@digitaldefiance/node-express-suite 3.7.5 → 3.7.6

package/src/services/symmetric.js

@@ -0,0 +1,125 @@
+"use strict";
+/**
+ * @fileoverview Service for symmetric encryption operations using AES-256-GCM.
+ * Provides encryption/decryption for buffers and JSON data with automatic key generation.
+ * @module services/symmetric
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SymmetricService = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const crypto_1 = require("crypto");
+const symmetric_error_type_1 = require("../enumerations/symmetric-error-type");
+const symmetric_1 = require("../errors/symmetric");
+/**
+ * Type guard to check if an object has a toJson method.
+ * @template T Object type to check
+ * @param obj Object to check
+ * @returns True if object has toJson method
+ */
+function hasToJsonMethod(obj) {
+    return typeof obj === 'object' && obj !== null && 'toJson' in obj;
+}
+/**
+ * Service for handling symmetric encryption operations using AES-256-GCM.
+ * Provides functionality for encrypting/decrypting buffers and JSON data with automatic key generation.
+ */
+class SymmetricService {
+    /**
+     * Gets the symmetric key size in bits from ECIES constants.
+     * @param eciesConstants ECIES constants (defaults to ECIES)
+     * @returns Symmetric key size in bits
+     */
+    static symmetricKeyBits(eciesConstants = ecies_lib_1.ECIES) {
+        return eciesConstants.SYMMETRIC.KEY_BITS;
+    }
+    /**
+     * Gets the symmetric key size in bytes from ECIES constants.
+     * @param eciesConstants ECIES constants (defaults to ECIES)
+     * @returns Symmetric key size in bytes
+     */
+    static symmetricKeyBytes(eciesConstants = ecies_lib_1.ECIES) {
+        return eciesConstants.SYMMETRIC.KEY_SIZE;
+    }
+    /**
+     * Encrypts data with AES-256-GCM.
+     * @param data Buffer to encrypt
+     * @param encryptionKey Optional encryption key (randomly generated if not provided)
+     * @param eciesConstants ECIES constants (defaults to ECIES)
+     * @returns Object containing encrypted data and key
+     * @throws {SymmetricError} If encryption key length is invalid
+     */
+    static encryptBuffer(data, encryptionKey, eciesConstants = ecies_lib_1.ECIES) {
+        if (encryptionKey &&
+            encryptionKey.length != eciesConstants.SYMMETRIC.KEY_SIZE) {
+            throw new symmetric_1.SymmetricError(symmetric_error_type_1.SymmetricErrorType.InvalidKeyLength);
+        }
+        // encrypt the document using AES-256 and the key
+        // Initialization Vector
+        const ivBuffer = (0, crypto_1.randomBytes)(eciesConstants.IV_SIZE);
+        const key = encryptionKey ?? (0, crypto_1.randomBytes)(eciesConstants.SYMMETRIC.KEY_SIZE);
+        const cipher = (0, crypto_1.createCipheriv)(eciesConstants.SYMMETRIC_ALGORITHM_CONFIGURATION, key, ivBuffer);
+        const ciphertextBuffer = cipher.update(data);
+        const finalBuffer = cipher.final();
+        const authTag = cipher.getAuthTag();
+        const encryptionIvPlusData = Buffer.concat([
+            ivBuffer,
+            ciphertextBuffer,
+            finalBuffer,
+            authTag,
+        ]);
+        return {
+            encryptedData: encryptionIvPlusData,
+            key: key,
+        };
+    }
+    /**
+     * Decrypts data with AES-256-GCM.
+     * @param encryptedData Encrypted data buffer (includes IV, ciphertext, and auth tag)
+     * @param key Decryption key
+     * @param eciesConstants ECIES constants (defaults to ECIES)
+     * @returns Decrypted data as a Buffer
+     */
+    static decryptBuffer(encryptedData, key, eciesConstants = ecies_lib_1.ECIES) {
+        const ivBuffer = encryptedData.subarray(0, eciesConstants.IV_SIZE);
+        const authTagStart = encryptedData.length - eciesConstants.AUTH_TAG_SIZE;
+        const ciphertextBuffer = encryptedData.subarray(eciesConstants.IV_SIZE, authTagStart);
+        const authTag = encryptedData.subarray(authTagStart);
+        const decipher = (0, crypto_1.createDecipheriv)(eciesConstants.SYMMETRIC_ALGORITHM_CONFIGURATION, key, ivBuffer);
+        decipher.setAuthTag(authTag);
+        return Buffer.concat([decipher.update(ciphertextBuffer), decipher.final()]);
+    }
+    /**
+     * Encrypts JSON data with AES-256-GCM.
+     * @template T Type of data to encrypt
+     * @param data Data to encrypt (will be JSON stringified)
+     * @param encryptionKey Optional encryption key (randomly generated if not provided)
+     * @returns Object containing encrypted data and key
+     * @throws {SymmetricError} If data is null or undefined
+     */
+    static encryptJson(data, encryptionKey) {
+        if (data === null || data === undefined) {
+            throw new symmetric_1.SymmetricError(symmetric_error_type_1.SymmetricErrorType.DataNullOrUndefined);
+        }
+        let dataBuffer;
+        if (hasToJsonMethod(data)) {
+            // amazonq-ignore-next-line false positive
+            dataBuffer = Buffer.from(data.toJson(), 'utf8');
+        }
+        else {
+            dataBuffer = Buffer.from(JSON.stringify(data), 'utf8');
+        }
+        return SymmetricService.encryptBuffer(dataBuffer, encryptionKey);
+    }
+    /**
+     * Decrypts data with AES-256-GCM and parses as JSON.
+     * @template T Type of data to decrypt
+     * @param encryptedData Encrypted data buffer
+     * @param key Decryption key
+     * @returns Decrypted data parsed as type T
+     */
+    static decryptJson(encryptedData, key) {
+        return JSON.parse(SymmetricService.decryptBuffer(encryptedData, key).toString('utf8'));
+    }
+}
+exports.SymmetricService = SymmetricService;
+//# sourceMappingURL=symmetric.js.map

package/src/services/symmetric.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"symmetric.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/symmetric.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,0DAAoE;AACpE,mCAAuE;AACvE,+EAA0E;AAC1E,mDAAqD;AAGrD;;;;;GAKG;AACH,SAAS,eAAe,CAAI,GAAM;IAChC,OAAO,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,IAAI,QAAQ,IAAI,GAAG,CAAC;AACpE,CAAC;AAED;;;GAGG;AACH,MAAa,gBAAgB;IAC3B;;;;OAIG;IACI,MAAM,CAAC,gBAAgB,CAC5B,iBAAkC,iBAAK;QAEvC,OAAO,cAAc,CAAC,SAAS,CAAC,QAAQ,CAAC;IAC3C,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,iBAAiB,CAC7B,iBAAkC,iBAAK;QAEvC,OAAO,cAAc,CAAC,SAAS,CAAC,QAAQ,CAAC;IAC3C,CAAC;IAED;;;;;;;OAOG;IACI,MAAM,CAAC,aAAa,CACzB,IAAY,EACZ,aAAsB,EACtB,iBAAkC,iBAAK;QAEvC,IACE,aAAa;YACb,aAAa,CAAC,MAAM,IAAI,cAAc,CAAC,SAAS,CAAC,QAAQ,EACzD,CAAC;YACD,MAAM,IAAI,0BAAc,CAAC,yCAAkB,CAAC,gBAAgB,CAAC,CAAC;QAChE,CAAC;QAED,iDAAiD;QACjD,wBAAwB;QACxB,MAAM,QAAQ,GAAG,IAAA,oBAAW,EAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,GAAG,GACP,aAAa,IAAI,IAAA,oBAAW,EAAC,cAAc,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,IAAA,uBAAc,EAC3B,cAAc,CAAC,iCAAiC,EAChD,GAAG,EACH,QAAQ,CACT,CAAC;QAEF,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,MAAM,oBAAoB,GAAW,MAAM,CAAC,MAAM,CAAC;YACjD,QAAQ;YACR,gBAAgB;YAChB,WAAW;YACX,OAAO;SACR,CAAC,CAAC;QACH,OAAO;YACL,aAAa,EAAE,oBAAoB;YACnC,GAAG,EAAE,GAAG;SACT,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,aAAa,CACzB,aAAqB,EACrB,GAAW,EACX,iBAAkC,iBAAK;QAEvC,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;QACnE,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,GAAG,cAAc,CAAC,aAAa,CAAC;QACzE,MAAM,gBAAgB,GAAG,aAAa,CAAC,QAAQ,CAC7C,cAAc,CAAC,OAAO,EACtB,YAAY,CACb,CAAC;QACF,MAAM,OAAO,GAAG,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAErD,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,cAAc,CAAC,iCAAiC,EAChD,GAAG,EACH,QAAQ,CACT,CAAC;QACF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED;;;;;;;OAOG;IACI,MAAM,CAAC,WAAW,CACvB,IAAO,EACP,aAAsB;QAEtB,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACxC,MAAM,IAAI,0BAAc,CAAC,yCAAkB,CAAC,mBAAmB,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,UAAkB,CAAC;QACvB,IAAI,eAAe,CAAI,IAAI,CAAC,EAAE,CAAC;YAC7B,0CAA0C;YAC1C,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,MAAM,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,gBAAgB,CAAC,aAAa,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IACnE,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,WAAW,CAAI,aAAqB,EAAE,GAAW;QAC7D,OAAO,IAAI,CAAC,KAAK,CACf,gBAAgB,CAAC,aAAa,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAC/D,CAAC;IACT,CAAC;CACF;AAzID,4CAyIC"}

package/src/services/system-user.d.ts

@@ -0,0 +1,22 @@
+/**
+ * @fileoverview System user singleton service.
+ * Manages the system-level cryptographic member for server operations.
+ * @module services/system-user
+ */
+import { Member as BackendMember, PlatformID } from '@digitaldefiance/node-ecies-lib';
+import { Environment } from '../environment';
+import { IConstants } from '../interfaces/constants';
+/**
+ * Service for managing the system user singleton.
+ * Provides access to system-level cryptographic operations and key management.
+ */
+export declare class SystemUserService {
+    private static systemUser;
+    /**
+     * Initializes and returns the system member's Member instance.
+     * The mnemonic should be stored securely in environment variables.
+     */
+    static getSystemUser<TID extends PlatformID = Buffer>(environment: Environment<TID>, constants: IConstants): BackendMember<TID>;
+    static setSystemUser<TID extends PlatformID = Buffer>(user: BackendMember<TID>, constants: IConstants): void;
+}
+//# sourceMappingURL=system-user.d.ts.map

package/src/services/system-user.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"system-user.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/system-user.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,OAAO,EACL,MAAM,IAAI,aAAa,EAEvB,UAAU,EACX,MAAM,iCAAiC,CAAC;AAKzC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAErD;;;GAGG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAC,UAAU,CAA0C;IAEnE;;;OAGG;WACW,aAAa,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EACzD,WAAW,EAAE,WAAW,CAAC,GAAG,CAAC,EAC7B,SAAS,EAAE,UAAU,GACpB,aAAa,CAAC,GAAG,CAAC;WAqCP,aAAa,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,EACzD,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,EACxB,SAAS,EAAE,UAAU,GACpB,IAAI;CAQR"}

package/src/services/system-user.js

@@ -0,0 +1,52 @@
+"use strict";
+/**
+ * @fileoverview System user singleton service.
+ * Manages the system-level cryptographic member for server operations.
+ * @module services/system-user
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SystemUserService = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
+const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
+/**
+ * Service for managing the system user singleton.
+ * Provides access to system-level cryptographic operations and key management.
+ */
+class SystemUserService {
+    static systemUser = null;
+    /**
+     * Initializes and returns the system member's Member instance.
+     * The mnemonic should be stored securely in environment variables.
+     */
+    static getSystemUser(environment, constants) {
+        if (!SystemUserService.systemUser) {
+            if (!environment.systemMnemonic) {
+                throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Admin_EnvNotSetTemplate, {
+                    NAME: 'SYSTEM_MNEMONIC',
+                });
+            }
+            const mnemonic = environment.systemMnemonic;
+            const eciesService = new node_ecies_lib_1.ECIESService(undefined, constants.ECIES);
+            const { wallet } = eciesService.walletAndSeedFromMnemonic(mnemonic);
+            const keyPair = eciesService.walletToSimpleKeyPairBuffer(wallet);
+            SystemUserService.systemUser = new node_ecies_lib_1.Member(eciesService, ecies_lib_1.MemberType.System, constants.SystemUser, new ecies_lib_1.EmailString(constants.SystemEmail), keyPair.publicKey, new ecies_lib_1.SecureBuffer(keyPair.privateKey), wallet);
+            if (SystemUserService.systemUser.publicKey.toString('hex') !==
+                environment.systemPublicKeyHex) {
+                console.warn('System public key does not match environment variable', {
+                    derived: SystemUserService.systemUser.publicKey.toString('hex'),
+                    expected: environment.systemPublicKeyHex,
+                });
+            }
+        }
+        return SystemUserService.systemUser;
+    }
+    static setSystemUser(user, constants) {
+        if (user.type !== ecies_lib_1.MemberType.System || user.name !== constants.SystemUser) {
+            throw new Error('setSystemUser can only be called with a MemberType.System user');
+        }
+        SystemUserService.systemUser = user;
+    }
+}
+exports.SystemUserService = SystemUserService;
+//# sourceMappingURL=system-user.js.map

package/src/services/system-user.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"system-user.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/system-user.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,0DAKoC;AACpC,oEAIyC;AACzC,oEAGyC;AAIzC;;;GAGG;AACH,MAAa,iBAAiB;IACpB,MAAM,CAAC,UAAU,GAAqC,IAAI,CAAC;IAEnE;;;OAGG;IACI,MAAM,CAAC,aAAa,CACzB,WAA6B,EAC7B,SAAqB;QAErB,IAAI,CAAC,iBAAiB,CAAC,UAAU,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC;gBAChC,MAAM,IAAI,uCAAsB,CAC9B,mCAAkB,CAAC,uBAAuB,EAC1C;oBACE,IAAI,EAAE,iBAAiB;iBACxB,CACF,CAAC;YACJ,CAAC;YACD,MAAM,QAAQ,GAAiB,WAAW,CAAC,cAAc,CAAC;YAC1D,MAAM,YAAY,GAAG,IAAI,6BAAY,CAAM,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,EAAE,MAAM,EAAE,GAAG,YAAY,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;YACpE,MAAM,OAAO,GAAG,YAAY,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC;YAEjE,iBAAiB,CAAC,UAAU,GAAG,IAAI,uBAAa,CAC9C,YAAY,EACZ,sBAAU,CAAC,MAAM,EACjB,SAAS,CAAC,UAAU,EACpB,IAAI,uBAAW,CAAC,SAAS,CAAC,WAAW,CAAC,EACtC,OAAO,CAAC,SAAS,EACjB,IAAI,wBAAY,CAAC,OAAO,CAAC,UAAU,CAAC,EACpC,MAAM,CACP,CAAC;YACF,IACE,iBAAiB,CAAC,UAAU,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACtD,WAAW,CAAC,kBAAkB,EAC9B,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,uDAAuD,EAAE;oBACpE,OAAO,EAAE,iBAAiB,CAAC,UAAU,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;oBAC/D,QAAQ,EAAE,WAAW,CAAC,kBAAkB;iBACzC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,iBAAiB,CAAC,UAAgC,CAAC;IAC5D,CAAC;IAEM,MAAM,CAAC,aAAa,CACzB,IAAwB,EACxB,SAAqB;QAErB,IAAI,IAAI,CAAC,IAAI,KAAK,sBAAU,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,UAAU,EAAE,CAAC;YAC1E,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;QACJ,CAAC;QACD,iBAAiB,CAAC,UAAU,GAAG,IAA0B,CAAC;IAC5D,CAAC;;AAzDH,8CA0DC"}

package/src/services/user.d.ts

@@ -0,0 +1,368 @@
+/**
+ * @fileoverview Comprehensive user management service.
+ * Handles user authentication, registration, password management, email verification,
+ * mnemonic recovery, backup codes, and all user-related operations.
+ * @module services/user
+ */
+import { SecureBuffer, SecureString } from '@digitaldefiance/ecies-lib';
+import { ClientSession, ProjectionType } from '@digitaldefiance/mongoose-types';
+import { Member as BackendMember, ECIESService, PlatformID } from '@digitaldefiance/node-ecies-lib';
+import { EmailTokenType, IBackupCode, IRequestUserDTO, ITokenRole, IUserBase, IUserDTO } from '@digitaldefiance/suite-core-lib';
+import { Wallet } from '@ethereumjs/wallet';
+import { BackupCode } from '../backup-code';
+import { IBaseDocument } from '../documents';
+import { IEmailTokenDocument } from '../documents/email-token';
+import { IUserDocument } from '../documents/user';
+import { Environment } from '../environment';
+import { ICreateUserBasics } from '../interfaces';
+import { IApplication } from '../interfaces/application';
+import { IUserBackendObject } from '../interfaces/backend-objects/user';
+import { IConstants } from '../interfaces/constants';
+import { IEmailService } from '../interfaces/email-service';
+import { BackupCodeService } from './backup-code';
+import { BaseService } from './base';
+import { KeyWrappingService } from './key-wrapping';
+import { MnemonicService } from './mnemonic';
+import { RoleService } from './role';
+/**
+ * Comprehensive service for user management and authentication.
+ * Provides methods for user creation, authentication (mnemonic/password/challenge),
+ * email verification, password reset, backup code recovery, and settings management.
+ * @template T - User document type
+ * @template TID - Platform ID type
+ * @template TDate - Date type
+ * @template TLanguage - String type for site language
+ * @template TAccountStatus - String type for account status
+ * @template _TEnvironment - Environment type
+ * @template _TConstants - Constants type
+ * @template _TBaseDocument - Base document type
+ * @template TUser - User base interface type
+ * @template TTokenRole - Token role interface type
+ * @template TApplication - Application interface type
+ * @extends {BaseService<TID, TApplication>}
+ */
+export declare class UserService<T, TID extends PlatformID, TDate extends Date, TLanguage extends string, TAccountStatus extends string, _TEnvironment extends Environment<TID> = Environment<TID>, _TConstants extends IConstants = IConstants, _TBaseDocument extends IBaseDocument<T, TID> = IBaseDocument<T, TID>, TUser extends IUserBase<TID, TDate, TLanguage, TAccountStatus> = IUserBase<TID, TDate, TLanguage, TAccountStatus>, TTokenRole extends ITokenRole<TID, TDate> = ITokenRole<TID, TDate>, TApplication extends IApplication<TID> = IApplication<TID>> extends BaseService<TID, TApplication> {
+    protected readonly roleService: RoleService<TID, TDate, TTokenRole>;
+    protected readonly eciesService: ECIESService<TID>;
+    protected readonly keyWrappingService: KeyWrappingService;
+    protected readonly mnemonicService: MnemonicService;
+    protected readonly emailService: IEmailService;
+    protected readonly backupCodeService: BackupCodeService<TID, TDate, TTokenRole, TApplication>;
+    protected readonly serverUrl: string;
+    protected readonly disableEmailSend: boolean;
+    constructor(application: TApplication, roleService: RoleService<TID, TDate, TTokenRole>, emailService: IEmailService, keyWrappingService: KeyWrappingService, backupCodeService: BackupCodeService<TID, TDate, TTokenRole, TApplication>);
+    /**
+     * Given a User Document, make a User DTO
+     * @param user a User Document
+     * @returns An IUserDTO
+     */
+    static userToUserDTO<TLanguage extends string, TID extends PlatformID = Buffer>(user: IUserDocument<TLanguage, TID> | Record<string, unknown>): IUserDTO;
+    /**
+     * Given a User DTO, reconstitute ids and dates
+     * @param user a User DTO
+     * @returns An IUserBackendObject
+     */
+    hydrateUserDTOToBackend(user: IUserDTO): IUserBackendObject<TLanguage, TID>;
+    /**
+     * Create a new email token to send to the user for email verification
+     * @param userDoc The user to create the email token for
+     * @param type The type of email token to create
+     * @param session The session to use for the query
+     * @returns The email token document
+     */
+    createEmailToken(userDoc: IUserDocument<TLanguage, TID>, type: EmailTokenType, session?: ClientSession): Promise<IEmailTokenDocument>;
+    /**
+     * Create and send an email token to the user for email verification
+     * @param user The user to send the email token to
+     * @param type The type of email token to send
+     * @param session The session to use for the query
+     * @returns The email token document
+     */
+    createAndSendEmailToken(user: IUserDocument<TLanguage, TID> | (Pick<IUserDocument<TLanguage, TID>, keyof IUserDocument<TLanguage, TID>> & {
+        _id: any;
+    }), type?: EmailTokenType, session?: ClientSession, debug?: boolean): Promise<IEmailTokenDocument>;
+    /**
+     * Create and send an email token directly within an existing transaction
+     * @param user The user to send the email token to
+     * @param type The type of email token to send
+     * @param session The session to use for the query (required)
+     * @param debug Whether to enable debug logging
+     * @returns The email token document
+     */
+    createAndSendEmailTokenDirect(user: IUserDocument<TLanguage, TID>, type: EmailTokenType | undefined, session: ClientSession, debug?: boolean): Promise<IEmailTokenDocument>;
+    /**
+     * Send an email token to the user for email verification
+     * @param emailToken The email token to send
+     * @param session The session to use for the query
+     * @returns void
+     */
+    sendEmailToken(emailToken: IEmailTokenDocument, session?: ClientSession, debug?: boolean): Promise<void>;
+    /**
+     * Find a user by email or username and enforce account status checks
+     * @param email Optional email
+     * @param username Optional username
+     * @param session Optional mongoose session
+     * @throws UsernameOrEmailRequiredError if neither provided
+     * @throws InvalidCredentialsError if not found or deleted
+     * @throws AccountLockedError | PendingEmailVerificationError | AccountStatusError per status
+     */
+    findUser(email?: string, username?: string, session?: ClientSession): Promise<IUserDocument<TLanguage, TID>>;
+    /**
+     * Finds a user record by ID
+     * @param userId The user ID
+     * @param throwIfNotActive Whether to throw if the user is inactive
+     * @param session The active session, if present
+     * @returns The user document
+     */
+    findUserById(userId: TID, throwIfNotActive: boolean, session?: ClientSession, select?: ProjectionType<IUserDocument<TLanguage, TID>>): Promise<IUserDocument<TLanguage, TID>>;
+    /**
+     * Ensure required fields are present in a projection for queries that rely on them.
+     * Supports string and object-style projections. For inclusion projections, adds fields.
+     * For exclusion projections, ensures required fields are not excluded.
+     */
+    private ensureRequiredFieldsInProjection;
+    /**
+     * Fill in the default values to a user object
+     * @param newUser The user object to fill in
+     * @param createdBy The user ID of the user creating the new user
+     * @returns The filled in user
+     */
+    fillUserDefaults(newUser: ICreateUserBasics, createdBy: TID, backupCodes: Array<IBackupCode>, encryptedMnemonic: string, userId?: TID): IUserBackendObject<TLanguage, TID>;
+    /**
+     * Create a new user document from an IUser and unhashed password
+     * @param newUser The user object
+     * @returns The new user document
+     */
+    makeUserDoc(newUser: TUser): Promise<IUserDocument<TLanguage, TID>>;
+    /**
+     * Create a new user.
+     * Do not set createdBy to a new (non-existing) ObjectId unless you also set newUserId to it.
+     * If newUserId is not set, one will be generated.
+     * @param systemUser The system user performing the operation
+     * @param userData Username, email, password in a ICreateUserBasics object
+     * @param createdBy The user id of the user creating the user
+     * @param newUserId the user id of the new user object- usually the createdBy user id.
+     * @param session The session to use for the query
+     * @param debug Whether to log debug information
+     * @param password The password to use for the new user (optional, if not provided, mnemonic will be used)
+     * @returns The new user document
+     */
+    newUser(systemUser: BackendMember<TID>, userData: ICreateUserBasics, createdBy?: TID, newUserId?: TID, session?: ClientSession, debug?: boolean, password?: string): Promise<{
+        user: IUserDocument<TLanguage, TID>;
+        mnemonic: string;
+        backupCodes: Array<string>;
+        password?: string;
+    }>;
+    /**
+     * Get the backup codes for a user.
+     * Requires the user not be deleted or inactive
+     */
+    getEncryptedUserBackupCodes(userId: TID, session?: ClientSession): Promise<Array<IBackupCode>>;
+    /**
+     * Resets the given user's backup codes
+     * @param backupUser The user to generate codes for
+     * @param session The current session, if any
+     * @returns A promise of an array of backup codes
+     */
+    resetUserBackupCodes(backupUser: BackendMember<TID>, systemUser: BackendMember<TID>, session?: ClientSession): Promise<Array<BackupCode>>;
+    /**
+     * Recover a user's mnemonic from an encrypted mnemonic
+     * @param user The user whose mnemonic to recover
+     * @param encryptedMnemonic The encrypted mnemonic
+     * @returns The recovered mnemonic
+     */
+    recoverMnemonic(user: BackendMember<any>, encryptedMnemonic: string): SecureString;
+    /**
+     * Make a Member from a user document and optional private key
+     * @param userDoc The user document
+     * @param privateKey Optional private key to load the wallet
+     * @param publicKey Optional public key to override the userDoc public key
+     * @param session The current session, if any
+     * @returns A promise containing the created Member
+     */
+    makeUserFromUserDoc(userDoc: IUserDocument<TLanguage, TID>, privateKey?: SecureBuffer, publicKey?: Buffer, mnemonic?: SecureString, wallet?: Wallet, session?: ClientSession): Promise<BackendMember<TID>>;
+    /**
+     * Challenges a given userDoc with a given mnemonic, returns a system and user Member
+     * @param userDoc The userDoc in question
+     * @param mnemonic The mnemonic to challenge against
+     * @returns A promise containing the user and system Members
+     * @throws InvalidCredentialsError if the challenge fails
+     * @throws AccountLockedError if the account is locked
+     * @throws PendingEmailVerificationError if the email is not verified
+     * @throws AccountStatusError if the account status is invalid
+     */
+    challengeUserWithMnemonic(userDoc: IUserDocument<TLanguage, TID>, mnemonic: SecureString, session?: ClientSession): Promise<{
+        userMember: BackendMember<TID>;
+        adminMember: BackendMember<TID>;
+    }>;
+    /**
+     * Validates a login challenge response
+     * @param challengeResponse The challenge response bytes in hex
+     * @param email The email address of the user
+     * @param username The username of the user
+     * @param session The mongo session for the query
+     * @returns A promise that resolves to the user document, user member, and system member
+     */
+    loginWithChallengeResponse(challengeResponse: string, email?: string, username?: string, session?: ClientSession): Promise<{
+        userDoc: IUserDocument<TLanguage, TID>;
+        userMember: BackendMember<TID>;
+        adminMember: BackendMember<TID>;
+    }>;
+    /**
+     * Authenticate a user with client-verified challenge (skips server-side challenge)
+     * @returns The authenticated user document.
+     */
+    loginWithClientVerifiedChallenge(usernameOrEmail: string, mnemonic: SecureString, session?: ClientSession): Promise<{
+        userDoc: IUserDocument<TLanguage, TID>;
+        userMember: BackendMember<TID>;
+        adminMember: BackendMember<TID>;
+    }>;
+    /**
+     * Authenticate a user with their mnemonic.
+     * @returns The authenticated user document.
+     */
+    loginWithMnemonic(usernameOrEmail: string, mnemonic: SecureString, session?: ClientSession): Promise<{
+        userDoc: IUserDocument<TLanguage, TID>;
+        userMember: BackendMember<TID>;
+        adminMember: BackendMember<TID>;
+    }>;
+    /**
+     * Authenticate a user with their password (for key-wrapped accounts).
+     * @returns The authenticated user document.
+     */
+    loginWithPassword(usernameOrEmail: string, password: string, session?: ClientSession): Promise<{
+        userDoc: IUserDocument<TLanguage, TID>;
+        userMember: BackendMember<TID>;
+        adminMember: BackendMember<TID>;
+    }>;
+    /**
+     * Re-send a previously sent email token
+     * @param userId The user id
+     * @param session The session to use for the query
+     * @returns void
+     * @throws EmailTokenUsedOrInvalidError
+     */
+    resendEmailToken(userId: string, type: EmailTokenType, session?: ClientSession, debug?: boolean): Promise<void>;
+    /**
+     * Verify the email token and update the user's account status
+     * @param emailToken The email token to verify
+     * @param session The session to use for the query
+     * @returns void
+     * @throws EmailTokenUsedOrInvalidError
+     * @throws EmailTokenExpiredError
+     * @throws EmailVerifiedError
+     * @throws UserNotFoundError
+     */
+    verifyAccountTokenAndComplete(emailToken: string, session?: ClientSession): Promise<void>;
+    /**
+     * Validate the email token
+     * @param token The token to validate
+     * @param restrictType The type of email token to validate (or throw)
+     * @param session The session to use for the query
+     * @returns void
+     * @throws EmailTokenUsedOrInvalidError
+     */
+    validateEmailToken(token: string, restrictType?: EmailTokenType, session?: ClientSession): Promise<void>;
+    /**
+     * Updates the user's language
+     * @param userId - The ID of the user
+     * @param newLanguage - The new language
+     * @param session - The session to use for the query
+     * @returns The updated user
+     */
+    updateSiteLanguage(userId: string, newLanguage: string, session?: ClientSession): Promise<IRequestUserDTO>;
+    /**
+     * Updates the user's Dark Mode preference
+     * @param userId - The ID of the user
+     * @param newDarkMode - The new Dark Mode preference
+     * @param session - The session to use for the query
+     * @returns The updated user
+     */
+    updateDarkMode(userId: string, newDarkMode: boolean, session?: ClientSession): Promise<IRequestUserDTO>;
+    /**
+     * Updates multiple user settings at once
+     * @param userId - The ID of the user
+     * @param settings - Object containing settings to update
+     * @param session - The session to use for the query
+     * @returns The updated user
+     */
+    updateUserSettings(userId: string, settings: {
+        email?: string;
+        timezone?: string;
+        siteLanguage?: string;
+        currency?: string;
+        darkMode?: boolean;
+        directChallenge?: boolean;
+    }, session?: ClientSession): Promise<IRequestUserDTO>;
+    /**
+     * Changes the user's password by re-wrapping their master key
+     * @param userId - The ID of the user
+     * @param currentPassword - The current password
+     * @param newPassword - The new password
+     * @param session - The session to use for the query
+     * @returns void
+     */
+    changePassword(userId: string, currentPassword: string, newPassword: string, session?: ClientSession): Promise<void>;
+    /**
+     * Retrieve an email token by its token string and type
+     * @param token - The token string
+     * @param type - The type of the email token
+     * @param session - The session to use for the query
+     * @returns The email token document or null if not found
+     */
+    findEmailToken(token: string, type?: EmailTokenType, session?: ClientSession): Promise<IEmailTokenDocument | null>;
+    /**
+     * Verify email token is valid
+     * @param token - The email token
+     * @param session - The session to use for the query
+     * @returns void
+     */
+    verifyEmailToken(token: string, type: EmailTokenType, session?: ClientSession): Promise<void>;
+    /**
+     * Reset password using email token
+     * @param token - The email token
+     * @param newPassword - The new password
+     * @param session - The session to use for the query
+     * @returns void
+     */
+    resetPasswordWithToken(token: string, newPassword: string, credential?: string, // either mnemonic or current password; required
+    session?: ClientSession): Promise<void>;
+    /**
+     * Generate a login challenge for the client to sign
+     * @returns The login challenge in hex
+     */
+    generateDirectLoginChallenge(): string;
+    /**
+     * Verifies a direct login challenge response
+     * @param serverSignedRequest The login challenge response in hex
+     * @param session The mongoose session, if provided
+     * @returns A promise with the user document and user member object
+     */
+    verifyDirectLoginChallenge(serverSignedRequest: string, signature: string, username?: string, email?: string, session?: ClientSession): Promise<{
+        userDoc: IUserDocument<TLanguage, TID>;
+        userMember: BackendMember<TID>;
+    }>;
+    /**
+     * Request a login link via email
+     * @param email Email address
+     * @param username Username
+     * @param session Existing session, if any
+     * @returns void
+     */
+    requestEmailLogin(email?: string, username?: string, session?: ClientSession): Promise<void>;
+    /**
+     * Validate an email login token challenge
+     * @param token The token to challenge
+     * @param signature The signature of the token by the user's private key
+     * @param session The session to use for the query
+     * @returns The user document if the challenge is valid
+     */
+    validateEmailLoginTokenChallenge(token: string, signature: string, session?: ClientSession): Promise<IUserDocument<TLanguage, TID>>;
+    /**
+     * Updates the user's last login time atomically
+     * @param userId - The ID of the user
+     * @returns void
+     */
+    updateLastLogin(userId: TID): Promise<void>;
+}
+//# sourceMappingURL=user.d.ts.map

package/src/services/user.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/user.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAKL,YAAY,EACZ,YAAY,EACb,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,aAAa,EAEb,cAAc,EACf,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACL,MAAM,IAAI,aAAa,EACvB,YAAY,EAEZ,UAAU,EAEX,MAAM,iCAAiC,CAAC;AACzC,OAAO,EASL,cAAc,EAId,WAAW,EAKX,eAAe,EACf,UAAU,EACV,SAAS,EACT,QAAQ,EAYT,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAG5C,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAG7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAG5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAErC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAE7C,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAKrC;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,WAAW,CACtB,CAAC,EACD,GAAG,SAAS,UAAU,EACtB,KAAK,SAAS,IAAI,EAClB,SAAS,SAAS,MAAM,EACxB,cAAc,SAAS,MAAM,EAC7B,aAAa,SAAS,WAAW,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,EACzD,WAAW,SAAS,UAAU,GAAG,UAAU,EAC3C,cAAc,SAAS,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,EACpE,KAAK,SAAS,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,cAAc,CAAC,GAAG,SAAS,CACxE,GAAG,EACH,KAAK,EACL,SAAS,EACT,cAAc,CACf,EACD,UAAU,SAAS,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,EAClE,YAAY,SAAS,YAAY,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAC1D,SAAQ,WAAW,CAAC,GAAG,EAAE,YAAY,CAAC;IACtC,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IACpE,SAAS,CAAC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC;IACnD,SAAS,CAAC,QAAQ,CAAC,kBAAkB,EAAE,kBAAkB,CAAC;IAC1D,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC;IACpD,SAAS,CAAC,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC;IAC/C,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,iBAAiB,CACrD,GAAG,EACH,KAAK,EACL,UAAU,EACV,YAAY,CACb,CAAC;IACF,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IACrC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;gBAG3C,WAAW,EAAE,YAAY,EACzB,WAAW,EAAE,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,UAAU,CAAC,EAChD,YAAY,EAAE,aAAa,EAC3B,kBAAkB,EAAE,kBAAkB,EACtC,iBAAiB,EAAE,iBAAiB,CAAC,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,CAAC;IA+B5E;;;;OAIG;WACW,aAAa,CACzB,SAAS,SAAS,MAAM,EACxB,GAAG,SAAS,UAAU,GAAG,MAAM,EAC/B,IAAI,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,QAAQ;IA4C1E;;;;OAIG;IACI,uBAAuB,CAC5B,IAAI,EAAE,QAAQ,GACb,kBAAkB,CAAC,SAAS,EAAE,GAAG,CAAC;IAsBrC;;;;;;OAMG;IACU,gBAAgB,CAC3B,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,EACtC,IAAI,EAAE,cAAc,EACpB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,mBAAmB,CAAC;IA8F/B;;;;;;OAMG;IACU,uBAAuB,CAClC,IAAI,EACA,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,GAC7B,CAAC,IAAI,CACH,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,EAC7B,MAAM,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CACpC,GAAG;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,CAAC,EACrB,IAAI,GAAE,cAAmD,EACzD,OAAO,CAAC,EAAE,aAAa,EACvB,KAAK,UAAQ,GACZ,OAAO,CAAC,mBAAmB,CAAC;IAU/B;;;;;;;OAOG;IACU,6BAA6B,CACxC,IAAI,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,EACnC,IAAI,EAAE,cAAc,YAAqC,EACzD,OAAO,EAAE,aAAa,EACtB,KAAK,UAAQ,GACZ,OAAO,CAAC,mBAAmB,CAAC;IAoD/B;;;;;OAKG;IACU,cAAc,CACzB,UAAU,EAAE,mBAAmB,EAC/B,OAAO,CAAC,EAAE,aAAa,EACvB,KAAK,UAAQ,GACZ,OAAO,CAAC,IAAI,CAAC;IA2EhB;;;;;;;;OAQG;IACU,QAAQ,CACnB,KAAK,CAAC,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAgDzC;;;;;;OAMG;IACU,YAAY,CACvB,MAAM,EAAE,GAAG,EACX,gBAAgB,EAAE,OAAO,EACzB,OAAO,CAAC,EAAE,aAAa,EACvB,MAAM,CAAC,EAAE,cAAc,CAAC,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,GACrD,OAAO,CAAC,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAmCzC;;;;OAIG;IACH,OAAO,CAAC,gCAAgC;IA0CxC;;;;;OAKG;IACI,gBAAgB,CACrB,OAAO,EAAE,iBAAiB,EAC1B,SAAS,EAAE,GAAG,EACd,WAAW,EAAE,KAAK,CAAC,WAAW,CAAC,EAC/B,iBAAiB,EAAE,MAAM,EACzB,MAAM,CAAC,EAAE,GAAG,GACX,kBAAkB,CAAC,SAAS,EAAE,GAAG,CAAC;IAuBrC;;;;OAIG;IACU,WAAW,CACtB,OAAO,EAAE,KAAK,GACb,OAAO,CAAC,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAezC;;;;;;;;;;;;OAYG;IACU,OAAO,CAClB,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,EAC9B,QAAQ,EAAE,iBAAiB,EAC3B,SAAS,CAAC,EAAE,GAAG,EACf,SAAS,CAAC,EAAE,GAAG,EACf,OAAO,CAAC,EAAE,aAAa,EACvB,KAAK,UAAQ,EACb,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC;QACT,IAAI,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IAgKF;;;OAGG;IACU,2BAA2B,CACtC,MAAM,EAAE,GAAG,EACX,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAK9B;;;;;OAKG;IACU,oBAAoB,CAC/B,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,EAC9B,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,EAC9B,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IA2B7B;;;;;OAKG;IACI,eAAe,CACpB,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,EACxB,iBAAiB,EAAE,MAAM,GACxB,YAAY;IAiBf;;;;;;;OAOG;IACU,mBAAmB,CAC9B,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,EACtC,UAAU,CAAC,EAAE,YAAY,EACzB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,YAAY,EACvB,MAAM,CAAC,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IA2B9B;;;;;;;;;OASG;IACU,yBAAyB,CACpC,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,EACtC,QAAQ,EAAE,YAAY,EACtB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC;QACT,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;QAC/B,WAAW,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;KACjC,CAAC;IAuFF;;;;;;;OAOG;IACU,0BAA0B,CACrC,iBAAiB,EAAE,MAAM,EACzB,KAAK,CAAC,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC;QACT,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QACvC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;QAC/B,WAAW,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;KACjC,CAAC;IAuDF;;;OAGG;IACU,gCAAgC,CAC3C,eAAe,EAAE,MAAM,EACvB,QAAQ,EAAE,YAAY,EACtB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC;QACT,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QACvC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;QAC/B,WAAW,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;KACjC,CAAC;IAgGF;;;OAGG;IACU,iBAAiB,CAC5B,eAAe,EAAE,MAAM,EACvB,QAAQ,EAAE,YAAY,EACtB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC;QACT,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QACvC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;QAC/B,WAAW,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;KACjC,CAAC;IAuCF;;;OAGG;IACU,iBAAiB,CAC5B,eAAe,EAAE,MAAM,EACvB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC;QACT,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QACvC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;QAC/B,WAAW,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;KACjC,CAAC;IA8EF;;;;;;OAMG;IACU,gBAAgB,CAC3B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,cAAc,EACpB,OAAO,CAAC,EAAE,aAAa,EACvB,KAAK,UAAQ,GACZ,OAAO,CAAC,IAAI,CAAC;IA+BhB;;;;;;;;;OASG;IACU,6BAA6B,CACxC,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,IAAI,CAAC;IAoFhB;;;;;;;OAOG;IACU,kBAAkB,CAC7B,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,cAAc,EAC7B,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,IAAI,CAAC;IA6BhB;;;;;;OAMG;IACU,kBAAkB,CAC7B,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,eAAe,CAAC;IA4B3B;;;;;;OAMG;IACU,cAAc,CACzB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,OAAO,EACpB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,eAAe,CAAC;IA4B3B;;;;;;OAMG;IACU,kBAAkB,CAC7B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE;QACR,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,EACD,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,eAAe,CAAC;IA6D3B;;;;;;;OAOG;IACU,cAAc,CACzB,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,MAAM,EACvB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,IAAI,CAAC;IAsDhB;;;;;;OAMG;IACU,cAAc,CACzB,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,cAAc,EACrB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAYtC;;;;;OAKG;IACU,gBAAgB,CAC3B,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,cAAc,EACpB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,IAAI,CAAC;IAiBhB;;;;;;OAMG;IACU,sBAAsB,CACjC,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,UAAU,CAAC,EAAE,MAAM,EAAE,gDAAgD;IACrE,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,IAAI,CAAC;IAgHhB;;;OAGG;IACI,4BAA4B,IAAI,MAAM;IAY7C;;;;;OAKG;IACU,0BAA0B,CACrC,mBAAmB,EAAE,MAAM,EAC3B,SAAS,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC;QACT,OAAO,EAAE,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QACvC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;KAChC,CAAC;IA0GF;;;;;;OAMG;IACU,iBAAiB,CAC5B,KAAK,CAAC,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,IAAI,CAAC;IAqBhB;;;;;;OAMG;IACU,gCAAgC,CAC3C,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAyCzC;;;;OAIG;IACU,eAAe,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;CAuCzD"}