@digitaldefiance/node-express-suite 1.0.23 → 1.0.25

package/src/services/backup-code.js

@@ -0,0 +1,184 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BackupCodeService = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
+const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
+const crypto_1 = require("crypto");
+const backup_code_1 = require("../backup-code");
+const constants_1 = require("../constants");
+const invalid_backup_code_version_1 = require("../errors/invalid-backup-code-version");
+const base_1 = require("./base");
+const symmetric_1 = require("./symmetric");
+const system_user_1 = require("./system-user");
+/**
+ * Service handling generation, storage, validation, consumption, and recovery using backup codes.
+ *
+ * v1 scheme:
+ * - Code: 32 lowercase alphanumerics (a–z0–9), displayed as 8 groups of 4: xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx
+ * - Checksum/tag: HKDF-SHA256(codeUtf8, salt, "backup-checksum") → 32 bytes (stored as hex)
+ * - KDF for encryption key: Argon2id(codeUtf8, salt) → 32 bytes
+ * - Encryption: SymmetricService AEAD (encryptedData must embed IV + authTag + ciphertext)
+ * - Wrapping: AEAD blob wrapped with system user's asymmetric key (ECIES)
+ */
+class BackupCodeService extends base_1.BaseService {
+    eciesService;
+    systemUser;
+    keyWrappingService;
+    roleService;
+    /**
+     * Construct a BackupCodeService.
+     */
+    constructor(application, eciesService, keyWrappingService, roleService) {
+        super(application);
+        this.eciesService = eciesService;
+        this.keyWrappingService = keyWrappingService;
+        this.roleService = roleService;
+    }
+    /**
+     * Get the lazily-initialized system user for key wrapping/unwrapping.
+     */
+    getSystemUser() {
+        if (!this.systemUser) {
+            this.systemUser = system_user_1.SystemUserService.getSystemUser(this.application.environment);
+        }
+        return this.systemUser;
+    }
+    /**
+     * Forcibly set the system user (for database initialization)
+     * @param user
+     */
+    setSystemUser(user) {
+        this.systemUser = user;
+    }
+    /**
+     * v1: Consume (validate and remove) a backup code via constant-time checksum match.
+     */
+    useBackupCodeV1(encryptedBackupCodes, backupCode) {
+        const normalizedCode = backup_code_1.BackupCode.normalizeCode(backupCode);
+        if (!constants_1.Constants.BACKUP_CODES.NormalizedHexRegex.test(normalizedCode)) {
+            throw new suite_core_lib_1.InvalidBackupCodeError();
+        }
+        const codeBytes = Buffer.from(normalizedCode, 'utf8');
+        try {
+            for (const code of encryptedBackupCodes) {
+                if (code.version !== backup_code_1.BackupCode.BackupCodeVersion)
+                    continue;
+                const checksumSalt = Buffer.from(code.checksumSalt, 'hex');
+                const expected = backup_code_1.BackupCode.hkdfSha256(codeBytes, checksumSalt, Buffer.from('backup-checksum'), 32);
+                if (code.checksum.length === expected.length * 2 &&
+                    (0, crypto_1.timingSafeEqual)(Buffer.from(code.checksum, 'hex'), expected)) {
+                    const checksumHex = expected.toString('hex');
+                    return {
+                        newCodesArray: encryptedBackupCodes.filter((c) => c.checksum !== checksumHex),
+                        code,
+                    };
+                }
+            }
+            throw new suite_core_lib_1.InvalidBackupCodeError();
+        }
+        finally {
+            codeBytes.fill(0);
+        }
+    }
+    /**
+     * Consume a backup code by first detecting the version and then dispatching to the appropriate handler.
+     */
+    useBackupCode(encryptedBackupCodes, backupCode) {
+        const version = backup_code_1.BackupCode.detectBackupCodeVersion(encryptedBackupCodes, backupCode);
+        switch (version) {
+            case backup_code_1.BackupCode.BackupCodeVersion:
+                return this.useBackupCodeV1(encryptedBackupCodes.filter((c) => c.version === backup_code_1.BackupCode.BackupCodeVersion), backupCode);
+            default:
+                throw new invalid_backup_code_version_1.InvalidBackupCodeVersionError(version);
+        }
+    }
+    /**
+     * v1: Recover a user's private key using a backup code.
+     */
+    async recoverKeyWithBackupCodeV1(userDoc, backupCode, newPassword, session) {
+        const normalizedCode = backup_code_1.BackupCode.normalizeCode(backupCode);
+        return await this.withTransaction(async (sess) => {
+            const { code, newCodesArray } = this.useBackupCodeV1(userDoc.backupCodes, normalizedCode);
+            userDoc.backupCodes = newCodesArray;
+            let decryptionKey;
+            try {
+                const adminMember = this.getSystemUser();
+                decryptionKey = await backup_code_1.BackupCode.getBackupKeyV1(code.checksumSalt, normalizedCode);
+                const privateKeyUnwrapped = adminMember.decryptData(Buffer.from(code.encrypted, 'hex'));
+                const decryptedPrivateKey = new ecies_lib_1.SecureBuffer(symmetric_1.SymmetricService.decryptBuffer(privateKeyUnwrapped, decryptionKey));
+                const memberType = await this.roleService.getMemberType(userDoc, session);
+                const user = new node_ecies_lib_1.Member(this.eciesService, memberType, userDoc.username, new ecies_lib_1.EmailString(userDoc.email), Buffer.from(userDoc.publicKey, 'hex'), decryptedPrivateKey, undefined, userDoc._id, new Date(userDoc.createdAt), new Date(userDoc.updatedAt));
+                if (!newPassword) {
+                    await userDoc.save({ session: sess });
+                    return {
+                        userDoc,
+                        user,
+                        codeCount: newCodesArray.length,
+                    };
+                }
+                const wrapped = this.keyWrappingService.wrapSecret(decryptedPrivateKey, newPassword);
+                userDoc.passwordWrappedPrivateKey = wrapped;
+                await userDoc.save({ session: sess });
+                return { userDoc, user, codeCount: newCodesArray.length };
+            }
+            finally {
+                if (decryptionKey)
+                    decryptionKey.fill(0);
+            }
+        }, session, {
+            timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
+        });
+    }
+    /**
+     * Recover a user's private key using a backup code (version-dispatched).
+     */
+    async recoverKeyWithBackupCode(userDoc, backupCode, newPassword, session) {
+        const version = backup_code_1.BackupCode.detectBackupCodeVersion(userDoc.backupCodes, backupCode);
+        switch (version) {
+            case backup_code_1.BackupCode.BackupCodeVersion:
+                return this.recoverKeyWithBackupCodeV1(userDoc, backupCode, newPassword, session);
+            default:
+                throw new invalid_backup_code_version_1.InvalidBackupCodeVersionError(version);
+        }
+    }
+    /**
+     * Rewrap system-wrapped AEAD blobs from old system key to new one without touching inner AEAD.
+     */
+    async rewrapAllUsersBackupCodes(fetchBatch, saveUser, oldSystem, newSystem, options) {
+        const batchSize = options?.batchSize ?? 500;
+        let processed = 0;
+        let afterId;
+        for (;;) {
+            const users = await fetchBatch(afterId, batchSize);
+            if (!users.length)
+                break;
+            for (const user of users) {
+                let modified = false;
+                for (const bc of user.backupCodes ?? []) {
+                    try {
+                        const sealed = oldSystem.decryptData(Buffer.from(bc.encrypted, 'hex'));
+                        const rewrapped = newSystem.encryptData(sealed).toString('hex');
+                        if (rewrapped !== bc.encrypted) {
+                            bc.encrypted = rewrapped;
+                            modified = true;
+                        }
+                    }
+                    catch (e) {
+                        throw new Error(`Failed to rewrap backup code for user ${user._id}: ${e.message}`);
+                    }
+                }
+                if (modified) {
+                    await saveUser(user);
+                    processed++;
+                    options?.onProgress?.(processed);
+                }
+            }
+            afterId =
+                users[users.length - 1]?._id ?? undefined;
+        }
+        return processed;
+    }
+}
+exports.BackupCodeService = BackupCodeService;
+//# sourceMappingURL=backup-code.js.map

package/src/services/backup-code.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"backup-code.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/backup-code.ts"],"names":[],"mappings":";;;AAAA,0DAKoC;AACpC,oEAGyC;AACzC,oEAIyC;AACzC,mCAAyC;AAEzC,gDAA4C;AAC5C,4CAAyD;AAEzD,uFAAsF;AAEtF,iCAAqC;AAGrC,2CAA+C;AAC/C,+CAAkD;AAIlD;;;;;;;;;GASG;AACH,MAAa,iBAKX,SAAQ,kBAAW;IACF,YAAY,CAAe;IACpC,UAAU,CAAiB;IAClB,kBAAkB,CAAqB;IACvC,WAAW,CAAgC;IAE5D;;OAEG;IACH,YACE,WAAyB,EACzB,YAA0B,EAC1B,kBAAsC,EACtC,WAA0C;QAE1C,KAAK,CAAC,WAAW,CAAC,CAAC;QACnB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED;;OAEG;IACK,aAAa;QACnB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,IAAI,CAAC,UAAU,GAAG,+BAAiB,CAAC,aAAa,CAC/C,IAAI,CAAC,WAAW,CAAC,WAAW,CAC7B,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;OAGG;IACI,aAAa,CAAC,IAAmB;QACtC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACzB,CAAC;IAED;;OAEG;IACI,eAAe,CACpB,oBAAwC,EACxC,UAAkB;QAElB,MAAM,cAAc,GAAG,wBAAU,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC5D,IAAI,CAAC,qBAAY,CAAC,YAAY,CAAC,kBAAkB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACvE,MAAM,IAAI,uCAAsB,EAAE,CAAC;QACrC,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC;YACH,KAAK,MAAM,IAAI,IAAI,oBAAoB,EAAE,CAAC;gBACxC,IAAI,IAAI,CAAC,OAAO,KAAK,wBAAU,CAAC,iBAAiB;oBAAE,SAAS;gBAC5D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBAC3D,MAAM,QAAQ,GAAG,wBAAU,CAAC,UAAU,CACpC,SAAS,EACT,YAAY,EACZ,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAC9B,EAAE,CACH,CAAC;gBACF,IACE,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,GAAG,CAAC;oBAC5C,IAAA,wBAAe,EAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,EAC5D,CAAC;oBACD,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;oBAC7C,OAAO;wBACL,aAAa,EAAE,oBAAoB,CAAC,MAAM,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW,CAClC;wBACD,IAAI;qBACL,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,MAAM,IAAI,uCAAsB,EAAE,CAAC;QACrC,CAAC;gBAAS,CAAC;YACT,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAED;;OAEG;IACI,aAAa,CAClB,oBAAwC,EACxC,UAAkB;QAElB,MAAM,OAAO,GAAG,wBAAU,CAAC,uBAAuB,CAChD,oBAAoB,EACpB,UAAU,CACX,CAAC;QACF,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,wBAAU,CAAC,iBAAiB;gBAC/B,OAAO,IAAI,CAAC,eAAe,CACzB,oBAAoB,CAAC,MAAM,CACzB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,wBAAU,CAAC,iBAAiB,CAClD,EACD,UAAU,CACX,CAAC;YACJ;gBACE,MAAM,IAAI,2DAA6B,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,0BAA0B,CACrC,OAAsB,EACtB,UAAkB,EAClB,WAA0B,EAC1B,OAAuB;QAMvB,MAAM,cAAc,GAAG,wBAAU,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC5D,OAAO,MAAM,IAAI,CAAC,eAAe,CAK/B,KAAK,EAAE,IAA+B,EAAE,EAAE;YACxC,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,eAAe,CAClD,OAAO,CAAC,WAAW,EACnB,cAAc,CACf,CAAC;YACF,OAAO,CAAC,WAAW,GAAG,aAAa,CAAC;YAEpC,IAAI,aAAiC,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;gBACzC,aAAa,GAAG,MAAM,wBAAU,CAAC,cAAc,CAC7C,IAAI,CAAC,YAAY,EACjB,cAAc,CACf,CAAC;gBACF,MAAM,mBAAmB,GAAG,WAAW,CAAC,WAAW,CACjD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CACnC,CAAC;gBACF,MAAM,mBAAmB,GAAG,IAAI,wBAAY,CAC1C,4BAAgB,CAAC,aAAa,CAAC,mBAAmB,EAAE,aAAa,CAAC,CACnE,CAAC;gBAEF,MAAM,UAAU,GAAe,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CACjE,OAAO,EACP,OAAO,CACR,CAAC;gBACF,MAAM,IAAI,GAAG,IAAI,uBAAa,CAC5B,IAAI,CAAC,YAAY,EACjB,UAAU,EACV,OAAO,CAAC,QAAQ,EAChB,IAAI,uBAAW,CAAC,OAAO,CAAC,KAAK,CAAC,EAC9B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,EACrC,mBAAmB,EACnB,SAAS,EACT,OAAO,CAAC,GAAG,EACX,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAC3B,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAC5B,CAAC;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;oBACtC,OAAO;wBACL,OAAO;wBACP,IAAI;wBACJ,SAAS,EAAE,aAAa,CAAC,MAAM;qBAChC,CAAC;gBACJ,CAAC;gBAED,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAChD,mBAAmB,EACnB,WAAW,CACZ,CAAC;gBACF,OAAO,CAAC,yBAAyB,GAAG,OAAO,CAAC;gBAC5C,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBACtC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC;YAC5D,CAAC;oBAAS,CAAC;gBACT,IAAI,aAAa;oBAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,EACD,OAAO,EACP;YACE,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,kBAAkB,GAAG,CAAC;SACrE,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,wBAAwB,CACnC,OAAsB,EACtB,UAAkB,EAClB,WAA0B,EAC1B,OAAuB;QAMvB,MAAM,OAAO,GAAG,wBAAU,CAAC,uBAAuB,CAChD,OAAO,CAAC,WAAW,EACnB,UAAU,CACX,CAAC;QACF,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,wBAAU,CAAC,iBAAiB;gBAC/B,OAAO,IAAI,CAAC,0BAA0B,CACpC,OAAO,EACP,UAAU,EACV,WAAW,EACX,OAAO,CACR,CAAC;YACJ;gBACE,MAAM,IAAI,2DAA6B,CAAC,OAAO,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,yBAAyB,CACpC,UAA0E,EAC1E,QAAgD,EAChD,SAAwB,EACxB,SAAwB,EACxB,OAAsE;QAEtE,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,GAAG,CAAC;QAC5C,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,OAA2B,CAAC;QAEhC,SAAS,CAAC;YACR,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACnD,IAAI,CAAC,KAAK,CAAC,MAAM;gBAAE,MAAM;YAEzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,QAAQ,GAAG,KAAK,CAAC;gBACrB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;oBACxC,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAClC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,CACjC,CAAC;wBACF,MAAM,SAAS,GAAG,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;wBAChE,IAAI,SAAS,KAAK,EAAE,CAAC,SAAS,EAAE,CAAC;4BAC/B,EAAE,CAAC,SAAS,GAAG,SAAS,CAAC;4BACzB,QAAQ,GAAG,IAAI,CAAC;wBAClB,CAAC;oBACH,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,CAAC,GAAG,KAC9C,CAAW,CAAC,OACf,EAAE,CACH,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;oBACrB,SAAS,EAAE,CAAC;oBACZ,OAAO,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,CAAC;gBACnC,CAAC;YACH,CAAC;YAED,OAAO;gBACJ,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,GAAyB,IAAI,SAAS,CAAC;QACrE,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAnRD,8CAmRC"}

package/src/services/base.d.ts

@@ -0,0 +1,13 @@
+import { ClientSession, Types } from 'mongoose';
+import { IApplication } from '../interfaces/application';
+import { TransactionCallback } from '../types';
+import { TransactionOptions } from '../utils';
+import { IBaseDocument } from '../documents';
+import { Environment } from '../environment';
+import { IConstants } from '../interfaces';
+export declare class BaseService<TApplication extends IApplication<any, Types.ObjectId, IBaseDocument<any, Types.ObjectId>, Environment, IConstants> = IApplication<any, Types.ObjectId, IBaseDocument<any, Types.ObjectId>, Environment, IConstants>> {
+    protected readonly application: TApplication;
+    constructor(application: TApplication);
+    withTransaction<T>(callback: TransactionCallback<T>, session?: ClientSession, options?: TransactionOptions, ...args: any): Promise<T>;
+}
+//# sourceMappingURL=base.d.ts.map

package/src/services/base.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/base.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAC/C,OAAO,EACL,kBAAkB,EAEnB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C,qBAAa,WAAW,CAAC,YAAY,SAAS,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,QAAQ,CAAC,EAAE,WAAW,EAAE,UAAU,CAAC,GAAG,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,QAAQ,CAAC,EAAE,WAAW,EAAE,UAAU,CAAC;IAC3O,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,YAAY,CAAC;gBAEjC,WAAW,EAAE,YAAY;IAGxB,eAAe,CAAC,CAAC,EAC5B,QAAQ,EAAE,mBAAmB,CAAC,CAAC,CAAC,EAChC,OAAO,CAAC,EAAE,aAAa,EACvB,OAAO,CAAC,EAAE,kBAAkB,EAC5B,GAAG,IAAI,EAAE,GAAG;CAWf"}

package/src/services/base.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseService = void 0;
+const utils_1 = require("../utils");
+class BaseService {
+    application;
+    constructor(application) {
+        this.application = application;
+    }
+    async withTransaction(callback, session, options, ...args) {
+        return await (0, utils_1.withTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, session, callback, options ?? {}, ...args);
+    }
+}
+exports.BaseService = BaseService;
+//# sourceMappingURL=base.js.map

package/src/services/base.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/base.ts"],"names":[],"mappings":";;;AAGA,oCAGkB;AAKlB,MAAa,WAAW;IACH,WAAW,CAAe;IAE7C,YAAY,WAAyB;QACnC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IACM,KAAK,CAAC,eAAe,CAC1B,QAAgC,EAChC,OAAuB,EACvB,OAA4B,EAC5B,GAAG,IAAS;QAEZ,OAAO,MAAM,IAAA,uBAAoB,EAC/B,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,UAAU,EAC9B,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,eAAe,EAClD,OAAO,EACP,QAAQ,EACR,OAAO,IAAI,EAAE,EACb,GAAG,IAAI,CACR,CAAC;IACJ,CAAC;CACF;AArBD,kCAqBC"}

package/src/services/checksum.d.ts

@@ -0,0 +1,67 @@
+import { ChecksumBuffer, ChecksumString } from '@digitaldefiance/node-ecies-lib';
+import { IChecksumConfig } from '../interfaces/checksum-config';
+export declare class ChecksumService {
+    private readonly config;
+    constructor(config?: Partial<IChecksumConfig>);
+    /**
+     * Calculate a checksum for a buffer
+     * @param data - The data to calculate the checksum for
+     * @returns The checksum as a Buffer
+     */
+    calculateChecksum(data: Buffer): ChecksumBuffer;
+    /**
+     * Calculate a checksum for multiple buffers
+     * @param buffers - The buffers to calculate the checksum for
+     * @returns The checksum as a Buffer
+     */
+    calculateChecksumForBuffers(buffers: Buffer[]): ChecksumBuffer;
+    /**
+     * Calculate a checksum for a string
+     * @param str - The string to calculate the checksum for
+     * @returns The checksum as a Buffer
+     */
+    calculateChecksumForString(str: string): ChecksumBuffer;
+    /**
+     * Compare two checksums for equality
+     * @param checksum1 - The first checksum
+     * @param checksum2 - The second checksum
+     * @returns True if the checksums are equal, false otherwise
+     */
+    compareChecksums(checksum1: ChecksumBuffer, checksum2: ChecksumBuffer): boolean;
+    /**
+     * Convert a checksum to a hex string
+     * @param checksum - The checksum to convert
+     * @returns The checksum as a hex string
+     */
+    checksumToHexString(checksum: ChecksumBuffer): ChecksumString;
+    /**
+     * Convert a hex string to a checksum
+     * @param hexString - The hex string to convert
+     * @returns The checksum as a Buffer
+     */
+    hexStringToChecksum(hexString: string): ChecksumBuffer;
+    /**
+     * Validate a checksum buffer
+     * @param checksum - The checksum to validate
+     * @returns True if the checksum is valid, false otherwise
+     */
+    validateChecksum(checksum: ChecksumBuffer): boolean;
+    /**
+     * Calculate a checksum for a file
+     * @param filePath - The path to the file
+     * @returns The checksum as a Buffer
+     */
+    calculateChecksumForFile(filePath: string): Promise<ChecksumBuffer>;
+    /**
+     * Internal file reading method
+     * @private
+     */
+    private readFile;
+    /**
+     * Calculate a checksum for a stream
+     * @param stream - The readable stream
+     * @returns The checksum as a Buffer
+     */
+    calculateChecksumForStream(stream: NodeJS.ReadableStream): Promise<ChecksumBuffer>;
+}
+//# sourceMappingURL=checksum.d.ts.map

package/src/services/checksum.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"checksum.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/checksum.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,cAAc,EACf,MAAM,iCAAiC,CAAC;AAIzC,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;gBAE7B,MAAM,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC;IAQ7C;;;;OAIG;IACI,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc;IAOtD;;;;OAIG;IACI,2BAA2B,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,cAAc;IASrE;;;;OAIG;IACI,0BAA0B,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc;IAI9D;;;;;OAKG;IACI,gBAAgB,CACrB,SAAS,EAAE,cAAc,EACzB,SAAS,EAAE,cAAc,GACxB,OAAO;IAUV;;;;OAIG;IACI,mBAAmB,CAAC,QAAQ,EAAE,cAAc,GAAG,cAAc;IAIpE;;;;OAIG;IACI,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,cAAc;IAO7D;;;;OAIG;IACI,gBAAgB,CAAC,QAAQ,EAAE,cAAc,GAAG,OAAO;IAI1D;;;;OAIG;IACU,wBAAwB,CACnC,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,CAAC;IAQ1B;;;OAGG;YACW,QAAQ;IAUtB;;;;OAIG;IACI,0BAA0B,CAC/B,MAAM,EAAE,MAAM,CAAC,cAAc,GAC5B,OAAO,CAAC,cAAc,CAAC;CAoB3B"}

package/src/services/checksum.js

@@ -0,0 +1,143 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChecksumService = void 0;
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const constants_1 = require("../constants");
+class ChecksumService {
+    config;
+    constructor(config) {
+        this.config = {
+            algorithm: constants_1.CHECKSUM.ALGORITHM,
+            encoding: constants_1.CHECKSUM.ENCODING,
+            ...config,
+        };
+    }
+    /**
+     * Calculate a checksum for a buffer
+     * @param data - The data to calculate the checksum for
+     * @returns The checksum as a Buffer
+     */
+    calculateChecksum(data) {
+        const hash = (0, crypto_1.createHash)(this.config.algorithm);
+        hash.update(data);
+        const digest = hash.digest();
+        return Buffer.from(digest);
+    }
+    /**
+     * Calculate a checksum for multiple buffers
+     * @param buffers - The buffers to calculate the checksum for
+     * @returns The checksum as a Buffer
+     */
+    calculateChecksumForBuffers(buffers) {
+        const hash = (0, crypto_1.createHash)(this.config.algorithm);
+        for (const buffer of buffers) {
+            hash.update(buffer);
+        }
+        const digest = hash.digest();
+        return Buffer.from(digest);
+    }
+    /**
+     * Calculate a checksum for a string
+     * @param str - The string to calculate the checksum for
+     * @returns The checksum as a Buffer
+     */
+    calculateChecksumForString(str) {
+        return this.calculateChecksum(Buffer.from(str, 'utf8'));
+    }
+    /**
+     * Compare two checksums for equality
+     * @param checksum1 - The first checksum
+     * @param checksum2 - The second checksum
+     * @returns True if the checksums are equal, false otherwise
+     */
+    compareChecksums(checksum1, checksum2) {
+        if (checksum1.length !== constants_1.CHECKSUM.SHA3_BUFFER_LENGTH ||
+            checksum2.length !== constants_1.CHECKSUM.SHA3_BUFFER_LENGTH) {
+            return false;
+        }
+        return checksum1.equals(checksum2);
+    }
+    /**
+     * Convert a checksum to a hex string
+     * @param checksum - The checksum to convert
+     * @returns The checksum as a hex string
+     */
+    checksumToHexString(checksum) {
+        return checksum.toString(constants_1.CHECKSUM.ENCODING);
+    }
+    /**
+     * Convert a hex string to a checksum
+     * @param hexString - The hex string to convert
+     * @returns The checksum as a Buffer
+     */
+    hexStringToChecksum(hexString) {
+        if (hexString.length !== constants_1.CHECKSUM.SHA3_BUFFER_LENGTH * 2) {
+            throw new Error('Invalid checksum hex string length');
+        }
+        return Buffer.from(hexString, constants_1.CHECKSUM.ENCODING);
+    }
+    /**
+     * Validate a checksum buffer
+     * @param checksum - The checksum to validate
+     * @returns True if the checksum is valid, false otherwise
+     */
+    validateChecksum(checksum) {
+        return checksum.length === constants_1.CHECKSUM.SHA3_BUFFER_LENGTH;
+    }
+    /**
+     * Calculate a checksum for a file
+     * @param filePath - The path to the file
+     * @returns The checksum as a Buffer
+     */
+    async calculateChecksumForFile(filePath) {
+        // Removed dynamic import by using the data service to read file data
+        // This is a temporary solution that can be replaced with a proper file service
+        // The implementation now delegates file reading to the caller
+        const buffer = Buffer.from(await this.readFile(filePath));
+        return this.calculateChecksum(buffer);
+    }
+    /**
+     * Internal file reading method
+     * @private
+     */
+    async readFile(filePath) {
+        // Import fs using a static import that's available at module load time
+        // This solves the dynamic import/require issues
+        try {
+            return await fs_1.promises.readFile(filePath);
+        }
+        catch {
+            throw new Error(`Failed to read file at path: ${filePath}`);
+        }
+    }
+    /**
+     * Calculate a checksum for a stream
+     * @param stream - The readable stream
+     * @returns The checksum as a Buffer
+     */
+    calculateChecksumForStream(stream) {
+        return new Promise((resolve, reject) => {
+            const hash = (0, crypto_1.createHash)(this.config.algorithm);
+            stream.on('data', (chunk) => {
+                // Ensure chunk is a Buffer before updating hash
+                if (Buffer.isBuffer(chunk)) {
+                    hash.update(chunk);
+                }
+                else if (typeof chunk === 'number') {
+                    hash.update(Buffer.from([chunk]));
+                }
+                else {
+                    hash.update(Buffer.from(chunk));
+                }
+            });
+            stream.on('end', () => {
+                const digest = hash.digest();
+                resolve(Buffer.from(digest));
+            });
+            stream.on('error', reject);
+        });
+    }
+}
+exports.ChecksumService = ChecksumService;
+//# sourceMappingURL=checksum.js.map

package/src/services/checksum.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checksum.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/checksum.ts"],"names":[],"mappings":";;;AAIA,mCAAoC;AACpC,2BAAoC;AACpC,4CAAwC;AAGxC,MAAa,eAAe;IACT,MAAM,CAAkB;IAEzC,YAAY,MAAiC;QAC3C,IAAI,CAAC,MAAM,GAAG;YACZ,SAAS,EAAE,oBAAQ,CAAC,SAAS;YAC7B,QAAQ,EAAE,oBAAQ,CAAC,QAAQ;YAC3B,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACI,iBAAiB,CAAC,IAAY;QACnC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAClB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7B,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,CAAC;IAC/C,CAAC;IAED;;;;OAIG;IACI,2BAA2B,CAAC,OAAiB;QAClD,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7B,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,CAAC;IAC/C,CAAC;IAED;;;;OAIG;IACI,0BAA0B,CAAC,GAAW;QAC3C,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;OAKG;IACI,gBAAgB,CACrB,SAAyB,EACzB,SAAyB;QAEzB,IACE,SAAS,CAAC,MAAM,KAAK,oBAAQ,CAAC,kBAAkB;YAChD,SAAS,CAAC,MAAM,KAAK,oBAAQ,CAAC,kBAAkB,EAChD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CAAC,QAAwB;QACjD,OAAO,QAAQ,CAAC,QAAQ,CAAC,oBAAQ,CAAC,QAAQ,CAAmB,CAAC;IAChE,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CAAC,SAAiB;QAC1C,IAAI,SAAS,CAAC,MAAM,KAAK,oBAAQ,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,oBAAQ,CAAC,QAAQ,CAAmB,CAAC;IACrE,CAAC;IAED;;;;OAIG;IACI,gBAAgB,CAAC,QAAwB;QAC9C,OAAO,QAAQ,CAAC,MAAM,KAAK,oBAAQ,CAAC,kBAAkB,CAAC;IACzD,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,wBAAwB,CACnC,QAAgB;QAEhB,qEAAqE;QACrE,+EAA+E;QAC/E,8DAA8D;QAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,QAAQ,CAAC,QAAgB;QACrC,uEAAuE;QACvE,gDAAgD;QAChD,IAAI,CAAC;YACH,OAAO,MAAM,aAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED;;;;OAIG;IACI,0BAA0B,CAC/B,MAA6B;QAE7B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC/C,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC1B,gDAAgD;gBAChD,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACrB,CAAC;qBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACrC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACpC,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;gBAClC,CAAC;YACH,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACpB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC7B,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAvJD,0CAuJC"}

package/src/services/crc.d.ts

@@ -0,0 +1,87 @@
+import { Readable } from 'stream';
+export declare class CrcService {
+    /**
+     * Perform a CRC8 checksum on the data
+     * @param data - The data to checksum
+     * @returns The CRC8 checksum as a Buffer
+     */
+    crc8(data: Buffer): Buffer;
+    /**
+     * Calculates the CRC8 of a buffer or readable stream
+     * @param input - The buffer or readable stream to calculate the CRC8 of
+     * @returns The CRC8 as a Buffer
+     */
+    crc8Async(input: Buffer | Readable): Promise<Buffer>;
+    /**
+     * Verify a CRC8 checksum on the data
+     * @param data - The data to verify
+     * @param expectedCrc - The expected CRC8 checksum
+     * @returns True if the checksum matches, false otherwise
+     */
+    verifyCrc8(data: Buffer, expectedCrc: Buffer | number): boolean;
+    /**
+     * Validates a CRC8 against a buffer or readable stream
+     * @param data The data to validate
+     * @param expectedCrc8 The CRC8 to validate against
+     * @returns True if the CRC8 is valid, false otherwise
+     */
+    verifyCrc8Async(data: Buffer | Readable, expectedCrc8: Buffer): Promise<boolean>;
+    /**
+     * Perform a CRC16 checksum on the data
+     * @param data - The data to checksum
+     * @returns The CRC16 checksum as a Buffer
+     */
+    crc16(data: Buffer): Buffer;
+    /**
+     * Calculates the CRC16 of a buffer or readable stream
+     * @param input - The buffer or readable stream to calculate the CRC16 of
+     * @returns The CRC16 as a Buffer
+     */
+    crc16Async(input: Buffer | Readable): Promise<Buffer>;
+    /**
+     * Verify a CRC16 checksum on the data
+     * @param data - The data to verify
+     * @param expectedCrc - The expected CRC16 checksum
+     * @returns True if the checksum matches, false otherwise
+     */
+    verifyCrc16(data: Buffer, expectedCrc: Buffer | number): boolean;
+    /**
+     * Validates a CRC16 against a buffer or readable stream
+     * @param data The data to validate
+     * @param expectedCrc16 The CRC16 to validate against
+     * @returns True if the CRC16 is valid, false otherwise
+     */
+    verifyCrc16Async(data: Buffer | Readable, expectedCrc16: Buffer): Promise<boolean>;
+    /**
+     * Perform a CRC32 checksum on the data
+     * @param data - The data to checksum
+     * @returns The CRC32 checksum as a Buffer
+     */
+    crc32(data: Buffer): Buffer;
+    /**
+     * Calculates the CRC32 of a buffer or readable stream
+     * @param input - The buffer or readable stream to calculate the CRC32 of
+     * @returns The CRC32 as a number
+     */
+    /**
+     * Calculates the CRC32 of a buffer or readable stream
+     * @param input - The buffer or readable stream to calculate the CRC32 of
+     * @returns The CRC32 as a Buffer
+     */
+    crc32Async(input: Buffer | Readable): Promise<Buffer>;
+    /**
+     * Verify a CRC32 checksum on the data
+     * @param data - The data to verify
+     * @param expectedCrc - The expected CRC32 checksum
+     * @returns True if the checksum matches, false otherwise
+     */
+    verifyCrc32(data: Buffer, expectedCrc: Buffer | number): boolean;
+    /**
+     * Validates a CRC32 against a buffer or readable stream
+     * @param data The data to validate
+     * @param expectedCrc32 The CRC32 to validate against
+     * @returns True if the CRC32 is valid, false otherwise
+     */
+    verifyCrc32Async(data: Buffer | Readable, expectedCrc32: Buffer): Promise<boolean>;
+}
+//# sourceMappingURL=crc.d.ts.map

package/src/services/crc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crc.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/crc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAElC,qBAAa,UAAU;IACrB;;;;OAIG;IACI,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAMjC;;;;OAIG;IACU,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC;IAwBjE;;;;;OAKG;IACI,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;IAStE;;;;;OAKG;IACU,eAAe,CAC1B,IAAI,EAAE,MAAM,GAAG,QAAQ,EACvB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC;IAInB;;;;OAIG;IACI,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAMlC;;;;OAIG;IACU,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC;IAwBlE;;;;;OAKG;IACI,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;IASvE;;;;;OAKG;IACU,gBAAgB,CAC3B,IAAI,EAAE,MAAM,GAAG,QAAQ,EACvB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,OAAO,CAAC;IAInB;;;;OAIG;IACI,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAMlC;;;;OAIG;IACH;;;;OAIG;IACU,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC;IAuBlE;;;;;OAKG;IACI,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;IASvE;;;;;OAKG;IACU,gBAAgB,CAC3B,IAAI,EAAE,MAAM,GAAG,QAAQ,EACvB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,OAAO,CAAC;CAIpB"}