@futdevpro/nts-dynamo 1.15.17 → 1.15.20

package/_specifications/BACKLOG.md

@@ -22,18 +22,18 @@
   details: Alkalmassá kell tenni a Dynamo NTS-t, hogy kiszolgálja a klienst (frontend/client-side serving)
 
 - [FEATURE] (BL-20260420-001) Átfogó file-based log kezelési rendszer
-  status: ⏳ pending
+  status: ✅ done
   priority: medium
   source: user
   area: backend
-  details: Config-vezérelt log rendszer, ahol egy boolean flag-gel be lehet kapcsolni a file-ba történő log írást, és további config opciókkal lehet állítani a maximum tárolt log mennyiséget (file size / rotation / retention) és egyéb log kezelési paramétereket
+  details: Config-vezérelt log rendszer, ahol egy boolean flag-gel be lehet kapcsolni a file-ba történő log írást, és további config opciókkal lehet állítani a maximum tárolt log mennyiséget (file size / rotation / retention) és egyéb log kezelési paramétereket. Implementálva (2026-05-17): DyNTS_FileLog_Service (singleton) — process.stdout/stderr.write monkey-patch, per-session log fájl, sync appendFileSync (crash-safe), config: file_log.{enabled, logDir, filenamePrefix, maxFileSizeMb, maxFiles, retentionDays, stripAnsi, includeStdout, includeStderr}. Rotation size-limitre, retention by count + age (ami előbb teljesül). Silent failure (file IO sosem blokkolja a szervert). Spec: 11 spec / 0 fail. Full suite: 1133/0. Smoke verified.
 
 - [FEATURE] (BL-20260420-002) Admin API key alapú authentikációs réteg (env-ből)
-  status: ⏳ pending
+  status: ✅ done
   priority: high
   source: user
   area: backend
-  details: Új admin authentikációs mechanizmus bevezetése, ahol az admin API key-t environment variable-ből olvassuk (pl. DYNTS_ADMIN_API_KEY), és ezzel lehet védeni az érzékeny / admin endpointokat. Alaposan át kell tervezni, hogy hogyan integrálódjon a meglévő DyNTS auth rendszerekbe (controller / endpoint params szinten reusable guard / middleware), opcionálisan alkalmazható legyen meglévő endpointokra is (pl. errors controller endpointjaira). Előfeltétele a BL-20260420-003 log lekérő endpointnak
+  details: Új admin authentikációs mechanizmus bevezetése, ahol az admin API key-t environment variable-ből olvassuk (pl. DYNTS_ADMIN_API_KEY), és ezzel lehet védeni az érzékeny / admin endpointokat. Implementálva (2026-05-17): DyNTS_AdminApiKey_AuthService (singleton) — preProcess `.verify(req, res)` fn opt-in átadható `DyNTS_Endpoint_Params.preProcesses`-be vagy `DyNTS_getLogsRoutingModule({ authPreProcess })`-be. Default env var DYNTS_ADMIN_API_KEY, header x-admin-api-key + Authorization Bearer fallback. Konfig: `configure({ envVarName, headerName, allowAuthorizationBearer })`. Timing-safe compare (crypto.timingSafeEqual + length-mismatch dummy compare). Hibák: 500 ha env nincs, 401 ha header hiányzik/rossz. Env minden híváskor olvasott (nem cache-elt). 15/15 spec + 1148/0 full suite + smoke verifikálva. Foundational a BL-003 (log fetch) és BL-004 (errors retrofit) entry-knek.
 
 - [FEATURE] (BL-20260420-003) Server log file-ok lekérése admin endpointon keresztül
   status: ⏳ pending

package/build/_models/interfaces/global-log-settings.interface.d.ts

@@ -81,5 +81,40 @@ export interface DyNTS_GlobalLog_Settings {
         /** Max sorok szama a bufferben. Default: 2000. */
         maxEntries?: number;
     };
+    /**
+     * File-based log kiiras konfiguracio (DyNTS_FileLog_Service).
+     *
+     * Az in-memory ring buffer (DyNTS_Logs_Service) mellett mukodik — NEM
+     * helyette. A szerver stdout/stderr kimeneteket egy per-session log
+     * fajlba duplikalja (`{logDir}/{filenamePrefix}YYYY-MM-DD_HH-MM-SS.log`).
+     *
+     * Rotation: ha az aktiv fajl meghaladja a `maxFileSizeMb`-t, uj fajl jon
+     * letre. Retention: az `install()` + minden rotation utan a
+     * `maxFiles`-nel regebbi vagy a `retentionDays`-nel idosebb fajlok
+     * torlodnek (ami elobb teljesul).
+     *
+     * Hasznalat:
+     *   DyNTS_FileLog_Service.getInstance().install();  // szerver startup
+     */
+    file_log?: {
+        /** Engedelyezve van-e a file-based logolás. Default: false. */
+        enabled: boolean;
+        /** Log mappa abszolut vagy relativ path-ja. Default: './logs/server'. */
+        logDir?: string;
+        /** Per-session fajlnev prefix. Default: 'server-'. */
+        filenamePrefix?: string;
+        /** Rotation trigger MB-ban. Default: 50. */
+        maxFileSizeMb?: number;
+        /** Retention by count — max ennyi log fajl marad meg. Default: 10. */
+        maxFiles?: number;
+        /** Retention by age — ennyi napnal regebbi fajl torlodik. Default: 30. */
+        retentionDays?: number;
+        /** ANSI escape kodok strippelese a fajl-irasnal. Default: true. */
+        stripAnsi?: boolean;
+        /** stdout interceptalasa. Default: true. */
+        includeStdout?: boolean;
+        /** stderr interceptalasa. Default: true. */
+        includeStderr?: boolean;
+    };
 }
 //# sourceMappingURL=global-log-settings.interface.d.ts.map

package/build/_models/interfaces/global-log-settings.interface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"global-log-settings.interface.d.ts","sourceRoot":"","sources":["../../../src/_models/interfaces/global-log-settings.interface.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,wBAAwB;IACvC;;OAEG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,IAAI,CAAC,EAAE,OAAO,CAAC;IAEf;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB;;OAEG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;OAEG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAG/B;;OAEG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B;;OAEG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAE5B;;OAEG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAG9B;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB;;OAEG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAE9B;;OAEG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAE9B;;OAEG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAE/B;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAGrB;;OAEG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;;;OAIG;IACH,aAAa,CAAC,EAAE;QACd,2DAA2D;QAC3D,OAAO,EAAE,OAAO,CAAC;QACjB,kDAAkD;QAClD,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;CACH"}
+{"version":3,"file":"global-log-settings.interface.d.ts","sourceRoot":"","sources":["../../../src/_models/interfaces/global-log-settings.interface.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,wBAAwB;IACvC;;OAEG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,IAAI,CAAC,EAAE,OAAO,CAAC;IAEf;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB;;OAEG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;OAEG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAG/B;;OAEG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B;;OAEG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAE5B;;OAEG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAG9B;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB;;OAEG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAE9B;;OAEG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAE9B;;OAEG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAE/B;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAGrB;;OAEG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;;;OAIG;IACH,aAAa,CAAC,EAAE;QACd,2DAA2D;QAC3D,OAAO,EAAE,OAAO,CAAC;QACjB,kDAAkD;QAClD,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IAEF;;;;;;;;;;;;;;OAcG;IACH,QAAQ,CAAC,EAAE;QACT,+DAA+D;QAC/D,OAAO,EAAE,OAAO,CAAC;QACjB,yEAAyE;QACzE,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,sDAAsD;QACtD,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,4CAA4C;QAC5C,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,sEAAsE;QACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,0EAA0E;QAC1E,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,mEAAmE;QACnE,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,4CAA4C;QAC5C,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,4CAA4C;QAC5C,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;CACH"}

package/build/_modules/admin-auth/_models/admin-api-key-config.interface.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Config a `DyNTS_AdminApiKey_AuthService.configure(...)`-hoz.
+ *
+ * Minden mezo opcionalis — a default-ok megfelelnek a tipikus hasznalat-eset
+ * elvarasanak (DYNTS_ADMIN_API_KEY env var + x-admin-api-key header +
+ * Bearer fallback).
+ */
+export interface DyNTS_AdminApiKey_Config {
+    /**
+     * Env var nev, ahonnan az admin API key olvasodik.
+     * Default: `DYNTS_ADMIN_API_KEY`.
+     *
+     * Override-olhato pl. multi-tenant deploy-okhoz vagy ha a host app
+     * mas konvenciot kovet (`MY_APP_ADMIN_KEY`, stb.).
+     */
+    envVarName?: string;
+    /**
+     * HTTP header nev (case-insensitive — Express normalizalja lowercase-re).
+     * Default: `x-admin-api-key`.
+     */
+    headerName?: string;
+    /**
+     * Engedi-e az `Authorization: Bearer <key>` fallback-et a primer header
+     * helyett. Default: `true`.
+     *
+     * Hasznos amikor a kliens egy generikus HTTP klienst hasznal ami csak
+     * az Authorization header-t allitja, vagy amikor proxy-k strippelik
+     * a custom header-eket.
+     */
+    allowAuthorizationBearer?: boolean;
+}
+//# sourceMappingURL=admin-api-key-config.interface.d.ts.map

package/build/_modules/admin-auth/_models/admin-api-key-config.interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-api-key-config.interface.d.ts","sourceRoot":"","sources":["../../../../src/_modules/admin-auth/_models/admin-api-key-config.interface.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC"}

package/build/_modules/admin-auth/_models/admin-api-key-config.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=admin-api-key-config.interface.js.map

package/build/_modules/admin-auth/_models/admin-api-key-config.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-api-key-config.interface.js","sourceRoot":"","sources":["../../../../src/_modules/admin-auth/_models/admin-api-key-config.interface.ts"],"names":[],"mappings":""}

package/build/_modules/admin-auth/admin-api-key.auth-service.d.ts

@@ -0,0 +1,90 @@
+import { Request, Response } from 'express';
+import { DyNTS_SingletonServiceBase } from '../../_services/base/singleton.service-base';
+import { DyNTS_AdminApiKey_Config } from './_models/admin-api-key-config.interface';
+/**
+ * Admin API key auth service — opt-in HTTP guard a meglevo `DyNTS_Endpoint_Params.preProcesses`
+ * mechanizmushoz. Egy env var-ban tarolt fix kulccsal valid-alja a bejovo kerest.
+ *
+ * **Hasznalat (host app):**
+ * ```ts
+ * const adminAuth = DyNTS_AdminApiKey_AuthService.getInstance();
+ * // opcionalis konfig:
+ * // adminAuth.configure({ envVarName: 'MY_KEY', headerName: 'x-my-key' });
+ *
+ * new DyNTS_Endpoint_Params({
+ *   ...,
+ *   preProcesses: [adminAuth.verify, ...other],
+ * });
+ *
+ * // vagy a logs routing module-on at
+ * DyNTS_getLogsRoutingModule({ authPreProcess: adminAuth.verify });
+ * ```
+ *
+ * **Viselkedes:**
+ * - env var beallitva ES helyes header → silent pass
+ * - env var beallitva, header hianyzik / rossz → 401 DyFM_Error
+ * - env var NINCS beallitva → 500 DyFM_Error (fail-closed; NEM silent allow)
+ *
+ * **Header lookup:**
+ * 1. `x-admin-api-key` (default canonical header)
+ * 2. `Authorization: Bearer <key>` (fallback ha `allowAuthorizationBearer === true`)
+ *
+ * **Timing-safe:** `crypto.timingSafeEqual` Buffer-konvertalassal. Length-mismatch
+ * eseten dummy compare-rel azonos idő, hogy a kulcs-hossz ne szivarogjon ki.
+ *
+ * **Env var read-on-each-call:** a `verify()` minden hivasnal olvassa az env-et,
+ * nem cache-eli. Igy a host az env-et utolagosan is allithatja (pl. config
+ * loader az auth.service.install() utan).
+ *
+ * **Singleton:** `getInstance()`-szel hivd. A `.verify` mezo binding-elve van
+ * `this`-re, igy direkt atadhato `preProcesses`-be ujracsomagolas nelkul.
+ */
+export declare class DyNTS_AdminApiKey_AuthService extends DyNTS_SingletonServiceBase {
+    static getInstance(): DyNTS_AdminApiKey_AuthService;
+    private envVarName;
+    private headerName;
+    private allowAuthorizationBearer;
+    /**
+     * Konfig override. Hianyzo mezok a default-okat orzik.
+     * Hivhato barmikor — a `verify()` a friss config-ot olvassa.
+     */
+    configure(config: DyNTS_AdminApiKey_Config): void;
+    /**
+     * Aktualis konfig olvasasa (test/diagnosztika celokra).
+     */
+    getConfig(): Required<DyNTS_AdminApiKey_Config>;
+    /**
+     * Pre-process function — atadhato `DyNTS_Endpoint_Params.preProcesses`-be,
+     * vagy `DyNTS_getLogsRoutingModule({ authPreProcess: ... })`-be.
+     *
+     * Throws:
+     *   - 500 ha az env var nincs beallitva (vagy ures string)
+     *   - 401 ha a header hianyzik vagy nem egyezik
+     *
+     * A `req`/`res` parametereket NEM modositja (a kerest tovabb engedi a tovabbi
+     * preProcess-eknek; csak hiba eseten throw-ol).
+     */
+    readonly verify: (req: Request, _res: Response) => Promise<void>;
+    /**
+     * Header lookup — elobb a primer header, aztan opcionalisan az Authorization Bearer.
+     * Az ures string is "hianyzo"-nak szamit (a Buffer.from('') es timingSafeEqual
+     * konzisztencia miatt).
+     */
+    private extractKeyFromRequest;
+    /**
+     * Timing-safe compare ket string kozott. Length-mismatch eseten egy dummy
+     * compare-rel azonos idot kenyszeritunk (a kulcs-hossz nem szivaroghat ki
+     * timing-attackal).
+     *
+     * crypto.timingSafeEqual KOTELEZOEN azonos Buffer-hosszt var — kulonbozo
+     * hosszra throw-ol, ezert vizsgaljuk elobb a length-et es csak utana
+     * compare-elunk.
+     */
+    private timingSafeEquals;
+    /**
+     * Test-only: visszaallitja a default config-ot, hogy a specfajlok ne szivarogjak
+     * at egymas state-jet. Production code NE hivja.
+     */
+    _resetForTesting(): void;
+}
+//# sourceMappingURL=admin-api-key.auth-service.d.ts.map

package/build/_modules/admin-auth/admin-api-key.auth-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-api-key.auth-service.d.ts","sourceRoot":"","sources":["../../../src/_modules/admin-auth/admin-api-key.auth-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAK5C,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAGzF,OAAO,EAAE,wBAAwB,EAAE,MAAM,0CAA0C,CAAC;AAsBpF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,qBAAa,6BAA8B,SAAQ,0BAA0B;IAE3E,MAAM,CAAC,WAAW,IAAI,6BAA6B;IAInD,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,UAAU,CAA+B;IACjD,OAAO,CAAC,wBAAwB,CAAiC;IAGjE;;;OAGG;IACH,SAAS,CAAC,MAAM,EAAE,wBAAwB,GAAG,IAAI;IAajD;;OAEG;IACH,SAAS,IAAI,QAAQ,CAAC,wBAAwB,CAAC;IAQ/C;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,MAAM,QAAe,OAAO,QAAQ,QAAQ,KAAG,OAAO,CAAC,IAAI,CAAC,CAqCnE;IAGF;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;IAuB7B;;;;;;;;OAQG;IACH,OAAO,CAAC,gBAAgB;IAexB;;;OAGG;IACH,gBAAgB,IAAI,IAAI;CAKzB"}

package/build/_modules/admin-auth/admin-api-key.auth-service.js

@@ -0,0 +1,195 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DyNTS_AdminApiKey_AuthService = void 0;
+const tslib_1 = require("tslib");
+const crypto = tslib_1.__importStar(require("crypto"));
+const fsm_dynamo_1 = require("@futdevpro/fsm-dynamo");
+const singleton_service_base_1 = require("../../_services/base/singleton.service-base");
+const global_settings_const_1 = require("../../_collections/global-settings.const");
+/** Default env var nev az admin API key-hez. */
+const DEFAULT_ENV_VAR_NAME = 'DYNTS_ADMIN_API_KEY';
+/** Default header nev (Express lowercase-re normalizalja az osszes header-t). */
+const DEFAULT_HEADER_NAME = 'x-admin-api-key';
+/** Default Bearer fallback engedelyezve van. */
+const DEFAULT_ALLOW_BEARER = true;
+/** Service-nev az error-okhoz. */
+const SERVICE_NAME = 'DyNTS_AdminApiKey_AuthService';
+/** ErrorCode prefix — system shortcode + saját kod. */
+const buildErrorCode = (subcode) => {
+    const sys = global_settings_const_1.DyNTS_global_settings.systemShortCodeName ?? 'DyNTS';
+    return `${sys}|DyNTS-AAK-${subcode}`;
+};
+/**
+ * Admin API key auth service — opt-in HTTP guard a meglevo `DyNTS_Endpoint_Params.preProcesses`
+ * mechanizmushoz. Egy env var-ban tarolt fix kulccsal valid-alja a bejovo kerest.
+ *
+ * **Hasznalat (host app):**
+ * ```ts
+ * const adminAuth = DyNTS_AdminApiKey_AuthService.getInstance();
+ * // opcionalis konfig:
+ * // adminAuth.configure({ envVarName: 'MY_KEY', headerName: 'x-my-key' });
+ *
+ * new DyNTS_Endpoint_Params({
+ *   ...,
+ *   preProcesses: [adminAuth.verify, ...other],
+ * });
+ *
+ * // vagy a logs routing module-on at
+ * DyNTS_getLogsRoutingModule({ authPreProcess: adminAuth.verify });
+ * ```
+ *
+ * **Viselkedes:**
+ * - env var beallitva ES helyes header → silent pass
+ * - env var beallitva, header hianyzik / rossz → 401 DyFM_Error
+ * - env var NINCS beallitva → 500 DyFM_Error (fail-closed; NEM silent allow)
+ *
+ * **Header lookup:**
+ * 1. `x-admin-api-key` (default canonical header)
+ * 2. `Authorization: Bearer <key>` (fallback ha `allowAuthorizationBearer === true`)
+ *
+ * **Timing-safe:** `crypto.timingSafeEqual` Buffer-konvertalassal. Length-mismatch
+ * eseten dummy compare-rel azonos idő, hogy a kulcs-hossz ne szivarogjon ki.
+ *
+ * **Env var read-on-each-call:** a `verify()` minden hivasnal olvassa az env-et,
+ * nem cache-eli. Igy a host az env-et utolagosan is allithatja (pl. config
+ * loader az auth.service.install() utan).
+ *
+ * **Singleton:** `getInstance()`-szel hivd. A `.verify` mezo binding-elve van
+ * `this`-re, igy direkt atadhato `preProcesses`-be ujracsomagolas nelkul.
+ */
+class DyNTS_AdminApiKey_AuthService extends singleton_service_base_1.DyNTS_SingletonServiceBase {
+    static getInstance() {
+        return DyNTS_AdminApiKey_AuthService.getSingletonInstance();
+    }
+    envVarName = DEFAULT_ENV_VAR_NAME;
+    headerName = DEFAULT_HEADER_NAME;
+    allowAuthorizationBearer = DEFAULT_ALLOW_BEARER;
+    /**
+     * Konfig override. Hianyzo mezok a default-okat orzik.
+     * Hivhato barmikor — a `verify()` a friss config-ot olvassa.
+     */
+    configure(config) {
+        if (config.envVarName !== undefined) {
+            this.envVarName = config.envVarName;
+        }
+        if (config.headerName !== undefined) {
+            // Express lowercase-re normalizal — itt is lowercase-eljuk a konzisztenciaert
+            this.headerName = config.headerName.toLowerCase();
+        }
+        if (config.allowAuthorizationBearer !== undefined) {
+            this.allowAuthorizationBearer = config.allowAuthorizationBearer;
+        }
+    }
+    /**
+     * Aktualis konfig olvasasa (test/diagnosztika celokra).
+     */
+    getConfig() {
+        return {
+            envVarName: this.envVarName,
+            headerName: this.headerName,
+            allowAuthorizationBearer: this.allowAuthorizationBearer,
+        };
+    }
+    /**
+     * Pre-process function — atadhato `DyNTS_Endpoint_Params.preProcesses`-be,
+     * vagy `DyNTS_getLogsRoutingModule({ authPreProcess: ... })`-be.
+     *
+     * Throws:
+     *   - 500 ha az env var nincs beallitva (vagy ures string)
+     *   - 401 ha a header hianyzik vagy nem egyezik
+     *
+     * A `req`/`res` parametereket NEM modositja (a kerest tovabb engedi a tovabbi
+     * preProcess-eknek; csak hiba eseten throw-ol).
+     */
+    verify = async (req, _res) => {
+        const expectedKey = process.env[this.envVarName] ?? '';
+        if (expectedKey.length === 0) {
+            throw new fsm_dynamo_1.DyFM_Error({
+                status: 500,
+                errorCode: buildErrorCode('CONFIG'),
+                addECToUserMsg: true,
+                message: `Admin API key not configured: env var ${this.envVarName} is not set or empty`,
+                userMessage: 'Server configuration error',
+                issuerService: SERVICE_NAME,
+            });
+        }
+        const providedKey = this.extractKeyFromRequest(req);
+        if (providedKey === null) {
+            throw new fsm_dynamo_1.DyFM_Error({
+                status: 401,
+                errorCode: buildErrorCode('MISSING'),
+                addECToUserMsg: true,
+                message: `Admin API key required (expected header: ${this.headerName})`,
+                userMessage: 'Admin API key required',
+                issuerService: SERVICE_NAME,
+            });
+        }
+        if (!this.timingSafeEquals(providedKey, expectedKey)) {
+            throw new fsm_dynamo_1.DyFM_Error({
+                status: 401,
+                errorCode: buildErrorCode('INVALID'),
+                addECToUserMsg: true,
+                message: 'Admin API key invalid',
+                userMessage: 'Admin API key invalid',
+                issuerService: SERVICE_NAME,
+            });
+        }
+        // Silent pass — return resolved promise
+    };
+    /**
+     * Header lookup — elobb a primer header, aztan opcionalisan az Authorization Bearer.
+     * Az ures string is "hianyzo"-nak szamit (a Buffer.from('') es timingSafeEqual
+     * konzisztencia miatt).
+     */
+    extractKeyFromRequest(req) {
+        // Primer header
+        const primary = req.headers[this.headerName];
+        const primaryStr = Array.isArray(primary) ? primary[0] ?? '' : (typeof primary === 'string' ? primary : '');
+        if (primaryStr.length > 0) {
+            return primaryStr;
+        }
+        // Authorization Bearer fallback
+        if (this.allowAuthorizationBearer) {
+            const authHeader = req.headers['authorization'];
+            const authStr = Array.isArray(authHeader) ? authHeader[0] ?? '' : (typeof authHeader === 'string' ? authHeader : '');
+            if (authStr.toLowerCase().startsWith('bearer ')) {
+                const token = authStr.substring(7).trim();
+                if (token.length > 0) {
+                    return token;
+                }
+            }
+        }
+        return null;
+    }
+    /**
+     * Timing-safe compare ket string kozott. Length-mismatch eseten egy dummy
+     * compare-rel azonos idot kenyszeritunk (a kulcs-hossz nem szivaroghat ki
+     * timing-attackal).
+     *
+     * crypto.timingSafeEqual KOTELEZOEN azonos Buffer-hosszt var — kulonbozo
+     * hosszra throw-ol, ezert vizsgaljuk elobb a length-et es csak utana
+     * compare-elunk.
+     */
+    timingSafeEquals(a, b) {
+        const aBuf = Buffer.from(a, 'utf-8');
+        const bBuf = Buffer.from(b, 'utf-8');
+        if (aBuf.length !== bBuf.length) {
+            // Dummy compare ugyanazzal a string-gel: konstans ideju mukodest biztosit
+            // mielott visszaternenk false-szal — igy a length-mismatch nem szivaroghat ki.
+            crypto.timingSafeEqual(bBuf, bBuf);
+            return false;
+        }
+        return crypto.timingSafeEqual(aBuf, bBuf);
+    }
+    /**
+     * Test-only: visszaallitja a default config-ot, hogy a specfajlok ne szivarogjak
+     * at egymas state-jet. Production code NE hivja.
+     */
+    _resetForTesting() {
+        this.envVarName = DEFAULT_ENV_VAR_NAME;
+        this.headerName = DEFAULT_HEADER_NAME;
+        this.allowAuthorizationBearer = DEFAULT_ALLOW_BEARER;
+    }
+}
+exports.DyNTS_AdminApiKey_AuthService = DyNTS_AdminApiKey_AuthService;
+//# sourceMappingURL=admin-api-key.auth-service.js.map

package/build/_modules/admin-auth/admin-api-key.auth-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-api-key.auth-service.js","sourceRoot":"","sources":["../../../src/_modules/admin-auth/admin-api-key.auth-service.ts"],"names":[],"mappings":";;;;AACA,uDAAiC;AAEjC,sDAAmD;AAEnD,wFAAyF;AACzF,oFAAiF;AAKjF,gDAAgD;AAChD,MAAM,oBAAoB,GAAW,qBAAqB,CAAC;AAE3D,iFAAiF;AACjF,MAAM,mBAAmB,GAAW,iBAAiB,CAAC;AAEtD,gDAAgD;AAChD,MAAM,oBAAoB,GAAY,IAAI,CAAC;AAE3C,kCAAkC;AAClC,MAAM,YAAY,GAAW,+BAA+B,CAAC;AAE7D,uDAAuD;AACvD,MAAM,cAAc,GAAG,CAAC,OAAe,EAAU,EAAE;IACjD,MAAM,GAAG,GAAW,6CAAqB,CAAC,mBAAmB,IAAI,OAAO,CAAC;IACzE,OAAO,GAAG,GAAG,cAAc,OAAO,EAAE,CAAC;AACvC,CAAC,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAa,6BAA8B,SAAQ,mDAA0B;IAE3E,MAAM,CAAC,WAAW;QAChB,OAAO,6BAA6B,CAAC,oBAAoB,EAAmC,CAAC;IAC/F,CAAC;IAEO,UAAU,GAAW,oBAAoB,CAAC;IAC1C,UAAU,GAAW,mBAAmB,CAAC;IACzC,wBAAwB,GAAY,oBAAoB,CAAC;IAGjE;;;OAGG;IACH,SAAS,CAAC,MAAgC;QACxC,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QACtC,CAAC;QACD,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACpC,8EAA8E;YAC9E,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;QACpD,CAAC;QACD,IAAI,MAAM,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;YAClD,IAAI,CAAC,wBAAwB,GAAG,MAAM,CAAC,wBAAwB,CAAC;QAClE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO;YACL,UAAU,EAAgB,IAAI,CAAC,UAAU;YACzC,UAAU,EAAgB,IAAI,CAAC,UAAU;YACzC,wBAAwB,EAAE,IAAI,CAAC,wBAAwB;SACxD,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACM,MAAM,GAAG,KAAK,EAAE,GAAY,EAAE,IAAc,EAAiB,EAAE;QACtE,MAAM,WAAW,GAAW,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QAC/D,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,uBAAU,CAAC;gBACnB,MAAM,EAAE,GAAG;gBACX,SAAS,EAAE,cAAc,CAAC,QAAQ,CAAC;gBACnC,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,yCAAyC,IAAI,CAAC,UAAU,sBAAsB;gBACvF,WAAW,EAAE,4BAA4B;gBACzC,aAAa,EAAE,YAAY;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAkB,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;QACnE,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,MAAM,IAAI,uBAAU,CAAC;gBACnB,MAAM,EAAE,GAAG;gBACX,SAAS,EAAE,cAAc,CAAC,SAAS,CAAC;gBACpC,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,4CAA4C,IAAI,CAAC,UAAU,GAAG;gBACvE,WAAW,EAAE,wBAAwB;gBACrC,aAAa,EAAE,YAAY;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,uBAAU,CAAC;gBACnB,MAAM,EAAE,GAAG;gBACX,SAAS,EAAE,cAAc,CAAC,SAAS,CAAC;gBACpC,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,uBAAuB;gBAChC,WAAW,EAAE,uBAAuB;gBACpC,aAAa,EAAE,YAAY;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,wCAAwC;IAC1C,CAAC,CAAC;IAGF;;;;OAIG;IACK,qBAAqB,CAAC,GAAY;QACxC,gBAAgB;QAChB,MAAM,OAAO,GAAY,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtD,MAAM,UAAU,GAAW,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACpH,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,gCAAgC;QAChC,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;YAClC,MAAM,UAAU,GAAY,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YACzD,MAAM,OAAO,GAAW,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC7H,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAChD,MAAM,KAAK,GAAW,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAClD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;OAQG;IACK,gBAAgB,CAAC,CAAS,EAAE,CAAS;QAC3C,MAAM,IAAI,GAAW,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAC7C,MAAM,IAAI,GAAW,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAE7C,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,0EAA0E;YAC1E,+EAA+E;YAC/E,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACnC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC;IAGD;;;OAGG;IACH,gBAAgB;QACd,IAAI,CAAC,UAAU,GAAiB,oBAAoB,CAAC;QACrD,IAAI,CAAC,UAAU,GAAiB,mBAAmB,CAAC;QACpD,IAAI,CAAC,wBAAwB,GAAG,oBAAoB,CAAC;IACvD,CAAC;CACF;AAvJD,sEAuJC"}

package/build/_modules/admin-auth/index.d.ts

@@ -0,0 +1,3 @@
+export { DyNTS_AdminApiKey_AuthService } from './admin-api-key.auth-service';
+export { DyNTS_AdminApiKey_Config } from './_models/admin-api-key-config.interface';
+//# sourceMappingURL=index.d.ts.map

package/build/_modules/admin-auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/_modules/admin-auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,8BAA8B,CAAC;AAC7E,OAAO,EAAE,wBAAwB,EAAE,MAAM,0CAA0C,CAAC"}

package/build/_modules/admin-auth/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DyNTS_AdminApiKey_AuthService = void 0;
+var admin_api_key_auth_service_1 = require("./admin-api-key.auth-service");
+Object.defineProperty(exports, "DyNTS_AdminApiKey_AuthService", { enumerable: true, get: function () { return admin_api_key_auth_service_1.DyNTS_AdminApiKey_AuthService; } });
+//# sourceMappingURL=index.js.map

package/build/_modules/admin-auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/_modules/admin-auth/index.ts"],"names":[],"mappings":";;;AAAA,2EAA6E;AAApE,2IAAA,6BAA6B,OAAA"}

package/build/_modules/logs/file-log.service.d.ts

@@ -0,0 +1,87 @@
+import { DyNTS_SingletonServiceBase } from '../../_services/base/singleton.service-base';
+/**
+ * File-based szerver log service — duplikalja a stdout/stderr-t per-session
+ * log fajl(ok)ba, miközben a console kimenet erintetlenul marad. Az
+ * in-memory ring buffer (`DyNTS_Logs_Service`) MELLETT mukodik, NEM
+ * helyette.
+ *
+ * Architecture:
+ *   - `process.stdout.write` es `process.stderr.write` monkey-patch (NEM
+ *     `console.*` — azt mar a `DyNTS_Logs_Service` patch-elheti)
+ *   - Per-session fajl: `{logDir}/{prefix}YYYY-MM-DD_HH-MM-SS.log`
+ *   - Sync `appendFileSync` iras — crash-safe, azonnali flush
+ *   - Rotation: `maxFileSizeMb` atlepesenel uj session fajl
+ *   - Retention: `maxFiles` (count) ES `retentionDays` (age) — ami elobb
+ *     teljesul; install-kor + minden rotation utan futtatva
+ *   - Silent failure: file IO hibak ELNYELODNEK (a file logger SOHASEM
+ *     buktathatja el a szervert)
+ *
+ * Idempotens: tobbszori install() hivas no-op (a masodiktol).
+ *
+ * Hasznalat:
+ *   DyNTS_global_settings.log_settings.file_log = { enabled: true, ... };
+ *   DyNTS_FileLog_Service.getInstance().install();  // szerver startup
+ */
+export declare class DyNTS_FileLog_Service extends DyNTS_SingletonServiceBase {
+    static getInstance(): DyNTS_FileLog_Service;
+    private installed;
+    private activeLogDir;
+    private filenamePrefix;
+    private maxFileSizeBytes;
+    private maxFiles;
+    private retentionDays;
+    private stripAnsiEnabled;
+    private currentLogPath;
+    private currentLogSizeBytes;
+    private originalStdoutWrite;
+    private originalStderrWrite;
+    /**
+     * Telepiti a file logger-t a `DyNTS_global_settings.log_settings.file_log`
+     * config alapjan. Ha `enabled === false` vagy hianyzik a config → no-op.
+     *
+     * Idempotens — masodszori hivas no-op (akkor is, ha kozben a config
+     * valtozott; a service uj install-jara teardownFor Testing() + install()).
+     */
+    install(): void;
+    /**
+     * Visszaadja az aktualis log fajl abszolut path-jat (csak akkor letezo,
+     * ha az install() sikeresen lefutott; egyebkent ures string).
+     */
+    getCurrentLogPath(): string;
+    /**
+     * Telepitve van-e (csak akkor true, ha az enabled === true es a setup nem bukott).
+     */
+    isInstalled(): boolean;
+    /**
+     * Test-only: visszallitja az eredeti stdout/stderr.write-okat, hogy a
+     * specfajlok egymas utan tisztán futhassanak. Production code NE hivja.
+     */
+    _teardownForTesting(): void;
+    /**
+     * Session fajl nev: `{prefix}YYYY-MM-DD_HH-MM-SS_RANDOM.log`. Az RANDOM
+     * suffix biztositja a unique nevet ha ugyanazon a masodpercen tobb fajl jon letre
+     * (pl. rotation kozvetlenul install utan, vagy specfajlok gyors egymas utan).
+     */
+    private buildSessionFilename;
+    /**
+     * Egyetlen stdout/stderr iras tee-zese az aktualis log fajlba.
+     * Hibakat csendben elnyeli — a file logger SOHASEM blokkolja a szervert.
+     * Size-trackeli az aktualis fajlt es szukseg szerint rotalja.
+     */
+    private teeWrite;
+    /**
+     * Uj session fajl letrehozasa (az aktualis lezarodik). Retention cleanup-ot is
+     * vegrehajt, hogy a rotation termeszetesen tisztan tarttsa a log dir-t.
+     */
+    private rotate;
+    /**
+     * Retention takaritas: ket szabaly ami ami elobb teljesul:
+     *   1) maxFiles — ha tobb mint N log fajl van, a legregebbieket torli
+     *   2) retentionDays — `retentionDays`-nel idosebb fajlokat torli
+     *
+     * Hibakat csendben elnyel. A torolt fajlokat es az okot NEM logoljuk, hogy
+     * ne kerüljön extra szennyezes a most induló session fajlba.
+     */
+    private cleanupOldLogs;
+}
+//# sourceMappingURL=file-log.service.d.ts.map

package/build/_modules/logs/file-log.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-log.service.d.ts","sourceRoot":"","sources":["../../../src/_modules/logs/file-log.service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAsBzF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,qBAAsB,SAAQ,0BAA0B;IAEnE,MAAM,CAAC,WAAW,IAAI,qBAAqB;IAI3C,OAAO,CAAC,SAAS,CAAkB;IACnC,OAAO,CAAC,YAAY,CAAc;IAClC,OAAO,CAAC,cAAc,CAAmC;IACzD,OAAO,CAAC,gBAAgB,CAAkD;IAC1E,OAAO,CAAC,QAAQ,CAA6B;IAC7C,OAAO,CAAC,aAAa,CAAkC;IACvD,OAAO,CAAC,gBAAgB,CAA+B;IACvD,OAAO,CAAC,cAAc,CAAc;IACpC,OAAO,CAAC,mBAAmB,CAAa;IAExC,OAAO,CAAC,mBAAmB,CAA4C;IACvE,OAAO,CAAC,mBAAmB,CAA4C;IAGvE;;;;;;OAMG;IACH,OAAO,IAAI,IAAI;IAoEf;;;OAGG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;;OAGG;IACH,mBAAmB,IAAI,IAAI;IAgB3B;;;;OAIG;IACH,OAAO,CAAC,oBAAoB;IAa5B;;;;OAIG;IACH,OAAO,CAAC,QAAQ;IAsBhB;;;OAGG;IACH,OAAO,CAAC,MAAM;IAWd;;;;;;;OAOG;IACH,OAAO,CAAC,cAAc;CAoCvB"}