npm - @futdevpro/nts-dynamo - Versions diffs - 1.15.17 → 1.15.20 - Mend

@futdevpro/nts-dynamo 1.15.17 → 1.15.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/build/_modules/logs/logs.service.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { DyNTS_SingletonServiceBase } from '../../_services/base/singleton.service-base';
+/**
+ * In-memory ring buffer a szerver logokhoz.
+ * Interceptalja a console.log/error/warn kimeneteket es tarolja oket.
+ * Max entryszam a log_settings.logs_endpoint.maxEntries-bol jon (default: 2000).
+ *
+ * Hasznalat:
+ *   DyNTS_Logs_Service.getInstance().install()  — egyszer, szerver indulasakor
+ *   DyNTS_Logs_Service.getInstance().getLines(200)  — utolso N sor
+ */
+export declare class DyNTS_Logs_Service extends DyNTS_SingletonServiceBase {
+    static getInstance(): DyNTS_Logs_Service;
+    private readonly maxEntries;
+    private readonly buffer;
+    private installed;
+    protected constructor();
+    /**
+     * Interceptalja a console.log/error/warn kimeneteket es a bufferbe irja.
+     * Egyszer kell hivni, a szerver indulasakor. Tobbszori hivas no-op.
+     */
+    install(): void;
+    /**
+     * Az utolso N sor lekerdezese.
+     */
+    getLines(count?: number): string[];
+    /**
+     * Osszes bufferelt sor szama.
+     */
+    getLineCount(): number;
+    /**
+     * Buffer uritese.
+     */
+    clear(): void;
+    /**
+     * Telepitve van-e mar a console intercept.
+     */
+    isInstalled(): boolean;
+    private addLine;
+}
+//# sourceMappingURL=logs.service.d.ts.map

package/build/_modules/logs/logs.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"logs.service.d.ts","sourceRoot":"","sources":["../../../src/_modules/logs/logs.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAGzF;;;;;;;;GAQG;AACH,qBAAa,kBAAmB,SAAQ,0BAA0B;IAEhE,MAAM,CAAC,WAAW,IAAI,kBAAkB;IAIxC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,OAAO,CAAC,SAAS,CAAkB;IAEnC,SAAS;IAKT;;;OAGG;IACH,OAAO,IAAI,IAAI;IA0Bf;;OAEG;IACH,QAAQ,CAAC,KAAK,GAAE,MAAY,GAAG,MAAM,EAAE;IAKvC;;OAEG;IACH,YAAY,IAAI,MAAM;IAItB;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB,OAAO,CAAC,OAAO;CAahB"}

package/build/_modules/logs/logs.service.js ADDED Viewed

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DyNTS_Logs_Service = void 0;
+const singleton_service_base_1 = require("../../_services/base/singleton.service-base");
+const global_settings_const_1 = require("../../_collections/global-settings.const");
+/**
+ * In-memory ring buffer a szerver logokhoz.
+ * Interceptalja a console.log/error/warn kimeneteket es tarolja oket.
+ * Max entryszam a log_settings.logs_endpoint.maxEntries-bol jon (default: 2000).
+ *
+ * Hasznalat:
+ *   DyNTS_Logs_Service.getInstance().install()  — egyszer, szerver indulasakor
+ *   DyNTS_Logs_Service.getInstance().getLines(200)  — utolso N sor
+ */
+class DyNTS_Logs_Service extends singleton_service_base_1.DyNTS_SingletonServiceBase {
+    static getInstance() {
+        return DyNTS_Logs_Service.getSingletonInstance();
+    }
+    maxEntries;
+    buffer = [];
+    installed = false;
+    constructor() {
+        super();
+        this.maxEntries = global_settings_const_1.DyNTS_global_settings.log_settings?.logs_endpoint?.maxEntries ?? 2000;
+    }
+    /**
+     * Interceptalja a console.log/error/warn kimeneteket es a bufferbe irja.
+     * Egyszer kell hivni, a szerver indulasakor. Tobbszori hivas no-op.
+     */
+    install() {
+        if (this.installed) {
+            return;
+        }
+        this.installed = true;
+        const originalLog = console.log.bind(console);
+        const originalError = console.error.bind(console);
+        const originalWarn = console.warn.bind(console);
+        const self = this;
+        console.log = (...args) => {
+            self.addLine('LOG', args);
+            originalLog(...args);
+        };
+        console.error = (...args) => {
+            self.addLine('ERR', args);
+            originalError(...args);
+        };
+        console.warn = (...args) => {
+            self.addLine('WRN', args);
+            originalWarn(...args);
+        };
+    }
+    /**
+     * Az utolso N sor lekerdezese.
+     */
+    getLines(count = 200) {
+        const start = Math.max(0, this.buffer.length - count);
+        return this.buffer.slice(start);
+    }
+    /**
+     * Osszes bufferelt sor szama.
+     */
+    getLineCount() {
+        return this.buffer.length;
+    }
+    /**
+     * Buffer uritese.
+     */
+    clear() {
+        this.buffer.length = 0;
+    }
+    /**
+     * Telepitve van-e mar a console intercept.
+     */
+    isInstalled() {
+        return this.installed;
+    }
+    addLine(level, args) {
+        const message = args.map((arg) => {
+            if (typeof arg === 'string') {
+                return arg;
+            }
+            try {
+                return JSON.stringify(arg);
+            }
+            catch {
+                return String(arg);
+            }
+        }).join(' ');
+        const timestamped = `${new Date().toISOString()} [${level}] ${message}`;
+        this.buffer.push(timestamped);
+        if (this.buffer.length > this.maxEntries) {
+            this.buffer.shift();
+        }
+    }
+}
+exports.DyNTS_Logs_Service = DyNTS_Logs_Service;
+//# sourceMappingURL=logs.service.js.map

package/build/_modules/logs/logs.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"logs.service.js","sourceRoot":"","sources":["../../../src/_modules/logs/logs.service.ts"],"names":[],"mappings":";;;AAAA,wFAAyF;AACzF,oFAAiF;AAEjF;;;;;;;;GAQG;AACH,MAAa,kBAAmB,SAAQ,mDAA0B;IAEhE,MAAM,CAAC,WAAW;QAChB,OAAO,kBAAkB,CAAC,oBAAoB,EAAwB,CAAC;IACzE,CAAC;IAEgB,UAAU,CAAS;IACnB,MAAM,GAAa,EAAE,CAAC;IAC/B,SAAS,GAAY,KAAK,CAAC;IAEnC;QACE,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,UAAU,GAAG,6CAAqB,CAAC,YAAY,EAAE,aAAa,EAAE,UAAU,IAAI,IAAI,CAAC;IAC1F,CAAC;IAED;;;OAGG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAAC,OAAO;QAAC,CAAC;QAC/B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QAEtB,MAAM,WAAW,GAAuB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClE,MAAM,aAAa,GAAyB,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxE,MAAM,YAAY,GAAwB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAErE,MAAM,IAAI,GAAuB,IAAI,CAAC;QAEtC,OAAO,CAAC,GAAG,GAAG,CAAC,GAAG,IAAW,EAAQ,EAAE;YACrC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC1B,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;QACvB,CAAC,CAAC;QAEF,OAAO,CAAC,KAAK,GAAG,CAAC,GAAG,IAAW,EAAQ,EAAE;YACvC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC1B,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC;QACzB,CAAC,CAAC;QAEF,OAAO,CAAC,IAAI,GAAG,CAAC,GAAG,IAAW,EAAQ,EAAE;YACtC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC1B,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;QACxB,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,QAAgB,GAAG;QAC1B,MAAM,KAAK,GAAW,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC;QAC9D,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAEO,OAAO,CAAC,KAAa,EAAE,IAAW;QACxC,MAAM,OAAO,GAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,EAAE;YAC5C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAAC,OAAO,GAAG,CAAC;YAAC,CAAC;YAC5C,IAAI,CAAC;gBAAC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC;gBAAC,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;YAAC,CAAC;QACnE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,MAAM,WAAW,GAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,KAAK,KAAK,OAAO,EAAE,CAAC;QAChF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE9B,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YACzC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC;IACH,CAAC;CACF;AAvFD,gDAuFC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@futdevpro/nts-dynamo",
-  "version": "01.15.17",
+  "version": "01.15.20",
   "description": "Dynamic NodeTS (NodeJS-Typescript), MongoDB Backend System Framework by Future Development Program Ltd.",
   "DyBu_settings": {
     "packageType": "server-package",

package/pipeline.cicd.config.json CHANGED Viewed

@@ -76,7 +76,9 @@
               "@futdevpro/fsm-dynamo"
             ]
           }
-        ]
+        ],
+        "fix": true,
+        "patchOnly": true
       }
     },
     {

package/src/_models/interfaces/global-log-settings.interface.ts CHANGED Viewed

@@ -105,4 +105,40 @@ export interface DyNTS_GlobalLog_Settings {
     /** Max sorok szama a bufferben. Default: 2000. */
     maxEntries?: number;
   };
+  /**
+   * File-based log kiiras konfiguracio (DyNTS_FileLog_Service).
+   *
+   * Az in-memory ring buffer (DyNTS_Logs_Service) mellett mukodik — NEM
+   * helyette. A szerver stdout/stderr kimeneteket egy per-session log
+   * fajlba duplikalja (`{logDir}/{filenamePrefix}YYYY-MM-DD_HH-MM-SS.log`).
+   *
+   * Rotation: ha az aktiv fajl meghaladja a `maxFileSizeMb`-t, uj fajl jon
+   * letre. Retention: az `install()` + minden rotation utan a
+   * `maxFiles`-nel regebbi vagy a `retentionDays`-nel idosebb fajlok
+   * torlodnek (ami elobb teljesul).
+   *
+   * Hasznalat:
+   *   DyNTS_FileLog_Service.getInstance().install();  // szerver startup
+   */
+  file_log?: {
+    /** Engedelyezve van-e a file-based logolás. Default: false. */
+    enabled: boolean;
+    /** Log mappa abszolut vagy relativ path-ja. Default: './logs/server'. */
+    logDir?: string;
+    /** Per-session fajlnev prefix. Default: 'server-'. */
+    filenamePrefix?: string;
+    /** Rotation trigger MB-ban. Default: 50. */
+    maxFileSizeMb?: number;
+    /** Retention by count — max ennyi log fajl marad meg. Default: 10. */
+    maxFiles?: number;
+    /** Retention by age — ennyi napnal regebbi fajl torlodik. Default: 30. */
+    retentionDays?: number;
+    /** ANSI escape kodok strippelese a fajl-irasnal. Default: true. */
+    stripAnsi?: boolean;
+    /** stdout interceptalasa. Default: true. */
+    includeStdout?: boolean;
+    /** stderr interceptalasa. Default: true. */
+    includeStderr?: boolean;
+  };
 }

package/src/_modules/admin-auth/_models/admin-api-key-config.interface.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Config a `DyNTS_AdminApiKey_AuthService.configure(...)`-hoz.
+ *
+ * Minden mezo opcionalis — a default-ok megfelelnek a tipikus hasznalat-eset
+ * elvarasanak (DYNTS_ADMIN_API_KEY env var + x-admin-api-key header +
+ * Bearer fallback).
+ */
+export interface DyNTS_AdminApiKey_Config {
+  /**
+   * Env var nev, ahonnan az admin API key olvasodik.
+   * Default: `DYNTS_ADMIN_API_KEY`.
+   *
+   * Override-olhato pl. multi-tenant deploy-okhoz vagy ha a host app
+   * mas konvenciot kovet (`MY_APP_ADMIN_KEY`, stb.).
+   */
+  envVarName?: string;
+  /**
+   * HTTP header nev (case-insensitive — Express normalizalja lowercase-re).
+   * Default: `x-admin-api-key`.
+   */
+  headerName?: string;
+  /**
+   * Engedi-e az `Authorization: Bearer <key>` fallback-et a primer header
+   * helyett. Default: `true`.
+   *
+   * Hasznos amikor a kliens egy generikus HTTP klienst hasznal ami csak
+   * az Authorization header-t allitja, vagy amikor proxy-k strippelik
+   * a custom header-eket.
+   */
+  allowAuthorizationBearer?: boolean;
+}

package/src/_modules/admin-auth/admin-api-key.auth-service.spec.ts ADDED Viewed

@@ -0,0 +1,200 @@
+import { Request, Response } from 'express';
+import { DyFM_Error } from '@futdevpro/fsm-dynamo';
+import { DyNTS_AdminApiKey_AuthService } from './admin-api-key.auth-service';
+const TEST_KEY: string = 'super-secret-admin-key-1234567890';
+const TEST_ENV_VAR: string = 'DYNTS_ADMIN_API_KEY';
+/** Test-only — minimal Request mock-ot ad vissza adott headers-szel. */
+const mockReq = (headers: Record<string, string | undefined> = {}): Request => {
+  return { headers: headers } as unknown as Request;
+};
+/** Test-only — minimal Response stub (verify nem irja, csak typing miatt kell). */
+const mockRes = (): Response => {
+  return {} as unknown as Response;
+};
+describe('| DyNTS_AdminApiKey_AuthService', (): void => {
+  let svc: DyNTS_AdminApiKey_AuthService;
+  let originalEnv: string | undefined;
+  beforeEach((): void => {
+    svc = DyNTS_AdminApiKey_AuthService.getInstance();
+    svc._resetForTesting();
+    originalEnv = process.env[TEST_ENV_VAR];
+  });
+  afterEach((): void => {
+    svc._resetForTesting();
+    if (originalEnv === undefined) {
+      delete process.env[TEST_ENV_VAR];
+    } else {
+      process.env[TEST_ENV_VAR] = originalEnv;
+    }
+  });
+  describe('| verify() — config errors', (): void => {
+    it('| 500 ha az env var nincs beallitva', async (): Promise<void> => {
+      delete process.env[TEST_ENV_VAR];
+      let thrown: any = null;
+      try { await svc.verify(mockReq({}), mockRes()); } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(500);
+      expect(DyFM_Error.getErrorCode(thrown)).toContain('DyNTS-AAK-CONFIG');
+    });
+    it('| 500 ha az env var ures string', async (): Promise<void> => {
+      process.env[TEST_ENV_VAR] = '';
+      let thrown: any = null;
+      try { await svc.verify(mockReq({}), mockRes()); } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(500);
+    });
+  });
+  describe('| verify() — auth errors', (): void => {
+    beforeEach((): void => { process.env[TEST_ENV_VAR] = TEST_KEY; });
+    it('| 401 ha a header teljesen hianyzik', async (): Promise<void> => {
+      let thrown: any = null;
+      try { await svc.verify(mockReq({}), mockRes()); } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(401);
+      expect(DyFM_Error.getErrorCode(thrown)).toContain('DyNTS-AAK-MISSING');
+    });
+    it('| 401 ha a header rossz erteku', async (): Promise<void> => {
+      let thrown: any = null;
+      try {
+        await svc.verify(mockReq({ 'x-admin-api-key': 'wrong-key' }), mockRes());
+      } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(401);
+      expect(DyFM_Error.getErrorCode(thrown)).toContain('DyNTS-AAK-INVALID');
+    });
+    it('| 401 length-mismatch eseten is (timing-safe path)', async (): Promise<void> => {
+      let thrown: any = null;
+      try {
+        await svc.verify(mockReq({ 'x-admin-api-key': 'short' }), mockRes());
+      } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(401);
+      expect(DyFM_Error.getErrorCode(thrown)).toContain('DyNTS-AAK-INVALID');
+    });
+  });
+  describe('| verify() — happy paths', (): void => {
+    beforeEach((): void => { process.env[TEST_ENV_VAR] = TEST_KEY; });
+    it('| silent pass ha az x-admin-api-key header egyezik', async (): Promise<void> => {
+      await expectAsync(
+        svc.verify(mockReq({ 'x-admin-api-key': TEST_KEY }), mockRes()),
+      ).toBeResolved();
+    });
+    it('| silent pass Authorization Bearer fallback-bol (default engedelyezve)', async (): Promise<void> => {
+      await expectAsync(
+        svc.verify(mockReq({ authorization: `Bearer ${TEST_KEY}` }), mockRes()),
+      ).toBeResolved();
+    });
+    it('| silent pass Authorization Bearer kis-nagybetu case-insensitive', async (): Promise<void> => {
+      await expectAsync(
+        svc.verify(mockReq({ authorization: `bearer ${TEST_KEY}` }), mockRes()),
+      ).toBeResolved();
+    });
+  });
+  describe('| configure() — overrides', (): void => {
+    it('| custom envVarName-bol olvas', async (): Promise<void> => {
+      svc.configure({ envVarName: 'MY_CUSTOM_KEY' });
+      process.env['MY_CUSTOM_KEY'] = TEST_KEY;
+      await expectAsync(
+        svc.verify(mockReq({ 'x-admin-api-key': TEST_KEY }), mockRes()),
+      ).toBeResolved();
+      delete process.env['MY_CUSTOM_KEY'];
+    });
+    it('| custom headerName-rol olvas', async (): Promise<void> => {
+      process.env[TEST_ENV_VAR] = TEST_KEY;
+      svc.configure({ headerName: 'x-my-admin' });
+      // Default x-admin-api-key MOSTANTOL NEM mukodik
+      let thrown: any = null;
+      try {
+        await svc.verify(mockReq({ 'x-admin-api-key': TEST_KEY }), mockRes());
+      } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(401);
+      // Az uj header viszont igen
+      await expectAsync(
+        svc.verify(mockReq({ 'x-my-admin': TEST_KEY }), mockRes()),
+      ).toBeResolved();
+    });
+    it('| allowAuthorizationBearer=false letiltja a Bearer fallback-et', async (): Promise<void> => {
+      process.env[TEST_ENV_VAR] = TEST_KEY;
+      svc.configure({ allowAuthorizationBearer: false });
+      let thrown: any = null;
+      try {
+        await svc.verify(mockReq({ authorization: `Bearer ${TEST_KEY}` }), mockRes());
+      } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(401);
+    });
+    it('| configure() partial override — a tobbi mezo default marad', (): void => {
+      svc.configure({ headerName: 'x-only-header' });
+      const config = svc.getConfig();
+      expect(config.headerName).toBe('x-only-header');
+      expect(config.envVarName).toBe('DYNTS_ADMIN_API_KEY');
+      expect(config.allowAuthorizationBearer).toBe(true);
+    });
+    it('| configure() headerName lowercase-re normalizal', (): void => {
+      svc.configure({ headerName: 'X-Mixed-Case-Header' });
+      expect(svc.getConfig().headerName).toBe('x-mixed-case-header');
+    });
+  });
+  describe('| env-read-on-each-call (dynamic)', (): void => {
+    it('| env var update kozben hat: install-utani env-modositas ervenyes', async (): Promise<void> => {
+      delete process.env[TEST_ENV_VAR];
+      // Elso hivas: env hianyzik → 500
+      let thrown: any = null;
+      try { await svc.verify(mockReq({}), mockRes()); } catch (e) { thrown = e; }
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(500);
+      // Most allitsuk be az env-et
+      process.env[TEST_ENV_VAR] = TEST_KEY;
+      // Masodik hivas helyes header-rel → pass
+      await expectAsync(
+        svc.verify(mockReq({ 'x-admin-api-key': TEST_KEY }), mockRes()),
+      ).toBeResolved();
+    });
+  });
+  describe('| .verify binding', (): void => {
+    it('| verify atadhato preProcesses-be detached method-kent (this-binding megtarttva)', async (): Promise<void> => {
+      process.env[TEST_ENV_VAR] = TEST_KEY;
+      const detached: (req: Request, res: Response) => Promise<void> = svc.verify;
+      // NEM call-ban svc.verify(...) hanem szabad fuggveny-kent — bindelt this-re kell hagyatkozni
+      await expectAsync(
+        detached(mockReq({ 'x-admin-api-key': TEST_KEY }), mockRes()),
+      ).toBeResolved();
+    });
+  });
+});

package/src/_modules/admin-auth/admin-api-key.auth-service.ts ADDED Viewed

@@ -0,0 +1,220 @@
+import { Request, Response } from 'express';
+import * as crypto from 'crypto';
+import { DyFM_Error } from '@futdevpro/fsm-dynamo';
+import { DyNTS_SingletonServiceBase } from '../../_services/base/singleton.service-base';
+import { DyNTS_global_settings } from '../../_collections/global-settings.const';
+import { DyNTS_AdminApiKey_Config } from './_models/admin-api-key-config.interface';
+/** Default env var nev az admin API key-hez. */
+const DEFAULT_ENV_VAR_NAME: string = 'DYNTS_ADMIN_API_KEY';
+/** Default header nev (Express lowercase-re normalizalja az osszes header-t). */
+const DEFAULT_HEADER_NAME: string = 'x-admin-api-key';
+/** Default Bearer fallback engedelyezve van. */
+const DEFAULT_ALLOW_BEARER: boolean = true;
+/** Service-nev az error-okhoz. */
+const SERVICE_NAME: string = 'DyNTS_AdminApiKey_AuthService';
+/** ErrorCode prefix — system shortcode + saját kod. */
+const buildErrorCode = (subcode: string): string => {
+  const sys: string = DyNTS_global_settings.systemShortCodeName ?? 'DyNTS';
+  return `${sys}|DyNTS-AAK-${subcode}`;
+};
+/**
+ * Admin API key auth service — opt-in HTTP guard a meglevo `DyNTS_Endpoint_Params.preProcesses`
+ * mechanizmushoz. Egy env var-ban tarolt fix kulccsal valid-alja a bejovo kerest.
+ *
+ * **Hasznalat (host app):**
+ * ```ts
+ * const adminAuth = DyNTS_AdminApiKey_AuthService.getInstance();
+ * // opcionalis konfig:
+ * // adminAuth.configure({ envVarName: 'MY_KEY', headerName: 'x-my-key' });
+ *
+ * new DyNTS_Endpoint_Params({
+ *   ...,
+ *   preProcesses: [adminAuth.verify, ...other],
+ * });
+ *
+ * // vagy a logs routing module-on at
+ * DyNTS_getLogsRoutingModule({ authPreProcess: adminAuth.verify });
+ * ```
+ *
+ * **Viselkedes:**
+ * - env var beallitva ES helyes header → silent pass
+ * - env var beallitva, header hianyzik / rossz → 401 DyFM_Error
+ * - env var NINCS beallitva → 500 DyFM_Error (fail-closed; NEM silent allow)
+ *
+ * **Header lookup:**
+ * 1. `x-admin-api-key` (default canonical header)
+ * 2. `Authorization: Bearer <key>` (fallback ha `allowAuthorizationBearer === true`)
+ *
+ * **Timing-safe:** `crypto.timingSafeEqual` Buffer-konvertalassal. Length-mismatch
+ * eseten dummy compare-rel azonos idő, hogy a kulcs-hossz ne szivarogjon ki.
+ *
+ * **Env var read-on-each-call:** a `verify()` minden hivasnal olvassa az env-et,
+ * nem cache-eli. Igy a host az env-et utolagosan is allithatja (pl. config
+ * loader az auth.service.install() utan).
+ *
+ * **Singleton:** `getInstance()`-szel hivd. A `.verify` mezo binding-elve van
+ * `this`-re, igy direkt atadhato `preProcesses`-be ujracsomagolas nelkul.
+ */
+export class DyNTS_AdminApiKey_AuthService extends DyNTS_SingletonServiceBase {
+  static getInstance(): DyNTS_AdminApiKey_AuthService {
+    return DyNTS_AdminApiKey_AuthService.getSingletonInstance() as DyNTS_AdminApiKey_AuthService;
+  }
+  private envVarName: string = DEFAULT_ENV_VAR_NAME;
+  private headerName: string = DEFAULT_HEADER_NAME;
+  private allowAuthorizationBearer: boolean = DEFAULT_ALLOW_BEARER;
+  /**
+   * Konfig override. Hianyzo mezok a default-okat orzik.
+   * Hivhato barmikor — a `verify()` a friss config-ot olvassa.
+   */
+  configure(config: DyNTS_AdminApiKey_Config): void {
+    if (config.envVarName !== undefined) {
+      this.envVarName = config.envVarName;
+    }
+    if (config.headerName !== undefined) {
+      // Express lowercase-re normalizal — itt is lowercase-eljuk a konzisztenciaert
+      this.headerName = config.headerName.toLowerCase();
+    }
+    if (config.allowAuthorizationBearer !== undefined) {
+      this.allowAuthorizationBearer = config.allowAuthorizationBearer;
+    }
+  }
+  /**
+   * Aktualis konfig olvasasa (test/diagnosztika celokra).
+   */
+  getConfig(): Required<DyNTS_AdminApiKey_Config> {
+    return {
+      envVarName:               this.envVarName,
+      headerName:               this.headerName,
+      allowAuthorizationBearer: this.allowAuthorizationBearer,
+    };
+  }
+  /**
+   * Pre-process function — atadhato `DyNTS_Endpoint_Params.preProcesses`-be,
+   * vagy `DyNTS_getLogsRoutingModule({ authPreProcess: ... })`-be.
+   *
+   * Throws:
+   *   - 500 ha az env var nincs beallitva (vagy ures string)
+   *   - 401 ha a header hianyzik vagy nem egyezik
+   *
+   * A `req`/`res` parametereket NEM modositja (a kerest tovabb engedi a tovabbi
+   * preProcess-eknek; csak hiba eseten throw-ol).
+   */
+  readonly verify = async (req: Request, _res: Response): Promise<void> => {
+    const expectedKey: string = process.env[this.envVarName] ?? '';
+    if (expectedKey.length === 0) {
+      throw new DyFM_Error({
+        status: 500,
+        errorCode: buildErrorCode('CONFIG'),
+        addECToUserMsg: true,
+        message: `Admin API key not configured: env var ${this.envVarName} is not set or empty`,
+        userMessage: 'Server configuration error',
+        issuerService: SERVICE_NAME,
+      });
+    }
+    const providedKey: string | null = this.extractKeyFromRequest(req);
+    if (providedKey === null) {
+      throw new DyFM_Error({
+        status: 401,
+        errorCode: buildErrorCode('MISSING'),
+        addECToUserMsg: true,
+        message: `Admin API key required (expected header: ${this.headerName})`,
+        userMessage: 'Admin API key required',
+        issuerService: SERVICE_NAME,
+      });
+    }
+    if (!this.timingSafeEquals(providedKey, expectedKey)) {
+      throw new DyFM_Error({
+        status: 401,
+        errorCode: buildErrorCode('INVALID'),
+        addECToUserMsg: true,
+        message: 'Admin API key invalid',
+        userMessage: 'Admin API key invalid',
+        issuerService: SERVICE_NAME,
+      });
+    }
+    // Silent pass — return resolved promise
+  };
+  /**
+   * Header lookup — elobb a primer header, aztan opcionalisan az Authorization Bearer.
+   * Az ures string is "hianyzo"-nak szamit (a Buffer.from('') es timingSafeEqual
+   * konzisztencia miatt).
+   */
+  private extractKeyFromRequest(req: Request): string | null {
+    // Primer header
+    const primary: unknown = req.headers[this.headerName];
+    const primaryStr: string = Array.isArray(primary) ? primary[0] ?? '' : (typeof primary === 'string' ? primary : '');
+    if (primaryStr.length > 0) {
+      return primaryStr;
+    }
+    // Authorization Bearer fallback
+    if (this.allowAuthorizationBearer) {
+      const authHeader: unknown = req.headers['authorization'];
+      const authStr: string = Array.isArray(authHeader) ? authHeader[0] ?? '' : (typeof authHeader === 'string' ? authHeader : '');
+      if (authStr.toLowerCase().startsWith('bearer ')) {
+        const token: string = authStr.substring(7).trim();
+        if (token.length > 0) {
+          return token;
+        }
+      }
+    }
+    return null;
+  }
+  /**
+   * Timing-safe compare ket string kozott. Length-mismatch eseten egy dummy
+   * compare-rel azonos idot kenyszeritunk (a kulcs-hossz nem szivaroghat ki
+   * timing-attackal).
+   *
+   * crypto.timingSafeEqual KOTELEZOEN azonos Buffer-hosszt var — kulonbozo
+   * hosszra throw-ol, ezert vizsgaljuk elobb a length-et es csak utana
+   * compare-elunk.
+   */
+  private timingSafeEquals(a: string, b: string): boolean {
+    const aBuf: Buffer = Buffer.from(a, 'utf-8');
+    const bBuf: Buffer = Buffer.from(b, 'utf-8');
+    if (aBuf.length !== bBuf.length) {
+      // Dummy compare ugyanazzal a string-gel: konstans ideju mukodest biztosit
+      // mielott visszaternenk false-szal — igy a length-mismatch nem szivaroghat ki.
+      crypto.timingSafeEqual(bBuf, bBuf);
+      return false;
+    }
+    return crypto.timingSafeEqual(aBuf, bBuf);
+  }
+  /**
+   * Test-only: visszaallitja a default config-ot, hogy a specfajlok ne szivarogjak
+   * at egymas state-jet. Production code NE hivja.
+   */
+  _resetForTesting(): void {
+    this.envVarName               = DEFAULT_ENV_VAR_NAME;
+    this.headerName               = DEFAULT_HEADER_NAME;
+    this.allowAuthorizationBearer = DEFAULT_ALLOW_BEARER;
+  }
+}

package/src/_modules/admin-auth/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { DyNTS_AdminApiKey_AuthService } from './admin-api-key.auth-service';
2	+ export { DyNTS_AdminApiKey_Config } from './_models/admin-api-key-config.interface';