npm - @digitaldefiance/node-express-suite - Versions diffs - 3.6.20 → 3.6.21 - Mend

@digitaldefiance/node-express-suite 3.6.20 → 3.6.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (860) hide show

package/LICENSE +21 -0
package/package.json +3 -4
package/src/__tests__/fixtures/{index.d.ts → index.ts} +0 -1
package/src/__tests__/fixtures/model-mocks.mock.ts +164 -0
package/src/__tests__/helpers/application.mock.ts +89 -0
package/src/__tests__/helpers/{index.d.ts → index.ts} +0 -1
package/src/__tests__/helpers/setup-test-env.ts +190 -0
package/src/__tests__/{index.d.ts → index.ts} +0 -1
package/src/application-base.ts +536 -0
package/src/application-concrete.ts +42 -0
package/src/application.ts +321 -0
package/src/backup-code.ts +348 -0
package/src/builders/application-builder.ts +131 -0
package/src/builders/{index.d.ts → index.ts} +0 -1
package/src/constants.ts +83 -0
package/src/container/{index.d.ts → index.ts} +0 -1
package/src/container/service-container.ts +50 -0
package/src/container/service-definitions.ts +11 -0
package/src/controllers/base.ts +499 -0
package/src/controllers/{index.d.ts → index.ts} +0 -1
package/src/controllers/user.ts +1711 -0
package/src/database/{database-initializer.d.ts → database-initializer.ts} +3 -3
package/src/database/{index.d.ts → index.ts} +0 -1
package/src/decorators/base-controller.ts +77 -0
package/src/decorators/controller.ts +146 -0
package/src/decorators/{index.d.ts → index.ts} +0 -1
package/src/decorators/zod-validation.ts +58 -0
package/src/defaults.ts +249 -0
package/src/documents/base.ts +10 -0
package/src/documents/email-token.ts +13 -0
package/src/documents/{index.d.ts → index.ts} +0 -1
package/src/documents/{mnemonic.d.ts → mnemonic.ts} +4 -2
package/src/documents/{role.d.ts → role.ts} +3 -2
package/src/documents/used-direct-login-token.ts +7 -0
package/src/documents/{user-role.d.ts → user-role.ts} +4 -2
package/src/documents/{user.d.ts → user.ts} +5 -2
package/src/enumerations/base-model-name.ts +41 -0
package/src/enumerations/{index.d.ts → index.ts} +0 -1
package/src/enumerations/length-encoding-type.ts +6 -0
package/src/enumerations/schema-collection.ts +33 -0
package/src/enumerations/symmetric-error-type.ts +4 -0
package/src/environment.ts +836 -0
package/src/errors/express-validation.ts +21 -0
package/src/errors/{index.d.ts → index.ts} +0 -1
package/src/errors/invalid-backup-code-version.ts +15 -0
package/src/errors/invalid-jwt-token.ts +11 -0
package/src/errors/invalid-model.ts +11 -0
package/src/errors/invalid-new-password.ts +18 -0
package/src/errors/invalid-password.ts +13 -0
package/src/errors/missing-validated-data.ts +36 -0
package/src/errors/mnemonic-or-password-required.ts +13 -0
package/src/errors/model-not-registered.ts +11 -0
package/src/errors/mongoose-validation.ts +38 -0
package/src/errors/symmetric.ts +37 -0
package/src/errors/token-expired.ts +11 -0
package/src/get-language.ts +53 -0
package/src/get-timezone.ts +61 -0
package/src/{index.d.ts → index.ts} +1 -1
package/src/interfaces/{api-error-response.d.ts → api-error-response.ts} +2 -2
package/src/interfaces/api-express-validation-error-response.ts +8 -0
package/src/interfaces/api-message-response.ts +3 -0
package/src/interfaces/{api-mongo-validation-error-response.d.ts → api-mongo-validation-error-response.ts} +2 -2
package/src/interfaces/api-responses/{backup-codes-response.d.ts → backup-codes-response.ts} +2 -2
package/src/interfaces/api-responses/{challenge-response.d.ts → challenge-response.ts} +3 -3
package/src/interfaces/api-responses/{code-count-response.d.ts → code-count-response.ts} +2 -2
package/src/interfaces/api-responses/{index.d.ts → index.ts} +0 -1
package/src/interfaces/api-responses/{login-response.d.ts → login-response.ts} +4 -4
package/src/interfaces/api-responses/{mnemonic-response.d.ts → mnemonic-response.ts} +2 -2
package/src/interfaces/api-responses/{registration-response.d.ts → registration-response.ts} +3 -3
package/src/interfaces/api-responses/{request-user-response.d.ts → request-user-response.ts} +2 -2
package/src/interfaces/api-responses/user-settings-response.ts +12 -0
package/src/interfaces/application.ts +16 -0
package/src/interfaces/backend-objects/email-token.ts +9 -0
package/src/interfaces/backend-objects/{index.d.ts → index.ts} +0 -1
package/src/interfaces/backend-objects/request-user.ts +8 -0
package/src/interfaces/backend-objects/role.ts +6 -0
package/src/interfaces/backend-objects/user.ts +7 -0
package/src/interfaces/checksum-config.ts +4 -0
package/src/interfaces/checksum-consts.ts +13 -0
package/src/interfaces/constants.ts +103 -0
package/src/interfaces/controller-config.ts +36 -0
package/src/interfaces/create-user-basics.ts +17 -0
package/src/interfaces/csp-config.ts +16 -0
package/src/interfaces/csp-definition.ts +49 -0
package/src/interfaces/{db-init-result.d.ts → db-init-result.ts} +2 -2
package/src/interfaces/deep-partial.ts +3 -0
package/src/interfaces/{discriminator-collections.d.ts → discriminator-collections.ts} +3 -3
package/src/interfaces/email-service.ts +8 -0
package/src/interfaces/environment-mongo.ts +76 -0
package/src/interfaces/environment.ts +185 -0
package/src/interfaces/failable-result.ts +6 -0
package/src/interfaces/fec-consts.ts +4 -0
package/src/interfaces/flexible-csp.ts +18 -0
package/src/interfaces/handleable-error-options.ts +6 -0
package/src/interfaces/{index.d.ts → index.ts} +0 -1
package/src/interfaces/jwt-consts.ts +23 -0
package/src/interfaces/jwt-sign-response.ts +19 -0
package/src/interfaces/models/{email-token.d.ts → email-token.ts} +1 -1
package/src/interfaces/models/{index.d.ts → index.ts} +0 -1
package/src/interfaces/models/{mnemonic.d.ts → mnemonic.ts} +1 -1
package/src/interfaces/models/{role.d.ts → role.ts} +1 -1
package/src/interfaces/models/{token-role.d.ts → token-role.ts} +1 -1
package/src/interfaces/models/{used-direct-login-token.d.ts → used-direct-login-token.ts} +3 -2
package/src/interfaces/models/{user-role.d.ts → user-role.ts} +1 -1
package/src/interfaces/models/{user.d.ts → user.ts} +11 -3
package/src/interfaces/mongo-errors.ts +5 -0
package/src/interfaces/request-user.ts +70 -0
package/src/interfaces/required-string-keys.ts +26 -0
package/src/interfaces/schema.ts +31 -0
package/src/interfaces/server-init-result.ts +40 -0
package/src/interfaces/status-code-response.ts +7 -0
package/src/interfaces/symmetric-encryption-results.d.ts +3 -3
package/src/interfaces/symmetric-encryption-results.d.ts.map +1 -1
package/src/interfaces/symmetric-encryption-results.js.map +1 -1
package/src/interfaces/symmetric-encryption-results.ts +4 -0
package/src/interfaces/{test-environment.d.ts → test-environment.ts} +6 -6
package/src/interfaces/{token-response.d.ts → token-response.ts} +2 -2
package/src/middlewares/authenticate-crypto.ts +216 -0
package/src/middlewares/authenticate-token.ts +150 -0
package/src/middlewares/cleanup-crypto.ts +37 -0
package/src/middlewares/{index.d.ts → index.ts} +0 -1
package/src/middlewares/set-global-context-language.ts +24 -0
package/src/middlewares.ts +112 -0
package/src/model-registry.ts +79 -0
package/src/models/email-token.d.ts +11 -35
package/src/models/email-token.ts +15 -0
package/src/models/{index.d.ts → index.ts} +0 -1
package/src/models/mnemonic.d.ts +11 -35
package/src/models/mnemonic.ts +15 -0
package/src/models/role.d.ts +11 -35
package/src/models/role.ts +15 -0
package/src/models/used-direct-login-token.d.ts +11 -35
package/src/models/used-direct-login-token.ts +15 -0
package/src/models/user-role.d.ts +10 -3
package/src/models/user-role.ts +13 -0
package/src/models/user.d.ts +16 -3
package/src/models/user.ts +15 -0
package/src/pipeline/{index.d.ts → index.ts} +0 -1
package/src/pipeline/pipeline-builder.ts +18 -0
package/src/plugins/{index.d.ts → index.ts} +0 -1
package/src/plugins/plugin-interface.ts +8 -0
package/src/plugins/plugin-manager.ts +42 -0
package/src/registry/email-service-registry.ts +53 -0
package/src/registry/{index.d.ts → index.ts} +0 -1
package/src/responses/{index.d.ts → index.ts} +0 -1
package/src/responses/response-builder.ts +86 -0
package/src/routers/api.ts +196 -0
package/src/routers/app.ts +333 -0
package/src/routers/base.ts +13 -0
package/src/routers/{index.d.ts → index.ts} +0 -1
package/src/routers/router-config.ts +16 -0
package/src/routing/index.ts +1 -0
package/src/routing/route-builder.ts +128 -0
package/src/schemas/email-token.d.ts +13 -47
package/src/schemas/email-token.ts +95 -0
package/src/schemas/{index.d.ts → index.ts} +0 -1
package/src/schemas/mnemonic.d.ts +10 -26
package/src/schemas/mnemonic.ts +37 -0
package/src/schemas/role.d.ts +13 -40
package/src/schemas/role.ts +137 -0
package/src/schemas/schema.ts +164 -0
package/src/schemas/used-direct-login-token.d.ts +12 -35
package/src/schemas/used-direct-login-token.ts +45 -0
package/src/schemas/user-role.d.ts +12 -37
package/src/schemas/user-role.ts +79 -0
package/src/schemas/user.d.ts +18 -23
package/src/schemas/user.ts +224 -0
package/src/services/backup-code.ts +321 -0
package/src/services/base.ts +30 -0
package/src/services/checksum.ts +167 -0
package/src/services/crc.ts +213 -0
package/src/services/database-initialization.ts +1648 -0
package/src/services/{db-init-cache.d.ts → db-init-cache.ts} +11 -5
package/src/services/direct-login-token.ts +61 -0
package/src/services/dummy-email-service.ts +20 -0
package/src/services/fec-usage-example.ts +102 -0
package/src/services/fec.ts +355 -0
package/src/services/{index.d.ts → index.ts} +0 -1
package/src/services/jwt.ts +130 -0
package/src/services/key-wrapping.ts +447 -0
package/src/services/mnemonic.ts +168 -0
package/src/services/request-user.ts +101 -0
package/src/services/role.ts +414 -0
package/src/services/symmetric.ts +139 -0
package/src/services/system-user.ts +79 -0
package/src/services/user.ts +2281 -0
package/src/services/xor.ts +34 -0
package/src/testing.ts +3 -0
package/src/transactions/{index.d.ts → index.ts} +0 -1
package/src/transactions/transaction-manager.ts +37 -0
package/src/types/{app-config.d.ts → app-config.ts} +10 -9
package/src/types/{controller-config.d.ts → controller-config.ts} +8 -7
package/src/types/{environment-variables.d.ts → environment-variables.ts} +26 -5
package/src/types/id-converters.ts +53 -0
package/src/types/{index.d.ts → index.ts} +0 -1
package/src/types/{mongoose-helpers.d.ts → mongoose-helpers.ts} +2 -2
package/src/types/mongoose-override.d.ts +1 -0
package/src/types/mongoose.d.ts +1 -0
package/src/types.d.ts +34 -67
package/src/types.ts +130 -0
package/src/utils.ts +1087 -0
package/src/validation/{index.d.ts → index.ts} +0 -1
package/src/validation/validation-builder.ts +115 -0
package/src/__tests__/fixtures/index.d.ts.map +0 -1
package/src/__tests__/fixtures/index.js +0 -5
package/src/__tests__/fixtures/index.js.map +0 -1
package/src/__tests__/fixtures/model-mocks.mock.d.ts +0 -12
package/src/__tests__/fixtures/model-mocks.mock.d.ts.map +0 -1
package/src/__tests__/fixtures/model-mocks.mock.js +0 -102
package/src/__tests__/fixtures/model-mocks.mock.js.map +0 -1
package/src/__tests__/helpers/application.mock.d.ts +0 -8
package/src/__tests__/helpers/application.mock.d.ts.map +0 -1
package/src/__tests__/helpers/application.mock.js +0 -77
package/src/__tests__/helpers/application.mock.js.map +0 -1
package/src/__tests__/helpers/index.d.ts.map +0 -1
package/src/__tests__/helpers/index.js +0 -7
package/src/__tests__/helpers/index.js.map +0 -1
package/src/__tests__/helpers/setup-test-env.d.ts +0 -12
package/src/__tests__/helpers/setup-test-env.d.ts.map +0 -1
package/src/__tests__/helpers/setup-test-env.js +0 -121
package/src/__tests__/helpers/setup-test-env.js.map +0 -1
package/src/__tests__/index.d.ts.map +0 -1
package/src/__tests__/index.js +0 -6
package/src/__tests__/index.js.map +0 -1
package/src/application-base.d.ts +0 -122
package/src/application-base.d.ts.map +0 -1
package/src/application-base.js +0 -359
package/src/application-base.js.map +0 -1
package/src/application-concrete.d.ts +0 -12
package/src/application-concrete.d.ts.map +0 -1
package/src/application-concrete.js +0 -21
package/src/application-concrete.js.map +0 -1
package/src/application.d.ts +0 -28
package/src/application.d.ts.map +0 -1
package/src/application.js +0 -167
package/src/application.js.map +0 -1
package/src/backup-code.d.ts +0 -68
package/src/backup-code.d.ts.map +0 -1
package/src/backup-code.js +0 -238
package/src/backup-code.js.map +0 -1
package/src/builders/application-builder.d.ts +0 -34
package/src/builders/application-builder.d.ts.map +0 -1
package/src/builders/application-builder.js +0 -64
package/src/builders/application-builder.js.map +0 -1
package/src/builders/index.d.ts.map +0 -1
package/src/builders/index.js +0 -5
package/src/builders/index.js.map +0 -1
package/src/constants.d.ts +0 -16
package/src/constants.d.ts.map +0 -1
package/src/constants.js +0 -58
package/src/constants.js.map +0 -1
package/src/container/index.d.ts.map +0 -1
package/src/container/index.js +0 -6
package/src/container/index.js.map +0 -1
package/src/container/service-container.d.ts +0 -11
package/src/container/service-container.d.ts.map +0 -1
package/src/container/service-container.js +0 -38
package/src/container/service-container.js.map +0 -1
package/src/container/service-definitions.d.ts +0 -11
package/src/container/service-definitions.d.ts.map +0 -1
package/src/container/service-definitions.js +0 -13
package/src/container/service-definitions.js.map +0 -1
package/src/controllers/base.d.ts +0 -66
package/src/controllers/base.d.ts.map +0 -1
package/src/controllers/base.js +0 -305
package/src/controllers/base.js.map +0 -1
package/src/controllers/index.d.ts.map +0 -1
package/src/controllers/index.js +0 -6
package/src/controllers/index.js.map +0 -1
package/src/controllers/user.d.ts +0 -50
package/src/controllers/user.d.ts.map +0 -1
package/src/controllers/user.js +0 -918
package/src/controllers/user.js.map +0 -1
package/src/database/database-initializer.d.ts.map +0 -1
package/src/database/database-initializer.js +0 -3
package/src/database/database-initializer.js.map +0 -1
package/src/database/index.d.ts.map +0 -1
package/src/database/index.js +0 -5
package/src/database/index.js.map +0 -1
package/src/decorators/base-controller.d.ts +0 -10
package/src/decorators/base-controller.d.ts.map +0 -1
package/src/decorators/base-controller.js +0 -60
package/src/decorators/base-controller.js.map +0 -1
package/src/decorators/controller.d.ts +0 -38
package/src/decorators/controller.d.ts.map +0 -1
package/src/decorators/controller.js +0 -68
package/src/decorators/controller.js.map +0 -1
package/src/decorators/index.d.ts.map +0 -1
package/src/decorators/index.js +0 -7
package/src/decorators/index.js.map +0 -1
package/src/decorators/zod-validation.d.ts +0 -5
package/src/decorators/zod-validation.d.ts.map +0 -1
package/src/decorators/zod-validation.js +0 -48
package/src/decorators/zod-validation.js.map +0 -1
package/src/defaults.d.ts +0 -7
package/src/defaults.d.ts.map +0 -1
package/src/defaults.js +0 -204
package/src/defaults.js.map +0 -1
package/src/documents/base.d.ts +0 -4
package/src/documents/base.d.ts.map +0 -1
package/src/documents/base.js +0 -3
package/src/documents/base.js.map +0 -1
package/src/documents/email-token.d.ts +0 -8
package/src/documents/email-token.d.ts.map +0 -1
package/src/documents/email-token.js +0 -3
package/src/documents/email-token.js.map +0 -1
package/src/documents/index.d.ts.map +0 -1
package/src/documents/index.js +0 -3
package/src/documents/index.js.map +0 -1
package/src/documents/mnemonic.d.ts.map +0 -1
package/src/documents/mnemonic.js +0 -3
package/src/documents/mnemonic.js.map +0 -1
package/src/documents/role.d.ts.map +0 -1
package/src/documents/role.js +0 -3
package/src/documents/role.js.map +0 -1
package/src/documents/used-direct-login-token.d.ts +0 -5
package/src/documents/used-direct-login-token.d.ts.map +0 -1
package/src/documents/used-direct-login-token.js +0 -3
package/src/documents/used-direct-login-token.js.map +0 -1
package/src/documents/user-role.d.ts.map +0 -1
package/src/documents/user-role.js +0 -3
package/src/documents/user-role.js.map +0 -1
package/src/documents/user.d.ts.map +0 -1
package/src/documents/user.js +0 -3
package/src/documents/user.js.map +0 -1
package/src/enumerations/base-model-name.d.ts +0 -38
package/src/enumerations/base-model-name.d.ts.map +0 -1
package/src/enumerations/base-model-name.js +0 -34
package/src/enumerations/base-model-name.js.map +0 -1
package/src/enumerations/index.d.ts.map +0 -1
package/src/enumerations/index.js +0 -8
package/src/enumerations/index.js.map +0 -1
package/src/enumerations/length-encoding-type.d.ts +0 -7
package/src/enumerations/length-encoding-type.d.ts.map +0 -1
package/src/enumerations/length-encoding-type.js +0 -11
package/src/enumerations/length-encoding-type.js.map +0 -1
package/src/enumerations/schema-collection.d.ts +0 -34
package/src/enumerations/schema-collection.d.ts.map +0 -1
package/src/enumerations/schema-collection.js +0 -38
package/src/enumerations/schema-collection.js.map +0 -1
package/src/enumerations/symmetric-error-type.d.ts +0 -5
package/src/enumerations/symmetric-error-type.d.ts.map +0 -1
package/src/enumerations/symmetric-error-type.js +0 -9
package/src/enumerations/symmetric-error-type.js.map +0 -1
package/src/environment.d.ts +0 -190
package/src/environment.d.ts.map +0 -1
package/src/environment.js +0 -646
package/src/environment.js.map +0 -1
package/src/errors/express-validation.d.ts +0 -9
package/src/errors/express-validation.d.ts.map +0 -1
package/src/errors/express-validation.js +0 -18
package/src/errors/express-validation.js.map +0 -1
package/src/errors/index.d.ts.map +0 -1
package/src/errors/index.js +0 -16
package/src/errors/index.js.map +0 -1
package/src/errors/invalid-backup-code-version.d.ts +0 -6
package/src/errors/invalid-backup-code-version.d.ts.map +0 -1
package/src/errors/invalid-backup-code-version.js +0 -16
package/src/errors/invalid-backup-code-version.js.map +0 -1
package/src/errors/invalid-jwt-token.d.ts +0 -5
package/src/errors/invalid-jwt-token.d.ts.map +0 -1
package/src/errors/invalid-jwt-token.js +0 -12
package/src/errors/invalid-jwt-token.js.map +0 -1
package/src/errors/invalid-model.d.ts +0 -6
package/src/errors/invalid-model.d.ts.map +0 -1
package/src/errors/invalid-model.js +0 -14
package/src/errors/invalid-model.js.map +0 -1
package/src/errors/invalid-new-password.d.ts +0 -5
package/src/errors/invalid-new-password.d.ts.map +0 -1
package/src/errors/invalid-new-password.js +0 -14
package/src/errors/invalid-new-password.js.map +0 -1
package/src/errors/invalid-password.d.ts +0 -5
package/src/errors/invalid-password.d.ts.map +0 -1
package/src/errors/invalid-password.js +0 -14
package/src/errors/invalid-password.js.map +0 -1
package/src/errors/missing-validated-data.d.ts +0 -7
package/src/errors/missing-validated-data.d.ts.map +0 -1
package/src/errors/missing-validated-data.js +0 -36
package/src/errors/missing-validated-data.js.map +0 -1
package/src/errors/mnemonic-or-password-required.d.ts +0 -5
package/src/errors/mnemonic-or-password-required.d.ts.map +0 -1
package/src/errors/mnemonic-or-password-required.js +0 -14
package/src/errors/mnemonic-or-password-required.js.map +0 -1
package/src/errors/model-not-registered.d.ts +0 -6
package/src/errors/model-not-registered.d.ts.map +0 -1
package/src/errors/model-not-registered.js +0 -14
package/src/errors/model-not-registered.js.map +0 -1
package/src/errors/mongoose-validation.d.ts +0 -12
package/src/errors/mongoose-validation.d.ts.map +0 -1
package/src/errors/mongoose-validation.js +0 -17
package/src/errors/mongoose-validation.js.map +0 -1
package/src/errors/symmetric.d.ts +0 -8
package/src/errors/symmetric.d.ts.map +0 -1
package/src/errors/symmetric.js +0 -22
package/src/errors/symmetric.js.map +0 -1
package/src/errors/token-expired.d.ts +0 -5
package/src/errors/token-expired.d.ts.map +0 -1
package/src/errors/token-expired.js +0 -12
package/src/errors/token-expired.js.map +0 -1
package/src/get-language.d.ts +0 -2
package/src/get-language.d.ts.map +0 -1
package/src/get-language.js +0 -30
package/src/get-language.js.map +0 -1
package/src/get-timezone.d.ts +0 -2
package/src/get-timezone.d.ts.map +0 -1
package/src/get-timezone.js +0 -39
package/src/get-timezone.js.map +0 -1
package/src/index.d.ts.map +0 -1
package/src/index.js +0 -42
package/src/index.js.map +0 -1
package/src/interfaces/api-error-response.d.ts.map +0 -1
package/src/interfaces/api-error-response.js +0 -3
package/src/interfaces/api-error-response.js.map +0 -1
package/src/interfaces/api-express-validation-error-response.d.ts +0 -7
package/src/interfaces/api-express-validation-error-response.d.ts.map +0 -1
package/src/interfaces/api-express-validation-error-response.js +0 -3
package/src/interfaces/api-express-validation-error-response.js.map +0 -1
package/src/interfaces/api-message-response.d.ts +0 -4
package/src/interfaces/api-message-response.d.ts.map +0 -1
package/src/interfaces/api-message-response.js +0 -3
package/src/interfaces/api-message-response.js.map +0 -1
package/src/interfaces/api-mongo-validation-error-response.d.ts.map +0 -1
package/src/interfaces/api-mongo-validation-error-response.js +0 -3
package/src/interfaces/api-mongo-validation-error-response.js.map +0 -1
package/src/interfaces/api-responses/backup-codes-response.d.ts.map +0 -1
package/src/interfaces/api-responses/backup-codes-response.js +0 -3
package/src/interfaces/api-responses/backup-codes-response.js.map +0 -1
package/src/interfaces/api-responses/challenge-response.d.ts.map +0 -1
package/src/interfaces/api-responses/challenge-response.js +0 -3
package/src/interfaces/api-responses/challenge-response.js.map +0 -1
package/src/interfaces/api-responses/code-count-response.d.ts.map +0 -1
package/src/interfaces/api-responses/code-count-response.js +0 -3
package/src/interfaces/api-responses/code-count-response.js.map +0 -1
package/src/interfaces/api-responses/index.d.ts.map +0 -1
package/src/interfaces/api-responses/index.js +0 -12
package/src/interfaces/api-responses/index.js.map +0 -1
package/src/interfaces/api-responses/login-response.d.ts.map +0 -1
package/src/interfaces/api-responses/login-response.js +0 -3
package/src/interfaces/api-responses/login-response.js.map +0 -1
package/src/interfaces/api-responses/mnemonic-response.d.ts.map +0 -1
package/src/interfaces/api-responses/mnemonic-response.js +0 -3
package/src/interfaces/api-responses/mnemonic-response.js.map +0 -1
package/src/interfaces/api-responses/registration-response.d.ts.map +0 -1
package/src/interfaces/api-responses/registration-response.js +0 -3
package/src/interfaces/api-responses/registration-response.js.map +0 -1
package/src/interfaces/api-responses/request-user-response.d.ts.map +0 -1
package/src/interfaces/api-responses/request-user-response.js +0 -3
package/src/interfaces/api-responses/request-user-response.js.map +0 -1
package/src/interfaces/api-responses/user-settings-response.d.ts +0 -12
package/src/interfaces/api-responses/user-settings-response.d.ts.map +0 -1
package/src/interfaces/api-responses/user-settings-response.js +0 -3
package/src/interfaces/api-responses/user-settings-response.js.map +0 -1
package/src/interfaces/application.d.ts +0 -16
package/src/interfaces/application.d.ts.map +0 -1
package/src/interfaces/application.js +0 -3
package/src/interfaces/application.js.map +0 -1
package/src/interfaces/backend-objects/email-token.d.ts +0 -4
package/src/interfaces/backend-objects/email-token.d.ts.map +0 -1
package/src/interfaces/backend-objects/email-token.js +0 -3
package/src/interfaces/backend-objects/email-token.js.map +0 -1
package/src/interfaces/backend-objects/index.d.ts.map +0 -1
package/src/interfaces/backend-objects/index.js +0 -8
package/src/interfaces/backend-objects/index.js.map +0 -1
package/src/interfaces/backend-objects/request-user.d.ts +0 -5
package/src/interfaces/backend-objects/request-user.d.ts.map +0 -1
package/src/interfaces/backend-objects/request-user.js +0 -3
package/src/interfaces/backend-objects/request-user.js.map +0 -1
package/src/interfaces/backend-objects/role.d.ts +0 -4
package/src/interfaces/backend-objects/role.d.ts.map +0 -1
package/src/interfaces/backend-objects/role.js +0 -3
package/src/interfaces/backend-objects/role.js.map +0 -1
package/src/interfaces/backend-objects/user.d.ts +0 -4
package/src/interfaces/backend-objects/user.d.ts.map +0 -1
package/src/interfaces/backend-objects/user.js +0 -3
package/src/interfaces/backend-objects/user.js.map +0 -1
package/src/interfaces/checksum-config.d.ts +0 -5
package/src/interfaces/checksum-config.d.ts.map +0 -1
package/src/interfaces/checksum-config.js +0 -3
package/src/interfaces/checksum-config.js.map +0 -1
package/src/interfaces/checksum-consts.d.ts +0 -11
package/src/interfaces/checksum-consts.d.ts.map +0 -1
package/src/interfaces/checksum-consts.js +0 -3
package/src/interfaces/checksum-consts.js.map +0 -1
package/src/interfaces/constants.d.ts +0 -98
package/src/interfaces/constants.d.ts.map +0 -1
package/src/interfaces/constants.js +0 -3
package/src/interfaces/constants.js.map +0 -1
package/src/interfaces/controller-config.d.ts +0 -21
package/src/interfaces/controller-config.d.ts.map +0 -1
package/src/interfaces/controller-config.js +0 -3
package/src/interfaces/controller-config.js.map +0 -1
package/src/interfaces/create-user-basics.d.ts +0 -18
package/src/interfaces/create-user-basics.d.ts.map +0 -1
package/src/interfaces/create-user-basics.js +0 -3
package/src/interfaces/create-user-basics.js.map +0 -1
package/src/interfaces/csp-config.d.ts +0 -7
package/src/interfaces/csp-config.d.ts.map +0 -1
package/src/interfaces/csp-config.js +0 -13
package/src/interfaces/csp-config.js.map +0 -1
package/src/interfaces/csp-definition.d.ts +0 -13
package/src/interfaces/csp-definition.d.ts.map +0 -1
package/src/interfaces/csp-definition.js +0 -22
package/src/interfaces/csp-definition.js.map +0 -1
package/src/interfaces/db-init-result.d.ts.map +0 -1
package/src/interfaces/db-init-result.js +0 -3
package/src/interfaces/db-init-result.js.map +0 -1
package/src/interfaces/deep-partial.d.ts +0 -4
package/src/interfaces/deep-partial.d.ts.map +0 -1
package/src/interfaces/deep-partial.js +0 -3
package/src/interfaces/deep-partial.js.map +0 -1
package/src/interfaces/discriminator-collections.d.ts.map +0 -1
package/src/interfaces/discriminator-collections.js +0 -3
package/src/interfaces/discriminator-collections.js.map +0 -1
package/src/interfaces/email-service.d.ts +0 -4
package/src/interfaces/email-service.d.ts.map +0 -1
package/src/interfaces/email-service.js +0 -3
package/src/interfaces/email-service.js.map +0 -1
package/src/interfaces/environment-mongo.d.ts +0 -76
package/src/interfaces/environment-mongo.d.ts.map +0 -1
package/src/interfaces/environment-mongo.js +0 -3
package/src/interfaces/environment-mongo.js.map +0 -1
package/src/interfaces/environment.d.ts +0 -184
package/src/interfaces/environment.d.ts.map +0 -1
package/src/interfaces/environment.js +0 -3
package/src/interfaces/environment.js.map +0 -1
package/src/interfaces/failable-result.d.ts +0 -7
package/src/interfaces/failable-result.d.ts.map +0 -1
package/src/interfaces/failable-result.js +0 -3
package/src/interfaces/failable-result.js.map +0 -1
package/src/interfaces/fec-consts.d.ts +0 -5
package/src/interfaces/fec-consts.d.ts.map +0 -1
package/src/interfaces/fec-consts.js +0 -3
package/src/interfaces/fec-consts.js.map +0 -1
package/src/interfaces/flexible-csp.d.ts +0 -8
package/src/interfaces/flexible-csp.d.ts.map +0 -1
package/src/interfaces/flexible-csp.js +0 -14
package/src/interfaces/flexible-csp.js.map +0 -1
package/src/interfaces/handleable-error-options.d.ts +0 -7
package/src/interfaces/handleable-error-options.d.ts.map +0 -1
package/src/interfaces/handleable-error-options.js +0 -3
package/src/interfaces/handleable-error-options.js.map +0 -1
package/src/interfaces/index.d.ts.map +0 -1
package/src/interfaces/index.js +0 -38
package/src/interfaces/index.js.map +0 -1
package/src/interfaces/jwt-consts.d.ts +0 -11
package/src/interfaces/jwt-consts.d.ts.map +0 -1
package/src/interfaces/jwt-consts.js +0 -3
package/src/interfaces/jwt-consts.js.map +0 -1
package/src/interfaces/jwt-sign-response.d.ts +0 -11
package/src/interfaces/jwt-sign-response.d.ts.map +0 -1
package/src/interfaces/jwt-sign-response.js +0 -3
package/src/interfaces/jwt-sign-response.js.map +0 -1
package/src/interfaces/models/email-token.d.ts.map +0 -1
package/src/interfaces/models/email-token.js +0 -3
package/src/interfaces/models/email-token.js.map +0 -1
package/src/interfaces/models/index.d.ts.map +0 -1
package/src/interfaces/models/index.js +0 -11
package/src/interfaces/models/index.js.map +0 -1
package/src/interfaces/models/mnemonic.d.ts.map +0 -1
package/src/interfaces/models/mnemonic.js +0 -3
package/src/interfaces/models/mnemonic.js.map +0 -1
package/src/interfaces/models/role.d.ts.map +0 -1
package/src/interfaces/models/role.js +0 -3
package/src/interfaces/models/role.js.map +0 -1
package/src/interfaces/models/token-role.d.ts.map +0 -1
package/src/interfaces/models/token-role.js +0 -3
package/src/interfaces/models/token-role.js.map +0 -1
package/src/interfaces/models/used-direct-login-token.d.ts.map +0 -1
package/src/interfaces/models/used-direct-login-token.js +0 -3
package/src/interfaces/models/used-direct-login-token.js.map +0 -1
package/src/interfaces/models/user-role.d.ts.map +0 -1
package/src/interfaces/models/user-role.js +0 -3
package/src/interfaces/models/user-role.js.map +0 -1
package/src/interfaces/models/user.d.ts.map +0 -1
package/src/interfaces/models/user.js +0 -3
package/src/interfaces/models/user.js.map +0 -1
package/src/interfaces/mongo-errors.d.ts +0 -5
package/src/interfaces/mongo-errors.d.ts.map +0 -1
package/src/interfaces/mongo-errors.js +0 -3
package/src/interfaces/mongo-errors.js.map +0 -1
package/src/interfaces/request-user.d.ts +0 -58
package/src/interfaces/request-user.d.ts.map +0 -1
package/src/interfaces/request-user.js +0 -3
package/src/interfaces/request-user.js.map +0 -1
package/src/interfaces/required-string-keys.d.ts +0 -22
package/src/interfaces/required-string-keys.d.ts.map +0 -1
package/src/interfaces/required-string-keys.js +0 -3
package/src/interfaces/required-string-keys.js.map +0 -1
package/src/interfaces/schema.d.ts +0 -29
package/src/interfaces/schema.d.ts.map +0 -1
package/src/interfaces/schema.js +0 -3
package/src/interfaces/schema.js.map +0 -1
package/src/interfaces/server-init-result.d.ts +0 -36
package/src/interfaces/server-init-result.d.ts.map +0 -1
package/src/interfaces/server-init-result.js +0 -3
package/src/interfaces/server-init-result.js.map +0 -1
package/src/interfaces/status-code-response.d.ts +0 -7
package/src/interfaces/status-code-response.d.ts.map +0 -1
package/src/interfaces/status-code-response.js +0 -3
package/src/interfaces/status-code-response.js.map +0 -1
package/src/interfaces/test-environment.d.ts.map +0 -1
package/src/interfaces/test-environment.js +0 -3
package/src/interfaces/test-environment.js.map +0 -1
package/src/interfaces/token-response.d.ts.map +0 -1
package/src/interfaces/token-response.js +0 -3
package/src/interfaces/token-response.js.map +0 -1
package/src/middlewares/authenticate-crypto.d.ts +0 -10
package/src/middlewares/authenticate-crypto.d.ts.map +0 -1
package/src/middlewares/authenticate-crypto.js +0 -126
package/src/middlewares/authenticate-crypto.js.map +0 -1
package/src/middlewares/authenticate-token.d.ts +0 -21
package/src/middlewares/authenticate-token.d.ts.map +0 -1
package/src/middlewares/authenticate-token.js +0 -104
package/src/middlewares/authenticate-token.js.map +0 -1
package/src/middlewares/cleanup-crypto.d.ts +0 -7
package/src/middlewares/cleanup-crypto.d.ts.map +0 -1
package/src/middlewares/cleanup-crypto.js +0 -32
package/src/middlewares/cleanup-crypto.js.map +0 -1
package/src/middlewares/index.d.ts.map +0 -1
package/src/middlewares/index.js +0 -8
package/src/middlewares/index.js.map +0 -1
package/src/middlewares/set-global-context-language.d.ts +0 -3
package/src/middlewares/set-global-context-language.d.ts.map +0 -1
package/src/middlewares/set-global-context-language.js +0 -14
package/src/middlewares/set-global-context-language.js.map +0 -1
package/src/middlewares.d.ts +0 -8
package/src/middlewares.d.ts.map +0 -1
package/src/middlewares.js +0 -91
package/src/middlewares.js.map +0 -1
package/src/model-registry.d.ts +0 -23
package/src/model-registry.d.ts.map +0 -1
package/src/model-registry.js +0 -47
package/src/model-registry.js.map +0 -1
package/src/models/email-token.d.ts.map +0 -1
package/src/models/email-token.js +0 -11
package/src/models/email-token.js.map +0 -1
package/src/models/index.d.ts.map +0 -1
package/src/models/index.js +0 -10
package/src/models/index.js.map +0 -1
package/src/models/mnemonic.d.ts.map +0 -1
package/src/models/mnemonic.js +0 -11
package/src/models/mnemonic.js.map +0 -1
package/src/models/role.d.ts.map +0 -1
package/src/models/role.js +0 -11
package/src/models/role.js.map +0 -1
package/src/models/used-direct-login-token.d.ts.map +0 -1
package/src/models/used-direct-login-token.js +0 -11
package/src/models/used-direct-login-token.js.map +0 -1
package/src/models/user-role.d.ts.map +0 -1
package/src/models/user-role.js +0 -10
package/src/models/user-role.js.map +0 -1
package/src/models/user.d.ts.map +0 -1
package/src/models/user.js +0 -11
package/src/models/user.js.map +0 -1
package/src/pipeline/index.d.ts.map +0 -1
package/src/pipeline/index.js +0 -5
package/src/pipeline/index.js.map +0 -1
package/src/pipeline/pipeline-builder.d.ts +0 -8
package/src/pipeline/pipeline-builder.d.ts.map +0 -1
package/src/pipeline/pipeline-builder.js +0 -18
package/src/pipeline/pipeline-builder.js.map +0 -1
package/src/plugins/index.d.ts.map +0 -1
package/src/plugins/index.js +0 -6
package/src/plugins/index.js.map +0 -1
package/src/plugins/plugin-interface.d.ts +0 -8
package/src/plugins/plugin-interface.d.ts.map +0 -1
package/src/plugins/plugin-interface.js +0 -3
package/src/plugins/plugin-interface.js.map +0 -1
package/src/plugins/plugin-manager.d.ts +0 -12
package/src/plugins/plugin-manager.d.ts.map +0 -1
package/src/plugins/plugin-manager.js +0 -37
package/src/plugins/plugin-manager.js.map +0 -1
package/src/registry/email-service-registry.d.ts +0 -27
package/src/registry/email-service-registry.d.ts.map +0 -1
package/src/registry/email-service-registry.js +0 -42
package/src/registry/email-service-registry.js.map +0 -1
package/src/registry/index.d.ts.map +0 -1
package/src/registry/index.js +0 -6
package/src/registry/index.js.map +0 -1
package/src/responses/index.d.ts.map +0 -1
package/src/responses/index.js +0 -5
package/src/responses/index.js.map +0 -1
package/src/responses/response-builder.d.ts +0 -24
package/src/responses/response-builder.d.ts.map +0 -1
package/src/responses/response-builder.js +0 -63
package/src/responses/response-builder.js.map +0 -1
package/src/routers/api.d.ts +0 -28
package/src/routers/api.d.ts.map +0 -1
package/src/routers/api.js +0 -80
package/src/routers/api.js.map +0 -1
package/src/routers/app.d.ts +0 -32
package/src/routers/app.d.ts.map +0 -1
package/src/routers/app.js +0 -228
package/src/routers/app.js.map +0 -1
package/src/routers/base.d.ts +0 -8
package/src/routers/base.d.ts.map +0 -1
package/src/routers/base.js +0 -14
package/src/routers/base.js.map +0 -1
package/src/routers/index.d.ts.map +0 -1
package/src/routers/index.js +0 -7
package/src/routers/index.js.map +0 -1
package/src/routers/router-config.d.ts +0 -18
package/src/routers/router-config.d.ts.map +0 -1
package/src/routers/router-config.js +0 -8
package/src/routers/router-config.js.map +0 -1
package/src/routing/index.d.ts +0 -2
package/src/routing/index.d.ts.map +0 -1
package/src/routing/index.js +0 -5
package/src/routing/index.js.map +0 -1
package/src/routing/route-builder.d.ts +0 -36
package/src/routing/route-builder.d.ts.map +0 -1
package/src/routing/route-builder.js +0 -86
package/src/routing/route-builder.js.map +0 -1
package/src/schemas/email-token.d.ts.map +0 -1
package/src/schemas/email-token.js +0 -55
package/src/schemas/email-token.js.map +0 -1
package/src/schemas/index.d.ts.map +0 -1
package/src/schemas/index.js +0 -11
package/src/schemas/index.js.map +0 -1
package/src/schemas/mnemonic.d.ts.map +0 -1
package/src/schemas/mnemonic.js +0 -31
package/src/schemas/mnemonic.js.map +0 -1
package/src/schemas/role.d.ts.map +0 -1
package/src/schemas/role.js +0 -89
package/src/schemas/role.js.map +0 -1
package/src/schemas/schema.d.ts +0 -42
package/src/schemas/schema.d.ts.map +0 -1
package/src/schemas/schema.js +0 -70
package/src/schemas/schema.js.map +0 -1
package/src/schemas/used-direct-login-token.d.ts.map +0 -1
package/src/schemas/used-direct-login-token.js +0 -24
package/src/schemas/used-direct-login-token.js.map +0 -1
package/src/schemas/user-role.d.ts.map +0 -1
package/src/schemas/user-role.js +0 -55
package/src/schemas/user-role.js.map +0 -1
package/src/schemas/user.d.ts.map +0 -1
package/src/schemas/user.js +0 -195
package/src/schemas/user.js.map +0 -1
package/src/services/backup-code.d.ts +0 -76
package/src/services/backup-code.d.ts.map +0 -1
package/src/services/backup-code.js +0 -185
package/src/services/backup-code.js.map +0 -1
package/src/services/base.d.ts +0 -10
package/src/services/base.d.ts.map +0 -1
package/src/services/base.js +0 -15
package/src/services/base.js.map +0 -1
package/src/services/checksum.d.ts +0 -69
package/src/services/checksum.d.ts.map +0 -1
package/src/services/checksum.js +0 -145
package/src/services/checksum.js.map +0 -1
package/src/services/crc.d.ts +0 -87
package/src/services/crc.d.ts.map +0 -1
package/src/services/crc.js +0 -198
package/src/services/crc.js.map +0 -1
package/src/services/database-initialization.d.ts +0 -111
package/src/services/database-initialization.d.ts.map +0 -1
package/src/services/database-initialization.js +0 -879
package/src/services/database-initialization.js.map +0 -1
package/src/services/db-init-cache.d.ts.map +0 -1
package/src/services/db-init-cache.js +0 -3
package/src/services/db-init-cache.js.map +0 -1
package/src/services/direct-login-token.d.ts +0 -6
package/src/services/direct-login-token.d.ts.map +0 -1
package/src/services/direct-login-token.js +0 -41
package/src/services/direct-login-token.js.map +0 -1
package/src/services/dummy-email-service.d.ts +0 -10
package/src/services/dummy-email-service.d.ts.map +0 -1
package/src/services/dummy-email-service.js +0 -16
package/src/services/dummy-email-service.js.map +0 -1
package/src/services/fec-usage-example.d.ts +0 -38
package/src/services/fec-usage-example.d.ts.map +0 -1
package/src/services/fec-usage-example.js +0 -75
package/src/services/fec-usage-example.js.map +0 -1
package/src/services/fec.d.ts +0 -46
package/src/services/fec.d.ts.map +0 -1
package/src/services/fec.js +0 -214
package/src/services/fec.js.map +0 -1
package/src/services/index.d.ts.map +0 -1
package/src/services/index.js +0 -23
package/src/services/index.js.map +0 -1
package/src/services/jwt.d.ts +0 -30
package/src/services/jwt.d.ts.map +0 -1
package/src/services/jwt.js +0 -90
package/src/services/jwt.js.map +0 -1
package/src/services/key-wrapping.d.ts +0 -61
package/src/services/key-wrapping.d.ts.map +0 -1
package/src/services/key-wrapping.js +0 -307
package/src/services/key-wrapping.js.map +0 -1
package/src/services/mnemonic.d.ts +0 -61
package/src/services/mnemonic.d.ts.map +0 -1
package/src/services/mnemonic.js +0 -114
package/src/services/mnemonic.js.map +0 -1
package/src/services/request-user.d.ts +0 -23
package/src/services/request-user.d.ts.map +0 -1
package/src/services/request-user.js +0 -66
package/src/services/request-user.js.map +0 -1
package/src/services/role.d.ts +0 -86
package/src/services/role.d.ts.map +0 -1
package/src/services/role.js +0 -285
package/src/services/role.js.map +0 -1
package/src/services/symmetric.d.ts +0 -42
package/src/services/symmetric.d.ts.map +0 -1
package/src/services/symmetric.js +0 -101
package/src/services/symmetric.js.map +0 -1
package/src/services/system-user.d.ts +0 -17
package/src/services/system-user.d.ts.map +0 -1
package/src/services/system-user.js +0 -46
package/src/services/system-user.js.map +0 -1
package/src/services/user.d.ts +0 -349
package/src/services/user.d.ts.map +0 -1
package/src/services/user.js +0 -1442
package/src/services/user.js.map +0 -1
package/src/services/xor.d.ts +0 -24
package/src/services/xor.d.ts.map +0 -1
package/src/services/xor.js +0 -37
package/src/services/xor.js.map +0 -1
package/src/testing.d.ts +0 -3
package/src/testing.d.ts.map +0 -1
package/src/testing.js +0 -7
package/src/testing.js.map +0 -1
package/src/transactions/index.d.ts.map +0 -1
package/src/transactions/index.js +0 -5
package/src/transactions/index.js.map +0 -1
package/src/transactions/transaction-manager.d.ts +0 -12
package/src/transactions/transaction-manager.d.ts.map +0 -1
package/src/transactions/transaction-manager.js +0 -30
package/src/transactions/transaction-manager.js.map +0 -1
package/src/types/app-config.d.ts.map +0 -1
package/src/types/app-config.js +0 -3
package/src/types/app-config.js.map +0 -1
package/src/types/controller-config.d.ts.map +0 -1
package/src/types/controller-config.js +0 -3
package/src/types/controller-config.js.map +0 -1
package/src/types/environment-variables.d.ts.map +0 -1
package/src/types/environment-variables.js +0 -39
package/src/types/environment-variables.js.map +0 -1
package/src/types/id-converters.d.ts +0 -28
package/src/types/id-converters.d.ts.map +0 -1
package/src/types/id-converters.js +0 -45
package/src/types/id-converters.js.map +0 -1
package/src/types/index.d.ts.map +0 -1
package/src/types/index.js +0 -6
package/src/types/index.js.map +0 -1
package/src/types/mongoose-helpers.d.ts.map +0 -1
package/src/types/mongoose-helpers.js +0 -6
package/src/types/mongoose-helpers.js.map +0 -1
package/src/types.d.ts.map +0 -1
package/src/types.js +0 -14
package/src/types.js.map +0 -1
package/src/utils.d.ts +0 -210
package/src/utils.d.ts.map +0 -1
package/src/utils.js +0 -818
package/src/utils.js.map +0 -1
package/src/validation/index.d.ts.map +0 -1
package/src/validation/index.js +0 -5
package/src/validation/index.js.map +0 -1
package/src/validation/validation-builder.d.ts +0 -32
package/src/validation/validation-builder.d.ts.map +0 -1
package/src/validation/validation-builder.js +0 -81
package/src/validation/validation-builder.js.map +0 -1

package/src/services/key-wrapping.ts ADDED Viewed

@@ -0,0 +1,447 @@
+import { SecureBuffer, SecureString } from '@digitaldefiance/ecies-lib';
+import {
+  Constants,
+  IConstants,
+  Pbkdf2Service,
+} from '@digitaldefiance/node-ecies-lib';
+import {
+  createCipheriv,
+  createDecipheriv,
+  createHash,
+  randomBytes,
+} from 'crypto';
+import { InvalidNewPasswordError, InvalidPasswordError } from '../errors';
+function createPbkdf2Service(constants: IConstants): Pbkdf2Service {
+  return Pbkdf2Service.fromConstants(constants);
+}
+export interface WrappedKey {
+  salt: string;
+  iv: string;
+  authTag: string;
+  encryptedMasterKey: string;
+  iterations: number;
+}
+// Generic password-wrapped secret payload shape
+export interface PasswordWrappedSecret {
+  salt: string;
+  iv: string;
+  authTag: string;
+  ciphertext: string;
+  iterations: number;
+}
+export class KeyWrappingService {
+  // In-flight de-duplication map to share PBKDF2 work across concurrent identical requests
+  // Store a promise of the raw master key bytes, so each caller can get an independent SecureBuffer
+  private static inFlightUnwraps: Map<string, Promise<string>> = new Map();
+  /**
+   * Generates a new master key and wraps it with the user's password
+   */
+  public wrapNewMasterKey(
+    password: SecureString,
+    constants: IConstants = Constants,
+  ): {
+    masterKey: SecureBuffer;
+    wrappedKey: WrappedKey;
+  } {
+    const masterKey = new SecureBuffer(
+      randomBytes(constants.WRAPPED_KEY.MASTER_KEY_SIZE),
+    );
+    const wrappedKey = this.wrapMasterKey(masterKey, password, constants);
+    return { masterKey, wrappedKey };
+  }
+  /**
+   * Wraps an existing master key with a password-derived key
+   */
+  public wrapMasterKey(
+    masterKey: SecureBuffer,
+    password: SecureString,
+    constants: IConstants = Constants,
+  ): WrappedKey {
+    if (constants.PasswordRegex.test(password.value ?? '') === false) {
+      throw new InvalidNewPasswordError();
+    }
+    const salt = randomBytes(constants.WRAPPED_KEY.SALT_SIZE);
+    const iterations = constants.WRAPPED_KEY.MIN_ITERATIONS;
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Derive key from password using centralized PBKDF2 service
+    const derivedKey = pbkdf2Service.deriveKeyFromPassword(
+      Buffer.from(password.valueAsUint8Array),
+      salt,
+      iterations,
+      constants.WRAPPED_KEY.SALT_SIZE,
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    // Encrypt master key
+    const iv = randomBytes(constants.WRAPPED_KEY.IV_SIZE);
+    const cipher = createCipheriv('aes-256-gcm', passwordKeySecure.value, iv);
+    const encrypted = Buffer.concat([
+      cipher.update(masterKey.value),
+      cipher.final(),
+    ]);
+    const authTag = cipher.getAuthTag();
+    passwordKeySecure.dispose();
+    return {
+      salt: salt.toString('hex'),
+      iv: iv.toString('hex'),
+      authTag: authTag.toString('hex'),
+      encryptedMasterKey: encrypted.toString('hex'),
+      iterations,
+    };
+  }
+  /**
+   * Unwraps a master key using the user's password
+   */
+  public unwrapMasterKey(
+    wrappedKey: WrappedKey,
+    password: SecureString,
+    constants: IConstants = Constants,
+  ): SecureBuffer {
+    const salt = Buffer.from(wrappedKey.salt, 'hex');
+    const iv = Buffer.from(wrappedKey.iv, 'hex');
+    const authTag = Buffer.from(wrappedKey.authTag, 'hex');
+    const encrypted = Buffer.from(wrappedKey.encryptedMasterKey, 'hex');
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Derive the same key from password using centralized PBKDF2 service
+    const derivedKey = pbkdf2Service.deriveKeyFromPassword(
+      Buffer.from(password.valueAsUint8Array),
+      salt,
+      wrappedKey.iterations,
+      salt.length, // Use actual salt size
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    try {
+      const decipher = createDecipheriv(
+        'aes-256-gcm',
+        passwordKeySecure.value,
+        iv,
+      );
+      decipher.setAuthTag(authTag);
+      const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+      ]);
+      return new SecureBuffer(decrypted);
+    } catch {
+      throw new InvalidPasswordError();
+    } finally {
+      passwordKeySecure.dispose();
+    }
+  }
+  /**
+   * Async version of unwrapMasterKey that uses libuv threadpool via crypto.pbkdf2
+   * to avoid blocking the event loop during password verification.
+   */
+  public async unwrapMasterKeyAsync(
+    wrappedKey: WrappedKey,
+    password: SecureString | string,
+    constants: IConstants = Constants,
+  ): Promise<SecureBuffer> {
+    const __perfEnabled = process.env['PERF_LOGS'] === '1';
+    const _t0 = __perfEnabled ? Date.now() : 0;
+    const salt = Buffer.from(wrappedKey.salt, 'hex');
+    const iv = Buffer.from(wrappedKey.iv, 'hex');
+    const authTag = Buffer.from(wrappedKey.authTag, 'hex');
+    const encrypted = Buffer.from(wrappedKey.encryptedMasterKey, 'hex');
+    // Accept either a SecureString (preferred) or a raw password string to avoid
+    // expensive SecureString construction in the hot login path.
+    const pwdBuffer =
+      // amazonq-ignore-next-line false positive
+      typeof password === 'string'
+        ? Buffer.from(password, 'utf8')
+        : Buffer.from(password.valueAsUint8Array);
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Use centralized PBKDF2 service for async key derivation
+    const derivedKey = await pbkdf2Service.deriveKeyFromPasswordAsync(
+      pwdBuffer,
+      salt,
+      wrappedKey.iterations,
+      salt.length, // Use actual salt size
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    try {
+      const decipher = createDecipheriv(
+        'aes-256-gcm',
+        passwordKeySecure.value,
+        iv,
+      );
+      decipher.setAuthTag(authTag);
+      const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+      ]);
+      if (__perfEnabled)
+        console.warn(
+          '[perf] unwrapMasterKeyAsync pbkdf2',
+          'iters=' + String(wrappedKey.iterations).replace(/[\r\n]/g, ''),
+          'dt=' + (Date.now() - _t0) + 'ms',
+        );
+      return new SecureBuffer(decrypted);
+    } catch {
+      throw new InvalidPasswordError();
+    } finally {
+      // Best-effort zero the temporary password buffer
+      try {
+        pwdBuffer.fill(0);
+      } catch {
+        // ignore
+      }
+      passwordKeySecure.dispose();
+    }
+  }
+  /**
+   * Deduplicated async unwrap that coalesces concurrent identical PBKDF2 operations.
+   * Keyed by salt + iterations + a short hash of the password. Entry is removed after resolve/reject.
+   */
+  public async unwrapMasterKeyAsyncDedup(
+    wrappedKey: WrappedKey,
+    password: string,
+    constants: IConstants = Constants,
+  ): Promise<SecureBuffer> {
+    // Derive a short cache key; avoid storing raw password by hashing
+    const pwdKey = createHash('sha256')
+      .update(password, 'utf8')
+      .digest('hex')
+      .slice(0, 24);
+    const cacheKey = `${wrappedKey.salt}:${wrappedKey.iterations}:${pwdKey}`;
+    let p = KeyWrappingService.inFlightUnwraps.get(cacheKey);
+    if (!p) {
+      // Compute once, extract raw bytes, dispose the shared SecureBuffer, and cache the bytes
+      p = (async () => {
+        const mk = await this.unwrapMasterKeyAsync(
+          wrappedKey,
+          password,
+          constants,
+        );
+        try {
+          const copy = Buffer.from(mk.value);
+          const b64 = copy.toString('base64');
+          // zeroize copy
+          copy.fill(0);
+          return b64;
+        } finally {
+          mk.dispose();
+        }
+      })().finally(() => {
+        // Best-effort cleanup
+        KeyWrappingService.inFlightUnwraps.delete(cacheKey);
+      }) as Promise<string>;
+      KeyWrappingService.inFlightUnwraps.set(cacheKey, p);
+    }
+    const b64 = await p;
+    // Return a fresh SecureBuffer per caller to avoid cross-disposal races
+    const buf = Buffer.from(b64, 'base64');
+    const secure = new SecureBuffer(Buffer.from(buf));
+    buf.fill(0);
+    return secure;
+  }
+  /**
+   * Changes password by re-wrapping the master key
+   */
+  public changePassword(
+    wrappedKey: WrappedKey,
+    oldPassword: SecureString,
+    newPassword: SecureString,
+    constants: IConstants = Constants,
+  ): WrappedKey {
+    // Unwrap with old password
+    const masterKey = this.unwrapMasterKey(wrappedKey, oldPassword, constants);
+    try {
+      // Re-wrap with new password
+      return this.wrapMasterKey(masterKey, newPassword, constants);
+    } finally {
+      masterKey.dispose();
+    }
+  }
+  /**
+   * Wraps arbitrary secret bytes with a password-derived key (AES-256-GCM)
+   */
+  public wrapSecret(
+    secret: SecureBuffer,
+    password: SecureString,
+    constants: IConstants = Constants,
+  ): PasswordWrappedSecret {
+    if (constants.PasswordRegex.test(password.value ?? '') === false) {
+      throw new InvalidNewPasswordError();
+    }
+    const salt = randomBytes(constants.WRAPPED_KEY.SALT_SIZE);
+    const iterations = constants.WRAPPED_KEY.MIN_ITERATIONS;
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Derive key from password using centralized PBKDF2 service
+    const derivedKey = pbkdf2Service.deriveKeyFromPassword(
+      Buffer.from(password.valueAsUint8Array),
+      salt,
+      iterations,
+      constants.WRAPPED_KEY.SALT_SIZE,
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    try {
+      const iv = randomBytes(constants.WRAPPED_KEY.IV_SIZE);
+      const cipher = createCipheriv('aes-256-gcm', passwordKeySecure.value, iv);
+      const encrypted = Buffer.concat([
+        cipher.update(secret.value),
+        cipher.final(),
+      ]);
+      const authTag = cipher.getAuthTag();
+      return {
+        salt: salt.toString('hex'),
+        iv: iv.toString('hex'),
+        authTag: authTag.toString('hex'),
+        ciphertext: encrypted.toString('hex'),
+        iterations,
+      };
+    } finally {
+      passwordKeySecure.dispose();
+    }
+  }
+  /**
+   * Unwraps a password-wrapped secret (sync)
+   */
+  public unwrapSecret(
+    wrapped: PasswordWrappedSecret,
+    password: SecureString,
+    constants: IConstants = Constants,
+  ): SecureBuffer {
+    const salt = Buffer.from(wrapped.salt, 'hex');
+    const iv = Buffer.from(wrapped.iv, 'hex');
+    const authTag = Buffer.from(wrapped.authTag, 'hex');
+    const encrypted = Buffer.from(wrapped.ciphertext, 'hex');
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Derive key from password using centralized PBKDF2 service
+    const derivedKey = pbkdf2Service.deriveKeyFromPassword(
+      Buffer.from(password.valueAsUint8Array),
+      salt,
+      wrapped.iterations,
+      salt.length, // Use actual salt size
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    try {
+      const decipher = createDecipheriv(
+        'aes-256-gcm',
+        passwordKeySecure.value,
+        iv,
+      );
+      decipher.setAuthTag(authTag);
+      const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+      ]);
+      return new SecureBuffer(decrypted);
+    } catch {
+      throw new InvalidPasswordError();
+    } finally {
+      passwordKeySecure.dispose();
+    }
+  }
+  /**
+   * Unwraps a password-wrapped secret (async PBKDF2)
+   */
+  public async unwrapSecretAsync(
+    wrapped: PasswordWrappedSecret,
+    password: SecureString | string,
+    constants: IConstants = Constants,
+  ): Promise<SecureBuffer> {
+    const salt = Buffer.from(wrapped.salt, 'hex');
+    const iv = Buffer.from(wrapped.iv, 'hex');
+    const authTag = Buffer.from(wrapped.authTag, 'hex');
+    const encrypted = Buffer.from(wrapped.ciphertext, 'hex');
+    // Validate password parameter before using it
+    // amazonq-ignore-next-line false positive
+    if (typeof password === 'string') {
+      if (password === undefined || password === null) {
+        throw new Error('Password cannot be undefined or null');
+      }
+    } else if (!(password instanceof SecureString)) {
+      throw new Error('Password must be provided as string or SecureString');
+    }
+    const pwdBuffer =
+      // amazonq-ignore-next-line false positive
+      typeof password === 'string'
+        ? Buffer.from(password, 'utf8')
+        : await (async () => password.valueAsUint8Array)();
+    // Additional safety check
+    if (!pwdBuffer) {
+      throw new Error(
+        'Failed to create password buffer - password may be invalid',
+      );
+    }
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Use centralized PBKDF2 service for async key derivation
+    const derivedKey = await pbkdf2Service.deriveKeyFromPasswordAsync(
+      Buffer.from(pwdBuffer),
+      salt,
+      wrapped.iterations,
+      salt.length, // Use actual salt size
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    try {
+      const decipher = createDecipheriv(
+        'aes-256-gcm',
+        passwordKeySecure.value,
+        iv,
+      );
+      decipher.setAuthTag(authTag);
+      const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+      ]);
+      return new SecureBuffer(decrypted);
+    } catch {
+      throw new InvalidPasswordError();
+    } finally {
+      try {
+        pwdBuffer.fill(0);
+      } catch {
+        // ignore
+      }
+      passwordKeySecure.dispose();
+    }
+  }
+}

package/src/services/mnemonic.ts ADDED Viewed

@@ -0,0 +1,168 @@
+import { SecureBuffer, SecureString } from '@digitaldefiance/ecies-lib';
+import { ClientSession, Model, Types } from '@digitaldefiance/mongoose-types';
+import {
+  SuiteCoreStringKey,
+  TranslatableSuiteError,
+} from '@digitaldefiance/suite-core-lib';
+import { createHmac } from 'crypto';
+import { IMnemonicDocument } from '../documents/mnemonic';
+import { IConstants } from '../interfaces';
+/**
+ * Encrypts and stores mnemonics securely, using an HMAC to check for
+ * uniqueness without exposing the mnemonic itself.
+ */
+export class MnemonicService<
+  I extends string | Types.ObjectId = Types.ObjectId,
+> {
+  private readonly hmacSecret: SecureBuffer;
+  private readonly MnemonicModel: Model<IMnemonicDocument<I>>;
+  private readonly constants: IConstants;
+  constructor(
+    mnemonicModel: Model<IMnemonicDocument<I>>,
+    hmacSecret: SecureBuffer,
+    constants: IConstants,
+  ) {
+    this.MnemonicModel = mnemonicModel;
+    // Immediately wrap secrets in secure containers
+    this.hmacSecret = hmacSecret;
+    this.constants = constants;
+  }
+  /**
+   * Disposes of the secure secrets held by this service.
+   */
+  public dispose(): void {
+    this.hmacSecret.dispose();
+  }
+  /**
+   * Creates a non-reversible HMAC of the mnemonic for fast, indexed lookups.
+   * @param mnemonic The mnemonic to hash, wrapped in a SecureString.
+   */
+  public getMnemonicHmac(mnemonic: SecureString): string {
+    // Use the raw secret buffer for the HMAC
+    return createHmac('sha256', this.hmacSecret.value)
+      .update(mnemonic.valueAsUint8Array) // Use the raw buffer for consistency
+      .digest('hex');
+  }
+  /**
+   * Checks if a mnemonic already exists in the database using its HMAC.
+   * @param mnemonic The mnemonic to check, wrapped in a SecureString.
+   * @param session Optional Mongoose session for transaction support.
+   */
+  public async mnemonicExists(
+    mnemonic: SecureString,
+    session?: ClientSession,
+  ): Promise<boolean> {
+    const hmac = this.getMnemonicHmac(mnemonic);
+    const count = await this.MnemonicModel.countDocuments({ hmac }).session(
+      session ?? null,
+    );
+    return count > 0;
+  }
+  /**
+   * Adds a new, unique mnemonic to the database with password-based key wrapping.
+   * @param mnemonic The mnemonic to add, wrapped in a SecureString.
+   * @param password User's password for key wrapping.
+   * @param session Optional Mongoose session for transaction support.
+   */
+  public async addMnemonicWithPassword(
+    mnemonic: SecureString,
+    _password: SecureString,
+    session?: ClientSession,
+  ): Promise<{
+    document: IMnemonicDocument<I> | null;
+  }> {
+    if (!mnemonic.value || !this.constants.MnemonicRegex.test(mnemonic.value)) {
+      throw new TranslatableSuiteError(
+        SuiteCoreStringKey.Validation_MnemonicRegex,
+      );
+    }
+    if (await this.mnemonicExists(mnemonic, session)) {
+      return { document: null };
+    }
+    try {
+      const hmac = this.getMnemonicHmac(mnemonic);
+      const [newDoc] = await this.MnemonicModel.create(
+        [
+          {
+            hmac: hmac,
+          },
+        ],
+        { session },
+      );
+      return { document: newDoc };
+    } finally {
+      // nothing to dispose
+    }
+  }
+  /**
+   * Adds a new, unique mnemonic to the database.
+   * @param mnemonic The mnemonic to add, wrapped in a SecureString.
+   * @param session Optional Mongoose session for transaction support.
+   */
+  public async addMnemonic(
+    mnemonic: SecureString,
+    session?: ClientSession,
+  ): Promise<IMnemonicDocument<I> | null> {
+    if (!mnemonic.value || !this.constants.MnemonicRegex.test(mnemonic.value)) {
+      throw new TranslatableSuiteError(
+        SuiteCoreStringKey.Validation_MnemonicRegex,
+      );
+    }
+    if (await this.mnemonicExists(mnemonic, session)) {
+      return null;
+    }
+    const hmac = this.getMnemonicHmac(mnemonic);
+    const [newDoc] = await this.MnemonicModel.create(
+      [
+        {
+          hmac: hmac,
+        },
+      ],
+      { session },
+    );
+    return newDoc;
+  }
+  /**
+   * Retrieves a mnemonic document by ID.
+   * @param mnemonicId The ID of the mnemonic document.
+   * @param session Optional Mongoose session for transaction support.
+   */
+  public async getMnemonicDocument(
+    mnemonicId: I,
+    session?: ClientSession,
+  ): Promise<IMnemonicDocument<I> | null> {
+    return await this.MnemonicModel.findById(mnemonicId).session(
+      session ?? null,
+    );
+  }
+  /**
+   * Decrypts a mnemonic from a document using the service's master encryption key.
+   * @param doc The mnemonic document.
+   */
+  /**
+   * Deletes a mnemonic document by ID.
+   * @param mnemonicId The ID of the mnemonic document.
+   * @param session Optional Mongoose session for transaction support.
+   */
+  public async deleteMnemonicDocument(
+    mnemonicId: I,
+    session?: ClientSession,
+  ): Promise<void> {
+    await this.MnemonicModel.findByIdAndDelete(mnemonicId).session(
+      session ?? null,
+    );
+  }
+}

package/src/services/request-user.ts ADDED Viewed

@@ -0,0 +1,101 @@
+import { Types } from '@digitaldefiance/mongoose-types';
+import {
+  IRequestUserDTO,
+  IRoleDTO,
+  ITokenRole,
+} from '@digitaldefiance/suite-core-lib';
+import { IUserDocument } from '../documents';
+import { IRequestUserBackendObject } from '../interfaces/backend-objects/request-user';
+import { convertStringToGenericId } from '../types/id-converters';
+import { RoleService } from './role';
+export class RequestUserService<
+  I extends string | Types.ObjectId,
+  _TTokenRole extends ITokenRole<I>,
+> {
+  /**
+   * Given a user document and an array of role documents, create the IRequestUser
+   * @param userDoc
+   * @returns
+   */
+  public static makeRequestUserDTO<
+    I extends string | Types.ObjectId,
+    S extends string,
+    TTokenRole extends ITokenRole<I>,
+    TRequestUserDTO extends IRequestUserDTO,
+  >(
+    userDoc:
+      | IUserDocument<S, I>
+      | (Pick<IUserDocument<S, I>, keyof IUserDocument<S, I>> & {
+          _id: Types.ObjectId | string;
+        }),
+    roles: TTokenRole[],
+  ): TRequestUserDTO {
+    if (!userDoc._id) {
+      throw new Error('User document is missing _id');
+    }
+    // Calculate combined role privileges across all roles
+    const rolePrivileges = {
+      admin: roles.some((r) => r.admin),
+      member: roles.some((r) => r.member),
+      child: roles.some((r) => r.child),
+      system: roles.some((r) => r.system),
+    };
+    return {
+      id: userDoc._id.toString(),
+      email: userDoc.email,
+      roles: roles.map((r) => RoleService.roleToRoleDTO(r)),
+      rolePrivileges,
+      username: userDoc.username,
+      timezone: userDoc.timezone,
+      currency: userDoc.currency,
+      directChallenge: userDoc.directChallenge,
+      emailVerified: userDoc.emailVerified,
+      darkMode: userDoc.darkMode,
+      siteLanguage: userDoc.siteLanguage as string,
+      ...(userDoc.lastLogin && { lastLogin: userDoc.lastLogin.toString() }),
+    } as TRequestUserDTO;
+  }
+  /**
+   * Given a request user, reconstitute dates, objectids, and enums
+   * @param requestUser a RequestUser DTO
+   * @returns An IRequestUserBackendObject
+   */
+  public static hydrateRequestUser<
+    I extends string | Types.ObjectId,
+    S extends string,
+    TRequestUserDTO extends IRequestUserDTO & { siteLanguage: S },
+  >(
+    requestUser: TRequestUserDTO,
+    idConverter?: (id: string) => I,
+  ): IRequestUserBackendObject<S, I> {
+    const convert =
+      idConverter ?? ((id: string) => convertStringToGenericId<I>(id));
+    const hydratedRoles = requestUser.roles.map((role: IRoleDTO) =>
+      RoleService.hydrateRoleDTOToBackend<I>(role, convert),
+    );
+    const hydratedUser: IRequestUserBackendObject<S, I> = {
+      id: convert(requestUser.id),
+      email: requestUser.email,
+      roles: hydratedRoles,
+      rolePrivileges: requestUser.rolePrivileges,
+      username: requestUser.username,
+      timezone: requestUser.timezone,
+      currency: requestUser.currency,
+      directChallenge: requestUser.directChallenge,
+      emailVerified: requestUser.emailVerified,
+      darkMode: requestUser.darkMode,
+      siteLanguage: requestUser.siteLanguage,
+    };
+    if (requestUser.lastLogin) {
+      hydratedUser.lastLogin = new Date(requestUser.lastLogin);
+    }
+    return hydratedUser;
+  }
+}