@fluyappgocore/commons-backend 1.0.213 → 1.0.215

package/build/middlewares/guestAuth.middleware.d.ts

@@ -39,12 +39,28 @@ export interface PortalClaims {
     branchUuid: string;
     /** Present iff scope === "ticket" */
     ticketUuid?: string;
+    /** Stable token id — used for revocation by jti, kept in claims so
+     *  the verify path can blacklist a single emission without nuking
+     *  every token ever issued for the same ticket. */
+    jti?: string;
     iat: number;
     exp: number;
 }
 export interface RequestWithPortal extends Request {
     portalAuth?: PortalClaims;
 }
+/**
+ * Revokes every ticket-scoped token currently in flight for one
+ * ticket. Use this when the customer reports a stolen cookie or
+ * when an admin manually closes a session. TTL of the revocation
+ * key matches the longest possible JWT lifetime so it cleans itself.
+ */
+export declare function revokeTicketTokens(ticketUuid: string, ttlSec?: number): Promise<void>;
+/**
+ * Revokes a specific token emission by its `jti`. Useful when only
+ * one device should be cut off, not the whole ticket session.
+ */
+export declare function revokeTokenByJti(jti: string, ttlSec?: number): Promise<void>;
 /** Issue a fresh guest token for a visitor who just landed on a branch URL. */
 export declare function issueGuestToken(input: {
     entityUuid: string;
@@ -53,11 +69,22 @@ export declare function issueGuestToken(input: {
     token: string;
     expiresAt: number;
 };
-/** Upgrade a guest into a ticket holder after POST /tickets succeeds. */
+/**
+ * Upgrade a guest into a ticket holder. Optional `ttlSec` lets the
+ * caller dial the lifetime per ticket phase:
+ *
+ *   - WAITING / CALLING / ATTENDING → 2h (default)
+ *   - FINISHED                       → 7d (NPS, share, print receipt)
+ *   - CANCELLED / ABANDONED          → 30 min (de-prioritised)
+ *
+ * Renewing on every poll keeps the cookie warm without forcing a
+ * "still here" re-auth dance.
+ */
 export declare function issueTicketToken(input: {
     entityUuid: string;
     branchUuid: string;
     ticketUuid: string;
+    ttlSec?: number;
 }): {
     token: string;
     expiresAt: number;
@@ -69,7 +96,7 @@ export declare function issueTicketToken(input: {
  * Rejects anything that isn't a portal-scoped token (aud !== "portal")
  * so a regular user/agent JWT can NEVER accidentally pass this gate.
  */
-export declare function verifyPortalToken(req: RequestWithPortal, _res: Response, next: NextFunction): void;
+export declare function verifyPortalToken(req: RequestWithPortal, _res: Response, next: NextFunction): Promise<void>;
 /**
  * Gate a route by scope.
  *

package/build/middlewares/guestAuth.middleware.js

@@ -18,17 +18,160 @@ var __importStar = (this && this.__importStar) || function (mod) {
     __setModuleDefault(result, mod);
     return result;
 };
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.requireBranchMatch = exports.requireTicketMatch = exports.requireScope = exports.verifyPortalToken = exports.issueTicketToken = exports.issueGuestToken = void 0;
+exports.requireBranchMatch = exports.requireTicketMatch = exports.requireScope = exports.verifyPortalToken = exports.issueTicketToken = exports.issueGuestToken = exports.revokeTokenByJti = exports.revokeTicketTokens = void 0;
 var jwt = __importStar(require("jsonwebtoken"));
+var redis = __importStar(require("redis"));
 var exceptions_1 = require("../exceptions");
+var promisify = require("util").promisify;
 var SECRET = process.env.JWT_KEY || "";
 var GUEST_TTL_SEC = 30 * 60; // 30 minutes
 var TICKET_TTL_SEC = 2 * 60 * 60; // 2 hours
+// ─── Revocation backbone ────────────────────────────────────────────
+//
+// JWT is stateless by design — the only way to invalidate a still-fresh
+// token is to keep a server-side blacklist and check it on every verify.
+// We keep two key namespaces in Redis:
+//
+//   portal_revoked_jti:<jti>           → revoke a single token emission
+//   portal_revoked_ticket:<ticketUuid> → revoke ALL ticket-scoped tokens
+//                                         for a given ticket (admin "kill
+//                                         the session" action)
+//
+// The key value is irrelevant; presence == revoked. We TTL the keys so
+// we don't accumulate forever — once the token's exp is in the past
+// the JWT verify alone rejects it, blacklist becomes redundant.
+//
+// Best-effort: if Redis is unreachable, we FAIL OPEN (allow the JWT)
+// instead of locking everyone out during an outage. The signed JWT
+// itself is still authentic. Trade-off documented for security audit.
+var RedisClient = null;
+var existsAsync = null;
+var setAsync = null;
+function getRedis() {
+    if (RedisClient)
+        return { existsAsync: existsAsync, setAsync: setAsync };
+    try {
+        RedisClient = redis.createClient({
+            host: process.env.REDIS_HOST || "redis",
+            port: Number(process.env.REDIS_PORT) || 6379,
+        });
+        RedisClient.on("error", function (e) {
+            // Silent — we fail open. Logging too loud across every microservice.
+            if (process.env.DEBUG_PORTAL_AUTH) {
+                console.warn("[portalAuth.redis]", e.message);
+            }
+        });
+        existsAsync = promisify(RedisClient.exists).bind(RedisClient);
+        setAsync = promisify(RedisClient.set).bind(RedisClient);
+    }
+    catch (_a) {
+        // Redis client init failed → leave nulls, fail open everywhere.
+    }
+    return { existsAsync: existsAsync, setAsync: setAsync };
+}
 function randomId() {
     return (Date.now().toString(36) +
         Math.random().toString(36).slice(2, 10));
 }
+/**
+ * Revokes every ticket-scoped token currently in flight for one
+ * ticket. Use this when the customer reports a stolen cookie or
+ * when an admin manually closes a session. TTL of the revocation
+ * key matches the longest possible JWT lifetime so it cleans itself.
+ */
+function revokeTicketTokens(ticketUuid, ttlSec) {
+    if (ttlSec === void 0) { ttlSec = 7 * 24 * 60 * 60; }
+    return __awaiter(this, void 0, void 0, function () {
+        var setAsync, _a;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0:
+                    setAsync = getRedis().setAsync;
+                    if (!setAsync || !ticketUuid)
+                        return [2 /*return*/];
+                    _b.label = 1;
+                case 1:
+                    _b.trys.push([1, 3, , 4]);
+                    return [4 /*yield*/, setAsync("portal_revoked_ticket:" + ticketUuid, "1", "EX", ttlSec)];
+                case 2:
+                    _b.sent();
+                    return [3 /*break*/, 4];
+                case 3:
+                    _a = _b.sent();
+                    return [3 /*break*/, 4];
+                case 4: return [2 /*return*/];
+            }
+        });
+    });
+}
+exports.revokeTicketTokens = revokeTicketTokens;
+/**
+ * Revokes a specific token emission by its `jti`. Useful when only
+ * one device should be cut off, not the whole ticket session.
+ */
+function revokeTokenByJti(jti, ttlSec) {
+    if (ttlSec === void 0) { ttlSec = 7 * 24 * 60 * 60; }
+    return __awaiter(this, void 0, void 0, function () {
+        var setAsync, _a;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0:
+                    setAsync = getRedis().setAsync;
+                    if (!setAsync || !jti)
+                        return [2 /*return*/];
+                    _b.label = 1;
+                case 1:
+                    _b.trys.push([1, 3, , 4]);
+                    return [4 /*yield*/, setAsync("portal_revoked_jti:" + jti, "1", "EX", ttlSec)];
+                case 2:
+                    _b.sent();
+                    return [3 /*break*/, 4];
+                case 3:
+                    _a = _b.sent();
+                    return [3 /*break*/, 4];
+                case 4: return [2 /*return*/];
+            }
+        });
+    });
+}
+exports.revokeTokenByJti = revokeTokenByJti;
 /** Issue a fresh guest token for a visitor who just landed on a branch URL. */
 function issueGuestToken(input) {
     var now = Math.floor(Date.now() / 1000);
@@ -39,6 +182,7 @@ function issueGuestToken(input) {
         scope: "guest",
         entityUuid: input.entityUuid,
         branchUuid: input.branchUuid,
+        jti: randomId(),
         iat: now,
         exp: exp,
     };
@@ -46,10 +190,21 @@ function issueGuestToken(input) {
     return { token: token, expiresAt: exp * 1000 };
 }
 exports.issueGuestToken = issueGuestToken;
-/** Upgrade a guest into a ticket holder after POST /tickets succeeds. */
+/**
+ * Upgrade a guest into a ticket holder. Optional `ttlSec` lets the
+ * caller dial the lifetime per ticket phase:
+ *
+ *   - WAITING / CALLING / ATTENDING → 2h (default)
+ *   - FINISHED                       → 7d (NPS, share, print receipt)
+ *   - CANCELLED / ABANDONED          → 30 min (de-prioritised)
+ *
+ * Renewing on every poll keeps the cookie warm without forcing a
+ * "still here" re-auth dance.
+ */
 function issueTicketToken(input) {
     var now = Math.floor(Date.now() / 1000);
-    var exp = now + TICKET_TTL_SEC;
+    var ttl = input.ttlSec && input.ttlSec > 0 ? input.ttlSec : TICKET_TTL_SEC;
+    var exp = now + ttl;
     var payload = {
         sub: "ticket:" + input.ticketUuid,
         aud: "portal",
@@ -57,6 +212,7 @@ function issueTicketToken(input) {
         entityUuid: input.entityUuid,
         branchUuid: input.branchUuid,
         ticketUuid: input.ticketUuid,
+        jti: randomId(),
         iat: now,
         exp: exp,
     };
@@ -73,26 +229,59 @@ exports.issueTicketToken = issueTicketToken;
  */
 function verifyPortalToken(req, _res, next) {
     var _a;
-    var auth = (_a = req.headers) === null || _a === void 0 ? void 0 : _a.authorization;
-    if (!auth || !auth.startsWith("Bearer ")) {
-        return next(new exceptions_1.HttpException(401, "Missing portal token"));
-    }
-    var token = auth.slice("Bearer ".length).trim();
-    try {
-        var decoded = jwt.verify(token, SECRET, {
-            algorithms: ["HS256"],
+    return __awaiter(this, void 0, void 0, function () {
+        var auth, token, decoded, existsAsync, checks, results, _b;
+        return __generator(this, function (_c) {
+            switch (_c.label) {
+                case 0:
+                    auth = (_a = req.headers) === null || _a === void 0 ? void 0 : _a.authorization;
+                    if (!auth || !auth.startsWith("Bearer ")) {
+                        return [2 /*return*/, next(new exceptions_1.HttpException(401, "Missing portal token"))];
+                    }
+                    token = auth.slice("Bearer ".length).trim();
+                    try {
+                        decoded = jwt.verify(token, SECRET, {
+                            algorithms: ["HS256"],
+                        });
+                    }
+                    catch (err) {
+                        return [2 /*return*/, next(new exceptions_1.HttpException(401, (err === null || err === void 0 ? void 0 : err.name) === "TokenExpiredError"
+                                ? "Portal token expired"
+                                : "Invalid portal token"))];
+                    }
+                    if (decoded.aud !== "portal") {
+                        return [2 /*return*/, next(new exceptions_1.HttpException(401, "Invalid token audience"))];
+                    }
+                    existsAsync = getRedis().existsAsync;
+                    if (!existsAsync) return [3 /*break*/, 5];
+                    _c.label = 1;
+                case 1:
+                    _c.trys.push([1, 4, , 5]);
+                    checks = [];
+                    if (decoded.jti) {
+                        checks.push(existsAsync("portal_revoked_jti:" + decoded.jti));
+                    }
+                    if (decoded.ticketUuid) {
+                        checks.push(existsAsync("portal_revoked_ticket:" + decoded.ticketUuid));
+                    }
+                    if (!(checks.length > 0)) return [3 /*break*/, 3];
+                    return [4 /*yield*/, Promise.all(checks)];
+                case 2:
+                    results = _c.sent();
+                    if (results.some(function (r) { return r === 1; })) {
+                        return [2 /*return*/, next(new exceptions_1.HttpException(401, "Portal token revoked"))];
+                    }
+                    _c.label = 3;
+                case 3: return [3 /*break*/, 5];
+                case 4:
+                    _b = _c.sent();
+                    return [3 /*break*/, 5];
+                case 5:
+                    req.portalAuth = decoded;
+                    return [2 /*return*/, next()];
+            }
         });
-        if (decoded.aud !== "portal") {
-            return next(new exceptions_1.HttpException(401, "Invalid token audience"));
-        }
-        req.portalAuth = decoded;
-        return next();
-    }
-    catch (err) {
-        return next(new exceptions_1.HttpException(401, (err === null || err === void 0 ? void 0 : err.name) === "TokenExpiredError"
-            ? "Portal token expired"
-            : "Invalid portal token"));
-    }
+    });
 }
 exports.verifyPortalToken = verifyPortalToken;
 /**

package/build/middlewares/licenseGuard.middleware.d.ts

@@ -1,14 +1,4 @@
 import { Request, Response, NextFunction } from "express";
-/**
- * License feature guard middleware for microservices.
- * Caches license data from the licensing server and checks feature flags.
- *
- * Usage in any MS route:
- *   router.get("/analytics", authFBMiddleware, licenseGuard("analytics-summary"), controller)
- *
- * Requires LICENSE_URL and INSTALLATION_UUID env vars.
- * Falls back to allowing access if license server is unreachable.
- */
 interface LicenseCache {
     valid: boolean;
     readOnly: boolean;
@@ -21,6 +11,9 @@ interface LicenseCache {
     };
     tier: string;
     fetchedAt: number;
+    unreachable?: boolean;
+    unreachableSince?: number | null;
+    unreachableGraceDaysLeft?: number | null;
 }
 /**
  * Check if a license feature is enabled.
@@ -47,10 +40,16 @@ export declare function licenseWriteGuard(): (req: Request, res: Response, next:
 export declare function licenseLoginGuard(): (_req: Request, res: Response, next: NextFunction) => Promise<void | Response<any, Record<string, any>>>;
 /**
  * Get current license status (for use in controllers).
+ * Includes the unreachable-grace fields so the frontend can render a
+ * "licensing server unreachable, X days left" banner.
  */
 export declare function getLicenseStatus(): Promise<{
     valid: boolean;
     readOnly: boolean;
     blocked: boolean;
+    tier: string;
+    unreachable: boolean;
+    unreachableSince: number | null;
+    unreachableGraceDaysLeft: number | null;
 } | null>;
 export {};

package/build/middlewares/licenseGuard.middleware.js

@@ -1,4 +1,15 @@
 "use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -37,8 +48,74 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getLicenseStatus = exports.licenseLoginGuard = exports.licenseWriteGuard = exports.licenseGuard = exports.getLicenseLimits = exports.isLicenseFeatureEnabled = void 0;
+var fs_1 = require("fs");
+/**
+ * License feature guard middleware for microservices.
+ * Caches license data from the licensing server and checks feature flags.
+ *
+ * Usage in any MS route:
+ *   router.get("/analytics", authFBMiddleware, licenseGuard("analytics-summary"), controller)
+ *
+ * Requires LICENSE_URL and INSTALLATION_UUID env vars.
+ *
+ * Unreachable behaviour (PaaS policy):
+ *   - If the licensing server can't be reached, the tenant keeps
+ *     working for UNREACHABLE_GRACE_DAYS days using the last cached
+ *     features (or open if there was none). After that, /license-status
+ *     reports `blocked: true` and the standard guards reject traffic.
+ *   - The client app is expected to read `unreachable` +
+ *     `unreachableGraceDaysLeft` from `getLicenseStatus()` and show a
+ *     warning banner.
+ */
+var UNREACHABLE_GRACE_DAYS = 7;
+var UNREACHABLE_GRACE_MS = UNREACHABLE_GRACE_DAYS * 24 * 60 * 60 * 1000;
+var GRACE_STATE_FILE = "/tmp/fluyapp-license-grace.json";
 var cache = null;
 var CACHE_TTL = 1000 * 60 * 60; // 1 hour
+function readGraceState() {
+    return __awaiter(this, void 0, void 0, function () {
+        var raw, _a;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0:
+                    _b.trys.push([0, 2, , 3]);
+                    return [4 /*yield*/, fs_1.promises.readFile(GRACE_STATE_FILE, "utf8")];
+                case 1:
+                    raw = _b.sent();
+                    return [2 /*return*/, JSON.parse(raw)];
+                case 2:
+                    _a = _b.sent();
+                    return [2 /*return*/, null];
+                case 3: return [2 /*return*/];
+            }
+        });
+    });
+}
+function writeGraceState(state) {
+    return __awaiter(this, void 0, void 0, function () {
+        var _a;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0:
+                    _b.trys.push([0, 5, , 6]);
+                    if (!state) return [3 /*break*/, 2];
+                    return [4 /*yield*/, fs_1.promises.writeFile(GRACE_STATE_FILE, JSON.stringify(state))];
+                case 1:
+                    _b.sent();
+                    return [3 /*break*/, 4];
+                case 2: return [4 /*yield*/, fs_1.promises.unlink(GRACE_STATE_FILE).catch(function () { })];
+                case 3:
+                    _b.sent();
+                    _b.label = 4;
+                case 4: return [3 /*break*/, 6];
+                case 5:
+                    _a = _b.sent();
+                    return [3 /*break*/, 6];
+                case 6: return [2 /*return*/];
+            }
+        });
+    });
+}
 /**
  * Where to fetch license data from. Two modes:
  *
@@ -125,18 +202,72 @@ function fetchLicense() {
     });
 }
 function getCachedLicense() {
+    var _a;
     return __awaiter(this, void 0, void 0, function () {
-        var fresh;
-        return __generator(this, function (_a) {
-            switch (_a.label) {
+        var fresh, now, stored, since, elapsed, expired, daysLeft;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
                 case 0:
                     if (cache && (Date.now() - cache.fetchedAt) < CACHE_TTL)
                         return [2 /*return*/, cache];
                     return [4 /*yield*/, fetchLicense()];
                 case 1:
-                    fresh = _a.sent();
-                    if (fresh)
-                        cache = fresh;
+                    fresh = _b.sent();
+                    if (!fresh) return [3 /*break*/, 3];
+                    // Successful refresh: clear any pending grace state.
+                    return [4 /*yield*/, writeGraceState(null)];
+                case 2:
+                    // Successful refresh: clear any pending grace state.
+                    _b.sent();
+                    cache = __assign(__assign({}, fresh), { unreachable: false, unreachableSince: null, unreachableGraceDaysLeft: null });
+                    return [2 /*return*/, cache];
+                case 3:
+                    now = Date.now();
+                    return [4 /*yield*/, readGraceState()];
+                case 4:
+                    stored = _b.sent();
+                    since = (_a = stored === null || stored === void 0 ? void 0 : stored.unreachableSince) !== null && _a !== void 0 ? _a : now;
+                    if (!!stored) return [3 /*break*/, 6];
+                    return [4 /*yield*/, writeGraceState({ unreachableSince: now })];
+                case 5:
+                    _b.sent();
+                    _b.label = 6;
+                case 6:
+                    elapsed = now - since;
+                    expired = elapsed >= UNREACHABLE_GRACE_MS;
+                    daysLeft = expired ? 0 : Math.ceil((UNREACHABLE_GRACE_MS - elapsed) / (24 * 60 * 60 * 1000));
+                    if (expired) {
+                        // Past 7 days without a successful fetch — treat as blocked.
+                        cache = {
+                            valid: false,
+                            readOnly: false,
+                            blocked: true,
+                            features: {},
+                            limits: { maxBranches: 0, maxAgents: 0, maxServices: 0 },
+                            tier: "BASIC",
+                            fetchedAt: now,
+                            unreachable: true,
+                            unreachableSince: since,
+                            unreachableGraceDaysLeft: 0,
+                        };
+                        return [2 /*return*/, cache];
+                    }
+                    // Inside grace: keep last known features if we had any, otherwise open.
+                    if (cache && cache.valid !== false) {
+                        return [2 /*return*/, __assign(__assign({}, cache), { unreachable: true, unreachableSince: since, unreachableGraceDaysLeft: daysLeft, fetchedAt: now })];
+                    }
+                    cache = {
+                        valid: true,
+                        readOnly: false,
+                        blocked: false,
+                        features: {},
+                        limits: { maxBranches: 0, maxAgents: 0, maxServices: 0 },
+                        tier: "GRACE",
+                        fetchedAt: now,
+                        unreachable: true,
+                        unreachableSince: since,
+                        unreachableGraceDaysLeft: daysLeft,
+                    };
                     return [2 /*return*/, cache];
             }
         });
@@ -297,11 +428,30 @@ function licenseLoginGuard() {
 exports.licenseLoginGuard = licenseLoginGuard;
 /**
  * Get current license status (for use in controllers).
+ * Includes the unreachable-grace fields so the frontend can render a
+ * "licensing server unreachable, X days left" banner.
  */
 function getLicenseStatus() {
+    var _a, _b;
     return __awaiter(this, void 0, void 0, function () {
-        return __generator(this, function (_a) {
-            return [2 /*return*/, getCachedLicense()];
+        var lic;
+        return __generator(this, function (_c) {
+            switch (_c.label) {
+                case 0: return [4 /*yield*/, getCachedLicense()];
+                case 1:
+                    lic = _c.sent();
+                    if (!lic)
+                        return [2 /*return*/, null];
+                    return [2 /*return*/, {
+                            valid: lic.valid,
+                            readOnly: lic.readOnly,
+                            blocked: lic.blocked,
+                            tier: lic.tier,
+                            unreachable: lic.unreachable === true,
+                            unreachableSince: (_a = lic.unreachableSince) !== null && _a !== void 0 ? _a : null,
+                            unreachableGraceDaysLeft: (_b = lic.unreachableGraceDaysLeft) !== null && _b !== void 0 ? _b : null,
+                        }];
+            }
         });
     });
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fluyappgocore/commons-backend",
-  "version": "1.0.213",
+  "version": "1.0.215",
   "description": "",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",