
package/src/middlewares/cleanup-crypto.d.ts +7 -0
package/src/middlewares/cleanup-crypto.d.ts.map +1 -0
package/src/middlewares/cleanup-crypto.js +32 -0
package/src/middlewares/cleanup-crypto.js.map +1 -0
package/src/middlewares/{index.ts → index.d.ts} +1 -0
package/src/middlewares/index.d.ts.map +1 -0
package/src/middlewares/index.js +8 -0
package/src/middlewares/index.js.map +1 -0
package/src/middlewares/set-global-context-language.d.ts +3 -0
package/src/middlewares/set-global-context-language.d.ts.map +1 -0
package/src/middlewares/set-global-context-language.js +14 -0
package/src/middlewares/set-global-context-language.js.map +1 -0
package/src/middlewares.d.ts +18 -0
package/src/middlewares.d.ts.map +1 -0
package/src/middlewares.js +74 -0
package/src/middlewares.js.map +1 -0
package/src/model-registry.d.ts +23 -0
package/src/model-registry.d.ts.map +1 -0
package/src/model-registry.js +47 -0
package/src/model-registry.js.map +1 -0
package/src/models/email-token.d.ts +11 -0
package/src/models/email-token.d.ts.map +1 -0
package/src/models/email-token.js +11 -0
package/src/models/email-token.js.map +1 -0
package/src/models/{index.ts → index.d.ts} +1 -0
package/src/models/index.d.ts.map +1 -0
package/src/models/index.js +10 -0
package/src/models/index.js.map +1 -0
package/src/models/mnemonic.d.ts +11 -0
package/src/models/mnemonic.d.ts.map +1 -0
package/src/models/mnemonic.js +11 -0
package/src/models/mnemonic.js.map +1 -0
package/src/models/role.d.ts +11 -0
package/src/models/role.d.ts.map +1 -0
package/src/models/role.js +11 -0
package/src/models/role.js.map +1 -0
package/src/models/used-direct-login-token.d.ts +11 -0
package/src/models/used-direct-login-token.d.ts.map +1 -0
package/src/models/used-direct-login-token.js +11 -0
package/src/models/used-direct-login-token.js.map +1 -0
package/src/models/user-role.d.ts +6 -0
package/src/models/user-role.d.ts.map +1 -0
package/src/models/user-role.js +10 -0
package/src/models/user-role.js.map +1 -0
package/src/models/user.d.ts +7 -0
package/src/models/user.d.ts.map +1 -0
package/src/models/user.js +11 -0
package/src/models/user.js.map +1 -0
package/src/registry/email-service-registry.d.ts +9 -0
package/src/registry/email-service-registry.d.ts.map +1 -0
package/src/registry/email-service-registry.js +18 -0
package/src/registry/email-service-registry.js.map +1 -0
package/src/registry/{index.ts → index.d.ts} +1 -0
package/src/registry/index.d.ts.map +1 -0
package/src/registry/index.js +6 -0
package/src/registry/index.js.map +1 -0
package/src/routers/api.d.ts +27 -0
package/src/routers/api.d.ts.map +1 -0
package/src/routers/api.js +52 -0
package/src/routers/api.js.map +1 -0
package/src/routers/app.d.ts +28 -0
package/src/routers/app.d.ts.map +1 -0
package/src/routers/app.js +186 -0
package/src/routers/app.js.map +1 -0
package/src/routers/base.d.ts +12 -0
package/src/routers/base.d.ts.map +1 -0
package/src/routers/base.js +14 -0
package/src/routers/base.js.map +1 -0
package/src/routers/{index.ts → index.d.ts} +1 -0
package/src/routers/index.d.ts.map +1 -0
package/src/routers/index.js +7 -0
package/src/routers/index.js.map +1 -0
package/src/schemas/email-token.d.ts +38 -0
package/src/schemas/email-token.d.ts.map +1 -0
package/src/schemas/email-token.js +54 -0
package/src/schemas/email-token.js.map +1 -0
package/src/schemas/{index.ts → index.d.ts} +2 -1
package/src/schemas/index.d.ts.map +1 -0
package/src/schemas/index.js +11 -0
package/src/schemas/index.js.map +1 -0
package/src/schemas/mnemonic.d.ts +20 -0
package/src/schemas/mnemonic.d.ts.map +1 -0
package/src/schemas/mnemonic.js +30 -0
package/src/schemas/mnemonic.js.map +1 -0
package/src/schemas/role.d.ts +32 -0
package/src/schemas/role.d.ts.map +1 -0
package/src/schemas/role.js +86 -0
package/src/schemas/role.js.map +1 -0
package/src/schemas/schema.d.ts +40 -0
package/src/schemas/schema.d.ts.map +1 -0
package/src/schemas/schema.js +62 -0
package/src/schemas/schema.js.map +1 -0
package/src/schemas/used-direct-login-token.d.ts +27 -0
package/src/schemas/used-direct-login-token.d.ts.map +1 -0
package/src/schemas/used-direct-login-token.js +23 -0
package/src/schemas/used-direct-login-token.js.map +1 -0
package/src/schemas/user-role.d.ts +29 -0
package/src/schemas/user-role.d.ts.map +1 -0
package/src/schemas/user-role.js +54 -0
package/src/schemas/user-role.js.map +1 -0
package/src/schemas/user.d.ts +21 -0
package/src/schemas/user.d.ts.map +1 -0
package/src/schemas/user.js +176 -0
package/src/schemas/user.js.map +1 -0
package/src/services/backup-code.d.ts +78 -0
package/src/services/backup-code.d.ts.map +1 -0
package/src/services/backup-code.js +184 -0
package/src/services/backup-code.js.map +1 -0
package/src/services/base.d.ts +13 -0
package/src/services/base.d.ts.map +1 -0
package/src/services/base.js +15 -0
package/src/services/base.js.map +1 -0
package/src/services/checksum.d.ts +67 -0
package/src/services/checksum.d.ts.map +1 -0
package/src/services/checksum.js +143 -0
package/src/services/checksum.js.map +1 -0
package/src/services/crc.d.ts +87 -0
package/src/services/crc.d.ts.map +1 -0
package/src/services/crc.js +198 -0
package/src/services/crc.js.map +1 -0
package/src/services/database-initialization.d.ts +105 -0
package/src/services/database-initialization.d.ts.map +1 -0
package/src/services/database-initialization.js +782 -0
package/src/services/database-initialization.js.map +1 -0
package/src/services/direct-login-token.d.ts +9 -0
package/src/services/direct-login-token.d.ts.map +1 -0
package/src/services/direct-login-token.js +41 -0
package/src/services/direct-login-token.js.map +1 -0
package/src/services/fec-usage-example.d.ts +38 -0
package/src/services/fec-usage-example.d.ts.map +1 -0
package/src/services/fec-usage-example.js +75 -0
package/src/services/fec-usage-example.js.map +1 -0
package/src/services/fec.d.ts +46 -0
package/src/services/fec.d.ts.map +1 -0
package/src/services/fec.js +192 -0
package/src/services/fec.js.map +1 -0
package/src/services/{index.ts → index.d.ts} +1 -0
package/src/services/index.d.ts.map +1 -0
package/src/services/index.js +22 -0
package/src/services/index.js.map +1 -0
package/src/services/jwt.d.ts +33 -0
package/src/services/jwt.d.ts.map +1 -0
package/src/services/jwt.js +91 -0
package/src/services/jwt.js.map +1 -0
package/src/services/key-wrapping.d.ts +60 -0
package/src/services/key-wrapping.d.ts.map +1 -0
package/src/services/key-wrapping.js +311 -0
package/src/services/key-wrapping.js.map +1 -0
package/src/services/mnemonic.d.ts +61 -0
package/src/services/mnemonic.d.ts.map +1 -0
package/src/services/mnemonic.js +115 -0
package/src/services/mnemonic.js.map +1 -0
package/src/services/request-user.d.ts +20 -0
package/src/services/request-user.d.ts.map +1 -0
package/src/services/request-user.js +50 -0
package/src/services/request-user.js.map +1 -0
package/src/services/role.d.ts +88 -0
package/src/services/role.d.ts.map +1 -0
package/src/services/role.js +263 -0
package/src/services/role.js.map +1 -0
package/src/services/symmetric.d.ts +42 -0
package/src/services/symmetric.d.ts.map +1 -0
package/src/services/symmetric.js +101 -0
package/src/services/symmetric.js.map +1 -0
package/src/services/system-user.d.ts +17 -0
package/src/services/system-user.d.ts.map +1 -0
package/src/services/system-user.js +46 -0
package/src/services/system-user.js.map +1 -0
package/src/services/user.d.ts +320 -0
package/src/services/user.d.ts.map +1 -0
package/src/services/user.js +1378 -0
package/src/services/user.js.map +1 -0
package/src/services/xor.d.ts +24 -0
package/src/services/xor.d.ts.map +1 -0
package/src/services/xor.js +37 -0
package/src/services/xor.js.map +1 -0
package/src/types.d.ts +66 -40
package/src/types.d.ts.map +1 -0
package/src/types.js +14 -0
package/src/types.js.map +1 -0
package/src/utils.d.ts +202 -0
package/src/utils.d.ts.map +1 -0
package/src/utils.js +784 -0
package/src/utils.js.map +1 -0
package/LICENSE +0 -21
package/src/application-base.ts +0 -492
package/src/application.ts +0 -254
package/src/backup-code.ts +0 -336
package/src/constants.ts +0 -69
package/src/controllers/base.ts +0 -440
package/src/controllers/user.ts +0 -1451
package/src/decorators/base-controller.ts +0 -61
package/src/decorators/controller.ts +0 -109
package/src/decorators/zod-validation.ts +0 -57
package/src/defaults.ts +0 -94
package/src/documents/base.ts +0 -7
package/src/documents/email-token.ts +0 -14
package/src/documents/used-direct-login-token.ts +0 -7
package/src/enumerations/base-model-name.ts +0 -41
package/src/enumerations/length-encoding-type.ts +0 -6
package/src/enumerations/schema-collection.ts +0 -33
package/src/enumerations/symmetric-error-type.ts +0 -4
package/src/environment.ts +0 -770
package/src/errors/express-validation.ts +0 -21
package/src/errors/invalid-backup-code-version.ts +0 -14
package/src/errors/invalid-jwt-token.ts +0 -10
package/src/errors/invalid-model.ts +0 -11
package/src/errors/invalid-new-password.ts +0 -18
package/src/errors/invalid-password.ts +0 -13
package/src/errors/missing-validated-data.ts +0 -36
package/src/errors/mnemonic-or-password-required.ts +0 -12
package/src/errors/model-not-registered.ts +0 -11
package/src/errors/mongoose-validation.ts +0 -34
package/src/errors/symmetric.ts +0 -41
package/src/errors/token-expired.ts +0 -10
package/src/get-language.ts +0 -53
package/src/get-timezone.ts +0 -45
package/src/interfaces/api-express-validation-error-response.ts +0 -8
package/src/interfaces/api-message-response.ts +0 -3
package/src/interfaces/backend-objects/email-token.ts +0 -11
package/src/interfaces/backend-objects/user.ts +0 -9
package/src/interfaces/checksum-config.ts +0 -4
package/src/interfaces/checksum-consts.ts +0 -13
package/src/interfaces/create-user-basics.ts +0 -17
package/src/interfaces/csp-config.ts +0 -35
package/src/interfaces/deep-partial.ts +0 -3
package/src/interfaces/email-service.ts +0 -8
package/src/interfaces/environment-mongo.ts +0 -76
package/src/interfaces/environment.ts +0 -181
package/src/interfaces/failable-result.ts +0 -6
package/src/interfaces/fec-consts.ts +0 -4
package/src/interfaces/handleable-error-options.ts +0 -6
package/src/interfaces/jwt-consts.ts +0 -23
package/src/interfaces/jwt-sign-response.ts +0 -19
package/src/interfaces/mongo-errors.ts +0 -5
package/src/interfaces/request-user.ts +0 -50
package/src/interfaces/required-string-keys.ts +0 -26
package/src/interfaces/schema.ts +0 -31
package/src/interfaces/server-init-result.ts +0 -37
package/src/interfaces/status-code-response.ts +0 -7
package/src/interfaces/symmetric-encryption-results.ts +0 -4
package/src/middlewares/authenticate-crypto.ts +0 -243
package/src/middlewares/authenticate-token.ts +0 -152
package/src/middlewares/cleanup-crypto.ts +0 -40
package/src/middlewares/set-global-context-language.ts +0 -24
package/src/middlewares.ts +0 -120
package/src/model-registry.ts +0 -75
package/src/models/email-token.ts +0 -19
package/src/models/mnemonic.ts +0 -19
package/src/models/role.ts +0 -19
package/src/models/used-direct-login-token.ts +0 -23
package/src/models/user-role.ts +0 -17
package/src/models/user.ts +0 -19
package/src/registry/email-service-registry.ts +0 -24
package/src/routers/api.ts +0 -151
package/src/routers/app.ts +0 -258
package/src/routers/base.ts +0 -17
package/src/schemas/email-token.ts +0 -91
package/src/schemas/mnemonic.ts +0 -37
package/src/schemas/role.ts +0 -127
package/src/schemas/schema.ts +0 -140
package/src/schemas/used-direct-login-token.ts +0 -38
package/src/schemas/user-role.ts +0 -75
package/src/schemas/user.ts +0 -202
package/src/services/backup-code.ts +0 -316
package/src/services/base.ts +0 -33
package/src/services/checksum.ts +0 -161
package/src/services/crc.ts +0 -213
package/src/services/database-initialization.ts +0 -1479
package/src/services/db-init-cache.d.ts +0 -16
package/src/services/direct-login-token.ts +0 -62
package/src/services/fec-usage-example.ts +0 -102
package/src/services/fec.ts +0 -296
package/src/services/jwt.ts +0 -134
package/src/services/key-wrapping.ts +0 -434
package/src/services/mnemonic.ts +0 -167
package/src/services/request-user.ts +0 -62
package/src/services/role.ts +0 -396
package/src/services/symmetric.ts +0 -139
package/src/services/system-user.ts +0 -82
package/src/services/user.ts +0 -2137
package/src/services/xor.ts +0 -34
package/src/types.ts +0 -128
package/src/utils.ts +0 -1022

package/src/services/jwt.js ADDED Viewed

@@ -0,0 +1,91 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtService = void 0;
+const jsonwebtoken_1 = require("jsonwebtoken");
+const util_1 = require("util");
+const constants_1 = require("../constants");
+const invalid_jwt_token_1 = require("../errors/invalid-jwt-token");
+const token_expired_1 = require("../errors/token-expired");
+const base_1 = require("./base");
+const role_1 = require("./role");
+const verifyAsync = (0, util_1.promisify)(jsonwebtoken_1.verify);
+class JwtService extends base_1.BaseService {
+    roleService;
+    /**
+     * Constructor for the JWT service
+     * @param application The application object
+     */
+    constructor(application) {
+        super(application);
+        this.roleService = new role_1.RoleService(application);
+    }
+    /**
+     * Sign a JWT token for a user
+     * @param userDoc The user document to sign the token for
+     * @param jwtSecret The secret to sign the token with
+     * @param overrideLanguage Optional language to use for role translations
+     * @returns The signed token
+     */
+    async signToken(userDoc, jwtSecret, overrideLanguage) {
+        // look for roles the user is a member of (the role contains the user id in the user's roles array)
+        const roles = await this.roleService.getUserRoles(userDoc._id);
+        const tokenRoles = this.roleService.rolesToTokenRoles(roles, overrideLanguage);
+        const tokenRoleDTOs = tokenRoles.map((role) => role_1.RoleService.roleToRoleDTO(role));
+        const roleTranslatedNames = tokenRoles.map((role) => role.translatedName);
+        const roleNames = tokenRoles.map((role) => role.name);
+        const tokenUser = {
+            userId: userDoc._id.toString(),
+            roles: tokenRoleDTOs,
+        };
+        // amazonq-ignore-next-line false positive
+        const token = (0, jsonwebtoken_1.sign)(tokenUser, jwtSecret, {
+            algorithm: constants_1.Constants.JWT.ALGORITHM,
+            allowInsecureKeySizes: false,
+            expiresIn: constants_1.Constants.JWT.EXPIRATION_SEC,
+        });
+        return {
+            token,
+            tokenUser,
+            roleNames,
+            roleTranslatedNames,
+            roles: tokenRoles,
+            roleDTOs: tokenRoleDTOs,
+        };
+    }
+    /**
+     * Verify a JWT token and return the user data
+     * @param token The token to verify
+     * @returns The user data
+     * @throws InvalidTokenError
+     */
+    async verifyToken(token) {
+        try {
+            const decoded = (await verifyAsync(token, this.application.environment.jwtSecret, {
+                algorithms: [constants_1.Constants.JWT.ALGORITHM],
+            }));
+            if (typeof decoded === 'object' &&
+                decoded !== null &&
+                'userId' in decoded &&
+                'roles' in decoded) {
+                return {
+                    userId: decoded['userId'],
+                    roles: decoded['roles'],
+                };
+            }
+            else {
+                return null;
+            }
+        }
+        catch (err) {
+            if (err instanceof jsonwebtoken_1.TokenExpiredError) {
+                throw new token_expired_1.TokenExpiredError();
+            }
+            else if (err instanceof jsonwebtoken_1.JsonWebTokenError) {
+                throw err;
+            }
+            throw new invalid_jwt_token_1.InvalidJwtTokenError();
+        }
+    }
+}
+exports.JwtService = JwtService;
+//# sourceMappingURL=jwt.js.map

package/src/services/jwt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/jwt.ts"],"names":[],"mappings":";;;AAKA,+CAOsB;AAEtB,+BAAiC;AACjC,4CAAyD;AAEzD,mEAAmE;AACnE,2DAA4D;AAG5D,iCAAqC;AACrC,iCAAqC;AAKrC,MAAM,WAAW,GAAG,IAAA,gBAAS,EAK3B,qBAAM,CAAC,CAAC;AAEV,MAAa,UAMX,SAAQ,kBAAW;IACF,WAAW,CAAgC;IAE5D;;;OAGG;IACH,YAAY,WAAyB;QACnC,KAAK,CAAC,WAAW,CAAC,CAAC;QACnB,IAAI,CAAC,WAAW,GAAG,IAAI,kBAAW,CAAmB,WAAW,CAAC,CAAC;IACpE,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,SAAS,CACpB,OAAsB,EACtB,SAAiB,EACjB,gBAAyB;QAEzB,mGAAmG;QACnG,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/D,MAAM,UAAU,GAAsB,IAAI,CAAC,WAAW,CAAC,iBAAiB,CACtE,KAAK,EACL,gBAAgB,CACjB,CAAC;QACF,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAC5C,kBAAW,CAAC,aAAa,CAAO,IAAI,CAAC,CACtC,CAAC;QACF,MAAM,mBAAmB,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC1E,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG;YAChB,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;YAC9B,KAAK,EAAE,aAAa;SACP,CAAC;QAChB,0CAA0C;QAC1C,MAAM,KAAK,GAAG,IAAA,mBAAI,EAAC,SAAS,EAAE,SAAS,EAAE;YACvC,SAAS,EAAE,qBAAY,CAAC,GAAG,CAAC,SAAS;YACrC,qBAAqB,EAAE,KAAK;YAC5B,SAAS,EAAE,qBAAY,CAAC,GAAG,CAAC,cAAc;SAC3C,CAAC,CAAC;QACH,OAAO;YACL,KAAK;YACL,SAAS;YACT,SAAS;YACT,mBAAmB;YACnB,KAAK,EAAE,UAAU;YACjB,QAAQ,EAAE,aAAa;SACxB,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,WAAW,CAAC,KAAa;QACpC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,CAAC,MAAM,WAAW,CAChC,KAAK,EACL,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,SAAS,EACtC;gBACE,UAAU,EAAE,CAAC,qBAAY,CAAC,GAAG,CAAC,SAAS,CAAC;aACzC,CACF,CAAe,CAAC;YAEjB,IACE,OAAO,OAAO,KAAK,QAAQ;gBAC3B,OAAO,KAAK,IAAI;gBAChB,QAAQ,IAAI,OAAO;gBACnB,OAAO,IAAI,OAAO,EAClB,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAW;oBACnC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAoB;iBAC7B,CAAC;YAClB,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,gCAAoB,EAAE,CAAC;gBACxC,MAAM,IAAI,iCAAiB,EAAE,CAAC;YAChC,CAAC;iBAAM,IAAI,GAAG,YAAY,gCAAiB,EAAE,CAAC;gBAC5C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,MAAM,IAAI,wCAAoB,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;CACF;AAnGD,gCAmGC"}

package/src/services/key-wrapping.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+import { SecureBuffer, SecureString } from '@digitaldefiance/ecies-lib';
+export interface WrappedKey {
+    salt: string;
+    iv: string;
+    authTag: string;
+    encryptedMasterKey: string;
+    iterations: number;
+}
+export interface PasswordWrappedSecret {
+    salt: string;
+    iv: string;
+    authTag: string;
+    ciphertext: string;
+    iterations: number;
+}
+export declare class KeyWrappingService {
+    private static inFlightUnwraps;
+    /**
+     * Generates a new master key and wraps it with the user's password
+     */
+    wrapNewMasterKey(password: SecureString): {
+        masterKey: SecureBuffer;
+        wrappedKey: WrappedKey;
+    };
+    /**
+     * Wraps an existing master key with a password-derived key
+     */
+    wrapMasterKey(masterKey: SecureBuffer, password: SecureString): WrappedKey;
+    /**
+     * Unwraps a master key using the user's password
+     */
+    unwrapMasterKey(wrappedKey: WrappedKey, password: SecureString): SecureBuffer;
+    /**
+     * Async version of unwrapMasterKey that uses libuv threadpool via crypto.pbkdf2
+     * to avoid blocking the event loop during password verification.
+     */
+    unwrapMasterKeyAsync(wrappedKey: WrappedKey, password: SecureString | string): Promise<SecureBuffer>;
+    /**
+     * Deduplicated async unwrap that coalesces concurrent identical PBKDF2 operations.
+     * Keyed by salt + iterations + a short hash of the password. Entry is removed after resolve/reject.
+     */
+    unwrapMasterKeyAsyncDedup(wrappedKey: WrappedKey, password: string): Promise<SecureBuffer>;
+    /**
+     * Changes password by re-wrapping the master key
+     */
+    changePassword(wrappedKey: WrappedKey, oldPassword: SecureString, newPassword: SecureString): WrappedKey;
+    /**
+     * Wraps arbitrary secret bytes with a password-derived key (AES-256-GCM)
+     */
+    wrapSecret(secret: SecureBuffer, password: SecureString): PasswordWrappedSecret;
+    /**
+     * Unwraps a password-wrapped secret (sync)
+     */
+    unwrapSecret(wrapped: PasswordWrappedSecret, password: SecureString): SecureBuffer;
+    /**
+     * Unwraps a password-wrapped secret (async PBKDF2)
+     */
+    unwrapSecretAsync(wrapped: PasswordWrappedSecret, password: SecureString | string): Promise<SecureBuffer>;
+}
+//# sourceMappingURL=key-wrapping.d.ts.map

package/src/services/key-wrapping.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"key-wrapping.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/key-wrapping.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAkBxE,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;CACpB;AAGD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,kBAAkB;IAG7B,OAAO,CAAC,MAAM,CAAC,eAAe,CAA2C;IAEzE;;OAEG;IACI,gBAAgB,CAAC,QAAQ,EAAE,YAAY,GAAG;QAC/C,SAAS,EAAE,YAAY,CAAC;QACxB,UAAU,EAAE,UAAU,CAAC;KACxB;IAQD;;OAEG;IACI,aAAa,CAClB,SAAS,EAAE,YAAY,EACvB,QAAQ,EAAE,YAAY,GACrB,UAAU;IAyCb;;OAEG;IACI,eAAe,CACpB,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,YAAY,GACrB,YAAY;IAuCf;;;OAGG;IACU,oBAAoB,CAC/B,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,YAAY,GAAG,MAAM,GAC9B,OAAO,CAAC,YAAY,CAAC;IA6DxB;;;OAGG;IACU,yBAAyB,CACpC,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,YAAY,CAAC;IAmCxB;;OAEG;IACI,cAAc,CACnB,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,YAAY,EACzB,WAAW,EAAE,YAAY,GACxB,UAAU;IAcb;;OAEG;IACI,UAAU,CACf,MAAM,EAAE,YAAY,EACpB,QAAQ,EAAE,YAAY,GACrB,qBAAqB;IAuCxB;;OAEG;IACI,YAAY,CACjB,OAAO,EAAE,qBAAqB,EAC9B,QAAQ,EAAE,YAAY,GACrB,YAAY;IAoCf;;OAEG;IACU,iBAAiB,CAC5B,OAAO,EAAE,qBAAqB,EAC9B,QAAQ,EAAE,YAAY,GAAG,MAAM,GAC9B,OAAO,CAAC,YAAY,CAAC;CA+DzB"}

package/src/services/key-wrapping.js ADDED Viewed

@@ -0,0 +1,311 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyWrappingService = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
+const crypto_1 = require("crypto");
+const constants_1 = require("../constants");
+const errors_1 = require("../errors");
+function createPbkdf2Service() {
+    return node_ecies_lib_1.Pbkdf2Service.fromConstants(node_ecies_lib_1.Constants);
+}
+class KeyWrappingService {
+    // In-flight de-duplication map to share PBKDF2 work across concurrent identical requests
+    // Store a promise of the raw master key bytes, so each caller can get an independent SecureBuffer
+    static inFlightUnwraps = new Map();
+    /**
+     * Generates a new master key and wraps it with the user's password
+     */
+    wrapNewMasterKey(password) {
+        const masterKey = new ecies_lib_1.SecureBuffer((0, crypto_1.randomBytes)(node_ecies_lib_1.Constants.WRAPPED_KEY.MASTER_KEY_SIZE));
+        const wrappedKey = this.wrapMasterKey(masterKey, password);
+        return { masterKey, wrappedKey };
+    }
+    /**
+     * Wraps an existing master key with a password-derived key
+     */
+    wrapMasterKey(masterKey, password) {
+        if (constants_1.Constants.PasswordRegex.test(password.value ?? '') === false) {
+            throw new errors_1.InvalidNewPasswordError();
+        }
+        const salt = (0, crypto_1.randomBytes)(node_ecies_lib_1.Constants.WRAPPED_KEY.SALT_SIZE);
+        const iterations = node_ecies_lib_1.Constants.WRAPPED_KEY.MIN_ITERATIONS;
+        const pbkdf2Service = createPbkdf2Service();
+        // Derive key from password using centralized PBKDF2 service
+        const derivedKey = pbkdf2Service.deriveKeyFromPassword(Buffer.from(password.valueAsUint8Array), salt, iterations, node_ecies_lib_1.Constants.WRAPPED_KEY.SALT_SIZE, 32, // AES-256 key size
+        'sha256');
+        const passwordKeySecure = new ecies_lib_1.SecureBuffer(derivedKey.hash);
+        // Encrypt master key
+        const iv = (0, crypto_1.randomBytes)(node_ecies_lib_1.Constants.WRAPPED_KEY.IV_SIZE);
+        const cipher = (0, crypto_1.createCipheriv)('aes-256-gcm', passwordKeySecure.value, iv);
+        const encrypted = Buffer.concat([
+            cipher.update(masterKey.value),
+            cipher.final(),
+        ]);
+        const authTag = cipher.getAuthTag();
+        passwordKeySecure.dispose();
+        return {
+            salt: salt.toString('hex'),
+            iv: iv.toString('hex'),
+            authTag: authTag.toString('hex'),
+            encryptedMasterKey: encrypted.toString('hex'),
+            iterations,
+        };
+    }
+    /**
+     * Unwraps a master key using the user's password
+     */
+    unwrapMasterKey(wrappedKey, password) {
+        const salt = Buffer.from(wrappedKey.salt, 'hex');
+        const iv = Buffer.from(wrappedKey.iv, 'hex');
+        const authTag = Buffer.from(wrappedKey.authTag, 'hex');
+        const encrypted = Buffer.from(wrappedKey.encryptedMasterKey, 'hex');
+        const pbkdf2Service = createPbkdf2Service();
+        // Derive the same key from password using centralized PBKDF2 service
+        const derivedKey = pbkdf2Service.deriveKeyFromPassword(Buffer.from(password.valueAsUint8Array), salt, wrappedKey.iterations, salt.length, // Use actual salt size
+        32, // AES-256 key size
+        'sha256');
+        const passwordKeySecure = new ecies_lib_1.SecureBuffer(derivedKey.hash);
+        try {
+            const decipher = (0, crypto_1.createDecipheriv)('aes-256-gcm', passwordKeySecure.value, iv);
+            decipher.setAuthTag(authTag);
+            const decrypted = Buffer.concat([
+                decipher.update(encrypted),
+                decipher.final(),
+            ]);
+            return new ecies_lib_1.SecureBuffer(decrypted);
+        }
+        catch {
+            throw new errors_1.InvalidPasswordError();
+        }
+        finally {
+            passwordKeySecure.dispose();
+        }
+    }
+    /**
+     * Async version of unwrapMasterKey that uses libuv threadpool via crypto.pbkdf2
+     * to avoid blocking the event loop during password verification.
+     */
+    async unwrapMasterKeyAsync(wrappedKey, password) {
+        const __perfEnabled = process.env['PERF_LOGS'] === '1';
+        const _t0 = __perfEnabled ? Date.now() : 0;
+        const salt = Buffer.from(wrappedKey.salt, 'hex');
+        const iv = Buffer.from(wrappedKey.iv, 'hex');
+        const authTag = Buffer.from(wrappedKey.authTag, 'hex');
+        const encrypted = Buffer.from(wrappedKey.encryptedMasterKey, 'hex');
+        // Accept either a SecureString (preferred) or a raw password string to avoid
+        // expensive SecureString construction in the hot login path.
+        const pwdBuffer =
+        // amazonq-ignore-next-line false positive
+        typeof password === 'string'
+            ? Buffer.from(password, 'utf8')
+            : Buffer.from(password.valueAsUint8Array);
+        const pbkdf2Service = createPbkdf2Service();
+        // Use centralized PBKDF2 service for async key derivation
+        const derivedKey = await pbkdf2Service.deriveKeyFromPasswordAsync(pwdBuffer, salt, wrappedKey.iterations, salt.length, // Use actual salt size
+        32, // AES-256 key size
+        'sha256');
+        const passwordKeySecure = new ecies_lib_1.SecureBuffer(derivedKey.hash);
+        try {
+            const decipher = (0, crypto_1.createDecipheriv)('aes-256-gcm', passwordKeySecure.value, iv);
+            decipher.setAuthTag(authTag);
+            const decrypted = Buffer.concat([
+                decipher.update(encrypted),
+                decipher.final(),
+            ]);
+            if (__perfEnabled)
+                console.warn('[perf] unwrapMasterKeyAsync pbkdf2', 'iters=' + String(wrappedKey.iterations).replace(/[\r\n]/g, ''), 'dt=' + (Date.now() - _t0) + 'ms');
+            return new ecies_lib_1.SecureBuffer(decrypted);
+        }
+        catch {
+            throw new errors_1.InvalidPasswordError();
+        }
+        finally {
+            // Best-effort zero the temporary password buffer
+            try {
+                pwdBuffer.fill(0);
+            }
+            catch {
+                // ignore
+            }
+            passwordKeySecure.dispose();
+        }
+    }
+    /**
+     * Deduplicated async unwrap that coalesces concurrent identical PBKDF2 operations.
+     * Keyed by salt + iterations + a short hash of the password. Entry is removed after resolve/reject.
+     */
+    async unwrapMasterKeyAsyncDedup(wrappedKey, password) {
+        // Derive a short cache key; avoid storing raw password by hashing
+        const pwdKey = (0, crypto_1.createHash)('sha256')
+            .update(password, 'utf8')
+            .digest('hex')
+            .slice(0, 24);
+        const cacheKey = `${wrappedKey.salt}:${wrappedKey.iterations}:${pwdKey}`;
+        let p = KeyWrappingService.inFlightUnwraps.get(cacheKey);
+        if (!p) {
+            // Compute once, extract raw bytes, dispose the shared SecureBuffer, and cache the bytes
+            p = (async () => {
+                const mk = await this.unwrapMasterKeyAsync(wrappedKey, password);
+                try {
+                    const copy = Buffer.from(mk.value);
+                    const b64 = copy.toString('base64');
+                    // zeroize copy
+                    copy.fill(0);
+                    return b64;
+                }
+                finally {
+                    mk.dispose();
+                }
+            })().finally(() => {
+                // Best-effort cleanup
+                KeyWrappingService.inFlightUnwraps.delete(cacheKey);
+            });
+            KeyWrappingService.inFlightUnwraps.set(cacheKey, p);
+        }
+        const b64 = await p;
+        // Return a fresh SecureBuffer per caller to avoid cross-disposal races
+        const buf = Buffer.from(b64, 'base64');
+        const secure = new ecies_lib_1.SecureBuffer(Buffer.from(buf));
+        buf.fill(0);
+        return secure;
+    }
+    /**
+     * Changes password by re-wrapping the master key
+     */
+    changePassword(wrappedKey, oldPassword, newPassword) {
+        // Unwrap with old password
+        const masterKey = this.unwrapMasterKey(wrappedKey, oldPassword);
+        try {
+            // Re-wrap with new password
+            return this.wrapMasterKey(masterKey, newPassword);
+        }
+        catch (error) {
+            throw error;
+        }
+        finally {
+            masterKey.dispose();
+        }
+    }
+    /**
+     * Wraps arbitrary secret bytes with a password-derived key (AES-256-GCM)
+     */
+    wrapSecret(secret, password) {
+        if (constants_1.Constants.PasswordRegex.test(password.value ?? '') === false) {
+            throw new errors_1.InvalidNewPasswordError();
+        }
+        const salt = (0, crypto_1.randomBytes)(node_ecies_lib_1.Constants.WRAPPED_KEY.SALT_SIZE);
+        const iterations = node_ecies_lib_1.Constants.WRAPPED_KEY.MIN_ITERATIONS;
+        const pbkdf2Service = createPbkdf2Service();
+        // Derive key from password using centralized PBKDF2 service
+        const derivedKey = pbkdf2Service.deriveKeyFromPassword(Buffer.from(password.valueAsUint8Array), salt, iterations, node_ecies_lib_1.Constants.WRAPPED_KEY.SALT_SIZE, 32, // AES-256 key size
+        'sha256');
+        const passwordKeySecure = new ecies_lib_1.SecureBuffer(derivedKey.hash);
+        try {
+            const iv = (0, crypto_1.randomBytes)(node_ecies_lib_1.Constants.WRAPPED_KEY.IV_SIZE);
+            const cipher = (0, crypto_1.createCipheriv)('aes-256-gcm', passwordKeySecure.value, iv);
+            const encrypted = Buffer.concat([
+                cipher.update(secret.value),
+                cipher.final(),
+            ]);
+            const authTag = cipher.getAuthTag();
+            return {
+                salt: salt.toString('hex'),
+                iv: iv.toString('hex'),
+                authTag: authTag.toString('hex'),
+                ciphertext: encrypted.toString('hex'),
+                iterations,
+            };
+        }
+        finally {
+            passwordKeySecure.dispose();
+        }
+    }
+    /**
+     * Unwraps a password-wrapped secret (sync)
+     */
+    unwrapSecret(wrapped, password) {
+        const salt = Buffer.from(wrapped.salt, 'hex');
+        const iv = Buffer.from(wrapped.iv, 'hex');
+        const authTag = Buffer.from(wrapped.authTag, 'hex');
+        const encrypted = Buffer.from(wrapped.ciphertext, 'hex');
+        const pbkdf2Service = createPbkdf2Service();
+        // Derive key from password using centralized PBKDF2 service
+        const derivedKey = pbkdf2Service.deriveKeyFromPassword(Buffer.from(password.valueAsUint8Array), salt, wrapped.iterations, salt.length, // Use actual salt size
+        32, // AES-256 key size
+        'sha256');
+        const passwordKeySecure = new ecies_lib_1.SecureBuffer(derivedKey.hash);
+        try {
+            const decipher = (0, crypto_1.createDecipheriv)('aes-256-gcm', passwordKeySecure.value, iv);
+            decipher.setAuthTag(authTag);
+            const decrypted = Buffer.concat([
+                decipher.update(encrypted),
+                decipher.final(),
+            ]);
+            return new ecies_lib_1.SecureBuffer(decrypted);
+        }
+        catch {
+            throw new errors_1.InvalidPasswordError();
+        }
+        finally {
+            passwordKeySecure.dispose();
+        }
+    }
+    /**
+     * Unwraps a password-wrapped secret (async PBKDF2)
+     */
+    async unwrapSecretAsync(wrapped, password) {
+        const salt = Buffer.from(wrapped.salt, 'hex');
+        const iv = Buffer.from(wrapped.iv, 'hex');
+        const authTag = Buffer.from(wrapped.authTag, 'hex');
+        const encrypted = Buffer.from(wrapped.ciphertext, 'hex');
+        // Validate password parameter before using it
+        // amazonq-ignore-next-line false positive
+        if (typeof password === 'string') {
+            if (password === undefined || password === null) {
+                throw new Error('Password cannot be undefined or null');
+            }
+        }
+        else if (!(password instanceof ecies_lib_1.SecureString)) {
+            throw new Error('Password must be provided as string or SecureString');
+        }
+        const pwdBuffer =
+        // amazonq-ignore-next-line false positive
+        typeof password === 'string'
+            ? Buffer.from(password, 'utf8')
+            : await (async () => password.valueAsUint8Array)();
+        // Additional safety check
+        if (!pwdBuffer) {
+            throw new Error('Failed to create password buffer - password may be invalid');
+        }
+        const pbkdf2Service = createPbkdf2Service();
+        // Use centralized PBKDF2 service for async key derivation
+        const derivedKey = await pbkdf2Service.deriveKeyFromPasswordAsync(Buffer.from(pwdBuffer), salt, wrapped.iterations, salt.length, // Use actual salt size
+        32, // AES-256 key size
+        'sha256');
+        const passwordKeySecure = new ecies_lib_1.SecureBuffer(derivedKey.hash);
+        try {
+            const decipher = (0, crypto_1.createDecipheriv)('aes-256-gcm', passwordKeySecure.value, iv);
+            decipher.setAuthTag(authTag);
+            const decrypted = Buffer.concat([
+                decipher.update(encrypted),
+                decipher.final(),
+            ]);
+            return new ecies_lib_1.SecureBuffer(decrypted);
+        }
+        catch {
+            throw new errors_1.InvalidPasswordError();
+        }
+        finally {
+            try {
+                pwdBuffer.fill(0);
+            }
+            catch {
+                // ignore
+            }
+            passwordKeySecure.dispose();
+        }
+    }
+}
+exports.KeyWrappingService = KeyWrappingService;
+//# sourceMappingURL=key-wrapping.js.map

package/src/services/key-wrapping.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"key-wrapping.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/key-wrapping.ts"],"names":[],"mappings":";;;AAAA,0DAAwE;AACxE,oEAGyC;AACzC,mCAKgB;AAChB,4CAAyD;AACzD,sCAA0E;AAE1E,SAAS,mBAAmB;IAC1B,OAAO,8BAAa,CAAC,aAAa,CAAC,0BAAY,CAAC,CAAC;AACnD,CAAC;AAmBD,MAAa,kBAAkB;IAC7B,yFAAyF;IACzF,kGAAkG;IAC1F,MAAM,CAAC,eAAe,GAAiC,IAAI,GAAG,EAAE,CAAC;IAEzE;;OAEG;IACI,gBAAgB,CAAC,QAAsB;QAI5C,MAAM,SAAS,GAAG,IAAI,wBAAY,CAChC,IAAA,oBAAW,EAAC,0BAAY,CAAC,WAAW,CAAC,eAAe,CAAC,CACtD,CAAC;QACF,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC3D,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;IACnC,CAAC;IAED;;OAEG;IACI,aAAa,CAClB,SAAuB,EACvB,QAAsB;QAEtB,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC;YACpE,MAAM,IAAI,gCAAuB,EAAE,CAAC;QACtC,CAAC;QACD,MAAM,IAAI,GAAG,IAAA,oBAAW,EAAC,0BAAY,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC7D,MAAM,UAAU,GAAG,0BAAY,CAAC,WAAW,CAAC,cAAc,CAAC;QAC3D,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;QAE5C,4DAA4D;QAC5D,MAAM,UAAU,GAAG,aAAa,CAAC,qBAAqB,CACpD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EACvC,IAAI,EACJ,UAAU,EACV,0BAAY,CAAC,WAAW,CAAC,SAAS,EAClC,EAAE,EAAE,mBAAmB;QACvB,QAAQ,CACT,CAAC;QACF,MAAM,iBAAiB,GAAG,IAAI,wBAAY,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAE5D,qBAAqB;QACrB,MAAM,EAAE,GAAG,IAAA,oBAAW,EAAC,0BAAY,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,aAAa,EAAE,iBAAiB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAE1E,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;YAC9B,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC;YAC9B,MAAM,CAAC,KAAK,EAAE;SACf,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,iBAAiB,CAAC,OAAO,EAAE,CAAC;QAE5B,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAC1B,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;YACtB,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;YAChC,kBAAkB,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;YAC7C,UAAU;SACX,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,eAAe,CACpB,UAAsB,EACtB,QAAsB;QAEtB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC;QACpE,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;QAE5C,qEAAqE;QACrE,MAAM,UAAU,GAAG,aAAa,CAAC,qBAAqB,CACpD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EACvC,IAAI,EACJ,UAAU,CAAC,UAAU,EACrB,IAAI,CAAC,MAAM,EAAE,uBAAuB;QACpC,EAAE,EAAE,mBAAmB;QACvB,QAAQ,CACT,CAAC;QACF,MAAM,iBAAiB,GAAG,IAAI,wBAAY,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAE5D,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,aAAa,EACb,iBAAiB,CAAC,KAAK,EACvB,EAAE,CACH,CAAC;YACF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC9B,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;gBAC1B,QAAQ,CAAC,KAAK,EAAE;aACjB,CAAC,CAAC;YAEH,OAAO,IAAI,wBAAY,CAAC,SAAS,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,6BAAoB,EAAE,CAAC;QACnC,CAAC;gBAAS,CAAC;YACT,iBAAiB,CAAC,OAAO,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,oBAAoB,CAC/B,UAAsB,EACtB,QAA+B;QAE/B,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,GAAG,CAAC;QACvD,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACvD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC;QAEpE,6EAA6E;QAC7E,6DAA6D;QAC7D,MAAM,SAAS;QACb,0CAA0C;QAC1C,OAAO,QAAQ,KAAK,QAAQ;YAC1B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC;YAC/B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QAC9C,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;QAE5C,0DAA0D;QAC1D,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,0BAA0B,CAC/D,SAAS,EACT,IAAI,EACJ,UAAU,CAAC,UAAU,EACrB,IAAI,CAAC,MAAM,EAAE,uBAAuB;QACpC,EAAE,EAAE,mBAAmB;QACvB,QAAQ,CACT,CAAC;QACF,MAAM,iBAAiB,GAAG,IAAI,wBAAY,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAE5D,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,aAAa,EACb,iBAAiB,CAAC,KAAK,EACvB,EAAE,CACH,CAAC;YACF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC9B,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;gBAC1B,QAAQ,CAAC,KAAK,EAAE;aACjB,CAAC,CAAC;YACH,IAAI,aAAa;gBACf,OAAO,CAAC,IAAI,CACV,oCAAoC,EACpC,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,EAC/D,KAAK,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,GAAG,IAAI,CAClC,CAAC;YAEJ,OAAO,IAAI,wBAAY,CAAC,SAAS,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,6BAAoB,EAAE,CAAC;QACnC,CAAC;gBAAS,CAAC;YACT,iDAAiD;YACjD,IAAI,CAAC;gBACH,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,iBAAiB,CAAC,OAAO,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,yBAAyB,CACpC,UAAsB,EACtB,QAAgB;QAEhB,kEAAkE;QAClE,MAAM,MAAM,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC;aAChC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC;aACxB,MAAM,CAAC,KAAK,CAAC;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChB,MAAM,QAAQ,GAAG,GAAG,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,UAAU,IAAI,MAAM,EAAE,CAAC;QACzE,IAAI,CAAC,GAAG,kBAAkB,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACzD,IAAI,CAAC,CAAC,EAAE,CAAC;YACP,wFAAwF;YACxF,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;gBACd,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;gBACjE,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;oBACnC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBACpC,eAAe;oBACf,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACb,OAAO,GAAG,CAAC;gBACb,CAAC;wBAAS,CAAC;oBACT,EAAE,CAAC,OAAO,EAAE,CAAC;gBACf,CAAC;YACH,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;gBAChB,sBAAsB;gBACtB,kBAAkB,CAAC,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACtD,CAAC,CAAoB,CAAC;YACtB,kBAAkB,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC;QACpB,uEAAuE;QACvE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,IAAI,wBAAY,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAClD,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACI,cAAc,CACnB,UAAsB,EACtB,WAAyB,EACzB,WAAyB;QAEzB,2BAA2B;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAEhE,IAAI,CAAC;YACH,4BAA4B;YAC5B,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,KAAK,CAAC;QACd,CAAC;gBAAS,CAAC;YACT,SAAS,CAAC,OAAO,EAAE,CAAC;QACtB,CAAC;IACH,CAAC;IAED;;OAEG;IACI,UAAU,CACf,MAAoB,EACpB,QAAsB;QAEtB,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC;YACpE,MAAM,IAAI,gCAAuB,EAAE,CAAC;QACtC,CAAC;QACD,MAAM,IAAI,GAAG,IAAA,oBAAW,EAAC,0BAAY,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC7D,MAAM,UAAU,GAAG,0BAAY,CAAC,WAAW,CAAC,cAAc,CAAC;QAC3D,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;QAE5C,4DAA4D;QAC5D,MAAM,UAAU,GAAG,aAAa,CAAC,qBAAqB,CACpD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EACvC,IAAI,EACJ,UAAU,EACV,0BAAY,CAAC,WAAW,CAAC,SAAS,EAClC,EAAE,EAAE,mBAAmB;QACvB,QAAQ,CACT,CAAC;QACF,MAAM,iBAAiB,GAAG,IAAI,wBAAY,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAE5D,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAA,oBAAW,EAAC,0BAAY,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,aAAa,EAAE,iBAAiB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC1E,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC9B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC3B,MAAM,CAAC,KAAK,EAAE;aACf,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YACpC,OAAO;gBACL,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAC1B,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACtB,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAChC,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACrC,UAAU;aACX,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,iBAAiB,CAAC,OAAO,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;OAEG;IACI,YAAY,CACjB,OAA8B,EAC9B,QAAsB;QAEtB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;QAE5C,4DAA4D;QAC5D,MAAM,UAAU,GAAG,aAAa,CAAC,qBAAqB,CACpD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EACvC,IAAI,EACJ,OAAO,CAAC,UAAU,EAClB,IAAI,CAAC,MAAM,EAAE,uBAAuB;QACpC,EAAE,EAAE,mBAAmB;QACvB,QAAQ,CACT,CAAC;QACF,MAAM,iBAAiB,GAAG,IAAI,wBAAY,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC5D,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,aAAa,EACb,iBAAiB,CAAC,KAAK,EACvB,EAAE,CACH,CAAC;YACF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAC7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC9B,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;gBAC1B,QAAQ,CAAC,KAAK,EAAE;aACjB,CAAC,CAAC;YACH,OAAO,IAAI,wBAAY,CAAC,SAAS,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,6BAAoB,EAAE,CAAC;QACnC,CAAC;gBAAS,CAAC;YACT,iBAAiB,CAAC,OAAO,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,iBAAiB,CAC5B,OAA8B,EAC9B,QAA+B;QAE/B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAEzD,8CAA8C;QAC9C,0CAA0C;QAC1C,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBAChD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;aAAM,IAAI,CAAC,CAAC,QAAQ,YAAY,wBAAY,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QAED,MAAM,SAAS;QACb,0CAA0C;QAC1C,OAAO,QAAQ,KAAK,QAAQ;YAC1B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC;YAC/B,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAEvD,0BAA0B;QAC1B,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,4DAA4D,CAC7D,CAAC;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;QAE5C,0DAA0D;QAC1D,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,0BAA0B,CAC/D,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EACtB,IAAI,EACJ,OAAO,CAAC,UAAU,EAClB,IAAI,CAAC,MAAM,EAAE,uBAAuB;QACpC,EAAE,EAAE,mBAAmB;QACvB,QAAQ,CACT,CAAC;QACF,MAAM,iBAAiB,GAAG,IAAI,wBAAY,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC5D,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,aAAa,EACb,iBAAiB,CAAC,KAAK,EACvB,EAAE,CACH,CAAC;YACF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAC7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC9B,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;gBAC1B,QAAQ,CAAC,KAAK,EAAE;aACjB,CAAC,CAAC;YACH,OAAO,IAAI,wBAAY,CAAC,SAAS,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,6BAAoB,EAAE,CAAC;QACnC,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC;gBACH,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,iBAAiB,CAAC,OAAO,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;;AA7YH,gDA8YC"}

package/src/services/mnemonic.d.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import { SecureBuffer, SecureString } from '@digitaldefiance/ecies-lib';
+import { ClientSession, Model } from 'mongoose';
+import { IMnemonicDocument } from '../documents/mnemonic';
+import { KeyWrappingService } from './key-wrapping';
+/**
+ * Encrypts and stores mnemonics securely, using an HMAC to check for
+ * uniqueness without exposing the mnemonic itself.
+ */
+export declare class MnemonicService {
+    private readonly keyWrappingService;
+    private readonly hmacSecret;
+    private readonly MnemonicModel;
+    constructor(mnemonicModel: Model<IMnemonicDocument>, hmacSecret: SecureBuffer, keyWrappingService: KeyWrappingService);
+    /**
+     * Disposes of the secure secrets held by this service.
+     */
+    dispose(): void;
+    /**
+     * Creates a non-reversible HMAC of the mnemonic for fast, indexed lookups.
+     * @param mnemonic The mnemonic to hash, wrapped in a SecureString.
+     */
+    getMnemonicHmac(mnemonic: SecureString): string;
+    /**
+     * Checks if a mnemonic already exists in the database using its HMAC.
+     * @param mnemonic The mnemonic to check, wrapped in a SecureString.
+     * @param session Optional Mongoose session for transaction support.
+     */
+    mnemonicExists(mnemonic: SecureString, session?: ClientSession): Promise<boolean>;
+    /**
+     * Adds a new, unique mnemonic to the database with password-based key wrapping.
+     * @param mnemonic The mnemonic to add, wrapped in a SecureString.
+     * @param password User's password for key wrapping.
+     * @param session Optional Mongoose session for transaction support.
+     */
+    addMnemonicWithPassword(mnemonic: SecureString, _password: SecureString, session?: ClientSession): Promise<{
+        document: IMnemonicDocument | null;
+    }>;
+    /**
+     * Adds a new, unique mnemonic to the database.
+     * @param mnemonic The mnemonic to add, wrapped in a SecureString.
+     * @param session Optional Mongoose session for transaction support.
+     */
+    addMnemonic(mnemonic: SecureString, session?: ClientSession): Promise<IMnemonicDocument | null>;
+    /**
+     * Retrieves a mnemonic document by ID.
+     * @param mnemonicId The ID of the mnemonic document.
+     * @param session Optional Mongoose session for transaction support.
+     */
+    getMnemonicDocument(mnemonicId: string, session?: ClientSession): Promise<IMnemonicDocument | null>;
+    /**
+     * Decrypts a mnemonic from a document using the service's master encryption key.
+     * @param doc The mnemonic document.
+     */
+    /**
+     * Deletes a mnemonic document by ID.
+     * @param mnemonicId The ID of the mnemonic document.
+     * @param session Optional Mongoose session for transaction support.
+     */
+    deleteMnemonicDocument(mnemonicId: string, session?: ClientSession): Promise<void>;
+}
+//# sourceMappingURL=mnemonic.d.ts.map

package/src/services/mnemonic.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mnemonic.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/mnemonic.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAMxE,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAEhD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEpD;;;GAGG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAqB;IACxD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAe;IAC1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA2B;gBAGvD,aAAa,EAAE,KAAK,CAAC,iBAAiB,CAAC,EACvC,UAAU,EAAE,YAAY,EACxB,kBAAkB,EAAE,kBAAkB;IAQxC;;OAEG;IACI,OAAO,IAAI,IAAI;IAItB;;;OAGG;IACI,eAAe,CAAC,QAAQ,EAAE,YAAY,GAAG,MAAM;IAOtD;;;;OAIG;IACU,cAAc,CACzB,QAAQ,EAAE,YAAY,EACtB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,OAAO,CAAC;IAQnB;;;;;OAKG;IACU,uBAAuB,CAClC,QAAQ,EAAE,YAAY,EACtB,SAAS,EAAE,YAAY,EACvB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC;QACT,QAAQ,EAAE,iBAAiB,GAAG,IAAI,CAAC;KACpC,CAAC;IA2BF;;;;OAIG;IACU,WAAW,CACtB,QAAQ,EAAE,YAAY,EACtB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAsBpC;;;;OAIG;IACU,mBAAmB,CAC9B,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAMpC;;;OAGG;IAEH;;;;OAIG;IACU,sBAAsB,CACjC,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,IAAI,CAAC;CAKjB"}