@digitaldefiance/node-express-suite 3.6.14 → 3.6.15

package/src/interfaces/server-init-result.d.ts

@@ -0,0 +1,36 @@
+import { Member } from '@digitaldefiance/node-ecies-lib';
+import { Types } from '@digitaldefiance/mongoose-types';
+import { IRoleDocument } from '../documents/role';
+import { IUserDocument } from '../documents/user';
+import { IUserRoleDocument } from '../documents/user-role';
+export type { IRoleDocument, IUserDocument, IUserRoleDocument };
+export interface IServerInitResult<I extends Types.ObjectId | string = Types.ObjectId> {
+    adminRole: IRoleDocument<I>;
+    adminUser: IUserDocument<string, I>;
+    adminUsername: string;
+    adminEmail: string;
+    adminMnemonic: string;
+    adminPassword: string;
+    adminBackupCodes: Array<string>;
+    adminMember: Member<I>;
+    adminUserRole: IUserRoleDocument<I>;
+    memberRole: IRoleDocument<I>;
+    memberUser: IUserDocument<string, I>;
+    memberUsername: string;
+    memberEmail: string;
+    memberMnemonic: string;
+    memberPassword: string;
+    memberBackupCodes: Array<string>;
+    memberMember: Member<I>;
+    memberUserRole: IUserRoleDocument<I>;
+    systemRole: IRoleDocument<I>;
+    systemUser: IUserDocument<string, I>;
+    systemUsername: string;
+    systemEmail: string;
+    systemMnemonic: string;
+    systemPassword: string;
+    systemBackupCodes: Array<string>;
+    systemMember: Member<I>;
+    systemUserRole: IUserRoleDocument<I>;
+}
+//# sourceMappingURL=server-init-result.d.ts.map

package/src/interfaces/server-init-result.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-init-result.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/server-init-result.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iCAAiC,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,iCAAiC,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAG3D,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,iBAAiB,EAAE,CAAC;AAEhE,MAAM,WAAW,iBAAiB,CAAC,CAAC,SAAS,KAAK,CAAC,QAAQ,GAAG,MAAM,GAAG,KAAK,CAAC,QAAQ;IACnF,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IAC5B,SAAS,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;IACvB,aAAa,EAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACpC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IAC7B,UAAU,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;IACxB,cAAc,EAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IAC7B,UAAU,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;IACxB,cAAc,EAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC;CACtC"}

package/src/interfaces/server-init-result.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=server-init-result.js.map

package/src/interfaces/server-init-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-init-result.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/server-init-result.ts"],"names":[],"mappings":""}

package/src/interfaces/status-code-response.d.ts

@@ -0,0 +1,7 @@
+import { ApiResponse } from '../types';
+export interface IStatusCodeResponse<T extends ApiResponse> {
+    statusCode: number;
+    response: T;
+    headers?: Record<string, string>;
+}
+//# sourceMappingURL=status-code-response.d.ts.map

package/src/interfaces/status-code-response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status-code-response.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/status-code-response.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,MAAM,WAAW,mBAAmB,CAAC,CAAC,SAAS,WAAW;IACxD,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,CAAC,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC"}

package/src/interfaces/status-code-response.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=status-code-response.js.map

package/src/interfaces/status-code-response.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status-code-response.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/status-code-response.ts"],"names":[],"mappings":""}

package/src/interfaces/symmetric-encryption-results.d.ts

@@ -1,5 +1,5 @@
 export interface ISymmetricEncryptionResults {
-  encryptedData: Buffer;
-  key: Buffer;
+    encryptedData: Buffer;
+    key: Buffer;
 }
-//# sourceMappingURL=symmetric-encryption-results.d.ts.map
+//# sourceMappingURL=symmetric-encryption-results.d.ts.map

package/src/interfaces/symmetric-encryption-results.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"symmetric-encryption-results.d.ts","sourceRoot":"","sources":["symmetric-encryption-results.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,2BAA2B;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;CACb"}
+{"version":3,"file":"symmetric-encryption-results.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/symmetric-encryption-results.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,2BAA2B;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;CACb"}

package/src/interfaces/symmetric-encryption-results.js.map

@@ -1 +1 @@
-{"version":3,"file":"symmetric-encryption-results.js","sourceRoot":"","sources":["symmetric-encryption-results.ts"],"names":[],"mappings":""}
+{"version":3,"file":"symmetric-encryption-results.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/symmetric-encryption-results.ts"],"names":[],"mappings":""}

package/src/interfaces/{test-environment.ts → test-environment.d.ts}

@@ -1,11 +1,11 @@
 import { MongoMemoryReplSet } from 'mongodb-memory-server';
 import { IServerInitResult } from './server-init-result';
 import { IApplication } from './application';
-
 export interface ITestEnvironment {
-  application: IApplication;
-  mongoServer: MongoMemoryReplSet;
-  mongoUri: string;
-  accountData: IServerInitResult;
-  dbName: string;
+    application: IApplication;
+    mongoServer: MongoMemoryReplSet;
+    mongoUri: string;
+    accountData: IServerInitResult;
+    dbName: string;
 }
+//# sourceMappingURL=test-environment.d.ts.map

package/src/interfaces/test-environment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-environment.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/test-environment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,YAAY,CAAC;IAC1B,WAAW,EAAE,kBAAkB,CAAC;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,iBAAiB,CAAC;IAC/B,MAAM,EAAE,MAAM,CAAC;CAChB"}

package/src/interfaces/test-environment.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=test-environment.js.map

package/src/interfaces/test-environment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-environment.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/test-environment.ts"],"names":[],"mappings":""}

package/src/interfaces/{token-response.ts → token-response.d.ts}

@@ -1,5 +1,5 @@
 import { IApiMessageResponse } from './api-message-response';
-
 export interface IApiTokenResponse extends IApiMessageResponse {
-  token: string;
+    token: string;
 }
+//# sourceMappingURL=token-response.d.ts.map

package/src/interfaces/token-response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-response.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/token-response.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAE7D,MAAM,WAAW,iBAAkB,SAAQ,mBAAmB;IAC5D,KAAK,EAAE,MAAM,CAAC;CACf"}

package/src/interfaces/token-response.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=token-response.js.map

package/src/interfaces/token-response.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-response.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/token-response.ts"],"names":[],"mappings":""}

package/src/middlewares/authenticate-crypto.d.ts

@@ -0,0 +1,10 @@
+import { AccountStatus } from '@digitaldefiance/suite-core-lib';
+import { NextFunction, Request, Response } from 'express';
+import { Types } from '@digitaldefiance/mongoose-types';
+import { IApplication } from '../interfaces/application';
+/**
+ * Middleware to authenticate crypto operations requiring private key access
+ * Expects mnemonic or password in request body for fresh authentication
+ */
+export declare function authenticateCrypto<I extends Types.ObjectId | string = Types.ObjectId, TAccountStatus extends string = AccountStatus>(application: IApplication, req: Request, res: Response, next: NextFunction, activeStatusValue?: TAccountStatus): Promise<Response | void>;
+//# sourceMappingURL=authenticate-crypto.d.ts.map

package/src/middlewares/authenticate-crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authenticate-crypto.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/authenticate-crypto.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,aAAa,EAId,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAiB,KAAK,EAAE,MAAM,iCAAiC,CAAC;AAKvE,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGzD;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,CAAC,SAAS,KAAK,CAAC,QAAQ,GAAG,MAAM,GAAG,KAAK,CAAC,QAAQ,EAClD,cAAc,SAAS,MAAM,GAAG,aAAa,EAE7C,WAAW,EAAE,YAAY,EACzB,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,EAClB,iBAAiB,GAAE,cAAuD,GACzE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAyL1B"}

package/src/middlewares/authenticate-crypto.js

@@ -0,0 +1,126 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authenticateCrypto = authenticateCrypto;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
+const container_1 = require("../container");
+const enumerations_1 = require("../enumerations");
+const errors_1 = require("../errors");
+const utils_1 = require("../utils");
+/**
+ * Middleware to authenticate crypto operations requiring private key access
+ * Expects mnemonic or password in request body for fresh authentication
+ */
+async function authenticateCrypto(application, req, res, next, activeStatusValue = suite_core_lib_1.AccountStatus.Active) {
+    if (!req.user) {
+        return res.status(401).send(
+        // amazonq-ignore-next-line false positive, hardcoded string
+        (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidToken));
+    }
+    // Try validatedBody first (if validation has run), then fall back to raw body
+    // Note: This middleware runs BEFORE validation, so validatedBody may not exist yet
+    const validatedBody = req
+        .validatedBody;
+    const rawBody = req.body;
+    const sourceBody = validatedBody ?? rawBody;
+    if (!sourceBody) {
+        return res.status(400).send({
+            // amazonq-ignore-next-line false positive, hardcoded string
+            message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicOrPasswordRequired),
+        });
+    }
+    const mnemonic = typeof sourceBody['mnemonic'] === 'string'
+        ? sourceBody['mnemonic']
+        : undefined;
+    const password = 
+    // amazonq-ignore-next-line false positive
+    typeof sourceBody['password'] === 'string'
+        ? sourceBody['password']
+        : undefined;
+    if (!mnemonic && !password) {
+        return res.status(400).send({
+            // amazonq-ignore-next-line false positive, hardcoded string
+            message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicOrPasswordRequired),
+        });
+    }
+    const UserModel = application.getModel(enumerations_1.BaseModelName.User);
+    const userService = application.services.get(container_1.ServiceKeys.USER);
+    try {
+        return await (0, utils_1.withTransaction)(application.db.connection, application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const userDoc = await UserModel.findById(req.user.id)
+                .session(sess ?? null)
+                .exec();
+            if (!userDoc || userDoc.accountStatus !== activeStatusValue) {
+                return res.status(403).send(
+                // amazonq-ignore-next-line false positive, hardcoded string
+                (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UserNotFound));
+            }
+            // Ensure we're only authenticating the currently logged-in user
+            if (userDoc._id.toString() !== req.user.id) {
+                return res.status(403).send(
+                // amazonq-ignore-next-line false positive, hardcoded string
+                (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials));
+            }
+            let loginResult;
+            if (mnemonic) {
+                // Authenticate with mnemonic
+                const userMnemonic = new ecies_lib_1.SecureString(mnemonic);
+                try {
+                    loginResult = await userService.loginWithMnemonic(userDoc.email, userMnemonic, sess);
+                }
+                finally {
+                    userMnemonic.dispose();
+                }
+            }
+            else if (password) {
+                // Authenticate with password
+                loginResult = await userService.loginWithPassword(userDoc.email, password, sess);
+            }
+            else {
+                // Should not happen due to earlier guard; keeps TypeScript happy
+                return res.status(400).send({
+                    // amazonq-ignore-next-line false positive, hardcoded string
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicOrPasswordRequired),
+                });
+            }
+            // Double-check authenticated user matches logged-in user
+            if (loginResult.userDoc._id.toString() !== req.user.id) {
+                return res.status(403).send(
+                // amazonq-ignore-next-line false positive, hardcoded string
+                (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials));
+            }
+            // Attach the fully authenticated member (with private key) to the request
+            req.eciesUser = loginResult.userMember;
+            // Do not attach the admin user to the request; it's a process-wide singleton
+            // and must not be disposed as part of request cleanup.
+            next();
+            return;
+        }, {
+            timeoutMs: application.environment.mongo.transactionTimeout,
+        });
+    }
+    catch (err) {
+        if (err instanceof suite_core_lib_1.InvalidCredentialsError ||
+            err instanceof errors_1.InvalidPasswordError) {
+            // amazonq-ignore-next-line false positive
+            console.error('Crypto authentication failed:', `userId=${String(req.user?.id || 'unknown').replace(/[\r\n]/g, '')} hasPassword=${!!password} hasMnemonic=${!!mnemonic}`);
+            return res.status(401).send({
+                // amazonq-ignore-next-line false positive, hardcoded string
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials),
+            });
+        }
+        const sanitizedErr = err instanceof Error
+            ? err.message.replace(/[\r\n]/g, ' ')
+            : String(err).replace(/[\r\n]/g, ' ');
+        console.error(`${(0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Error_UnexpectedErrorInAuthenticateCrypto)}:`, sanitizedErr);
+        if (err instanceof Error && err.stack) {
+            console.error(`${(0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_StackTrace)}:`, err.stack);
+        }
+        return res.status(500).send({
+            // amazonq-ignore-next-line false positive, hardcoded string
+            message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
+            error: err,
+        });
+    }
+}
+//# sourceMappingURL=authenticate-crypto.js.map

package/src/middlewares/authenticate-crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authenticate-crypto.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/authenticate-crypto.ts"],"names":[],"mappings":";;AAqBA,gDAkMC;AAvND,0DAA0D;AAE1D,oEAKyC;AAGzC,4CAA2C;AAE3C,kDAAgD;AAChD,sCAAiD;AAEjD,oCAA2C;AAE3C;;;GAGG;AACI,KAAK,UAAU,kBAAkB,CAItC,WAAyB,EACzB,GAAY,EACZ,GAAa,EACb,IAAkB,EAClB,oBAAoC,8BAAa,CAAC,MAAwB;IAE1E,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;QACzB,4DAA4D;QAC5D,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,uBAAuB,CAAC,CACpE,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,mFAAmF;IACnF,MAAM,aAAa,GAAI,GAA6C;SACjE,aAAoD,CAAC;IACxD,MAAM,OAAO,GAAG,GAAG,CAAC,IAA2C,CAAC;IAChE,MAAM,UAAU,GAAG,aAAa,IAAI,OAAO,CAAC;IAE5C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,4DAA4D;YAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,qCAAqC,CACzD;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,QAAQ,GACZ,OAAO,UAAU,CAAC,UAAU,CAAC,KAAK,QAAQ;QACxC,CAAC,CAAE,UAAU,CAAC,UAAU,CAAY;QACpC,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,QAAQ;IACZ,0CAA0C;IAC1C,OAAO,UAAU,CAAC,UAAU,CAAC,KAAK,QAAQ;QACxC,CAAC,CAAE,UAAU,CAAC,UAAU,CAAY;QACpC,CAAC,CAAC,SAAS,CAAC;IAChB,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC3B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,4DAA4D;YAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,qCAAqC,CACzD;SACF,CAAC,CAAC;IACL,CAAC;IACD,MAAM,SAAS,GAAG,WAAW,CAAC,QAAQ,CACpC,4BAAa,CAAC,IAAI,CACnB,CAAC;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,uBAAW,CAAC,IAAI,CAW5D,CAAC;IAEF,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,uBAAe,EAC1B,WAAW,CAAC,EAAE,CAAC,UAAU,EACzB,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,eAAe,EAC7C,SAAS,EACT,KAAK,EAAE,IAA+B,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAK,CAAC,EAAE,CAAC;iBACnD,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC;iBACrB,IAAI,EAAE,CAAC;YAEV,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,aAAa,KAAK,iBAAiB,EAAE,CAAC;gBAC5D,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;gBACzB,4DAA4D;gBAC5D,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,uBAAuB,CAAC,CACpE,CAAC;YACJ,CAAC;YAED,gEAAgE;YAChE,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,IAAK,CAAC,EAAE,EAAE,CAAC;gBAC5C,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;gBACzB,4DAA4D;gBAC5D,IAAA,wCAAuB,EACrB,mCAAkB,CAAC,6BAA6B,CACjD,CACF,CAAC;YACJ,CAAC;YAED,IAAI,WAIH,CAAC;YAEF,IAAI,QAAQ,EAAE,CAAC;gBACb,6BAA6B;gBAC7B,MAAM,YAAY,GAAG,IAAI,wBAAY,CAAC,QAAQ,CAAC,CAAC;gBAChD,IAAI,CAAC;oBACH,WAAW,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAC/C,OAAO,CAAC,KAAK,EACb,YAAY,EACZ,IAAI,CACL,CAAC;gBACJ,CAAC;wBAAS,CAAC;oBACT,YAAY,CAAC,OAAO,EAAE,CAAC;gBACzB,CAAC;YACH,CAAC;iBAAM,IAAI,QAAQ,EAAE,CAAC;gBACpB,6BAA6B;gBAC7B,WAAW,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAC/C,OAAO,CAAC,KAAK,EACb,QAAQ,EACR,IAAI,CACL,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,iEAAiE;gBACjE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC1B,4DAA4D;oBAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,qCAAqC,CACzD;iBACF,CAAC,CAAC;YACL,CAAC;YAED,yDAAyD;YACzD,IAAI,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,IAAK,CAAC,EAAE,EAAE,CAAC;gBACxD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;gBACzB,4DAA4D;gBAC5D,IAAA,wCAAuB,EACrB,mCAAkB,CAAC,6BAA6B,CACjD,CACF,CAAC;YACJ,CAAC;YAED,0EAA0E;YAC1E,GAAG,CAAC,SAAS,GAAG,WAAW,CAAC,UAAU,CAAC;YACvC,6EAA6E;YAC7E,uDAAuD;YAEvD,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC,EACD;YACE,SAAS,EAAE,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,kBAAkB;SAC5D,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IACE,GAAG,YAAY,wCAAuB;YACtC,GAAG,YAAY,6BAAoB,EACnC,CAAC;YACD,0CAA0C;YAC1C,OAAO,CAAC,KAAK,CACX,+BAA+B,EAC/B,UAAU,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,IAAI,SAAS,CAAC,CAAC,OAAO,CACjD,SAAS,EACT,EAAE,CACH,gBAAgB,CAAC,CAAC,QAAQ,gBAAgB,CAAC,CAAC,QAAQ,EAAE,CACxD,CAAC;YACF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,4DAA4D;gBAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,6BAA6B,CACjD;aACF,CAAC,CAAC;QACL,CAAC;QACD,MAAM,YAAY,GAChB,GAAG,YAAY,KAAK;YAClB,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC;YACrC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAC1C,OAAO,CAAC,KAAK,CACX,GAAG,IAAA,wCAAuB,EACxB,mCAAkB,CAAC,yCAAyC,CAC7D,GAAG,EACJ,YAAY,CACb,CAAC;QACF,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACtC,OAAO,CAAC,KAAK,CACX,GAAG,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,iBAAiB,CAAC,GAAG,EACnE,GAAG,CAAC,KAAK,CACV,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,4DAA4D;YAC5D,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,sBAAsB,CAC1C;YACD,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}

package/src/middlewares/authenticate-token.d.ts

@@ -0,0 +1,21 @@
+import { ITokenRole, ITokenUser } from '@digitaldefiance/suite-core-lib';
+import { NextFunction, Request, Response } from 'express';
+import { IncomingHttpHeaders } from 'http';
+import { Types } from '@digitaldefiance/mongoose-types';
+import { IApplication } from '../interfaces/application';
+/**
+ * Find the auth token in the headers
+ * @param headers The headers
+ * @returns The auth token
+ */
+export declare function findAuthToken(headers: IncomingHttpHeaders): string | null;
+/**
+ * Middleware to authenticate a token
+ * @param application The application
+ * @param req The request
+ * @param res The response
+ * @param next The next function
+ * @returns The response
+ */
+export declare function authenticateToken<I extends Types.ObjectId | string = Types.ObjectId, D extends Date = Date, TTokenRole extends ITokenRole<I, D> = ITokenRole<I, D>, TTokenUser extends ITokenUser = ITokenUser, TApplication extends IApplication = IApplication>(application: TApplication, req: Request, res: Response, next: NextFunction): Promise<Response>;
+//# sourceMappingURL=authenticate-token.d.ts.map

package/src/middlewares/authenticate-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authenticate-token.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/authenticate-token.ts"],"names":[],"mappings":"AAEA,OAAO,EAGL,UAAU,EACV,UAAU,EAEX,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,MAAM,CAAC;AAC3C,OAAO,EAAiB,KAAK,EAAE,MAAM,iCAAiC,CAAC;AAIvE,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAiBzD;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM,GAAG,IAAI,CASzE;AAED;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CACrC,CAAC,SAAS,KAAK,CAAC,QAAQ,GAAG,MAAM,GAAG,KAAK,CAAC,QAAQ,EAClD,CAAC,SAAS,IAAI,GAAG,IAAI,EACrB,UAAU,SAAS,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,EACtD,UAAU,SAAS,UAAU,GAAG,UAAU,EAC1C,YAAY,SAAS,YAAY,GAAG,YAAY,EAEhD,WAAW,EAAE,YAAY,EACzB,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,QAAQ,CAAC,CAkFnB"}

package/src/middlewares/authenticate-token.js

@@ -0,0 +1,104 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findAuthToken = findAuthToken;
+exports.authenticateToken = authenticateToken;
+const i18n_lib_1 = require("@digitaldefiance/i18n-lib");
+const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
+const base_model_name_1 = require("../enumerations/base-model-name");
+const token_expired_1 = require("../errors/token-expired");
+const jwt_1 = require("../services/jwt");
+const request_user_1 = require("../services/request-user");
+const role_1 = require("../services/role");
+const utils_1 = require("../utils");
+// Helper to create Timezone from the same module instance as GlobalActiveContext
+function createTimezone(tz) {
+    const context = i18n_lib_1.GlobalActiveContext.getInstance();
+    const TimezoneConstructor = context.adminTimezone
+        .constructor;
+    return new TimezoneConstructor(tz);
+}
+/**
+ * Find the auth token in the headers
+ * @param headers The headers
+ * @returns The auth token
+ */
+function findAuthToken(headers) {
+    const authHeader = headers['Authorization'] || headers['authorization'];
+    if (authHeader && typeof authHeader === 'string') {
+        const parts = authHeader.split(' ');
+        if (parts.length === 2 && parts[0].toLowerCase() === 'bearer') {
+            return parts[1];
+        }
+    }
+    return null;
+}
+/**
+ * Middleware to authenticate a token
+ * @param application The application
+ * @param req The request
+ * @param res The response
+ * @param next The next function
+ * @returns The response
+ */
+async function authenticateToken(application, req, res, next) {
+    const UserModel = application.getModel(base_model_name_1.BaseModelName.User);
+    const token = findAuthToken(req.headers);
+    if (token == null) {
+        return res
+            .status(401)
+            .send((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidToken));
+    }
+    try {
+        return await (0, utils_1.withTransaction)(application.db.connection, application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const jwtService = new jwt_1.JwtService(application);
+            const user = await jwtService.verifyToken(token);
+            if (user === null) {
+                return res.status(403).send(
+                // amazonq-ignore-next-line false positive, hardcoded string
+                (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UserNotFound));
+            }
+            const userDoc = await UserModel.findById(user.userId)
+                .select('-password')
+                .session(sess ?? null)
+                .exec();
+            if (!userDoc || userDoc.accountStatus !== suite_core_lib_1.AccountStatus.Active) {
+                return res.status(403).send(
+                // amazonq-ignore-next-line false positive, hardcoded string
+                (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UserNotFound));
+            }
+            const roleService = new role_1.RoleService(application);
+            const roles = await roleService.getUserRoles(userDoc._id, sess);
+            const tokenRoles = roleService.rolesToTokenRoles(roles);
+            req.user = request_user_1.RequestUserService.makeRequestUserDTO(userDoc, tokenRoles);
+            const context = i18n_lib_1.GlobalActiveContext.getInstance();
+            context.userLanguage = userDoc.siteLanguage ?? context.userLanguage;
+            context.setLanguageContextSpace('user');
+            context.userTimezone = createTimezone(userDoc.timezone);
+            next();
+            return res;
+        }, {
+            timeoutMs: application.environment.mongo.transactionTimeout,
+        });
+    }
+    catch (err) {
+        if (err instanceof token_expired_1.TokenExpiredError) {
+            return res.status(401).send({
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenExpired),
+                error: err,
+            });
+        }
+        else if (err instanceof Error && err.name === 'JsonWebTokenError') {
+            return res.status(400).send({
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidToken),
+                error: err,
+            });
+        }
+        else {
+            return res.status(500).send({
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_UnexpectedError),
+                error: err,
+            });
+        }
+    }
+}
+//# sourceMappingURL=authenticate-token.js.map

package/src/middlewares/authenticate-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authenticate-token.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/authenticate-token.ts"],"names":[],"mappings":";;AAqCA,sCASC;AAUD,8CA6FC;AApJD,wDAAgE;AAChE,oEAMyC;AAKzC,qEAAgE;AAChE,2DAA4D;AAE5D,yCAA6C;AAC7C,2DAA8D;AAC9D,2CAA+C;AAC/C,oCAA2C;AAK3C,iFAAiF;AACjF,SAAS,cAAc,CAAC,EAAU;IAChC,MAAM,OAAO,GAAG,8BAAmB,CAAC,WAAW,EAAE,CAAC;IAClD,MAAM,mBAAmB,GAAG,OAAO,CAAC,aAAa;SAC9C,WAAkC,CAAC;IACtC,OAAO,IAAI,mBAAmB,CAAC,EAAE,CAAC,CAAC;AACrC,CAAC;AAED;;;;GAIG;AACH,SAAgB,aAAa,CAAC,OAA4B;IACxD,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IACxE,IAAI,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC9D,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,iBAAiB,CAOrC,WAAyB,EACzB,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,MAAM,SAAS,GAAG,WAAW,CAAC,QAAQ,CACpC,+BAAa,CAAC,IAAI,CACnB,CAAC;IACF,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;QAClB,OAAO,GAAG;aACP,MAAM,CAAC,GAAG,CAAC;aACX,IAAI,CACH,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,uBAAuB,CAAC,CACpE,CAAC;IACN,CAAC;IAED,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,uBAAe,EAC1B,WAAW,CAAC,EAAE,CAAC,UAAU,EACzB,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,eAAe,EAC7C,SAAS,EACT,KAAK,EAAE,IAA+B,EAAE,EAAE;YACxC,MAAM,UAAU,GAAG,IAAI,gBAAU,CAM/B,WAAW,CAAC,CAAC;YACf,MAAM,IAAI,GAAsB,MAAM,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YACpE,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBAClB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;gBACzB,4DAA4D;gBAC5D,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,uBAAuB,CAAC,CACpE,CAAC;YACJ,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;iBAClD,MAAM,CAAC,WAAW,CAAC;iBACnB,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC;iBACrB,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,aAAa,KAAK,8BAAa,CAAC,MAAM,EAAE,CAAC;gBAC/D,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI;gBACzB,4DAA4D;gBAC5D,IAAA,wCAAuB,EAAC,mCAAkB,CAAC,uBAAuB,CAAC,CACpE,CAAC;YACJ,CAAC;YACD,MAAM,WAAW,GAAG,IAAI,kBAAW,CAAmB,WAAW,CAAC,CAAC;YACnE,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,GAAQ,EAAE,IAAI,CAAC,CAAC;YACrE,MAAM,UAAU,GAAG,WAAW,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YACxD,GAAG,CAAC,IAAI,GAAG,iCAAkB,CAAC,kBAAkB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YACtE,MAAM,OAAO,GAAG,8BAAmB,CAAC,WAAW,EAAE,CAAC;YAClD,OAAO,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC;YACpE,OAAO,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;YACxC,OAAO,CAAC,YAAY,GAAG,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,EAAE,CAAC;YACP,OAAO,GAAG,CAAC;QACb,CAAC,EACD;YACE,SAAS,EAAE,WAAW,CAAC,WAAW,CAAC,KAAK,CAAC,kBAAkB;SAC5D,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,iCAAiB,EAAE,CAAC;YACrC,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,uBAAuB,CAC3C;gBACD,KAAK,EAAE,GAAG;aACX,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACpE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,uBAAuB,CAC3C;gBACD,KAAK,EAAE,GAAG;aACX,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,OAAO,EAAE,IAAA,wCAAuB,EAC9B,mCAAkB,CAAC,sBAAsB,CAC1C;gBACD,KAAK,EAAE,GAAG;aACX,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC"}

package/src/middlewares/cleanup-crypto.d.ts

@@ -0,0 +1,7 @@
+import { NextFunction, Request, Response } from 'express';
+/**
+ * Middleware to clean up crypto resources after request completion
+ * Should be used after crypto operations to ensure private keys are disposed
+ */
+export declare function cleanupCrypto(req: Request, res: Response, next: NextFunction): void;
+//# sourceMappingURL=cleanup-crypto.d.ts.map

package/src/middlewares/cleanup-crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cleanup-crypto.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/cleanup-crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE1D;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,IAAI,CA0BN"}

package/src/middlewares/cleanup-crypto.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cleanupCrypto = cleanupCrypto;
+/**
+ * Middleware to clean up crypto resources after request completion
+ * Should be used after crypto operations to ensure private keys are disposed
+ */
+function cleanupCrypto(req, res, next) {
+    // Store original end function
+    const originalEnd = res.end;
+    // Override end function to cleanup before response
+    const wrappedEnd = function (...args) {
+        // Cleanup eciesUser if it exists
+        if (req.eciesUser) {
+            try {
+                // Dispose of sensitive cryptographic material
+                req.eciesUser.dispose();
+                req.eciesUser = undefined;
+            }
+            catch (error) {
+                console.error('Error cleaning up crypto resources:', error);
+            }
+        }
+        // Do not dispose system user here; it may be a process-wide singleton
+        // Call original end function
+        // Type assertion needed because we're wrapping the end function
+        return originalEnd.apply(this, args);
+    };
+    res.end = wrappedEnd;
+    next();
+}
+//# sourceMappingURL=cleanup-crypto.js.map

package/src/middlewares/cleanup-crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cleanup-crypto.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/cleanup-crypto.ts"],"names":[],"mappings":";;AAMA,sCA8BC;AAlCD;;;GAGG;AACH,SAAgB,aAAa,CAC3B,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,8BAA8B;IAC9B,MAAM,WAAW,GAAG,GAAG,CAAC,GAAG,CAAC;IAE5B,mDAAmD;IACnD,MAAM,UAAU,GAAG,UAA0B,GAAG,IAAe;QAC7D,iCAAiC;QACjC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,8CAA8C;gBAC9C,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACxB,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QACD,sEAAsE;QAEtE,6BAA6B;QAC7B,gEAAgE;QAChE,OAAO,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,IAAsC,CAAC,CAAC;IACzE,CAAmB,CAAC;IAEpB,GAAG,CAAC,GAAG,GAAG,UAAU,CAAC;IAErB,IAAI,EAAE,CAAC;AACT,CAAC"}

package/src/middlewares/{index.ts → index.d.ts}

@@ -2,3 +2,4 @@ export * from './authenticate-crypto';
 export * from './authenticate-token';
 export * from './cleanup-crypto';
 export * from './set-global-context-language';
+//# sourceMappingURL=index.d.ts.map

package/src/middlewares/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,+BAA+B,CAAC"}

package/src/middlewares/index.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./authenticate-crypto"), exports);
+tslib_1.__exportStar(require("./authenticate-token"), exports);
+tslib_1.__exportStar(require("./cleanup-crypto"), exports);
+tslib_1.__exportStar(require("./set-global-context-language"), exports);
+//# sourceMappingURL=index.js.map

package/src/middlewares/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/index.ts"],"names":[],"mappings":";;;AAAA,gEAAsC;AACtC,+DAAqC;AACrC,2DAAiC;AACjC,wEAA8C"}

package/src/middlewares/set-global-context-language.d.ts

@@ -0,0 +1,3 @@
+import { NextFunction, Request, Response } from 'express';
+export declare function setGlobalContextLanguageFromRequest(req: Request, res: Response, next: NextFunction): void;
+//# sourceMappingURL=set-global-context-language.d.ts.map

package/src/middlewares/set-global-context-language.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"set-global-context-language.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/set-global-context-language.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE1D,wBAAgB,mCAAmC,CACjD,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,QAYnB"}

package/src/middlewares/set-global-context-language.js

@@ -0,0 +1,14 @@
+"use strict";
+// src/middlewares/injectMongooseContext.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setGlobalContextLanguageFromRequest = setGlobalContextLanguageFromRequest;
+const i18n_lib_1 = require("@digitaldefiance/i18n-lib");
+function setGlobalContextLanguageFromRequest(req, res, next) {
+    // Use fallback chain: accept-language -> user preference -> site default
+    const language = i18n_lib_1.LanguageRegistry.getMatchingLanguageCode(req.headers['accept-language'], req.user?.siteLanguage);
+    const context = i18n_lib_1.GlobalActiveContext.getInstance();
+    context.setUserLanguage(language);
+    context.setLanguageContextSpace('user');
+    next();
+}
+//# sourceMappingURL=set-global-context-language.js.map

package/src/middlewares/set-global-context-language.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"set-global-context-language.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/middlewares/set-global-context-language.ts"],"names":[],"mappings":";AAAA,2CAA2C;;AAQ3C,kFAeC;AArBD,wDAGmC;AAGnC,SAAgB,mCAAmC,CACjD,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,yEAAyE;IACzE,MAAM,QAAQ,GAAG,2BAAgB,CAAC,uBAAuB,CACvD,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAW,EACxC,GAAG,CAAC,IAAI,EAAE,YAAsB,CACjC,CAAC;IAEF,MAAM,OAAO,GAAG,8BAAmB,CAAC,WAAW,EAAE,CAAC;IAClD,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IAClC,OAAO,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,EAAE,CAAC;AACT,CAAC"}

package/src/middlewares.d.ts

@@ -0,0 +1,8 @@
+import cors from 'cors';
+import { Application } from 'express';
+import { HelmetOptions } from 'helmet';
+import { ISimpleCSPDef } from './interfaces/csp-definition';
+export declare const corsOptionsDelegate: (corsWhitelist: string[]) => (req: cors.CorsRequest, callback: (error: Error | null, options: cors.CorsOptions | undefined) => void) => void;
+export declare const isHelmetOptions: (obj: any) => boolean;
+export declare const initMiddleware: (app: Application, corsWhitelist: string[], csp: ISimpleCSPDef | HelmetOptions) => void;
+//# sourceMappingURL=middlewares.d.ts.map

package/src/middlewares.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middlewares.d.ts","sourceRoot":"","sources":["../../../../packages/digitaldefiance-node-express-suite/src/middlewares.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EACL,WAAW,EAMZ,MAAM,SAAS,CAAC;AACjB,OAAe,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAE/C,OAAO,EAAE,aAAa,EAAkB,MAAM,6BAA6B,CAAC;AAG5E,eAAO,MAAM,mBAAmB,GAAI,eAAe,MAAM,EAAE,MAEvD,KAAK,IAAI,CAAC,WAAW,EACrB,UAAU,CACR,KAAK,EAAE,KAAK,GAAG,IAAI,EACnB,OAAO,EAAE,IAAI,CAAC,WAAW,GAAG,SAAS,KAClC,IAAI,SAoBZ,CAAC;AAGF,eAAO,MAAM,eAAe,GAAI,KAAK,GAAG,KAAG,OAS1C,CAAA;AAED,eAAO,MAAM,cAAc,GACvB,KAAK,WAAW,EAChB,eAAe,MAAM,EAAE,EACvB,KAAK,aAAa,GAAG,aAAa,KACjC,IA6CF,CAAC"}