@digitaldefiance/node-express-suite 4.22.2 → 4.23.1

package/src/services/role.js

@@ -1,289 +0,0 @@
-"use strict";
-/**
- * @fileoverview Role-based access control (RBAC) service.
- * Manages roles, user-role relationships, and permission checks.
- * @module services/role
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.RoleService = void 0;
-const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
-const i18n_lib_1 = require("@digitaldefiance/i18n-lib");
-const mongoose_types_1 = require("@digitaldefiance/mongoose-types");
-const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
-const base_model_name_1 = require("../enumerations/base-model-name");
-const model_registry_1 = require("../model-registry");
-const utils_1 = require("../utils");
-const base_1 = require("./base");
-const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
-/**
- * Service for managing roles and role-based access control.
- * Handles role creation, user-role assignments, and permission queries.
- * @template TID - Platform ID type (defaults to Buffer)
- * @template TDate - Date type (defaults to Date)
- * @template TTokenRole - Token role interface type
- * @extends {BaseService<TID>}
- */
-class RoleService extends base_1.BaseService {
-    /**
-     * Constructor for the role service
-     * @param application The application object
-     */
-    constructor(application) {
-        super(application);
-    }
-    static roleToRoleDTO(role) {
-        const provider = (0, node_ecies_lib_1.getEnhancedNodeIdProvider)();
-        const roleObj = role instanceof mongoose_types_1.Document ? role.toObject() : role;
-        return {
-            _id: provider.idToString(roleObj._id),
-            name: roleObj.name,
-            admin: roleObj.admin ?? false,
-            member: roleObj.member ?? false,
-            child: roleObj.child ?? false,
-            system: roleObj.system ?? false,
-            translatedName: 'translatedName' in role ? role.translatedName : role.name,
-            createdAt: (roleObj.createdAt instanceof Date
-                ? roleObj.createdAt.toISOString()
-                : roleObj.createdAt),
-            createdBy: provider.idToString(roleObj.createdBy),
-            updatedAt: (roleObj.updatedAt instanceof Date
-                ? roleObj.updatedAt.toISOString()
-                : roleObj.updatedAt),
-            updatedBy: provider.idToString(roleObj.updatedBy),
-            ...(roleObj.deletedAt
-                ? {
-                    deletedAt: (roleObj.deletedAt instanceof Date
-                        ? roleObj.deletedAt.toISOString()
-                        : roleObj.deletedAt),
-                }
-                : {}),
-            ...(role.deletedBy
-                ? {
-                    deletedBy: provider.idToString(roleObj.deletedBy),
-                }
-                : {}),
-        };
-    }
-    /**
-     * Given a Role DTO, reconstitute ids and dates
-     * @param role The Role DTO
-     * @returns An IRoleBackendObject
-     */
-    static hydrateRoleDTOToBackend(role) {
-        const idProvider = (0, node_ecies_lib_1.getEnhancedNodeIdProvider)();
-        const convert = (id) => idProvider.idFromString(id);
-        return {
-            ...(0, utils_1.omit)(role, [
-                'translatedName',
-            ]),
-            _id: convert(role._id),
-            name: role.name,
-            createdAt: new Date(role.createdAt),
-            createdBy: convert(role.createdBy),
-            updatedAt: new Date(role.updatedAt),
-            updatedBy: convert(role.updatedBy),
-            ...(role.deletedAt ? { deletedAt: new Date(role.deletedAt) } : {}),
-            ...(role.deletedBy
-                ? {
-                    deletedBy: convert(role.deletedBy),
-                }
-                : {}),
-        };
-    }
-    /**
-     * Gets the role ID by name
-     * @param roleName The name of the role
-     * @returns The role ID or null if not found
-     */
-    async getRoleIdByName(roleName, session) {
-        const RoleModel = model_registry_1.ModelRegistry.instance.get(base_model_name_1.BaseModelName.Role).model;
-        const role = await RoleModel.findOne({ name: roleName }, undefined, {
-            session,
-        }).select('_id');
-        if (!role) {
-            return null;
-        }
-        return role._id;
-    }
-    /**
-     * Creates a new role
-     * @param roleData The role data
-     * @param session Optional mongoose session
-     * @returns The created role document
-     */
-    async createRole(roleData, session) {
-        const RoleModel = model_registry_1.ModelRegistry.instance.get(base_model_name_1.BaseModelName.Role).model;
-        const role = new RoleModel(roleData);
-        const savedRole = await role.save(session ? { session } : {});
-        return savedRole;
-    }
-    /**
-     * Adds a user to a role
-     * @param roleId - The role id
-     * @param userId - The user id
-     * @param createdBy - The user creating the relationship
-     * @param session Optional mongoose session
-     */
-    async addUserToRole(roleId, userId, createdBy, session, overrideId) {
-        const UserRoleModel = model_registry_1.ModelRegistry.instance.get(base_model_name_1.BaseModelName.UserRole).model;
-        // Check if the user-role relationship already exists (and is not deleted)
-        const existingUserRole = await UserRoleModel.findOne({
-            userId,
-            roleId,
-            deletedAt: { $exists: false },
-        }).session(session ?? null);
-        if (existingUserRole) {
-            // Relationship already exists, no need to create it again
-            return existingUserRole;
-        }
-        const userRole = new UserRoleModel({
-            ...(overrideId ? { _id: overrideId } : {}),
-            userId,
-            roleId,
-            createdBy,
-            updatedBy: createdBy,
-        });
-        const result = await userRole.save({ session });
-        return result;
-    }
-    /**
-     * Removes a user from a role
-     * @param roleId - The role id
-     * @param userId - The user id
-     * @param deletedBy - The user removing the relationship
-     * @param session Optional mongoose session
-     * @throws LastAdminError if attempting to remove the last admin
-     */
-    async removeUserFromRole(roleId, userId, deletedBy, session) {
-        const RoleModel = model_registry_1.ModelRegistry.instance.get(base_model_name_1.BaseModelName.Role).model;
-        const UserRoleModel = model_registry_1.ModelRegistry.instance.get(base_model_name_1.BaseModelName.UserRole).model;
-        const role = await RoleModel.findById(roleId).session(session ?? null);
-        if (role?.admin) {
-            const adminCount = await UserRoleModel.countDocuments({
-                roleId,
-                deletedAt: { $exists: false },
-            }).session(session ?? null);
-            if (adminCount <= 1) {
-                throw new suite_core_lib_1.LastAdminError();
-            }
-        }
-        await UserRoleModel.findOneAndUpdate({ userId, roleId, deletedAt: { $exists: false } }, { deletedAt: new Date(), deletedBy }, { session });
-    }
-    /**
-     * Deletes a role by ID
-     * @param roleId The role ID
-     * @param deleter The ID of the user deleting the role
-     * @param hardDelete Whether to hard delete the role
-     * @param session Optional mongoose session
-     */
-    async deleteRole(roleId, deleter, hardDelete, session) {
-        const RoleModel = model_registry_1.ModelRegistry.instance.get(base_model_name_1.BaseModelName.Role).model;
-        if (hardDelete) {
-            await RoleModel.findByIdAndDelete(roleId).session(session ?? null);
-        }
-        else {
-            await RoleModel.findByIdAndUpdate(roleId, {
-                deletedAt: new Date(),
-                deletedBy: deleter,
-            }).session(session ?? null);
-        }
-    }
-    /**
-     * Gets all roles for a user
-     * @param userId The user ID
-     * @param session Optional mongoose session
-     * @returns The roles the user is a member of
-     */
-    async getUserRoles(userId, session) {
-        const UserRoleModel = model_registry_1.ModelRegistry.instance.get(base_model_name_1.BaseModelName.UserRole).model;
-        const RoleModel = model_registry_1.ModelRegistry.instance.get(base_model_name_1.BaseModelName.Role).model;
-        if (!UserRoleModel || !RoleModel)
-            throw new Error('Model not registered');
-        // Return full documents
-        const userRoles = await UserRoleModel.find({
-            userId,
-            deletedAt: { $exists: false },
-        })
-            .select('roleId')
-            .session(session ?? null);
-        const roleIds = userRoles.map((ur) => ur.roleId);
-        return (await RoleModel.find({
-            _id: { $in: roleIds },
-            deletedAt: { $exists: false },
-        }).session(session ?? null));
-    }
-    /**
-     * Gets all users for a role
-     * @param roleId The role ID
-     * @param session Optional mongoose session
-     * @returns The user IDs that are members of the role
-     */
-    async getRoleUsers(roleId, session) {
-        const UserRoleModel = model_registry_1.ModelRegistry.instance.get(base_model_name_1.BaseModelName.UserRole).model;
-        // Return full documents
-        const userRoles = await UserRoleModel.find({
-            roleId,
-            deletedAt: { $exists: false },
-        })
-            .select('userId')
-            .session(session ?? null);
-        return userRoles.map((ur) => ur.userId);
-    }
-    /** Convert roles to translated TokenRoles */
-    rolesToTokenRoles(roles, overrideLanguage) {
-        return roles.map((role) => {
-            const engine = i18n_lib_1.I18nEngine.getInstance('default');
-            const userLang = i18n_lib_1.GlobalActiveContext.getInstance().userLanguage;
-            const lang = (overrideLanguage || userLang || 'en-US');
-            const roleTranslation = engine.translateEnum(suite_core_lib_1.Role, role.name, lang);
-            // Convert Mongoose document to plain object if needed
-            const roleObj = role instanceof mongoose_types_1.Document ? role.toObject() : role;
-            return {
-                ...roleObj,
-                translatedName: roleTranslation,
-            };
-        });
-    }
-    async isUserAdmin(userDoc, session, providedRoles) {
-        const roles = providedRoles ?? (await this.getUserRoles(userDoc._id, session));
-        if (roles.filter((r) => r.admin).length > 0) {
-            return true;
-        }
-        return false;
-    }
-    async isUserMember(userDoc, session, providedRoles) {
-        const roles = providedRoles ?? (await this.getUserRoles(userDoc._id, session));
-        if (roles.filter((r) => r.member).length > 0) {
-            return true;
-        }
-        return false;
-    }
-    async isUserChild(userDoc, session, providedRoles) {
-        const roles = providedRoles ?? (await this.getUserRoles(userDoc._id, session));
-        if (roles.filter((r) => r.child).length > 0) {
-            return true;
-        }
-        return false;
-    }
-    async isSystemUser(userDoc, session, providedRoles) {
-        const roles = providedRoles ?? (await this.getUserRoles(userDoc._id, session));
-        return roles.some((r) => r.system);
-    }
-    async getMemberType(userDoc, session, providedRoles) {
-        const roles = providedRoles ?? (await this.getUserRoles(userDoc._id, session));
-        if (await this.isSystemUser(userDoc, session, roles)) {
-            return ecies_lib_1.MemberType.System;
-        }
-        else if (await this.isUserAdmin(userDoc, session, roles)) {
-            return ecies_lib_1.MemberType.Admin;
-        }
-        else if (await this.isUserMember(userDoc, session, roles)) {
-            return ecies_lib_1.MemberType.User;
-        }
-        else {
-            return ecies_lib_1.MemberType.Anonymous;
-        }
-    }
-}
-exports.RoleService = RoleService;
-//# sourceMappingURL=role.js.map

package/src/services/role.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"role.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/role.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,0DAAwD;AACxD,wDAImC;AACnC,oEAA0E;AAC1E,oEAOyC;AAIzC,qEAAgE;AAGhE,sDAAkD;AAClD,oCAAgC;AAChC,iCAAqC;AACrC,oEAGyC;AAEzC;;;;;;;GAOG;AACH,MAAa,WAIX,SAAQ,kBAAgB;IACxB;;;OAGG;IACH,YAAY,WAA8B;QACxC,KAAK,CAAC,WAAW,CAAC,CAAC;IACrB,CAAC;IAEM,MAAM,CAAC,aAAa,CAIzB,IAA0E;QAE1E,MAAM,QAAQ,GAAG,IAAA,0CAAyB,GAAO,CAAC;QAClD,MAAM,OAAO,GAAG,IAAI,YAAY,yBAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAClE,OAAO;YACL,GAAG,EAAE,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC;YACrC,IAAI,EAAE,OAAO,CAAC,IAAc;YAC5B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,KAAK;YAC7B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;YAC/B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,KAAK;YAC7B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;YAC/B,cAAc,EACZ,gBAAgB,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI;YAC5D,SAAS,EAAE,CAAC,OAAO,CAAC,SAAS,YAAY,IAAI;gBAC3C,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;gBACjC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAW;YAChC,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC;YACjD,SAAS,EAAE,CAAC,OAAO,CAAC,SAAS,YAAY,IAAI;gBAC3C,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;gBACjC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAW;YAChC,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC;YACjD,GAAG,CAAC,OAAO,CAAC,SAAS;gBACnB,CAAC,CAAC;oBACE,SAAS,EAAE,CAAC,OAAO,CAAC,SAAS,YAAY,IAAI;wBAC3C,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;wBACjC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAW;iBACjC;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,IAAI,CAAC,SAAS;gBAChB,CAAC,CAAC;oBACE,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC;iBAClD;gBACH,CAAC,CAAC,EAAE,CAAC;SACS,CAAC;IACrB,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,uBAAuB,CACnC,IAAmB;QAEnB,MAAM,UAAU,GAAG,IAAA,0CAAyB,GAAO,CAAC;QACpD,MAAM,OAAO,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAC5D,OAAO;YACL,GAAI,IAAA,YAAI,EAAkC,IAAI,EAAE;gBAC9C,gBAAgB;aACjB,CAAc;YACf,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YACtB,IAAI,EAAE,IAAI,CAAC,IAAY;YACvB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACnC,SAAS,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;YAClC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACnC,SAAS,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;YAClC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,GAAG,CAAC,IAAI,CAAC,SAAS;gBAChB,CAAC,CAAC;oBACE,SAAS,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;iBACnC;gBACH,CAAC,CAAC,EAAE,CAAC;SACmB,CAAC;IAC/B,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,eAAe,CAC1B,QAAc,EACd,OAAuB;QAEvB,MAAM,SAAS,GAAG,8BAAa,CAAC,QAAQ,CAAC,GAAG,CAC1C,+BAAa,CAAC,IAAI,CACnB,CAAC,KAAK,CAAC;QACR,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,SAAS,EAAE;YAClE,OAAO;SACR,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,GAAU,CAAC;IACzB,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,UAAU,CACrB,QAAqC,EACrC,OAA8B;QAE9B,MAAM,SAAS,GAAG,8BAAa,CAAC,QAAQ,CAAC,GAAG,CAC1C,+BAAa,CAAC,IAAI,CACnB,CAAC,KAAK,CAAC;QACR,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC9D,OAAO,SAA8B,CAAC;IACxC,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,aAAa,CACxB,MAAW,EACX,MAAW,EACX,SAAc,EACd,OAAuB,EACvB,UAAgB;QAEhB,MAAM,aAAa,GAAG,8BAAa,CAAC,QAAQ,CAAC,GAAG,CAC9C,+BAAa,CAAC,QAAQ,CACvB,CAAC,KAAK,CAAC;QAER,0EAA0E;QAC1E,MAAM,gBAAgB,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC;YACnD,MAAM;YACN,MAAM;YACN,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;SAC9B,CAAC,CAAC,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC;QAE5B,IAAI,gBAAgB,EAAE,CAAC;YACrB,0DAA0D;YAC1D,OAAO,gBAAgB,CAAC;QAC1B,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,aAAa,CAAC;YACjC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1C,MAAM;YACN,MAAM;YACN,SAAS;YACT,SAAS,EAAE,SAAS;SACrB,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QAChD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,kBAAkB,CAC7B,MAAW,EACX,MAAW,EACX,SAAc,EACd,OAAuB;QAEvB,MAAM,SAAS,GAAG,8BAAa,CAAC,QAAQ,CAAC,GAAG,CAC1C,+BAAa,CAAC,IAAI,CACnB,CAAC,KAAK,CAAC;QACR,MAAM,aAAa,GAAG,8BAAa,CAAC,QAAQ,CAAC,GAAG,CAC9C,+BAAa,CAAC,QAAQ,CACvB,CAAC,KAAK,CAAC;QAER,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC;QACvE,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC;YAChB,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC;gBACpD,MAAM;gBACN,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;aAC9B,CAAC,CAAC,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC;YAC5B,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;gBACpB,MAAM,IAAI,+BAAc,EAAE,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,MAAM,aAAa,CAAC,gBAAgB,CAClC,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EACjD,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,EACpC,EAAE,OAAO,EAAE,CACZ,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,UAAU,CACrB,MAAW,EACX,OAAY,EACZ,UAAmB,EACnB,OAAuB;QAEvB,MAAM,SAAS,GAAG,8BAAa,CAAC,QAAQ,CAAC,GAAG,CAC1C,+BAAa,CAAC,IAAI,CACnB,CAAC,KAAK,CAAC;QACR,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,SAAS,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC;QACrE,CAAC;aAAM,CAAC;YACN,MAAM,SAAS,CAAC,iBAAiB,CAAC,MAAM,EAAE;gBACxC,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,SAAS,EAAE,OAAO;aACnB,CAAC,CAAC,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,YAAY,CACvB,MAAW,EACX,OAAuB;QAEvB,MAAM,aAAa,GAAG,8BAAa,CAAC,QAAQ,CAAC,GAAG,CAC9C,+BAAa,CAAC,QAAQ,CACvB,CAAC,KAAK,CAAC;QACR,MAAM,SAAS,GAAG,8BAAa,CAAC,QAAQ,CAAC,GAAG,CAC1C,+BAAa,CAAC,IAAI,CACnB,CAAC,KAAK,CAAC;QACR,IAAI,CAAC,aAAa,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAE1E,wBAAwB;QACxB,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC;YACzC,MAAM;YACN,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;SAC9B,CAAC;aACC,MAAM,CAAC,QAAQ,CAAC;aAChB,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC;QAE5B,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QACjD,OAAO,CAAC,MAAM,SAAS,CAAC,IAAI,CAAC;YAC3B,GAAG,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE;YACrB,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;SAC9B,CAAC,CAAC,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,CAAwB,CAAC;IACtD,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,YAAY,CACvB,MAAW,EACX,OAAuB;QAEvB,MAAM,aAAa,GAAG,8BAAa,CAAC,QAAQ,CAAC,GAAG,CAC9C,+BAAa,CAAC,QAAQ,CACvB,CAAC,KAAK,CAAC;QAER,wBAAwB;QACxB,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC;YACzC,MAAM;YACN,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;SAC9B,CAAC;aACC,MAAM,CAAC,QAAQ,CAAC;aAChB,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC;QAE5B,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,6CAA6C;IACtC,iBAAiB,CACtB,KAAqC,EACrC,gBAAyB;QAEzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACxB,MAAM,MAAM,GAAG,qBAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACjD,MAAM,QAAQ,GAAG,8BAAmB,CAAC,WAAW,EAG7C,CAAC,YAAY,CAAC;YACjB,MAAM,IAAI,GAAG,CAAC,gBAAgB,IAAI,QAAQ,IAAI,OAAO,CAAW,CAAC;YACjE,MAAM,eAAe,GAAG,MAAM,CAAC,aAAa,CAAC,qBAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACpE,sDAAsD;YACtD,MAAM,OAAO,GAAG,IAAI,YAAY,yBAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAClE,OAAO;gBACL,GAAG,OAAO;gBACV,cAAc,EAAE,eAAe;aAClB,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,WAAW,CACtB,OAAkC,EAClC,OAAuB,EACvB,aAAwC;QAExC,MAAM,KAAK,GACT,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;QACnE,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,KAAK,CAAC,YAAY,CACvB,OAAkC,EAClC,OAAuB,EACvB,aAAwC;QAExC,MAAM,KAAK,GACT,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;QACnE,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,KAAK,CAAC,WAAW,CACtB,OAAkC,EAClC,OAAuB,EACvB,aAAwC;QAExC,MAAM,KAAK,GACT,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;QACnE,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,KAAK,CAAC,YAAY,CACvB,OAAkC,EAClC,OAAuB,EACvB,aAAwC;QAExC,MAAM,KAAK,GACT,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;QACnE,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAEM,KAAK,CAAC,aAAa,CACxB,OAAkC,EAClC,OAAuB,EACvB,aAAwC;QAExC,MAAM,KAAK,GACT,aAAa,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;QACnE,IAAI,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;YACrD,OAAO,sBAAU,CAAC,MAAM,CAAC;QAC3B,CAAC;aAAM,IAAI,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;YAC3D,OAAO,sBAAU,CAAC,KAAK,CAAC;QAC1B,CAAC;aAAM,IAAI,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;YAC5D,OAAO,sBAAU,CAAC,IAAI,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,sBAAU,CAAC,SAAS,CAAC;QAC9B,CAAC;IACH,CAAC;CACF;AArXD,kCAqXC"}

package/src/services/user.d.ts

@@ -1,368 +0,0 @@
-/**
- * @fileoverview Comprehensive user management service.
- * Handles user authentication, registration, password management, email verification,
- * mnemonic recovery, backup codes, and all user-related operations.
- * @module services/user
- */
-import { SecureBuffer, SecureString } from '@digitaldefiance/ecies-lib';
-import { ClientSession, ProjectionType } from '@digitaldefiance/mongoose-types';
-import { Member as BackendMember, ECIESService, PlatformID } from '@digitaldefiance/node-ecies-lib';
-import { EmailTokenType, IBackupCode, IRequestUserDTO, ITokenRole, IUserBase, IUserDTO } from '@digitaldefiance/suite-core-lib';
-import { Wallet } from '@ethereumjs/wallet';
-import { BackupCode } from '../backup-code';
-import { BaseDocument } from '../documents';
-import { EmailTokenDocument } from '../documents/email-token';
-import { UserDocument } from '../documents/user';
-import { Environment } from '../environment';
-import { ICreateUserBasics } from '../interfaces';
-import { IMongoApplication } from '../interfaces/mongo-application';
-import { IUserBackendObject } from '../interfaces/backend-objects/user';
-import { IConstants } from '../interfaces/constants';
-import { IEmailService } from '../interfaces/email-service';
-import { BackupCodeService } from './backup-code';
-import { BaseService } from './base';
-import { KeyWrappingService } from './key-wrapping';
-import { MnemonicService } from './mnemonic';
-import { RoleService } from './role';
-/**
- * Comprehensive service for user management and authentication.
- * Provides methods for user creation, authentication (mnemonic/password/challenge),
- * email verification, password reset, backup code recovery, and settings management.
- * @template T - User document type
- * @template TID - Platform ID type
- * @template TDate - Date type
- * @template TLanguage - String type for site language
- * @template TAccountStatus - String type for account status
- * @template _TEnvironment - Environment type
- * @template _TConstants - Constants type
- * @template _TBaseDocument - Base document type
- * @template TUser - User base interface type
- * @template TTokenRole - Token role interface type
- * @template TApplication - Application interface type
- * @extends {BaseService<TID, TApplication>}
- */
-export declare class UserService<T, TID extends PlatformID, TDate extends Date, TLanguage extends string, TAccountStatus extends string, _TEnvironment extends Environment<TID> = Environment<TID>, _TConstants extends IConstants = IConstants, _TBaseDocument extends BaseDocument<T, TID> = BaseDocument<T, TID>, TUser extends IUserBase<TID, TDate, TLanguage, TAccountStatus> = IUserBase<TID, TDate, TLanguage, TAccountStatus>, TTokenRole extends ITokenRole<TID, TDate> = ITokenRole<TID, TDate>, TApplication extends IMongoApplication<TID> = IMongoApplication<TID>> extends BaseService<TID, TApplication> {
-    protected readonly roleService: RoleService<TID, TDate, TTokenRole>;
-    protected readonly eciesService: ECIESService<TID>;
-    protected readonly keyWrappingService: KeyWrappingService;
-    protected readonly mnemonicService: MnemonicService;
-    protected readonly emailService: IEmailService;
-    protected readonly backupCodeService: BackupCodeService<TID, TDate, TTokenRole, TApplication>;
-    protected readonly serverUrl: string;
-    protected readonly disableEmailSend: boolean;
-    constructor(application: TApplication, roleService: RoleService<TID, TDate, TTokenRole>, emailService: IEmailService, keyWrappingService: KeyWrappingService, backupCodeService: BackupCodeService<TID, TDate, TTokenRole, TApplication>);
-    /**
-     * Given a User Document, make a User DTO
-     * @param user a User Document
-     * @returns An IUserDTO
-     */
-    static userToUserDTO<TLanguage extends string, TID extends PlatformID = Buffer>(user: UserDocument<TLanguage, TID> | Record<string, unknown>): IUserDTO;
-    /**
-     * Given a User DTO, reconstitute ids and dates
-     * @param user a User DTO
-     * @returns An IUserBackendObject
-     */
-    hydrateUserDTOToBackend(user: IUserDTO): IUserBackendObject<TLanguage, TID>;
-    /**
-     * Create a new email token to send to the user for email verification
-     * @param userDoc The user to create the email token for
-     * @param type The type of email token to create
-     * @param session The session to use for the query
-     * @returns The email token document
-     */
-    createEmailToken(userDoc: UserDocument<TLanguage, TID>, type: EmailTokenType, session?: ClientSession): Promise<EmailTokenDocument>;
-    /**
-     * Create and send an email token to the user for email verification
-     * @param user The user to send the email token to
-     * @param type The type of email token to send
-     * @param session The session to use for the query
-     * @returns The email token document
-     */
-    createAndSendEmailToken(user: UserDocument<TLanguage, TID> | (Pick<UserDocument<TLanguage, TID>, keyof UserDocument<TLanguage, TID>> & {
-        _id: any;
-    }), type?: EmailTokenType, session?: ClientSession, debug?: boolean): Promise<EmailTokenDocument>;
-    /**
-     * Create and send an email token directly within an existing transaction
-     * @param user The user to send the email token to
-     * @param type The type of email token to send
-     * @param session The session to use for the query (required)
-     * @param debug Whether to enable debug logging
-     * @returns The email token document
-     */
-    createAndSendEmailTokenDirect(user: UserDocument<TLanguage, TID>, type: EmailTokenType | undefined, session: ClientSession, debug?: boolean): Promise<EmailTokenDocument>;
-    /**
-     * Send an email token to the user for email verification
-     * @param emailToken The email token to send
-     * @param session The session to use for the query
-     * @returns void
-     */
-    sendEmailToken(emailToken: EmailTokenDocument, session?: ClientSession, debug?: boolean): Promise<void>;
-    /**
-     * Find a user by email or username and enforce account status checks
-     * @param email Optional email
-     * @param username Optional username
-     * @param session Optional mongoose session
-     * @throws UsernameOrEmailRequiredError if neither provided
-     * @throws InvalidCredentialsError if not found or deleted
-     * @throws AccountLockedError | PendingEmailVerificationError | AccountStatusError per status
-     */
-    findUser(email?: string, username?: string, session?: ClientSession): Promise<UserDocument<TLanguage, TID>>;
-    /**
-     * Finds a user record by ID
-     * @param userId The user ID
-     * @param throwIfNotActive Whether to throw if the user is inactive
-     * @param session The active session, if present
-     * @returns The user document
-     */
-    findUserById(userId: TID, throwIfNotActive: boolean, session?: ClientSession, select?: ProjectionType<UserDocument<TLanguage, TID>>): Promise<UserDocument<TLanguage, TID>>;
-    /**
-     * Ensure required fields are present in a projection for queries that rely on them.
-     * Supports string and object-style projections. For inclusion projections, adds fields.
-     * For exclusion projections, ensures required fields are not excluded.
-     */
-    private ensureRequiredFieldsInProjection;
-    /**
-     * Fill in the default values to a user object
-     * @param newUser The user object to fill in
-     * @param createdBy The user ID of the user creating the new user
-     * @returns The filled in user
-     */
-    fillUserDefaults(newUser: ICreateUserBasics, createdBy: TID, backupCodes: Array<IBackupCode>, encryptedMnemonic: string, userId?: TID): IUserBackendObject<TLanguage, TID>;
-    /**
-     * Create a new user document from an IUser and unhashed password
-     * @param newUser The user object
-     * @returns The new user document
-     */
-    makeUserDoc(newUser: TUser): Promise<UserDocument<TLanguage, TID>>;
-    /**
-     * Create a new user.
-     * Do not set createdBy to a new (non-existing) ObjectId unless you also set newUserId to it.
-     * If newUserId is not set, one will be generated.
-     * @param systemUser The system user performing the operation
-     * @param userData Username, email, password in a ICreateUserBasics object
-     * @param createdBy The user id of the user creating the user
-     * @param newUserId the user id of the new user object- usually the createdBy user id.
-     * @param session The session to use for the query
-     * @param debug Whether to log debug information
-     * @param password The password to use for the new user (optional, if not provided, mnemonic will be used)
-     * @returns The new user document
-     */
-    newUser(systemUser: BackendMember<TID>, userData: ICreateUserBasics, createdBy?: TID, newUserId?: TID, session?: ClientSession, debug?: boolean, password?: string, userProvidedMnemonic?: string): Promise<{
-        user: UserDocument<TLanguage, TID>;
-        mnemonic: string;
-        backupCodes: Array<string>;
-        password?: string;
-    }>;
-    /**
-     * Get the backup codes for a user.
-     * Requires the user not be deleted or inactive
-     */
-    getEncryptedUserBackupCodes(userId: TID, session?: ClientSession): Promise<Array<IBackupCode>>;
-    /**
-     * Resets the given user's backup codes
-     * @param backupUser The user to generate codes for
-     * @param session The current session, if any
-     * @returns A promise of an array of backup codes
-     */
-    resetUserBackupCodes(backupUser: BackendMember<TID>, systemUser: BackendMember<TID>, session?: ClientSession): Promise<Array<BackupCode>>;
-    /**
-     * Recover a user's mnemonic from an encrypted mnemonic
-     * @param user The user whose mnemonic to recover
-     * @param encryptedMnemonic The encrypted mnemonic
-     * @returns The recovered mnemonic
-     */
-    recoverMnemonic(user: BackendMember<any>, encryptedMnemonic: string): SecureString;
-    /**
-     * Make a Member from a user document and optional private key
-     * @param userDoc The user document
-     * @param privateKey Optional private key to load the wallet
-     * @param publicKey Optional public key to override the userDoc public key
-     * @param session The current session, if any
-     * @returns A promise containing the created Member
-     */
-    makeUserFromUserDoc(userDoc: UserDocument<TLanguage, TID>, privateKey?: SecureBuffer, publicKey?: Buffer, mnemonic?: SecureString, wallet?: Wallet, session?: ClientSession): Promise<BackendMember<TID>>;
-    /**
-     * Challenges a given userDoc with a given mnemonic, returns a system and user Member
-     * @param userDoc The userDoc in question
-     * @param mnemonic The mnemonic to challenge against
-     * @returns A promise containing the user and system Members
-     * @throws InvalidCredentialsError if the challenge fails
-     * @throws AccountLockedError if the account is locked
-     * @throws PendingEmailVerificationError if the email is not verified
-     * @throws AccountStatusError if the account status is invalid
-     */
-    challengeUserWithMnemonic(userDoc: UserDocument<TLanguage, TID>, mnemonic: SecureString, session?: ClientSession): Promise<{
-        userMember: BackendMember<TID>;
-        adminMember: BackendMember<TID>;
-    }>;
-    /**
-     * Validates a login challenge response
-     * @param challengeResponse The challenge response bytes in hex
-     * @param email The email address of the user
-     * @param username The username of the user
-     * @param session The mongo session for the query
-     * @returns A promise that resolves to the user document, user member, and system member
-     */
-    loginWithChallengeResponse(challengeResponse: string, email?: string, username?: string, session?: ClientSession): Promise<{
-        userDoc: UserDocument<TLanguage, TID>;
-        userMember: BackendMember<TID>;
-        adminMember: BackendMember<TID>;
-    }>;
-    /**
-     * Authenticate a user with client-verified challenge (skips server-side challenge)
-     * @returns The authenticated user document.
-     */
-    loginWithClientVerifiedChallenge(usernameOrEmail: string, mnemonic: SecureString, session?: ClientSession): Promise<{
-        userDoc: UserDocument<TLanguage, TID>;
-        userMember: BackendMember<TID>;
-        adminMember: BackendMember<TID>;
-    }>;
-    /**
-     * Authenticate a user with their mnemonic.
-     * @returns The authenticated user document.
-     */
-    loginWithMnemonic(usernameOrEmail: string, mnemonic: SecureString, session?: ClientSession): Promise<{
-        userDoc: UserDocument<TLanguage, TID>;
-        userMember: BackendMember<TID>;
-        adminMember: BackendMember<TID>;
-    }>;
-    /**
-     * Authenticate a user with their password (for key-wrapped accounts).
-     * @returns The authenticated user document.
-     */
-    loginWithPassword(usernameOrEmail: string, password: string, session?: ClientSession): Promise<{
-        userDoc: UserDocument<TLanguage, TID>;
-        userMember: BackendMember<TID>;
-        adminMember: BackendMember<TID>;
-    }>;
-    /**
-     * Re-send a previously sent email token
-     * @param userId The user id
-     * @param session The session to use for the query
-     * @returns void
-     * @throws EmailTokenUsedOrInvalidError
-     */
-    resendEmailToken(userId: string, type: EmailTokenType, session?: ClientSession, debug?: boolean): Promise<void>;
-    /**
-     * Verify the email token and update the user's account status
-     * @param emailToken The email token to verify
-     * @param session The session to use for the query
-     * @returns void
-     * @throws EmailTokenUsedOrInvalidError
-     * @throws EmailTokenExpiredError
-     * @throws EmailVerifiedError
-     * @throws UserNotFoundError
-     */
-    verifyAccountTokenAndComplete(emailToken: string, session?: ClientSession): Promise<void>;
-    /**
-     * Validate the email token
-     * @param token The token to validate
-     * @param restrictType The type of email token to validate (or throw)
-     * @param session The session to use for the query
-     * @returns void
-     * @throws EmailTokenUsedOrInvalidError
-     */
-    validateEmailToken(token: string, restrictType?: EmailTokenType, session?: ClientSession): Promise<void>;
-    /**
-     * Updates the user's language
-     * @param userId - The ID of the user
-     * @param newLanguage - The new language
-     * @param session - The session to use for the query
-     * @returns The updated user
-     */
-    updateSiteLanguage(userId: string, newLanguage: string, session?: ClientSession): Promise<IRequestUserDTO>;
-    /**
-     * Updates the user's Dark Mode preference
-     * @param userId - The ID of the user
-     * @param newDarkMode - The new Dark Mode preference
-     * @param session - The session to use for the query
-     * @returns The updated user
-     */
-    updateDarkMode(userId: string, newDarkMode: boolean, session?: ClientSession): Promise<IRequestUserDTO>;
-    /**
-     * Updates multiple user settings at once
-     * @param userId - The ID of the user
-     * @param settings - Object containing settings to update
-     * @param session - The session to use for the query
-     * @returns The updated user
-     */
-    updateUserSettings(userId: string, settings: {
-        email?: string;
-        timezone?: string;
-        siteLanguage?: string;
-        currency?: string;
-        darkMode?: boolean;
-        directChallenge?: boolean;
-    }, session?: ClientSession): Promise<IRequestUserDTO>;
-    /**
-     * Changes the user's password by re-wrapping their master key
-     * @param userId - The ID of the user
-     * @param currentPassword - The current password
-     * @param newPassword - The new password
-     * @param session - The session to use for the query
-     * @returns void
-     */
-    changePassword(userId: string, currentPassword: string, newPassword: string, session?: ClientSession): Promise<void>;
-    /**
-     * Retrieve an email token by its token string and type
-     * @param token - The token string
-     * @param type - The type of the email token
-     * @param session - The session to use for the query
-     * @returns The email token document or null if not found
-     */
-    findEmailToken(token: string, type?: EmailTokenType, session?: ClientSession): Promise<EmailTokenDocument | null>;
-    /**
-     * Verify email token is valid
-     * @param token - The email token
-     * @param session - The session to use for the query
-     * @returns void
-     */
-    verifyEmailToken(token: string, type: EmailTokenType, session?: ClientSession): Promise<void>;
-    /**
-     * Reset password using email token
-     * @param token - The email token
-     * @param newPassword - The new password
-     * @param session - The session to use for the query
-     * @returns void
-     */
-    resetPasswordWithToken(token: string, newPassword: string, credential?: string, // either mnemonic or current password; required
-    session?: ClientSession): Promise<void>;
-    /**
-     * Generate a login challenge for the client to sign
-     * @returns The login challenge in hex
-     */
-    generateDirectLoginChallenge(): string;
-    /**
-     * Verifies a direct login challenge response
-     * @param serverSignedRequest The login challenge response in hex
-     * @param session The mongoose session, if provided
-     * @returns A promise with the user document and user member object
-     */
-    verifyDirectLoginChallenge(serverSignedRequest: string, signature: string, username?: string, email?: string, session?: ClientSession): Promise<{
-        userDoc: UserDocument<TLanguage, TID>;
-        userMember: BackendMember<TID>;
-    }>;
-    /**
-     * Request a login link via email
-     * @param email Email address
-     * @param username Username
-     * @param session Existing session, if any
-     * @returns void
-     */
-    requestEmailLogin(email?: string, username?: string, session?: ClientSession): Promise<void>;
-    /**
-     * Validate an email login token challenge
-     * @param token The token to challenge
-     * @param signature The signature of the token by the user's private key
-     * @param session The session to use for the query
-     * @returns The user document if the challenge is valid
-     */
-    validateEmailLoginTokenChallenge(token: string, signature: string, session?: ClientSession): Promise<UserDocument<TLanguage, TID>>;
-    /**
-     * Updates the user's last login time atomically
-     * @param userId - The ID of the user
-     * @returns void
-     */
-    updateLastLogin(userId: TID): Promise<void>;
-}
-//# sourceMappingURL=user.d.ts.map