@digitaldefiance/node-express-suite 4.23.0 → 4.23.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@digitaldefiance/node-express-suite",
-  "version": "4.23.0",
+  "version": "4.23.1",
   "homepage": "https://github.com/Digital-Defiance/node-express-suite",
   "repository": {
     "type": "git",

package/src/interfaces/documents/base.d.ts

@@ -0,0 +1,24 @@
+/**
+ * @fileoverview Storage-agnostic base document type.
+ *
+ * Unlike the Mongo variant (which intersects with Mongoose's Document class),
+ * this type is a plain data intersection: the domain data shape `T` combined
+ * with `IHasId<TID>`. Any storage engine whose records carry `_id` plus the
+ * domain fields satisfies this contract.
+ *
+ * @module interfaces/documents/base
+ */
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { IHasId } from '@digitaldefiance/suite-core-lib';
+/**
+ * Storage-agnostic base document type.
+ *
+ * For Mongoose backends, the concrete document type is a superset
+ * (MongooseDocument & T) and is assignable to this type.
+ * For BrightDb or other backends, plain objects with `_id` + T fields work.
+ *
+ * @template T - Domain data interface (e.g. IUserBase, IRoleBase)
+ * @template TID - Platform ID type (defaults to Buffer)
+ */
+export type BaseDocument<T, TID extends PlatformID = Buffer> = IHasId<TID> & T;
+//# sourceMappingURL=base.d.ts.map

package/src/interfaces/documents/base.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/base.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iCAAiC,CAAC;AAE9D;;;;;;;;;GASG;AACH,MAAM,MAAM,YAAY,CAAC,CAAC,EAAE,GAAG,SAAS,UAAU,GAAG,MAAM,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC"}

package/src/interfaces/documents/base.js

@@ -0,0 +1,13 @@
+"use strict";
+/**
+ * @fileoverview Storage-agnostic base document type.
+ *
+ * Unlike the Mongo variant (which intersects with Mongoose's Document class),
+ * this type is a plain data intersection: the domain data shape `T` combined
+ * with `IHasId<TID>`. Any storage engine whose records carry `_id` plus the
+ * domain fields satisfies this contract.
+ *
+ * @module interfaces/documents/base
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=base.js.map

package/src/interfaces/documents/base.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/base.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG"}

package/src/interfaces/documents/email-token.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @fileoverview Storage-agnostic email token document type.
+ * @module interfaces/documents/email-token
+ */
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { EmailTokenType, IEmailTokenBase } from '@digitaldefiance/suite-core-lib';
+import type { BaseDocument } from './base';
+/**
+ * Storage-agnostic email token document type.
+ * Satisfied by both Mongoose documents and BrightDb plain records.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ */
+export type EmailTokenDocument<TID extends PlatformID = Buffer> = BaseDocument<IEmailTokenBase<TID, Date, EmailTokenType>, TID>;
+//# sourceMappingURL=email-token.d.ts.map

package/src/interfaces/documents/email-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-token.d.ts","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/email-token.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EACV,cAAc,EACd,eAAe,EAChB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAE3C;;;;;GAKG;AACH,MAAM,MAAM,kBAAkB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,IAAI,YAAY,CAC5E,eAAe,CAAC,GAAG,EAAE,IAAI,EAAE,cAAc,CAAC,EAC1C,GAAG,CACJ,CAAC"}

package/src/interfaces/documents/email-token.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * @fileoverview Storage-agnostic email token document type.
+ * @module interfaces/documents/email-token
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=email-token.js.map

package/src/interfaces/documents/email-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-token.js","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/email-token.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/src/interfaces/documents/index.d.ts

@@ -0,0 +1,25 @@
+/**
+ * @fileoverview Storage-agnostic document type aliases.
+ *
+ * These types represent the shape of documents as stored in any backend
+ * (Mongoose/MongoDB, BrightDb, etc.). They are simply the suite-core-lib
+ * base interfaces with backend-appropriate type parameters (TDate = Date,
+ * enums pinned to concrete types).
+ *
+ * Mongo documents (MongooseDocument & IFooBase) are a superset of these
+ * types, so they satisfy the contract. BrightDb plain-object records also
+ * satisfy the contract since they carry the same fields.
+ *
+ * Downstream packages should use these types when they need to reference
+ * "a user record" or "a role record" without caring about the storage engine.
+ *
+ * @module interfaces/documents
+ */
+export type { UserDocument } from './user';
+export type { RoleDocument } from './role';
+export type { EmailTokenDocument } from './email-token';
+export type { UserRoleDocument } from './user-role';
+export type { MnemonicDocument } from './mnemonic';
+export type { UsedDirectLoginTokenDocument } from './used-direct-login-token';
+export type { BaseDocument } from './base';
+//# sourceMappingURL=index.d.ts.map

package/src/interfaces/documents/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,YAAY,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAC3C,YAAY,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAC3C,YAAY,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACxD,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACpD,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACnD,YAAY,EAAE,4BAA4B,EAAE,MAAM,2BAA2B,CAAC;AAC9E,YAAY,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC"}

package/src/interfaces/documents/index.js

@@ -0,0 +1,20 @@
+"use strict";
+/**
+ * @fileoverview Storage-agnostic document type aliases.
+ *
+ * These types represent the shape of documents as stored in any backend
+ * (Mongoose/MongoDB, BrightDb, etc.). They are simply the suite-core-lib
+ * base interfaces with backend-appropriate type parameters (TDate = Date,
+ * enums pinned to concrete types).
+ *
+ * Mongo documents (MongooseDocument & IFooBase) are a superset of these
+ * types, so they satisfy the contract. BrightDb plain-object records also
+ * satisfy the contract since they carry the same fields.
+ *
+ * Downstream packages should use these types when they need to reference
+ * "a user record" or "a role record" without caring about the storage engine.
+ *
+ * @module interfaces/documents
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=index.js.map

package/src/interfaces/documents/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG"}

package/src/interfaces/documents/mnemonic.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @fileoverview Storage-agnostic mnemonic document type.
+ * @module interfaces/documents/mnemonic
+ */
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { IMnemonicBase } from '@digitaldefiance/suite-core-lib';
+import type { BaseDocument } from './base';
+/**
+ * Storage-agnostic mnemonic document type.
+ * Satisfied by both Mongoose documents and BrightDb plain records.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ */
+export type MnemonicDocument<TID extends PlatformID = Buffer> = BaseDocument<IMnemonicBase<TID>, TID>;
+//# sourceMappingURL=mnemonic.d.ts.map

package/src/interfaces/documents/mnemonic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mnemonic.d.ts","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/mnemonic.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAE3C;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,IAAI,YAAY,CAC1E,aAAa,CAAC,GAAG,CAAC,EAClB,GAAG,CACJ,CAAC"}

package/src/interfaces/documents/mnemonic.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * @fileoverview Storage-agnostic mnemonic document type.
+ * @module interfaces/documents/mnemonic
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=mnemonic.js.map

package/src/interfaces/documents/mnemonic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mnemonic.js","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/mnemonic.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/src/interfaces/documents/role.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @fileoverview Storage-agnostic role document type.
+ * @module interfaces/documents/role
+ */
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { IRoleBase } from '@digitaldefiance/suite-core-lib';
+import type { BaseDocument } from './base';
+/**
+ * Storage-agnostic role document type.
+ * Satisfied by both Mongoose documents and BrightDb plain records.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ */
+export type RoleDocument<TID extends PlatformID = Buffer> = BaseDocument<IRoleBase<TID, Date>, TID>;
+//# sourceMappingURL=role.d.ts.map

package/src/interfaces/documents/role.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"role.d.ts","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/role.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAE3C;;;;;GAKG;AACH,MAAM,MAAM,YAAY,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,IAAI,YAAY,CACtE,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,EACpB,GAAG,CACJ,CAAC"}

package/src/interfaces/documents/role.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * @fileoverview Storage-agnostic role document type.
+ * @module interfaces/documents/role
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=role.js.map

package/src/interfaces/documents/role.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"role.js","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/role.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/src/interfaces/documents/used-direct-login-token.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @fileoverview Storage-agnostic used direct login token document type.
+ * @module interfaces/documents/used-direct-login-token
+ */
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { IUsedDirectLoginTokenBase } from '@digitaldefiance/suite-core-lib';
+import type { BaseDocument } from './base';
+/**
+ * Storage-agnostic used direct login token document type.
+ * Satisfied by both Mongoose documents and BrightDb plain records.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ */
+export type UsedDirectLoginTokenDocument<TID extends PlatformID = Buffer> = BaseDocument<IUsedDirectLoginTokenBase<TID>, TID>;
+//# sourceMappingURL=used-direct-login-token.d.ts.map

package/src/interfaces/documents/used-direct-login-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"used-direct-login-token.d.ts","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/used-direct-login-token.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AACjF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAE3C;;;;;GAKG;AACH,MAAM,MAAM,4BAA4B,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,IACtE,YAAY,CAAC,yBAAyB,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC"}

package/src/interfaces/documents/used-direct-login-token.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * @fileoverview Storage-agnostic used direct login token document type.
+ * @module interfaces/documents/used-direct-login-token
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=used-direct-login-token.js.map

package/src/interfaces/documents/used-direct-login-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"used-direct-login-token.js","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/used-direct-login-token.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/src/interfaces/documents/user-role.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @fileoverview Storage-agnostic user-role document type.
+ * @module interfaces/documents/user-role
+ */
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { IUserRoleBase } from '@digitaldefiance/suite-core-lib';
+import type { BaseDocument } from './base';
+/**
+ * Storage-agnostic user-role document type.
+ * Satisfied by both Mongoose documents and BrightDb plain records.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ */
+export type UserRoleDocument<TID extends PlatformID = Buffer> = BaseDocument<IUserRoleBase<TID, Date>, TID>;
+//# sourceMappingURL=user-role.d.ts.map

package/src/interfaces/documents/user-role.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-role.d.ts","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/user-role.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAE3C;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM,IAAI,YAAY,CAC1E,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,EACxB,GAAG,CACJ,CAAC"}

package/src/interfaces/documents/user-role.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * @fileoverview Storage-agnostic user-role document type.
+ * @module interfaces/documents/user-role
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=user-role.js.map

package/src/interfaces/documents/user-role.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-role.js","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/user-role.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/src/interfaces/documents/user.d.ts

@@ -0,0 +1,16 @@
+/**
+ * @fileoverview Storage-agnostic user document type.
+ * @module interfaces/documents/user
+ */
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { AccountStatus, IUserBase } from '@digitaldefiance/suite-core-lib';
+import type { BaseDocument } from './base';
+/**
+ * Storage-agnostic user document type.
+ * Satisfied by both Mongoose documents and BrightDb plain records.
+ *
+ * @template TLanguage - String type for site language (defaults to string)
+ * @template TID - Platform ID type (defaults to Buffer)
+ */
+export type UserDocument<TLanguage extends string = string, TID extends PlatformID = Buffer> = BaseDocument<IUserBase<TID, Date, TLanguage, AccountStatus>, TID>;
+//# sourceMappingURL=user.d.ts.map

package/src/interfaces/documents/user.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/user.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAE3C;;;;;;GAMG;AACH,MAAM,MAAM,YAAY,CACtB,SAAS,SAAS,MAAM,GAAG,MAAM,EACjC,GAAG,SAAS,UAAU,GAAG,MAAM,IAC7B,YAAY,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,aAAa,CAAC,EAAE,GAAG,CAAC,CAAC"}

package/src/interfaces/documents/user.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * @fileoverview Storage-agnostic user document type.
+ * @module interfaces/documents/user
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=user.js.map

package/src/interfaces/documents/user.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.js","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/documents/user.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/src/interfaces/index.d.ts

@@ -1,4 +1,5 @@
 export * from './document-store';
+export * from './documents';
 export * from './api-error-response';
 export * from './api-express-validation-error-response';
 export * from './api-message-response';
@@ -21,11 +22,14 @@ export * from './flexible-csp';
 export * from './handleable-error-options';
 export * from './jwt-consts';
 export * from './jwt-sign-response';
+export * from './jwt-service';
 export * from './lets-encrypt-config';
 export * from './network';
 export * from './openApi';
 export * from './request-user';
 export * from './required-string-keys';
+export * from './role-service';
+export * from './server-init-result';
 export * from './status-code-response';
 export * from './symmetric-encryption-results';
 export * from './token-response';

package/src/interfaces/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AAEjC,cAAc,sBAAsB,CAAC;AACrC,cAAc,yCAAyC,CAAC;AACxD,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,2BAA2B,CAAC;AAC1C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,aAAa,CAAC;AAC5B,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,4BAA4B,CAAC;AAC3C,cAAc,cAAc,CAAC;AAC7B,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,wBAAwB,CAAC;AACvC,cAAc,wBAAwB,CAAC;AACvC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,aAAa,CAAC;AAE5B,cAAc,sBAAsB,CAAC;AACrC,cAAc,yCAAyC,CAAC;AACxD,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,2BAA2B,CAAC;AAC1C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,aAAa,CAAC;AAC5B,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,4BAA4B,CAAC;AAC3C,cAAc,cAAc,CAAC;AAC7B,cAAc,qBAAqB,CAAC;AACpC,cAAc,eAAe,CAAC;AAC9B,cAAc,uBAAuB,CAAC;AACtC,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,wBAAwB,CAAC;AACvC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AACvC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,kBAAkB,CAAC"}

package/src/interfaces/index.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const tslib_1 = require("tslib");
 tslib_1.__exportStar(require("./document-store"), exports);
+tslib_1.__exportStar(require("./documents"), exports);
 tslib_1.__exportStar(require("./api-error-response"), exports);
 tslib_1.__exportStar(require("./api-express-validation-error-response"), exports);
 tslib_1.__exportStar(require("./api-message-response"), exports);
@@ -24,11 +25,14 @@ tslib_1.__exportStar(require("./flexible-csp"), exports);
 tslib_1.__exportStar(require("./handleable-error-options"), exports);
 tslib_1.__exportStar(require("./jwt-consts"), exports);
 tslib_1.__exportStar(require("./jwt-sign-response"), exports);
+tslib_1.__exportStar(require("./jwt-service"), exports);
 tslib_1.__exportStar(require("./lets-encrypt-config"), exports);
 tslib_1.__exportStar(require("./network"), exports);
 tslib_1.__exportStar(require("./openApi"), exports);
 tslib_1.__exportStar(require("./request-user"), exports);
 tslib_1.__exportStar(require("./required-string-keys"), exports);
+tslib_1.__exportStar(require("./role-service"), exports);
+tslib_1.__exportStar(require("./server-init-result"), exports);
 tslib_1.__exportStar(require("./status-code-response"), exports);
 tslib_1.__exportStar(require("./symmetric-encryption-results"), exports);
 tslib_1.__exportStar(require("./token-response"), exports);

package/src/interfaces/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/index.ts"],"names":[],"mappings":";;;AAAA,2DAAiC;AAEjC,+DAAqC;AACrC,kFAAwD;AACxD,iEAAuC;AACvC,0DAAgC;AAChC,wDAA8B;AAC9B,oEAA0C;AAC1C,8DAAoC;AACpC,4DAAkC;AAClC,4DAAkC;AAClC,4DAAkC;AAClC,sDAA4B;AAC5B,8DAAoC;AACpC,+DAAqC;AACrC,uDAA6B;AAC7B,2DAAiC;AACjC,0DAAgC;AAChC,wDAA8B;AAC9B,uDAA6B;AAC7B,yDAA+B;AAC/B,qEAA2C;AAC3C,uDAA6B;AAC7B,8DAAoC;AACpC,gEAAsC;AACtC,oDAA0B;AAC1B,oDAA0B;AAC1B,yDAA+B;AAC/B,iEAAuC;AACvC,iEAAuC;AACvC,yEAA+C;AAC/C,2DAAiC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/index.ts"],"names":[],"mappings":";;;AAAA,2DAAiC;AACjC,sDAA4B;AAE5B,+DAAqC;AACrC,kFAAwD;AACxD,iEAAuC;AACvC,0DAAgC;AAChC,wDAA8B;AAC9B,oEAA0C;AAC1C,8DAAoC;AACpC,4DAAkC;AAClC,4DAAkC;AAClC,4DAAkC;AAClC,sDAA4B;AAC5B,8DAAoC;AACpC,+DAAqC;AACrC,uDAA6B;AAC7B,2DAAiC;AACjC,0DAAgC;AAChC,wDAA8B;AAC9B,uDAA6B;AAC7B,yDAA+B;AAC/B,qEAA2C;AAC3C,uDAA6B;AAC7B,8DAAoC;AACpC,wDAA8B;AAC9B,gEAAsC;AACtC,oDAA0B;AAC1B,oDAA0B;AAC1B,yDAA+B;AAC/B,iEAAuC;AACvC,yDAA+B;AAC/B,+DAAqC;AACrC,iEAAuC;AACvC,yEAA+C;AAC/C,2DAAiC"}

package/src/interfaces/jwt-service.d.ts

@@ -0,0 +1,27 @@
+/**
+ * @fileoverview Abstract JWT service interface.
+ * Database-agnostic contract for JWT token operations.
+ * Concrete implementations live in backend-specific packages
+ * (e.g. node-express-suite-mongo, @brightchain/node-express-suite).
+ * @module interfaces/jwt-service
+ */
+import type { ITokenUser } from '@digitaldefiance/suite-core-lib';
+/**
+ * Abstract interface for JWT token operations.
+ * Implementations handle token signing and verification
+ * using their backend-specific user/role storage.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TTokenUser - Token user type (defaults to ITokenUser)
+ */
+export interface IJwtService<TTokenUser extends ITokenUser = ITokenUser> {
+    /**
+     * Verify a JWT token and return the decoded user payload.
+     * @param token - The JWT token string to verify
+     * @returns The decoded token user, or null if invalid
+     * @throws {TokenExpiredError} If the token has expired
+     * @throws {InvalidJwtTokenError} If the token is malformed
+     */
+    verifyToken(token: string): Promise<TTokenUser | null>;
+}
+//# sourceMappingURL=jwt-service.d.ts.map

package/src/interfaces/jwt-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-service.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/jwt-service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAElE;;;;;;;GAOG;AACH,MAAM,WAAW,WAAW,CAAC,UAAU,SAAS,UAAU,GAAG,UAAU;IACrE;;;;;;OAMG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;CACxD"}

package/src/interfaces/jwt-service.js

@@ -0,0 +1,10 @@
+"use strict";
+/**
+ * @fileoverview Abstract JWT service interface.
+ * Database-agnostic contract for JWT token operations.
+ * Concrete implementations live in backend-specific packages
+ * (e.g. node-express-suite-mongo, @brightchain/node-express-suite).
+ * @module interfaces/jwt-service
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=jwt-service.js.map

package/src/interfaces/jwt-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-service.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/jwt-service.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}

package/src/interfaces/role-service.d.ts

@@ -0,0 +1,55 @@
+/**
+ * @fileoverview Abstract role service interface.
+ * Database-agnostic contract for role-based access control operations.
+ * Concrete implementations live in backend-specific packages
+ * (e.g. node-express-suite-mongo, @brightchain/node-express-suite).
+ * @module interfaces/role-service
+ */
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { IRoleBase, ITokenRole } from '@digitaldefiance/suite-core-lib';
+import type { MemberType } from '@digitaldefiance/ecies-lib';
+/**
+ * Abstract interface for role service operations.
+ * Implementations handle role CRUD and user-role associations
+ * using their backend-specific storage.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TDate - Date type (defaults to Date)
+ * @template TTokenRole - Token role type (defaults to ITokenRole<TID, TDate>)
+ */
+export interface IRoleService<TID extends PlatformID = Buffer, TDate extends Date = Date, TTokenRole extends ITokenRole<TID, TDate> = ITokenRole<TID, TDate>, TRole extends IRoleBase<TID> = IRoleBase<TID>> {
+    /**
+     * Get the role ID for a given role name.
+     * @param roleName - The name of the role to look up
+     * @returns The role ID, or null/undefined if not found
+     */
+    getRoleIdByName(roleName: string): Promise<TID | null | undefined>;
+    /**
+     * Get all roles assigned to a user.
+     * @param userId - The user's ID
+     * @returns Array of role objects (storage-specific, e.g. RoleDocument)
+     */
+    getUserRoles(userId: TID): Promise<TRole[]>;
+    /**
+     * Check if a user has the admin role.
+     * @param userId - The user's ID
+     */
+    isUserAdmin(userId: TID): Promise<boolean>;
+    /**
+     * Check if a user has the member role.
+     * @param userId - The user's ID
+     */
+    isUserMember(userId: TID): Promise<boolean>;
+    /**
+     * Get the MemberType for a user based on their roles.
+     * @param userId - The user's ID
+     */
+    getMemberType(userId: TID): Promise<MemberType>;
+    /**
+     * Convert role objects to token role representations.
+     * @param roles - Array of role objects
+     * @param overrideLanguage - Optional language override for role name translation
+     */
+    rolesToTokenRoles(roles: TRole[], overrideLanguage?: string): TTokenRole[];
+}
+//# sourceMappingURL=role-service.d.ts.map

package/src/interfaces/role-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"role-service.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/role-service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAE7D;;;;;;;;GAQG;AACH,MAAM,WAAW,YAAY,CAC3B,GAAG,SAAS,UAAU,GAAG,MAAM,EAC/B,KAAK,SAAS,IAAI,GAAG,IAAI,EACzB,UAAU,SAAS,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,EAClE,KAAK,SAAS,SAAS,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC;IAE7C;;;;OAIG;IACH,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;IAEnE;;;;OAIG;IACH,YAAY,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IAE5C;;;OAGG;IACH,WAAW,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE3C;;;OAGG;IACH,YAAY,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE5C;;;OAGG;IACH,aAAa,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAEhD;;;;OAIG;IACH,iBAAiB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,gBAAgB,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;CAC5E"}

package/src/interfaces/role-service.js

@@ -0,0 +1,10 @@
+"use strict";
+/**
+ * @fileoverview Abstract role service interface.
+ * Database-agnostic contract for role-based access control operations.
+ * Concrete implementations live in backend-specific packages
+ * (e.g. node-express-suite-mongo, @brightchain/node-express-suite).
+ * @module interfaces/role-service
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=role-service.js.map

package/src/interfaces/role-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"role-service.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/role-service.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}

package/src/interfaces/server-init-result.d.ts

@@ -0,0 +1,37 @@
+/**
+ * @fileoverview Base server initialization result interface.
+ * Database-agnostic contract for the result of initializing a server
+ * with admin, member, and system user accounts.
+ * Backend-specific packages extend this with their document types.
+ * @module interfaces/server-init-result
+ */
+import type { Member, PlatformID } from '@digitaldefiance/node-ecies-lib';
+/**
+ * Base result of server initialization.
+ * Contains credentials and member objects for admin, member, and system accounts.
+ * Backend-specific packages (mongo, brightdb) extend this with their
+ * own document/record types for roles, users, and user-roles.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ */
+export interface IServerInitResult<TID extends PlatformID = Buffer> {
+    adminUsername: string;
+    adminEmail: string;
+    adminMnemonic: string;
+    adminPassword: string;
+    adminBackupCodes: Array<string>;
+    adminMember: Member<TID>;
+    memberUsername: string;
+    memberEmail: string;
+    memberMnemonic: string;
+    memberPassword: string;
+    memberBackupCodes: Array<string>;
+    memberMember: Member<TID>;
+    systemUsername: string;
+    systemEmail: string;
+    systemMnemonic: string;
+    systemPassword: string;
+    systemBackupCodes: Array<string>;
+    systemMember: Member<TID>;
+}
+//# sourceMappingURL=server-init-result.d.ts.map

package/src/interfaces/server-init-result.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-init-result.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/server-init-result.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAE1E;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB,CAAC,GAAG,SAAS,UAAU,GAAG,MAAM;IAChE,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAEzB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAE1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;CAC3B"}

package/src/interfaces/server-init-result.js

@@ -0,0 +1,10 @@
+"use strict";
+/**
+ * @fileoverview Base server initialization result interface.
+ * Database-agnostic contract for the result of initializing a server
+ * with admin, member, and system user accounts.
+ * Backend-specific packages extend this with their document types.
+ * @module interfaces/server-init-result
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=server-init-result.js.map

package/src/interfaces/server-init-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-init-result.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/interfaces/server-init-result.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}

package/src/services/abstract-jwt-service.d.ts

@@ -0,0 +1,34 @@
+/**
+ * @fileoverview Abstract JWT service base class.
+ * Provides storage-agnostic token verification logic.
+ * Concrete implementations (Mongo, BrightDb, etc.) extend this
+ * and provide signToken with their storage-specific role lookup.
+ * @module services/abstract-jwt-service
+ */
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { ITokenUser } from '@digitaldefiance/suite-core-lib';
+import type { IApplication } from '../interfaces/application';
+import type { IJwtService } from '../interfaces/jwt-service';
+import { BaseService } from './base';
+/**
+ * Abstract base class for JWT token operations.
+ *
+ * Provides a complete, storage-agnostic `verifyToken` implementation.
+ * Subclasses must implement `signToken` using their backend-specific
+ * role service to look up user roles and produce signed tokens.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TTokenUser - Token user type (defaults to ITokenUser)
+ * @template TApplication - Application interface type
+ */
+export declare abstract class AbstractJwtService<TID extends PlatformID = Buffer, TTokenUser extends ITokenUser = ITokenUser, TApplication extends IApplication<TID> = IApplication<TID>> extends BaseService<TID, TApplication> implements IJwtService<TTokenUser> {
+    constructor(application: TApplication);
+    /**
+     * Verify a JWT token and return the decoded user payload.
+     *
+     * This implementation is storage-agnostic — it only depends on
+     * `application.environment.jwtSecret` and `application.constants.JWT`.
+     */
+    verifyToken(token: string): Promise<TTokenUser | null>;
+}
+//# sourceMappingURL=abstract-jwt-service.d.ts.map

package/src/services/abstract-jwt-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"abstract-jwt-service.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/abstract-jwt-service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAEV,UAAU,EACX,MAAM,iCAAiC,CAAC;AAWzC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AASrC;;;;;;;;;;GAUG;AACH,8BAAsB,kBAAkB,CACtC,GAAG,SAAS,UAAU,GAAG,MAAM,EAC/B,UAAU,SAAS,UAAU,GAAG,UAAU,EAC1C,YAAY,SAAS,YAAY,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAE1D,SAAQ,WAAW,CAAC,GAAG,EAAE,YAAY,CACrC,YAAW,WAAW,CAAC,UAAU,CAAC;gBAEtB,WAAW,EAAE,YAAY;IAIrC;;;;;OAKG;IACU,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;CAgCpE"}

package/src/services/abstract-jwt-service.js

@@ -0,0 +1,68 @@
+"use strict";
+/**
+ * @fileoverview Abstract JWT service base class.
+ * Provides storage-agnostic token verification logic.
+ * Concrete implementations (Mongo, BrightDb, etc.) extend this
+ * and provide signToken with their storage-specific role lookup.
+ * @module services/abstract-jwt-service
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AbstractJwtService = void 0;
+const jsonwebtoken_1 = require("jsonwebtoken");
+const util_1 = require("util");
+const invalid_jwt_token_1 = require("../errors/invalid-jwt-token");
+const token_expired_1 = require("../errors/token-expired");
+const base_1 = require("./base");
+const verifyAsync = (0, util_1.promisify)(jsonwebtoken_1.verify);
+/**
+ * Abstract base class for JWT token operations.
+ *
+ * Provides a complete, storage-agnostic `verifyToken` implementation.
+ * Subclasses must implement `signToken` using their backend-specific
+ * role service to look up user roles and produce signed tokens.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TTokenUser - Token user type (defaults to ITokenUser)
+ * @template TApplication - Application interface type
+ */
+class AbstractJwtService extends base_1.BaseService {
+    constructor(application) {
+        super(application);
+    }
+    /**
+     * Verify a JWT token and return the decoded user payload.
+     *
+     * This implementation is storage-agnostic — it only depends on
+     * `application.environment.jwtSecret` and `application.constants.JWT`.
+     */
+    async verifyToken(token) {
+        try {
+            const decoded = (await verifyAsync(token, this.application.environment.jwtSecret, {
+                algorithms: [this.application.constants.JWT.ALGORITHM],
+            }));
+            if (typeof decoded === 'object' &&
+                decoded !== null &&
+                'userId' in decoded &&
+                'roles' in decoded) {
+                return {
+                    userId: decoded['userId'],
+                    roles: decoded['roles'],
+                };
+            }
+            else {
+                return null;
+            }
+        }
+        catch (err) {
+            if (err instanceof jsonwebtoken_1.TokenExpiredError) {
+                throw new token_expired_1.TokenExpiredError();
+            }
+            else if (err instanceof jsonwebtoken_1.JsonWebTokenError) {
+                throw err;
+            }
+            throw new invalid_jwt_token_1.InvalidJwtTokenError();
+        }
+    }
+}
+exports.AbstractJwtService = AbstractJwtService;
+//# sourceMappingURL=abstract-jwt-service.js.map

package/src/services/abstract-jwt-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"abstract-jwt-service.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/abstract-jwt-service.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAOH,+CAMsB;AACtB,+BAAiC;AACjC,mEAAmE;AACnE,2DAA4D;AAG5D,iCAAqC;AAErC,MAAM,WAAW,GAAG,IAAA,gBAAS,EAK3B,qBAAM,CAAC,CAAC;AAEV;;;;;;;;;;GAUG;AACH,MAAsB,kBAKpB,SAAQ,kBAA8B;IAGtC,YAAY,WAAyB;QACnC,KAAK,CAAC,WAAW,CAAC,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,WAAW,CAAC,KAAa;QACpC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,CAAC,MAAM,WAAW,CAChC,KAAK,EACL,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,SAAS,EACtC;gBACE,UAAU,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC;aACvD,CACF,CAAe,CAAC;YAEjB,IACE,OAAO,OAAO,KAAK,QAAQ;gBAC3B,OAAO,KAAK,IAAI;gBAChB,QAAQ,IAAI,OAAO;gBACnB,OAAO,IAAI,OAAO,EAClB,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAW;oBACnC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAoB;iBAC7B,CAAC;YAClB,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,gCAAoB,EAAE,CAAC;gBACxC,MAAM,IAAI,iCAAiB,EAAE,CAAC;YAChC,CAAC;iBAAM,IAAI,GAAG,YAAY,gCAAiB,EAAE,CAAC;gBAC5C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,MAAM,IAAI,wCAAoB,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;CACF;AAlDD,gDAkDC"}

package/src/services/abstract-role-service.d.ts

@@ -0,0 +1,61 @@
+/**
+ * @fileoverview Abstract role service base class.
+ * Provides storage-agnostic role-checking logic (getMemberType, isUserAdmin, etc.).
+ * Concrete implementations (Mongo, BrightDb, etc.) extend this and provide
+ * the storage-specific methods: getUserRoles, getRoleIdByName, rolesToTokenRoles.
+ * @module services/abstract-role-service
+ */
+import { MemberType } from '@digitaldefiance/ecies-lib';
+import type { PlatformID } from '@digitaldefiance/node-ecies-lib';
+import type { IRoleBase, ITokenRole } from '@digitaldefiance/suite-core-lib';
+import type { IApplication } from '../interfaces/application';
+import type { IRoleService } from '../interfaces/role-service';
+import { BaseService } from './base';
+/**
+ * Abstract base class for role service operations.
+ *
+ * Provides default implementations for role-checking methods
+ * (`isUserAdmin`, `isUserMember`, `getMemberType`) that delegate
+ * to `getUserRoles`. Subclasses must implement the storage-specific
+ * methods: `getUserRoles`, `getRoleIdByName`, `rolesToTokenRoles`.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TDate - Date type (defaults to Date)
+ * @template TTokenRole - Token role type (defaults to ITokenRole<TID, TDate>)
+ * @template TRole - Raw role type returned by getUserRoles (defaults to IRoleBase<TID>)
+ * @template TApplication - Application interface type
+ */
+export declare abstract class AbstractRoleService<TID extends PlatformID = Buffer, TDate extends Date = Date, TTokenRole extends ITokenRole<TID, TDate> = ITokenRole<TID, TDate>, TRole extends IRoleBase<TID> = IRoleBase<TID>, TApplication extends IApplication<TID> = IApplication<TID>> extends BaseService<TID, TApplication> implements IRoleService<TID, TDate, TTokenRole, TRole> {
+    constructor(application: TApplication);
+    /**
+     * Get the role ID for a given role name.
+     * Must be implemented by storage-specific subclasses.
+     */
+    abstract getRoleIdByName(roleName: string): Promise<TID | null | undefined>;
+    /**
+     * Get all roles assigned to a user.
+     * Must be implemented by storage-specific subclasses.
+     */
+    abstract getUserRoles(userId: TID): Promise<TRole[]>;
+    /**
+     * Convert role objects to token role representations.
+     * Must be implemented by storage-specific subclasses.
+     */
+    abstract rolesToTokenRoles(roles: TRole[], overrideLanguage?: string): TTokenRole[];
+    /**
+     * Check if a user has the admin role.
+     * Default implementation delegates to getUserRoles.
+     */
+    isUserAdmin(userId: TID): Promise<boolean>;
+    /**
+     * Check if a user has the member role.
+     * Default implementation delegates to getUserRoles.
+     */
+    isUserMember(userId: TID): Promise<boolean>;
+    /**
+     * Get the MemberType for a user based on their roles.
+     * Default implementation: system > admin > member > anonymous.
+     */
+    getMemberType(userId: TID): Promise<MemberType>;
+}
+//# sourceMappingURL=abstract-role-service.d.ts.map

package/src/services/abstract-role-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"abstract-role-service.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/abstract-role-service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAErC;;;;;;;;;;;;;GAaG;AACH,8BAAsB,mBAAmB,CACvC,GAAG,SAAS,UAAU,GAAG,MAAM,EAC/B,KAAK,SAAS,IAAI,GAAG,IAAI,EACzB,UAAU,SAAS,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,EAClE,KAAK,SAAS,SAAS,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,EAC7C,YAAY,SAAS,YAAY,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAE1D,SAAQ,WAAW,CAAC,GAAG,EAAE,YAAY,CACrC,YAAW,YAAY,CAAC,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC;gBAE1C,WAAW,EAAE,YAAY;IAMrC;;;OAGG;IACH,QAAQ,CAAC,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,GAAG,SAAS,CAAC;IAE3E;;;OAGG;IACH,QAAQ,CAAC,YAAY,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;IAEpD;;;OAGG;IACH,QAAQ,CAAC,iBAAiB,CACxB,KAAK,EAAE,KAAK,EAAE,EACd,gBAAgB,CAAC,EAAE,MAAM,GACxB,UAAU,EAAE;IAIf;;;OAGG;IACU,WAAW,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC;IAKvD;;;OAGG;IACU,YAAY,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC;IAKxD;;;OAGG;IACU,aAAa,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC;CAY7D"}

package/src/services/abstract-role-service.js

@@ -0,0 +1,69 @@
+"use strict";
+/**
+ * @fileoverview Abstract role service base class.
+ * Provides storage-agnostic role-checking logic (getMemberType, isUserAdmin, etc.).
+ * Concrete implementations (Mongo, BrightDb, etc.) extend this and provide
+ * the storage-specific methods: getUserRoles, getRoleIdByName, rolesToTokenRoles.
+ * @module services/abstract-role-service
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AbstractRoleService = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const base_1 = require("./base");
+/**
+ * Abstract base class for role service operations.
+ *
+ * Provides default implementations for role-checking methods
+ * (`isUserAdmin`, `isUserMember`, `getMemberType`) that delegate
+ * to `getUserRoles`. Subclasses must implement the storage-specific
+ * methods: `getUserRoles`, `getRoleIdByName`, `rolesToTokenRoles`.
+ *
+ * @template TID - Platform ID type (defaults to Buffer)
+ * @template TDate - Date type (defaults to Date)
+ * @template TTokenRole - Token role type (defaults to ITokenRole<TID, TDate>)
+ * @template TRole - Raw role type returned by getUserRoles (defaults to IRoleBase<TID>)
+ * @template TApplication - Application interface type
+ */
+class AbstractRoleService extends base_1.BaseService {
+    constructor(application) {
+        super(application);
+    }
+    // ── Default implementations (storage-agnostic) ────────────────────
+    /**
+     * Check if a user has the admin role.
+     * Default implementation delegates to getUserRoles.
+     */
+    async isUserAdmin(userId) {
+        const roles = await this.getUserRoles(userId);
+        return roles.some((r) => r.admin);
+    }
+    /**
+     * Check if a user has the member role.
+     * Default implementation delegates to getUserRoles.
+     */
+    async isUserMember(userId) {
+        const roles = await this.getUserRoles(userId);
+        return roles.some((r) => r.member);
+    }
+    /**
+     * Get the MemberType for a user based on their roles.
+     * Default implementation: system > admin > member > anonymous.
+     */
+    async getMemberType(userId) {
+        const roles = await this.getUserRoles(userId);
+        if (roles.some((r) => r.system)) {
+            return ecies_lib_1.MemberType.System;
+        }
+        else if (roles.some((r) => r.admin)) {
+            return ecies_lib_1.MemberType.Admin;
+        }
+        else if (roles.some((r) => r.member)) {
+            return ecies_lib_1.MemberType.User;
+        }
+        else {
+            return ecies_lib_1.MemberType.Anonymous;
+        }
+    }
+}
+exports.AbstractRoleService = AbstractRoleService;
+//# sourceMappingURL=abstract-role-service.js.map

package/src/services/abstract-role-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"abstract-role-service.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/abstract-role-service.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEH,0DAAwD;AAKxD,iCAAqC;AAErC;;;;;;;;;;;;;GAaG;AACH,MAAsB,mBAOpB,SAAQ,kBAA8B;IAGtC,YAAY,WAAyB;QACnC,KAAK,CAAC,WAAW,CAAC,CAAC;IACrB,CAAC;IAyBD,qEAAqE;IAErE;;;OAGG;IACI,KAAK,CAAC,WAAW,CAAC,MAAW;QAClC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC9C,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,YAAY,CAAC,MAAW;QACnC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC9C,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,aAAa,CAAC,MAAW;QACpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,sBAAU,CAAC,MAAM,CAAC;QAC3B,CAAC;aAAM,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACtC,OAAO,sBAAU,CAAC,KAAK,CAAC;QAC1B,CAAC;aAAM,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YACvC,OAAO,sBAAU,CAAC,IAAI,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,sBAAU,CAAC,SAAS,CAAC;QAC9B,CAAC;IACH,CAAC;CACF;AAzED,kDAyEC"}

package/src/services/index.d.ts

@@ -1,3 +1,5 @@
+export * from './abstract-jwt-service';
+export * from './abstract-role-service';
 export * from './base';
 export * from './checksum';
 export * from './dummy-email-service';

package/src/services/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,YAAY,CAAC;AAC3B,cAAc,uBAAuB,CAAC;AACtC,cAAc,OAAO,CAAC;AACtB,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,cAAc,OAAO,CAAC;AACtB,cAAc,QAAQ,CAAC;AACvB,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,yBAAyB,CAAC;AACxC,cAAc,QAAQ,CAAC;AACvB,cAAc,YAAY,CAAC;AAC3B,cAAc,uBAAuB,CAAC;AACtC,cAAc,OAAO,CAAC;AACtB,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,cAAc,OAAO,CAAC;AACtB,cAAc,QAAQ,CAAC;AACvB,cAAc,eAAe,CAAC;AAC9B,cAAc,gBAAgB,CAAC"}

package/src/services/index.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./abstract-jwt-service"), exports);
+tslib_1.__exportStar(require("./abstract-role-service"), exports);
 tslib_1.__exportStar(require("./base"), exports);
 tslib_1.__exportStar(require("./checksum"), exports);
 tslib_1.__exportStar(require("./dummy-email-service"), exports);

package/src/services/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/index.ts"],"names":[],"mappings":";;;AAAA,iDAAuB;AACvB,qDAA2B;AAC3B,gEAAsC;AACtC,gDAAsB;AACtB,8DAAoC;AACpC,yDAA+B;AAC/B,sDAA4B;AAC5B,wDAA8B;AAC9B,gDAAsB;AACtB,iDAAuB;AACvB,wDAA8B;AAC9B,yDAA+B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-express-suite/src/services/index.ts"],"names":[],"mappings":";;;AAAA,iEAAuC;AACvC,kEAAwC;AACxC,iDAAuB;AACvB,qDAA2B;AAC3B,gEAAsC;AACtC,gDAAsB;AACtB,8DAAoC;AACpC,yDAA+B;AAC/B,sDAA4B;AAC5B,wDAA8B;AAC9B,gDAAsB;AACtB,iDAAuB;AACvB,wDAA8B;AAC9B,yDAA+B"}