npm - @digitaldefiance/node-express-suite - Versions diffs - 3.7.4 → 3.7.5 - Mend

@digitaldefiance/node-express-suite 3.7.4 → 3.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (878) hide show

package/LICENSE +21 -0
package/package.json +4 -5
package/src/__tests__/fixtures/{index.d.ts → index.ts} +0 -1
package/src/__tests__/fixtures/model-mocks.mock.ts +164 -0
package/src/__tests__/helpers/application.mock.ts +89 -0
package/src/__tests__/helpers/{index.d.ts → index.ts} +0 -1
package/src/__tests__/helpers/setup-test-env.ts +202 -0
package/src/__tests__/{index.d.ts → index.ts} +0 -1
package/src/application-base.ts +548 -0
package/src/application-concrete.ts +62 -0
package/src/application.ts +330 -0
package/src/backup-code.ts +348 -0
package/src/builders/application-builder.ts +147 -0
package/src/builders/{index.d.ts → index.ts} +0 -1
package/src/constants.ts +89 -0
package/src/container/{index.d.ts → index.ts} +0 -1
package/src/container/service-container.ts +85 -0
package/src/container/service-definitions.ts +23 -0
package/src/controllers/base.ts +512 -0
package/src/controllers/{index.d.ts → index.ts} +0 -1
package/src/controllers/user.ts +1734 -0
package/src/database/database-initializer.ts +13 -0
package/src/database/{index.d.ts → index.ts} +0 -1
package/src/decorators/base-controller.ts +91 -0
package/src/decorators/controller.ts +152 -0
package/src/decorators/{index.d.ts → index.ts} +0 -1
package/src/decorators/zod-validation.ts +64 -0
package/src/defaults.ts +259 -0
package/src/documents/base.ts +17 -0
package/src/documents/email-token.ts +20 -0
package/src/documents/{index.d.ts → index.ts} +0 -1
package/src/documents/mnemonic.ts +20 -0
package/src/documents/role.ts +19 -0
package/src/documents/used-direct-login-token.ts +18 -0
package/src/documents/user-role.ts +20 -0
package/src/documents/user.ts +20 -0
package/src/enumerations/base-model-name.ts +47 -0
package/src/enumerations/{index.d.ts → index.ts} +0 -1
package/src/enumerations/length-encoding-type.ts +16 -0
package/src/enumerations/schema-collection.ts +39 -0
package/src/enumerations/symmetric-error-type.ts +13 -0
package/src/environment.ts +859 -0
package/src/errors/express-validation.ts +38 -0
package/src/errors/{index.d.ts → index.ts} +0 -1
package/src/errors/invalid-backup-code-version.ts +30 -0
package/src/errors/invalid-jwt-token.ts +24 -0
package/src/errors/invalid-model.ts +24 -0
package/src/errors/invalid-new-password.ts +33 -0
package/src/errors/invalid-password.ts +28 -0
package/src/errors/missing-validated-data.ts +55 -0
package/src/errors/mnemonic-or-password-required.ts +26 -0
package/src/errors/model-not-registered.ts +24 -0
package/src/errors/mongoose-validation.ts +56 -0
package/src/errors/symmetric.ts +53 -0
package/src/errors/token-expired.ts +24 -0
package/src/get-language.ts +64 -0
package/src/get-timezone.ts +76 -0
package/src/{index.d.ts → index.ts} +44 -2
package/src/interfaces/api-error-response.ts +15 -0
package/src/interfaces/api-express-validation-error-response.ts +17 -0
package/src/interfaces/api-message-response.ts +12 -0
package/src/interfaces/api-mongo-validation-error-response.ts +17 -0
package/src/interfaces/api-responses/backup-codes-response.ts +15 -0
package/src/interfaces/api-responses/challenge-response.ts +17 -0
package/src/interfaces/api-responses/code-count-response.ts +12 -0
package/src/interfaces/api-responses/{index.d.ts → index.ts} +0 -1
package/src/interfaces/api-responses/login-response.ts +18 -0
package/src/interfaces/api-responses/mnemonic-response.ts +15 -0
package/src/interfaces/api-responses/registration-response.ts +17 -0
package/src/interfaces/api-responses/request-user-response.ts +16 -0
package/src/interfaces/api-responses/user-settings-response.ts +19 -0
package/src/interfaces/application.ts +40 -0
package/src/interfaces/backend-objects/email-token.ts +18 -0
package/src/interfaces/backend-objects/{index.d.ts → index.ts} +0 -1
package/src/interfaces/backend-objects/request-user.ts +19 -0
package/src/interfaces/backend-objects/role.ts +18 -0
package/src/interfaces/backend-objects/user.ts +18 -0
package/src/interfaces/checksum-config.ts +15 -0
package/src/interfaces/checksum-consts.ts +23 -0
package/src/interfaces/constants.ts +114 -0
package/src/interfaces/controller-config.ts +54 -0
package/src/interfaces/create-user-basics.ts +24 -0
package/src/interfaces/csp-config.ts +32 -0
package/src/interfaces/csp-definition.ts +71 -0
package/src/interfaces/db-init-result.ts +17 -0
package/src/interfaces/deep-partial.ts +14 -0
package/src/interfaces/discriminator-collections.ts +21 -0
package/src/interfaces/email-service.ts +26 -0
package/src/interfaces/environment-mongo.ts +86 -0
package/src/interfaces/environment.ts +191 -0
package/src/interfaces/failable-result.ts +20 -0
package/src/interfaces/fec-consts.ts +14 -0
package/src/interfaces/flexible-csp.ts +35 -0
package/src/interfaces/handleable-error-options.ts +19 -0
package/src/interfaces/{index.d.ts → index.ts} +0 -1
package/src/interfaces/jwt-consts.ts +33 -0
package/src/interfaces/jwt-sign-response.ts +31 -0
package/src/interfaces/models/email-token.ts +13 -0
package/src/interfaces/models/{index.d.ts → index.ts} +0 -1
package/src/interfaces/models/mnemonic.ts +14 -0
package/src/interfaces/models/role.ts +13 -0
package/src/interfaces/models/token-role.ts +23 -0
package/src/interfaces/models/used-direct-login-token.ts +21 -0
package/src/interfaces/models/user-role.ts +23 -0
package/src/interfaces/models/user.ts +30 -0
package/src/interfaces/mongo-errors.ts +14 -0
package/src/interfaces/request-user.ts +80 -0
package/src/interfaces/required-string-keys.ts +33 -0
package/src/interfaces/schema.ts +43 -0
package/src/interfaces/server-init-result.ts +48 -0
package/src/interfaces/status-code-response.ts +20 -0
package/src/interfaces/symmetric-encryption-results.d.ts.map +1 -1
package/src/interfaces/symmetric-encryption-results.js.map +1 -1
package/src/interfaces/symmetric-encryption-results.ts +15 -0
package/src/interfaces/test-environment.ts +23 -0
package/src/interfaces/token-response.ts +16 -0
package/src/middleware-utils.ts +138 -0
package/src/middlewares/authenticate-crypto.ts +237 -0
package/src/middlewares/authenticate-token.ts +165 -0
package/src/middlewares/cleanup-crypto.ts +47 -0
package/src/middlewares/{index.d.ts → index.ts} +0 -1
package/src/middlewares/set-global-context-language.ts +38 -0
package/src/model-registry.ts +142 -0
package/src/models/email-token.ts +49 -0
package/src/models/{index.d.ts → index.ts} +0 -1
package/src/models/mnemonic.ts +42 -0
package/src/models/role.ts +38 -0
package/src/models/used-direct-login-token.ts +49 -0
package/src/models/user-role.ts +40 -0
package/src/models/user.ts +42 -0
package/src/pipeline/{index.d.ts → index.ts} +0 -1
package/src/pipeline/pipeline-builder.ts +27 -0
package/src/plugins/{index.d.ts → index.ts} +0 -1
package/src/plugins/plugin-interface.ts +19 -0
package/src/plugins/plugin-manager.ts +53 -0
package/src/registry/email-service-registry.ts +76 -0
package/src/registry/{index.d.ts → index.ts} +0 -1
package/src/responses/{index.d.ts → index.ts} +0 -1
package/src/responses/response-builder.ts +166 -0
package/src/routers/api.ts +233 -0
package/src/routers/app.ts +395 -0
package/src/routers/base.ts +34 -0
package/src/routers/{index.d.ts → index.ts} +0 -1
package/src/routers/router-config.ts +34 -0
package/src/routing/index.ts +1 -0
package/src/routing/route-builder.ts +214 -0
package/src/schemas/email-token.ts +112 -0
package/src/schemas/{index.d.ts → index.ts} +0 -1
package/src/schemas/mnemonic.ts +48 -0
package/src/schemas/role.ts +153 -0
package/src/schemas/schema.ts +185 -0
package/src/schemas/used-direct-login-token.ts +58 -0
package/src/schemas/user-role.ts +93 -0
package/src/schemas/user.ts +244 -0
package/src/services/backup-code.ts +327 -0
package/src/services/base.ts +46 -0
package/src/services/checksum.ts +189 -0
package/src/services/database-initialization.ts +1653 -0
package/src/services/db-init-cache.ts +28 -0
package/src/services/direct-login-token.ts +83 -0
package/src/services/dummy-email-service.ts +43 -0
package/src/services/fec-usage-example.ts +123 -0
package/src/services/fec.ts +399 -0
package/src/services/{index.d.ts → index.ts} +0 -1
package/src/services/jwt.ts +146 -0
package/src/services/key-wrapping.ts +528 -0
package/src/services/mnemonic.ts +174 -0
package/src/services/request-user.ts +127 -0
package/src/services/role.ts +417 -0
package/src/services/symmetric.ts +164 -0
package/src/services/system-user.ts +87 -0
package/src/services/user.ts +2324 -0
package/src/services/xor.ts +39 -0
package/src/testing.ts +9 -0
package/src/transactions/{index.d.ts → index.ts} +0 -1
package/src/transactions/transaction-manager.ts +63 -0
package/src/types/app-config.ts +36 -0
package/src/types/controller-config.ts +28 -0
package/src/types/{environment-variables.d.ts → environment-variables.ts} +32 -5
package/src/types/{index.d.ts → index.ts} +0 -1
package/src/types/{mongoose-helpers.d.ts → mongoose-helpers.ts} +8 -2
package/src/types/mongoose-override.d.ts +1 -0
package/src/types/mongoose.d.ts +1 -0
package/src/types.ts +189 -0
package/src/utils.ts +1116 -0
package/src/validation/{index.d.ts → index.ts} +0 -1
package/src/validation/validation-builder.ts +155 -0
package/src/__tests__/fixtures/index.d.ts.map +0 -1
package/src/__tests__/fixtures/index.js +0 -5
package/src/__tests__/fixtures/index.js.map +0 -1
package/src/__tests__/fixtures/model-mocks.mock.d.ts +0 -12
package/src/__tests__/fixtures/model-mocks.mock.d.ts.map +0 -1
package/src/__tests__/fixtures/model-mocks.mock.js +0 -102
package/src/__tests__/fixtures/model-mocks.mock.js.map +0 -1
package/src/__tests__/helpers/application.mock.d.ts +0 -8
package/src/__tests__/helpers/application.mock.d.ts.map +0 -1
package/src/__tests__/helpers/application.mock.js +0 -77
package/src/__tests__/helpers/application.mock.js.map +0 -1
package/src/__tests__/helpers/index.d.ts.map +0 -1
package/src/__tests__/helpers/index.js +0 -7
package/src/__tests__/helpers/index.js.map +0 -1
package/src/__tests__/helpers/setup-test-env.d.ts +0 -12
package/src/__tests__/helpers/setup-test-env.d.ts.map +0 -1
package/src/__tests__/helpers/setup-test-env.js +0 -121
package/src/__tests__/helpers/setup-test-env.js.map +0 -1
package/src/__tests__/index.d.ts.map +0 -1
package/src/__tests__/index.js +0 -6
package/src/__tests__/index.js.map +0 -1
package/src/application-base.d.ts +0 -123
package/src/application-base.d.ts.map +0 -1
package/src/application-base.js +0 -359
package/src/application-base.js.map +0 -1
package/src/application-concrete.d.ts +0 -13
package/src/application-concrete.d.ts.map +0 -1
package/src/application-concrete.js +0 -21
package/src/application-concrete.js.map +0 -1
package/src/application.d.ts +0 -29
package/src/application.d.ts.map +0 -1
package/src/application.js +0 -167
package/src/application.js.map +0 -1
package/src/backup-code.d.ts +0 -67
package/src/backup-code.d.ts.map +0 -1
package/src/backup-code.js +0 -238
package/src/backup-code.js.map +0 -1
package/src/builders/application-builder.d.ts +0 -35
package/src/builders/application-builder.d.ts.map +0 -1
package/src/builders/application-builder.js +0 -64
package/src/builders/application-builder.js.map +0 -1
package/src/builders/index.d.ts.map +0 -1
package/src/builders/index.js +0 -5
package/src/builders/index.js.map +0 -1
package/src/constants.d.ts +0 -16
package/src/constants.d.ts.map +0 -1
package/src/constants.js +0 -58
package/src/constants.js.map +0 -1
package/src/container/index.d.ts.map +0 -1
package/src/container/index.js +0 -6
package/src/container/index.js.map +0 -1
package/src/container/service-container.d.ts +0 -11
package/src/container/service-container.d.ts.map +0 -1
package/src/container/service-container.js +0 -38
package/src/container/service-container.js.map +0 -1
package/src/container/service-definitions.d.ts +0 -11
package/src/container/service-definitions.d.ts.map +0 -1
package/src/container/service-definitions.js +0 -13
package/src/container/service-definitions.js.map +0 -1
package/src/controllers/base.d.ts +0 -67
package/src/controllers/base.d.ts.map +0 -1
package/src/controllers/base.js +0 -305
package/src/controllers/base.js.map +0 -1
package/src/controllers/index.d.ts.map +0 -1
package/src/controllers/index.js +0 -6
package/src/controllers/index.js.map +0 -1
package/src/controllers/user.d.ts +0 -49
package/src/controllers/user.d.ts.map +0 -1
package/src/controllers/user.js +0 -919
package/src/controllers/user.js.map +0 -1
package/src/database/database-initializer.d.ts +0 -7
package/src/database/database-initializer.d.ts.map +0 -1
package/src/database/database-initializer.js +0 -3
package/src/database/database-initializer.js.map +0 -1
package/src/database/index.d.ts.map +0 -1
package/src/database/index.js +0 -5
package/src/database/index.js.map +0 -1
package/src/decorators/base-controller.d.ts +0 -11
package/src/decorators/base-controller.d.ts.map +0 -1
package/src/decorators/base-controller.js +0 -60
package/src/decorators/base-controller.js.map +0 -1
package/src/decorators/controller.d.ts +0 -38
package/src/decorators/controller.d.ts.map +0 -1
package/src/decorators/controller.js +0 -68
package/src/decorators/controller.js.map +0 -1
package/src/decorators/index.d.ts.map +0 -1
package/src/decorators/index.js +0 -7
package/src/decorators/index.js.map +0 -1
package/src/decorators/zod-validation.d.ts +0 -5
package/src/decorators/zod-validation.d.ts.map +0 -1
package/src/decorators/zod-validation.js +0 -48
package/src/decorators/zod-validation.js.map +0 -1
package/src/defaults.d.ts +0 -7
package/src/defaults.d.ts.map +0 -1
package/src/defaults.js +0 -205
package/src/defaults.js.map +0 -1
package/src/documents/base.d.ts +0 -4
package/src/documents/base.d.ts.map +0 -1
package/src/documents/base.js +0 -3
package/src/documents/base.js.map +0 -1
package/src/documents/email-token.d.ts +0 -8
package/src/documents/email-token.d.ts.map +0 -1
package/src/documents/email-token.js +0 -3
package/src/documents/email-token.js.map +0 -1
package/src/documents/index.d.ts.map +0 -1
package/src/documents/index.js +0 -3
package/src/documents/index.js.map +0 -1
package/src/documents/mnemonic.d.ts +0 -8
package/src/documents/mnemonic.d.ts.map +0 -1
package/src/documents/mnemonic.js +0 -3
package/src/documents/mnemonic.js.map +0 -1
package/src/documents/role.d.ts +0 -8
package/src/documents/role.d.ts.map +0 -1
package/src/documents/role.js +0 -3
package/src/documents/role.js.map +0 -1
package/src/documents/used-direct-login-token.d.ts +0 -5
package/src/documents/used-direct-login-token.d.ts.map +0 -1
package/src/documents/used-direct-login-token.js +0 -3
package/src/documents/used-direct-login-token.js.map +0 -1
package/src/documents/user-role.d.ts +0 -8
package/src/documents/user-role.d.ts.map +0 -1
package/src/documents/user-role.js +0 -3
package/src/documents/user-role.js.map +0 -1
package/src/documents/user.d.ts +0 -8
package/src/documents/user.d.ts.map +0 -1
package/src/documents/user.js +0 -3
package/src/documents/user.js.map +0 -1
package/src/enumerations/base-model-name.d.ts +0 -38
package/src/enumerations/base-model-name.d.ts.map +0 -1
package/src/enumerations/base-model-name.js +0 -34
package/src/enumerations/base-model-name.js.map +0 -1
package/src/enumerations/index.d.ts.map +0 -1
package/src/enumerations/index.js +0 -8
package/src/enumerations/index.js.map +0 -1
package/src/enumerations/length-encoding-type.d.ts +0 -7
package/src/enumerations/length-encoding-type.d.ts.map +0 -1
package/src/enumerations/length-encoding-type.js +0 -11
package/src/enumerations/length-encoding-type.js.map +0 -1
package/src/enumerations/schema-collection.d.ts +0 -34
package/src/enumerations/schema-collection.d.ts.map +0 -1
package/src/enumerations/schema-collection.js +0 -38
package/src/enumerations/schema-collection.js.map +0 -1
package/src/enumerations/symmetric-error-type.d.ts +0 -5
package/src/enumerations/symmetric-error-type.d.ts.map +0 -1
package/src/enumerations/symmetric-error-type.js +0 -9
package/src/enumerations/symmetric-error-type.js.map +0 -1
package/src/environment.d.ts +0 -189
package/src/environment.d.ts.map +0 -1
package/src/environment.js +0 -641
package/src/environment.js.map +0 -1
package/src/errors/express-validation.d.ts +0 -9
package/src/errors/express-validation.d.ts.map +0 -1
package/src/errors/express-validation.js +0 -18
package/src/errors/express-validation.js.map +0 -1
package/src/errors/index.d.ts.map +0 -1
package/src/errors/index.js +0 -16
package/src/errors/index.js.map +0 -1
package/src/errors/invalid-backup-code-version.d.ts +0 -6
package/src/errors/invalid-backup-code-version.d.ts.map +0 -1
package/src/errors/invalid-backup-code-version.js +0 -16
package/src/errors/invalid-backup-code-version.js.map +0 -1
package/src/errors/invalid-jwt-token.d.ts +0 -5
package/src/errors/invalid-jwt-token.d.ts.map +0 -1
package/src/errors/invalid-jwt-token.js +0 -12
package/src/errors/invalid-jwt-token.js.map +0 -1
package/src/errors/invalid-model.d.ts +0 -6
package/src/errors/invalid-model.d.ts.map +0 -1
package/src/errors/invalid-model.js +0 -14
package/src/errors/invalid-model.js.map +0 -1
package/src/errors/invalid-new-password.d.ts +0 -5
package/src/errors/invalid-new-password.d.ts.map +0 -1
package/src/errors/invalid-new-password.js +0 -14
package/src/errors/invalid-new-password.js.map +0 -1
package/src/errors/invalid-password.d.ts +0 -5
package/src/errors/invalid-password.d.ts.map +0 -1
package/src/errors/invalid-password.js +0 -14
package/src/errors/invalid-password.js.map +0 -1
package/src/errors/missing-validated-data.d.ts +0 -7
package/src/errors/missing-validated-data.d.ts.map +0 -1
package/src/errors/missing-validated-data.js +0 -36
package/src/errors/missing-validated-data.js.map +0 -1
package/src/errors/mnemonic-or-password-required.d.ts +0 -5
package/src/errors/mnemonic-or-password-required.d.ts.map +0 -1
package/src/errors/mnemonic-or-password-required.js +0 -14
package/src/errors/mnemonic-or-password-required.js.map +0 -1
package/src/errors/model-not-registered.d.ts +0 -6
package/src/errors/model-not-registered.d.ts.map +0 -1
package/src/errors/model-not-registered.js +0 -14
package/src/errors/model-not-registered.js.map +0 -1
package/src/errors/mongoose-validation.d.ts +0 -12
package/src/errors/mongoose-validation.d.ts.map +0 -1
package/src/errors/mongoose-validation.js +0 -17
package/src/errors/mongoose-validation.js.map +0 -1
package/src/errors/symmetric.d.ts +0 -8
package/src/errors/symmetric.d.ts.map +0 -1
package/src/errors/symmetric.js +0 -22
package/src/errors/symmetric.js.map +0 -1
package/src/errors/token-expired.d.ts +0 -5
package/src/errors/token-expired.d.ts.map +0 -1
package/src/errors/token-expired.js +0 -12
package/src/errors/token-expired.js.map +0 -1
package/src/get-language.d.ts +0 -2
package/src/get-language.d.ts.map +0 -1
package/src/get-language.js +0 -30
package/src/get-language.js.map +0 -1
package/src/get-timezone.d.ts +0 -2
package/src/get-timezone.d.ts.map +0 -1
package/src/get-timezone.js +0 -39
package/src/get-timezone.js.map +0 -1
package/src/index.d.ts.map +0 -1
package/src/index.js +0 -80
package/src/index.js.map +0 -1
package/src/interfaces/api-error-response.d.ts +0 -5
package/src/interfaces/api-error-response.d.ts.map +0 -1
package/src/interfaces/api-error-response.js +0 -3
package/src/interfaces/api-error-response.js.map +0 -1
package/src/interfaces/api-express-validation-error-response.d.ts +0 -7
package/src/interfaces/api-express-validation-error-response.d.ts.map +0 -1
package/src/interfaces/api-express-validation-error-response.js +0 -3
package/src/interfaces/api-express-validation-error-response.js.map +0 -1
package/src/interfaces/api-message-response.d.ts +0 -4
package/src/interfaces/api-message-response.d.ts.map +0 -1
package/src/interfaces/api-message-response.js +0 -3
package/src/interfaces/api-message-response.js.map +0 -1
package/src/interfaces/api-mongo-validation-error-response.d.ts +0 -6
package/src/interfaces/api-mongo-validation-error-response.d.ts.map +0 -1
package/src/interfaces/api-mongo-validation-error-response.js +0 -3
package/src/interfaces/api-mongo-validation-error-response.js.map +0 -1
package/src/interfaces/api-responses/backup-codes-response.d.ts +0 -5
package/src/interfaces/api-responses/backup-codes-response.d.ts.map +0 -1
package/src/interfaces/api-responses/backup-codes-response.js +0 -3
package/src/interfaces/api-responses/backup-codes-response.js.map +0 -1
package/src/interfaces/api-responses/challenge-response.d.ts +0 -6
package/src/interfaces/api-responses/challenge-response.d.ts.map +0 -1
package/src/interfaces/api-responses/challenge-response.js +0 -3
package/src/interfaces/api-responses/challenge-response.js.map +0 -1
package/src/interfaces/api-responses/code-count-response.d.ts +0 -5
package/src/interfaces/api-responses/code-count-response.d.ts.map +0 -1
package/src/interfaces/api-responses/code-count-response.js +0 -3
package/src/interfaces/api-responses/code-count-response.js.map +0 -1
package/src/interfaces/api-responses/index.d.ts.map +0 -1
package/src/interfaces/api-responses/index.js +0 -12
package/src/interfaces/api-responses/index.js.map +0 -1
package/src/interfaces/api-responses/login-response.d.ts +0 -8
package/src/interfaces/api-responses/login-response.d.ts.map +0 -1
package/src/interfaces/api-responses/login-response.js +0 -3
package/src/interfaces/api-responses/login-response.js.map +0 -1
package/src/interfaces/api-responses/mnemonic-response.d.ts +0 -5
package/src/interfaces/api-responses/mnemonic-response.d.ts.map +0 -1
package/src/interfaces/api-responses/mnemonic-response.js +0 -3
package/src/interfaces/api-responses/mnemonic-response.js.map +0 -1
package/src/interfaces/api-responses/registration-response.d.ts +0 -6
package/src/interfaces/api-responses/registration-response.d.ts.map +0 -1
package/src/interfaces/api-responses/registration-response.js +0 -3
package/src/interfaces/api-responses/registration-response.js.map +0 -1
package/src/interfaces/api-responses/request-user-response.d.ts +0 -6
package/src/interfaces/api-responses/request-user-response.d.ts.map +0 -1
package/src/interfaces/api-responses/request-user-response.js +0 -3
package/src/interfaces/api-responses/request-user-response.js.map +0 -1
package/src/interfaces/api-responses/user-settings-response.d.ts +0 -12
package/src/interfaces/api-responses/user-settings-response.d.ts.map +0 -1
package/src/interfaces/api-responses/user-settings-response.js +0 -3
package/src/interfaces/api-responses/user-settings-response.js.map +0 -1
package/src/interfaces/application.d.ts +0 -17
package/src/interfaces/application.d.ts.map +0 -1
package/src/interfaces/application.js +0 -3
package/src/interfaces/application.js.map +0 -1
package/src/interfaces/backend-objects/email-token.d.ts +0 -4
package/src/interfaces/backend-objects/email-token.d.ts.map +0 -1
package/src/interfaces/backend-objects/email-token.js +0 -3
package/src/interfaces/backend-objects/email-token.js.map +0 -1
package/src/interfaces/backend-objects/index.d.ts.map +0 -1
package/src/interfaces/backend-objects/index.js +0 -8
package/src/interfaces/backend-objects/index.js.map +0 -1
package/src/interfaces/backend-objects/request-user.d.ts +0 -5
package/src/interfaces/backend-objects/request-user.d.ts.map +0 -1
package/src/interfaces/backend-objects/request-user.js +0 -3
package/src/interfaces/backend-objects/request-user.js.map +0 -1
package/src/interfaces/backend-objects/role.d.ts +0 -4
package/src/interfaces/backend-objects/role.d.ts.map +0 -1
package/src/interfaces/backend-objects/role.js +0 -3
package/src/interfaces/backend-objects/role.js.map +0 -1
package/src/interfaces/backend-objects/user.d.ts +0 -4
package/src/interfaces/backend-objects/user.d.ts.map +0 -1
package/src/interfaces/backend-objects/user.js +0 -3
package/src/interfaces/backend-objects/user.js.map +0 -1
package/src/interfaces/checksum-config.d.ts +0 -5
package/src/interfaces/checksum-config.d.ts.map +0 -1
package/src/interfaces/checksum-config.js +0 -3
package/src/interfaces/checksum-config.js.map +0 -1
package/src/interfaces/checksum-consts.d.ts +0 -11
package/src/interfaces/checksum-consts.d.ts.map +0 -1
package/src/interfaces/checksum-consts.js +0 -3
package/src/interfaces/checksum-consts.js.map +0 -1
package/src/interfaces/constants.d.ts +0 -102
package/src/interfaces/constants.d.ts.map +0 -1
package/src/interfaces/constants.js +0 -3
package/src/interfaces/constants.js.map +0 -1
package/src/interfaces/controller-config.d.ts +0 -21
package/src/interfaces/controller-config.d.ts.map +0 -1
package/src/interfaces/controller-config.js +0 -3
package/src/interfaces/controller-config.js.map +0 -1
package/src/interfaces/create-user-basics.d.ts +0 -18
package/src/interfaces/create-user-basics.d.ts.map +0 -1
package/src/interfaces/create-user-basics.js +0 -3
package/src/interfaces/create-user-basics.js.map +0 -1
package/src/interfaces/csp-config.d.ts +0 -7
package/src/interfaces/csp-config.d.ts.map +0 -1
package/src/interfaces/csp-config.js +0 -13
package/src/interfaces/csp-config.js.map +0 -1
package/src/interfaces/csp-definition.d.ts +0 -13
package/src/interfaces/csp-definition.d.ts.map +0 -1
package/src/interfaces/csp-definition.js +0 -22
package/src/interfaces/csp-definition.js.map +0 -1
package/src/interfaces/db-init-result.d.ts +0 -5
package/src/interfaces/db-init-result.d.ts.map +0 -1
package/src/interfaces/db-init-result.js +0 -3
package/src/interfaces/db-init-result.js.map +0 -1
package/src/interfaces/deep-partial.d.ts +0 -4
package/src/interfaces/deep-partial.d.ts.map +0 -1
package/src/interfaces/deep-partial.js +0 -3
package/src/interfaces/deep-partial.js.map +0 -1
package/src/interfaces/discriminator-collections.d.ts +0 -7
package/src/interfaces/discriminator-collections.d.ts.map +0 -1
package/src/interfaces/discriminator-collections.js +0 -3
package/src/interfaces/discriminator-collections.js.map +0 -1
package/src/interfaces/email-service.d.ts +0 -4
package/src/interfaces/email-service.d.ts.map +0 -1
package/src/interfaces/email-service.js +0 -3
package/src/interfaces/email-service.js.map +0 -1
package/src/interfaces/environment-mongo.d.ts +0 -76
package/src/interfaces/environment-mongo.d.ts.map +0 -1
package/src/interfaces/environment-mongo.js +0 -3
package/src/interfaces/environment-mongo.js.map +0 -1
package/src/interfaces/environment.d.ts +0 -180
package/src/interfaces/environment.d.ts.map +0 -1
package/src/interfaces/environment.js +0 -3
package/src/interfaces/environment.js.map +0 -1
package/src/interfaces/failable-result.d.ts +0 -7
package/src/interfaces/failable-result.d.ts.map +0 -1
package/src/interfaces/failable-result.js +0 -3
package/src/interfaces/failable-result.js.map +0 -1
package/src/interfaces/fec-consts.d.ts +0 -5
package/src/interfaces/fec-consts.d.ts.map +0 -1
package/src/interfaces/fec-consts.js +0 -3
package/src/interfaces/fec-consts.js.map +0 -1
package/src/interfaces/flexible-csp.d.ts +0 -8
package/src/interfaces/flexible-csp.d.ts.map +0 -1
package/src/interfaces/flexible-csp.js +0 -14
package/src/interfaces/flexible-csp.js.map +0 -1
package/src/interfaces/handleable-error-options.d.ts +0 -7
package/src/interfaces/handleable-error-options.d.ts.map +0 -1
package/src/interfaces/handleable-error-options.js +0 -3
package/src/interfaces/handleable-error-options.js.map +0 -1
package/src/interfaces/index.d.ts.map +0 -1
package/src/interfaces/index.js +0 -38
package/src/interfaces/index.js.map +0 -1
package/src/interfaces/jwt-consts.d.ts +0 -11
package/src/interfaces/jwt-consts.d.ts.map +0 -1
package/src/interfaces/jwt-consts.js +0 -3
package/src/interfaces/jwt-consts.js.map +0 -1
package/src/interfaces/jwt-sign-response.d.ts +0 -11
package/src/interfaces/jwt-sign-response.d.ts.map +0 -1
package/src/interfaces/jwt-sign-response.js +0 -3
package/src/interfaces/jwt-sign-response.js.map +0 -1
package/src/interfaces/models/email-token.d.ts +0 -6
package/src/interfaces/models/email-token.d.ts.map +0 -1
package/src/interfaces/models/email-token.js +0 -3
package/src/interfaces/models/email-token.js.map +0 -1
package/src/interfaces/models/index.d.ts.map +0 -1
package/src/interfaces/models/index.js +0 -11
package/src/interfaces/models/index.js.map +0 -1
package/src/interfaces/models/mnemonic.d.ts +0 -6
package/src/interfaces/models/mnemonic.d.ts.map +0 -1
package/src/interfaces/models/mnemonic.js +0 -3
package/src/interfaces/models/mnemonic.js.map +0 -1
package/src/interfaces/models/role.d.ts +0 -6
package/src/interfaces/models/role.d.ts.map +0 -1
package/src/interfaces/models/role.js +0 -3
package/src/interfaces/models/role.js.map +0 -1
package/src/interfaces/models/token-role.d.ts +0 -11
package/src/interfaces/models/token-role.d.ts.map +0 -1
package/src/interfaces/models/token-role.js +0 -3
package/src/interfaces/models/token-role.js.map +0 -1
package/src/interfaces/models/used-direct-login-token.d.ts +0 -11
package/src/interfaces/models/used-direct-login-token.d.ts.map +0 -1
package/src/interfaces/models/used-direct-login-token.js +0 -3
package/src/interfaces/models/used-direct-login-token.js.map +0 -1
package/src/interfaces/models/user-role.d.ts +0 -11
package/src/interfaces/models/user-role.d.ts.map +0 -1
package/src/interfaces/models/user-role.js +0 -3
package/src/interfaces/models/user-role.js.map +0 -1
package/src/interfaces/models/user.d.ts +0 -11
package/src/interfaces/models/user.d.ts.map +0 -1
package/src/interfaces/models/user.js +0 -3
package/src/interfaces/models/user.js.map +0 -1
package/src/interfaces/mongo-errors.d.ts +0 -5
package/src/interfaces/mongo-errors.d.ts.map +0 -1
package/src/interfaces/mongo-errors.js +0 -3
package/src/interfaces/mongo-errors.js.map +0 -1
package/src/interfaces/request-user.d.ts +0 -58
package/src/interfaces/request-user.d.ts.map +0 -1
package/src/interfaces/request-user.js +0 -3
package/src/interfaces/request-user.js.map +0 -1
package/src/interfaces/required-string-keys.d.ts +0 -22
package/src/interfaces/required-string-keys.d.ts.map +0 -1
package/src/interfaces/required-string-keys.js +0 -3
package/src/interfaces/required-string-keys.js.map +0 -1
package/src/interfaces/schema.d.ts +0 -29
package/src/interfaces/schema.d.ts.map +0 -1
package/src/interfaces/schema.js +0 -3
package/src/interfaces/schema.js.map +0 -1
package/src/interfaces/server-init-result.d.ts +0 -35
package/src/interfaces/server-init-result.d.ts.map +0 -1
package/src/interfaces/server-init-result.js +0 -3
package/src/interfaces/server-init-result.js.map +0 -1
package/src/interfaces/status-code-response.d.ts +0 -7
package/src/interfaces/status-code-response.d.ts.map +0 -1
package/src/interfaces/status-code-response.js +0 -3
package/src/interfaces/status-code-response.js.map +0 -1
package/src/interfaces/symmetric-encryption-results.d.ts +0 -5
package/src/interfaces/test-environment.d.ts +0 -12
package/src/interfaces/test-environment.d.ts.map +0 -1
package/src/interfaces/test-environment.js +0 -3
package/src/interfaces/test-environment.js.map +0 -1
package/src/interfaces/token-response.d.ts +0 -5
package/src/interfaces/token-response.d.ts.map +0 -1
package/src/interfaces/token-response.js +0 -3
package/src/interfaces/token-response.js.map +0 -1
package/src/middleware-utils.d.ts +0 -8
package/src/middleware-utils.d.ts.map +0 -1
package/src/middleware-utils.js +0 -94
package/src/middleware-utils.js.map +0 -1
package/src/middlewares/authenticate-crypto.d.ts +0 -10
package/src/middlewares/authenticate-crypto.d.ts.map +0 -1
package/src/middlewares/authenticate-crypto.js +0 -126
package/src/middlewares/authenticate-crypto.js.map +0 -1
package/src/middlewares/authenticate-token.d.ts +0 -21
package/src/middlewares/authenticate-token.d.ts.map +0 -1
package/src/middlewares/authenticate-token.js +0 -104
package/src/middlewares/authenticate-token.js.map +0 -1
package/src/middlewares/cleanup-crypto.d.ts +0 -7
package/src/middlewares/cleanup-crypto.d.ts.map +0 -1
package/src/middlewares/cleanup-crypto.js +0 -32
package/src/middlewares/cleanup-crypto.js.map +0 -1
package/src/middlewares/index.d.ts.map +0 -1
package/src/middlewares/index.js +0 -8
package/src/middlewares/index.js.map +0 -1
package/src/middlewares/set-global-context-language.d.ts +0 -3
package/src/middlewares/set-global-context-language.d.ts.map +0 -1
package/src/middlewares/set-global-context-language.js +0 -14
package/src/middlewares/set-global-context-language.js.map +0 -1
package/src/model-registry.d.ts +0 -23
package/src/model-registry.d.ts.map +0 -1
package/src/model-registry.js +0 -47
package/src/model-registry.js.map +0 -1
package/src/models/email-token.d.ts +0 -8
package/src/models/email-token.d.ts.map +0 -1
package/src/models/email-token.js +0 -11
package/src/models/email-token.js.map +0 -1
package/src/models/index.d.ts.map +0 -1
package/src/models/index.js +0 -10
package/src/models/index.js.map +0 -1
package/src/models/mnemonic.d.ts +0 -8
package/src/models/mnemonic.d.ts.map +0 -1
package/src/models/mnemonic.js +0 -11
package/src/models/mnemonic.js.map +0 -1
package/src/models/role.d.ts +0 -8
package/src/models/role.d.ts.map +0 -1
package/src/models/role.js +0 -11
package/src/models/role.js.map +0 -1
package/src/models/used-direct-login-token.d.ts +0 -8
package/src/models/used-direct-login-token.d.ts.map +0 -1
package/src/models/used-direct-login-token.js +0 -11
package/src/models/used-direct-login-token.js.map +0 -1
package/src/models/user-role.d.ts +0 -7
package/src/models/user-role.d.ts.map +0 -1
package/src/models/user-role.js +0 -10
package/src/models/user-role.js.map +0 -1
package/src/models/user.d.ts +0 -8
package/src/models/user.d.ts.map +0 -1
package/src/models/user.js +0 -11
package/src/models/user.js.map +0 -1
package/src/pipeline/index.d.ts.map +0 -1
package/src/pipeline/index.js +0 -5
package/src/pipeline/index.js.map +0 -1
package/src/pipeline/pipeline-builder.d.ts +0 -8
package/src/pipeline/pipeline-builder.d.ts.map +0 -1
package/src/pipeline/pipeline-builder.js +0 -18
package/src/pipeline/pipeline-builder.js.map +0 -1
package/src/plugins/index.d.ts.map +0 -1
package/src/plugins/index.js +0 -6
package/src/plugins/index.js.map +0 -1
package/src/plugins/plugin-interface.d.ts +0 -9
package/src/plugins/plugin-interface.d.ts.map +0 -1
package/src/plugins/plugin-interface.js +0 -3
package/src/plugins/plugin-interface.js.map +0 -1
package/src/plugins/plugin-manager.d.ts +0 -13
package/src/plugins/plugin-manager.d.ts.map +0 -1
package/src/plugins/plugin-manager.js +0 -37
package/src/plugins/plugin-manager.js.map +0 -1
package/src/registry/email-service-registry.d.ts +0 -27
package/src/registry/email-service-registry.d.ts.map +0 -1
package/src/registry/email-service-registry.js +0 -42
package/src/registry/email-service-registry.js.map +0 -1
package/src/registry/index.d.ts.map +0 -1
package/src/registry/index.js +0 -6
package/src/registry/index.js.map +0 -1
package/src/responses/index.d.ts.map +0 -1
package/src/responses/index.js +0 -5
package/src/responses/index.js.map +0 -1
package/src/responses/response-builder.d.ts +0 -24
package/src/responses/response-builder.d.ts.map +0 -1
package/src/responses/response-builder.js +0 -63
package/src/responses/response-builder.js.map +0 -1
package/src/routers/api.d.ts +0 -28
package/src/routers/api.d.ts.map +0 -1
package/src/routers/api.js +0 -80
package/src/routers/api.js.map +0 -1
package/src/routers/app.d.ts +0 -33
package/src/routers/app.d.ts.map +0 -1
package/src/routers/app.js +0 -228
package/src/routers/app.js.map +0 -1
package/src/routers/base.d.ts +0 -9
package/src/routers/base.d.ts.map +0 -1
package/src/routers/base.js +0 -14
package/src/routers/base.js.map +0 -1
package/src/routers/index.d.ts.map +0 -1
package/src/routers/index.js +0 -7
package/src/routers/index.js.map +0 -1
package/src/routers/router-config.d.ts +0 -18
package/src/routers/router-config.d.ts.map +0 -1
package/src/routers/router-config.js +0 -8
package/src/routers/router-config.js.map +0 -1
package/src/routing/index.d.ts +0 -2
package/src/routing/index.d.ts.map +0 -1
package/src/routing/index.js +0 -5
package/src/routing/index.js.map +0 -1
package/src/routing/route-builder.d.ts +0 -36
package/src/routing/route-builder.d.ts.map +0 -1
package/src/routing/route-builder.js +0 -86
package/src/routing/route-builder.js.map +0 -1
package/src/schemas/email-token.d.ts +0 -49
package/src/schemas/email-token.d.ts.map +0 -1
package/src/schemas/email-token.js +0 -55
package/src/schemas/email-token.js.map +0 -1
package/src/schemas/index.d.ts.map +0 -1
package/src/schemas/index.js +0 -11
package/src/schemas/index.js.map +0 -1
package/src/schemas/mnemonic.d.ts +0 -27
package/src/schemas/mnemonic.d.ts.map +0 -1
package/src/schemas/mnemonic.js +0 -31
package/src/schemas/mnemonic.js.map +0 -1
package/src/schemas/role.d.ts +0 -42
package/src/schemas/role.d.ts.map +0 -1
package/src/schemas/role.js +0 -89
package/src/schemas/role.js.map +0 -1
package/src/schemas/schema.d.ts +0 -42
package/src/schemas/schema.d.ts.map +0 -1
package/src/schemas/schema.js +0 -70
package/src/schemas/schema.js.map +0 -1
package/src/schemas/used-direct-login-token.d.ts +0 -37
package/src/schemas/used-direct-login-token.d.ts.map +0 -1
package/src/schemas/used-direct-login-token.js +0 -24
package/src/schemas/used-direct-login-token.js.map +0 -1
package/src/schemas/user-role.d.ts +0 -39
package/src/schemas/user-role.d.ts.map +0 -1
package/src/schemas/user-role.js +0 -55
package/src/schemas/user-role.js.map +0 -1
package/src/schemas/user.d.ts +0 -24
package/src/schemas/user.d.ts.map +0 -1
package/src/schemas/user.js +0 -195
package/src/schemas/user.js.map +0 -1
package/src/services/backup-code.d.ts +0 -76
package/src/services/backup-code.d.ts.map +0 -1
package/src/services/backup-code.js +0 -185
package/src/services/backup-code.js.map +0 -1
package/src/services/base.d.ts +0 -11
package/src/services/base.d.ts.map +0 -1
package/src/services/base.js +0 -15
package/src/services/base.js.map +0 -1
package/src/services/checksum.d.ts +0 -69
package/src/services/checksum.d.ts.map +0 -1
package/src/services/checksum.js +0 -145
package/src/services/checksum.js.map +0 -1
package/src/services/database-initialization.d.ts +0 -111
package/src/services/database-initialization.d.ts.map +0 -1
package/src/services/database-initialization.js +0 -878
package/src/services/database-initialization.js.map +0 -1
package/src/services/db-init-cache.d.ts +0 -10
package/src/services/db-init-cache.d.ts.map +0 -1
package/src/services/db-init-cache.js +0 -3
package/src/services/db-init-cache.js.map +0 -1
package/src/services/direct-login-token.d.ts +0 -7
package/src/services/direct-login-token.d.ts.map +0 -1
package/src/services/direct-login-token.js +0 -41
package/src/services/direct-login-token.js.map +0 -1
package/src/services/dummy-email-service.d.ts +0 -11
package/src/services/dummy-email-service.d.ts.map +0 -1
package/src/services/dummy-email-service.js +0 -16
package/src/services/dummy-email-service.js.map +0 -1
package/src/services/fec-usage-example.d.ts +0 -38
package/src/services/fec-usage-example.d.ts.map +0 -1
package/src/services/fec-usage-example.js +0 -75
package/src/services/fec-usage-example.js.map +0 -1
package/src/services/fec.d.ts +0 -46
package/src/services/fec.d.ts.map +0 -1
package/src/services/fec.js +0 -214
package/src/services/fec.js.map +0 -1
package/src/services/index.d.ts.map +0 -1
package/src/services/index.js +0 -22
package/src/services/index.js.map +0 -1
package/src/services/jwt.d.ts +0 -30
package/src/services/jwt.d.ts.map +0 -1
package/src/services/jwt.js +0 -90
package/src/services/jwt.js.map +0 -1
package/src/services/key-wrapping.d.ts +0 -61
package/src/services/key-wrapping.d.ts.map +0 -1
package/src/services/key-wrapping.js +0 -307
package/src/services/key-wrapping.js.map +0 -1
package/src/services/mnemonic.d.ts +0 -62
package/src/services/mnemonic.d.ts.map +0 -1
package/src/services/mnemonic.js +0 -114
package/src/services/mnemonic.js.map +0 -1
package/src/services/request-user.d.ts +0 -23
package/src/services/request-user.d.ts.map +0 -1
package/src/services/request-user.js +0 -68
package/src/services/request-user.js.map +0 -1
package/src/services/role.d.ts +0 -87
package/src/services/role.d.ts.map +0 -1
package/src/services/role.js +0 -279
package/src/services/role.js.map +0 -1
package/src/services/symmetric.d.ts +0 -42
package/src/services/symmetric.d.ts.map +0 -1
package/src/services/symmetric.js +0 -101
package/src/services/symmetric.js.map +0 -1
package/src/services/system-user.d.ts +0 -16
package/src/services/system-user.d.ts.map +0 -1
package/src/services/system-user.js +0 -46
package/src/services/system-user.js.map +0 -1
package/src/services/user.d.ts +0 -345
package/src/services/user.d.ts.map +0 -1
package/src/services/user.js +0 -1447
package/src/services/user.js.map +0 -1
package/src/services/xor.d.ts +0 -24
package/src/services/xor.d.ts.map +0 -1
package/src/services/xor.js +0 -37
package/src/services/xor.js.map +0 -1
package/src/testing.d.ts +0 -3
package/src/testing.d.ts.map +0 -1
package/src/testing.js +0 -7
package/src/testing.js.map +0 -1
package/src/transactions/index.d.ts.map +0 -1
package/src/transactions/index.js +0 -5
package/src/transactions/index.js.map +0 -1
package/src/transactions/transaction-manager.d.ts +0 -12
package/src/transactions/transaction-manager.d.ts.map +0 -1
package/src/transactions/transaction-manager.js +0 -30
package/src/transactions/transaction-manager.js.map +0 -1
package/src/types/app-config.d.ts +0 -16
package/src/types/app-config.d.ts.map +0 -1
package/src/types/app-config.js +0 -3
package/src/types/app-config.js.map +0 -1
package/src/types/controller-config.d.ts +0 -14
package/src/types/controller-config.d.ts.map +0 -1
package/src/types/controller-config.js +0 -3
package/src/types/controller-config.js.map +0 -1
package/src/types/environment-variables.d.ts.map +0 -1
package/src/types/environment-variables.js +0 -39
package/src/types/environment-variables.js.map +0 -1
package/src/types/index.d.ts.map +0 -1
package/src/types/index.js +0 -6
package/src/types/index.js.map +0 -1
package/src/types/mongoose-helpers.d.ts.map +0 -1
package/src/types/mongoose-helpers.js +0 -6
package/src/types/mongoose-helpers.js.map +0 -1
package/src/types.d.ts +0 -104
package/src/types.d.ts.map +0 -1
package/src/types.js +0 -14
package/src/types.js.map +0 -1
package/src/utils.d.ts +0 -211
package/src/utils.d.ts.map +0 -1
package/src/utils.js +0 -818
package/src/utils.js.map +0 -1
package/src/validation/index.d.ts.map +0 -1
package/src/validation/index.js +0 -5
package/src/validation/index.js.map +0 -1
package/src/validation/validation-builder.d.ts +0 -32
package/src/validation/validation-builder.d.ts.map +0 -1
package/src/validation/validation-builder.js +0 -81
package/src/validation/validation-builder.js.map +0 -1

package/src/controllers/user.ts ADDED Viewed

@@ -0,0 +1,1734 @@
+/**
+ * @fileoverview User controller handling authentication, registration, and user management endpoints.
+ * Provides comprehensive user operations including login, password management, and settings.
+ * @module controllers/user
+ */
+import { ECIES, SecureString, UINT64_SIZE } from '@digitaldefiance/ecies-lib';
+import {
+  CoreLanguageCode,
+  HandleableError,
+  isValidTimezone,
+  LanguageCodes,
+} from '@digitaldefiance/i18n-lib';
+import {
+  Member as BackendMember,
+  ECIESService,
+  getEnhancedNodeIdProvider,
+  PlatformID,
+} from '@digitaldefiance/node-ecies-lib';
+import {
+  AccountStatus,
+  EmailTokenType,
+  GenericValidationError,
+  getSuiteCoreTranslation,
+  ITokenRole,
+  ITokenUser,
+  IUserBase,
+  SuiteCoreStringKey,
+  UsernameOrEmailRequiredError,
+} from '@digitaldefiance/suite-core-lib';
+import type { NextFunction, Request, Response } from 'express';
+import { body } from 'express-validator';
+import { z } from 'zod';
+import { BackupCode } from '../backup-code';
+import { DecoratorBaseController } from '../decorators/base-controller';
+import { Controller, Get, Post } from '../decorators/controller';
+import { IBaseDocument } from '../documents';
+import { IUserDocument } from '../documents/user';
+import { BaseModelName } from '../enumerations/base-model-name';
+import { Environment } from '../environment';
+import { MnemonicOrPasswordRequiredError } from '../errors/mnemonic-or-password-required';
+import {
+  IApiChallengeResponse,
+  IApiCodeCountResponse,
+  IApiLoginResponse,
+  IApiMessageResponse,
+  IApiMnemonicResponse,
+  IApiRegistrationResponse,
+  IApiRequestUserResponse,
+  IApiUserSettingsResponse,
+} from '../interfaces';
+import { IApiBackupCodesResponse } from '../interfaces/api-responses/backup-codes-response';
+import type { IApplication } from '../interfaces/application';
+import { IConstants } from '../interfaces/constants';
+import { IStatusCodeResponse } from '../interfaces/status-code-response';
+import { findAuthToken } from '../middlewares/authenticate-token';
+import { BackupCodeService } from '../services/backup-code';
+import { JwtService } from '../services/jwt';
+import { RequestUserService } from '../services/request-user';
+import { RoleService } from '../services/role';
+import { SystemUserService } from '../services/system-user';
+import { UserService } from '../services/user';
+import { ApiErrorResponse } from '../types';
+import { requireValidatedFieldsAsync, withTransaction } from '../utils';
+const isString = (v: unknown): v is string => typeof v === 'string';
+const RegisterSchema = z.object({
+  username: z.string(),
+  email: z.string(),
+  timezone: z.string(),
+  password: z.string().min(8).optional(),
+});
+const EmailLoginChallengeSchema = z.object({
+  token: z.string(),
+  signature: z.string(),
+  email: z.string().optional(),
+  username: z.string().optional(),
+});
+const DirectLoginChallengeSchema = z.object({
+  challenge: z.string(),
+  signature: z.string(),
+  email: z.string().optional(),
+  username: z.string().optional(),
+});
+/**
+ * User controller handling all user-related API endpoints.
+ * Manages authentication, registration, password operations, settings, and backup codes.
+ * @template TID Platform ID type
+ * @template TDate Date type
+ * @template TLanguage Site language string type
+ * @template TAccountStatus Account status string type
+ * @template TUser User base type
+ * @template TTokenRole Token role type
+ * @template TTokenUser Token user type
+ * @template TApplication Application type
+ */
+@Controller()
+export class UserController<
+  TID extends PlatformID = Buffer,
+  TDate extends Date = Date,
+  TLanguage extends CoreLanguageCode = CoreLanguageCode,
+  TAccountStatus extends string = string,
+  TUser extends IUserBase<TID, TDate, TLanguage, TAccountStatus> = IUserBase<
+    TID,
+    TDate,
+    TLanguage,
+    TAccountStatus
+  >,
+  TTokenRole extends ITokenRole<TID, TDate> = ITokenRole<TID, TDate>,
+  TTokenUser extends ITokenUser = ITokenUser,
+  TApplication extends IApplication<TID> = IApplication<TID>,
+> extends DecoratorBaseController<TLanguage, TID> {
+  protected readonly userService: UserService<
+    IUserDocument,
+    TID,
+    TDate,
+    TLanguage,
+    TAccountStatus,
+    Environment<TID>,
+    IConstants,
+    IBaseDocument<IUserDocument, TID>,
+    TUser,
+    TTokenRole,
+    TApplication
+  >;
+  protected readonly jwtService: JwtService<
+    TID,
+    TDate,
+    TTokenRole,
+    TTokenUser,
+    TApplication
+  >;
+  protected readonly backupCodeService: BackupCodeService<
+    TID,
+    TDate,
+    TTokenRole,
+    TApplication
+  >;
+  protected readonly roleService: RoleService<TID, TDate, TTokenRole>;
+  protected readonly eciesService: ECIESService<TID>;
+  protected readonly systemUser: BackendMember<TID>;
+  constructor(
+    application: IApplication<TID>,
+    jwtService: JwtService<TID, TDate, TTokenRole, TTokenUser, TApplication>,
+    userService: UserService<
+      any,
+      TID,
+      TDate,
+      TLanguage,
+      TAccountStatus,
+      any,
+      any,
+      any,
+      TUser,
+      TTokenRole,
+      TApplication
+    >,
+    backupCodeService: BackupCodeService<TID, TDate, TTokenRole, TApplication>,
+    roleService: RoleService<TID, TDate, TTokenRole>,
+    eciesService: ECIESService<TID>,
+  ) {
+    super(application);
+    this.jwtService = jwtService;
+    this.userService = userService;
+    this.backupCodeService = backupCodeService;
+    this.roleService = roleService;
+    this.eciesService = eciesService;
+    this.systemUser = SystemUserService.getSystemUser<TID>(
+      application.environment,
+      application.constants,
+    );
+  }
+  @Get('/verify', { auth: true })
+  async tokenVerifiedResponse(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiRequestUserResponse | ApiErrorResponse>> {
+    if (!req.user) {
+      throw new HandleableError(
+        new Error(
+          getSuiteCoreTranslation(SuiteCoreStringKey.Common_NoUserOnRequest),
+        ),
+        {
+          statusCode: 401,
+        },
+      );
+    }
+    const user = {
+      id: req.user.id,
+      email: req.user.email,
+      username: req.user.username,
+      roles: req.user.roles || [],
+      rolePrivileges: req.user.rolePrivileges,
+      timezone: req.user.timezone,
+      currency: req.user.currency,
+      emailVerified: req.user.emailVerified,
+      darkMode: req.user.darkMode,
+      siteLanguage: req.user.siteLanguage,
+      directChallenge: req.user.directChallenge,
+      ...(req.user.lastLogin && { lastLogin: req.user.lastLogin }),
+    };
+    return {
+      statusCode: 200,
+      response: {
+        message: getSuiteCoreTranslation(
+          SuiteCoreStringKey.Validation_TokenValid,
+        ),
+        user,
+      },
+    };
+  }
+  @Get('/refresh-token', { auth: true })
+  async refreshToken(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiLoginResponse | ApiErrorResponse>> {
+    const token = findAuthToken(req.headers);
+    if (!token) {
+      throw new GenericValidationError(
+        getSuiteCoreTranslation(SuiteCoreStringKey.Validation_TokenMissing),
+      );
+    }
+    const tokenUser = await this.jwtService.verifyToken(token);
+    if (!tokenUser) {
+      throw new GenericValidationError(
+        getSuiteCoreTranslation(SuiteCoreStringKey.Validation_TokenInvalid),
+      );
+    }
+    const UserModel = this.application.getModel<IUserDocument<string, TID>>(
+      BaseModelName.User,
+    );
+    const userDoc = await UserModel.findById(tokenUser.userId).select(
+      '-password',
+    );
+    if (!userDoc || userDoc.accountStatus !== AccountStatus.Active) {
+      throw new GenericValidationError(
+        getSuiteCoreTranslation(SuiteCoreStringKey.Validation_UserNotFound),
+      );
+    }
+    const { token: newToken, roles } = await this.jwtService.signToken(
+      userDoc,
+      this.application.environment.jwtSecret,
+      (req.user?.siteLanguage as string) ?? LanguageCodes.EN_US,
+    );
+    return {
+      statusCode: 200,
+      response: {
+        message: getSuiteCoreTranslation(SuiteCoreStringKey.TokenRefreshed),
+        user: RequestUserService.makeRequestUserDTO(userDoc, roles),
+        token: newToken,
+        serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+      },
+      headers: {
+        Authorization: `Bearer ${newToken}`,
+      },
+    };
+  }
+  @Post('/register', {
+    schema: RegisterSchema,
+    validation: function (validationLanguage: TLanguage) {
+      const constants = this.constants;
+      return [
+        body('username')
+          .matches(constants.UsernameRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('email')
+          .isEmail()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidEmail,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('timezone')
+          .isString()
+          .custom((value) => isValidTimezone(value))
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_TimezoneInvalid,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('password')
+          .optional()
+          .matches(constants.PasswordRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate,
+            ),
+          ),
+      ];
+    },
+  })
+  async register(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiRegistrationResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        return await requireValidatedFieldsAsync(
+          req,
+          RegisterSchema,
+          async ({ username, email, timezone, password }) => {
+            if (
+              !isString(username) ||
+              !isString(email) ||
+              !isString(timezone)
+            ) {
+              throw new GenericValidationError(
+                getSuiteCoreTranslation(
+                  SuiteCoreStringKey.Validation_MissingValidatedData,
+                ),
+              );
+            }
+            const { user, mnemonic, backupCodes } =
+              await this.userService.newUser(
+                this.systemUser,
+                {
+                  username: username.trim(),
+                  email: email.trim(),
+                  timezone: timezone,
+                },
+                undefined,
+                undefined,
+                sess,
+                this.application.environment.debug,
+                password as string | undefined,
+              );
+            await this.userService.createAndSendEmailToken(
+              user,
+              EmailTokenType.AccountVerification,
+              sess,
+              this.application.environment.debug,
+            );
+            return {
+              statusCode: 201,
+              response: {
+                message: getSuiteCoreTranslation(
+                  SuiteCoreStringKey.Registration_Success,
+                  { MNEMONIC: mnemonic },
+                ),
+                mnemonic,
+                backupCodes,
+              },
+            };
+          },
+        );
+      },
+      {
+        timeoutMs: this.application.environment.mongo.transactionTimeout * 30,
+      },
+    );
+  }
+  @Post('/account-verification', {
+    validation: function (validationLanguage: TLanguage) {
+      const constants = this.constants;
+      return [
+        body('token')
+          .not()
+          .isEmpty()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_TokenRequired,
+              undefined,
+              validationLanguage,
+            ),
+          )
+          .matches(new RegExp(`^[a-f0-9]{${constants.EmailTokenLength * 2}}$`))
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidToken,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async completeAccountVerification(
+    _req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    const { token } = this.validatedBody as { token?: unknown };
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        await this.userService.verifyAccountTokenAndComplete(
+          token as string,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.EmailVerification_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Post('/language', {
+    auth: true,
+    validation: function (validationLanguage: TLanguage) {
+      return [
+        body('language')
+          .isString()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidLanguage,
+              undefined,
+              validationLanguage,
+            ),
+          )
+          .isIn(Object.values(LanguageCodes))
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidLanguage,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async setLanguage(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiRequestUserResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { language } = this.validatedBody as { language?: unknown };
+        if (!req.user) {
+          throw new HandleableError(
+            new Error(
+              getSuiteCoreTranslation(
+                SuiteCoreStringKey.Common_NoUserOnRequest,
+              ),
+            ),
+            { statusCode: 401 },
+          );
+        }
+        const user = await this.userService.updateSiteLanguage(
+          req.user.id,
+          language as string,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.LanguageUpdate_Success,
+            ),
+            user,
+          },
+        };
+      },
+    );
+  }
+  @Post('/dark-mode', {
+    auth: true,
+    validation: function (validationLanguage: TLanguage) {
+      return [
+        body('darkMode')
+          .isBoolean()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_Required,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async setDarkMode(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiRequestUserResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { darkMode } = this.validatedBody as { darkMode?: unknown };
+        if (!req.user) {
+          throw new HandleableError(
+            new Error(
+              getSuiteCoreTranslation(
+                SuiteCoreStringKey.Common_NoUserOnRequest,
+              ),
+            ),
+            { statusCode: 401 },
+          );
+        }
+        const user = await this.userService.updateDarkMode(
+          req.user.id,
+          darkMode as boolean,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.Settings_DarkModeSuccess,
+            ),
+            user,
+          },
+        };
+      },
+    );
+  }
+  @Get('/settings', { auth: true })
+  async getSettings(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiUserSettingsResponse | ApiErrorResponse>> {
+    if (!req.user) {
+      throw new HandleableError(
+        new Error(
+          getSuiteCoreTranslation(SuiteCoreStringKey.Common_NoUserOnRequest),
+        ),
+        { statusCode: 401 },
+      );
+    }
+    const UserModel = this.application.getModel<IUserDocument<string, TID>>(
+      BaseModelName.User,
+    );
+    const userDoc = await UserModel.findById(req.user.id);
+    return {
+      statusCode: 200,
+      response: {
+        message: getSuiteCoreTranslation(
+          SuiteCoreStringKey.Settings_RetrievedSuccess,
+        ),
+        settings: {
+          email: userDoc?.email || '',
+          timezone: userDoc?.timezone || '',
+          currency: userDoc?.currency || '',
+          siteLanguage: userDoc?.siteLanguage || '',
+          darkMode: userDoc?.darkMode || false,
+          directChallenge: userDoc?.directChallenge || false,
+        },
+      },
+    };
+  }
+  @Post('/settings', {
+    auth: true,
+    validation: function (validationLanguage: TLanguage) {
+      return [
+        body('email')
+          .optional()
+          .isEmail()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidEmail,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('timezone')
+          .optional()
+          .isString()
+          .custom((value) => isValidTimezone(value))
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_TimezoneInvalid,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('siteLanguage')
+          .optional()
+          .isString()
+          .isIn(Object.values(LanguageCodes))
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidLanguage,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('currency')
+          .optional()
+          .isString()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_CurrencyCodeRequired,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('darkMode')
+          .optional()
+          .isBoolean()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_Required,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('directChallenge')
+          .optional()
+          .isBoolean()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_Required,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async updateSettings(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiRequestUserResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const {
+          email,
+          timezone,
+          siteLanguage,
+          currency,
+          darkMode,
+          directChallenge,
+        } = this.validatedBody;
+        if (!req.user) {
+          throw new HandleableError(
+            new Error(
+              getSuiteCoreTranslation(
+                SuiteCoreStringKey.Common_NoUserOnRequest,
+              ),
+            ),
+            { statusCode: 401 },
+          );
+        }
+        const user = await this.userService.updateUserSettings(
+          req.user.id,
+          {
+            ...(email !== undefined && { email: email as string }),
+            ...(timezone !== undefined && { timezone: timezone as string }),
+            ...(siteLanguage !== undefined && {
+              siteLanguage: siteLanguage as TLanguage,
+            }),
+            ...(currency !== undefined && { currency: currency as string }),
+            ...(darkMode !== undefined && { darkMode: darkMode as boolean }),
+            ...(directChallenge !== undefined && {
+              directChallenge: directChallenge as boolean,
+            }),
+          },
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.Settings_SaveSuccess,
+            ),
+            user,
+          },
+        };
+      },
+    );
+  }
+  @Get('/backup-codes', { auth: true })
+  async getBackupCodeCount(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiCodeCountResponse | ApiErrorResponse>> {
+    if (!req.user) {
+      throw new HandleableError(
+        new Error(
+          getSuiteCoreTranslation(SuiteCoreStringKey.Common_NoUserOnRequest),
+        ),
+        { statusCode: 401 },
+      );
+    }
+    const UserModel = this.application.getModel<IUserDocument<string, TID>>(
+      BaseModelName.User,
+    );
+    const user = await UserModel.findById(req.user.id);
+    return {
+      statusCode: 200,
+      response: {
+        message: 'Backup codes retrieved',
+        codeCount: user?.backupCodes?.length || 0,
+      } as IApiCodeCountResponse,
+    };
+  }
+  @Post('/backup-codes', {
+    auth: true,
+    cryptoAuth: true,
+    validation: function (validationLanguage: TLanguage) {
+      const constants = this.constants;
+      return [
+        body().custom((value, { req }) => {
+          if (!req.body?.password && !req.body?.mnemonic) {
+            throw new MnemonicOrPasswordRequiredError();
+          }
+          return true;
+        }),
+        body('password')
+          .optional()
+          .notEmpty()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_CurrentPasswordRequired,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('mnemonic')
+          .optional()
+          .notEmpty()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MnemonicRequired,
+              undefined,
+              validationLanguage,
+            ),
+          )
+          .matches(constants.MnemonicRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MnemonicRegex,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async resetBackupCodes(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiBackupCodesResponse | ApiErrorResponse>> {
+    if (!req.user || !req.eciesUser || !req.eciesUser.hasPrivateKey) {
+      throw new HandleableError(
+        new Error(
+          getSuiteCoreTranslation(SuiteCoreStringKey.Common_NoUserOnRequest),
+        ),
+        { statusCode: 401 },
+      );
+    }
+    const newBackupCodes = await this.userService.resetUserBackupCodes(
+      req.eciesUser as BackendMember<TID>,
+      this.systemUser,
+    );
+    const codes = newBackupCodes.map((c) => c.notNullValue);
+    newBackupCodes.forEach((c) => c.dispose());
+    return {
+      statusCode: 200,
+      response: {
+        message: getSuiteCoreTranslation(
+          SuiteCoreStringKey.BackupCodeRecovery_YourNewCodes,
+        ),
+        backupCodes: codes,
+      },
+    };
+  }
+  @Post('/recover-mnemonic', {
+    auth: true,
+    cryptoAuth: true,
+    validation: function (validationLanguage: TLanguage) {
+      return [
+        body('password')
+          .isString()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_CurrentPasswordRequired,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async recoverMnemonic(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMnemonicResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        if (!req.user) {
+          throw new HandleableError(
+            new Error(
+              getSuiteCoreTranslation(
+                SuiteCoreStringKey.Validation_InvalidCredentials,
+              ),
+            ),
+            { statusCode: 401 },
+          );
+        } else if (!req.eciesUser) {
+          throw new HandleableError(
+            new Error(
+              getSuiteCoreTranslation(
+                SuiteCoreStringKey.Validation_MnemonicOrPasswordRequired,
+              ),
+            ),
+            { statusCode: 401 },
+          );
+        }
+        const { password } = this.validatedBody as { password?: unknown };
+        if (!isString(password)) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        const provider = getEnhancedNodeIdProvider<TID>();
+        const userDoc = await this.userService.findUserById(
+          provider.idFromString(req.user.id),
+          true,
+          sess,
+        );
+        const mnemonic = await this.userService.recoverMnemonic(
+          req.eciesUser,
+          userDoc.mnemonicRecovery,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.MnemonicRecovery_Success,
+            ),
+            mnemonic: mnemonic.notNullValue,
+          },
+        };
+      },
+    );
+  }
+  @Post('/change-password', {
+    auth: true,
+    validation: function (validationLanguage: TLanguage) {
+      const constants = this.constants;
+      return [
+        body('currentPassword')
+          .notEmpty()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_Required,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('newPassword')
+          .matches(constants.PasswordRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate,
+            ),
+          )
+          .notEmpty()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_Required,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async changePassword(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { currentPassword, newPassword } = this.validatedBody as {
+          currentPassword?: unknown;
+          newPassword?: unknown;
+        };
+        if (!req.user) {
+          throw new HandleableError(
+            new Error(
+              getSuiteCoreTranslation(
+                SuiteCoreStringKey.Common_NoUserOnRequest,
+              ),
+            ),
+            { statusCode: 401 },
+          );
+        }
+        if (!isString(currentPassword) || !isString(newPassword)) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        await this.userService.changePassword(
+          req.user.id,
+          currentPassword,
+          newPassword,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.PasswordChange_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Post('/request-direct-login')
+  async requestDirectLogin(
+    _req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiChallengeResponse | ApiErrorResponse>> {
+    const challenge = this.userService.generateDirectLoginChallenge();
+    return {
+      statusCode: 200,
+      response: {
+        challenge: challenge,
+        message: getSuiteCoreTranslation(
+          SuiteCoreStringKey.Login_ChallengeGenerated,
+        ),
+        serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+      },
+    };
+  }
+  @Post('/direct-challenge', {
+    schema: DirectLoginChallengeSchema,
+    validation: function (validationLanguage: TLanguage) {
+      const constants = this.constants;
+      return [
+        body('challenge')
+          .not()
+          .isEmpty()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidChallenge,
+              undefined,
+              validationLanguage,
+            ),
+          )
+          .matches(
+            new RegExp(
+              `^[a-f0-9]{${(UINT64_SIZE + 32 + ECIES.SIGNATURE_SIZE) * 2}}$`,
+            ),
+          )
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidChallenge,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('signature')
+          .not()
+          .isEmpty()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidSignature,
+            ),
+          )
+          .matches(new RegExp(`^[a-f0-9]{${ECIES.SIGNATURE_SIZE * 2}}$`))
+          .withMessage(SuiteCoreStringKey.Validation_InvalidSignature),
+        body().custom((value, { req }) => {
+          if (!req.body.username && !req.body.email) {
+            throw new UsernameOrEmailRequiredError();
+          }
+          return true;
+        }),
+        body('username')
+          .optional()
+          .matches(constants.UsernameRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('email')
+          .optional()
+          .isEmail()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidEmail,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async directLoginChallenge(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiLoginResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { username, email, challenge, signature } = this
+          .validatedBody as {
+          username?: unknown;
+          email?: unknown;
+          challenge?: unknown;
+          signature?: unknown;
+        };
+        const { userDoc } = await this.userService.verifyDirectLoginChallenge(
+          String(challenge),
+          String(signature),
+          username ? String(username) : undefined,
+          email ? String(email) : undefined,
+          sess,
+        );
+        const { token: jwtToken, roles } = await this.jwtService.signToken(
+          userDoc,
+          this.application.environment.jwtSecret,
+          (req.user?.siteLanguage as string) ?? LanguageCodes.EN_US,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            user: RequestUserService.makeRequestUserDTO(userDoc, roles),
+            token: jwtToken,
+            serverPublicKey:
+              this.application.environment.systemPublicKeyHex ?? '',
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.LoggedIn_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Post('/request-email-login', {
+    validation: function (validationLanguage: TLanguage) {
+      const constants = this.constants;
+      return [
+        body().custom((value, { req }) => {
+          if (!req.body.username && !req.body.email) {
+            throw new UsernameOrEmailRequiredError();
+          }
+          return true;
+        }),
+        body('username')
+          .optional()
+          .matches(constants.UsernameRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('email')
+          .optional()
+          .isEmail()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidEmail,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async requestEmailLogin(
+    _req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    const { username, email } = this.validatedBody as {
+      username?: unknown;
+      email?: unknown;
+    };
+    try {
+      await withTransaction(
+        this.application.db.connection,
+        this.application.environment.mongo.useTransactions,
+        undefined,
+        async (sess) => {
+          const userDoc = await this.userService.findUser(
+            email as string,
+            username as string,
+            sess,
+          );
+          await this.userService.createAndSendEmailToken(
+            userDoc,
+            EmailTokenType.LoginRequest,
+            sess,
+            this.application.environment.debug,
+          );
+        },
+      );
+    } catch {
+      // Suppress user-related errors for security
+    }
+    return {
+      statusCode: 200,
+      response: {
+        message: getSuiteCoreTranslation(SuiteCoreStringKey.Email_TokenSent),
+      },
+    };
+  }
+  @Post('/email-challenge', {
+    schema: EmailLoginChallengeSchema,
+    validation: function (validationLanguage: TLanguage) {
+      const constants = this.constants;
+      return [
+        body('token')
+          .not()
+          .isEmpty()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_TokenRequired,
+              undefined,
+              validationLanguage,
+            ),
+          )
+          .matches(new RegExp(`^[a-f0-9]{${constants.EmailTokenLength * 2}}$`))
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidToken,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('signature')
+          .not()
+          .isEmpty()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidSignature,
+            ),
+          )
+          .matches(new RegExp(`^[a-f0-9]{${ECIES.SIGNATURE_SIZE * 2}}$`))
+          .withMessage(SuiteCoreStringKey.Validation_InvalidSignature),
+        body().custom((value, { req }) => {
+          if (!req.body.username && !req.body.email) {
+            throw new UsernameOrEmailRequiredError();
+          }
+          return true;
+        }),
+        body('username')
+          .optional()
+          .matches(constants.UsernameRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('email')
+          .optional()
+          .isEmail()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidEmail,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async emailLoginChallenge(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiLoginResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { token, signature } = this.validatedBody as {
+          token?: unknown;
+          signature?: unknown;
+        };
+        const userDoc = await this.userService.validateEmailLoginTokenChallenge(
+          String(token),
+          String(signature),
+          sess,
+        );
+        const { token: jwtToken, roles } = await this.jwtService.signToken(
+          userDoc,
+          this.application.environment.jwtSecret,
+          (req.user?.siteLanguage as string) ?? LanguageCodes.EN_US,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            user: RequestUserService.makeRequestUserDTO(userDoc, roles),
+            token: jwtToken,
+            serverPublicKey:
+              this.application.environment.systemPublicKeyHex ?? '',
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.LoggedIn_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Post('/resend-verification', {
+    validation: function (validationLanguage: TLanguage) {
+      const constants = this.constants;
+      return [
+        body().custom((value, { req }) => {
+          if (!req.body.username && !req.body.email) {
+            throw new UsernameOrEmailRequiredError();
+          }
+          return true;
+        }),
+        body('username')
+          .optional()
+          .isString()
+          .matches(constants.UsernameRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('email').optional().isEmail(),
+      ];
+    },
+  })
+  async resendVerification(
+    _req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { username, email } = this.validatedBody as {
+          username?: unknown;
+          email?: unknown;
+        };
+        const UserModel = this.application.getModel<IUserDocument<string, TID>>(
+          BaseModelName.User,
+        );
+        const query: { username?: string; email?: string } = {};
+        if (isString(username)) query.username = username;
+        else if (isString(email)) query.email = email;
+        else {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        const user = await UserModel.findOne(query).session(sess ?? null);
+        if (!user) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(SuiteCoreStringKey.Validation_UserNotFound),
+            { statusCode: 404 },
+          );
+        }
+        await this.userService.resendEmailToken(
+          user._id.toString(),
+          EmailTokenType.AccountVerification,
+          sess,
+          this.application.environment.debug,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.EmailVerification_Resent,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Post('/backup-code', {
+    validation: function (validationLanguage: TLanguage) {
+      const constants = this.constants;
+      return [
+        body('email').optional().isEmail(),
+        body('username')
+          .optional()
+          .matches(constants.UsernameRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('code')
+          .custom((value) => {
+            const normalized = BackupCode.normalizeCode(value);
+            return (
+              constants.BACKUP_CODES.DisplayRegex.test(value) ||
+              constants.BACKUP_CODES.NormalizedHexRegex.test(normalized)
+            );
+          })
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidBackupCode,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('recoverMnemonic').isBoolean().optional(),
+        body('newPassword')
+          .optional()
+          .matches(constants.PasswordRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async useBackupCodeLogin(
+    _req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiLoginResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { code, newPassword, email, username } = this.validatedBody as {
+          code?: unknown;
+          newPassword?: unknown;
+          email?: unknown;
+          username?: unknown;
+        };
+        if (!code) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        const recoverMnemonic =
+          this.validatedBody?.['recoverMnemonic'] === 'true' ||
+          this.validatedBody?.['recoverMnemonic'] === true;
+        const userDoc = await this.userService.findUser(
+          email as string,
+          username as string,
+          sess,
+        );
+        const {
+          user,
+          userDoc: updatedUserDoc,
+          codeCount,
+        } = await this.backupCodeService.recoverKeyWithBackupCode(
+          userDoc,
+          code as string,
+          newPassword ? new SecureString(newPassword as string) : undefined,
+          sess,
+        );
+        let mnemonic: SecureString | undefined;
+        if (recoverMnemonic) {
+          mnemonic = await this.userService.recoverMnemonic(
+            user,
+            updatedUserDoc.mnemonicRecovery,
+          );
+        }
+        const { token, roles } = await this.jwtService.signToken(
+          userDoc,
+          this.application.environment.jwtSecret,
+          LanguageCodes.EN_US,
+        );
+        this.userService.updateLastLogin(updatedUserDoc._id).catch(() => {});
+        return {
+          statusCode: 200,
+          response: {
+            user: RequestUserService.makeRequestUserDTO(userDoc, roles),
+            token: token,
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.BackupCodeRecovery_Success,
+            ),
+            codeCount,
+            ...(recoverMnemonic && mnemonic
+              ? { mnemonic: mnemonic.value }
+              : {}),
+            serverPublicKey:
+              this.application.environment.systemPublicKeyHex ?? '',
+          },
+        };
+      },
+    );
+  }
+  @Post('/forgot-password', {
+    validation: function (validationLanguage: TLanguage) {
+      return [
+        body('email')
+          .isEmail()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidEmail,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+      ];
+    },
+  })
+  async forgotPassword(
+    _req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { email } = this.validatedBody as { email?: unknown };
+        const UserModel = this.application.getModel<IUserDocument<string, TID>>(
+          BaseModelName.User,
+        );
+        if (!isString(email)) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        const user = await UserModel.findOne({
+          email: email.toLowerCase(),
+        }).session(sess ?? null);
+        if (!user || !user.passwordWrappedPrivateKey) {
+          return {
+            statusCode: 200,
+            response: {
+              message: getSuiteCoreTranslation(
+                SuiteCoreStringKey.PasswordReset_Success,
+              ),
+            },
+          };
+        }
+        // Mongoose document type doesn't exactly match IUserDocument generic signature
+        // but the document has all required properties
+        await this.userService.createAndSendEmailToken(
+          user as unknown as IUserDocument<TLanguage, TID>,
+          EmailTokenType.PasswordReset,
+          sess,
+          this.application.environment.debug,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.PasswordReset_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+  @Get('/verify-reset-token')
+  async verifyResetToken(
+    req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    const token = req.query['token'] as string;
+    if (!token) {
+      throw new GenericValidationError(
+        getSuiteCoreTranslation(SuiteCoreStringKey.Validation_TokenMissing),
+      );
+    }
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        await this.userService.verifyEmailToken(
+          token,
+          EmailTokenType.PasswordReset,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: 'Token is valid',
+          },
+        };
+      },
+    );
+  }
+  @Post('/reset-password', {
+    validation: function (validationLanguage: TLanguage) {
+      const constants = this.constants;
+      return [
+        body('token')
+          .not()
+          .isEmpty()
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_TokenRequired,
+              undefined,
+              validationLanguage,
+            ),
+          )
+          .matches(new RegExp(`^[a-f0-9]{${constants.EmailTokenLength * 2}}$`))
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_InvalidToken,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('newPassword')
+          .optional()
+          .isLength({ min: 8 })
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_PasswordMinLengthTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          )
+          .matches(constants.PasswordRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('password')
+          .optional()
+          .isLength({ min: 8 })
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_PasswordMinLengthTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          )
+          .matches(constants.PasswordRegex)
+          .withMessage(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate,
+              undefined,
+              validationLanguage,
+            ),
+          ),
+        body('currentPassword').optional().isString(),
+        body('mnemonic').optional().isString(),
+      ];
+    },
+  })
+  async resetPassword(
+    _req: Request,
+    _res: Response,
+    _next: NextFunction,
+  ): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>> {
+    return await withTransaction(
+      this.application.db.connection,
+      this.application.environment.mongo.useTransactions,
+      undefined,
+      async (sess) => {
+        const { token, newPassword, password, currentPassword, mnemonic } =
+          this.validatedBody;
+        const selectedNewPassword = (newPassword ?? password) as
+          | string
+          | undefined;
+        if (!isString(token) || !isString(selectedNewPassword)) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        const credential =
+          (mnemonic as string | undefined) ??
+          (currentPassword as string | undefined);
+        if (!isString(credential)) {
+          throw new GenericValidationError(
+            getSuiteCoreTranslation(
+              SuiteCoreStringKey.Validation_MissingValidatedData,
+            ),
+          );
+        }
+        await this.userService.resetPasswordWithToken(
+          token as string,
+          selectedNewPassword,
+          credential,
+          sess,
+        );
+        return {
+          statusCode: 200,
+          response: {
+            message: getSuiteCoreTranslation(
+              SuiteCoreStringKey.PasswordChange_Success,
+            ),
+          },
+        };
+      },
+    );
+  }
+}