@digitaldefiance/node-express-suite 3.14.5 → 3.16.0

package/src/interfaces/authentication-provider.d.ts

@@ -0,0 +1,76 @@
+/**
+ * @fileoverview Storage-agnostic authentication provider interface.
+ * Abstracts user lookup, role fetching, and credential verification
+ * so that authentication middlewares work with any storage backend
+ * (Mongoose, BrightChainDb, etc.).
+ * @module interfaces/authentication-provider
+ */
+import type { SecureString } from '@digitaldefiance/ecies-lib';
+import type { Member as BackendMember } from '@digitaldefiance/node-ecies-lib';
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { IRequestUserDTO, ITokenUser } from '@digitaldefiance/suite-core-lib';
+/**
+ * Minimal user record returned by the authentication provider.
+ * Contains only the fields needed by the authentication middlewares.
+ */
+export interface IAuthenticatedUser<TLanguage extends string = string> {
+    /** Stringified user ID */
+    id: string;
+    /** Account status (e.g. 'Active', 'Suspended') */
+    accountStatus: string;
+    /** User's email address */
+    email: string;
+    /** User's site language preference */
+    siteLanguage?: TLanguage;
+    /** User's timezone */
+    timezone: string;
+    /** Last login timestamp (ISO string or undefined) */
+    lastLogin?: string;
+}
+/**
+ * Result of a crypto-authentication (mnemonic or password login).
+ */
+export interface ICryptoAuthResult<TID extends PlatformID = Buffer> {
+    /** The authenticated user's ID as a string */
+    userId: string;
+    /** The authenticated BackendMember with private key loaded */
+    userMember: BackendMember<TID>;
+}
+/**
+ * Storage-agnostic authentication provider.
+ *
+ * Implementations supply user lookup, role resolution, and credential
+ * verification. The express-suite authentication middlewares delegate to
+ * this interface instead of calling Mongoose directly.
+ *
+ * @template TID Platform-specific ID type (Buffer, ObjectId, etc.)
+ * @template TLanguage Site language string literal type
+ */
+export interface IAuthenticationProvider<TID extends PlatformID = Buffer, TLanguage extends string = string> {
+    /**
+     * Look up a user by their ID and return a minimal user record.
+     * Returns null if the user does not exist.
+     */
+    findUserById(userId: string): Promise<IAuthenticatedUser<TLanguage> | null>;
+    /**
+     * Build an IRequestUserDTO for the given user.
+     * Includes role resolution and privilege calculation.
+     */
+    buildRequestUserDTO(userId: string): Promise<IRequestUserDTO | null>;
+    /**
+     * Verify a JWT token and return the decoded token user.
+     * Returns null if the token is invalid.
+     */
+    verifyToken<TTokenUser extends ITokenUser = ITokenUser>(token: string): Promise<TTokenUser | null>;
+    /**
+     * Authenticate with a mnemonic and return the crypto result.
+     * Throws on invalid credentials.
+     */
+    authenticateWithMnemonic?(email: string, mnemonic: SecureString): Promise<ICryptoAuthResult<TID>>;
+    /**
+     * Authenticate with a password and return the crypto result.
+     * Throws on invalid credentials.
+     */
+    authenticateWithPassword?(email: string, password: string): Promise<ICryptoAuthResult<TID>>;
+}
+//# sourceMappingURL=authentication-provider.d.ts.map

package/src/interfaces/authentication-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication-provider.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/authentication-provider.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,KAAK,EAAE,MAAM,IAAI,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAC/E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EACV,eAAe,EACf,UAAU,EACX,MAAM,iCAAiC,CAAC;AAEzC;;;GAGG;AACH,MAAM,WAAW,kBAAkB,CAAC,SAAS,SAAS,MAAM,GAAG,MAAM;IACnE,0BAA0B;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,kDAAkD;IAClD,aAAa,EAAE,MAAM,CAAC;IACtB,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,sCAAsC;IACtC,YAAY,CAAC,EAAE,SAAS,CAAC;IACzB,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,qDAAqD;IACrD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM;IAChE,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,8DAA8D;IAC9D,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;CAChC;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,uBAAuB,CACtC,GAAG,SAAS,UAAU,GAAG,MAAM,EAC/B,SAAS,SAAS,MAAM,GAAG,MAAM;IAEjC;;;OAGG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;IAE5E;;;OAGG;IACH,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;IAErE;;;OAGG;IACH,WAAW,CAAC,UAAU,SAAS,UAAU,GAAG,UAAU,EACpD,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE9B;;;OAGG;IACH,wBAAwB,CAAC,CACvB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,YAAY,GACrB,OAAO,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC;IAEnC;;;OAGG;IACH,wBAAwB,CAAC,CACvB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC;CACpC"}

package/src/interfaces/authentication-provider.js

@@ -0,0 +1,10 @@
+"use strict";
+/**
+ * @fileoverview Storage-agnostic authentication provider interface.
+ * Abstracts user lookup, role fetching, and credential verification
+ * so that authentication middlewares work with any storage backend
+ * (Mongoose, BrightChainDb, etc.).
+ * @module interfaces/authentication-provider
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=authentication-provider.js.map

package/src/interfaces/authentication-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication-provider.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/authentication-provider.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}

package/src/interfaces/environment-mongo.d.ts

@@ -10,9 +10,10 @@ import { ReadConcernLike, WriteConcern } from 'mongodb';
  */
 export interface IMongoEnvironment {
     /**
-     * The URI of the MongoDB database
+     * The URI of the MongoDB database.
+     * Optional — omit when using a non-MongoDB database (e.g. BrightChainDb).
      */
-    uri: string;
+    uri?: string;
     /**
      * The name of the MongoDB database
      */

package/src/interfaces/environment-mongo.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"environment-mongo.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/environment-mongo.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAExD;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;OAEG;IACH,wBAAwB,EAAE,MAAM,CAAC;IACjC;;OAEG;IACH,eAAe,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAC;IACrB;;OAEG;IACH,UAAU,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,WAAW,EAAE,eAAe,CAAC;IAC7B;;OAEG;IACH,YAAY,EAAE,YAAY,CAAC;IAC3B;;OAEG;IACH,qBAAqB,EAAE,OAAO,CAAC;IAC/B;;OAEG;IACH,wCAAwC,EAAE,OAAO,CAAC;IAClD;;OAEG;IACH,+CAA+C,EAAE,OAAO,CAAC;IACzD;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,6BAA6B,EAAE,MAAM,CAAC;IACtC;;OAEG;IACH,eAAe,EAAE,OAAO,CAAC;IACzB;;OAEG;IACH,yBAAyB,EAAE,MAAM,CAAC;CACnC"}
+{"version":3,"file":"environment-mongo.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/environment-mongo.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAExD;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;OAEG;IACH,wBAAwB,EAAE,MAAM,CAAC;IACjC;;OAEG;IACH,eAAe,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,WAAW,EAAE,OAAO,CAAC;IACrB;;OAEG;IACH,UAAU,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,WAAW,EAAE,eAAe,CAAC;IAC7B;;OAEG;IACH,YAAY,EAAE,YAAY,CAAC;IAC3B;;OAEG;IACH,qBAAqB,EAAE,OAAO,CAAC;IAC/B;;OAEG;IACH,wCAAwC,EAAE,OAAO,CAAC;IAClD;;OAEG;IACH,+CAA+C,EAAE,OAAO,CAAC;IACzD;;OAEG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,6BAA6B,EAAE,MAAM,CAAC;IACtC;;OAEG;IACH,eAAe,EAAE,OAAO,CAAC;IACzB;;OAEG;IACH,yBAAyB,EAAE,MAAM,CAAC;CACnC"}

package/src/interfaces/environment.d.ts

@@ -72,9 +72,10 @@ export interface IEnvironment<TID extends PlatformID = Buffer> {
      */
     disableEmailSend: boolean;
     /**
-     * MongoDB configuration
+     * MongoDB configuration.
+     * Optional — omit when using a non-MongoDB database (e.g. BrightChainDb).
      */
-    mongo: IMongoEnvironment;
+    mongo?: IMongoEnvironment;
     /**
      * Mnemonic for the admin user
      */

package/src/interfaces/environment.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"environment.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/environment.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAE3D;;;;GAIG;AACH,MAAM,WAAW,YAAY,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM;IAC3D;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,KAAK,EAAE,OAAO,CAAC;IACf;;OAEG;IACH,aAAa,EAAE,OAAO,CAAC;IACvB;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,gBAAgB,EAAE,OAAO,CAAC;IAC1B;;OAEG;IACH,KAAK,EAAE,iBAAiB,CAAC;IACzB;;OAEG;IACH,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B;;OAEG;IACH,OAAO,CAAC,EAAE,GAAG,CAAC;IACd;;OAEG;IACH,cAAc,CAAC,EAAE,IAAI,CAAC;IACtB;;OAEG;IACH,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B;;OAEG;IACH,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB;;OAEG;IACH,eAAe,CAAC,EAAE,GAAG,CAAC;IACtB;;OAEG;IACH,gBAAgB,CAAC,EAAE,UAAU,EAAE,CAAC;IAChC;;OAEG;IACH,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf;;OAEG;IACH,eAAe,CAAC,EAAE,IAAI,CAAC;IACvB;;OAEG;IACH,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,GAAG,CAAC;IACnB;;OAEG;IACH,gBAAgB,CAAC,EAAE,GAAG,CAAC;IACvB;;OAEG;IACH,iBAAiB,CAAC,EAAE,UAAU,EAAE,CAAC;IACjC;;OAEG;IACH,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf;;OAEG;IACH,eAAe,CAAC,EAAE,IAAI,CAAC;IACvB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;OAEG;IACH,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,GAAG,CAAC;IACnB;;OAEG;IACH,gBAAgB,CAAC,EAAE,GAAG,CAAC;IACvB;;OAEG;IACH,iBAAiB,CAAC,EAAE,UAAU,EAAE,CAAC;IACjC;;OAEG;IACH,kBAAkB,EAAE,YAAY,CAAC;IACjC;;OAEG;IACH,qBAAqB,EAAE,YAAY,CAAC;IACpC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;OAEG;IACH,gBAAgB,EAAE,MAAM,CAAC;IACzB;;OAEG;IACH,UAAU,EAAE,OAAO,CAAC;IAEpB;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;CACjC"}
+{"version":3,"file":"environment.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/environment.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAE3D;;;;GAIG;AACH,MAAM,WAAW,YAAY,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM;IAC3D;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,KAAK,EAAE,OAAO,CAAC;IACf;;OAEG;IACH,aAAa,EAAE,OAAO,CAAC;IACvB;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,gBAAgB,EAAE,OAAO,CAAC;IAC1B;;;OAGG;IACH,KAAK,CAAC,EAAE,iBAAiB,CAAC;IAC1B;;OAEG;IACH,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B;;OAEG;IACH,OAAO,CAAC,EAAE,GAAG,CAAC;IACd;;OAEG;IACH,cAAc,CAAC,EAAE,IAAI,CAAC;IACtB;;OAEG;IACH,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B;;OAEG;IACH,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB;;OAEG;IACH,eAAe,CAAC,EAAE,GAAG,CAAC;IACtB;;OAEG;IACH,gBAAgB,CAAC,EAAE,UAAU,EAAE,CAAC;IAChC;;OAEG;IACH,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf;;OAEG;IACH,eAAe,CAAC,EAAE,IAAI,CAAC;IACvB;;OAEG;IACH,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,GAAG,CAAC;IACnB;;OAEG;IACH,gBAAgB,CAAC,EAAE,GAAG,CAAC;IACvB;;OAEG;IACH,iBAAiB,CAAC,EAAE,UAAU,EAAE,CAAC;IACjC;;OAEG;IACH,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf;;OAEG;IACH,eAAe,CAAC,EAAE,IAAI,CAAC;IACvB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;OAEG;IACH,cAAc,CAAC,EAAE,YAAY,CAAC;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,GAAG,CAAC;IACnB;;OAEG;IACH,gBAAgB,CAAC,EAAE,GAAG,CAAC;IACvB;;OAEG;IACH,iBAAiB,CAAC,EAAE,UAAU,EAAE,CAAC;IACjC;;OAEG;IACH,kBAAkB,EAAE,YAAY,CAAC;IACjC;;OAEG;IACH,qBAAqB,EAAE,YAAY,CAAC;IACpC;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;OAEG;IACH,gBAAgB,EAAE,MAAM,CAAC;IACzB;;OAEG;IACH,UAAU,EAAE,OAAO,CAAC;IAEpB;;OAEG;IACH,WAAW,EAAE,kBAAkB,CAAC;CACjC"}

package/src/interfaces/index.d.ts

@@ -6,6 +6,8 @@ export * from './api-message-response';
 export * from './api-mongo-validation-error-response';
 export * from './api-responses';
 export * from './application';
+export * from './authentication-provider';
+export * from './mongo-application';
 export * from './backend-objects';
 export * from './checksum-config';
 export * from './checksum-consts';

package/src/interfaces/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,WAAW,CAAC;AAE1B,cAAc,sBAAsB,CAAC;AACrC,cAAc,yCAAyC,CAAC;AACxD,cAAc,wBAAwB,CAAC;AACvC,cAAc,uCAAuC,CAAC;AACtD,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,aAAa,CAAC;AAC5B,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC;AAC7B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,4BAA4B,CAAC;AAC3C,cAAc,cAAc,CAAC;AAC7B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,UAAU,CAAC;AACzB,cAAc,gBAAgB,CAAC;AAC/B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,wBAAwB,CAAC;AACvC,cAAc,UAAU,CAAC;AACzB,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AACvC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,WAAW,CAAC;AAE1B,cAAc,sBAAsB,CAAC;AACrC,cAAc,yCAAyC,CAAC;AACxD,cAAc,wBAAwB,CAAC;AACvC,cAAc,uCAAuC,CAAC;AACtD,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,2BAA2B,CAAC;AAC1C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,aAAa,CAAC;AAC5B,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC;AAC7B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,4BAA4B,CAAC;AAC3C,cAAc,cAAc,CAAC;AAC7B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,UAAU,CAAC;AACzB,cAAc,gBAAgB,CAAC;AAC/B,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,wBAAwB,CAAC;AACvC,cAAc,UAAU,CAAC;AACzB,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AACvC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kBAAkB,CAAC"}

package/src/interfaces/index.js

@@ -9,6 +9,8 @@ tslib_1.__exportStar(require("./api-message-response"), exports);
 tslib_1.__exportStar(require("./api-mongo-validation-error-response"), exports);
 tslib_1.__exportStar(require("./api-responses"), exports);
 tslib_1.__exportStar(require("./application"), exports);
+tslib_1.__exportStar(require("./authentication-provider"), exports);
+tslib_1.__exportStar(require("./mongo-application"), exports);
 tslib_1.__exportStar(require("./backend-objects"), exports);
 tslib_1.__exportStar(require("./checksum-config"), exports);
 tslib_1.__exportStar(require("./checksum-consts"), exports);

package/src/interfaces/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/index.ts"],"names":[],"mappings":";;;AAAA,2DAAiC;AACjC,oDAA0B;AAE1B,+DAAqC;AACrC,kFAAwD;AACxD,iEAAuC;AACvC,gFAAsD;AACtD,0DAAgC;AAChC,wDAA8B;AAC9B,4DAAkC;AAClC,4DAAkC;AAClC,4DAAkC;AAClC,sDAA4B;AAC5B,8DAAoC;AACpC,+DAAqC;AACrC,uDAA6B;AAC7B,2DAAiC;AACjC,2DAAiC;AACjC,sEAA4C;AAC5C,0DAAgC;AAChC,wDAA8B;AAC9B,8DAAoC;AACpC,4DAAkC;AAClC,uDAA6B;AAC7B,yDAA+B;AAC/B,qEAA2C;AAC3C,uDAA6B;AAC7B,8DAAoC;AACpC,gEAAsC;AACtC,mDAAyB;AACzB,yDAA+B;AAC/B,oDAA0B;AAC1B,oDAA0B;AAC1B,yDAA+B;AAC/B,iEAAuC;AACvC,mDAAyB;AACzB,+DAAqC;AACrC,iEAAuC;AACvC,yEAA+C;AAC/C,2DAAiC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/index.ts"],"names":[],"mappings":";;;AAAA,2DAAiC;AACjC,oDAA0B;AAE1B,+DAAqC;AACrC,kFAAwD;AACxD,iEAAuC;AACvC,gFAAsD;AACtD,0DAAgC;AAChC,wDAA8B;AAC9B,oEAA0C;AAC1C,8DAAoC;AACpC,4DAAkC;AAClC,4DAAkC;AAClC,4DAAkC;AAClC,sDAA4B;AAC5B,8DAAoC;AACpC,+DAAqC;AACrC,uDAA6B;AAC7B,2DAAiC;AACjC,2DAAiC;AACjC,sEAA4C;AAC5C,0DAAgC;AAChC,wDAA8B;AAC9B,8DAAoC;AACpC,4DAAkC;AAClC,uDAA6B;AAC7B,yDAA+B;AAC/B,qEAA2C;AAC3C,uDAA6B;AAC7B,8DAAoC;AACpC,gEAAsC;AACtC,mDAAyB;AACzB,yDAA+B;AAC/B,oDAA0B;AAC1B,oDAA0B;AAC1B,yDAA+B;AAC/B,iEAAuC;AACvC,mDAAyB;AACzB,+DAAqC;AACrC,iEAAuC;AACvC,yEAA+C;AAC/C,2DAAiC"}

package/src/interfaces/mongo-application.d.ts

@@ -0,0 +1,35 @@
+/**
+ * @fileoverview Mongoose/MongoDB-specific application interface.
+ * Extends the base IApplication with MongoDB-specific capabilities.
+ * Use this interface in controllers, services, and middlewares that require
+ * direct access to the Mongoose connection or MongoDB configuration.
+ * @module interfaces/mongo-application
+ */
+import mongoose from '@digitaldefiance/mongoose-types';
+import type { Model } from '@digitaldefiance/mongoose-types';
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { IBaseDocument } from '../documents';
+import type { IApplication } from './application';
+/**
+ * MongoDB/Mongoose-specific application interface.
+ * Extends IApplication with the Mongoose connection and MongoDB configuration.
+ *
+ * Use this interface when your code needs:
+ *  - `application.db` (the Mongoose connection)
+ *  - `application.environment.mongo` (MongoDB config with a guaranteed URI)
+ *  - `application.getModel<T>(name)` (Mongoose model lookup)
+ *
+ * Non-Mongo applications (e.g. BrightChainDb) should use the base IApplication.
+ */
+export interface IMongoApplication<TID extends PlatformID = Buffer> extends IApplication<TID> {
+    /** Mongoose database connection. */
+    get db(): typeof mongoose;
+    /**
+     * Gets a Mongoose model by name.
+     * @template U Document type extending IBaseDocument
+     * @param modelName Name of the model to retrieve
+     * @returns Mongoose model instance
+     */
+    getModel<U extends IBaseDocument<any, TID>>(modelName: string): Model<U>;
+}
+//# sourceMappingURL=mongo-application.d.ts.map

package/src/interfaces/mongo-application.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongo-application.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/mongo-application.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,QAAQ,MAAM,iCAAiC,CAAC;AACvD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAElD;;;;;;;;;;GAUG;AACH,MAAM,WAAW,iBAAiB,CAChC,GAAG,SAAS,UAAU,GAAG,MAAM,CAC/B,SAAQ,YAAY,CAAC,GAAG,CAAC;IACzB,oCAAoC;IACpC,IAAI,EAAE,IAAI,OAAO,QAAQ,CAAC;IAE1B;;;;;OAKG;IACH,QAAQ,CAAC,CAAC,SAAS,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;CAC1E"}

package/src/interfaces/mongo-application.js

@@ -0,0 +1,10 @@
+"use strict";
+/**
+ * @fileoverview Mongoose/MongoDB-specific application interface.
+ * Extends the base IApplication with MongoDB-specific capabilities.
+ * Use this interface in controllers, services, and middlewares that require
+ * direct access to the Mongoose connection or MongoDB configuration.
+ * @module interfaces/mongo-application
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=mongo-application.js.map

package/src/interfaces/mongo-application.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongo-application.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/mongo-application.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}

package/src/middlewares/authenticate-crypto.d.ts

@@ -1,6 +1,7 @@
 /**
  * @fileoverview Cryptographic authentication middleware for operations requiring private keys.
  * Validates mnemonic or password to unlock user's private key for sensitive operations.
+ * Storage-agnostic — delegates credential verification to IAuthenticationProvider.
  * @module middlewares/authenticate-crypto
  */
 import { PlatformID } from '@digitaldefiance/node-ecies-lib';
@@ -12,9 +13,14 @@ import { IApplication } from '../interfaces/application';
  * Requires mnemonic or password in request body to unlock user's private key.
  * Attaches authenticated BackendMember with private key to req.eciesUser.
  * Used for operations requiring cryptographic signing or decryption.
+ *
+ * Delegates to `application.authProvider` for storage-agnostic credential
+ * verification. The application must have an authProvider configured with
+ * authenticateWithMnemonic and/or authenticateWithPassword.
+ *
  * @template TID - Platform ID type (defaults to Buffer)
  * @template TAccountStatus - Account status type (defaults to AccountStatus)
- * @param {IApplication<TID>} application - Application instance
+ * @param {IApplication<TID>} application - Application instance with authProvider
  * @param {Request} req - Express request object
  * @param {Response} res - Express response object
  * @param {NextFunction} next - Express next function

package/src/middlewares/authenticate-crypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authenticate-crypto.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/authenticate-crypto.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAEL,UAAU,EACX,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACL,aAAa,EAId,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAK1D,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGzD;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,SAAS,UAAU,GAAG,MAAM,EAC/B,cAAc,SAAS,MAAM,GAAG,aAAa,EAE7C,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC,EAC9B,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,EAClB,iBAAiB,GAAE,cAAuD,GACzE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAyL1B"}
+{"version":3,"file":"authenticate-crypto.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/authenticate-crypto.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EACL,aAAa,EAId,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE1D,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAEzD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,SAAS,UAAU,GAAG,MAAM,EAC/B,cAAc,SAAS,MAAM,GAAG,aAAa,EAE7C,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC,EAC9B,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,EAClB,iBAAiB,GAAE,cAAuD,GACzE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CA6K1B"}

package/src/middlewares/authenticate-crypto.js

@@ -2,24 +2,27 @@
 /**
  * @fileoverview Cryptographic authentication middleware for operations requiring private keys.
  * Validates mnemonic or password to unlock user's private key for sensitive operations.
+ * Storage-agnostic — delegates credential verification to IAuthenticationProvider.
  * @module middlewares/authenticate-crypto
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.authenticateCrypto = authenticateCrypto;
 const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
 const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
-const container_1 = require("../container");
-const enumerations_1 = require("../enumerations");
 const errors_1 = require("../errors");
-const utils_1 = require("../utils");
 /**
  * Express middleware for cryptographic authentication.
  * Requires mnemonic or password in request body to unlock user's private key.
  * Attaches authenticated BackendMember with private key to req.eciesUser.
  * Used for operations requiring cryptographic signing or decryption.
+ *
+ * Delegates to `application.authProvider` for storage-agnostic credential
+ * verification. The application must have an authProvider configured with
+ * authenticateWithMnemonic and/or authenticateWithPassword.
+ *
  * @template TID - Platform ID type (defaults to Buffer)
  * @template TAccountStatus - Account status type (defaults to AccountStatus)
- * @param {IApplication<TID>} application - Application instance
+ * @param {IApplication<TID>} application - Application instance with authProvider
  * @param {Request} req - Express request object
  * @param {Response} res - Express response object
  * @param {NextFunction} next - Express next function
@@ -29,6 +32,10 @@ const utils_1 = require("../utils");
  * @throws {InvalidPasswordError} When password is incorrect
  */
 async function authenticateCrypto(application, req, res, next, activeStatusValue = suite_core_lib_1.AccountStatus.Active) {
+    const authProvider = application.authProvider;
+    if (!authProvider) {
+        return res.status(500).send('Authentication provider not configured');
+    }
     if (!req.user) {
         return res.status(401).send(
         // amazonq-ignore-next-line false positive, hardcoded string
@@ -60,61 +67,66 @@ async function authenticateCrypto(application, req, res, next, activeStatusValue
             message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicOrPasswordRequired),
         });
     }
-    const UserModel = application.getModel(enumerations_1.BaseModelName.User);
-    const userService = application.services.get(container_1.ServiceKeys.USER);
     try {
-        return await (0, utils_1.withTransaction)(application.db.connection, application.environment.mongo.useTransactions, undefined, async (sess) => {
-            const userDoc = await UserModel.findById(req.user.id)
-                .session(sess ?? null)
-                .exec();
-            if (!userDoc || userDoc.accountStatus !== activeStatusValue) {
-                return res.status(403).send(
-                // amazonq-ignore-next-line false positive, hardcoded string
-                (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UserNotFound));
-            }
-            // Ensure we're only authenticating the currently logged-in user
-            if (userDoc._id.toString() !== req.user.id) {
-                return res.status(403).send(
-                // amazonq-ignore-next-line false positive, hardcoded string
-                (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials));
+        // Verify the user exists and is active
+        const authenticatedUser = await authProvider.findUserById(req.user.id);
+        if (!authenticatedUser ||
+            authenticatedUser.accountStatus !== activeStatusValue) {
+            return res.status(403).send(
+            // amazonq-ignore-next-line false positive, hardcoded string
+            (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UserNotFound));
+        }
+        // Ensure we're only authenticating the currently logged-in user
+        if (authenticatedUser.id !== req.user.id) {
+            return res.status(403).send(
+            // amazonq-ignore-next-line false positive, hardcoded string
+            (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials));
+        }
+        if (mnemonic) {
+            if (!authProvider.authenticateWithMnemonic) {
+                return res.status(501).send({
+                    message: 'Mnemonic authentication not supported by this provider',
+                });
             }
-            let loginResult;
-            if (mnemonic) {
-                // Authenticate with mnemonic
-                const userMnemonic = new ecies_lib_1.SecureString(mnemonic);
-                try {
-                    loginResult = await userService.loginWithMnemonic(userDoc.email, userMnemonic, sess);
-                }
-                finally {
-                    userMnemonic.dispose();
+            const userMnemonic = new ecies_lib_1.SecureString(mnemonic);
+            try {
+                const result = await authProvider.authenticateWithMnemonic(authenticatedUser.email, userMnemonic);
+                // Double-check authenticated user matches logged-in user
+                if (result.userId !== req.user.id) {
+                    return res
+                        .status(403)
+                        .send((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials));
                 }
+                req.eciesUser = result.userMember;
             }
-            else if (password) {
-                // Authenticate with password
-                loginResult = await userService.loginWithPassword(userDoc.email, password, sess);
+            finally {
+                userMnemonic.dispose();
             }
-            else {
-                // Should not happen due to earlier guard; keeps TypeScript happy
-                return res.status(400).send({
-                    // amazonq-ignore-next-line false positive, hardcoded string
-                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicOrPasswordRequired),
+        }
+        else if (password) {
+            if (!authProvider.authenticateWithPassword) {
+                return res.status(501).send({
+                    message: 'Password authentication not supported by this provider',
                 });
             }
+            const result = await authProvider.authenticateWithPassword(authenticatedUser.email, password);
             // Double-check authenticated user matches logged-in user
-            if (loginResult.userDoc._id.toString() !== req.user.id) {
-                return res.status(403).send(
-                // amazonq-ignore-next-line false positive, hardcoded string
-                (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials));
+            if (result.userId !== req.user.id) {
+                return res
+                    .status(403)
+                    .send((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials));
             }
-            // Attach the fully authenticated member (with private key) to the request
-            req.eciesUser = loginResult.userMember;
-            // Do not attach the admin user to the request; it's a process-wide singleton
-            // and must not be disposed as part of request cleanup.
-            next();
-            return;
-        }, {
-            timeoutMs: application.environment.mongo.transactionTimeout,
-        });
+            req.eciesUser = result.userMember;
+        }
+        else {
+            // Should not happen due to earlier guard; keeps TypeScript happy
+            return res.status(400).send({
+                // amazonq-ignore-next-line false positive, hardcoded string
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicOrPasswordRequired),
+            });
+        }
+        next();
+        return;
     }
     catch (err) {
         if (err instanceof suite_core_lib_1.InvalidCredentialsError ||

package/src/middlewares/authenticate-crypto.js.map

@@ -1 +1 @@
-{"version":3,"file":"authenticate-crypto.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/authenticate-crypto.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAsCH,gDAkMC;AAtOD,0DAA0D;AAM1D,oEAKyC;AAEzC,4CAA2C;AAE3C,kDAAgD;AAChD,sCAAiD;AAEjD,oCAA2C;AAE3C;;;;;;;;;;;;;;;GAeG;AACI,KAAK,UAAU,kBAAkB,CAItC,WAA8B,EAC9B,GAAY,EACZ,GAAa,EACb,IAAkB,EAClB,oBAAoC,8BAAa,CAAC,MAAwB;IAE1E,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;QACzB,4DAA4D;QAC5D,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,uBAAuB,CAAC,CACpE,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,mFAAmF;IACnF,MAAM,aAAa,GAAI,GAA6C;SACjE,aAAoD,CAAC;IACxD,MAAM,OAAO,GAAG,GAAG,CAAC,IAA2C,CAAC;IAChE,MAAM,UAAU,GAAG,aAAa,IAAI,OAAO,CAAC;IAE5C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,4DAA4D;YAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,qCAAqC,CACzD;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GACZ,OAAO,UAAU,CAAC,UAAU,CAAC,KAAK,QAAQ;QACxC,CAAC,CAAE,UAAU,CAAC,UAAU,CAAY;QACpC,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,QAAQ;IACZ,0CAA0C;IAC1C,OAAO,UAAU,CAAC,UAAU,CAAC,KAAK,QAAQ;QACxC,CAAC,CAAE,UAAU,CAAC,UAAU,CAAY;QACpC,CAAC,CAAC,SAAS,CAAC;IAChB,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC3B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,4DAA4D;YAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,qCAAqC,CACzD;SACF,CAAC,CAAC;IACL,CAAC;IACD,MAAM,SAAS,GAAG,WAAW,CAAC,QAAQ,CACpC,4BAAa,CAAC,IAAI,CACnB,CAAC;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,uBAAW,CAAC,IAAI,CAW5D,CAAC;IAEF,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,uBAAe,EAC1B,WAAW,CAAC,EAAE,CAAC,UAAU,EACzB,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,eAAe,EAC7C,SAAS,EACT,KAAK,EAAE,IAA+B,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAK,CAAC,EAAE,CAAC;iBACnD,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC;iBACrB,IAAI,EAAE,CAAC;YAEV,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,aAAa,KAAK,iBAAiB,EAAE,CAAC;gBAC5D,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;gBACzB,4DAA4D;gBAC5D,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,uBAAuB,CAAC,CACpE,CAAC;YACJ,CAAC;YAED,gEAAgE;YAChE,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,IAAK,CAAC,EAAE,EAAE,CAAC;gBAC5C,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;gBACzB,4DAA4D;gBAC5D,IAAA,wCAAuB,EACrB,mCAAkB,CAAC,6BAA6B,CACjD,CACF,CAAC;YACJ,CAAC;YAED,IAAI,WAIH,CAAC;YAEF,IAAI,QAAQ,EAAE,CAAC;gBACb,6BAA6B;gBAC7B,MAAM,YAAY,GAAG,IAAI,wBAAY,CAAC,QAAQ,CAAC,CAAC;gBAChD,IAAI,CAAC;oBACH,WAAW,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAC/C,OAAO,CAAC,KAAK,EACb,YAAY,EACZ,IAAI,CACL,CAAC;gBACJ,CAAC;wBAAS,CAAC;oBACT,YAAY,CAAC,OAAO,EAAE,CAAC;gBACzB,CAAC;YACH,CAAC;iBAAM,IAAI,QAAQ,EAAE,CAAC;gBACpB,6BAA6B;gBAC7B,WAAW,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAC/C,OAAO,CAAC,KAAK,EACb,QAAQ,EACR,IAAI,CACL,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,iEAAiE;gBACjE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC1B,4DAA4D;oBAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,qCAAqC,CACzD;iBACF,CAAC,CAAC;YACL,CAAC;YAED,yDAAyD;YACzD,IAAI,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,IAAK,CAAC,EAAE,EAAE,CAAC;gBACxD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;gBACzB,4DAA4D;gBAC5D,IAAA,wCAAuB,EACrB,mCAAkB,CAAC,6BAA6B,CACjD,CACF,CAAC;YACJ,CAAC;YAED,0EAA0E;YAC1E,GAAG,CAAC,SAAS,GAAG,WAAW,CAAC,UAAU,CAAC;YACvC,6EAA6E;YAC7E,uDAAuD;YAEvD,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC,EACD;YACE,SAAS,EAAE,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,kBAAkB;SAC5D,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IACE,GAAG,YAAY,wCAAuB;YACtC,GAAG,YAAY,6BAAoB,EACnC,CAAC;YACD,0CAA0C;YAC1C,OAAO,CAAC,KAAK,CACX,+BAA+B,EAC/B,UAAU,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,IAAI,SAAS,CAAC,CAAC,OAAO,CACjD,SAAS,EACT,EAAE,CACH,gBAAgB,CAAC,CAAC,QAAQ,gBAAgB,CAAC,CAAC,QAAQ,EAAE,CACxD,CAAC;YACF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,4DAA4D;gBAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,6BAA6B,CACjD;aACF,CAAC,CAAC;QACL,CAAC;QACD,MAAM,YAAY,GAChB,GAAG,YAAY,KAAK;YAClB,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC;YACrC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAC1C,OAAO,CAAC,KAAK,CACX,GAAG,IAAA,wCAAuB,EACxB,mCAAkB,CAAC,yCAAyC,CAC7D,GAAG,EACJ,YAAY,CACb,CAAC;QACF,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACtC,OAAO,CAAC,KAAK,CACX,GAAG,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,iBAAiB,CAAC,GAAG,EACnE,GAAG,CAAC,KAAK,CACV,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,4DAA4D;YAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,sBAAsB,CAC1C;YACD,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
+{"version":3,"file":"authenticate-crypto.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/authenticate-crypto.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAmCH,gDAsLC;AAvND,0DAA0D;AAE1D,oEAKyC;AAEzC,sCAAiD;AAGjD;;;;;;;;;;;;;;;;;;;;GAoBG;AACI,KAAK,UAAU,kBAAkB,CAItC,WAA8B,EAC9B,GAAY,EACZ,GAAa,EACb,IAAkB,EAClB,oBAAoC,8BAAa,CAAC,MAAwB;IAE1E,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC;IAC9C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;QACzB,4DAA4D;QAC5D,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,uBAAuB,CAAC,CACpE,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,mFAAmF;IACnF,MAAM,aAAa,GAAI,GAA6C;SACjE,aAAoD,CAAC;IACxD,MAAM,OAAO,GAAG,GAAG,CAAC,IAA2C,CAAC;IAChE,MAAM,UAAU,GAAG,aAAa,IAAI,OAAO,CAAC;IAE5C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,4DAA4D;YAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,qCAAqC,CACzD;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GACZ,OAAO,UAAU,CAAC,UAAU,CAAC,KAAK,QAAQ;QACxC,CAAC,CAAE,UAAU,CAAC,UAAU,CAAY;QACpC,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,QAAQ;IACZ,0CAA0C;IAC1C,OAAO,UAAU,CAAC,UAAU,CAAC,KAAK,QAAQ;QACxC,CAAC,CAAE,UAAU,CAAC,UAAU,CAAY;QACpC,CAAC,CAAC,SAAS,CAAC;IAChB,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC3B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,4DAA4D;YAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,qCAAqC,CACzD;SACF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC;QACH,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,MAAM,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvE,IACE,CAAC,iBAAiB;YAClB,iBAAiB,CAAC,aAAa,KAAK,iBAAiB,EACrD,CAAC;YACD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;YACzB,4DAA4D;YAC5D,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,uBAAuB,CAAC,CACpE,CAAC;QACJ,CAAC;QAED,gEAAgE;QAChE,IAAI,iBAAiB,CAAC,EAAE,KAAK,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACzC,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;YACzB,4DAA4D;YAC5D,IAAA,wCAAuB,EACrB,mCAAkB,CAAC,6BAA6B,CACjD,CACF,CAAC;QACJ,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,YAAY,CAAC,wBAAwB,EAAE,CAAC;gBAC3C,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC1B,OAAO,EAAE,wDAAwD;iBAClE,CAAC,CAAC;YACL,CAAC;YACD,MAAM,YAAY,GAAG,IAAI,wBAAY,CAAC,QAAQ,CAAC,CAAC;YAChD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,wBAAwB,CACxD,iBAAiB,CAAC,KAAK,EACvB,YAAY,CACb,CAAC;gBACF,yDAAyD;gBACzD,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;oBAClC,OAAO,GAAG;yBACP,MAAM,CAAC,GAAG,CAAC;yBACX,IAAI,CACH,IAAA,wCAAuB,EACrB,mCAAkB,CAAC,6BAA6B,CACjD,CACF,CAAC;gBACN,CAAC;gBACD,GAAG,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC;YACpC,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,EAAE,CAAC;YACpB,IAAI,CAAC,YAAY,CAAC,wBAAwB,EAAE,CAAC;gBAC3C,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC1B,OAAO,EAAE,wDAAwD;iBAClE,CAAC,CAAC;YACL,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,wBAAwB,CACxD,iBAAiB,CAAC,KAAK,EACvB,QAAQ,CACT,CAAC;YACF,yDAAyD;YACzD,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBAClC,OAAO,GAAG;qBACP,MAAM,CAAC,GAAG,CAAC;qBACX,IAAI,CACH,IAAA,wCAAuB,EACrB,mCAAkB,CAAC,6BAA6B,CACjD,CACF,CAAC;YACN,CAAC;YACD,GAAG,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,iEAAiE;YACjE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,4DAA4D;gBAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,qCAAqC,CACzD;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,EAAE,CAAC;QACP,OAAO;IACT,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IACE,GAAG,YAAY,wCAAuB;YACtC,GAAG,YAAY,6BAAoB,EACnC,CAAC;YACD,0CAA0C;YAC1C,OAAO,CAAC,KAAK,CACX,+BAA+B,EAC/B,UAAU,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,IAAI,SAAS,CAAC,CAAC,OAAO,CACjD,SAAS,EACT,EAAE,CACH,gBAAgB,CAAC,CAAC,QAAQ,gBAAgB,CAAC,CAAC,QAAQ,EAAE,CACxD,CAAC;YACF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,4DAA4D;gBAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,6BAA6B,CACjD;aACF,CAAC,CAAC;QACL,CAAC;QACD,MAAM,YAAY,GAChB,GAAG,YAAY,KAAK;YAClB,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC;YACrC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAC1C,OAAO,CAAC,KAAK,CACX,GAAG,IAAA,wCAAuB,EACxB,mCAAkB,CAAC,yCAAyC,CAC7D,GAAG,EACJ,YAAY,CACb,CAAC;QACF,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACtC,OAAO,CAAC,KAAK,CACX,GAAG,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,iBAAiB,CAAC,GAAG,EACnE,GAAG,CAAC,KAAK,CACV,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,4DAA4D;YAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,sBAAsB,CAC1C;YACD,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}

package/src/middlewares/authenticate-token.d.ts

@@ -1,9 +1,10 @@
 /**
  * @fileoverview JWT token authentication middleware.
  * Validates bearer tokens, loads user data, and sets up request context.
+ * Storage-agnostic — delegates user lookup and role resolution to
+ * IAuthenticationProvider on the application.
  * @module middlewares/authenticate-token
  */
-import { ITokenRole, ITokenUser } from '@digitaldefiance/suite-core-lib';
 import { NextFunction, Request, Response } from 'express';
 import { IncomingHttpHeaders } from 'http';
 import { IApplication } from '../interfaces/application';
@@ -18,17 +19,17 @@ export declare function findAuthToken(headers: IncomingHttpHeaders): string | nu
  * Express middleware for JWT token authentication.
  * Validates token, loads user from database, checks account status,
  * and populates req.user with authenticated user data.
+ *
+ * Delegates to `application.authProvider` for storage-agnostic user lookup
+ * and role resolution. The application must have an authProvider configured.
+ *
  * @template TID - Platform ID type (defaults to Buffer)
- * @template D - Date type (defaults to Date)
- * @template TTokenRole - Token role interface type
- * @template TTokenUser - Token user interface type
- * @template TApplication - Application interface type
- * @param {TApplication} application - Application instance
+ * @param {IApplication<TID>} application - Application instance with authProvider
  * @param {Request} req - Express request object
  * @param {Response} res - Express response object
  * @param {NextFunction} next - Express next function
  * @returns {Promise<Response>} Response object
  * @throws {TokenExpiredError} When token has expired
  */
-export declare function authenticateToken<TID extends PlatformID = Buffer, D extends Date = Date, TTokenRole extends ITokenRole<TID, D> = ITokenRole<TID, D>, TTokenUser extends ITokenUser = ITokenUser, TApplication extends IApplication<TID> = IApplication<TID>>(application: TApplication, req: Request, res: Response, next: NextFunction): Promise<Response>;
+export declare function authenticateToken<TID extends PlatformID = Buffer>(application: IApplication<TID>, req: Request, res: Response, next: NextFunction): Promise<Response>;
 //# sourceMappingURL=authenticate-token.d.ts.map

package/src/middlewares/authenticate-token.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authenticate-token.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/authenticate-token.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,EAGL,UAAU,EACV,UAAU,EAEX,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,MAAM,CAAC;AAI3C,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAKzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAalE;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM,GAAG,IAAI,CASzE;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,SAAS,UAAU,GAAG,MAAM,EAC/B,CAAC,SAAS,IAAI,GAAG,IAAI,EACrB,UAAU,SAAS,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,EAC1D,UAAU,SAAS,UAAU,GAAG,UAAU,EAC1C,YAAY,SAAS,YAAY,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,EAE1D,WAAW,EAAE,YAAY,EACzB,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,QAAQ,CAAC,CAkFnB"}
+{"version":3,"file":"authenticate-token.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/authenticate-token.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,MAAM,CAAC;AAE3C,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAalE;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM,GAAG,IAAI,CASzE;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,iBAAiB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EACrE,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC,EAC9B,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,QAAQ,CAAC,CAiFnB"}