npm - @etcsec-com/etc-collector - Versions diffs - 1.4.0 - Mend

@etcsec-com/etc-collector 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (617) hide show

package/.env.example +60 -0
package/.env.test.example +33 -0
package/.github/workflows/ci.yml +83 -0
package/.github/workflows/release.yml +246 -0
package/.prettierrc.json +10 -0
package/CHANGELOG.md +15 -0
package/Dockerfile +57 -0
package/LICENSE +190 -0
package/README.md +194 -0
package/dist/api/controllers/audit.controller.d.ts +21 -0
package/dist/api/controllers/audit.controller.d.ts.map +1 -0
package/dist/api/controllers/audit.controller.js +179 -0
package/dist/api/controllers/audit.controller.js.map +1 -0
package/dist/api/controllers/auth.controller.d.ts +16 -0
package/dist/api/controllers/auth.controller.d.ts.map +1 -0
package/dist/api/controllers/auth.controller.js +146 -0
package/dist/api/controllers/auth.controller.js.map +1 -0
package/dist/api/controllers/export.controller.d.ts +27 -0
package/dist/api/controllers/export.controller.d.ts.map +1 -0
package/dist/api/controllers/export.controller.js +80 -0
package/dist/api/controllers/export.controller.js.map +1 -0
package/dist/api/controllers/health.controller.d.ts +5 -0
package/dist/api/controllers/health.controller.d.ts.map +1 -0
package/dist/api/controllers/health.controller.js +16 -0
package/dist/api/controllers/health.controller.js.map +1 -0
package/dist/api/controllers/jobs.controller.d.ts +13 -0
package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
package/dist/api/controllers/jobs.controller.js +125 -0
package/dist/api/controllers/jobs.controller.js.map +1 -0
package/dist/api/controllers/providers.controller.d.ts +15 -0
package/dist/api/controllers/providers.controller.d.ts.map +1 -0
package/dist/api/controllers/providers.controller.js +112 -0
package/dist/api/controllers/providers.controller.js.map +1 -0
package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
package/dist/api/dto/AuditRequest.dto.js +3 -0
package/dist/api/dto/AuditRequest.dto.js.map +1 -0
package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
package/dist/api/dto/AuditResponse.dto.js +3 -0
package/dist/api/dto/AuditResponse.dto.js.map +1 -0
package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
package/dist/api/dto/TokenRequest.dto.js +3 -0
package/dist/api/dto/TokenRequest.dto.js.map +1 -0
package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
package/dist/api/dto/TokenResponse.dto.js +3 -0
package/dist/api/dto/TokenResponse.dto.js.map +1 -0
package/dist/api/middlewares/authenticate.d.ts +12 -0
package/dist/api/middlewares/authenticate.d.ts.map +1 -0
package/dist/api/middlewares/authenticate.js +141 -0
package/dist/api/middlewares/authenticate.js.map +1 -0
package/dist/api/middlewares/errorHandler.d.ts +3 -0
package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
package/dist/api/middlewares/errorHandler.js +30 -0
package/dist/api/middlewares/errorHandler.js.map +1 -0
package/dist/api/middlewares/rateLimit.d.ts +3 -0
package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
package/dist/api/middlewares/rateLimit.js +34 -0
package/dist/api/middlewares/rateLimit.js.map +1 -0
package/dist/api/middlewares/validate.d.ts +4 -0
package/dist/api/middlewares/validate.d.ts.map +1 -0
package/dist/api/middlewares/validate.js +31 -0
package/dist/api/middlewares/validate.js.map +1 -0
package/dist/api/routes/audit.routes.d.ts +5 -0
package/dist/api/routes/audit.routes.d.ts.map +1 -0
package/dist/api/routes/audit.routes.js +24 -0
package/dist/api/routes/audit.routes.js.map +1 -0
package/dist/api/routes/auth.routes.d.ts +6 -0
package/dist/api/routes/auth.routes.d.ts.map +1 -0
package/dist/api/routes/auth.routes.js +22 -0
package/dist/api/routes/auth.routes.js.map +1 -0
package/dist/api/routes/export.routes.d.ts +5 -0
package/dist/api/routes/export.routes.d.ts.map +1 -0
package/dist/api/routes/export.routes.js +16 -0
package/dist/api/routes/export.routes.js.map +1 -0
package/dist/api/routes/health.routes.d.ts +4 -0
package/dist/api/routes/health.routes.d.ts.map +1 -0
package/dist/api/routes/health.routes.js +11 -0
package/dist/api/routes/health.routes.js.map +1 -0
package/dist/api/routes/index.d.ts +10 -0
package/dist/api/routes/index.d.ts.map +1 -0
package/dist/api/routes/index.js +20 -0
package/dist/api/routes/index.js.map +1 -0
package/dist/api/routes/providers.routes.d.ts +5 -0
package/dist/api/routes/providers.routes.d.ts.map +1 -0
package/dist/api/routes/providers.routes.js +13 -0
package/dist/api/routes/providers.routes.js.map +1 -0
package/dist/api/validators/audit.schemas.d.ts +60 -0
package/dist/api/validators/audit.schemas.d.ts.map +1 -0
package/dist/api/validators/audit.schemas.js +55 -0
package/dist/api/validators/audit.schemas.js.map +1 -0
package/dist/api/validators/auth.schemas.d.ts +17 -0
package/dist/api/validators/auth.schemas.d.ts.map +1 -0
package/dist/api/validators/auth.schemas.js +21 -0
package/dist/api/validators/auth.schemas.js.map +1 -0
package/dist/app.d.ts +3 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +62 -0
package/dist/app.js.map +1 -0
package/dist/config/config.schema.d.ts +65 -0
package/dist/config/config.schema.d.ts.map +1 -0
package/dist/config/config.schema.js +95 -0
package/dist/config/config.schema.js.map +1 -0
package/dist/config/index.d.ts +4 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +75 -0
package/dist/config/index.js.map +1 -0
package/dist/container.d.ts +47 -0
package/dist/container.d.ts.map +1 -0
package/dist/container.js +137 -0
package/dist/container.js.map +1 -0
package/dist/data/database.d.ts +13 -0
package/dist/data/database.d.ts.map +1 -0
package/dist/data/database.js +68 -0
package/dist/data/database.js.map +1 -0
package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
package/dist/data/jobs/token-cleanup.job.js +96 -0
package/dist/data/jobs/token-cleanup.job.js.map +1 -0
package/dist/data/migrations/migration.runner.d.ts +13 -0
package/dist/data/migrations/migration.runner.d.ts.map +1 -0
package/dist/data/migrations/migration.runner.js +136 -0
package/dist/data/migrations/migration.runner.js.map +1 -0
package/dist/data/models/Token.model.d.ts +30 -0
package/dist/data/models/Token.model.d.ts.map +1 -0
package/dist/data/models/Token.model.js +3 -0
package/dist/data/models/Token.model.js.map +1 -0
package/dist/data/repositories/token.repository.d.ts +16 -0
package/dist/data/repositories/token.repository.d.ts.map +1 -0
package/dist/data/repositories/token.repository.js +97 -0
package/dist/data/repositories/token.repository.js.map +1 -0
package/dist/providers/azure/auth.provider.d.ts +5 -0
package/dist/providers/azure/auth.provider.d.ts.map +1 -0
package/dist/providers/azure/auth.provider.js +13 -0
package/dist/providers/azure/auth.provider.js.map +1 -0
package/dist/providers/azure/azure-errors.d.ts +40 -0
package/dist/providers/azure/azure-errors.d.ts.map +1 -0
package/dist/providers/azure/azure-errors.js +121 -0
package/dist/providers/azure/azure-errors.js.map +1 -0
package/dist/providers/azure/azure-retry.d.ts +41 -0
package/dist/providers/azure/azure-retry.d.ts.map +1 -0
package/dist/providers/azure/azure-retry.js +85 -0
package/dist/providers/azure/azure-retry.js.map +1 -0
package/dist/providers/azure/graph-client.d.ts +26 -0
package/dist/providers/azure/graph-client.d.ts.map +1 -0
package/dist/providers/azure/graph-client.js +146 -0
package/dist/providers/azure/graph-client.js.map +1 -0
package/dist/providers/azure/graph.provider.d.ts +23 -0
package/dist/providers/azure/graph.provider.d.ts.map +1 -0
package/dist/providers/azure/graph.provider.js +161 -0
package/dist/providers/azure/graph.provider.js.map +1 -0
package/dist/providers/azure/queries/app.queries.d.ts +6 -0
package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/app.queries.js +9 -0
package/dist/providers/azure/queries/app.queries.js.map +1 -0
package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/policy.queries.js +9 -0
package/dist/providers/azure/queries/policy.queries.js.map +1 -0
package/dist/providers/azure/queries/user.queries.d.ts +7 -0
package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/user.queries.js +10 -0
package/dist/providers/azure/queries/user.queries.js.map +1 -0
package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
package/dist/providers/interfaces/IGraphProvider.js +3 -0
package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.js +3 -0
package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
package/dist/providers/ldap/acl-parser.d.ts +8 -0
package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
package/dist/providers/ldap/acl-parser.js +157 -0
package/dist/providers/ldap/acl-parser.js.map +1 -0
package/dist/providers/ldap/ad-mappers.d.ts +8 -0
package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
package/dist/providers/ldap/ad-mappers.js +162 -0
package/dist/providers/ldap/ad-mappers.js.map +1 -0
package/dist/providers/ldap/ldap-client.d.ts +33 -0
package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
package/dist/providers/ldap/ldap-client.js +195 -0
package/dist/providers/ldap/ldap-client.js.map +1 -0
package/dist/providers/ldap/ldap-errors.d.ts +48 -0
package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
package/dist/providers/ldap/ldap-errors.js +120 -0
package/dist/providers/ldap/ldap-errors.js.map +1 -0
package/dist/providers/ldap/ldap-retry.d.ts +14 -0
package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
package/dist/providers/ldap/ldap-retry.js +102 -0
package/dist/providers/ldap/ldap-retry.js.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.js +104 -0
package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
package/dist/providers/ldap/ldap.provider.d.ts +21 -0
package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
package/dist/providers/ldap/ldap.provider.js +165 -0
package/dist/providers/ldap/ldap.provider.js.map +1 -0
package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/computer.queries.js +9 -0
package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/group.queries.js +9 -0
package/dist/providers/ldap/queries/group.queries.js.map +1 -0
package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/user.queries.js +10 -0
package/dist/providers/ldap/queries/user.queries.js.map +1 -0
package/dist/providers/smb/smb.provider.d.ts +68 -0
package/dist/providers/smb/smb.provider.d.ts.map +1 -0
package/dist/providers/smb/smb.provider.js +382 -0
package/dist/providers/smb/smb.provider.js.map +1 -0
package/dist/server.d.ts +2 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +44 -0
package/dist/server.js.map +1 -0
package/dist/services/audit/ad-audit.service.d.ts +70 -0
package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
package/dist/services/audit/ad-audit.service.js +1019 -0
package/dist/services/audit/ad-audit.service.js.map +1 -0
package/dist/services/audit/attack-graph.service.d.ts +62 -0
package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
package/dist/services/audit/attack-graph.service.js +702 -0
package/dist/services/audit/attack-graph.service.js.map +1 -0
package/dist/services/audit/audit.service.d.ts +4 -0
package/dist/services/audit/audit.service.d.ts.map +1 -0
package/dist/services/audit/audit.service.js +10 -0
package/dist/services/audit/audit.service.js.map +1 -0
package/dist/services/audit/azure-audit.service.d.ts +37 -0
package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
package/dist/services/audit/azure-audit.service.js +153 -0
package/dist/services/audit/azure-audit.service.js.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/index.d.ts +15 -0
package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/index.js +51 -0
package/dist/services/audit/detectors/ad/index.js.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.js +257 -0
package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.js +235 -0
package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
package/dist/services/audit/detectors/index.d.ts +2 -0
package/dist/services/audit/detectors/index.d.ts.map +1 -0
package/dist/services/audit/detectors/index.js +38 -0
package/dist/services/audit/detectors/index.js.map +1 -0
package/dist/services/audit/response-formatter.d.ts +176 -0
package/dist/services/audit/response-formatter.d.ts.map +1 -0
package/dist/services/audit/response-formatter.js +240 -0
package/dist/services/audit/response-formatter.js.map +1 -0
package/dist/services/audit/scoring.service.d.ts +15 -0
package/dist/services/audit/scoring.service.d.ts.map +1 -0
package/dist/services/audit/scoring.service.js +139 -0
package/dist/services/audit/scoring.service.js.map +1 -0
package/dist/services/auth/crypto.service.d.ts +19 -0
package/dist/services/auth/crypto.service.d.ts.map +1 -0
package/dist/services/auth/crypto.service.js +135 -0
package/dist/services/auth/crypto.service.js.map +1 -0
package/dist/services/auth/errors.d.ts +19 -0
package/dist/services/auth/errors.d.ts.map +1 -0
package/dist/services/auth/errors.js +46 -0
package/dist/services/auth/errors.js.map +1 -0
package/dist/services/auth/token.service.d.ts +41 -0
package/dist/services/auth/token.service.d.ts.map +1 -0
package/dist/services/auth/token.service.js +208 -0
package/dist/services/auth/token.service.js.map +1 -0
package/dist/services/config/config.service.d.ts +6 -0
package/dist/services/config/config.service.d.ts.map +1 -0
package/dist/services/config/config.service.js +64 -0
package/dist/services/config/config.service.js.map +1 -0
package/dist/services/export/export.service.d.ts +28 -0
package/dist/services/export/export.service.d.ts.map +1 -0
package/dist/services/export/export.service.js +28 -0
package/dist/services/export/export.service.js.map +1 -0
package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/csv.formatter.js +46 -0
package/dist/services/export/formatters/csv.formatter.js.map +1 -0
package/dist/services/export/formatters/json.formatter.d.ts +40 -0
package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/json.formatter.js +58 -0
package/dist/services/export/formatters/json.formatter.js.map +1 -0
package/dist/services/jobs/azure-job-runner.d.ts +38 -0
package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
package/dist/services/jobs/azure-job-runner.js +199 -0
package/dist/services/jobs/azure-job-runner.js.map +1 -0
package/dist/services/jobs/index.d.ts +4 -0
package/dist/services/jobs/index.d.ts.map +1 -0
package/dist/services/jobs/index.js +20 -0
package/dist/services/jobs/index.js.map +1 -0
package/dist/services/jobs/job-runner.d.ts +64 -0
package/dist/services/jobs/job-runner.d.ts.map +1 -0
package/dist/services/jobs/job-runner.js +952 -0
package/dist/services/jobs/job-runner.js.map +1 -0
package/dist/services/jobs/job-store.d.ts +27 -0
package/dist/services/jobs/job-store.d.ts.map +1 -0
package/dist/services/jobs/job-store.js +261 -0
package/dist/services/jobs/job-store.js.map +1 -0
package/dist/services/jobs/job.types.d.ts +67 -0
package/dist/services/jobs/job.types.d.ts.map +1 -0
package/dist/services/jobs/job.types.js +36 -0
package/dist/services/jobs/job.types.js.map +1 -0
package/dist/types/ad.types.d.ts +74 -0
package/dist/types/ad.types.d.ts.map +1 -0
package/dist/types/ad.types.js +3 -0
package/dist/types/ad.types.js.map +1 -0
package/dist/types/adcs.types.d.ts +58 -0
package/dist/types/adcs.types.d.ts.map +1 -0
package/dist/types/adcs.types.js +38 -0
package/dist/types/adcs.types.js.map +1 -0
package/dist/types/attack-graph.types.d.ts +135 -0
package/dist/types/attack-graph.types.d.ts.map +1 -0
package/dist/types/attack-graph.types.js +58 -0
package/dist/types/attack-graph.types.js.map +1 -0
package/dist/types/audit.types.d.ts +34 -0
package/dist/types/audit.types.d.ts.map +1 -0
package/dist/types/audit.types.js +3 -0
package/dist/types/audit.types.js.map +1 -0
package/dist/types/azure.types.d.ts +61 -0
package/dist/types/azure.types.d.ts.map +1 -0
package/dist/types/azure.types.js +3 -0
package/dist/types/azure.types.js.map +1 -0
package/dist/types/config.types.d.ts +63 -0
package/dist/types/config.types.d.ts.map +1 -0
package/dist/types/config.types.js +3 -0
package/dist/types/config.types.js.map +1 -0
package/dist/types/error.types.d.ts +33 -0
package/dist/types/error.types.d.ts.map +1 -0
package/dist/types/error.types.js +70 -0
package/dist/types/error.types.js.map +1 -0
package/dist/types/finding.types.d.ts +133 -0
package/dist/types/finding.types.d.ts.map +1 -0
package/dist/types/finding.types.js +3 -0
package/dist/types/finding.types.js.map +1 -0
package/dist/types/gpo.types.d.ts +39 -0
package/dist/types/gpo.types.d.ts.map +1 -0
package/dist/types/gpo.types.js +15 -0
package/dist/types/gpo.types.js.map +1 -0
package/dist/types/token.types.d.ts +26 -0
package/dist/types/token.types.d.ts.map +1 -0
package/dist/types/token.types.js +3 -0
package/dist/types/token.types.js.map +1 -0
package/dist/types/trust.types.d.ts +45 -0
package/dist/types/trust.types.d.ts.map +1 -0
package/dist/types/trust.types.js +71 -0
package/dist/types/trust.types.js.map +1 -0
package/dist/utils/entity-converter.d.ts +17 -0
package/dist/utils/entity-converter.d.ts.map +1 -0
package/dist/utils/entity-converter.js +285 -0
package/dist/utils/entity-converter.js.map +1 -0
package/dist/utils/graph.util.d.ts +66 -0
package/dist/utils/graph.util.d.ts.map +1 -0
package/dist/utils/graph.util.js +382 -0
package/dist/utils/graph.util.js.map +1 -0
package/dist/utils/logger.d.ts +7 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +86 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/type-name-normalizer.d.ts +5 -0
package/dist/utils/type-name-normalizer.d.ts.map +1 -0
package/dist/utils/type-name-normalizer.js +218 -0
package/dist/utils/type-name-normalizer.js.map +1 -0
package/docker-compose.yml +26 -0
package/docs/api/README.md +178 -0
package/docs/api/openapi.yaml +1524 -0
package/eslint.config.js +54 -0
package/jest.config.js +38 -0
package/package.json +97 -0
package/scripts/fetch-ad-cert.sh +142 -0
package/src/.gitkeep +0 -0
package/src/api/.gitkeep +0 -0
package/src/api/controllers/.gitkeep +0 -0
package/src/api/controllers/audit.controller.ts +313 -0
package/src/api/controllers/auth.controller.ts +258 -0
package/src/api/controllers/export.controller.ts +153 -0
package/src/api/controllers/health.controller.ts +16 -0
package/src/api/controllers/jobs.controller.ts +187 -0
package/src/api/controllers/providers.controller.ts +165 -0
package/src/api/dto/.gitkeep +0 -0
package/src/api/dto/AuditRequest.dto.ts +8 -0
package/src/api/dto/AuditResponse.dto.ts +19 -0
package/src/api/dto/TokenRequest.dto.ts +8 -0
package/src/api/dto/TokenResponse.dto.ts +14 -0
package/src/api/middlewares/.gitkeep +0 -0
package/src/api/middlewares/authenticate.ts +203 -0
package/src/api/middlewares/errorHandler.ts +54 -0
package/src/api/middlewares/rateLimit.ts +35 -0
package/src/api/middlewares/validate.ts +32 -0
package/src/api/routes/.gitkeep +0 -0
package/src/api/routes/audit.routes.ts +77 -0
package/src/api/routes/auth.routes.ts +71 -0
package/src/api/routes/export.routes.ts +34 -0
package/src/api/routes/health.routes.ts +14 -0
package/src/api/routes/index.ts +40 -0
package/src/api/routes/providers.routes.ts +24 -0
package/src/api/validators/.gitkeep +0 -0
package/src/api/validators/audit.schemas.ts +59 -0
package/src/api/validators/auth.schemas.ts +59 -0
package/src/app.ts +87 -0
package/src/config/.gitkeep +0 -0
package/src/config/config.schema.ts +108 -0
package/src/config/index.ts +82 -0
package/src/container.ts +221 -0
package/src/data/.gitkeep +0 -0
package/src/data/database.ts +78 -0
package/src/data/jobs/token-cleanup.job.ts +166 -0
package/src/data/migrations/.gitkeep +0 -0
package/src/data/migrations/001_initial_schema.sql +47 -0
package/src/data/migrations/migration.runner.ts +125 -0
package/src/data/models/.gitkeep +0 -0
package/src/data/models/Token.model.ts +35 -0
package/src/data/repositories/.gitkeep +0 -0
package/src/data/repositories/token.repository.ts +160 -0
package/src/providers/.gitkeep +0 -0
package/src/providers/azure/.gitkeep +0 -0
package/src/providers/azure/auth.provider.ts +14 -0
package/src/providers/azure/azure-errors.ts +189 -0
package/src/providers/azure/azure-retry.ts +168 -0
package/src/providers/azure/graph-client.ts +315 -0
package/src/providers/azure/graph.provider.ts +294 -0
package/src/providers/azure/queries/app.queries.ts +9 -0
package/src/providers/azure/queries/policy.queries.ts +9 -0
package/src/providers/azure/queries/user.queries.ts +10 -0
package/src/providers/interfaces/.gitkeep +0 -0
package/src/providers/interfaces/IGraphProvider.ts +117 -0
package/src/providers/interfaces/ILDAPProvider.ts +142 -0
package/src/providers/ldap/.gitkeep +0 -0
package/src/providers/ldap/acl-parser.ts +231 -0
package/src/providers/ldap/ad-mappers.ts +280 -0
package/src/providers/ldap/ldap-client.ts +259 -0
package/src/providers/ldap/ldap-errors.ts +188 -0
package/src/providers/ldap/ldap-retry.ts +267 -0
package/src/providers/ldap/ldap-sanitizer.ts +273 -0
package/src/providers/ldap/ldap.provider.ts +293 -0
package/src/providers/ldap/queries/computer.queries.ts +9 -0
package/src/providers/ldap/queries/group.queries.ts +9 -0
package/src/providers/ldap/queries/user.queries.ts +10 -0
package/src/providers/smb/smb.provider.ts +653 -0
package/src/server.ts +60 -0
package/src/services/.gitkeep +0 -0
package/src/services/audit/.gitkeep +0 -0
package/src/services/audit/ad-audit.service.ts +1481 -0
package/src/services/audit/attack-graph.service.ts +1104 -0
package/src/services/audit/audit.service.ts +12 -0
package/src/services/audit/azure-audit.service.ts +286 -0
package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
package/src/services/audit/detectors/ad/index.ts +84 -0
package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
package/src/services/audit/detectors/ad/network.detector.ts +538 -0
package/src/services/audit/detectors/ad/password.detector.ts +324 -0
package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
package/src/services/audit/detectors/index.ts +18 -0
package/src/services/audit/response-formatter.ts +604 -0
package/src/services/audit/scoring.service.ts +234 -0
package/src/services/auth/.gitkeep +0 -0
package/src/services/auth/crypto.service.ts +230 -0
package/src/services/auth/errors.ts +47 -0
package/src/services/auth/token.service.ts +420 -0
package/src/services/config/.gitkeep +0 -0
package/src/services/config/config.service.ts +75 -0
package/src/services/export/.gitkeep +0 -0
package/src/services/export/export.service.ts +99 -0
package/src/services/export/formatters/csv.formatter.ts +124 -0
package/src/services/export/formatters/json.formatter.ts +160 -0
package/src/services/jobs/azure-job-runner.ts +312 -0
package/src/services/jobs/index.ts +9 -0
package/src/services/jobs/job-runner.ts +1280 -0
package/src/services/jobs/job-store.ts +384 -0
package/src/services/jobs/job.types.ts +182 -0
package/src/types/.gitkeep +0 -0
package/src/types/ad.types.ts +91 -0
package/src/types/adcs.types.ts +107 -0
package/src/types/attack-graph.types.ts +260 -0
package/src/types/audit.types.ts +42 -0
package/src/types/azure.types.ts +68 -0
package/src/types/config.types.ts +79 -0
package/src/types/error.types.ts +69 -0
package/src/types/finding.types.ts +284 -0
package/src/types/gpo.types.ts +72 -0
package/src/types/smb2.d.ts +73 -0
package/src/types/token.types.ts +32 -0
package/src/types/trust.types.ts +140 -0
package/src/utils/.gitkeep +0 -0
package/src/utils/entity-converter.ts +453 -0
package/src/utils/graph.util.ts +609 -0
package/src/utils/logger.ts +111 -0
package/src/utils/type-name-normalizer.ts +302 -0
package/tests/.gitkeep +0 -0
package/tests/e2e/.gitkeep +0 -0
package/tests/fixtures/.gitkeep +0 -0
package/tests/integration/.gitkeep +0 -0
package/tests/integration/README.md +156 -0
package/tests/integration/ad-audit.integration.test.ts +216 -0
package/tests/integration/api/.gitkeep +0 -0
package/tests/integration/api/endpoints.integration.test.ts +431 -0
package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
package/tests/integration/providers/.gitkeep +0 -0
package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
package/tests/mocks/.gitkeep +0 -0
package/tests/setup.ts +16 -0
package/tests/unit/.gitkeep +0 -0
package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
package/tests/unit/providers/.gitkeep +0 -0
package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
package/tests/unit/sample.test.ts +19 -0
package/tests/unit/services/.gitkeep +0 -0
package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
package/tests/unit/services/auth/crypto.service.test.ts +296 -0
package/tests/unit/services/auth/token.service.test.ts +579 -0
package/tests/unit/services/export/export.service.test.ts +241 -0
package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
package/tests/unit/utils/.gitkeep +0 -0
package/tsconfig.json +50 -0

package/src/services/auth/token.service.ts ADDED Viewed

@@ -0,0 +1,420 @@
+import jwt from 'jsonwebtoken';
+import { v4 as uuidv4 } from 'uuid';
+import { TokenRepository } from '../../data/repositories/token.repository';
+import { CryptoService } from './crypto.service';
+import type { Logger } from 'winston';
+import { logger } from '../../utils/logger';
+import {
+  TokenExpiredError,
+  TokenRevokedError,
+  UsageLimitExceededError,
+  TokenNotFoundError,
+  InvalidSignatureError,
+  InvalidTokenError,
+} from './errors';
+/**
+ * TokenService
+ *
+ * Manages JWT token lifecycle: generation, validation, revocation, and usage tracking.
+ *
+ * Features:
+ * - RS256 JWT signatures with RSA key pairs
+ * - Token usage quotas (max_uses)
+ * - Token revocation
+ * - Expiration management
+ * - Usage tracking
+ *
+ * Task 2: JWT Token Service (Story 1.4)
+ */
+export interface GenerateTokenRequest {
+  expiresIn: string; // e.g., '1h', '7d', '30d'
+  maxUses: number; // 0 = unlimited
+  metadata?: Record<string, any>;
+}
+export interface TokenPayload {
+  jti: string; // JWT ID (unique identifier)
+  iss: string; // Issuer (always 'etc-collector')
+  sub: string; // Subject (always 'system')
+  iat: number; // Issued at (Unix timestamp)
+  exp: number; // Expiration (Unix timestamp)
+  service: string; // Service name (always 'etc-collector')
+  maxUses: number; // Maximum allowed uses
+}
+export interface TokenInfo {
+  jti: string;
+  created_at: string;
+  expires_at: string;
+  max_uses: number;
+  used_count: number;
+  remaining_uses: number; // Calculated
+  revoked: boolean;
+  revoked_at: string | null;
+  revoked_reason: string | null;
+}
+export class TokenService {
+  private logger: Logger;
+  constructor(
+    private tokenRepo: TokenRepository,
+    private cryptoService: CryptoService
+  ) {
+    this.logger = logger;
+  }
+  /**
+   * Generate a new JWT token with usage quotas
+   *
+   * Flow:
+   * 1. Generate unique jti (UUID v4)
+   * 2. Calculate expiration timestamp
+   * 3. Create JWT payload with claims
+   * 4. Sign token with RS256 private key
+   * 5. Save token to database
+   * 6. Return signed JWT string
+   *
+   * @param options Token generation options
+   * @returns Signed JWT token string
+   */
+  async generate(options: GenerateTokenRequest): Promise<string> {
+    // 1. Generate unique jti
+    const jti = uuidv4();
+    // 2. Calculate timestamps
+    const iat = Math.floor(Date.now() / 1000); // Unix timestamp (seconds)
+    const expirySeconds = this.parseExpiry(options.expiresIn);
+    const exp = iat + expirySeconds;
+    // 3. Create JWT payload
+    const payload: TokenPayload = {
+      jti,
+      iss: 'etc-collector',
+      sub: 'system',
+      iat,
+      exp,
+      service: 'etc-collector',
+      maxUses: options.maxUses,
+    };
+    // 4. Sign token with RS256 private key
+    const privateKey = this.cryptoService.getPrivateKey();
+    const token = jwt.sign(payload, privateKey, {
+      algorithm: 'RS256',
+    });
+    // 5. Save token to database
+    const publicKey = this.cryptoService.getPublicKey();
+    const expiresAt = new Date(exp * 1000).toISOString();
+    this.tokenRepo.create({
+      jti,
+      public_key: publicKey,
+      expires_at: expiresAt,
+      max_uses: options.maxUses,
+      metadata: options.metadata ? JSON.stringify(options.metadata) : undefined,
+    });
+    // 6. Log token generation
+    this.logger.info('JWT token generated', {
+      jti,
+      expiresIn: options.expiresIn,
+      expiresAt,
+      maxUses: options.maxUses,
+    });
+    return token;
+  }
+  /**
+   * Validate JWT token and check revocation/usage
+   *
+   * Flow:
+   * 1. Verify JWT signature with RS256 public key
+   * 2. Check token expiration (exp claim)
+   * 3. Check token issuer (iss claim)
+   * 4. Query database for token (by jti)
+   * 5. Check if token is revoked
+   * 6. Check usage quota (used_count vs max_uses)
+   * 7. Return decoded payload if valid
+   *
+   * @param token JWT token string
+   * @returns Decoded token payload
+   * @throws TokenExpiredError if token expired
+   * @throws TokenRevokedError if token revoked
+   * @throws UsageLimitExceededError if usage quota exceeded
+   * @throws TokenNotFoundError if jti not in database
+   * @throws InvalidSignatureError if JWT verification fails
+   * @throws InvalidTokenError if token format invalid
+   */
+  async validate(token: string): Promise<TokenPayload> {
+    let decoded: TokenPayload;
+    try {
+      // 1. Verify JWT signature with RS256 public key
+      const publicKey = this.cryptoService.getPublicKey();
+      decoded = jwt.verify(token, publicKey, {
+        algorithms: ['RS256'],
+      }) as TokenPayload;
+    } catch (error) {
+      if (error instanceof jwt.TokenExpiredError) {
+        this.logger.warn('Token validation failed: expired');
+        throw new TokenExpiredError();
+      }
+      if (error instanceof jwt.JsonWebTokenError) {
+        this.logger.warn('Token validation failed: invalid signature', {
+          error: error.message,
+        });
+        throw new InvalidSignatureError();
+      }
+      this.logger.error('Token validation failed: unknown error', {
+        error: error instanceof Error ? error.message : 'Unknown error',
+      });
+      throw new InvalidTokenError('Token validation failed');
+    }
+    // 2. Check token expiration (redundant with jwt.verify, but explicit)
+    const now = Math.floor(Date.now() / 1000);
+    if (decoded.exp < now) {
+      this.logger.warn('Token expired', { jti: decoded.jti, exp: decoded.exp, now });
+      throw new TokenExpiredError();
+    }
+    // 3. Check token issuer
+    if (decoded.iss !== 'etc-collector') {
+      this.logger.warn('Token validation failed: invalid issuer', {
+        jti: decoded.jti,
+        iss: decoded.iss,
+      });
+      throw new InvalidTokenError('Invalid token issuer');
+    }
+    // 4. Query database for token
+    const tokenRecord = this.tokenRepo.findByJti(decoded.jti);
+    if (!tokenRecord) {
+      this.logger.warn('Token validation failed: not found in database', {
+        jti: decoded.jti,
+      });
+      throw new TokenNotFoundError();
+    }
+    // 5. Check if token is revoked
+    if (tokenRecord.revoked_at) {
+      this.logger.warn('Token validation failed: revoked', {
+        jti: decoded.jti,
+        revokedAt: tokenRecord.revoked_at,
+        revokedBy: tokenRecord.revoked_by,
+        revokedReason: tokenRecord.revoked_reason,
+      });
+      throw new TokenRevokedError();
+    }
+    // 6. Check usage quota (0 = unlimited)
+    if (tokenRecord.max_uses > 0 && tokenRecord.used_count >= tokenRecord.max_uses) {
+      this.logger.warn('Token validation failed: usage limit exceeded', {
+        jti: decoded.jti,
+        usedCount: tokenRecord.used_count,
+        maxUses: tokenRecord.max_uses,
+      });
+      throw new UsageLimitExceededError();
+    }
+    // 7. Return decoded payload
+    this.logger.debug('Token validated successfully', { jti: decoded.jti });
+    return decoded;
+  }
+  /**
+   * Revoke a token by jti
+   *
+   * Flow:
+   * 1. Find token in database
+   * 2. Check if already revoked
+   * 3. Mark as revoked
+   * 4. Log revocation
+   *
+   * @param jti JWT ID
+   * @param revokedBy Username or system identifier
+   * @param reason Revocation reason
+   * @throws TokenNotFoundError if jti not in database
+   */
+  async revoke(jti: string, revokedBy: string, reason: string): Promise<void> {
+    // 1. Find token in database
+    const tokenRecord = this.tokenRepo.findByJti(jti);
+    if (!tokenRecord) {
+      this.logger.warn('Token revocation failed: not found', { jti });
+      throw new TokenNotFoundError();
+    }
+    // 2. Check if already revoked
+    if (tokenRecord.revoked_at) {
+      this.logger.warn('Token already revoked', {
+        jti,
+        revokedAt: tokenRecord.revoked_at,
+        revokedBy: tokenRecord.revoked_by,
+      });
+      return; // Idempotent operation
+    }
+    // 3. Mark as revoked
+    this.tokenRepo.revoke(jti, revokedBy, reason);
+    // 4. Log revocation
+    this.logger.info('Token revoked', {
+      jti,
+      revokedBy,
+      reason,
+    });
+  }
+  /**
+   * Get token information by jti
+   *
+   * Flow:
+   * 1. Find token in database
+   * 2. Calculate remaining_uses
+   * 3. Format response
+   * 4. Return token info
+   *
+   * @param jti JWT ID
+   * @returns Token information
+   * @throws TokenNotFoundError if jti not in database
+   */
+  async getInfo(jti: string): Promise<TokenInfo> {
+    // 1. Find token in database
+    const tokenRecord = this.tokenRepo.findByJti(jti);
+    if (!tokenRecord) {
+      this.logger.warn('Token info request failed: not found', { jti });
+      throw new TokenNotFoundError();
+    }
+    // 2. Calculate remaining_uses
+    const remainingUses =
+      tokenRecord.max_uses === 0
+        ? -1 // Unlimited
+        : Math.max(0, tokenRecord.max_uses - tokenRecord.used_count);
+    // 3. Format response
+    const info: TokenInfo = {
+      jti: tokenRecord.jti,
+      created_at: tokenRecord.created_at,
+      expires_at: tokenRecord.expires_at,
+      max_uses: tokenRecord.max_uses,
+      used_count: tokenRecord.used_count,
+      remaining_uses: remainingUses,
+      revoked: !!tokenRecord.revoked_at,
+      revoked_at: tokenRecord.revoked_at || null,
+      revoked_reason: tokenRecord.revoked_reason || null,
+    };
+    // 4. Return token info
+    return info;
+  }
+  /**
+   * Increment token usage count
+   *
+   * Flow:
+   * 1. Increment used_count in database
+   * 2. Log usage increment
+   *
+   * @param jti JWT ID
+   */
+  async incrementUsage(jti: string): Promise<void> {
+    // 1. Increment used_count
+    this.tokenRepo.incrementUsage(jti);
+    // 2. Log usage increment
+    this.logger.debug('Token usage incremented', { jti });
+  }
+  /**
+   * List all tokens (including expired and revoked)
+   *
+   * Flow:
+   * 1. Get all tokens from database
+   * 2. Map to TokenInfo format
+   * 3. Return array of token info
+   *
+   * @returns Array of token information
+   */
+  async listAll(): Promise<TokenInfo[]> {
+    // 1. Get all tokens
+    const tokens = this.tokenRepo.findAll();
+    // 2. Map to TokenInfo format
+    const tokenInfoList: TokenInfo[] = tokens.map((token) => {
+      const remainingUses =
+        token.max_uses === 0
+          ? -1 // Unlimited
+          : Math.max(0, token.max_uses - token.used_count);
+      return {
+        jti: token.jti,
+        created_at: token.created_at,
+        expires_at: token.expires_at,
+        max_uses: token.max_uses,
+        used_count: token.used_count,
+        remaining_uses: remainingUses,
+        revoked: !!token.revoked_at,
+        revoked_at: token.revoked_at || null,
+        revoked_reason: token.revoked_reason || null,
+      };
+    });
+    // 3. Return array
+    return tokenInfoList;
+  }
+  /**
+   * Parse expiry string to seconds
+   *
+   * Supports:
+   * - s: seconds
+   * - m: minutes
+   * - h: hours
+   * - d: days
+   *
+   * Examples:
+   * - '60s' → 60
+   * - '30m' → 1800
+   * - '1h' → 3600
+   * - '7d' → 604800
+   * - '30d' → 2592000
+   *
+   * @param expiresIn Human-readable duration string
+   * @returns Duration in seconds
+   * @throws Error if format is invalid
+   */
+  private parseExpiry(expiresIn: string): number {
+    const match = expiresIn.match(/^(\d+)([smhd])$/);
+    if (!match || !match[1] || !match[2]) {
+      throw new Error(
+        `Invalid expiry format: ${expiresIn}. Expected format: <number><unit> (e.g., '1h', '7d')`
+      );
+    }
+    const value = parseInt(match[1], 10);
+    const unit = match[2];
+    const multipliers: Record<string, number> = {
+      s: 1,
+      m: 60,
+      h: 3600,
+      d: 86400,
+    };
+    const multiplier = multipliers[unit];
+    if (multiplier === undefined) {
+      throw new Error(`Invalid time unit: ${unit}`);
+    }
+    const seconds = value * multiplier;
+    this.logger.debug('Parsed expiry', { expiresIn, seconds });
+    return seconds;
+  }
+}

package/src/services/config/.gitkeep ADDED Viewed

File without changes

package/src/services/config/config.service.ts ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * Configuration Service
+ * Manages application configuration
+ */
+import { ConfigSchema } from '../../config/config.schema';
+import { AppConfig } from '../../types/config.types';
+/**
+ * Load and validate application configuration
+ *
+ * @returns Promise<AppConfig> Validated configuration
+ */
+export async function loadConfig(): Promise<AppConfig> {
+  // Load from environment variables
+  const rawConfig = {
+    server: {
+      port: process.env['PORT'] || 8443,
+      nodeEnv: process.env['NODE_ENV'] || 'production',
+    },
+    infoEndpoints: {
+      tokenInfoEnabled: process.env['TOKEN_INFO_ENABLED'],
+      providersInfoEnabled: process.env['PROVIDERS_INFO_ENABLED'],
+    },
+    jwt: {
+      privateKeyPath: process.env['JWT_PRIVATE_KEY_PATH'] || './keys/private.pem',
+      publicKeyPath: process.env['JWT_PUBLIC_KEY_PATH'] || './keys/public.pem',
+      tokenExpiry: process.env['TOKEN_EXPIRY'] || '1h',
+      tokenMaxUses: process.env['TOKEN_MAX_USES'] || 10,
+    },
+    ldap: {
+      url: process.env['LDAP_URL'] || '',
+      bindDN: process.env['LDAP_BIND_DN'] || '',
+      bindPassword: process.env['LDAP_BIND_PASSWORD'] || '',
+      baseDN: process.env['LDAP_BASE_DN'] || '',
+      tlsVerify: process.env['LDAP_TLS_VERIFY'] !== 'false',
+      caCertPath: process.env['LDAP_CA_CERT_PATH'],
+      timeout: process.env['LDAP_TIMEOUT'] || 30000,
+      skipHostnameVerification: process.env['LDAP_SKIP_HOSTNAME_VERIFICATION'],
+      tlsServername: process.env['LDAP_TLS_SERVERNAME'],
+    },
+    azure: {
+      enabled: process.env['AZURE_ENABLED'],
+      tenantId: process.env['AZURE_TENANT_ID'],
+      clientId: process.env['AZURE_CLIENT_ID'],
+      clientSecret: process.env['AZURE_CLIENT_SECRET'],
+    },
+    smb: {
+      enabled: process.env['SMB_ENABLED'],
+      username: process.env['SMB_USERNAME'],
+      password: process.env['SMB_PASSWORD'],
+      timeout: process.env['SMB_TIMEOUT'] || 10000,
+    },
+    logging: {
+      level: process.env['LOG_LEVEL'] || 'info',
+      format: process.env['LOG_FORMAT'] || 'json',
+    },
+    database: {
+      path: process.env['DATABASE_PATH'] || './data/etc-collector.db',
+      enableWAL: process.env['DATABASE_ENABLE_WAL'] !== 'false',
+      busyTimeout: process.env['DATABASE_BUSY_TIMEOUT'] || 5000,
+    },
+  };
+  // Validate with Zod schema
+  const config = ConfigSchema.parse(rawConfig);
+  return config as AppConfig;
+}
+export class ConfigService {
+  getConfig(): unknown {
+    throw new Error('Config service not implemented yet');
+  }
+}

package/src/services/export/.gitkeep ADDED Viewed

File without changes

package/src/services/export/export.service.ts ADDED Viewed

@@ -0,0 +1,99 @@
+/**
+ * Export Service
+ *
+ * Orchestrates audit result export to JSON and CSV formats.
+ * Story 1.9: Export Service
+ *
+ * Features:
+ * - JSON export with full audit structure
+ * - CSV export with flat table structure
+ * - Content-Disposition headers for file downloads
+ * - Excel-compatible CSV (UTF-8 with BOM)
+ */
+import { Finding } from '../../types/finding.types';
+import { SecurityScore } from '../audit/scoring.service';
+import { formatAsJSON, getJSONContentDisposition, JSONExportOptions } from './formatters/json.formatter';
+import { formatAsCSV, getCSVContentDisposition, CSVExportOptions } from './formatters/csv.formatter';
+/**
+ * Audit result for export
+ */
+export interface ExportAuditResult {
+  score: SecurityScore;
+  findings: Finding[];
+  stats: {
+    totalUsers?: number;
+    totalGroups?: number;
+    totalComputers?: number;
+    totalApps?: number;
+    totalPolicies?: number;
+    totalFindings: number;
+    executionTimeMs: number;
+  };
+  timestamp: Date;
+}
+/**
+ * Export result with content and headers
+ */
+export interface ExportResult {
+  content: string;
+  contentType: string;
+  contentDisposition: string;
+}
+/**
+ * Export Service
+ */
+export class ExportService {
+  /**
+   * Export audit result as JSON
+   *
+   * @param auditResult Audit result
+   * @param options JSON export options
+   * @returns Export result with JSON content and headers
+   */
+  exportToJSON(auditResult: ExportAuditResult, options: JSONExportOptions): ExportResult {
+    // Format as JSON
+    const content = formatAsJSON(auditResult.score, auditResult.findings, auditResult.stats, options);
+    // Generate Content-Disposition header
+    const domain = options.domain || options.tenantId || 'unknown';
+    const contentDisposition = getJSONContentDisposition(options.provider, domain);
+    return {
+      content,
+      contentType: 'application/json; charset=utf-8',
+      contentDisposition,
+    };
+  }
+  /**
+   * Export audit result as CSV
+   *
+   * @param auditResult Audit result
+   * @param provider Provider type (ad or azure)
+   * @param domain Domain name or tenant ID
+   * @param options CSV export options
+   * @returns Export result with CSV content and headers
+   */
+  exportToCSV(
+    auditResult: ExportAuditResult,
+    provider: string,
+    domain: string,
+    options: CSVExportOptions = {}
+  ): ExportResult {
+    // Format as CSV
+    const content = formatAsCSV(auditResult.findings, options);
+    // Generate Content-Disposition header
+    const contentDisposition = getCSVContentDisposition(provider, domain);
+    return {
+      content,
+      contentType: 'text/csv; charset=utf-8',
+      contentDisposition,
+    };
+  }
+}