npm - @digitaldefiance/node-express-suite - Versions diffs - 3.7.3 → 3.7.5 - Mend

@digitaldefiance/node-express-suite 3.7.3 → 3.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (882) hide show

package/LICENSE +21 -0
package/package.json +4 -5
package/src/__tests__/fixtures/{index.d.ts → index.ts} +0 -1
package/src/__tests__/fixtures/model-mocks.mock.ts +164 -0
package/src/__tests__/helpers/application.mock.ts +89 -0
package/src/__tests__/helpers/{index.d.ts → index.ts} +0 -1
package/src/__tests__/helpers/setup-test-env.ts +202 -0
package/src/__tests__/{index.d.ts → index.ts} +0 -1
package/src/application-base.ts +548 -0
package/src/application-concrete.ts +62 -0
package/src/application.ts +330 -0
package/src/backup-code.ts +348 -0
package/src/builders/application-builder.ts +147 -0
package/src/builders/{index.d.ts → index.ts} +0 -1
package/src/constants.ts +89 -0
package/src/container/{index.d.ts → index.ts} +0 -1
package/src/container/service-container.ts +85 -0
package/src/container/service-definitions.ts +23 -0
package/src/controllers/base.ts +512 -0
package/src/controllers/{index.d.ts → index.ts} +0 -1
package/src/controllers/user.ts +1734 -0
package/src/database/database-initializer.ts +13 -0
package/src/database/{index.d.ts → index.ts} +0 -1
package/src/decorators/base-controller.ts +91 -0
package/src/decorators/controller.ts +152 -0
package/src/decorators/{index.d.ts → index.ts} +0 -1
package/src/decorators/zod-validation.ts +64 -0
package/src/defaults.ts +259 -0
package/src/documents/base.ts +17 -0
package/src/documents/email-token.ts +20 -0
package/src/documents/{index.d.ts → index.ts} +0 -1
package/src/documents/mnemonic.ts +20 -0
package/src/documents/role.ts +19 -0
package/src/documents/used-direct-login-token.ts +18 -0
package/src/documents/user-role.ts +20 -0
package/src/documents/user.ts +20 -0
package/src/enumerations/base-model-name.ts +47 -0
package/src/enumerations/{index.d.ts → index.ts} +0 -1
package/src/enumerations/length-encoding-type.ts +16 -0
package/src/enumerations/schema-collection.ts +39 -0
package/src/enumerations/symmetric-error-type.ts +13 -0
package/src/environment.ts +859 -0
package/src/errors/express-validation.ts +38 -0
package/src/errors/{index.d.ts → index.ts} +0 -1
package/src/errors/invalid-backup-code-version.ts +30 -0
package/src/errors/invalid-jwt-token.ts +24 -0
package/src/errors/invalid-model.ts +24 -0
package/src/errors/invalid-new-password.ts +33 -0
package/src/errors/invalid-password.ts +28 -0
package/src/errors/missing-validated-data.ts +55 -0
package/src/errors/mnemonic-or-password-required.ts +26 -0
package/src/errors/model-not-registered.ts +24 -0
package/src/errors/mongoose-validation.ts +56 -0
package/src/errors/symmetric.ts +53 -0
package/src/errors/token-expired.ts +24 -0
package/src/get-language.ts +64 -0
package/src/get-timezone.ts +76 -0
package/src/{index.d.ts → index.ts} +44 -2
package/src/interfaces/api-error-response.ts +15 -0
package/src/interfaces/api-express-validation-error-response.ts +17 -0
package/src/interfaces/api-message-response.ts +12 -0
package/src/interfaces/api-mongo-validation-error-response.ts +17 -0
package/src/interfaces/api-responses/backup-codes-response.ts +15 -0
package/src/interfaces/api-responses/challenge-response.ts +17 -0
package/src/interfaces/api-responses/code-count-response.ts +12 -0
package/src/interfaces/api-responses/{index.d.ts → index.ts} +0 -1
package/src/interfaces/api-responses/login-response.ts +18 -0
package/src/interfaces/api-responses/mnemonic-response.ts +15 -0
package/src/interfaces/api-responses/registration-response.ts +17 -0
package/src/interfaces/api-responses/request-user-response.ts +16 -0
package/src/interfaces/api-responses/user-settings-response.ts +19 -0
package/src/interfaces/application.ts +40 -0
package/src/interfaces/backend-objects/email-token.ts +18 -0
package/src/interfaces/backend-objects/{index.d.ts → index.ts} +0 -1
package/src/interfaces/backend-objects/request-user.ts +19 -0
package/src/interfaces/backend-objects/role.ts +18 -0
package/src/interfaces/backend-objects/user.ts +18 -0
package/src/interfaces/checksum-config.ts +15 -0
package/src/interfaces/checksum-consts.ts +23 -0
package/src/interfaces/constants.ts +114 -0
package/src/interfaces/controller-config.ts +54 -0
package/src/interfaces/create-user-basics.ts +24 -0
package/src/interfaces/csp-config.ts +32 -0
package/src/interfaces/csp-definition.ts +71 -0
package/src/interfaces/db-init-result.ts +17 -0
package/src/interfaces/deep-partial.ts +14 -0
package/src/interfaces/discriminator-collections.ts +21 -0
package/src/interfaces/email-service.ts +26 -0
package/src/interfaces/environment-mongo.ts +86 -0
package/src/interfaces/environment.ts +191 -0
package/src/interfaces/failable-result.ts +20 -0
package/src/interfaces/fec-consts.ts +14 -0
package/src/interfaces/flexible-csp.ts +35 -0
package/src/interfaces/handleable-error-options.ts +19 -0
package/src/interfaces/{index.d.ts → index.ts} +0 -1
package/src/interfaces/jwt-consts.ts +33 -0
package/src/interfaces/jwt-sign-response.ts +31 -0
package/src/interfaces/models/email-token.ts +13 -0
package/src/interfaces/models/{index.d.ts → index.ts} +0 -1
package/src/interfaces/models/mnemonic.ts +14 -0
package/src/interfaces/models/role.ts +13 -0
package/src/interfaces/models/token-role.ts +23 -0
package/src/interfaces/models/used-direct-login-token.ts +21 -0
package/src/interfaces/models/user-role.ts +23 -0
package/src/interfaces/models/user.ts +30 -0
package/src/interfaces/mongo-errors.ts +14 -0
package/src/interfaces/request-user.ts +80 -0
package/src/interfaces/required-string-keys.ts +33 -0
package/src/interfaces/schema.ts +43 -0
package/src/interfaces/server-init-result.ts +48 -0
package/src/interfaces/status-code-response.ts +20 -0
package/src/interfaces/symmetric-encryption-results.d.ts.map +1 -1
package/src/interfaces/symmetric-encryption-results.js.map +1 -1
package/src/interfaces/symmetric-encryption-results.ts +15 -0
package/src/interfaces/test-environment.ts +23 -0
package/src/interfaces/token-response.ts +16 -0
package/src/middleware-utils.ts +138 -0
package/src/middlewares/authenticate-crypto.ts +237 -0
package/src/middlewares/authenticate-token.ts +165 -0
package/src/middlewares/cleanup-crypto.ts +47 -0
package/src/middlewares/{index.d.ts → index.ts} +0 -1
package/src/middlewares/set-global-context-language.ts +38 -0
package/src/model-registry.ts +142 -0
package/src/models/email-token.ts +49 -0
package/src/models/{index.d.ts → index.ts} +0 -1
package/src/models/mnemonic.ts +42 -0
package/src/models/role.ts +38 -0
package/src/models/used-direct-login-token.ts +49 -0
package/src/models/user-role.ts +40 -0
package/src/models/user.ts +42 -0
package/src/pipeline/{index.d.ts → index.ts} +0 -1
package/src/pipeline/pipeline-builder.ts +27 -0
package/src/plugins/{index.d.ts → index.ts} +0 -1
package/src/plugins/plugin-interface.ts +19 -0
package/src/plugins/plugin-manager.ts +53 -0
package/src/registry/email-service-registry.ts +76 -0
package/src/registry/{index.d.ts → index.ts} +0 -1
package/src/responses/{index.d.ts → index.ts} +0 -1
package/src/responses/response-builder.ts +166 -0
package/src/routers/api.ts +233 -0
package/src/routers/app.ts +395 -0
package/src/routers/base.ts +34 -0
package/src/routers/{index.d.ts → index.ts} +0 -1
package/src/routers/router-config.ts +34 -0
package/src/routing/index.ts +1 -0
package/src/routing/route-builder.ts +214 -0
package/src/schemas/email-token.ts +112 -0
package/src/schemas/{index.d.ts → index.ts} +0 -1
package/src/schemas/mnemonic.ts +48 -0
package/src/schemas/role.ts +153 -0
package/src/schemas/schema.ts +185 -0
package/src/schemas/used-direct-login-token.ts +58 -0
package/src/schemas/user-role.ts +93 -0
package/src/schemas/user.ts +244 -0
package/src/services/backup-code.ts +327 -0
package/src/services/base.ts +46 -0
package/src/services/checksum.ts +189 -0
package/src/services/database-initialization.ts +1653 -0
package/src/services/db-init-cache.ts +28 -0
package/src/services/direct-login-token.ts +83 -0
package/src/services/dummy-email-service.ts +43 -0
package/src/services/fec-usage-example.ts +123 -0
package/src/services/fec.ts +399 -0
package/src/services/{index.d.ts → index.ts} +0 -2
package/src/services/jwt.ts +146 -0
package/src/services/key-wrapping.ts +528 -0
package/src/services/mnemonic.ts +174 -0
package/src/services/request-user.ts +127 -0
package/src/services/role.ts +417 -0
package/src/services/symmetric.ts +164 -0
package/src/services/system-user.ts +87 -0
package/src/services/user.ts +2324 -0
package/src/services/xor.ts +39 -0
package/src/testing.ts +9 -0
package/src/transactions/{index.d.ts → index.ts} +0 -1
package/src/transactions/transaction-manager.ts +63 -0
package/src/types/app-config.ts +36 -0
package/src/types/controller-config.ts +28 -0
package/src/types/{environment-variables.d.ts → environment-variables.ts} +32 -5
package/src/types/{index.d.ts → index.ts} +0 -1
package/src/types/{mongoose-helpers.d.ts → mongoose-helpers.ts} +8 -2
package/src/types/mongoose-override.d.ts +1 -0
package/src/types/mongoose.d.ts +1 -0
package/src/types.ts +189 -0
package/src/utils.ts +1116 -0
package/src/validation/{index.d.ts → index.ts} +0 -1
package/src/validation/validation-builder.ts +155 -0
package/src/__tests__/fixtures/index.d.ts.map +0 -1
package/src/__tests__/fixtures/index.js +0 -5
package/src/__tests__/fixtures/index.js.map +0 -1
package/src/__tests__/fixtures/model-mocks.mock.d.ts +0 -12
package/src/__tests__/fixtures/model-mocks.mock.d.ts.map +0 -1
package/src/__tests__/fixtures/model-mocks.mock.js +0 -102
package/src/__tests__/fixtures/model-mocks.mock.js.map +0 -1
package/src/__tests__/helpers/application.mock.d.ts +0 -8
package/src/__tests__/helpers/application.mock.d.ts.map +0 -1
package/src/__tests__/helpers/application.mock.js +0 -77
package/src/__tests__/helpers/application.mock.js.map +0 -1
package/src/__tests__/helpers/index.d.ts.map +0 -1
package/src/__tests__/helpers/index.js +0 -7
package/src/__tests__/helpers/index.js.map +0 -1
package/src/__tests__/helpers/setup-test-env.d.ts +0 -12
package/src/__tests__/helpers/setup-test-env.d.ts.map +0 -1
package/src/__tests__/helpers/setup-test-env.js +0 -121
package/src/__tests__/helpers/setup-test-env.js.map +0 -1
package/src/__tests__/index.d.ts.map +0 -1
package/src/__tests__/index.js +0 -6
package/src/__tests__/index.js.map +0 -1
package/src/application-base.d.ts +0 -123
package/src/application-base.d.ts.map +0 -1
package/src/application-base.js +0 -359
package/src/application-base.js.map +0 -1
package/src/application-concrete.d.ts +0 -13
package/src/application-concrete.d.ts.map +0 -1
package/src/application-concrete.js +0 -21
package/src/application-concrete.js.map +0 -1
package/src/application.d.ts +0 -29
package/src/application.d.ts.map +0 -1
package/src/application.js +0 -167
package/src/application.js.map +0 -1
package/src/backup-code.d.ts +0 -67
package/src/backup-code.d.ts.map +0 -1
package/src/backup-code.js +0 -238
package/src/backup-code.js.map +0 -1
package/src/builders/application-builder.d.ts +0 -35
package/src/builders/application-builder.d.ts.map +0 -1
package/src/builders/application-builder.js +0 -64
package/src/builders/application-builder.js.map +0 -1
package/src/builders/index.d.ts.map +0 -1
package/src/builders/index.js +0 -5
package/src/builders/index.js.map +0 -1
package/src/constants.d.ts +0 -16
package/src/constants.d.ts.map +0 -1
package/src/constants.js +0 -58
package/src/constants.js.map +0 -1
package/src/container/index.d.ts.map +0 -1
package/src/container/index.js +0 -6
package/src/container/index.js.map +0 -1
package/src/container/service-container.d.ts +0 -11
package/src/container/service-container.d.ts.map +0 -1
package/src/container/service-container.js +0 -38
package/src/container/service-container.js.map +0 -1
package/src/container/service-definitions.d.ts +0 -11
package/src/container/service-definitions.d.ts.map +0 -1
package/src/container/service-definitions.js +0 -13
package/src/container/service-definitions.js.map +0 -1
package/src/controllers/base.d.ts +0 -67
package/src/controllers/base.d.ts.map +0 -1
package/src/controllers/base.js +0 -305
package/src/controllers/base.js.map +0 -1
package/src/controllers/index.d.ts.map +0 -1
package/src/controllers/index.js +0 -6
package/src/controllers/index.js.map +0 -1
package/src/controllers/user.d.ts +0 -49
package/src/controllers/user.d.ts.map +0 -1
package/src/controllers/user.js +0 -919
package/src/controllers/user.js.map +0 -1
package/src/database/database-initializer.d.ts +0 -7
package/src/database/database-initializer.d.ts.map +0 -1
package/src/database/database-initializer.js +0 -3
package/src/database/database-initializer.js.map +0 -1
package/src/database/index.d.ts.map +0 -1
package/src/database/index.js +0 -5
package/src/database/index.js.map +0 -1
package/src/decorators/base-controller.d.ts +0 -11
package/src/decorators/base-controller.d.ts.map +0 -1
package/src/decorators/base-controller.js +0 -60
package/src/decorators/base-controller.js.map +0 -1
package/src/decorators/controller.d.ts +0 -38
package/src/decorators/controller.d.ts.map +0 -1
package/src/decorators/controller.js +0 -68
package/src/decorators/controller.js.map +0 -1
package/src/decorators/index.d.ts.map +0 -1
package/src/decorators/index.js +0 -7
package/src/decorators/index.js.map +0 -1
package/src/decorators/zod-validation.d.ts +0 -5
package/src/decorators/zod-validation.d.ts.map +0 -1
package/src/decorators/zod-validation.js +0 -48
package/src/decorators/zod-validation.js.map +0 -1
package/src/defaults.d.ts +0 -7
package/src/defaults.d.ts.map +0 -1
package/src/defaults.js +0 -205
package/src/defaults.js.map +0 -1
package/src/documents/base.d.ts +0 -4
package/src/documents/base.d.ts.map +0 -1
package/src/documents/base.js +0 -3
package/src/documents/base.js.map +0 -1
package/src/documents/email-token.d.ts +0 -8
package/src/documents/email-token.d.ts.map +0 -1
package/src/documents/email-token.js +0 -3
package/src/documents/email-token.js.map +0 -1
package/src/documents/index.d.ts.map +0 -1
package/src/documents/index.js +0 -3
package/src/documents/index.js.map +0 -1
package/src/documents/mnemonic.d.ts +0 -8
package/src/documents/mnemonic.d.ts.map +0 -1
package/src/documents/mnemonic.js +0 -3
package/src/documents/mnemonic.js.map +0 -1
package/src/documents/role.d.ts +0 -8
package/src/documents/role.d.ts.map +0 -1
package/src/documents/role.js +0 -3
package/src/documents/role.js.map +0 -1
package/src/documents/used-direct-login-token.d.ts +0 -5
package/src/documents/used-direct-login-token.d.ts.map +0 -1
package/src/documents/used-direct-login-token.js +0 -3
package/src/documents/used-direct-login-token.js.map +0 -1
package/src/documents/user-role.d.ts +0 -8
package/src/documents/user-role.d.ts.map +0 -1
package/src/documents/user-role.js +0 -3
package/src/documents/user-role.js.map +0 -1
package/src/documents/user.d.ts +0 -8
package/src/documents/user.d.ts.map +0 -1
package/src/documents/user.js +0 -3
package/src/documents/user.js.map +0 -1
package/src/enumerations/base-model-name.d.ts +0 -38
package/src/enumerations/base-model-name.d.ts.map +0 -1
package/src/enumerations/base-model-name.js +0 -34
package/src/enumerations/base-model-name.js.map +0 -1
package/src/enumerations/index.d.ts.map +0 -1
package/src/enumerations/index.js +0 -8
package/src/enumerations/index.js.map +0 -1
package/src/enumerations/length-encoding-type.d.ts +0 -7
package/src/enumerations/length-encoding-type.d.ts.map +0 -1
package/src/enumerations/length-encoding-type.js +0 -11
package/src/enumerations/length-encoding-type.js.map +0 -1
package/src/enumerations/schema-collection.d.ts +0 -34
package/src/enumerations/schema-collection.d.ts.map +0 -1
package/src/enumerations/schema-collection.js +0 -38
package/src/enumerations/schema-collection.js.map +0 -1
package/src/enumerations/symmetric-error-type.d.ts +0 -5
package/src/enumerations/symmetric-error-type.d.ts.map +0 -1
package/src/enumerations/symmetric-error-type.js +0 -9
package/src/enumerations/symmetric-error-type.js.map +0 -1
package/src/environment.d.ts +0 -189
package/src/environment.d.ts.map +0 -1
package/src/environment.js +0 -641
package/src/environment.js.map +0 -1
package/src/errors/express-validation.d.ts +0 -9
package/src/errors/express-validation.d.ts.map +0 -1
package/src/errors/express-validation.js +0 -18
package/src/errors/express-validation.js.map +0 -1
package/src/errors/index.d.ts.map +0 -1
package/src/errors/index.js +0 -16
package/src/errors/index.js.map +0 -1
package/src/errors/invalid-backup-code-version.d.ts +0 -6
package/src/errors/invalid-backup-code-version.d.ts.map +0 -1
package/src/errors/invalid-backup-code-version.js +0 -16
package/src/errors/invalid-backup-code-version.js.map +0 -1
package/src/errors/invalid-jwt-token.d.ts +0 -5
package/src/errors/invalid-jwt-token.d.ts.map +0 -1
package/src/errors/invalid-jwt-token.js +0 -12
package/src/errors/invalid-jwt-token.js.map +0 -1
package/src/errors/invalid-model.d.ts +0 -6
package/src/errors/invalid-model.d.ts.map +0 -1
package/src/errors/invalid-model.js +0 -14
package/src/errors/invalid-model.js.map +0 -1
package/src/errors/invalid-new-password.d.ts +0 -5
package/src/errors/invalid-new-password.d.ts.map +0 -1
package/src/errors/invalid-new-password.js +0 -14
package/src/errors/invalid-new-password.js.map +0 -1
package/src/errors/invalid-password.d.ts +0 -5
package/src/errors/invalid-password.d.ts.map +0 -1
package/src/errors/invalid-password.js +0 -14
package/src/errors/invalid-password.js.map +0 -1
package/src/errors/missing-validated-data.d.ts +0 -7
package/src/errors/missing-validated-data.d.ts.map +0 -1
package/src/errors/missing-validated-data.js +0 -36
package/src/errors/missing-validated-data.js.map +0 -1
package/src/errors/mnemonic-or-password-required.d.ts +0 -5
package/src/errors/mnemonic-or-password-required.d.ts.map +0 -1
package/src/errors/mnemonic-or-password-required.js +0 -14
package/src/errors/mnemonic-or-password-required.js.map +0 -1
package/src/errors/model-not-registered.d.ts +0 -6
package/src/errors/model-not-registered.d.ts.map +0 -1
package/src/errors/model-not-registered.js +0 -14
package/src/errors/model-not-registered.js.map +0 -1
package/src/errors/mongoose-validation.d.ts +0 -12
package/src/errors/mongoose-validation.d.ts.map +0 -1
package/src/errors/mongoose-validation.js +0 -17
package/src/errors/mongoose-validation.js.map +0 -1
package/src/errors/symmetric.d.ts +0 -8
package/src/errors/symmetric.d.ts.map +0 -1
package/src/errors/symmetric.js +0 -22
package/src/errors/symmetric.js.map +0 -1
package/src/errors/token-expired.d.ts +0 -5
package/src/errors/token-expired.d.ts.map +0 -1
package/src/errors/token-expired.js +0 -12
package/src/errors/token-expired.js.map +0 -1
package/src/get-language.d.ts +0 -2
package/src/get-language.d.ts.map +0 -1
package/src/get-language.js +0 -30
package/src/get-language.js.map +0 -1
package/src/get-timezone.d.ts +0 -2
package/src/get-timezone.d.ts.map +0 -1
package/src/get-timezone.js +0 -39
package/src/get-timezone.js.map +0 -1
package/src/index.d.ts.map +0 -1
package/src/index.js +0 -80
package/src/index.js.map +0 -1
package/src/interfaces/api-error-response.d.ts +0 -5
package/src/interfaces/api-error-response.d.ts.map +0 -1
package/src/interfaces/api-error-response.js +0 -3
package/src/interfaces/api-error-response.js.map +0 -1
package/src/interfaces/api-express-validation-error-response.d.ts +0 -7
package/src/interfaces/api-express-validation-error-response.d.ts.map +0 -1
package/src/interfaces/api-express-validation-error-response.js +0 -3
package/src/interfaces/api-express-validation-error-response.js.map +0 -1
package/src/interfaces/api-message-response.d.ts +0 -4
package/src/interfaces/api-message-response.d.ts.map +0 -1
package/src/interfaces/api-message-response.js +0 -3
package/src/interfaces/api-message-response.js.map +0 -1
package/src/interfaces/api-mongo-validation-error-response.d.ts +0 -6
package/src/interfaces/api-mongo-validation-error-response.d.ts.map +0 -1
package/src/interfaces/api-mongo-validation-error-response.js +0 -3
package/src/interfaces/api-mongo-validation-error-response.js.map +0 -1
package/src/interfaces/api-responses/backup-codes-response.d.ts +0 -5
package/src/interfaces/api-responses/backup-codes-response.d.ts.map +0 -1
package/src/interfaces/api-responses/backup-codes-response.js +0 -3
package/src/interfaces/api-responses/backup-codes-response.js.map +0 -1
package/src/interfaces/api-responses/challenge-response.d.ts +0 -6
package/src/interfaces/api-responses/challenge-response.d.ts.map +0 -1
package/src/interfaces/api-responses/challenge-response.js +0 -3
package/src/interfaces/api-responses/challenge-response.js.map +0 -1
package/src/interfaces/api-responses/code-count-response.d.ts +0 -5
package/src/interfaces/api-responses/code-count-response.d.ts.map +0 -1
package/src/interfaces/api-responses/code-count-response.js +0 -3
package/src/interfaces/api-responses/code-count-response.js.map +0 -1
package/src/interfaces/api-responses/index.d.ts.map +0 -1
package/src/interfaces/api-responses/index.js +0 -12
package/src/interfaces/api-responses/index.js.map +0 -1
package/src/interfaces/api-responses/login-response.d.ts +0 -8
package/src/interfaces/api-responses/login-response.d.ts.map +0 -1
package/src/interfaces/api-responses/login-response.js +0 -3
package/src/interfaces/api-responses/login-response.js.map +0 -1
package/src/interfaces/api-responses/mnemonic-response.d.ts +0 -5
package/src/interfaces/api-responses/mnemonic-response.d.ts.map +0 -1
package/src/interfaces/api-responses/mnemonic-response.js +0 -3
package/src/interfaces/api-responses/mnemonic-response.js.map +0 -1
package/src/interfaces/api-responses/registration-response.d.ts +0 -6
package/src/interfaces/api-responses/registration-response.d.ts.map +0 -1
package/src/interfaces/api-responses/registration-response.js +0 -3
package/src/interfaces/api-responses/registration-response.js.map +0 -1
package/src/interfaces/api-responses/request-user-response.d.ts +0 -6
package/src/interfaces/api-responses/request-user-response.d.ts.map +0 -1
package/src/interfaces/api-responses/request-user-response.js +0 -3
package/src/interfaces/api-responses/request-user-response.js.map +0 -1
package/src/interfaces/api-responses/user-settings-response.d.ts +0 -12
package/src/interfaces/api-responses/user-settings-response.d.ts.map +0 -1
package/src/interfaces/api-responses/user-settings-response.js +0 -3
package/src/interfaces/api-responses/user-settings-response.js.map +0 -1
package/src/interfaces/application.d.ts +0 -17
package/src/interfaces/application.d.ts.map +0 -1
package/src/interfaces/application.js +0 -3
package/src/interfaces/application.js.map +0 -1
package/src/interfaces/backend-objects/email-token.d.ts +0 -4
package/src/interfaces/backend-objects/email-token.d.ts.map +0 -1
package/src/interfaces/backend-objects/email-token.js +0 -3
package/src/interfaces/backend-objects/email-token.js.map +0 -1
package/src/interfaces/backend-objects/index.d.ts.map +0 -1
package/src/interfaces/backend-objects/index.js +0 -8
package/src/interfaces/backend-objects/index.js.map +0 -1
package/src/interfaces/backend-objects/request-user.d.ts +0 -5
package/src/interfaces/backend-objects/request-user.d.ts.map +0 -1
package/src/interfaces/backend-objects/request-user.js +0 -3
package/src/interfaces/backend-objects/request-user.js.map +0 -1
package/src/interfaces/backend-objects/role.d.ts +0 -4
package/src/interfaces/backend-objects/role.d.ts.map +0 -1
package/src/interfaces/backend-objects/role.js +0 -3
package/src/interfaces/backend-objects/role.js.map +0 -1
package/src/interfaces/backend-objects/user.d.ts +0 -4
package/src/interfaces/backend-objects/user.d.ts.map +0 -1
package/src/interfaces/backend-objects/user.js +0 -3
package/src/interfaces/backend-objects/user.js.map +0 -1
package/src/interfaces/checksum-config.d.ts +0 -5
package/src/interfaces/checksum-config.d.ts.map +0 -1
package/src/interfaces/checksum-config.js +0 -3
package/src/interfaces/checksum-config.js.map +0 -1
package/src/interfaces/checksum-consts.d.ts +0 -11
package/src/interfaces/checksum-consts.d.ts.map +0 -1
package/src/interfaces/checksum-consts.js +0 -3
package/src/interfaces/checksum-consts.js.map +0 -1
package/src/interfaces/constants.d.ts +0 -102
package/src/interfaces/constants.d.ts.map +0 -1
package/src/interfaces/constants.js +0 -3
package/src/interfaces/constants.js.map +0 -1
package/src/interfaces/controller-config.d.ts +0 -21
package/src/interfaces/controller-config.d.ts.map +0 -1
package/src/interfaces/controller-config.js +0 -3
package/src/interfaces/controller-config.js.map +0 -1
package/src/interfaces/create-user-basics.d.ts +0 -18
package/src/interfaces/create-user-basics.d.ts.map +0 -1
package/src/interfaces/create-user-basics.js +0 -3
package/src/interfaces/create-user-basics.js.map +0 -1
package/src/interfaces/csp-config.d.ts +0 -7
package/src/interfaces/csp-config.d.ts.map +0 -1
package/src/interfaces/csp-config.js +0 -13
package/src/interfaces/csp-config.js.map +0 -1
package/src/interfaces/csp-definition.d.ts +0 -13
package/src/interfaces/csp-definition.d.ts.map +0 -1
package/src/interfaces/csp-definition.js +0 -22
package/src/interfaces/csp-definition.js.map +0 -1
package/src/interfaces/db-init-result.d.ts +0 -5
package/src/interfaces/db-init-result.d.ts.map +0 -1
package/src/interfaces/db-init-result.js +0 -3
package/src/interfaces/db-init-result.js.map +0 -1
package/src/interfaces/deep-partial.d.ts +0 -4
package/src/interfaces/deep-partial.d.ts.map +0 -1
package/src/interfaces/deep-partial.js +0 -3
package/src/interfaces/deep-partial.js.map +0 -1
package/src/interfaces/discriminator-collections.d.ts +0 -7
package/src/interfaces/discriminator-collections.d.ts.map +0 -1
package/src/interfaces/discriminator-collections.js +0 -3
package/src/interfaces/discriminator-collections.js.map +0 -1
package/src/interfaces/email-service.d.ts +0 -4
package/src/interfaces/email-service.d.ts.map +0 -1
package/src/interfaces/email-service.js +0 -3
package/src/interfaces/email-service.js.map +0 -1
package/src/interfaces/environment-mongo.d.ts +0 -76
package/src/interfaces/environment-mongo.d.ts.map +0 -1
package/src/interfaces/environment-mongo.js +0 -3
package/src/interfaces/environment-mongo.js.map +0 -1
package/src/interfaces/environment.d.ts +0 -180
package/src/interfaces/environment.d.ts.map +0 -1
package/src/interfaces/environment.js +0 -3
package/src/interfaces/environment.js.map +0 -1
package/src/interfaces/failable-result.d.ts +0 -7
package/src/interfaces/failable-result.d.ts.map +0 -1
package/src/interfaces/failable-result.js +0 -3
package/src/interfaces/failable-result.js.map +0 -1
package/src/interfaces/fec-consts.d.ts +0 -5
package/src/interfaces/fec-consts.d.ts.map +0 -1
package/src/interfaces/fec-consts.js +0 -3
package/src/interfaces/fec-consts.js.map +0 -1
package/src/interfaces/flexible-csp.d.ts +0 -8
package/src/interfaces/flexible-csp.d.ts.map +0 -1
package/src/interfaces/flexible-csp.js +0 -14
package/src/interfaces/flexible-csp.js.map +0 -1
package/src/interfaces/handleable-error-options.d.ts +0 -7
package/src/interfaces/handleable-error-options.d.ts.map +0 -1
package/src/interfaces/handleable-error-options.js +0 -3
package/src/interfaces/handleable-error-options.js.map +0 -1
package/src/interfaces/index.d.ts.map +0 -1
package/src/interfaces/index.js +0 -38
package/src/interfaces/index.js.map +0 -1
package/src/interfaces/jwt-consts.d.ts +0 -11
package/src/interfaces/jwt-consts.d.ts.map +0 -1
package/src/interfaces/jwt-consts.js +0 -3
package/src/interfaces/jwt-consts.js.map +0 -1
package/src/interfaces/jwt-sign-response.d.ts +0 -11
package/src/interfaces/jwt-sign-response.d.ts.map +0 -1
package/src/interfaces/jwt-sign-response.js +0 -3
package/src/interfaces/jwt-sign-response.js.map +0 -1
package/src/interfaces/models/email-token.d.ts +0 -6
package/src/interfaces/models/email-token.d.ts.map +0 -1
package/src/interfaces/models/email-token.js +0 -3
package/src/interfaces/models/email-token.js.map +0 -1
package/src/interfaces/models/index.d.ts.map +0 -1
package/src/interfaces/models/index.js +0 -11
package/src/interfaces/models/index.js.map +0 -1
package/src/interfaces/models/mnemonic.d.ts +0 -6
package/src/interfaces/models/mnemonic.d.ts.map +0 -1
package/src/interfaces/models/mnemonic.js +0 -3
package/src/interfaces/models/mnemonic.js.map +0 -1
package/src/interfaces/models/role.d.ts +0 -6
package/src/interfaces/models/role.d.ts.map +0 -1
package/src/interfaces/models/role.js +0 -3
package/src/interfaces/models/role.js.map +0 -1
package/src/interfaces/models/token-role.d.ts +0 -11
package/src/interfaces/models/token-role.d.ts.map +0 -1
package/src/interfaces/models/token-role.js +0 -3
package/src/interfaces/models/token-role.js.map +0 -1
package/src/interfaces/models/used-direct-login-token.d.ts +0 -11
package/src/interfaces/models/used-direct-login-token.d.ts.map +0 -1
package/src/interfaces/models/used-direct-login-token.js +0 -3
package/src/interfaces/models/used-direct-login-token.js.map +0 -1
package/src/interfaces/models/user-role.d.ts +0 -11
package/src/interfaces/models/user-role.d.ts.map +0 -1
package/src/interfaces/models/user-role.js +0 -3
package/src/interfaces/models/user-role.js.map +0 -1
package/src/interfaces/models/user.d.ts +0 -11
package/src/interfaces/models/user.d.ts.map +0 -1
package/src/interfaces/models/user.js +0 -3
package/src/interfaces/models/user.js.map +0 -1
package/src/interfaces/mongo-errors.d.ts +0 -5
package/src/interfaces/mongo-errors.d.ts.map +0 -1
package/src/interfaces/mongo-errors.js +0 -3
package/src/interfaces/mongo-errors.js.map +0 -1
package/src/interfaces/request-user.d.ts +0 -58
package/src/interfaces/request-user.d.ts.map +0 -1
package/src/interfaces/request-user.js +0 -3
package/src/interfaces/request-user.js.map +0 -1
package/src/interfaces/required-string-keys.d.ts +0 -22
package/src/interfaces/required-string-keys.d.ts.map +0 -1
package/src/interfaces/required-string-keys.js +0 -3
package/src/interfaces/required-string-keys.js.map +0 -1
package/src/interfaces/schema.d.ts +0 -29
package/src/interfaces/schema.d.ts.map +0 -1
package/src/interfaces/schema.js +0 -3
package/src/interfaces/schema.js.map +0 -1
package/src/interfaces/server-init-result.d.ts +0 -35
package/src/interfaces/server-init-result.d.ts.map +0 -1
package/src/interfaces/server-init-result.js +0 -3
package/src/interfaces/server-init-result.js.map +0 -1
package/src/interfaces/status-code-response.d.ts +0 -7
package/src/interfaces/status-code-response.d.ts.map +0 -1
package/src/interfaces/status-code-response.js +0 -3
package/src/interfaces/status-code-response.js.map +0 -1
package/src/interfaces/symmetric-encryption-results.d.ts +0 -5
package/src/interfaces/test-environment.d.ts +0 -12
package/src/interfaces/test-environment.d.ts.map +0 -1
package/src/interfaces/test-environment.js +0 -3
package/src/interfaces/test-environment.js.map +0 -1
package/src/interfaces/token-response.d.ts +0 -5
package/src/interfaces/token-response.d.ts.map +0 -1
package/src/interfaces/token-response.js +0 -3
package/src/interfaces/token-response.js.map +0 -1
package/src/middleware-utils.d.ts +0 -8
package/src/middleware-utils.d.ts.map +0 -1
package/src/middleware-utils.js +0 -94
package/src/middleware-utils.js.map +0 -1
package/src/middlewares/authenticate-crypto.d.ts +0 -10
package/src/middlewares/authenticate-crypto.d.ts.map +0 -1
package/src/middlewares/authenticate-crypto.js +0 -126
package/src/middlewares/authenticate-crypto.js.map +0 -1
package/src/middlewares/authenticate-token.d.ts +0 -21
package/src/middlewares/authenticate-token.d.ts.map +0 -1
package/src/middlewares/authenticate-token.js +0 -104
package/src/middlewares/authenticate-token.js.map +0 -1
package/src/middlewares/cleanup-crypto.d.ts +0 -7
package/src/middlewares/cleanup-crypto.d.ts.map +0 -1
package/src/middlewares/cleanup-crypto.js +0 -32
package/src/middlewares/cleanup-crypto.js.map +0 -1
package/src/middlewares/index.d.ts.map +0 -1
package/src/middlewares/index.js +0 -8
package/src/middlewares/index.js.map +0 -1
package/src/middlewares/set-global-context-language.d.ts +0 -3
package/src/middlewares/set-global-context-language.d.ts.map +0 -1
package/src/middlewares/set-global-context-language.js +0 -14
package/src/middlewares/set-global-context-language.js.map +0 -1
package/src/model-registry.d.ts +0 -23
package/src/model-registry.d.ts.map +0 -1
package/src/model-registry.js +0 -47
package/src/model-registry.js.map +0 -1
package/src/models/email-token.d.ts +0 -8
package/src/models/email-token.d.ts.map +0 -1
package/src/models/email-token.js +0 -11
package/src/models/email-token.js.map +0 -1
package/src/models/index.d.ts.map +0 -1
package/src/models/index.js +0 -10
package/src/models/index.js.map +0 -1
package/src/models/mnemonic.d.ts +0 -8
package/src/models/mnemonic.d.ts.map +0 -1
package/src/models/mnemonic.js +0 -11
package/src/models/mnemonic.js.map +0 -1
package/src/models/role.d.ts +0 -8
package/src/models/role.d.ts.map +0 -1
package/src/models/role.js +0 -11
package/src/models/role.js.map +0 -1
package/src/models/used-direct-login-token.d.ts +0 -8
package/src/models/used-direct-login-token.d.ts.map +0 -1
package/src/models/used-direct-login-token.js +0 -11
package/src/models/used-direct-login-token.js.map +0 -1
package/src/models/user-role.d.ts +0 -7
package/src/models/user-role.d.ts.map +0 -1
package/src/models/user-role.js +0 -10
package/src/models/user-role.js.map +0 -1
package/src/models/user.d.ts +0 -8
package/src/models/user.d.ts.map +0 -1
package/src/models/user.js +0 -11
package/src/models/user.js.map +0 -1
package/src/pipeline/index.d.ts.map +0 -1
package/src/pipeline/index.js +0 -5
package/src/pipeline/index.js.map +0 -1
package/src/pipeline/pipeline-builder.d.ts +0 -8
package/src/pipeline/pipeline-builder.d.ts.map +0 -1
package/src/pipeline/pipeline-builder.js +0 -18
package/src/pipeline/pipeline-builder.js.map +0 -1
package/src/plugins/index.d.ts.map +0 -1
package/src/plugins/index.js +0 -6
package/src/plugins/index.js.map +0 -1
package/src/plugins/plugin-interface.d.ts +0 -9
package/src/plugins/plugin-interface.d.ts.map +0 -1
package/src/plugins/plugin-interface.js +0 -3
package/src/plugins/plugin-interface.js.map +0 -1
package/src/plugins/plugin-manager.d.ts +0 -13
package/src/plugins/plugin-manager.d.ts.map +0 -1
package/src/plugins/plugin-manager.js +0 -37
package/src/plugins/plugin-manager.js.map +0 -1
package/src/registry/email-service-registry.d.ts +0 -27
package/src/registry/email-service-registry.d.ts.map +0 -1
package/src/registry/email-service-registry.js +0 -42
package/src/registry/email-service-registry.js.map +0 -1
package/src/registry/index.d.ts.map +0 -1
package/src/registry/index.js +0 -6
package/src/registry/index.js.map +0 -1
package/src/responses/index.d.ts.map +0 -1
package/src/responses/index.js +0 -5
package/src/responses/index.js.map +0 -1
package/src/responses/response-builder.d.ts +0 -24
package/src/responses/response-builder.d.ts.map +0 -1
package/src/responses/response-builder.js +0 -63
package/src/responses/response-builder.js.map +0 -1
package/src/routers/api.d.ts +0 -28
package/src/routers/api.d.ts.map +0 -1
package/src/routers/api.js +0 -80
package/src/routers/api.js.map +0 -1
package/src/routers/app.d.ts +0 -33
package/src/routers/app.d.ts.map +0 -1
package/src/routers/app.js +0 -228
package/src/routers/app.js.map +0 -1
package/src/routers/base.d.ts +0 -9
package/src/routers/base.d.ts.map +0 -1
package/src/routers/base.js +0 -14
package/src/routers/base.js.map +0 -1
package/src/routers/index.d.ts.map +0 -1
package/src/routers/index.js +0 -7
package/src/routers/index.js.map +0 -1
package/src/routers/router-config.d.ts +0 -18
package/src/routers/router-config.d.ts.map +0 -1
package/src/routers/router-config.js +0 -8
package/src/routers/router-config.js.map +0 -1
package/src/routing/index.d.ts +0 -2
package/src/routing/index.d.ts.map +0 -1
package/src/routing/index.js +0 -5
package/src/routing/index.js.map +0 -1
package/src/routing/route-builder.d.ts +0 -36
package/src/routing/route-builder.d.ts.map +0 -1
package/src/routing/route-builder.js +0 -86
package/src/routing/route-builder.js.map +0 -1
package/src/schemas/email-token.d.ts +0 -49
package/src/schemas/email-token.d.ts.map +0 -1
package/src/schemas/email-token.js +0 -55
package/src/schemas/email-token.js.map +0 -1
package/src/schemas/index.d.ts.map +0 -1
package/src/schemas/index.js +0 -11
package/src/schemas/index.js.map +0 -1
package/src/schemas/mnemonic.d.ts +0 -27
package/src/schemas/mnemonic.d.ts.map +0 -1
package/src/schemas/mnemonic.js +0 -31
package/src/schemas/mnemonic.js.map +0 -1
package/src/schemas/role.d.ts +0 -42
package/src/schemas/role.d.ts.map +0 -1
package/src/schemas/role.js +0 -89
package/src/schemas/role.js.map +0 -1
package/src/schemas/schema.d.ts +0 -42
package/src/schemas/schema.d.ts.map +0 -1
package/src/schemas/schema.js +0 -70
package/src/schemas/schema.js.map +0 -1
package/src/schemas/used-direct-login-token.d.ts +0 -37
package/src/schemas/used-direct-login-token.d.ts.map +0 -1
package/src/schemas/used-direct-login-token.js +0 -24
package/src/schemas/used-direct-login-token.js.map +0 -1
package/src/schemas/user-role.d.ts +0 -39
package/src/schemas/user-role.d.ts.map +0 -1
package/src/schemas/user-role.js +0 -55
package/src/schemas/user-role.js.map +0 -1
package/src/schemas/user.d.ts +0 -24
package/src/schemas/user.d.ts.map +0 -1
package/src/schemas/user.js +0 -195
package/src/schemas/user.js.map +0 -1
package/src/services/backup-code.d.ts +0 -76
package/src/services/backup-code.d.ts.map +0 -1
package/src/services/backup-code.js +0 -185
package/src/services/backup-code.js.map +0 -1
package/src/services/base.d.ts +0 -11
package/src/services/base.d.ts.map +0 -1
package/src/services/base.js +0 -15
package/src/services/base.js.map +0 -1
package/src/services/checksum.d.ts +0 -69
package/src/services/checksum.d.ts.map +0 -1
package/src/services/checksum.js +0 -145
package/src/services/checksum.js.map +0 -1
package/src/services/crc.d.ts +0 -87
package/src/services/crc.d.ts.map +0 -1
package/src/services/crc.js +0 -198
package/src/services/crc.js.map +0 -1
package/src/services/database-initialization.d.ts +0 -111
package/src/services/database-initialization.d.ts.map +0 -1
package/src/services/database-initialization.js +0 -878
package/src/services/database-initialization.js.map +0 -1
package/src/services/db-init-cache.d.ts +0 -10
package/src/services/db-init-cache.d.ts.map +0 -1
package/src/services/db-init-cache.js +0 -3
package/src/services/db-init-cache.js.map +0 -1
package/src/services/direct-login-token.d.ts +0 -7
package/src/services/direct-login-token.d.ts.map +0 -1
package/src/services/direct-login-token.js +0 -41
package/src/services/direct-login-token.js.map +0 -1
package/src/services/dummy-email-service.d.ts +0 -11
package/src/services/dummy-email-service.d.ts.map +0 -1
package/src/services/dummy-email-service.js +0 -16
package/src/services/dummy-email-service.js.map +0 -1
package/src/services/fec-usage-example.d.ts +0 -38
package/src/services/fec-usage-example.d.ts.map +0 -1
package/src/services/fec-usage-example.js +0 -75
package/src/services/fec-usage-example.js.map +0 -1
package/src/services/fec.d.ts +0 -46
package/src/services/fec.d.ts.map +0 -1
package/src/services/fec.js +0 -214
package/src/services/fec.js.map +0 -1
package/src/services/index.d.ts.map +0 -1
package/src/services/index.js +0 -23
package/src/services/index.js.map +0 -1
package/src/services/jwt.d.ts +0 -30
package/src/services/jwt.d.ts.map +0 -1
package/src/services/jwt.js +0 -90
package/src/services/jwt.js.map +0 -1
package/src/services/key-wrapping.d.ts +0 -61
package/src/services/key-wrapping.d.ts.map +0 -1
package/src/services/key-wrapping.js +0 -307
package/src/services/key-wrapping.js.map +0 -1
package/src/services/mnemonic.d.ts +0 -62
package/src/services/mnemonic.d.ts.map +0 -1
package/src/services/mnemonic.js +0 -114
package/src/services/mnemonic.js.map +0 -1
package/src/services/request-user.d.ts +0 -23
package/src/services/request-user.d.ts.map +0 -1
package/src/services/request-user.js +0 -68
package/src/services/request-user.js.map +0 -1
package/src/services/role.d.ts +0 -87
package/src/services/role.d.ts.map +0 -1
package/src/services/role.js +0 -279
package/src/services/role.js.map +0 -1
package/src/services/symmetric.d.ts +0 -42
package/src/services/symmetric.d.ts.map +0 -1
package/src/services/symmetric.js +0 -101
package/src/services/symmetric.js.map +0 -1
package/src/services/system-user.d.ts +0 -16
package/src/services/system-user.d.ts.map +0 -1
package/src/services/system-user.js +0 -46
package/src/services/system-user.js.map +0 -1
package/src/services/user.d.ts +0 -345
package/src/services/user.d.ts.map +0 -1
package/src/services/user.js +0 -1447
package/src/services/user.js.map +0 -1
package/src/services/xor.d.ts +0 -24
package/src/services/xor.d.ts.map +0 -1
package/src/services/xor.js +0 -37
package/src/services/xor.js.map +0 -1
package/src/testing.d.ts +0 -3
package/src/testing.d.ts.map +0 -1
package/src/testing.js +0 -7
package/src/testing.js.map +0 -1
package/src/transactions/index.d.ts.map +0 -1
package/src/transactions/index.js +0 -5
package/src/transactions/index.js.map +0 -1
package/src/transactions/transaction-manager.d.ts +0 -12
package/src/transactions/transaction-manager.d.ts.map +0 -1
package/src/transactions/transaction-manager.js +0 -30
package/src/transactions/transaction-manager.js.map +0 -1
package/src/types/app-config.d.ts +0 -16
package/src/types/app-config.d.ts.map +0 -1
package/src/types/app-config.js +0 -3
package/src/types/app-config.js.map +0 -1
package/src/types/controller-config.d.ts +0 -14
package/src/types/controller-config.d.ts.map +0 -1
package/src/types/controller-config.js +0 -3
package/src/types/controller-config.js.map +0 -1
package/src/types/environment-variables.d.ts.map +0 -1
package/src/types/environment-variables.js +0 -39
package/src/types/environment-variables.js.map +0 -1
package/src/types/index.d.ts.map +0 -1
package/src/types/index.js +0 -6
package/src/types/index.js.map +0 -1
package/src/types/mongoose-helpers.d.ts.map +0 -1
package/src/types/mongoose-helpers.js +0 -6
package/src/types/mongoose-helpers.js.map +0 -1
package/src/types.d.ts +0 -104
package/src/types.d.ts.map +0 -1
package/src/types.js +0 -14
package/src/types.js.map +0 -1
package/src/utils.d.ts +0 -211
package/src/utils.d.ts.map +0 -1
package/src/utils.js +0 -818
package/src/utils.js.map +0 -1
package/src/validation/index.d.ts.map +0 -1
package/src/validation/index.js +0 -5
package/src/validation/index.js.map +0 -1
package/src/validation/validation-builder.d.ts +0 -32
package/src/validation/validation-builder.d.ts.map +0 -1
package/src/validation/validation-builder.js +0 -81
package/src/validation/validation-builder.js.map +0 -1

package/src/services/jwt.ts ADDED Viewed

@@ -0,0 +1,146 @@
+/**
+ * @fileoverview JWT token service for authentication and authorization.
+ * Handles JWT token generation, signing, and verification with role-based access control.
+ * @module services/jwt
+ */
+import {
+  ITokenRole,
+  ITokenRoleDTO,
+  ITokenUser,
+} from '@digitaldefiance/suite-core-lib';
+import {
+  JsonWebTokenError,
+  JwtPayload,
+  TokenExpiredError as JwtTokenExpiredError,
+  sign,
+  verify,
+  VerifyOptions,
+} from 'jsonwebtoken';
+import { promisify } from 'util';
+import { IUserDocument } from '../documents/user';
+import { InvalidJwtTokenError } from '../errors/invalid-jwt-token';
+import { TokenExpiredError } from '../errors/token-expired';
+import { IApplication } from '../interfaces/application';
+import { IJwtSignResponse } from '../interfaces/jwt-sign-response';
+import { BaseService } from './base';
+import { RoleService } from './role';
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+const verifyAsync = promisify<
+  string,
+  string | Buffer,
+  VerifyOptions,
+  JwtPayload | string
+>(verify);
+/**
+ * Service for JWT token operations including generation, signing, and verification.
+ * Integrates with role service to embed user roles in JWT tokens.
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TDate - Date type (defaults to Date)
+ * @template TTokenRole - Token role interface type
+ * @template TTokenUser - Token user interface type
+ * @template TApplication - Application interface type
+ * @extends {BaseService<TID, TApplication>}
+ */
+export class JwtService<
+  TID extends PlatformID = Buffer,
+  TDate extends Date = Date,
+  TTokenRole extends ITokenRole<TID, TDate> = ITokenRole<TID, TDate>,
+  TTokenUser extends ITokenUser = ITokenUser,
+  TApplication extends IApplication<TID> = IApplication<TID>,
+> extends BaseService<TID, TApplication> {
+  private readonly roleService: RoleService<TID, TDate, TTokenRole>;
+  /**
+   * Constructor for the JWT service
+   * @param application The application object
+   */
+  constructor(application: TApplication) {
+    super(application);
+    this.roleService = new RoleService<TID, TDate, TTokenRole>(application);
+  }
+  /**
+   * Sign a JWT token for a user
+   * @param userDoc The user document to sign the token for
+   * @param jwtSecret The secret to sign the token with
+   * @param overrideLanguage Optional language to use for role translations
+   * @returns The signed token
+   */
+  public async signToken(
+    userDoc: IUserDocument<string, TID>,
+    jwtSecret: string,
+    overrideLanguage?: string,
+  ): Promise<IJwtSignResponse<TID, TDate, TTokenRole>> {
+    // look for roles the user is a member of (the role contains the user id in the user's roles array)
+    const roles = await this.roleService.getUserRoles(userDoc._id);
+    const tokenRoles: Array<TTokenRole> = this.roleService.rolesToTokenRoles(
+      roles,
+      overrideLanguage,
+    );
+    const tokenRoleDTOs = tokenRoles.map((role) =>
+      RoleService.roleToRoleDTO<TID, TDate>(role),
+    );
+    const roleTranslatedNames = tokenRoles.map((role) => role.translatedName);
+    const roleNames = tokenRoles.map((role) => role.name);
+    const tokenUser = {
+      userId: userDoc._id.toString(),
+      roles: tokenRoleDTOs,
+    } as TTokenUser;
+    // amazonq-ignore-next-line false positive
+    const token = sign(tokenUser, jwtSecret, {
+      algorithm: this.application.constants.JWT.ALGORITHM,
+      allowInsecureKeySizes: false,
+      expiresIn: this.application.constants.JWT.EXPIRATION_SEC,
+    });
+    return {
+      token,
+      tokenUser,
+      roleNames,
+      roleTranslatedNames,
+      roles: tokenRoles,
+      roleDTOs: tokenRoleDTOs,
+    };
+  }
+  /**
+   * Verify a JWT token and return the user data
+   * @param token The token to verify
+   * @returns The user data
+   * @throws InvalidTokenError
+   */
+  public async verifyToken(token: string): Promise<TTokenUser | null> {
+    try {
+      const decoded = (await verifyAsync(
+        token,
+        this.application.environment.jwtSecret,
+        {
+          algorithms: [this.application.constants.JWT.ALGORITHM],
+        },
+      )) as JwtPayload;
+      if (
+        typeof decoded === 'object' &&
+        decoded !== null &&
+        'userId' in decoded &&
+        'roles' in decoded
+      ) {
+        return {
+          userId: decoded['userId'] as string,
+          roles: decoded['roles'] as ITokenRoleDTO[],
+        } as TTokenUser;
+      } else {
+        return null;
+      }
+    } catch (err) {
+      if (err instanceof JwtTokenExpiredError) {
+        throw new TokenExpiredError();
+      } else if (err instanceof JsonWebTokenError) {
+        throw err;
+      }
+      throw new InvalidJwtTokenError();
+    }
+  }
+}

package/src/services/key-wrapping.ts ADDED Viewed

@@ -0,0 +1,528 @@
+/**
+ * @fileoverview Service for password-based key wrapping and unwrapping using AES-256-GCM.
+ * Provides secure master key management, password changes, and generic secret wrapping.
+ * @module services/key-wrapping
+ */
+import { SecureBuffer, SecureString } from '@digitaldefiance/ecies-lib';
+import {
+  Constants,
+  IConstants,
+  Pbkdf2Service,
+} from '@digitaldefiance/node-ecies-lib';
+import {
+  createCipheriv,
+  createDecipheriv,
+  createHash,
+  randomBytes,
+} from 'crypto';
+import { InvalidNewPasswordError, InvalidPasswordError } from '../errors';
+/**
+ * Creates a PBKDF2 service instance from constants.
+ * @param constants Configuration constants
+ * @returns Configured PBKDF2 service
+ */
+function createPbkdf2Service(constants: IConstants): Pbkdf2Service {
+  return Pbkdf2Service.fromConstants(constants);
+}
+/**
+ * Represents a password-wrapped master key with all encryption metadata.
+ */
+export interface WrappedKey {
+  /** Hex-encoded salt for PBKDF2 key derivation */
+  salt: string;
+  /** Hex-encoded initialization vector for AES-GCM */
+  iv: string;
+  /** Hex-encoded authentication tag for AES-GCM */
+  authTag: string;
+  /** Hex-encoded encrypted master key */
+  encryptedMasterKey: string;
+  /** Number of PBKDF2 iterations used */
+  iterations: number;
+}
+/**
+ * Generic password-wrapped secret payload with encryption metadata.
+ */
+export interface PasswordWrappedSecret {
+  /** Hex-encoded salt for PBKDF2 key derivation */
+  salt: string;
+  /** Hex-encoded initialization vector for AES-GCM */
+  iv: string;
+  /** Hex-encoded authentication tag for AES-GCM */
+  authTag: string;
+  /** Hex-encoded encrypted secret data */
+  ciphertext: string;
+  /** Number of PBKDF2 iterations used */
+  iterations: number;
+}
+/**
+ * Service for password-based key wrapping and unwrapping operations.
+ * Provides secure master key management with AES-256-GCM encryption and PBKDF2 key derivation.
+ * Supports both synchronous and asynchronous operations with deduplication for concurrent requests.
+ */
+export class KeyWrappingService {
+  /**
+   * In-flight de-duplication map to share PBKDF2 work across concurrent identical requests.
+   * Stores promises of base64-encoded master key bytes for sharing across callers.
+   * @private
+   */
+  private static inFlightUnwraps: Map<string, Promise<string>> = new Map();
+  /**
+   * Generates a new random master key and wraps it with the user's password.
+   * @param password User's password for wrapping
+   * @param constants Configuration constants (defaults to Constants)
+   * @returns Object containing the master key and wrapped key metadata
+   * @throws {InvalidNewPasswordError} If password doesn't meet requirements
+   */
+  public wrapNewMasterKey(
+    password: SecureString,
+    constants: IConstants = Constants,
+  ): {
+    masterKey: SecureBuffer;
+    wrappedKey: WrappedKey;
+  } {
+    const masterKey = new SecureBuffer(
+      randomBytes(constants.WRAPPED_KEY.MASTER_KEY_SIZE),
+    );
+    const wrappedKey = this.wrapMasterKey(masterKey, password, constants);
+    return { masterKey, wrappedKey };
+  }
+  /**
+   * Wraps an existing master key with a password-derived key using AES-256-GCM.
+   * @param masterKey Master key to wrap
+   * @param password User's password for wrapping
+   * @param constants Configuration constants (defaults to Constants)
+   * @returns Wrapped key metadata including salt, IV, auth tag, and encrypted key
+   * @throws {InvalidNewPasswordError} If password doesn't meet requirements
+   */
+  public wrapMasterKey(
+    masterKey: SecureBuffer,
+    password: SecureString,
+    constants: IConstants = Constants,
+  ): WrappedKey {
+    if (constants.PasswordRegex.test(password.value ?? '') === false) {
+      throw new InvalidNewPasswordError();
+    }
+    const salt = randomBytes(constants.WRAPPED_KEY.SALT_SIZE);
+    const iterations = constants.WRAPPED_KEY.MIN_ITERATIONS;
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Derive key from password using centralized PBKDF2 service
+    const derivedKey = pbkdf2Service.deriveKeyFromPassword(
+      Buffer.from(password.valueAsUint8Array),
+      salt,
+      iterations,
+      constants.WRAPPED_KEY.SALT_SIZE,
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    // Encrypt master key
+    const iv = randomBytes(constants.WRAPPED_KEY.IV_SIZE);
+    const cipher = createCipheriv('aes-256-gcm', passwordKeySecure.value, iv);
+    const encrypted = Buffer.concat([
+      cipher.update(masterKey.value),
+      cipher.final(),
+    ]);
+    const authTag = cipher.getAuthTag();
+    passwordKeySecure.dispose();
+    return {
+      salt: salt.toString('hex'),
+      iv: iv.toString('hex'),
+      authTag: authTag.toString('hex'),
+      encryptedMasterKey: encrypted.toString('hex'),
+      iterations,
+    };
+  }
+  /**
+   * Unwraps a master key using the user's password (synchronous).
+   * @param wrappedKey Wrapped key metadata
+   * @param password User's password for unwrapping
+   * @param constants Configuration constants (defaults to Constants)
+   * @returns Unwrapped master key in a SecureBuffer
+   * @throws {InvalidPasswordError} If password is incorrect or decryption fails
+   */
+  public unwrapMasterKey(
+    wrappedKey: WrappedKey,
+    password: SecureString,
+    constants: IConstants = Constants,
+  ): SecureBuffer {
+    const salt = Buffer.from(wrappedKey.salt, 'hex');
+    const iv = Buffer.from(wrappedKey.iv, 'hex');
+    const authTag = Buffer.from(wrappedKey.authTag, 'hex');
+    const encrypted = Buffer.from(wrappedKey.encryptedMasterKey, 'hex');
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Derive the same key from password using centralized PBKDF2 service
+    const derivedKey = pbkdf2Service.deriveKeyFromPassword(
+      Buffer.from(password.valueAsUint8Array),
+      salt,
+      wrappedKey.iterations,
+      salt.length, // Use actual salt size
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    try {
+      const decipher = createDecipheriv(
+        'aes-256-gcm',
+        passwordKeySecure.value,
+        iv,
+      );
+      decipher.setAuthTag(authTag);
+      const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+      ]);
+      return new SecureBuffer(decrypted);
+    } catch {
+      throw new InvalidPasswordError();
+    } finally {
+      passwordKeySecure.dispose();
+    }
+  }
+  /**
+   * Async version of unwrapMasterKey that uses libuv threadpool via crypto.pbkdf2
+   * to avoid blocking the event loop during password verification.
+   * @param wrappedKey Wrapped key metadata
+   * @param password User's password (SecureString or raw string)
+   * @param constants Configuration constants (defaults to Constants)
+   * @returns Promise resolving to unwrapped master key in a SecureBuffer
+   * @throws {InvalidPasswordError} If password is incorrect or decryption fails
+   */
+  public async unwrapMasterKeyAsync(
+    wrappedKey: WrappedKey,
+    password: SecureString | string,
+    constants: IConstants = Constants,
+  ): Promise<SecureBuffer> {
+    const __perfEnabled = process.env['PERF_LOGS'] === '1';
+    const _t0 = __perfEnabled ? Date.now() : 0;
+    const salt = Buffer.from(wrappedKey.salt, 'hex');
+    const iv = Buffer.from(wrappedKey.iv, 'hex');
+    const authTag = Buffer.from(wrappedKey.authTag, 'hex');
+    const encrypted = Buffer.from(wrappedKey.encryptedMasterKey, 'hex');
+    // Accept either a SecureString (preferred) or a raw password string to avoid
+    // expensive SecureString construction in the hot login path.
+    const pwdBuffer =
+      // amazonq-ignore-next-line false positive
+      typeof password === 'string'
+        ? Buffer.from(password, 'utf8')
+        : Buffer.from(password.valueAsUint8Array);
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Use centralized PBKDF2 service for async key derivation
+    const derivedKey = await pbkdf2Service.deriveKeyFromPasswordAsync(
+      pwdBuffer,
+      salt,
+      wrappedKey.iterations,
+      salt.length, // Use actual salt size
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    try {
+      const decipher = createDecipheriv(
+        'aes-256-gcm',
+        passwordKeySecure.value,
+        iv,
+      );
+      decipher.setAuthTag(authTag);
+      const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+      ]);
+      if (__perfEnabled)
+        console.warn(
+          '[perf] unwrapMasterKeyAsync pbkdf2',
+          'iters=' + String(wrappedKey.iterations).replace(/[\r\n]/g, ''),
+          'dt=' + (Date.now() - _t0) + 'ms',
+        );
+      return new SecureBuffer(decrypted);
+    } catch {
+      throw new InvalidPasswordError();
+    } finally {
+      // Best-effort zero the temporary password buffer
+      try {
+        pwdBuffer.fill(0);
+      } catch {
+        // ignore
+      }
+      passwordKeySecure.dispose();
+    }
+  }
+  /**
+   * Deduplicated async unwrap that coalesces concurrent identical PBKDF2 operations.
+   * Keyed by salt + iterations + password hash to avoid redundant computation.
+   * @param wrappedKey Wrapped key metadata
+   * @param password User's password as string
+   * @param constants Configuration constants (defaults to Constants)
+   * @returns Promise resolving to unwrapped master key in a SecureBuffer
+   * @throws {InvalidPasswordError} If password is incorrect or decryption fails
+   */
+  public async unwrapMasterKeyAsyncDedup(
+    wrappedKey: WrappedKey,
+    password: string,
+    constants: IConstants = Constants,
+  ): Promise<SecureBuffer> {
+    // Derive a short cache key; avoid storing raw password by hashing
+    const pwdKey = createHash('sha256')
+      .update(password, 'utf8')
+      .digest('hex')
+      .slice(0, 24);
+    const cacheKey = `${wrappedKey.salt}:${wrappedKey.iterations}:${pwdKey}`;
+    let p = KeyWrappingService.inFlightUnwraps.get(cacheKey);
+    if (!p) {
+      // Compute once, extract raw bytes, dispose the shared SecureBuffer, and cache the bytes
+      p = (async () => {
+        const mk = await this.unwrapMasterKeyAsync(
+          wrappedKey,
+          password,
+          constants,
+        );
+        try {
+          const copy = Buffer.from(mk.value);
+          const b64 = copy.toString('base64');
+          // zeroize copy
+          copy.fill(0);
+          return b64;
+        } finally {
+          mk.dispose();
+        }
+      })().finally(() => {
+        // Best-effort cleanup
+        KeyWrappingService.inFlightUnwraps.delete(cacheKey);
+      }) as Promise<string>;
+      KeyWrappingService.inFlightUnwraps.set(cacheKey, p);
+    }
+    const b64 = await p;
+    // Return a fresh SecureBuffer per caller to avoid cross-disposal races
+    const buf = Buffer.from(b64, 'base64');
+    const secure = new SecureBuffer(Buffer.from(buf));
+    buf.fill(0);
+    return secure;
+  }
+  /**
+   * Changes password by re-wrapping the master key with a new password.
+   * @param wrappedKey Current wrapped key metadata
+   * @param oldPassword Current password
+   * @param newPassword New password
+   * @param constants Configuration constants (defaults to Constants)
+   * @returns New wrapped key metadata
+   * @throws {InvalidPasswordError} If old password is incorrect
+   * @throws {InvalidNewPasswordError} If new password doesn't meet requirements
+   */
+  public changePassword(
+    wrappedKey: WrappedKey,
+    oldPassword: SecureString,
+    newPassword: SecureString,
+    constants: IConstants = Constants,
+  ): WrappedKey {
+    // Unwrap with old password
+    const masterKey = this.unwrapMasterKey(wrappedKey, oldPassword, constants);
+    try {
+      // Re-wrap with new password
+      return this.wrapMasterKey(masterKey, newPassword, constants);
+    } finally {
+      masterKey.dispose();
+    }
+  }
+  /**
+   * Wraps arbitrary secret bytes with a password-derived key using AES-256-GCM.
+   * @param secret Secret data to wrap
+   * @param password User's password for wrapping
+   * @param constants Configuration constants (defaults to Constants)
+   * @returns Password-wrapped secret metadata
+   * @throws {InvalidNewPasswordError} If password doesn't meet requirements
+   */
+  public wrapSecret(
+    secret: SecureBuffer,
+    password: SecureString,
+    constants: IConstants = Constants,
+  ): PasswordWrappedSecret {
+    if (constants.PasswordRegex.test(password.value ?? '') === false) {
+      throw new InvalidNewPasswordError();
+    }
+    const salt = randomBytes(constants.WRAPPED_KEY.SALT_SIZE);
+    const iterations = constants.WRAPPED_KEY.MIN_ITERATIONS;
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Derive key from password using centralized PBKDF2 service
+    const derivedKey = pbkdf2Service.deriveKeyFromPassword(
+      Buffer.from(password.valueAsUint8Array),
+      salt,
+      iterations,
+      constants.WRAPPED_KEY.SALT_SIZE,
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    try {
+      const iv = randomBytes(constants.WRAPPED_KEY.IV_SIZE);
+      const cipher = createCipheriv('aes-256-gcm', passwordKeySecure.value, iv);
+      const encrypted = Buffer.concat([
+        cipher.update(secret.value),
+        cipher.final(),
+      ]);
+      const authTag = cipher.getAuthTag();
+      return {
+        salt: salt.toString('hex'),
+        iv: iv.toString('hex'),
+        authTag: authTag.toString('hex'),
+        ciphertext: encrypted.toString('hex'),
+        iterations,
+      };
+    } finally {
+      passwordKeySecure.dispose();
+    }
+  }
+  /**
+   * Unwraps a password-wrapped secret (synchronous).
+   * @param wrapped Password-wrapped secret metadata
+   * @param password User's password for unwrapping
+   * @param constants Configuration constants (defaults to Constants)
+   * @returns Unwrapped secret in a SecureBuffer
+   * @throws {InvalidPasswordError} If password is incorrect or decryption fails
+   */
+  public unwrapSecret(
+    wrapped: PasswordWrappedSecret,
+    password: SecureString,
+    constants: IConstants = Constants,
+  ): SecureBuffer {
+    const salt = Buffer.from(wrapped.salt, 'hex');
+    const iv = Buffer.from(wrapped.iv, 'hex');
+    const authTag = Buffer.from(wrapped.authTag, 'hex');
+    const encrypted = Buffer.from(wrapped.ciphertext, 'hex');
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Derive key from password using centralized PBKDF2 service
+    const derivedKey = pbkdf2Service.deriveKeyFromPassword(
+      Buffer.from(password.valueAsUint8Array),
+      salt,
+      wrapped.iterations,
+      salt.length, // Use actual salt size
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    try {
+      const decipher = createDecipheriv(
+        'aes-256-gcm',
+        passwordKeySecure.value,
+        iv,
+      );
+      decipher.setAuthTag(authTag);
+      const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+      ]);
+      return new SecureBuffer(decrypted);
+    } catch {
+      throw new InvalidPasswordError();
+    } finally {
+      passwordKeySecure.dispose();
+    }
+  }
+  /**
+   * Unwraps a password-wrapped secret using async PBKDF2 to avoid blocking.
+   * @param wrapped Password-wrapped secret metadata
+   * @param password User's password (SecureString or raw string)
+   * @param constants Configuration constants (defaults to Constants)
+   * @returns Promise resolving to unwrapped secret in a SecureBuffer
+   * @throws {InvalidPasswordError} If password is incorrect or decryption fails
+   * @throws {Error} If password is undefined, null, or invalid type
+   */
+  public async unwrapSecretAsync(
+    wrapped: PasswordWrappedSecret,
+    password: SecureString | string,
+    constants: IConstants = Constants,
+  ): Promise<SecureBuffer> {
+    const salt = Buffer.from(wrapped.salt, 'hex');
+    const iv = Buffer.from(wrapped.iv, 'hex');
+    const authTag = Buffer.from(wrapped.authTag, 'hex');
+    const encrypted = Buffer.from(wrapped.ciphertext, 'hex');
+    // Validate password parameter before using it
+    // amazonq-ignore-next-line false positive
+    if (typeof password === 'string') {
+      if (password === undefined || password === null) {
+        throw new Error('Password cannot be undefined or null');
+      }
+    } else if (!(password instanceof SecureString)) {
+      throw new Error('Password must be provided as string or SecureString');
+    }
+    const pwdBuffer =
+      // amazonq-ignore-next-line false positive
+      typeof password === 'string'
+        ? Buffer.from(password, 'utf8')
+        : await (async () => password.valueAsUint8Array)();
+    // Additional safety check
+    if (!pwdBuffer) {
+      throw new Error(
+        'Failed to create password buffer - password may be invalid',
+      );
+    }
+    const pbkdf2Service = createPbkdf2Service(constants);
+    // Use centralized PBKDF2 service for async key derivation
+    const derivedKey = await pbkdf2Service.deriveKeyFromPasswordAsync(
+      Buffer.from(pwdBuffer),
+      salt,
+      wrapped.iterations,
+      salt.length, // Use actual salt size
+      32, // AES-256 key size
+      'sha256', // Keep existing algorithm for compatibility
+    );
+    const passwordKeySecure = new SecureBuffer(derivedKey.hash);
+    try {
+      const decipher = createDecipheriv(
+        'aes-256-gcm',
+        passwordKeySecure.value,
+        iv,
+      );
+      decipher.setAuthTag(authTag);
+      const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+      ]);
+      return new SecureBuffer(decrypted);
+    } catch {
+      throw new InvalidPasswordError();
+    } finally {
+      try {
+        pwdBuffer.fill(0);
+      } catch {
+        // ignore
+      }
+      passwordKeySecure.dispose();
+    }
+  }
+}