@digitaldefiance/node-express-suite 3.6.7 → 3.6.8

package/src/services/database-initialization.js

@@ -1,817 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DatabaseInitializationService = void 0;
-const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
-const i18n_lib_1 = require("@digitaldefiance/i18n-lib");
-const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
-const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
-const crc_1 = require("crc");
-const crypto_1 = require("crypto");
-const mongodb_1 = require("mongodb");
-const backup_code_1 = require("../backup-code");
-const base_model_name_1 = require("../enumerations/base-model-name");
-const model_registry_1 = require("../model-registry");
-const key_wrapping_1 = require("../services/key-wrapping");
-const id_converters_1 = require("../types/id-converters");
-const utils_1 = require("../utils");
-const backup_code_2 = require("./backup-code");
-const mnemonic_1 = require("./mnemonic");
-const role_1 = require("./role");
-const system_user_1 = require("./system-user");
-class DatabaseInitializationService {
-    // Static initialization state management
-    static initializationPromises = new Map();
-    static initializationLock = new Map();
-    static defaultI18nTFunc(str, variables, language, application) {
-        // All callers pass template strings with {{component.key}} syntax
-        return (0, suite_core_lib_1.getSuiteCoreI18nEngine)(application ? { constants: application.constants } : undefined).t(str, variables, language);
-    }
-    /**
-     * Get the mnemonic or generate a new one if not present
-     * @param mnemonic The existing mnemonic or undefined
-     * @param eciesService The ECIES service to generate a new mnemonic
-     * @returns The existing or new mnemonic
-     */
-    static mnemonicOrNew(mnemonic, eciesService) {
-        return mnemonic && mnemonic.hasValue
-            ? mnemonic
-            : eciesService.generateNewMnemonic();
-    }
-    /**
-     * Generate a cache key for a user based on their details
-     * @param username The username
-     * @param email The email address
-     * @param mnemonic The mnemonic
-     * @param id The user ID
-     * @returns The generated cache key
-     */
-    static cacheKey(username, email, mnemonic, id, idToString = (id) => String(id)) {
-        const combined = `${username}|${email.email}|${mnemonic.value}|${idToString(id)}`;
-        const buffer = Buffer.from(combined, 'utf-8');
-        const crcHash = (0, crc_1.crc32)(buffer);
-        return crcHash.toString(16).padStart(8, '0');
-    }
-    /**
-     * Get a cached BackendMember or create a new one if not cached
-     * @param username The username
-     * @param email The email address
-     * @param mnemonic The mnemonic or undefined to generate a new one
-     * @param memberType The type of member (Admin, Member, System)
-     * @param eciesService The ECIES service to handle key generation
-     * @param memberId Optional specific member ID to use
-     * @param createdBy Optional ID of the user who created this member
-     * @returns The cached or newly created BackendMember and the mnemonic used
-     */
-    static cacheOrNew(username, email, mnemonic, memberType, eciesService, memberId, createdBy, idGenerator, idToString = (id) => String(id)) {
-        const m = this.mnemonicOrNew(mnemonic, eciesService);
-        const newId = memberId
-            ? memberId
-            : idGenerator
-                ? idGenerator()
-                : (0, id_converters_1.convertObjectIdToGenericId)(new mongodb_1.ObjectId());
-        const key = DatabaseInitializationService.cacheKey(username, email, m, newId, idToString);
-        if (!global.__MEMBER_CACHE__) {
-            global.__MEMBER_CACHE__ = new Map();
-        }
-        if (!global.__MEMBER_CACHE__.has(key)) {
-            const { wallet } = eciesService.walletAndSeedFromMnemonic(m);
-            // Get private key from wallet
-            const privateKey = wallet.getPrivateKey();
-            // Get public key with 0x04 prefix
-            const publicKeyWithPrefix = Buffer.concat([
-                Buffer.from([ecies_lib_1.ECIES.PUBLIC_KEY_MAGIC]),
-                wallet.getPublicKey(),
-            ]);
-            const user = new node_ecies_lib_1.Member(eciesService, memberType, username, email, publicKeyWithPrefix, new ecies_lib_1.SecureBuffer(privateKey), wallet, newId, undefined, undefined, createdBy);
-            global.__MEMBER_CACHE__.set(key, { mnemonic: m, member: user });
-            return { mnemonic: m, member: user };
-        }
-        else {
-            return global.__MEMBER_CACHE__.get(key);
-        }
-    }
-    /**
-     * Generate a random password
-     * @param length The length of the password
-     * @returns The generated password
-     */
-    static generatePassword(length) {
-        const specialCharacters = "!@#$%^&*()_+-=[]{};':|,.<>/?";
-        const numbers = '0123456789';
-        const letters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-        // Get a random character from a string
-        const getRandomChar = (chars) => {
-            // amazonq-ignore-next-line false positive
-            const randomIndex = (0, crypto_1.randomBytes)(1)[0] % chars.length;
-            return chars[randomIndex];
-        };
-        // Start with one of each required character type
-        // amazonq-ignore-next-line false positive
-        let password = '';
-        password += getRandomChar(letters);
-        password += getRandomChar(numbers);
-        password += getRandomChar(specialCharacters);
-        // Fill the rest with random characters from all types
-        const allCharacters = specialCharacters + numbers + letters;
-        for (let i = password.length; i < length; i++) {
-            password += getRandomChar(allCharacters);
-        }
-        // Shuffle the password characters to avoid predictable pattern
-        const chars = password.split('');
-        for (let i = chars.length - 1; i > 0; i--) {
-            // amazonq-ignore-next-line already fixed
-            const j = (0, crypto_1.randomBytes)(1)[0] % (i + 1);
-            [chars[i], chars[j]] = [chars[j], chars[i]];
-        }
-        return chars.join('');
-    }
-    /**
-     * Drops the database
-     * @param connection The database connection
-     * @returns True if the database was dropped, false if not connected
-     */
-    static async dropDatabase(connection) {
-        if (!connection.db)
-            return false;
-        (0, utils_1.debugLog)(true, 'warn', this.defaultI18nTFunc('{{SuiteCoreStringKey.Admin_DroppingDatabase}}'));
-        return connection.db.dropDatabase();
-    }
-    static getInitOptions(application) {
-        const env = application.environment;
-        return {
-            adminId: env.adminId,
-            adminMnemonic: env.adminMnemonic?.hasValue
-                ? env.adminMnemonic
-                : undefined,
-            adminPassword: env.adminPassword?.hasValue
-                ? env.adminPassword
-                : undefined,
-            adminRoleId: env.adminRoleId,
-            adminUserRoleId: env.adminUserRoleId,
-            adminBackupCodes: env.adminBackupCodes,
-            memberId: env.memberId,
-            memberMnemonic: env.memberMnemonic?.hasValue
-                ? env.memberMnemonic
-                : undefined,
-            memberPassword: env.memberPassword?.hasValue
-                ? env.memberPassword
-                : undefined,
-            memberRoleId: env.memberRoleId,
-            memberUserRoleId: env.memberUserRoleId,
-            memberBackupCodes: env.memberBackupCodes,
-            systemId: env.systemId,
-            systemMnemonic: env.systemMnemonic?.hasValue
-                ? env.systemMnemonic
-                : undefined,
-            systemPassword: env.systemPassword?.hasValue
-                ? env.systemPassword
-                : undefined,
-            systemRoleId: env.systemRoleId,
-            systemUserRoleId: env.systemUserRoleId,
-            systemBackupCodes: env.systemBackupCodes,
-        };
-    }
-    static serverInitResultHash(serverInitResult, idToString = (id) => String(id)) {
-        const h = (0, crypto_1.createHash)('sha256');
-        h.update(idToString(serverInitResult.adminUser._id));
-        h.update(idToString(serverInitResult.adminRole._id));
-        h.update(idToString(serverInitResult.adminUserRole._id));
-        h.update(serverInitResult.adminUsername);
-        h.update(serverInitResult.adminEmail);
-        h.update(serverInitResult.adminMnemonic);
-        h.update(serverInitResult.adminPassword);
-        h.update(serverInitResult.adminUser.publicKey);
-        serverInitResult.adminBackupCodes.map((bc) => h.update(bc));
-        h.update(idToString(serverInitResult.memberUser._id));
-        h.update(idToString(serverInitResult.memberRole._id));
-        h.update(idToString(serverInitResult.memberUserRole._id));
-        h.update(serverInitResult.memberUsername);
-        h.update(serverInitResult.memberEmail);
-        h.update(serverInitResult.memberMnemonic);
-        h.update(serverInitResult.memberPassword);
-        h.update(serverInitResult.memberUser.publicKey);
-        serverInitResult.memberBackupCodes.map((bc) => h.update(bc));
-        h.update(idToString(serverInitResult.systemUser._id));
-        h.update(idToString(serverInitResult.systemRole._id));
-        h.update(idToString(serverInitResult.systemUserRole._id));
-        h.update(serverInitResult.systemUsername);
-        h.update(serverInitResult.systemEmail);
-        h.update(serverInitResult.systemMnemonic);
-        h.update(serverInitResult.systemPassword);
-        h.update(serverInitResult.systemUser.publicKey);
-        serverInitResult.systemBackupCodes.map((bc) => h.update(bc));
-        return h.digest('hex');
-    }
-    /**
-     * Initialize the user database with default users and roles (with dependency injection)
-     * @param application The application
-     * @param keyWrappingService The key wrapping service
-     * @param mnemonicService The mnemonic service
-     * @param eciesService The ECIES service
-     * @param roleService The role service
-     * @param backupCodeService The backup code service
-     * @returns The result of the initialization
-     */
-    static async initUserDbWithServices(application, keyWrappingService, mnemonicService, eciesService, roleService, backupCodeService, idGenerator, idToString = (id) => application.constants.idProvider.idToString(id)) {
-        const engine = (0, suite_core_lib_1.getSuiteCoreI18nEngine)({ constants: application.constants });
-        const isTestEnvironment = process.env['NODE_ENV'] === 'test';
-        const options = DatabaseInitializationService.getInitOptions(application);
-        const effectiveIdGenerator = (idGenerator ??
-            (() => application.environment.idAdapter(application.constants.idProvider.generate())));
-        const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
-        const RoleModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.Role);
-        const adminUserId = options.adminId ?? effectiveIdGenerator();
-        const adminRoleId = options.adminRoleId ?? effectiveIdGenerator();
-        const adminUserRoleId = options.adminUserRoleId ?? effectiveIdGenerator();
-        const memberUserId = options.memberId ?? effectiveIdGenerator();
-        const memberRoleId = options.memberRoleId ?? effectiveIdGenerator();
-        const memberUserRoleId = options.memberUserRoleId ?? effectiveIdGenerator();
-        const systemUserId = options.systemId ?? effectiveIdGenerator();
-        const systemRoleId = options.systemRoleId ?? effectiveIdGenerator();
-        const systemUserRoleId = options.systemUserRoleId ?? effectiveIdGenerator();
-        // Check for existing users and roles with optimized queries
-        // Use lean() for better performance on read-only operations
-        const [existingUsers, existingRoles] = await Promise.all([
-            UserModel.find({
-                username: {
-                    $in: [
-                        application.constants.SystemUser,
-                        application.constants.AdministratorUser,
-                        application.constants.MemberUser,
-                    ],
-                },
-            }).lean(),
-            RoleModel.find({
-                name: {
-                    $in: [
-                        application.constants.AdministratorRole,
-                        application.constants.MemberRole,
-                        application.constants.SystemRole,
-                    ],
-                },
-            }).lean(),
-        ]);
-        if (existingUsers.length > 0 || existingRoles.length > 0) {
-            // Database is already initialized, return the existing data
-            const existingAdminUser = existingUsers.find((u) => u.username === application.constants.AdministratorUser);
-            const existingMemberUser = existingUsers.find((u) => u.username === application.constants.MemberUser);
-            const existingSystemUser = existingUsers.find((u) => u.username === application.constants.SystemUser);
-            if (existingAdminUser && existingMemberUser && existingSystemUser) {
-                const adminUserDoc = UserModel.hydrate(existingAdminUser);
-                const memberUserDoc = UserModel.hydrate(existingMemberUser);
-                const systemUserDoc = UserModel.hydrate(existingSystemUser);
-                // Try to construct a minimal result from existing data
-                // Note: This is a fallback case and some data may not be available
-                const UserRoleModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.UserRole);
-                const [adminRole, memberRole, systemRole, adminUserRole, memberUserRole, systemUserRole,] = await Promise.all([
-                    RoleModel.findOne({ name: application.constants.AdministratorRole }),
-                    RoleModel.findOne({ name: application.constants.MemberRole }),
-                    RoleModel.findOne({ name: application.constants.SystemRole }),
-                    UserRoleModel.findOne({ userId: adminUserDoc._id }),
-                    UserRoleModel.findOne({ userId: memberUserDoc._id }),
-                    UserRoleModel.findOne({ userId: systemUserDoc._id }),
-                ]);
-                // detailed case
-                if (adminRole &&
-                    memberRole &&
-                    systemRole &&
-                    adminUserRole &&
-                    memberUserRole &&
-                    systemUserRole) {
-                    return {
-                        alreadyInitialized: true,
-                        success: false,
-                        data: {
-                            adminRole,
-                            adminUserRole,
-                            adminUser: adminUserDoc,
-                            adminUsername: adminUserDoc.username,
-                            adminEmail: adminUserDoc.email,
-                            adminMnemonic: '', // Not available in fallback
-                            adminPassword: '', // Not available in fallback
-                            adminBackupCodes: [], // Not available in fallback
-                            adminMember: {}, // Not available in fallback
-                            memberRole,
-                            memberUserRole,
-                            memberUser: memberUserDoc,
-                            memberUsername: memberUserDoc.username,
-                            memberEmail: memberUserDoc.email,
-                            memberMnemonic: '', // Not available in fallback
-                            memberPassword: '', // Not available in fallback
-                            memberBackupCodes: [], // Not available in fallback
-                            memberMember: {}, // Not available in fallback
-                            systemRole,
-                            systemUserRole,
-                            systemUser: systemUserDoc,
-                            systemUsername: systemUserDoc.username,
-                            systemEmail: systemUserDoc.email,
-                            systemMnemonic: '', // Not available in fallback
-                            systemPassword: '', // Not available in fallback
-                            systemBackupCodes: [], // Not available in fallback
-                            systemMember: {}, // Not available in fallback
-                        },
-                        message: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_DatabaseAlreadyInitialized),
-                        error: new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_DatabaseAlreadyInitialized)),
-                    };
-                }
-            }
-            // basic case
-            return {
-                alreadyInitialized: true,
-                success: false,
-                message: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_DatabaseAlreadyInitialized),
-                error: new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_DatabaseAlreadyInitialized)),
-            };
-        }
-        (0, utils_1.debugLog)(application.environment.detailedDebug, 'log', engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_SettingUpUsersAndRoles));
-        const now = new Date();
-        // Add a small random delay in test environments to reduce collision probability
-        if (isTestEnvironment) {
-            const delay = ((0, crypto_1.randomBytes)(1)[0] % 50) + 10; // 10-60ms random delay (reduced)
-            await new Promise((resolve) => setTimeout(resolve, delay));
-        }
-        try {
-            // Use test-optimized settings for better performance
-            const transactionOptions = isTestEnvironment
-                ? { timeoutMs: 15000, retryAttempts: 2 } // Reduced timeout and retries for tests
-                : { timeoutMs: 120000 }; // Keep original production timeout
-            const result = await (0, utils_1.withTransaction)(application.db.connection, application.environment.mongo.useTransactions, undefined, async (sess) => {
-                // Check if admin role already exists
-                let adminRole = await RoleModel.findOne({
-                    name: application.constants.AdministratorRole,
-                }).session(sess ?? null);
-                if (!adminRole) {
-                    const adminRoleDocs = await RoleModel.create([
-                        {
-                            _id: adminRoleId,
-                            name: application.constants.AdministratorRole,
-                            admin: true,
-                            member: true,
-                            system: false,
-                            child: false,
-                            createdAt: now,
-                            updatedAt: now,
-                            createdBy: systemUserId,
-                            updatedBy: systemUserId,
-                        },
-                    ], { session: sess });
-                    if (adminRoleDocs.length !== 1) {
-                        throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateRoleTemplate, {
-                            NAME: application.constants.AdministratorRole,
-                        });
-                    }
-                    adminRole = adminRoleDocs[0];
-                }
-                // Check if member role already exists
-                let memberRole = await RoleModel.findOne({
-                    name: application.constants.MemberRole,
-                }).session(sess ?? null);
-                if (!memberRole) {
-                    const memberRoleDocs = await RoleModel.create([
-                        {
-                            _id: memberRoleId,
-                            name: application.constants.MemberRole,
-                            admin: false,
-                            member: true,
-                            child: false,
-                            system: false,
-                            createdAt: now,
-                            updatedAt: now,
-                            createdBy: systemUserId,
-                            updatedBy: systemUserId,
-                        },
-                    ], { session: sess });
-                    if (memberRoleDocs.length !== 1) {
-                        throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateRoleTemplate, {
-                            NAME: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Member),
-                        });
-                    }
-                    memberRole = memberRoleDocs[0];
-                }
-                // Check if system role already exists
-                let systemRole = await RoleModel.findOne({
-                    name: application.constants.SystemRole,
-                }).session(sess ?? null);
-                if (!systemRole) {
-                    const systemRoleDocs = await RoleModel.create([
-                        {
-                            _id: systemRoleId,
-                            name: application.constants.SystemRole,
-                            admin: true,
-                            member: true,
-                            system: true,
-                            child: false,
-                            createdAt: now,
-                            updatedAt: now,
-                            createdBy: systemUserId,
-                            updatedBy: systemUserId,
-                        },
-                    ], { session: sess });
-                    if (systemRoleDocs.length !== 1) {
-                        throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateRoleTemplate);
-                    }
-                    systemRole = systemRoleDocs[0];
-                }
-                const systemUser = DatabaseInitializationService.cacheOrNew(application.constants.SystemUser, new ecies_lib_1.EmailString(application.constants.SystemEmail), options.systemMnemonic, ecies_lib_1.MemberType.System, eciesService, systemUserId, systemUserId, effectiveIdGenerator, idToString);
-                backupCodeService.setSystemUser(systemUser.member);
-                system_user_1.SystemUserService.setSystemUser(systemUser.member, application.constants);
-                // Encrypt mnemonic for recovery
-                const systemEncryptedMnemonic = systemUser.member
-                    .encryptData(Buffer.from(systemUser.mnemonic.value ?? '', 'utf-8'))
-                    .toString('hex');
-                const systemMnemonicDoc = await mnemonicService.addMnemonic(systemUser.mnemonic, sess);
-                if (!systemMnemonicDoc) {
-                    throw new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToStoreUserMnemonicTemplate, {
-                        NAME: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_System),
-                    }));
-                }
-                const systemPasswordSecure = options.systemPassword
-                    ? options.systemPassword
-                    : new ecies_lib_1.SecureString(this.generatePassword(16));
-                const systemWrapped = keyWrappingService.wrapSecret(systemUser.member.privateKey, systemPasswordSecure, application.constants);
-                const systemBackupCodes = options.systemBackupCodes ?? backup_code_1.BackupCode.generateBackupCodes();
-                const encryptedSystemBackupCodes = await backup_code_1.BackupCode.encryptBackupCodes(systemUser.member, systemUser.member, systemBackupCodes);
-                const systemDocs = await UserModel.create([
-                    {
-                        _id: systemUserId,
-                        username: application.constants.SystemUser,
-                        email: application.constants.SystemEmail,
-                        publicKey: systemUser.member.publicKey.toString('hex'),
-                        duressPasswords: [],
-                        mnemonicRecovery: systemEncryptedMnemonic,
-                        mnemonicId: systemMnemonicDoc._id,
-                        passwordWrappedPrivateKey: systemWrapped,
-                        backupCodes: encryptedSystemBackupCodes,
-                        timezone: application.environment.timezone,
-                        siteLanguage: 'en-US',
-                        emailVerified: true,
-                        darkMode: false,
-                        accountStatus: suite_core_lib_1.AccountStatus.Active,
-                        directChallenge: true, // allow direct challenge login by default
-                        createdAt: now,
-                        updatedAt: now,
-                        createdBy: systemUserId,
-                        updatedBy: systemUserId,
-                    },
-                ], { session: sess });
-                if (systemDocs.length !== 1) {
-                    throw new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateUserTemplate, {
-                        NAME: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_System),
-                    }));
-                }
-                const systemDoc = systemDocs[0];
-                // Create admin user-role relationship
-                const systemUserRoleDoc = await roleService.addUserToRole(systemRoleId, systemUserId, systemUserId, sess, systemUserRoleId);
-                if (!systemUser.mnemonic.value) {
-                    throw new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_MnemonicIsNullTemplate, {
-                        NAME: suite_core_lib_1.SuiteCoreStringKey.Common_System,
-                    }));
-                }
-                const adminUser = DatabaseInitializationService.cacheOrNew(application.constants.AdministratorUser, new ecies_lib_1.EmailString(application.constants.AdministratorEmail), options.adminMnemonic, ecies_lib_1.MemberType.User, eciesService, adminUserId, systemDoc._id, effectiveIdGenerator, idToString);
-                // Encrypt mnemonic for recovery
-                const adminEncryptedMnemonic = adminUser.member
-                    .encryptData(Buffer.from(adminUser.mnemonic.value ?? '', 'utf-8'))
-                    .toString('hex');
-                const adminMnemonicDoc = await mnemonicService.addMnemonic(adminUser.mnemonic, sess);
-                if (!adminMnemonicDoc) {
-                    throw new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToStoreUserMnemonicTemplate, {
-                        NAME: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Admin),
-                    }));
-                }
-                const adminPasswordSecure = options.adminPassword
-                    ? options.adminPassword
-                    : new ecies_lib_1.SecureString(this.generatePassword(16));
-                const adminWrapped = keyWrappingService.wrapSecret(adminUser.member.privateKey, adminPasswordSecure);
-                const adminBackupCodes = options.adminBackupCodes ?? backup_code_1.BackupCode.generateBackupCodes();
-                const encryptedAdminBackupCodes = await backup_code_1.BackupCode.encryptBackupCodes(adminUser.member, systemUser.member, adminBackupCodes);
-                const adminDocs = await UserModel.create([
-                    {
-                        _id: adminUserId,
-                        username: application.constants.AdministratorUser,
-                        email: application.constants.AdministratorEmail,
-                        publicKey: adminUser.member.publicKey.toString('hex'),
-                        duressPasswords: [],
-                        mnemonicRecovery: adminEncryptedMnemonic,
-                        mnemonicId: adminMnemonicDoc._id,
-                        passwordWrappedPrivateKey: adminWrapped,
-                        backupCodes: encryptedAdminBackupCodes,
-                        timezone: application.environment.timezone,
-                        siteLanguage: 'en-US',
-                        emailVerified: true,
-                        accountStatus: suite_core_lib_1.AccountStatus.Active,
-                        directChallenge: true,
-                        createdAt: now,
-                        updatedAt: now,
-                        createdBy: systemUserId,
-                        updatedBy: systemUserId,
-                    },
-                ], { session: sess });
-                if (adminDocs.length !== 1) {
-                    throw new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateUserTemplate, {
-                        NAME: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Admin),
-                    }));
-                }
-                const adminDoc = adminDocs[0];
-                // Create admin user-role relationship
-                const adminUserRoleDoc = await roleService.addUserToRole(adminRoleId, adminUserId, systemUserId, sess, adminUserRoleId);
-                if (!adminUser.mnemonic.value) {
-                    throw new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_MnemonicIsNullTemplate, {
-                        NAME: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Admin),
-                    }));
-                }
-                const memberUser = DatabaseInitializationService.cacheOrNew(application.constants.MemberUser, new ecies_lib_1.EmailString(application.constants.MemberEmail), options.memberMnemonic, ecies_lib_1.MemberType.User, eciesService, memberUserId, systemDoc._id, effectiveIdGenerator, idToString);
-                const memberPasswordSecure = options.memberPassword
-                    ? options.memberPassword
-                    : new ecies_lib_1.SecureString(this.generatePassword(16));
-                const memberMnemonicDoc = await mnemonicService.addMnemonic(memberUser.mnemonic, sess);
-                if (!memberMnemonicDoc) {
-                    throw new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToStoreUserMnemonicTemplate, {
-                        NAME: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Member),
-                    }));
-                }
-                // Encrypt mnemonic for recovery
-                const encryptedMemberMnemonic = memberUser.member
-                    .encryptData(Buffer.from(memberUser.mnemonic.value ?? '', 'utf-8'))
-                    .toString('hex');
-                const memberWrapped = keyWrappingService.wrapSecret(memberUser.member.privateKey, memberPasswordSecure);
-                const memberBackupCodes = options.memberBackupCodes ?? backup_code_1.BackupCode.generateBackupCodes();
-                const encryptedMemberBackupCodes = await backup_code_1.BackupCode.encryptBackupCodes(memberUser.member, systemUser.member, memberBackupCodes);
-                const memberDocs = await UserModel.create([
-                    {
-                        _id: memberUserId,
-                        username: application.constants.MemberUser,
-                        email: application.constants.MemberEmail,
-                        publicKey: memberUser.member.publicKey.toString('hex'),
-                        mnemonicId: memberMnemonicDoc._id,
-                        mnemonicRecovery: encryptedMemberMnemonic,
-                        passwordWrappedPrivateKey: memberWrapped,
-                        backupCodes: encryptedMemberBackupCodes,
-                        duressPasswords: [],
-                        timezone: application.environment.timezone,
-                        siteLanguage: 'en-US',
-                        emailVerified: true,
-                        accountStatus: suite_core_lib_1.AccountStatus.Active,
-                        directChallenge: true,
-                        createdAt: now,
-                        updatedAt: now,
-                        createdBy: systemUserId,
-                        updatedBy: systemUserId,
-                    },
-                ], { session: sess });
-                if (memberDocs.length !== 1) {
-                    throw new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateUserTemplate, {
-                        NAME: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Member),
-                    }));
-                }
-                const memberDoc = memberDocs[0];
-                // Create member user-role relationship
-                const memberUserRoleDoc = await roleService.addUserToRole(memberRoleId, memberUserId, systemUserId, sess, memberUserRoleId);
-                if (!memberUser.mnemonic.value) {
-                    throw new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Error_MnemonicIsNullTemplate, {
-                        NAME: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Common_Member),
-                    }));
-                }
-                return {
-                    adminRole,
-                    memberRole,
-                    systemRole,
-                    systemDoc,
-                    systemUserRoleDoc,
-                    systemPassword: systemPasswordSecure.notNullValue,
-                    systemMnemonic: systemUser.mnemonic.notNullValue,
-                    systemBackupCodes: systemBackupCodes,
-                    systemMember: systemUser.member,
-                    adminDoc,
-                    adminUserRoleDoc,
-                    adminPassword: adminPasswordSecure.notNullValue,
-                    adminMnemonic: adminUser.mnemonic.notNullValue,
-                    adminBackupCodes: adminBackupCodes,
-                    adminMember: adminUser.member,
-                    memberDoc,
-                    memberUserRoleDoc,
-                    memberPassword: memberPasswordSecure.notNullValue,
-                    memberMnemonic: memberUser.mnemonic.notNullValue,
-                    memberBackupCodes: memberBackupCodes,
-                    memberUser: memberUser.member,
-                };
-            }, transactionOptions);
-            return {
-                alreadyInitialized: false,
-                success: true,
-                data: {
-                    adminRole: result.adminRole,
-                    adminUserRole: result.adminUserRoleDoc,
-                    adminUser: result.adminDoc,
-                    adminUsername: result.adminDoc.username,
-                    adminEmail: result.adminDoc.email,
-                    adminMnemonic: result.adminMnemonic,
-                    adminPassword: result.adminPassword,
-                    adminBackupCodes: result.adminBackupCodes.map((bc) => bc.value ?? ''),
-                    adminMember: result.adminMember,
-                    memberRole: result.memberRole,
-                    memberUserRole: result.memberUserRoleDoc,
-                    memberUser: result.memberDoc,
-                    memberUsername: result.memberDoc.username,
-                    memberEmail: result.memberDoc.email,
-                    memberMnemonic: result.memberMnemonic,
-                    memberPassword: result.memberPassword,
-                    memberBackupCodes: result.memberBackupCodes.map((bc) => bc.value ?? ''),
-                    memberMember: result.memberUser,
-                    systemRole: result.systemRole,
-                    systemUserRole: result.systemUserRoleDoc,
-                    systemUser: result.systemDoc,
-                    systemUsername: result.systemDoc.username,
-                    systemEmail: result.systemDoc.email,
-                    systemMnemonic: result.systemMnemonic,
-                    systemPassword: result.systemPassword,
-                    systemBackupCodes: result.systemBackupCodes.map((bc) => bc.value ?? ''),
-                    systemMember: result.systemMember,
-                },
-            };
-        }
-        catch (error) {
-            // Check if it's a translatable error and display cleanly
-            if (error instanceof i18n_lib_1.TranslatableGenericError ||
-                error instanceof i18n_lib_1.TranslatableHandleableGenericError ||
-                error instanceof suite_core_lib_1.TranslatableSuiteError ||
-                error instanceof suite_core_lib_1.TranslatableSuiteHandleableError) {
-                return {
-                    alreadyInitialized: false,
-                    success: false,
-                    message: error.message,
-                    error: error,
-                };
-            }
-            return {
-                alreadyInitialized: false,
-                success: false,
-                message: engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_Error_FailedToInitializeUserDatabase),
-                error: error instanceof Error
-                    ? error
-                    : new Error(engine.translate(suite_core_lib_1.SuiteCoreComponentId, suite_core_lib_1.SuiteCoreStringKey.Admin_Error_FailedToInitializeUserDatabase)),
-            };
-        }
-    }
-    static serverInitResultsToDotEnv(serverInitResult, idToString = (id) => String(id)) {
-        return `ADMIN_ID="${idToString(serverInitResult.adminUser._id)}"
-ADMIN_MNEMONIC="${serverInitResult.adminMnemonic}"
-ADMIN_ROLE_ID="${idToString(serverInitResult.adminRole._id)}"
-ADMIN_USER_ROLE_ID="${idToString(serverInitResult.adminUserRole._id)}"
-ADMIN_PASSWORD="${serverInitResult.adminPassword}"
-MEMBER_ID="${idToString(serverInitResult.memberUser._id)}"
-MEMBER_MNEMONIC="${serverInitResult.memberMnemonic}"
-MEMBER_ROLE_ID="${idToString(serverInitResult.memberRole._id)}"
-MEMBER_USER_ROLE_ID="${idToString(serverInitResult.memberUserRole._id)}"
-MEMBER_PASSWORD="${serverInitResult.memberPassword}"
-SYSTEM_ID="${idToString(serverInitResult.systemUser._id)}"
-SYSTEM_MNEMONIC="${serverInitResult.systemMnemonic}"
-SYSTEM_PUBLIC_KEY="${serverInitResult.systemUser.publicKey}"
-SYSTEM_ROLE_ID="${idToString(serverInitResult.systemRole._id)}"
-SYSTEM_USER_ROLE_ID="${idToString(serverInitResult.systemUserRole._id)}"
-SYSTEM_PASSWORD="${serverInitResult.systemPassword}"
-`;
-    }
-    static printServerInitResults(result, printDotEnv = true, idToString = (id) => String(id)) {
-        (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('\n=== {{SuiteCoreStringKey.Admin_AccountCredentials}} ==='));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_ID}}: {id}', {
-            id: idToString(result.systemUser._id),
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Role}}: {roleName}', {
-            roleName: result.systemRole.name,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {roleId}', {
-            roleId: idToString(result.systemRole._id),
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_User}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {userRoleId}', {
-            userRoleId: idToString(result.systemUserRole._id),
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Username}}: {username}', {
-            username: result.systemUsername,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Email}}: {email}', {
-            email: result.systemEmail,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Password}}: {password}', {
-            password: result.systemPassword,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_Mnemonic}}: {mnemonic}', {
-            mnemonic: result.systemMnemonic,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_PublicKey}}: {publicKey}', {
-            publicKey: result.systemUser.publicKey,
-        }));
-        (0, utils_1.directLog)(true, 'log', `${this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_System}} {{SuiteCoreStringKey.Common_BackupCodes}}')}: ${result.systemBackupCodes.join(', ')}`);
-        (0, utils_1.directLog)(true, 'log', '');
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_ID}}: {id}', {
-            id: idToString(result.adminUser._id),
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Role}}: {roleName}', {
-            roleName: result.adminRole.name,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {roleId}', {
-            roleId: idToString(result.adminRole._id),
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_User}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {userRoleId}', {
-            userRoleId: idToString(result.adminUserRole._id),
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Username}}: {username}', {
-            username: result.adminUsername,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Email}}: {email}', {
-            email: result.adminEmail,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Password}}: {password}', {
-            password: result.adminPassword,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_Mnemonic}}: {mnemonic}', {
-            mnemonic: result.adminMnemonic,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_PublicKey}}: {publicKey}', {
-            publicKey: result.adminUser.publicKey,
-        }));
-        (0, utils_1.directLog)(true, 'log', `${this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Admin}} {{SuiteCoreStringKey.Common_BackupCodes}}')}: ${result.adminBackupCodes.join(', ')}`);
-        (0, utils_1.directLog)(true, 'log', '');
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_ID}}: {id}', {
-            id: idToString(result.memberUser._id),
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Role}}: {roleName}', {
-            roleName: result.memberRole.name,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {roleId}', {
-            roleId: idToString(result.memberRole._id),
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_User}} {{SuiteCoreStringKey.Common_Role}} {{SuiteCoreStringKey.Common_ID}}: {userRoleId}', {
-            userRoleId: idToString(result.memberUserRole._id),
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Username}}: {username}', {
-            username: result.memberUsername,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Email}}: {email}', {
-            email: result.memberEmail,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Password}}: {password}', {
-            password: result.memberPassword,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_Mnemonic}}: {mnemonic}', {
-            mnemonic: result.memberMnemonic,
-        }));
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_PublicKey}}: {publicKey}', {
-            publicKey: result.memberUser.publicKey,
-        }));
-        (0, utils_1.directLog)(true, 'log', `${this.defaultI18nTFunc('{{SuiteCoreStringKey.Common_Member}} {{SuiteCoreStringKey.Common_BackupCodes}}')}: ${result.memberBackupCodes.join(', ')}`);
-        (0, utils_1.directLog)(true, 'log', this.defaultI18nTFunc('\n=== {{SuiteCoreStringKey.Admin_EndCredentials}} ==='));
-        if (printDotEnv) {
-            (0, utils_1.directLog)(true, 'log', '');
-            (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('=== {{SuiteCoreStringKey.Admin_DotEnvFormat}} ==='));
-            (0, utils_1.directLog)(true, 'log', this.serverInitResultsToDotEnv(result, idToString));
-            (0, utils_1.debugLog)(true, 'log', this.defaultI18nTFunc('=== {{SuiteCoreStringKey.Admin_EndDotEnvFormat}} ==='));
-        }
-    }
-    static setEnvFromInitResults(result, idToString = (id) => String(id)) {
-        process.env['ADMIN_ID'] = idToString(result.adminUser._id);
-        process.env['ADMIN_PUBLIC_KEY'] = result.adminUser.publicKey;
-        process.env['ADMIN_MNEMONIC'] = result.adminMnemonic;
-        process.env['ADMIN_PASSWORD'] = result.adminPassword;
-        process.env['ADMIN_ROLE_ID'] = idToString(result.adminRole._id);
-        process.env['ADMIN_USER_ROLE_ID'] = idToString(result.adminUserRole._id);
-        //
-        process.env['MEMBER_ID'] = idToString(result.memberUser._id);
-        process.env['MEMBER_PUBLIC_KEY'] = result.memberUser.publicKey;
-        process.env['MEMBER_MNEMONIC'] = result.memberMnemonic;
-        process.env['MEMBER_PASSWORD'] = result.memberPassword;
-        process.env['MEMBER_ROLE_ID'] = idToString(result.memberRole._id);
-        process.env['MEMBER_USER_ROLE_ID'] = idToString(result.memberUserRole._id);
-        //
-        process.env['SYSTEM_ID'] = idToString(result.systemUser._id);
-        process.env['SYSTEM_PUBLIC_KEY'] = result.systemUser.publicKey;
-        process.env['SYSTEM_MNEMONIC'] = result.systemMnemonic;
-        process.env['SYSTEM_PASSWORD'] = result.systemPassword;
-        process.env['SYSTEM_ROLE_ID'] = idToString(result.systemRole._id);
-        process.env['SYSTEM_USER_ROLE_ID'] = idToString(result.systemUserRole._id);
-    }
-    /**
-     * Initialize the user database with default users and roles (convenience method)
-     * This method creates the necessary services and calls initUserDbWithServices
-     * @param application The application
-     * @returns The result of the initialization
-     */
-    static async initUserDb(application, idGenerator, idToString = (id) => application.constants.idProvider.idToString(id)) {
-        const mnemonicModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.Mnemonic);
-        const mnemonicService = new mnemonic_1.MnemonicService(mnemonicModel, application.environment.mnemonicHmacSecret, application.constants);
-        const config = {
-            curveName: ecies_lib_1.ECIES.CURVE_NAME,
-            primaryKeyDerivationPath: ecies_lib_1.ECIES.PRIMARY_KEY_DERIVATION_PATH,
-            mnemonicStrength: ecies_lib_1.ECIES.MNEMONIC_STRENGTH,
-            symmetricAlgorithm: ecies_lib_1.ECIES.SYMMETRIC_ALGORITHM_CONFIGURATION,
-            symmetricKeyBits: ecies_lib_1.ECIES.SYMMETRIC.KEY_BITS,
-            symmetricKeyMode: ecies_lib_1.ECIES.SYMMETRIC.MODE,
-        };
-        const eciesService = new node_ecies_lib_1.ECIESService(config);
-        const roleService = new role_1.RoleService(application);
-        const keyWrappingService = new key_wrapping_1.KeyWrappingService();
-        const backupCodeService = new backup_code_2.BackupCodeService(application, eciesService, keyWrappingService, roleService);
-        return this.initUserDbWithServices(application, keyWrappingService, mnemonicService, eciesService, roleService, backupCodeService, idGenerator, idToString);
-    }
-}
-exports.DatabaseInitializationService = DatabaseInitializationService;
-//# sourceMappingURL=database-initialization.js.map