npm - @etcsec-com/etc-collector - Versions diffs - 1.4.0 - Mend

@etcsec-com/etc-collector 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (617) hide show

package/.env.example +60 -0
package/.env.test.example +33 -0
package/.github/workflows/ci.yml +83 -0
package/.github/workflows/release.yml +246 -0
package/.prettierrc.json +10 -0
package/CHANGELOG.md +15 -0
package/Dockerfile +57 -0
package/LICENSE +190 -0
package/README.md +194 -0
package/dist/api/controllers/audit.controller.d.ts +21 -0
package/dist/api/controllers/audit.controller.d.ts.map +1 -0
package/dist/api/controllers/audit.controller.js +179 -0
package/dist/api/controllers/audit.controller.js.map +1 -0
package/dist/api/controllers/auth.controller.d.ts +16 -0
package/dist/api/controllers/auth.controller.d.ts.map +1 -0
package/dist/api/controllers/auth.controller.js +146 -0
package/dist/api/controllers/auth.controller.js.map +1 -0
package/dist/api/controllers/export.controller.d.ts +27 -0
package/dist/api/controllers/export.controller.d.ts.map +1 -0
package/dist/api/controllers/export.controller.js +80 -0
package/dist/api/controllers/export.controller.js.map +1 -0
package/dist/api/controllers/health.controller.d.ts +5 -0
package/dist/api/controllers/health.controller.d.ts.map +1 -0
package/dist/api/controllers/health.controller.js +16 -0
package/dist/api/controllers/health.controller.js.map +1 -0
package/dist/api/controllers/jobs.controller.d.ts +13 -0
package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
package/dist/api/controllers/jobs.controller.js +125 -0
package/dist/api/controllers/jobs.controller.js.map +1 -0
package/dist/api/controllers/providers.controller.d.ts +15 -0
package/dist/api/controllers/providers.controller.d.ts.map +1 -0
package/dist/api/controllers/providers.controller.js +112 -0
package/dist/api/controllers/providers.controller.js.map +1 -0
package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
package/dist/api/dto/AuditRequest.dto.js +3 -0
package/dist/api/dto/AuditRequest.dto.js.map +1 -0
package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
package/dist/api/dto/AuditResponse.dto.js +3 -0
package/dist/api/dto/AuditResponse.dto.js.map +1 -0
package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
package/dist/api/dto/TokenRequest.dto.js +3 -0
package/dist/api/dto/TokenRequest.dto.js.map +1 -0
package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
package/dist/api/dto/TokenResponse.dto.js +3 -0
package/dist/api/dto/TokenResponse.dto.js.map +1 -0
package/dist/api/middlewares/authenticate.d.ts +12 -0
package/dist/api/middlewares/authenticate.d.ts.map +1 -0
package/dist/api/middlewares/authenticate.js +141 -0
package/dist/api/middlewares/authenticate.js.map +1 -0
package/dist/api/middlewares/errorHandler.d.ts +3 -0
package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
package/dist/api/middlewares/errorHandler.js +30 -0
package/dist/api/middlewares/errorHandler.js.map +1 -0
package/dist/api/middlewares/rateLimit.d.ts +3 -0
package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
package/dist/api/middlewares/rateLimit.js +34 -0
package/dist/api/middlewares/rateLimit.js.map +1 -0
package/dist/api/middlewares/validate.d.ts +4 -0
package/dist/api/middlewares/validate.d.ts.map +1 -0
package/dist/api/middlewares/validate.js +31 -0
package/dist/api/middlewares/validate.js.map +1 -0
package/dist/api/routes/audit.routes.d.ts +5 -0
package/dist/api/routes/audit.routes.d.ts.map +1 -0
package/dist/api/routes/audit.routes.js +24 -0
package/dist/api/routes/audit.routes.js.map +1 -0
package/dist/api/routes/auth.routes.d.ts +6 -0
package/dist/api/routes/auth.routes.d.ts.map +1 -0
package/dist/api/routes/auth.routes.js +22 -0
package/dist/api/routes/auth.routes.js.map +1 -0
package/dist/api/routes/export.routes.d.ts +5 -0
package/dist/api/routes/export.routes.d.ts.map +1 -0
package/dist/api/routes/export.routes.js +16 -0
package/dist/api/routes/export.routes.js.map +1 -0
package/dist/api/routes/health.routes.d.ts +4 -0
package/dist/api/routes/health.routes.d.ts.map +1 -0
package/dist/api/routes/health.routes.js +11 -0
package/dist/api/routes/health.routes.js.map +1 -0
package/dist/api/routes/index.d.ts +10 -0
package/dist/api/routes/index.d.ts.map +1 -0
package/dist/api/routes/index.js +20 -0
package/dist/api/routes/index.js.map +1 -0
package/dist/api/routes/providers.routes.d.ts +5 -0
package/dist/api/routes/providers.routes.d.ts.map +1 -0
package/dist/api/routes/providers.routes.js +13 -0
package/dist/api/routes/providers.routes.js.map +1 -0
package/dist/api/validators/audit.schemas.d.ts +60 -0
package/dist/api/validators/audit.schemas.d.ts.map +1 -0
package/dist/api/validators/audit.schemas.js +55 -0
package/dist/api/validators/audit.schemas.js.map +1 -0
package/dist/api/validators/auth.schemas.d.ts +17 -0
package/dist/api/validators/auth.schemas.d.ts.map +1 -0
package/dist/api/validators/auth.schemas.js +21 -0
package/dist/api/validators/auth.schemas.js.map +1 -0
package/dist/app.d.ts +3 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +62 -0
package/dist/app.js.map +1 -0
package/dist/config/config.schema.d.ts +65 -0
package/dist/config/config.schema.d.ts.map +1 -0
package/dist/config/config.schema.js +95 -0
package/dist/config/config.schema.js.map +1 -0
package/dist/config/index.d.ts +4 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +75 -0
package/dist/config/index.js.map +1 -0
package/dist/container.d.ts +47 -0
package/dist/container.d.ts.map +1 -0
package/dist/container.js +137 -0
package/dist/container.js.map +1 -0
package/dist/data/database.d.ts +13 -0
package/dist/data/database.d.ts.map +1 -0
package/dist/data/database.js +68 -0
package/dist/data/database.js.map +1 -0
package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
package/dist/data/jobs/token-cleanup.job.js +96 -0
package/dist/data/jobs/token-cleanup.job.js.map +1 -0
package/dist/data/migrations/migration.runner.d.ts +13 -0
package/dist/data/migrations/migration.runner.d.ts.map +1 -0
package/dist/data/migrations/migration.runner.js +136 -0
package/dist/data/migrations/migration.runner.js.map +1 -0
package/dist/data/models/Token.model.d.ts +30 -0
package/dist/data/models/Token.model.d.ts.map +1 -0
package/dist/data/models/Token.model.js +3 -0
package/dist/data/models/Token.model.js.map +1 -0
package/dist/data/repositories/token.repository.d.ts +16 -0
package/dist/data/repositories/token.repository.d.ts.map +1 -0
package/dist/data/repositories/token.repository.js +97 -0
package/dist/data/repositories/token.repository.js.map +1 -0
package/dist/providers/azure/auth.provider.d.ts +5 -0
package/dist/providers/azure/auth.provider.d.ts.map +1 -0
package/dist/providers/azure/auth.provider.js +13 -0
package/dist/providers/azure/auth.provider.js.map +1 -0
package/dist/providers/azure/azure-errors.d.ts +40 -0
package/dist/providers/azure/azure-errors.d.ts.map +1 -0
package/dist/providers/azure/azure-errors.js +121 -0
package/dist/providers/azure/azure-errors.js.map +1 -0
package/dist/providers/azure/azure-retry.d.ts +41 -0
package/dist/providers/azure/azure-retry.d.ts.map +1 -0
package/dist/providers/azure/azure-retry.js +85 -0
package/dist/providers/azure/azure-retry.js.map +1 -0
package/dist/providers/azure/graph-client.d.ts +26 -0
package/dist/providers/azure/graph-client.d.ts.map +1 -0
package/dist/providers/azure/graph-client.js +146 -0
package/dist/providers/azure/graph-client.js.map +1 -0
package/dist/providers/azure/graph.provider.d.ts +23 -0
package/dist/providers/azure/graph.provider.d.ts.map +1 -0
package/dist/providers/azure/graph.provider.js +161 -0
package/dist/providers/azure/graph.provider.js.map +1 -0
package/dist/providers/azure/queries/app.queries.d.ts +6 -0
package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/app.queries.js +9 -0
package/dist/providers/azure/queries/app.queries.js.map +1 -0
package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/policy.queries.js +9 -0
package/dist/providers/azure/queries/policy.queries.js.map +1 -0
package/dist/providers/azure/queries/user.queries.d.ts +7 -0
package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/user.queries.js +10 -0
package/dist/providers/azure/queries/user.queries.js.map +1 -0
package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
package/dist/providers/interfaces/IGraphProvider.js +3 -0
package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.js +3 -0
package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
package/dist/providers/ldap/acl-parser.d.ts +8 -0
package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
package/dist/providers/ldap/acl-parser.js +157 -0
package/dist/providers/ldap/acl-parser.js.map +1 -0
package/dist/providers/ldap/ad-mappers.d.ts +8 -0
package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
package/dist/providers/ldap/ad-mappers.js +162 -0
package/dist/providers/ldap/ad-mappers.js.map +1 -0
package/dist/providers/ldap/ldap-client.d.ts +33 -0
package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
package/dist/providers/ldap/ldap-client.js +195 -0
package/dist/providers/ldap/ldap-client.js.map +1 -0
package/dist/providers/ldap/ldap-errors.d.ts +48 -0
package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
package/dist/providers/ldap/ldap-errors.js +120 -0
package/dist/providers/ldap/ldap-errors.js.map +1 -0
package/dist/providers/ldap/ldap-retry.d.ts +14 -0
package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
package/dist/providers/ldap/ldap-retry.js +102 -0
package/dist/providers/ldap/ldap-retry.js.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.js +104 -0
package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
package/dist/providers/ldap/ldap.provider.d.ts +21 -0
package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
package/dist/providers/ldap/ldap.provider.js +165 -0
package/dist/providers/ldap/ldap.provider.js.map +1 -0
package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/computer.queries.js +9 -0
package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/group.queries.js +9 -0
package/dist/providers/ldap/queries/group.queries.js.map +1 -0
package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/user.queries.js +10 -0
package/dist/providers/ldap/queries/user.queries.js.map +1 -0
package/dist/providers/smb/smb.provider.d.ts +68 -0
package/dist/providers/smb/smb.provider.d.ts.map +1 -0
package/dist/providers/smb/smb.provider.js +382 -0
package/dist/providers/smb/smb.provider.js.map +1 -0
package/dist/server.d.ts +2 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +44 -0
package/dist/server.js.map +1 -0
package/dist/services/audit/ad-audit.service.d.ts +70 -0
package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
package/dist/services/audit/ad-audit.service.js +1019 -0
package/dist/services/audit/ad-audit.service.js.map +1 -0
package/dist/services/audit/attack-graph.service.d.ts +62 -0
package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
package/dist/services/audit/attack-graph.service.js +702 -0
package/dist/services/audit/attack-graph.service.js.map +1 -0
package/dist/services/audit/audit.service.d.ts +4 -0
package/dist/services/audit/audit.service.d.ts.map +1 -0
package/dist/services/audit/audit.service.js +10 -0
package/dist/services/audit/audit.service.js.map +1 -0
package/dist/services/audit/azure-audit.service.d.ts +37 -0
package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
package/dist/services/audit/azure-audit.service.js +153 -0
package/dist/services/audit/azure-audit.service.js.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/index.d.ts +15 -0
package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/index.js +51 -0
package/dist/services/audit/detectors/ad/index.js.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.js +257 -0
package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.js +235 -0
package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
package/dist/services/audit/detectors/index.d.ts +2 -0
package/dist/services/audit/detectors/index.d.ts.map +1 -0
package/dist/services/audit/detectors/index.js +38 -0
package/dist/services/audit/detectors/index.js.map +1 -0
package/dist/services/audit/response-formatter.d.ts +176 -0
package/dist/services/audit/response-formatter.d.ts.map +1 -0
package/dist/services/audit/response-formatter.js +240 -0
package/dist/services/audit/response-formatter.js.map +1 -0
package/dist/services/audit/scoring.service.d.ts +15 -0
package/dist/services/audit/scoring.service.d.ts.map +1 -0
package/dist/services/audit/scoring.service.js +139 -0
package/dist/services/audit/scoring.service.js.map +1 -0
package/dist/services/auth/crypto.service.d.ts +19 -0
package/dist/services/auth/crypto.service.d.ts.map +1 -0
package/dist/services/auth/crypto.service.js +135 -0
package/dist/services/auth/crypto.service.js.map +1 -0
package/dist/services/auth/errors.d.ts +19 -0
package/dist/services/auth/errors.d.ts.map +1 -0
package/dist/services/auth/errors.js +46 -0
package/dist/services/auth/errors.js.map +1 -0
package/dist/services/auth/token.service.d.ts +41 -0
package/dist/services/auth/token.service.d.ts.map +1 -0
package/dist/services/auth/token.service.js +208 -0
package/dist/services/auth/token.service.js.map +1 -0
package/dist/services/config/config.service.d.ts +6 -0
package/dist/services/config/config.service.d.ts.map +1 -0
package/dist/services/config/config.service.js +64 -0
package/dist/services/config/config.service.js.map +1 -0
package/dist/services/export/export.service.d.ts +28 -0
package/dist/services/export/export.service.d.ts.map +1 -0
package/dist/services/export/export.service.js +28 -0
package/dist/services/export/export.service.js.map +1 -0
package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/csv.formatter.js +46 -0
package/dist/services/export/formatters/csv.formatter.js.map +1 -0
package/dist/services/export/formatters/json.formatter.d.ts +40 -0
package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/json.formatter.js +58 -0
package/dist/services/export/formatters/json.formatter.js.map +1 -0
package/dist/services/jobs/azure-job-runner.d.ts +38 -0
package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
package/dist/services/jobs/azure-job-runner.js +199 -0
package/dist/services/jobs/azure-job-runner.js.map +1 -0
package/dist/services/jobs/index.d.ts +4 -0
package/dist/services/jobs/index.d.ts.map +1 -0
package/dist/services/jobs/index.js +20 -0
package/dist/services/jobs/index.js.map +1 -0
package/dist/services/jobs/job-runner.d.ts +64 -0
package/dist/services/jobs/job-runner.d.ts.map +1 -0
package/dist/services/jobs/job-runner.js +952 -0
package/dist/services/jobs/job-runner.js.map +1 -0
package/dist/services/jobs/job-store.d.ts +27 -0
package/dist/services/jobs/job-store.d.ts.map +1 -0
package/dist/services/jobs/job-store.js +261 -0
package/dist/services/jobs/job-store.js.map +1 -0
package/dist/services/jobs/job.types.d.ts +67 -0
package/dist/services/jobs/job.types.d.ts.map +1 -0
package/dist/services/jobs/job.types.js +36 -0
package/dist/services/jobs/job.types.js.map +1 -0
package/dist/types/ad.types.d.ts +74 -0
package/dist/types/ad.types.d.ts.map +1 -0
package/dist/types/ad.types.js +3 -0
package/dist/types/ad.types.js.map +1 -0
package/dist/types/adcs.types.d.ts +58 -0
package/dist/types/adcs.types.d.ts.map +1 -0
package/dist/types/adcs.types.js +38 -0
package/dist/types/adcs.types.js.map +1 -0
package/dist/types/attack-graph.types.d.ts +135 -0
package/dist/types/attack-graph.types.d.ts.map +1 -0
package/dist/types/attack-graph.types.js +58 -0
package/dist/types/attack-graph.types.js.map +1 -0
package/dist/types/audit.types.d.ts +34 -0
package/dist/types/audit.types.d.ts.map +1 -0
package/dist/types/audit.types.js +3 -0
package/dist/types/audit.types.js.map +1 -0
package/dist/types/azure.types.d.ts +61 -0
package/dist/types/azure.types.d.ts.map +1 -0
package/dist/types/azure.types.js +3 -0
package/dist/types/azure.types.js.map +1 -0
package/dist/types/config.types.d.ts +63 -0
package/dist/types/config.types.d.ts.map +1 -0
package/dist/types/config.types.js +3 -0
package/dist/types/config.types.js.map +1 -0
package/dist/types/error.types.d.ts +33 -0
package/dist/types/error.types.d.ts.map +1 -0
package/dist/types/error.types.js +70 -0
package/dist/types/error.types.js.map +1 -0
package/dist/types/finding.types.d.ts +133 -0
package/dist/types/finding.types.d.ts.map +1 -0
package/dist/types/finding.types.js +3 -0
package/dist/types/finding.types.js.map +1 -0
package/dist/types/gpo.types.d.ts +39 -0
package/dist/types/gpo.types.d.ts.map +1 -0
package/dist/types/gpo.types.js +15 -0
package/dist/types/gpo.types.js.map +1 -0
package/dist/types/token.types.d.ts +26 -0
package/dist/types/token.types.d.ts.map +1 -0
package/dist/types/token.types.js +3 -0
package/dist/types/token.types.js.map +1 -0
package/dist/types/trust.types.d.ts +45 -0
package/dist/types/trust.types.d.ts.map +1 -0
package/dist/types/trust.types.js +71 -0
package/dist/types/trust.types.js.map +1 -0
package/dist/utils/entity-converter.d.ts +17 -0
package/dist/utils/entity-converter.d.ts.map +1 -0
package/dist/utils/entity-converter.js +285 -0
package/dist/utils/entity-converter.js.map +1 -0
package/dist/utils/graph.util.d.ts +66 -0
package/dist/utils/graph.util.d.ts.map +1 -0
package/dist/utils/graph.util.js +382 -0
package/dist/utils/graph.util.js.map +1 -0
package/dist/utils/logger.d.ts +7 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +86 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/type-name-normalizer.d.ts +5 -0
package/dist/utils/type-name-normalizer.d.ts.map +1 -0
package/dist/utils/type-name-normalizer.js +218 -0
package/dist/utils/type-name-normalizer.js.map +1 -0
package/docker-compose.yml +26 -0
package/docs/api/README.md +178 -0
package/docs/api/openapi.yaml +1524 -0
package/eslint.config.js +54 -0
package/jest.config.js +38 -0
package/package.json +97 -0
package/scripts/fetch-ad-cert.sh +142 -0
package/src/.gitkeep +0 -0
package/src/api/.gitkeep +0 -0
package/src/api/controllers/.gitkeep +0 -0
package/src/api/controllers/audit.controller.ts +313 -0
package/src/api/controllers/auth.controller.ts +258 -0
package/src/api/controllers/export.controller.ts +153 -0
package/src/api/controllers/health.controller.ts +16 -0
package/src/api/controllers/jobs.controller.ts +187 -0
package/src/api/controllers/providers.controller.ts +165 -0
package/src/api/dto/.gitkeep +0 -0
package/src/api/dto/AuditRequest.dto.ts +8 -0
package/src/api/dto/AuditResponse.dto.ts +19 -0
package/src/api/dto/TokenRequest.dto.ts +8 -0
package/src/api/dto/TokenResponse.dto.ts +14 -0
package/src/api/middlewares/.gitkeep +0 -0
package/src/api/middlewares/authenticate.ts +203 -0
package/src/api/middlewares/errorHandler.ts +54 -0
package/src/api/middlewares/rateLimit.ts +35 -0
package/src/api/middlewares/validate.ts +32 -0
package/src/api/routes/.gitkeep +0 -0
package/src/api/routes/audit.routes.ts +77 -0
package/src/api/routes/auth.routes.ts +71 -0
package/src/api/routes/export.routes.ts +34 -0
package/src/api/routes/health.routes.ts +14 -0
package/src/api/routes/index.ts +40 -0
package/src/api/routes/providers.routes.ts +24 -0
package/src/api/validators/.gitkeep +0 -0
package/src/api/validators/audit.schemas.ts +59 -0
package/src/api/validators/auth.schemas.ts +59 -0
package/src/app.ts +87 -0
package/src/config/.gitkeep +0 -0
package/src/config/config.schema.ts +108 -0
package/src/config/index.ts +82 -0
package/src/container.ts +221 -0
package/src/data/.gitkeep +0 -0
package/src/data/database.ts +78 -0
package/src/data/jobs/token-cleanup.job.ts +166 -0
package/src/data/migrations/.gitkeep +0 -0
package/src/data/migrations/001_initial_schema.sql +47 -0
package/src/data/migrations/migration.runner.ts +125 -0
package/src/data/models/.gitkeep +0 -0
package/src/data/models/Token.model.ts +35 -0
package/src/data/repositories/.gitkeep +0 -0
package/src/data/repositories/token.repository.ts +160 -0
package/src/providers/.gitkeep +0 -0
package/src/providers/azure/.gitkeep +0 -0
package/src/providers/azure/auth.provider.ts +14 -0
package/src/providers/azure/azure-errors.ts +189 -0
package/src/providers/azure/azure-retry.ts +168 -0
package/src/providers/azure/graph-client.ts +315 -0
package/src/providers/azure/graph.provider.ts +294 -0
package/src/providers/azure/queries/app.queries.ts +9 -0
package/src/providers/azure/queries/policy.queries.ts +9 -0
package/src/providers/azure/queries/user.queries.ts +10 -0
package/src/providers/interfaces/.gitkeep +0 -0
package/src/providers/interfaces/IGraphProvider.ts +117 -0
package/src/providers/interfaces/ILDAPProvider.ts +142 -0
package/src/providers/ldap/.gitkeep +0 -0
package/src/providers/ldap/acl-parser.ts +231 -0
package/src/providers/ldap/ad-mappers.ts +280 -0
package/src/providers/ldap/ldap-client.ts +259 -0
package/src/providers/ldap/ldap-errors.ts +188 -0
package/src/providers/ldap/ldap-retry.ts +267 -0
package/src/providers/ldap/ldap-sanitizer.ts +273 -0
package/src/providers/ldap/ldap.provider.ts +293 -0
package/src/providers/ldap/queries/computer.queries.ts +9 -0
package/src/providers/ldap/queries/group.queries.ts +9 -0
package/src/providers/ldap/queries/user.queries.ts +10 -0
package/src/providers/smb/smb.provider.ts +653 -0
package/src/server.ts +60 -0
package/src/services/.gitkeep +0 -0
package/src/services/audit/.gitkeep +0 -0
package/src/services/audit/ad-audit.service.ts +1481 -0
package/src/services/audit/attack-graph.service.ts +1104 -0
package/src/services/audit/audit.service.ts +12 -0
package/src/services/audit/azure-audit.service.ts +286 -0
package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
package/src/services/audit/detectors/ad/index.ts +84 -0
package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
package/src/services/audit/detectors/ad/network.detector.ts +538 -0
package/src/services/audit/detectors/ad/password.detector.ts +324 -0
package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
package/src/services/audit/detectors/index.ts +18 -0
package/src/services/audit/response-formatter.ts +604 -0
package/src/services/audit/scoring.service.ts +234 -0
package/src/services/auth/.gitkeep +0 -0
package/src/services/auth/crypto.service.ts +230 -0
package/src/services/auth/errors.ts +47 -0
package/src/services/auth/token.service.ts +420 -0
package/src/services/config/.gitkeep +0 -0
package/src/services/config/config.service.ts +75 -0
package/src/services/export/.gitkeep +0 -0
package/src/services/export/export.service.ts +99 -0
package/src/services/export/formatters/csv.formatter.ts +124 -0
package/src/services/export/formatters/json.formatter.ts +160 -0
package/src/services/jobs/azure-job-runner.ts +312 -0
package/src/services/jobs/index.ts +9 -0
package/src/services/jobs/job-runner.ts +1280 -0
package/src/services/jobs/job-store.ts +384 -0
package/src/services/jobs/job.types.ts +182 -0
package/src/types/.gitkeep +0 -0
package/src/types/ad.types.ts +91 -0
package/src/types/adcs.types.ts +107 -0
package/src/types/attack-graph.types.ts +260 -0
package/src/types/audit.types.ts +42 -0
package/src/types/azure.types.ts +68 -0
package/src/types/config.types.ts +79 -0
package/src/types/error.types.ts +69 -0
package/src/types/finding.types.ts +284 -0
package/src/types/gpo.types.ts +72 -0
package/src/types/smb2.d.ts +73 -0
package/src/types/token.types.ts +32 -0
package/src/types/trust.types.ts +140 -0
package/src/utils/.gitkeep +0 -0
package/src/utils/entity-converter.ts +453 -0
package/src/utils/graph.util.ts +609 -0
package/src/utils/logger.ts +111 -0
package/src/utils/type-name-normalizer.ts +302 -0
package/tests/.gitkeep +0 -0
package/tests/e2e/.gitkeep +0 -0
package/tests/fixtures/.gitkeep +0 -0
package/tests/integration/.gitkeep +0 -0
package/tests/integration/README.md +156 -0
package/tests/integration/ad-audit.integration.test.ts +216 -0
package/tests/integration/api/.gitkeep +0 -0
package/tests/integration/api/endpoints.integration.test.ts +431 -0
package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
package/tests/integration/providers/.gitkeep +0 -0
package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
package/tests/mocks/.gitkeep +0 -0
package/tests/setup.ts +16 -0
package/tests/unit/.gitkeep +0 -0
package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
package/tests/unit/providers/.gitkeep +0 -0
package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
package/tests/unit/sample.test.ts +19 -0
package/tests/unit/services/.gitkeep +0 -0
package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
package/tests/unit/services/auth/crypto.service.test.ts +296 -0
package/tests/unit/services/auth/token.service.test.ts +579 -0
package/tests/unit/services/export/export.service.test.ts +241 -0
package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
package/tests/unit/utils/.gitkeep +0 -0
package/tsconfig.json +50 -0

package/src/container.ts ADDED Viewed

@@ -0,0 +1,221 @@
+import Database from 'better-sqlite3';
+import { getConfig } from './config';
+import { DatabaseManager } from './data/database';
+import { TokenRepository } from './data/repositories/token.repository';
+import { CryptoService } from './services/auth/crypto.service';
+import { TokenService } from './services/auth/token.service';
+import { HealthController } from './api/controllers/health.controller';
+import { AuthController } from './api/controllers/auth.controller';
+import { AuditController } from './api/controllers/audit.controller';
+import { ExportController } from './api/controllers/export.controller';
+import { ProvidersController } from './api/controllers/providers.controller';
+import { LDAPProvider } from './providers/ldap/ldap.provider';
+import { GraphProvider } from './providers/azure/graph.provider';
+import type { Logger } from 'winston';
+import { logger } from './utils/logger';
+import { InfoEndpointsConfig } from './types/config.types';
+/**
+ * Dependency Injection Container
+ *
+ * Manages all application dependencies with singleton pattern.
+ * Handles proper initialization order:
+ * 1. Config
+ * 2. Database + Repositories
+ * 3. CryptoService (loads RSA keys)
+ * 4. TokenService
+ * 5. LDAP Provider
+ * 6. Azure Graph Provider
+ * 7. Controllers
+ *
+ * Updated: Story 1.4 (JWT), Story 1.5 (LDAP), Story 1.6 (Azure)
+ */
+export class DIContainer {
+  private static instance: DIContainer | null = null;
+  private logger: Logger;
+  // Database
+  private db!: Database.Database;
+  private dbManager!: DatabaseManager;
+  // Repositories
+  private tokenRepository!: TokenRepository;
+  // Services
+  private cryptoService!: CryptoService;
+  private tokenService!: TokenService;
+  // Providers
+  private ldapProvider!: LDAPProvider;
+  private graphProvider!: GraphProvider;
+  // Controllers
+  private healthController!: HealthController;
+  private authController!: AuthController;
+  private auditController!: AuditController;
+  private exportController!: ExportController;
+  private providersController!: ProvidersController;
+  // Config
+  private infoEndpointsConfig!: InfoEndpointsConfig;
+  private constructor() {
+    this.logger = logger;
+  }
+  /**
+   * Get singleton instance
+   *
+   * @throws Error if instance not initialized (call initialize() first)
+   */
+  static getInstance(): DIContainer {
+    if (!DIContainer.instance) {
+      throw new Error('DIContainer not initialized. Call DIContainer.initialize() first.');
+    }
+    return DIContainer.instance;
+  }
+  /**
+   * Initialize DI container with async dependencies
+   *
+   * This method must be called before using the container.
+   * It loads configuration, initializes database, loads RSA keys, and creates all services.
+   *
+   * @returns Promise<DIContainer> Initialized container instance
+   */
+  static async initialize(): Promise<DIContainer> {
+    if (DIContainer.instance) {
+      return DIContainer.instance;
+    }
+    const container = new DIContainer();
+    await container.init();
+    DIContainer.instance = container;
+    return container;
+  }
+  /**
+   * Reset singleton instance (for testing)
+   */
+  static reset(): void {
+    DIContainer.instance = null;
+  }
+  /**
+   * Internal initialization logic
+   */
+  private async init(): Promise<void> {
+    this.logger.info('Initializing DI container');
+    // 1. Load configuration
+    const config = getConfig();
+    this.logger.debug('Configuration loaded', {
+      port: config.server.port,
+      env: config.server.nodeEnv,
+      dbPath: config.database.path,
+    });
+    // 2. Initialize database and repositories
+    this.dbManager = DatabaseManager.getInstance();
+    this.db = this.dbManager.connect(config.database.path);
+    this.tokenRepository = new TokenRepository(this.db);
+    this.logger.debug('Database and repositories initialized');
+    // 3. Initialize crypto service and load RSA keys
+    this.cryptoService = new CryptoService(
+      config.jwt.privateKeyPath,
+      config.jwt.publicKeyPath
+    );
+    await this.cryptoService.loadOrGenerateKeys();
+    this.logger.debug('Crypto service initialized and keys loaded');
+    // 4. Initialize token service
+    this.tokenService = new TokenService(this.tokenRepository, this.cryptoService);
+    this.logger.debug('Token service initialized');
+    // 5. Initialize LDAP provider
+    this.ldapProvider = new LDAPProvider(config.ldap);
+    this.logger.debug('LDAP provider initialized', {
+      url: config.ldap.url,
+      baseDN: config.ldap.baseDN,
+    });
+    // 6. Initialize Azure Graph provider (only if enabled)
+    if (config.azure.enabled && config.azure.tenantId && config.azure.clientId && config.azure.clientSecret) {
+      this.graphProvider = new GraphProvider({
+        tenantId: config.azure.tenantId,
+        clientId: config.azure.clientId,
+        clientSecret: config.azure.clientSecret,
+      });
+      this.logger.debug('Azure Graph provider initialized', {
+        tenantId: config.azure.tenantId,
+        clientId: config.azure.clientId,
+      });
+    } else {
+      this.logger.info('Azure provider disabled (AZURE_ENABLED=false or missing credentials)');
+    }
+    // 7. Initialize controllers
+    this.healthController = new HealthController();
+    this.authController = new AuthController(this.tokenService, config.jwt);
+    this.auditController = new AuditController();
+    this.exportController = new ExportController();
+    this.providersController = new ProvidersController(config.ldap, config.azure, this.graphProvider);
+    this.logger.debug('Controllers initialized');
+    // 8. Store config for routes
+    this.infoEndpointsConfig = config.infoEndpoints;
+    this.logger.info('DI container initialization complete');
+  }
+  // === Getters ===
+  getDatabase(): Database.Database {
+    return this.db;
+  }
+  getTokenRepository(): TokenRepository {
+    return this.tokenRepository;
+  }
+  getCryptoService(): CryptoService {
+    return this.cryptoService;
+  }
+  getTokenService(): TokenService {
+    return this.tokenService;
+  }
+  getLDAPProvider(): LDAPProvider {
+    return this.ldapProvider;
+  }
+  getGraphProvider(): GraphProvider {
+    return this.graphProvider;
+  }
+  getHealthController(): HealthController {
+    return this.healthController;
+  }
+  getAuthController(): AuthController {
+    return this.authController;
+  }
+  getAuditController(): AuditController {
+    return this.auditController;
+  }
+  getExportController(): ExportController {
+    return this.exportController;
+  }
+  getProvidersController(): ProvidersController {
+    return this.providersController;
+  }
+  getInfoEndpointsConfig(): InfoEndpointsConfig {
+    return this.infoEndpointsConfig;
+  }
+}

package/src/data/.gitkeep ADDED Viewed

File without changes

package/src/data/database.ts ADDED Viewed

@@ -0,0 +1,78 @@
+import Database from 'better-sqlite3';
+import { mkdirSync, existsSync } from 'fs';
+import { dirname } from 'path';
+import { logInfo, logError } from '../utils/logger';
+/**
+ * SQLite Database Connection Manager
+ * Singleton pattern for database access
+ */
+export class DatabaseManager {
+  private static instance: DatabaseManager;
+  private db: Database.Database | null = null;
+  private dbPath: string | null = null;
+  private constructor() {}
+  static getInstance(): DatabaseManager {
+    if (!DatabaseManager.instance) {
+      DatabaseManager.instance = new DatabaseManager();
+    }
+    return DatabaseManager.instance;
+  }
+  connect(dbPath: string): Database.Database {
+    if (this.db) {
+      return this.db;
+    }
+    try {
+      // Create parent directory if not exists
+      const dir = dirname(dbPath);
+      if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+        logInfo('Created database directory', { path: dir });
+      }
+      // Connect to database
+      this.db = new Database(dbPath);
+      this.dbPath = dbPath;
+      // Configure pragmas for performance and safety
+      this.db.pragma('journal_mode = WAL'); // Write-Ahead Logging
+      this.db.pragma('synchronous = NORMAL'); // Balance safety/performance
+      this.db.pragma('foreign_keys = ON'); // Enable foreign key constraints
+      this.db.pragma('busy_timeout = 5000'); // 5 second timeout on locks
+      logInfo('Database connected successfully', {
+        path: dbPath,
+        journalMode: this.db.pragma('journal_mode', { simple: true }),
+      });
+      return this.db;
+    } catch (error) {
+      logError('Failed to connect to database', error as Error, { path: dbPath });
+      throw error;
+    }
+  }
+  getDatabase(): Database.Database {
+    if (!this.db) {
+      throw new Error('Database not connected. Call connect() first.');
+    }
+    return this.db;
+  }
+  close(): void {
+    if (this.db) {
+      logInfo('Closing database connection', { path: this.dbPath });
+      this.db.close();
+      this.db = null;
+      this.dbPath = null;
+    }
+  }
+  isConnected(): boolean {
+    return this.db !== null;
+  }
+}

package/src/data/jobs/token-cleanup.job.ts ADDED Viewed

@@ -0,0 +1,166 @@
+import { TokenRepository } from '../repositories/token.repository';
+import { logInfo, logError } from '../../utils/logger';
+/**
+ * Token Cleanup Job
+ * Removes expired and old revoked tokens according to retention policy
+ *
+ * Retention Policy:
+ * - Expired tokens (expires_at < now): Deleted immediately if not revoked
+ * - Expired + Revoked tokens (expires_at < now AND revoked_at < now - 90 days): Deleted after 90 days
+ * - Active tokens: Never deleted
+ *
+ * This job should be scheduled to run periodically (e.g., daily at 3 AM)
+ */
+export class TokenCleanupJob {
+  constructor(private tokenRepo: TokenRepository) {}
+  /**
+   * Execute the cleanup job
+   * @returns Number of tokens deleted
+   */
+  run(): number {
+    logInfo('Starting token cleanup job');
+    try {
+      const before = this.tokenRepo.count();
+      // Delete expired tokens (90-day retention for revoked)
+      const deletedCount = this.deleteExpiredTokens();
+      const after = this.tokenRepo.count();
+      logInfo('Token cleanup job completed', {
+        tokensBefore: before,
+        tokensAfter: after,
+        deletedCount,
+      });
+      return deletedCount;
+    } catch (error) {
+      logError('Token cleanup job failed', error as Error);
+      throw error;
+    }
+  }
+  /**
+   * Delete expired tokens with 90-day retention for revoked tokens
+   * @private
+   * @returns Number of tokens deleted
+   */
+  private deleteExpiredTokens(): number {
+    // Query deletes:
+    // 1. Non-revoked expired tokens (cleanup immediately)
+    // 2. Revoked tokens that expired AND were revoked > 90 days ago (retain for audit)
+    const stmt = this.tokenRepo['db'].prepare(`
+      DELETE FROM tokens
+      WHERE datetime(expires_at) <= datetime('now')
+        AND (
+          revoked_at IS NULL
+          OR datetime(revoked_at) <= datetime('now', '-90 days')
+        )
+    `);
+    const result = stmt.run();
+    const deletedCount = result.changes;
+    if (deletedCount > 0) {
+      logInfo('Deleted expired tokens', { count: deletedCount });
+    } else {
+      logInfo('No expired tokens to delete');
+    }
+    return deletedCount;
+  }
+  /**
+   * Get cleanup statistics without deleting anything
+   * Useful for monitoring and alerting
+   * @returns Cleanup statistics
+   */
+  getStatistics(): CleanupStatistics {
+    const db = this.tokenRepo['db'];
+    // Count expired non-revoked tokens (immediate deletion candidates)
+    const expiredNonRevoked = db
+      .prepare(`
+        SELECT COUNT(*) as count FROM tokens
+        WHERE datetime(expires_at) <= datetime('now')
+          AND revoked_at IS NULL
+      `)
+      .get() as { count: number };
+    // Count old revoked expired tokens (deletion candidates after 90 days)
+    const oldRevokedExpired = db
+      .prepare(`
+        SELECT COUNT(*) as count FROM tokens
+        WHERE datetime(expires_at) <= datetime('now')
+          AND revoked_at IS NOT NULL
+          AND datetime(revoked_at) <= datetime('now', '-90 days')
+      `)
+      .get() as { count: number };
+    // Count recent revoked expired tokens (retained for audit, < 90 days)
+    const recentRevokedExpired = db
+      .prepare(`
+        SELECT COUNT(*) as count FROM tokens
+        WHERE datetime(expires_at) <= datetime('now')
+          AND revoked_at IS NOT NULL
+          AND datetime(revoked_at) > datetime('now', '-90 days')
+      `)
+      .get() as { count: number };
+    const totalDeletionCandidates = expiredNonRevoked.count + oldRevokedExpired.count;
+    const stats: CleanupStatistics = {
+      totalTokens: this.tokenRepo.count(),
+      activeTokens: this.tokenRepo.countActive(),
+      expiredNonRevoked: expiredNonRevoked.count,
+      oldRevokedExpired: oldRevokedExpired.count,
+      recentRevokedExpired: recentRevokedExpired.count,
+      totalDeletionCandidates,
+    };
+    logInfo('Token cleanup statistics', stats as unknown as Record<string, unknown>);
+    return stats;
+  }
+  /**
+   * Run cleanup job and return statistics
+   * Combines cleanup and reporting in one operation
+   * @returns Cleanup result with statistics
+   */
+  runWithStatistics(): CleanupResult {
+    const statsBefore = this.getStatistics();
+    const deletedCount = this.run();
+    const statsAfter = this.getStatistics();
+    return {
+      deletedCount,
+      statsBefore,
+      statsAfter,
+    };
+  }
+}
+/**
+ * Token cleanup statistics
+ */
+export interface CleanupStatistics {
+  totalTokens: number;
+  activeTokens: number;
+  expiredNonRevoked: number; // Immediate deletion candidates
+  oldRevokedExpired: number; // Deletion candidates after 90 days
+  recentRevokedExpired: number; // Retained for audit (< 90 days)
+  totalDeletionCandidates: number; // Sum of immediate + old revoked
+}
+/**
+ * Cleanup job result
+ */
+export interface CleanupResult {
+  deletedCount: number;
+  statsBefore: CleanupStatistics;
+  statsAfter: CleanupStatistics;
+}

package/src/data/migrations/.gitkeep ADDED Viewed

File without changes

package/src/data/migrations/001_initial_schema.sql ADDED Viewed

@@ -0,0 +1,47 @@
+-- Initial Schema Migration
+-- Creates tokens table for JWT token management with constraints and views
+-- Tokens table
+CREATE TABLE IF NOT EXISTS tokens (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    jti TEXT UNIQUE NOT NULL,
+    public_key TEXT NOT NULL,
+    created_at TEXT NOT NULL DEFAULT (datetime('now')),
+    expires_at TEXT NOT NULL,
+    max_uses INTEGER NOT NULL DEFAULT 0,
+    used_count INTEGER NOT NULL DEFAULT 0,
+    revoked_at TEXT,
+    revoked_by TEXT,
+    revoked_reason TEXT,
+    metadata TEXT,
+    CONSTRAINT check_usage CHECK (used_count <= max_uses OR max_uses = 0),
+    CONSTRAINT check_dates CHECK (datetime(expires_at) > datetime(created_at))
+);
+-- Indexes for performance
+CREATE INDEX IF NOT EXISTS idx_tokens_jti ON tokens(jti);
+CREATE INDEX IF NOT EXISTS idx_tokens_expires_at ON tokens(expires_at);
+CREATE INDEX IF NOT EXISTS idx_tokens_revoked_at ON tokens(revoked_at);
+CREATE INDEX IF NOT EXISTS idx_tokens_created_at ON tokens(created_at);
+-- Partial index for active tokens (optimization)
+CREATE INDEX IF NOT EXISTS idx_tokens_expired
+ON tokens(expires_at)
+WHERE revoked_at IS NULL;
+-- View for active tokens
+CREATE VIEW IF NOT EXISTS v_active_tokens AS
+SELECT
+  id,
+  jti,
+  created_at,
+  expires_at,
+  max_uses,
+  used_count,
+  CASE
+    WHEN max_uses = 0 THEN -1
+    ELSE (max_uses - used_count)
+  END AS remaining_uses
+FROM tokens
+WHERE revoked_at IS NULL
+  AND datetime(expires_at) > datetime('now');

package/src/data/migrations/migration.runner.ts ADDED Viewed

@@ -0,0 +1,125 @@
+import { readFileSync, readdirSync } from 'fs';
+import { join } from 'path';
+import Database from 'better-sqlite3';
+import { logInfo, logError } from '../../utils/logger';
+/**
+ * Migration Runner
+ * Executes SQL migration files sequentially with version tracking
+ */
+export class MigrationRunner {
+  constructor(private db: Database.Database) {}
+  async run(): Promise<void> {
+    try {
+      logInfo('Starting database migrations');
+      // Create migrations tracking table
+      this.createMigrationsTable();
+      // Get current version
+      const currentVersion = this.getCurrentVersion();
+      logInfo('Current migration version', { version: currentVersion });
+      // Find all migration files
+      const migrations = this.findMigrationFiles();
+      // Apply pending migrations
+      let appliedCount = 0;
+      for (const migration of migrations) {
+        if (migration.version > currentVersion) {
+          this.applyMigration(migration);
+          appliedCount++;
+        }
+      }
+      if (appliedCount === 0) {
+        logInfo('No pending migrations');
+      } else {
+        logInfo('Migrations completed', { appliedCount });
+      }
+    } catch (error) {
+      logError('Migration failed', error as Error);
+      throw error;
+    }
+  }
+  private createMigrationsTable(): void {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS migrations (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        version INTEGER UNIQUE NOT NULL,
+        name TEXT NOT NULL,
+        applied_at TEXT NOT NULL DEFAULT (datetime('now'))
+      );
+    `);
+  }
+  private getCurrentVersion(): number {
+    const result = this.db
+      .prepare('SELECT COALESCE(MAX(version), 0) as version FROM migrations')
+      .get() as { version: number };
+    return result.version;
+  }
+  private findMigrationFiles(): Array<{ version: number; name: string; path: string }> {
+    const migrationsDir = __dirname;
+    const files = readdirSync(migrationsDir).filter((f) => f.endsWith('.sql'));
+    return files
+      .map((file) => ({
+        version: this.getMigrationVersion(file),
+        name: file,
+        path: join(migrationsDir, file),
+      }))
+      .sort((a, b) => a.version - b.version);
+  }
+  private getMigrationVersion(filename: string): number {
+    const match = filename.match(/^(\d+)_/);
+    if (!match || !match[1]) {
+      throw new Error(`Invalid migration filename: ${filename}`);
+    }
+    return parseInt(match[1], 10);
+  }
+  private applyMigration(migration: { version: number; name: string; path: string }): void {
+    logInfo('Applying migration', { name: migration.name, version: migration.version });
+    // Wrap in transaction for atomicity
+    const apply = this.db.transaction(() => {
+      try {
+        // Read and execute SQL
+        const sql = readFileSync(migration.path, 'utf-8');
+        this.db.exec(sql);
+        // Record migration
+        this.db
+          .prepare('INSERT INTO migrations (version, name) VALUES (?, ?)')
+          .run(migration.version, migration.name);
+        logInfo('Migration applied successfully', { name: migration.name });
+      } catch (error) {
+        logError('Migration failed', error as Error, { name: migration.name });
+        throw error;
+      }
+    });
+    apply();
+  }
+  /**
+   * Static helper for running migrations from config
+   */
+  static async runMigrations(dbPath: string): Promise<void> {
+    const Database = (await import('better-sqlite3')).default;
+    const db = new Database(dbPath);
+    try {
+      const runner = new MigrationRunner(db);
+      await runner.run();
+    } finally {
+      db.close();
+    }
+  }
+}

package/src/data/models/.gitkeep ADDED Viewed

File without changes

package/src/data/models/Token.model.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Token Model
+ * Represents a JWT token in the database
+ */
+export interface Token {
+  id: number;
+  jti: string;
+  public_key: string;
+  created_at: string;
+  expires_at: string;
+  max_uses: number;
+  used_count: number;
+  revoked_at: string | null;
+  revoked_by: string | null;
+  revoked_reason: string | null;
+  metadata: string | null;
+}
+export interface TokenCreateInput {
+  jti: string;
+  public_key: string;
+  expires_at: string;
+  max_uses?: number;
+  metadata?: string;
+}
+export interface ActiveToken {
+  id: number;
+  jti: string;
+  created_at: string;
+  expires_at: string;
+  max_uses: number;
+  used_count: number;
+  remaining_uses: number;
+}

package/src/data/repositories/.gitkeep ADDED Viewed

File without changes