@futdevpro/nts-dynamo 1.10.23 → 1.10.25

package/build/_modules/oauth2/_routes/oauth2.controller.d.ts

@@ -0,0 +1,17 @@
+import { DyNTS_Controller } from '../../../_services/route/controller.service';
+/**
+ * OAuth2 Controller implementation
+ *
+ * This controller handles OAuth2 specific endpoints and authentication flows
+ *
+ * @example
+ * const oauth2Controller = DyNTS_OAuth2_Controller.getInstance();
+ * oauth2Controller.setupEndpoints();
+ */
+export declare class DyNTS_OAuth2_Controller extends DyNTS_Controller {
+    static getInstance(): DyNTS_OAuth2_Controller;
+    private readonly authService;
+    private readonly controlService;
+    setupEndpoints(): void;
+}
+//# sourceMappingURL=oauth2.controller.d.ts.map

package/build/_modules/oauth2/_routes/oauth2.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2.controller.d.ts","sourceRoot":"","sources":["../../../../src/_modules/oauth2/_routes/oauth2.controller.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,6CAA6C,CAAC;AAK/E;;;;;;;;GAQG;AACH,qBAAa,uBAAwB,SAAQ,gBAAgB;IAC3D,MAAM,CAAC,WAAW,IAAI,uBAAuB;IAI7C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAoE;IAChG,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA0E;IAEzG,cAAc,IAAI,IAAI;CA0EvB"}

package/build/_modules/oauth2/_routes/oauth2.controller.js

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DyNTS_OAuth2_Controller = void 0;
+const fsm_dynamo_1 = require("@futdevpro/fsm-dynamo");
+const controller_service_1 = require("../../../_services/route/controller.service");
+const endpoint_params_control_model_1 = require("../../../_models/control-models/endpoint-params.control-model");
+const oauth2_auth_service_1 = require("../_services/oauth2.auth-service");
+const oauth2_control_service_1 = require("../_services/oauth2.control-service");
+/**
+ * OAuth2 Controller implementation
+ *
+ * This controller handles OAuth2 specific endpoints and authentication flows
+ *
+ * @example
+ * const oauth2Controller = DyNTS_OAuth2_Controller.getInstance();
+ * oauth2Controller.setupEndpoints();
+ */
+class DyNTS_OAuth2_Controller extends controller_service_1.DyNTS_Controller {
+    static getInstance() {
+        return DyNTS_OAuth2_Controller.getSingletonInstance();
+    }
+    authService = oauth2_auth_service_1.DyNTS_OAuth2_AuthService.getInstance();
+    controlService = oauth2_control_service_1.DyNTS_OAuth2_ControlService.getInstance();
+    setupEndpoints() {
+        this.endpoints = [
+            new endpoint_params_control_model_1.DyNTS_Endpoint_Params({
+                name: 'authorize',
+                type: fsm_dynamo_1.DyFM_HttpCallType.get,
+                endpoint: '/oauth2/authorize',
+                tasks: [
+                    async (req, res) => {
+                        // TODO: Implement OAuth2 authorization endpoint
+                        // 1. Validate client_id and redirect_uri
+                        // 2. Check if user is already authenticated
+                        // 3. If not authenticated, redirect to login page
+                        // 4. If authenticated, show consent page
+                        // 5. Handle user consent
+                        // 6. Generate authorization code or access token
+                        // 7. Redirect back to client with code/token
+                        await this.controlService.handleAuthorizationRequest(req, res);
+                    },
+                ],
+            }),
+            new endpoint_params_control_model_1.DyNTS_Endpoint_Params({
+                name: 'token',
+                type: fsm_dynamo_1.DyFM_HttpCallType.post,
+                endpoint: '/oauth2/token',
+                tasks: [
+                    async (req, res) => {
+                        // TODO: Implement OAuth2 token endpoint
+                        // 1. Validate client credentials
+                        // 2. Handle different grant types:
+                        //    - authorization_code
+                        //    - refresh_token
+                        //    - client_credentials
+                        //    - password
+                        // 3. Generate appropriate tokens
+                        // 4. Return token response
+                        await this.controlService.handleTokenRequest(req, res);
+                    },
+                ],
+            }),
+            new endpoint_params_control_model_1.DyNTS_Endpoint_Params({
+                name: 'userinfo',
+                type: fsm_dynamo_1.DyFM_HttpCallType.get,
+                endpoint: '/oauth2/userinfo',
+                preProcesses: [this.authService.authenticate_token],
+                tasks: [
+                    async (req, res) => {
+                        // TODO: Implement OAuth2 userinfo endpoint
+                        // 1. Extract user information from token
+                        // 2. Validate token scope
+                        // 3. Return user information based on scope
+                        await this.controlService.handleUserInfoRequest(req, res);
+                    },
+                ],
+            }),
+            new endpoint_params_control_model_1.DyNTS_Endpoint_Params({
+                name: 'revoke',
+                type: fsm_dynamo_1.DyFM_HttpCallType.post,
+                endpoint: '/oauth2/revoke',
+                preProcesses: [this.authService.authenticate_token],
+                tasks: [
+                    async (req, res) => {
+                        // TODO: Implement OAuth2 token revocation endpoint
+                        // 1. Validate token
+                        // 2. Revoke token and any associated refresh tokens
+                        // 3. Clear token from storage/cache
+                        await this.controlService.handleTokenRevocation(req, res);
+                    },
+                ],
+            }),
+        ];
+    }
+}
+exports.DyNTS_OAuth2_Controller = DyNTS_OAuth2_Controller;
+//# sourceMappingURL=oauth2.controller.js.map

package/build/_modules/oauth2/_routes/oauth2.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2.controller.js","sourceRoot":"","sources":["../../../../src/_modules/oauth2/_routes/oauth2.controller.ts"],"names":[],"mappings":";;;AACA,sDAA0D;AAC1D,oFAA+E;AAC/E,iHAAsG;AACtG,0EAA4E;AAC5E,gFAAkF;AAElF;;;;;;;;GAQG;AACH,MAAa,uBAAwB,SAAQ,qCAAgB;IAC3D,MAAM,CAAC,WAAW;QAChB,OAAO,uBAAuB,CAAC,oBAAoB,EAAE,CAAC;IACxD,CAAC;IAEgB,WAAW,GAA6B,8CAAwB,CAAC,WAAW,EAAE,CAAC;IAC/E,cAAc,GAAgC,oDAA2B,CAAC,WAAW,EAAE,CAAC;IAEzG,cAAc;QACZ,IAAI,CAAC,SAAS,GAAG;YACf,IAAI,qDAAqB,CAAC;gBACxB,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,8BAAiB,CAAC,GAAG;gBAC3B,QAAQ,EAAE,mBAAmB;gBAC7B,KAAK,EAAE;oBACL,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;wBACnD,gDAAgD;wBAChD,yCAAyC;wBACzC,4CAA4C;wBAC5C,kDAAkD;wBAClD,yCAAyC;wBACzC,yBAAyB;wBACzB,iDAAiD;wBACjD,6CAA6C;wBAC7C,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;oBACjE,CAAC;iBACF;aACF,CAAC;YAEF,IAAI,qDAAqB,CAAC;gBACxB,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,8BAAiB,CAAC,IAAI;gBAC5B,QAAQ,EAAE,eAAe;gBACzB,KAAK,EAAE;oBACL,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;wBACnD,wCAAwC;wBACxC,iCAAiC;wBACjC,mCAAmC;wBACnC,0BAA0B;wBAC1B,qBAAqB;wBACrB,0BAA0B;wBAC1B,gBAAgB;wBAChB,iCAAiC;wBACjC,2BAA2B;wBAC3B,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;oBACzD,CAAC;iBACF;aACF,CAAC;YAEF,IAAI,qDAAqB,CAAC;gBACxB,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,8BAAiB,CAAC,GAAG;gBAC3B,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;gBACnD,KAAK,EAAE;oBACL,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;wBACnD,2CAA2C;wBAC3C,yCAAyC;wBACzC,0BAA0B;wBAC1B,4CAA4C;wBAC5C,MAAM,IAAI,CAAC,cAAc,CAAC,qBAAqB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;oBAC5D,CAAC;iBACF;aACF,CAAC;YAEF,IAAI,qDAAqB,CAAC;gBACxB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,8BAAiB,CAAC,IAAI;gBAC5B,QAAQ,EAAE,gBAAgB;gBAC1B,YAAY,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;gBACnD,KAAK,EAAE;oBACL,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;wBACnD,mDAAmD;wBACnD,oBAAoB;wBACpB,oDAAoD;wBACpD,oCAAoC;wBACpC,MAAM,IAAI,CAAC,cAAc,CAAC,qBAAqB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;oBAC5D,CAAC;iBACF;aACF,CAAC;SACH,CAAC;IACJ,CAAC;CACF;AAlFD,0DAkFC"}

package/build/_modules/oauth2/_services/oauth2.auth-service.d.ts

@@ -0,0 +1,31 @@
+import { Request, Response } from 'express';
+import { DyNTS_AuthService } from '../../../_services/core/auth.service';
+/**
+ * OAuth2 Authentication Service implementation
+ *
+ * This service handles OAuth2 specific authentication flows and token management
+ *
+ * @example
+ * const authService = DyNTS_OAuth2_AuthService.getInstance();
+ * await authService.authenticate_token(req, res);
+ */
+export declare class DyNTS_OAuth2_AuthService extends DyNTS_AuthService {
+    static getInstance(): DyNTS_OAuth2_AuthService;
+    private readonly controlService;
+    readonly authenticate_token: (req: Request, res: Response) => Promise<void>;
+    readonly authenticate_tokenSelf: (req: Request, res: Response) => Promise<void>;
+    readonly authenticate_tokenPerm_accUsageData: (req: Request, res: Response) => Promise<void>;
+    /**
+     * Gets the issuer (user ID) from the OAuth2 token in the request
+     * @param req Express Request object
+     * @returns The issuer ID from the token
+     */
+    getIssuerFromRequest(req: Request): string;
+    /**
+     * Gets the username from the OAuth2 token in the request
+     * @param req Express Request object
+     * @returns The username from the token
+     */
+    getUsernameFromRequest(req: Request): string;
+}
+//# sourceMappingURL=oauth2.auth-service.d.ts.map

package/build/_modules/oauth2/_services/oauth2.auth-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2.auth-service.d.ts","sourceRoot":"","sources":["../../../../src/_modules/oauth2/_services/oauth2.auth-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sCAAsC,CAAC;AAIzE;;;;;;;;GAQG;AACH,qBAAa,wBAAyB,SAAQ,iBAAiB;IAC7D,MAAM,CAAC,WAAW,IAAI,wBAAwB;IAI9C,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA0E;IAEzG,QAAQ,CAAC,kBAAkB,QAAe,OAAO,OAAO,QAAQ,KAAG,QAAQ,IAAI,CAAC,CA6C9E;IAEF,QAAQ,CAAC,sBAAsB,QAAe,OAAO,OAAO,QAAQ,KAAG,QAAQ,IAAI,CAAC,CA0DlF;IAEF,QAAQ,CAAC,mCAAmC,QAAe,OAAO,OAAO,QAAQ,KAAG,QAAQ,IAAI,CAAC,CAyD/F;IAEF;;;;OAIG;IACH,oBAAoB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM;IAgB1C;;;;OAIG;IACH,sBAAsB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM;CAiB7C"}

package/build/_modules/oauth2/_services/oauth2.auth-service.js

@@ -0,0 +1,216 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DyNTS_OAuth2_AuthService = void 0;
+const fsm_dynamo_1 = require("@futdevpro/fsm-dynamo");
+const auth_service_1 = require("../../../_services/core/auth.service");
+const global_settings_const_1 = require("../../../_collections/global-settings.const");
+const oauth2_control_service_1 = require("./oauth2.control-service");
+/**
+ * OAuth2 Authentication Service implementation
+ *
+ * This service handles OAuth2 specific authentication flows and token management
+ *
+ * @example
+ * const authService = DyNTS_OAuth2_AuthService.getInstance();
+ * await authService.authenticate_token(req, res);
+ */
+class DyNTS_OAuth2_AuthService extends auth_service_1.DyNTS_AuthService {
+    static getInstance() {
+        return DyNTS_OAuth2_AuthService.getSingletonInstance();
+    }
+    controlService = oauth2_control_service_1.DyNTS_OAuth2_ControlService.getInstance();
+    authenticate_token = async (req, res) => {
+        try {
+            const token = this.getTokenFromRequest(req);
+            // Validate token format
+            if (!token?.startsWith('Bearer ')) {
+                throw new fsm_dynamo_1.DyFM_Error({
+                    status: 401,
+                    errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-AT1`,
+                    addECToUserMsg: true,
+                    message: 'Invalid token format',
+                    userMessage: this.defaultErrorUserMsg,
+                    issuerService: this.serviceName,
+                });
+            }
+            const accessToken = token.substring(7); // Remove 'Bearer ' prefix
+            // Validate token against stored tokens
+            const tokenData = this.controlService.getAccessTokenData(accessToken);
+            if (!tokenData || tokenData.expiresAt < Date.now()) {
+                throw new fsm_dynamo_1.DyFM_Error({
+                    status: 401,
+                    errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-AT2`,
+                    addECToUserMsg: true,
+                    message: 'Invalid or expired token',
+                    userMessage: this.defaultErrorUserMsg,
+                    issuerService: this.serviceName,
+                });
+            }
+            // Set token in response header
+            res.setHeader('authorization', `Bearer ${accessToken}`);
+        }
+        catch (error) {
+            fsm_dynamo_1.DyFM_Log.error('OAuth2 token authentication failed', error);
+            throw new fsm_dynamo_1.DyFM_Error({
+                status: 401,
+                errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-AT0`,
+                addECToUserMsg: true,
+                message: 'OAuth2 token authentication failed',
+                userMessage: this.defaultErrorUserMsg,
+                issuerService: this.serviceName,
+                error
+            });
+        }
+    };
+    authenticate_tokenSelf = async (req, res) => {
+        try {
+            const token = this.getTokenFromRequest(req);
+            // Validate token format
+            if (!token || !token.startsWith('Bearer ')) {
+                throw new fsm_dynamo_1.DyFM_Error({
+                    status: 401,
+                    errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-ATS1`,
+                    addECToUserMsg: true,
+                    message: 'Invalid token format',
+                    userMessage: this.defaultErrorUserMsg,
+                    issuerService: this.serviceName,
+                });
+            }
+            const accessToken = token.substring(7); // Remove 'Bearer ' prefix
+            // Validate token against stored tokens
+            const tokenData = this.controlService.getAccessTokenData(accessToken);
+            if (!tokenData || tokenData.expiresAt < Date.now()) {
+                throw new fsm_dynamo_1.DyFM_Error({
+                    status: 401,
+                    errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-ATS2`,
+                    addECToUserMsg: true,
+                    message: 'Invalid or expired token',
+                    userMessage: this.defaultErrorUserMsg,
+                    issuerService: this.serviceName,
+                });
+            }
+            // For self-token validation, ensure the token is associated with the requesting user
+            const issuer = this.getIssuerFromRequest(req);
+            if (!issuer || issuer !== tokenData.clientId) {
+                throw new fsm_dynamo_1.DyFM_Error({
+                    status: 403,
+                    errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-ATS3`,
+                    addECToUserMsg: true,
+                    message: 'Token not associated with requesting user',
+                    userMessage: this.defaultErrorUserMsg,
+                    issuerService: this.serviceName,
+                });
+            }
+            // Set token in response header
+            res.setHeader('authorization', `Bearer ${accessToken}`);
+        }
+        catch (error) {
+            fsm_dynamo_1.DyFM_Log.error('OAuth2 self-token authentication failed', error);
+            throw new fsm_dynamo_1.DyFM_Error({
+                status: 401,
+                errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-ATS0`,
+                addECToUserMsg: true,
+                message: 'OAuth2 self-token authentication failed',
+                userMessage: this.defaultErrorUserMsg,
+                issuerService: this.serviceName,
+                error
+            });
+        }
+    };
+    authenticate_tokenPerm_accUsageData = async (req, res) => {
+        try {
+            const token = this.getTokenFromRequest(req);
+            // Validate token format
+            if (!token || !token.startsWith('Bearer ')) {
+                throw new fsm_dynamo_1.DyFM_Error({
+                    status: 401,
+                    errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-ATU1`,
+                    addECToUserMsg: true,
+                    message: 'Invalid token format',
+                    userMessage: this.defaultErrorUserMsg,
+                    issuerService: this.serviceName,
+                });
+            }
+            const accessToken = token.substring(7); // Remove 'Bearer ' prefix
+            // Validate token against stored tokens
+            const tokenData = this.controlService.getAccessTokenData(accessToken);
+            if (!tokenData || tokenData.expiresAt < Date.now()) {
+                throw new fsm_dynamo_1.DyFM_Error({
+                    status: 401,
+                    errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-ATU2`,
+                    addECToUserMsg: true,
+                    message: 'Invalid or expired token',
+                    userMessage: this.defaultErrorUserMsg,
+                    issuerService: this.serviceName,
+                });
+            }
+            // Check if token has usage data permission
+            if (!tokenData.scope.includes('usage_data')) {
+                throw new fsm_dynamo_1.DyFM_Error({
+                    status: 403,
+                    errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-ATU3`,
+                    addECToUserMsg: true,
+                    message: 'Token does not have usage data permission',
+                    userMessage: this.defaultErrorUserMsg,
+                    issuerService: this.serviceName,
+                });
+            }
+            // Set token in response header
+            res.setHeader('authorization', `Bearer ${accessToken}`);
+        }
+        catch (error) {
+            fsm_dynamo_1.DyFM_Log.error('OAuth2 usage data permission check failed', error);
+            throw new fsm_dynamo_1.DyFM_Error({
+                status: 401,
+                errorCode: `${global_settings_const_1.DyNTS_global_settings.systemShortCodeName}|DyNTS-OA2-ATU0`,
+                addECToUserMsg: true,
+                message: 'OAuth2 usage data permission check failed',
+                userMessage: this.defaultErrorUserMsg,
+                issuerService: this.serviceName,
+                error
+            });
+        }
+    };
+    /**
+     * Gets the issuer (user ID) from the OAuth2 token in the request
+     * @param req Express Request object
+     * @returns The issuer ID from the token
+     */
+    getIssuerFromRequest(req) {
+        try {
+            const token = this.getTokenFromRequest(req);
+            if (!token || !token.startsWith('Bearer ')) {
+                return undefined;
+            }
+            const accessToken = token.substring(7); // Remove 'Bearer ' prefix
+            const tokenData = this.controlService.getAccessTokenData(accessToken);
+            return tokenData?.clientId;
+        }
+        catch {
+            return undefined;
+        }
+    }
+    /**
+     * Gets the username from the OAuth2 token in the request
+     * @param req Express Request object
+     * @returns The username from the token
+     */
+    getUsernameFromRequest(req) {
+        try {
+            const token = this.getTokenFromRequest(req);
+            if (!token || !token.startsWith('Bearer ')) {
+                return undefined;
+            }
+            const accessToken = token.substring(7); // Remove 'Bearer ' prefix
+            const tokenData = this.controlService.getAccessTokenData(accessToken);
+            // TODO: Implement user information retrieval from database/storage
+            // For now, return the client ID as username
+            return tokenData?.clientId;
+        }
+        catch {
+            return undefined;
+        }
+    }
+}
+exports.DyNTS_OAuth2_AuthService = DyNTS_OAuth2_AuthService;
+//# sourceMappingURL=oauth2.auth-service.js.map

package/build/_modules/oauth2/_services/oauth2.auth-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2.auth-service.js","sourceRoot":"","sources":["../../../../src/_modules/oauth2/_services/oauth2.auth-service.ts"],"names":[],"mappings":";;;AACA,sDAA6D;AAC7D,uEAAyE;AACzE,uFAAoF;AACpF,qEAAuE;AAEvE;;;;;;;;GAQG;AACH,MAAa,wBAAyB,SAAQ,gCAAiB;IAC7D,MAAM,CAAC,WAAW;QAChB,OAAO,wBAAwB,CAAC,oBAAoB,EAAE,CAAC;IACzD,CAAC;IAEgB,cAAc,GAAgC,oDAA2B,CAAC,WAAW,EAAE,CAAC;IAEhG,kBAAkB,GAAG,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QACjF,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAE5C,wBAAwB;YACxB,IAAI,CAAC,KAAK,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,uBAAU,CAAC;oBACnB,MAAM,EAAE,GAAG;oBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,gBAAgB;oBACvE,cAAc,EAAE,IAAI;oBACpB,OAAO,EAAE,sBAAsB;oBAC/B,WAAW,EAAE,IAAI,CAAC,mBAAmB;oBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;YAElE,uCAAuC;YACvC,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;YACtE,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACnD,MAAM,IAAI,uBAAU,CAAC;oBACnB,MAAM,EAAE,GAAG;oBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,gBAAgB;oBACvE,cAAc,EAAE,IAAI;oBACpB,OAAO,EAAE,0BAA0B;oBACnC,WAAW,EAAE,IAAI,CAAC,mBAAmB;oBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,+BAA+B;YAC/B,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,WAAW,EAAE,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,qBAAQ,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC5D,MAAM,IAAI,uBAAU,CAAC;gBACnB,MAAM,EAAE,GAAG;gBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,gBAAgB;gBACvE,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,oCAAoC;gBAC7C,WAAW,EAAE,IAAI,CAAC,mBAAmB;gBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;gBAC/B,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEO,sBAAsB,GAAG,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QACrF,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAE5C,wBAAwB;YACxB,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,uBAAU,CAAC;oBACnB,MAAM,EAAE,GAAG;oBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,iBAAiB;oBACxE,cAAc,EAAE,IAAI;oBACpB,OAAO,EAAE,sBAAsB;oBAC/B,WAAW,EAAE,IAAI,CAAC,mBAAmB;oBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;YAElE,uCAAuC;YACvC,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;YACtE,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACnD,MAAM,IAAI,uBAAU,CAAC;oBACnB,MAAM,EAAE,GAAG;oBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,iBAAiB;oBACxE,cAAc,EAAE,IAAI;oBACpB,OAAO,EAAE,0BAA0B;oBACnC,WAAW,EAAE,IAAI,CAAC,mBAAmB;oBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,qFAAqF;YACrF,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;YAC9C,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,SAAS,CAAC,QAAQ,EAAE,CAAC;gBAC7C,MAAM,IAAI,uBAAU,CAAC;oBACnB,MAAM,EAAE,GAAG;oBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,iBAAiB;oBACxE,cAAc,EAAE,IAAI;oBACpB,OAAO,EAAE,2CAA2C;oBACpD,WAAW,EAAE,IAAI,CAAC,mBAAmB;oBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,+BAA+B;YAC/B,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,WAAW,EAAE,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,qBAAQ,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;YACjE,MAAM,IAAI,uBAAU,CAAC;gBACnB,MAAM,EAAE,GAAG;gBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,iBAAiB;gBACxE,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,yCAAyC;gBAClD,WAAW,EAAE,IAAI,CAAC,mBAAmB;gBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;gBAC/B,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEO,mCAAmC,GAAG,KAAK,EAAE,GAAY,EAAE,GAAa,EAAiB,EAAE;QAClG,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAE5C,wBAAwB;YACxB,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,uBAAU,CAAC;oBACnB,MAAM,EAAE,GAAG;oBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,iBAAiB;oBACxE,cAAc,EAAE,IAAI;oBACpB,OAAO,EAAE,sBAAsB;oBAC/B,WAAW,EAAE,IAAI,CAAC,mBAAmB;oBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;YAElE,uCAAuC;YACvC,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;YACtE,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACnD,MAAM,IAAI,uBAAU,CAAC;oBACnB,MAAM,EAAE,GAAG;oBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,iBAAiB;oBACxE,cAAc,EAAE,IAAI;oBACpB,OAAO,EAAE,0BAA0B;oBACnC,WAAW,EAAE,IAAI,CAAC,mBAAmB;oBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,2CAA2C;YAC3C,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC5C,MAAM,IAAI,uBAAU,CAAC;oBACnB,MAAM,EAAE,GAAG;oBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,iBAAiB;oBACxE,cAAc,EAAE,IAAI;oBACpB,OAAO,EAAE,2CAA2C;oBACpD,WAAW,EAAE,IAAI,CAAC,mBAAmB;oBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,+BAA+B;YAC/B,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,WAAW,EAAE,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,qBAAQ,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;YACnE,MAAM,IAAI,uBAAU,CAAC;gBACnB,MAAM,EAAE,GAAG;gBACX,SAAS,EAAE,GAAG,6CAAqB,CAAC,mBAAmB,iBAAiB;gBACxE,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,2CAA2C;gBACpD,WAAW,EAAE,IAAI,CAAC,mBAAmB;gBACrC,aAAa,EAAE,IAAI,CAAC,WAAW;gBAC/B,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEF;;;;OAIG;IACH,oBAAoB,CAAC,GAAY;QAC/B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3C,OAAO,SAAS,CAAC;YACnB,CAAC;YAED,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;YAClE,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;YAEtE,OAAO,SAAS,EAAE,QAAQ,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,sBAAsB,CAAC,GAAY;QACjC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3C,OAAO,SAAS,CAAC;YACnB,CAAC;YAED,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;YAClE,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;YAEtE,mEAAmE;YACnE,4CAA4C;YAC5C,OAAO,SAAS,EAAE,QAAQ,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;CACF;AAxND,4DAwNC"}

package/build/_modules/oauth2/_services/oauth2.control-service.d.ts

@@ -0,0 +1,133 @@
+import { Request, Response } from 'express';
+import { DyNTS_SingletonService } from '../../../_services/base/singleton.service';
+/**
+ * OAuth2 Control Service implementation
+ *
+ * This service handles OAuth2 specific business logic and token management
+ *
+ * @example
+ * const oauth2Service = DyNTS_OAuth2_ControlService.getInstance();
+ * await oauth2Service.handleAuthorizationRequest(req, res);
+ */
+export declare class DyNTS_OAuth2_ControlService extends DyNTS_SingletonService {
+    static getInstance(): DyNTS_OAuth2_ControlService;
+    readonly serviceName: string;
+    private readonly authService;
+    private readonly authorizationCodes;
+    private readonly accessTokens;
+    private readonly refreshTokens;
+    private readonly clients;
+    private readonly users;
+    /**
+     * Handles the OAuth2 authorization request
+     * @param req Express Request object
+     * @param res Express Response object
+     */
+    handleAuthorizationRequest(req: Request, res: Response): Promise<void>;
+    /**
+     * Validates if the client is registered and active
+     * @param clientId The client ID to validate
+     * @returns true if the client is valid
+     */
+    private isValidClient;
+    /**
+     * Validates if the redirect URI is registered for the client
+     * @param clientId The client ID
+     * @param redirectUri The redirect URI to validate
+     * @returns true if the redirect URI is valid
+     */
+    private isValidRedirectUri;
+    /**
+     * Validates if the scope is allowed for the client
+     * @param clientId The client ID
+     * @param scope The scope to validate
+     * @returns true if the scope is valid
+     */
+    private isValidScope;
+    /**
+     * Handles the OAuth2 token request
+     * @param req Express Request object
+     * @param res Express Response object
+     */
+    handleTokenRequest(req: Request, res: Response): Promise<void>;
+    /**
+     * Validates client credentials
+     * @param clientId The client ID
+     * @param clientSecret The client secret
+     * @returns true if the credentials are valid
+     */
+    private validateClientCredentials;
+    /**
+     * Handles the OAuth2 userinfo request
+     * @param req Express Request object
+     * @param res Express Response object
+     */
+    handleUserInfoRequest(req: Request, res: Response): Promise<void>;
+    /**
+     * Gets user information from the token
+     * @param token The access token
+     * @returns The user information object
+     */
+    private getUserInfoFromToken;
+    /**
+     * Handles the OAuth2 token revocation request
+     * @param req Express Request object
+     * @param res Express Response object
+     */
+    handleTokenRevocation(req: Request, res: Response): Promise<void>;
+    /**
+     * Generates an authorization code
+     * @param clientId The client ID
+     * @param scope The requested scope
+     * @returns The generated authorization code
+     */
+    private generateAuthorizationCode;
+    /**
+     * Generates an access token
+     * @param clientId The client ID
+     * @param scope The requested scope
+     * @returns The generated access token
+     */
+    private generateAccessToken;
+    /**
+     * Generates a refresh token
+     * @param clientId The client ID
+     * @returns The generated refresh token
+     */
+    private generateRefreshToken;
+    /**
+     * Gets the access token data
+     * @param token The access token
+     * @returns The access token data or undefined if not found
+     */
+    getAccessTokenData(token: string): {
+        clientId: string;
+        scope: string;
+        expiresAt: number;
+    } | undefined;
+    /**
+     * Registers a new OAuth2 client
+     * @param clientId The client ID
+     * @param clientSecret The client secret
+     * @param redirectUris The allowed redirect URIs
+     * @param allowedScopes The allowed scopes
+     * @returns true if the client was registered successfully
+     */
+    registerClient(clientId: string, clientSecret: string, redirectUris: string[], allowedScopes: string[]): boolean;
+    /**
+     * Authenticates a user with username and password
+     * @param username The username
+     * @param password The password
+     * @returns The user's scopes if authentication is successful, undefined otherwise
+     */
+    private authenticateUser;
+    /**
+     * Registers a new user
+     * @param username The username
+     * @param password The password
+     * @param scopes The user's scopes
+     * @returns true if the user was registered successfully
+     */
+    registerUser(username: string, password: string, scopes: string[]): boolean;
+}
+//# sourceMappingURL=oauth2.control-service.d.ts.map

package/build/_modules/oauth2/_services/oauth2.control-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2.control-service.d.ts","sourceRoot":"","sources":["../../../../src/_modules/oauth2/_services/oauth2.control-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,2CAA2C,CAAC;AAKnF;;;;;;;;GAQG;AACH,qBAAa,2BAA4B,SAAQ,sBAAsB;IACrE,MAAM,CAAC,WAAW,IAAI,2BAA2B;IAIjD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAA0B;IAEtD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAoE;IAChG,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAkF;IACrH,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkF;IAC/G,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAoF;IAClH,OAAO,CAAC,QAAQ,CAAC,OAAO,CAMT;IACf,OAAO,CAAC,QAAQ,CAAC,KAAK,CAIP;IAEf;;;;OAIG;IACG,0BAA0B,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IA4F5E;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAKrB;;;;;OAKG;IACH,OAAO,CAAC,kBAAkB;IAY1B;;;;;OAKG;IACH,OAAO,CAAC,YAAY;IAcpB;;;;OAIG;IACG,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAkMpE;;;;;OAKG;IACH,OAAO,CAAC,yBAAyB;IAKjC;;;;OAIG;IACG,qBAAqB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IA2BvE;;;;OAIG;YACW,oBAAoB;IA+BlC;;;;OAIG;IACG,qBAAqB,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAuDvE;;;;;OAKG;YACW,yBAAyB;IAavC;;;;;OAKG;YACW,mBAAmB;IAajC;;;;OAIG;YACW,oBAAoB;IAYlC;;;;OAIG;IACH,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS;IAIrG;;;;;;;OAOG;IACH,cAAc,CACZ,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,YAAY,EAAE,MAAM,EAAE,EACtB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO;IAgBV;;;;;OAKG;IACH,OAAO,CAAC,gBAAgB;IAQxB;;;;;;OAMG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO;CAa5E"}