@futdevpro/nts-dynamo 1.15.19 → 1.15.21

package/_specifications/BACKLOG.md

@@ -29,18 +29,18 @@
   details: Config-vezérelt log rendszer, ahol egy boolean flag-gel be lehet kapcsolni a file-ba történő log írást, és további config opciókkal lehet állítani a maximum tárolt log mennyiséget (file size / rotation / retention) és egyéb log kezelési paramétereket. Implementálva (2026-05-17): DyNTS_FileLog_Service (singleton) — process.stdout/stderr.write monkey-patch, per-session log fájl, sync appendFileSync (crash-safe), config: file_log.{enabled, logDir, filenamePrefix, maxFileSizeMb, maxFiles, retentionDays, stripAnsi, includeStdout, includeStderr}. Rotation size-limitre, retention by count + age (ami előbb teljesül). Silent failure (file IO sosem blokkolja a szervert). Spec: 11 spec / 0 fail. Full suite: 1133/0. Smoke verified.
 
 - [FEATURE] (BL-20260420-002) Admin API key alapú authentikációs réteg (env-ből)
-  status: ⏳ pending
+  status: ✅ done
   priority: high
   source: user
   area: backend
-  details: Új admin authentikációs mechanizmus bevezetése, ahol az admin API key-t environment variable-ből olvassuk (pl. DYNTS_ADMIN_API_KEY), és ezzel lehet védeni az érzékeny / admin endpointokat. Alaposan át kell tervezni, hogy hogyan integrálódjon a meglévő DyNTS auth rendszerekbe (controller / endpoint params szinten reusable guard / middleware), opcionálisan alkalmazható legyen meglévő endpointokra is (pl. errors controller endpointjaira). Előfeltétele a BL-20260420-003 log lekérő endpointnak
+  details: Új admin authentikációs mechanizmus bevezetése, ahol az admin API key-t environment variable-ből olvassuk (pl. DYNTS_ADMIN_API_KEY), és ezzel lehet védeni az érzékeny / admin endpointokat. Implementálva (2026-05-17): DyNTS_AdminApiKey_AuthService (singleton) — preProcess `.verify(req, res)` fn opt-in átadható `DyNTS_Endpoint_Params.preProcesses`-be vagy `DyNTS_getLogsRoutingModule({ authPreProcess })`-be. Default env var DYNTS_ADMIN_API_KEY, header x-admin-api-key + Authorization Bearer fallback. Konfig: `configure({ envVarName, headerName, allowAuthorizationBearer })`. Timing-safe compare (crypto.timingSafeEqual + length-mismatch dummy compare). Hibák: 500 ha env nincs, 401 ha header hiányzik/rossz. Env minden híváskor olvasott (nem cache-elt). 15/15 spec + 1148/0 full suite + smoke verifikálva. Foundational a BL-003 (log fetch) és BL-004 (errors retrofit) entry-knek.
 
 - [FEATURE] (BL-20260420-003) Server log file-ok lekérése admin endpointon keresztül
-  status: ⏳ pending
+  status: ✅ done
   priority: medium
   source: user
   area: backend
-  details: A BL-20260420-001 file-based log rendszerre épülve egy új endpoint, amin keresztül le lehet kérni a szerverről a kiírt log file-ok tartalmát (pl. paged / range / tail módon). Az endpointot a BL-20260420-002 admin API key auth-tal kell védeni
+  details: A BL-20260420-001 file-based log rendszerre épülve egy új endpoint, amin keresztül le lehet kérni a szerverről a kiírt log file-ok tartalmát (pl. paged / range / tail módon). Implementálva (2026-05-17): DyNTS_FileLogs_Controller (GET /list + GET /file/:filename) + DyNTS_getFileLogsRoutingModule() factory + DyNTS_FileLog_Service bővítés (listLogFiles, readLogFile, getCurrentLogFilename). Olvasási módok: tail / head / range (max 10000 sor). Safeguards: filename whitelist regex prefix-szel, path traversal védelem (resolvedPath + sep ellenőrzés), 503/404/400 helyes status code-ok. Auth opt-in: `DyNTS_getFileLogsRoutingModule({ authPreProcess: adminAuth.verify })`. Default route /file-logs. 38/38 FileLog spec (24 service + 14 controller) + 1175/0 full suite + smoke 4/4 verifikálva.
 
 - [IMPROVEMENT] (BL-20260420-004) Errors endpointok opcionális admin API key védelme
   status: ⏳ pending

package/build/_modules/admin-auth/_models/admin-api-key-config.interface.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Config a `DyNTS_AdminApiKey_AuthService.configure(...)`-hoz.
+ *
+ * Minden mezo opcionalis — a default-ok megfelelnek a tipikus hasznalat-eset
+ * elvarasanak (DYNTS_ADMIN_API_KEY env var + x-admin-api-key header +
+ * Bearer fallback).
+ */
+export interface DyNTS_AdminApiKey_Config {
+    /**
+     * Env var nev, ahonnan az admin API key olvasodik.
+     * Default: `DYNTS_ADMIN_API_KEY`.
+     *
+     * Override-olhato pl. multi-tenant deploy-okhoz vagy ha a host app
+     * mas konvenciot kovet (`MY_APP_ADMIN_KEY`, stb.).
+     */
+    envVarName?: string;
+    /**
+     * HTTP header nev (case-insensitive — Express normalizalja lowercase-re).
+     * Default: `x-admin-api-key`.
+     */
+    headerName?: string;
+    /**
+     * Engedi-e az `Authorization: Bearer <key>` fallback-et a primer header
+     * helyett. Default: `true`.
+     *
+     * Hasznos amikor a kliens egy generikus HTTP klienst hasznal ami csak
+     * az Authorization header-t allitja, vagy amikor proxy-k strippelik
+     * a custom header-eket.
+     */
+    allowAuthorizationBearer?: boolean;
+}
+//# sourceMappingURL=admin-api-key-config.interface.d.ts.map

package/build/_modules/admin-auth/_models/admin-api-key-config.interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-api-key-config.interface.d.ts","sourceRoot":"","sources":["../../../../src/_modules/admin-auth/_models/admin-api-key-config.interface.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC"}

package/build/_modules/admin-auth/_models/admin-api-key-config.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=admin-api-key-config.interface.js.map

package/build/_modules/admin-auth/_models/admin-api-key-config.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-api-key-config.interface.js","sourceRoot":"","sources":["../../../../src/_modules/admin-auth/_models/admin-api-key-config.interface.ts"],"names":[],"mappings":""}

package/build/_modules/admin-auth/admin-api-key.auth-service.d.ts

@@ -0,0 +1,90 @@
+import { Request, Response } from 'express';
+import { DyNTS_SingletonServiceBase } from '../../_services/base/singleton.service-base';
+import { DyNTS_AdminApiKey_Config } from './_models/admin-api-key-config.interface';
+/**
+ * Admin API key auth service — opt-in HTTP guard a meglevo `DyNTS_Endpoint_Params.preProcesses`
+ * mechanizmushoz. Egy env var-ban tarolt fix kulccsal valid-alja a bejovo kerest.
+ *
+ * **Hasznalat (host app):**
+ * ```ts
+ * const adminAuth = DyNTS_AdminApiKey_AuthService.getInstance();
+ * // opcionalis konfig:
+ * // adminAuth.configure({ envVarName: 'MY_KEY', headerName: 'x-my-key' });
+ *
+ * new DyNTS_Endpoint_Params({
+ *   ...,
+ *   preProcesses: [adminAuth.verify, ...other],
+ * });
+ *
+ * // vagy a logs routing module-on at
+ * DyNTS_getLogsRoutingModule({ authPreProcess: adminAuth.verify });
+ * ```
+ *
+ * **Viselkedes:**
+ * - env var beallitva ES helyes header → silent pass
+ * - env var beallitva, header hianyzik / rossz → 401 DyFM_Error
+ * - env var NINCS beallitva → 500 DyFM_Error (fail-closed; NEM silent allow)
+ *
+ * **Header lookup:**
+ * 1. `x-admin-api-key` (default canonical header)
+ * 2. `Authorization: Bearer <key>` (fallback ha `allowAuthorizationBearer === true`)
+ *
+ * **Timing-safe:** `crypto.timingSafeEqual` Buffer-konvertalassal. Length-mismatch
+ * eseten dummy compare-rel azonos idő, hogy a kulcs-hossz ne szivarogjon ki.
+ *
+ * **Env var read-on-each-call:** a `verify()` minden hivasnal olvassa az env-et,
+ * nem cache-eli. Igy a host az env-et utolagosan is allithatja (pl. config
+ * loader az auth.service.install() utan).
+ *
+ * **Singleton:** `getInstance()`-szel hivd. A `.verify` mezo binding-elve van
+ * `this`-re, igy direkt atadhato `preProcesses`-be ujracsomagolas nelkul.
+ */
+export declare class DyNTS_AdminApiKey_AuthService extends DyNTS_SingletonServiceBase {
+    static getInstance(): DyNTS_AdminApiKey_AuthService;
+    private envVarName;
+    private headerName;
+    private allowAuthorizationBearer;
+    /**
+     * Konfig override. Hianyzo mezok a default-okat orzik.
+     * Hivhato barmikor — a `verify()` a friss config-ot olvassa.
+     */
+    configure(config: DyNTS_AdminApiKey_Config): void;
+    /**
+     * Aktualis konfig olvasasa (test/diagnosztika celokra).
+     */
+    getConfig(): Required<DyNTS_AdminApiKey_Config>;
+    /**
+     * Pre-process function — atadhato `DyNTS_Endpoint_Params.preProcesses`-be,
+     * vagy `DyNTS_getLogsRoutingModule({ authPreProcess: ... })`-be.
+     *
+     * Throws:
+     *   - 500 ha az env var nincs beallitva (vagy ures string)
+     *   - 401 ha a header hianyzik vagy nem egyezik
+     *
+     * A `req`/`res` parametereket NEM modositja (a kerest tovabb engedi a tovabbi
+     * preProcess-eknek; csak hiba eseten throw-ol).
+     */
+    readonly verify: (req: Request, _res: Response) => Promise<void>;
+    /**
+     * Header lookup — elobb a primer header, aztan opcionalisan az Authorization Bearer.
+     * Az ures string is "hianyzo"-nak szamit (a Buffer.from('') es timingSafeEqual
+     * konzisztencia miatt).
+     */
+    private extractKeyFromRequest;
+    /**
+     * Timing-safe compare ket string kozott. Length-mismatch eseten egy dummy
+     * compare-rel azonos idot kenyszeritunk (a kulcs-hossz nem szivaroghat ki
+     * timing-attackal).
+     *
+     * crypto.timingSafeEqual KOTELEZOEN azonos Buffer-hosszt var — kulonbozo
+     * hosszra throw-ol, ezert vizsgaljuk elobb a length-et es csak utana
+     * compare-elunk.
+     */
+    private timingSafeEquals;
+    /**
+     * Test-only: visszaallitja a default config-ot, hogy a specfajlok ne szivarogjak
+     * at egymas state-jet. Production code NE hivja.
+     */
+    _resetForTesting(): void;
+}
+//# sourceMappingURL=admin-api-key.auth-service.d.ts.map

package/build/_modules/admin-auth/admin-api-key.auth-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-api-key.auth-service.d.ts","sourceRoot":"","sources":["../../../src/_modules/admin-auth/admin-api-key.auth-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAK5C,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAGzF,OAAO,EAAE,wBAAwB,EAAE,MAAM,0CAA0C,CAAC;AAsBpF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,qBAAa,6BAA8B,SAAQ,0BAA0B;IAE3E,MAAM,CAAC,WAAW,IAAI,6BAA6B;IAInD,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,UAAU,CAA+B;IACjD,OAAO,CAAC,wBAAwB,CAAiC;IAGjE;;;OAGG;IACH,SAAS,CAAC,MAAM,EAAE,wBAAwB,GAAG,IAAI;IAajD;;OAEG;IACH,SAAS,IAAI,QAAQ,CAAC,wBAAwB,CAAC;IAQ/C;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,MAAM,QAAe,OAAO,QAAQ,QAAQ,KAAG,OAAO,CAAC,IAAI,CAAC,CAqCnE;IAGF;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;IAuB7B;;;;;;;;OAQG;IACH,OAAO,CAAC,gBAAgB;IAexB;;;OAGG;IACH,gBAAgB,IAAI,IAAI;CAKzB"}

package/build/_modules/admin-auth/admin-api-key.auth-service.js

@@ -0,0 +1,195 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DyNTS_AdminApiKey_AuthService = void 0;
+const tslib_1 = require("tslib");
+const crypto = tslib_1.__importStar(require("crypto"));
+const fsm_dynamo_1 = require("@futdevpro/fsm-dynamo");
+const singleton_service_base_1 = require("../../_services/base/singleton.service-base");
+const global_settings_const_1 = require("../../_collections/global-settings.const");
+/** Default env var nev az admin API key-hez. */
+const DEFAULT_ENV_VAR_NAME = 'DYNTS_ADMIN_API_KEY';
+/** Default header nev (Express lowercase-re normalizalja az osszes header-t). */
+const DEFAULT_HEADER_NAME = 'x-admin-api-key';
+/** Default Bearer fallback engedelyezve van. */
+const DEFAULT_ALLOW_BEARER = true;
+/** Service-nev az error-okhoz. */
+const SERVICE_NAME = 'DyNTS_AdminApiKey_AuthService';
+/** ErrorCode prefix — system shortcode + saját kod. */
+const buildErrorCode = (subcode) => {
+    const sys = global_settings_const_1.DyNTS_global_settings.systemShortCodeName ?? 'DyNTS';
+    return `${sys}|DyNTS-AAK-${subcode}`;
+};
+/**
+ * Admin API key auth service — opt-in HTTP guard a meglevo `DyNTS_Endpoint_Params.preProcesses`
+ * mechanizmushoz. Egy env var-ban tarolt fix kulccsal valid-alja a bejovo kerest.
+ *
+ * **Hasznalat (host app):**
+ * ```ts
+ * const adminAuth = DyNTS_AdminApiKey_AuthService.getInstance();
+ * // opcionalis konfig:
+ * // adminAuth.configure({ envVarName: 'MY_KEY', headerName: 'x-my-key' });
+ *
+ * new DyNTS_Endpoint_Params({
+ *   ...,
+ *   preProcesses: [adminAuth.verify, ...other],
+ * });
+ *
+ * // vagy a logs routing module-on at
+ * DyNTS_getLogsRoutingModule({ authPreProcess: adminAuth.verify });
+ * ```
+ *
+ * **Viselkedes:**
+ * - env var beallitva ES helyes header → silent pass
+ * - env var beallitva, header hianyzik / rossz → 401 DyFM_Error
+ * - env var NINCS beallitva → 500 DyFM_Error (fail-closed; NEM silent allow)
+ *
+ * **Header lookup:**
+ * 1. `x-admin-api-key` (default canonical header)
+ * 2. `Authorization: Bearer <key>` (fallback ha `allowAuthorizationBearer === true`)
+ *
+ * **Timing-safe:** `crypto.timingSafeEqual` Buffer-konvertalassal. Length-mismatch
+ * eseten dummy compare-rel azonos idő, hogy a kulcs-hossz ne szivarogjon ki.
+ *
+ * **Env var read-on-each-call:** a `verify()` minden hivasnal olvassa az env-et,
+ * nem cache-eli. Igy a host az env-et utolagosan is allithatja (pl. config
+ * loader az auth.service.install() utan).
+ *
+ * **Singleton:** `getInstance()`-szel hivd. A `.verify` mezo binding-elve van
+ * `this`-re, igy direkt atadhato `preProcesses`-be ujracsomagolas nelkul.
+ */
+class DyNTS_AdminApiKey_AuthService extends singleton_service_base_1.DyNTS_SingletonServiceBase {
+    static getInstance() {
+        return DyNTS_AdminApiKey_AuthService.getSingletonInstance();
+    }
+    envVarName = DEFAULT_ENV_VAR_NAME;
+    headerName = DEFAULT_HEADER_NAME;
+    allowAuthorizationBearer = DEFAULT_ALLOW_BEARER;
+    /**
+     * Konfig override. Hianyzo mezok a default-okat orzik.
+     * Hivhato barmikor — a `verify()` a friss config-ot olvassa.
+     */
+    configure(config) {
+        if (config.envVarName !== undefined) {
+            this.envVarName = config.envVarName;
+        }
+        if (config.headerName !== undefined) {
+            // Express lowercase-re normalizal — itt is lowercase-eljuk a konzisztenciaert
+            this.headerName = config.headerName.toLowerCase();
+        }
+        if (config.allowAuthorizationBearer !== undefined) {
+            this.allowAuthorizationBearer = config.allowAuthorizationBearer;
+        }
+    }
+    /**
+     * Aktualis konfig olvasasa (test/diagnosztika celokra).
+     */
+    getConfig() {
+        return {
+            envVarName: this.envVarName,
+            headerName: this.headerName,
+            allowAuthorizationBearer: this.allowAuthorizationBearer,
+        };
+    }
+    /**
+     * Pre-process function — atadhato `DyNTS_Endpoint_Params.preProcesses`-be,
+     * vagy `DyNTS_getLogsRoutingModule({ authPreProcess: ... })`-be.
+     *
+     * Throws:
+     *   - 500 ha az env var nincs beallitva (vagy ures string)
+     *   - 401 ha a header hianyzik vagy nem egyezik
+     *
+     * A `req`/`res` parametereket NEM modositja (a kerest tovabb engedi a tovabbi
+     * preProcess-eknek; csak hiba eseten throw-ol).
+     */
+    verify = async (req, _res) => {
+        const expectedKey = process.env[this.envVarName] ?? '';
+        if (expectedKey.length === 0) {
+            throw new fsm_dynamo_1.DyFM_Error({
+                status: 500,
+                errorCode: buildErrorCode('CONFIG'),
+                addECToUserMsg: true,
+                message: `Admin API key not configured: env var ${this.envVarName} is not set or empty`,
+                userMessage: 'Server configuration error',
+                issuerService: SERVICE_NAME,
+            });
+        }
+        const providedKey = this.extractKeyFromRequest(req);
+        if (providedKey === null) {
+            throw new fsm_dynamo_1.DyFM_Error({
+                status: 401,
+                errorCode: buildErrorCode('MISSING'),
+                addECToUserMsg: true,
+                message: `Admin API key required (expected header: ${this.headerName})`,
+                userMessage: 'Admin API key required',
+                issuerService: SERVICE_NAME,
+            });
+        }
+        if (!this.timingSafeEquals(providedKey, expectedKey)) {
+            throw new fsm_dynamo_1.DyFM_Error({
+                status: 401,
+                errorCode: buildErrorCode('INVALID'),
+                addECToUserMsg: true,
+                message: 'Admin API key invalid',
+                userMessage: 'Admin API key invalid',
+                issuerService: SERVICE_NAME,
+            });
+        }
+        // Silent pass — return resolved promise
+    };
+    /**
+     * Header lookup — elobb a primer header, aztan opcionalisan az Authorization Bearer.
+     * Az ures string is "hianyzo"-nak szamit (a Buffer.from('') es timingSafeEqual
+     * konzisztencia miatt).
+     */
+    extractKeyFromRequest(req) {
+        // Primer header
+        const primary = req.headers[this.headerName];
+        const primaryStr = Array.isArray(primary) ? primary[0] ?? '' : (typeof primary === 'string' ? primary : '');
+        if (primaryStr.length > 0) {
+            return primaryStr;
+        }
+        // Authorization Bearer fallback
+        if (this.allowAuthorizationBearer) {
+            const authHeader = req.headers['authorization'];
+            const authStr = Array.isArray(authHeader) ? authHeader[0] ?? '' : (typeof authHeader === 'string' ? authHeader : '');
+            if (authStr.toLowerCase().startsWith('bearer ')) {
+                const token = authStr.substring(7).trim();
+                if (token.length > 0) {
+                    return token;
+                }
+            }
+        }
+        return null;
+    }
+    /**
+     * Timing-safe compare ket string kozott. Length-mismatch eseten egy dummy
+     * compare-rel azonos idot kenyszeritunk (a kulcs-hossz nem szivaroghat ki
+     * timing-attackal).
+     *
+     * crypto.timingSafeEqual KOTELEZOEN azonos Buffer-hosszt var — kulonbozo
+     * hosszra throw-ol, ezert vizsgaljuk elobb a length-et es csak utana
+     * compare-elunk.
+     */
+    timingSafeEquals(a, b) {
+        const aBuf = Buffer.from(a, 'utf-8');
+        const bBuf = Buffer.from(b, 'utf-8');
+        if (aBuf.length !== bBuf.length) {
+            // Dummy compare ugyanazzal a string-gel: konstans ideju mukodest biztosit
+            // mielott visszaternenk false-szal — igy a length-mismatch nem szivaroghat ki.
+            crypto.timingSafeEqual(bBuf, bBuf);
+            return false;
+        }
+        return crypto.timingSafeEqual(aBuf, bBuf);
+    }
+    /**
+     * Test-only: visszaallitja a default config-ot, hogy a specfajlok ne szivarogjak
+     * at egymas state-jet. Production code NE hivja.
+     */
+    _resetForTesting() {
+        this.envVarName = DEFAULT_ENV_VAR_NAME;
+        this.headerName = DEFAULT_HEADER_NAME;
+        this.allowAuthorizationBearer = DEFAULT_ALLOW_BEARER;
+    }
+}
+exports.DyNTS_AdminApiKey_AuthService = DyNTS_AdminApiKey_AuthService;
+//# sourceMappingURL=admin-api-key.auth-service.js.map

package/build/_modules/admin-auth/admin-api-key.auth-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-api-key.auth-service.js","sourceRoot":"","sources":["../../../src/_modules/admin-auth/admin-api-key.auth-service.ts"],"names":[],"mappings":";;;;AACA,uDAAiC;AAEjC,sDAAmD;AAEnD,wFAAyF;AACzF,oFAAiF;AAKjF,gDAAgD;AAChD,MAAM,oBAAoB,GAAW,qBAAqB,CAAC;AAE3D,iFAAiF;AACjF,MAAM,mBAAmB,GAAW,iBAAiB,CAAC;AAEtD,gDAAgD;AAChD,MAAM,oBAAoB,GAAY,IAAI,CAAC;AAE3C,kCAAkC;AAClC,MAAM,YAAY,GAAW,+BAA+B,CAAC;AAE7D,uDAAuD;AACvD,MAAM,cAAc,GAAG,CAAC,OAAe,EAAU,EAAE;IACjD,MAAM,GAAG,GAAW,6CAAqB,CAAC,mBAAmB,IAAI,OAAO,CAAC;IACzE,OAAO,GAAG,GAAG,cAAc,OAAO,EAAE,CAAC;AACvC,CAAC,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAa,6BAA8B,SAAQ,mDAA0B;IAE3E,MAAM,CAAC,WAAW;QAChB,OAAO,6BAA6B,CAAC,oBAAoB,EAAmC,CAAC;IAC/F,CAAC;IAEO,UAAU,GAAW,oBAAoB,CAAC;IAC1C,UAAU,GAAW,mBAAmB,CAAC;IACzC,wBAAwB,GAAY,oBAAoB,CAAC;IAGjE;;;OAGG;IACH,SAAS,CAAC,MAAgC;QACxC,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QACtC,CAAC;QACD,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACpC,8EAA8E;YAC9E,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;QACpD,CAAC;QACD,IAAI,MAAM,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;YAClD,IAAI,CAAC,wBAAwB,GAAG,MAAM,CAAC,wBAAwB,CAAC;QAClE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO;YACL,UAAU,EAAgB,IAAI,CAAC,UAAU;YACzC,UAAU,EAAgB,IAAI,CAAC,UAAU;YACzC,wBAAwB,EAAE,IAAI,CAAC,wBAAwB;SACxD,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACM,MAAM,GAAG,KAAK,EAAE,GAAY,EAAE,IAAc,EAAiB,EAAE;QACtE,MAAM,WAAW,GAAW,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QAC/D,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,uBAAU,CAAC;gBACnB,MAAM,EAAE,GAAG;gBACX,SAAS,EAAE,cAAc,CAAC,QAAQ,CAAC;gBACnC,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,yCAAyC,IAAI,CAAC,UAAU,sBAAsB;gBACvF,WAAW,EAAE,4BAA4B;gBACzC,aAAa,EAAE,YAAY;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAkB,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;QACnE,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,MAAM,IAAI,uBAAU,CAAC;gBACnB,MAAM,EAAE,GAAG;gBACX,SAAS,EAAE,cAAc,CAAC,SAAS,CAAC;gBACpC,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,4CAA4C,IAAI,CAAC,UAAU,GAAG;gBACvE,WAAW,EAAE,wBAAwB;gBACrC,aAAa,EAAE,YAAY;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,uBAAU,CAAC;gBACnB,MAAM,EAAE,GAAG;gBACX,SAAS,EAAE,cAAc,CAAC,SAAS,CAAC;gBACpC,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,uBAAuB;gBAChC,WAAW,EAAE,uBAAuB;gBACpC,aAAa,EAAE,YAAY;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,wCAAwC;IAC1C,CAAC,CAAC;IAGF;;;;OAIG;IACK,qBAAqB,CAAC,GAAY;QACxC,gBAAgB;QAChB,MAAM,OAAO,GAAY,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtD,MAAM,UAAU,GAAW,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACpH,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,gCAAgC;QAChC,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;YAClC,MAAM,UAAU,GAAY,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YACzD,MAAM,OAAO,GAAW,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC7H,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAChD,MAAM,KAAK,GAAW,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAClD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;OAQG;IACK,gBAAgB,CAAC,CAAS,EAAE,CAAS;QAC3C,MAAM,IAAI,GAAW,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAC7C,MAAM,IAAI,GAAW,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAE7C,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,0EAA0E;YAC1E,+EAA+E;YAC/E,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACnC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC;IAGD;;;OAGG;IACH,gBAAgB;QACd,IAAI,CAAC,UAAU,GAAiB,oBAAoB,CAAC;QACrD,IAAI,CAAC,UAAU,GAAiB,mBAAmB,CAAC;QACpD,IAAI,CAAC,wBAAwB,GAAG,oBAAoB,CAAC;IACvD,CAAC;CACF;AAvJD,sEAuJC"}

package/build/_modules/admin-auth/index.d.ts

@@ -0,0 +1,3 @@
+export { DyNTS_AdminApiKey_AuthService } from './admin-api-key.auth-service';
+export { DyNTS_AdminApiKey_Config } from './_models/admin-api-key-config.interface';
+//# sourceMappingURL=index.d.ts.map

package/build/_modules/admin-auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/_modules/admin-auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,8BAA8B,CAAC;AAC7E,OAAO,EAAE,wBAAwB,EAAE,MAAM,0CAA0C,CAAC"}

package/build/_modules/admin-auth/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DyNTS_AdminApiKey_AuthService = void 0;
+var admin_api_key_auth_service_1 = require("./admin-api-key.auth-service");
+Object.defineProperty(exports, "DyNTS_AdminApiKey_AuthService", { enumerable: true, get: function () { return admin_api_key_auth_service_1.DyNTS_AdminApiKey_AuthService; } });
+//# sourceMappingURL=index.js.map

package/build/_modules/admin-auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/_modules/admin-auth/index.ts"],"names":[],"mappings":";;;AAAA,2EAA6E;AAApE,2IAAA,6BAA6B,OAAA"}

package/build/_modules/logs/_models/file-log-entry.interface.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Egy log fajl meta-adata a listazasban.
+ */
+export interface DyNTS_FileLog_Entry {
+    /** Fajlnev (csak basename — NEM teljes path). */
+    name: string;
+    /** Fajlmeret byte-ban. */
+    sizeBytes: number;
+    /** Modositasi ido ms-ban (mtimeMs). */
+    mtimeMs: number;
+    /** Igaz, ha ez az aktualis aktiv session fajlja. */
+    isCurrent: boolean;
+}
+//# sourceMappingURL=file-log-entry.interface.d.ts.map

package/build/_modules/logs/_models/file-log-entry.interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-log-entry.interface.d.ts","sourceRoot":"","sources":["../../../../src/_modules/logs/_models/file-log-entry.interface.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,iDAAiD;IACjD,IAAI,EAAE,MAAM,CAAC;IACb,0BAA0B;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,SAAS,EAAE,OAAO,CAAC;CACpB"}

package/build/_modules/logs/_models/file-log-entry.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=file-log-entry.interface.js.map

package/build/_modules/logs/_models/file-log-entry.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-log-entry.interface.js","sourceRoot":"","sources":["../../../../src/_modules/logs/_models/file-log-entry.interface.ts"],"names":[],"mappings":""}

package/build/_modules/logs/_models/file-log-read-result.interface.d.ts

@@ -0,0 +1,36 @@
+/**
+ * `readLogFile()` valaszobjektum.
+ */
+export interface DyNTS_FileLog_ReadResult {
+    /** Fajlnev (csak basename). */
+    name: string;
+    /** Teljes fajlmeret byte-ban. */
+    sizeBytes: number;
+    /** A fajlban talalhato osszes sor szama. */
+    totalLines: number;
+    /** A visszaadott sorok. */
+    lines: string[];
+    /** Mod amiben olvastunk: 'tail' | 'head' | 'range'. */
+    mode: 'tail' | 'head' | 'range';
+    /** Visszaadott tartomany 1-based start (range/tail/head normalizalva). */
+    rangeStart: number;
+    /** Visszaadott tartomany 1-based end (inclusive). */
+    rangeEnd: number;
+}
+/**
+ * `readLogFile(name, options)` opciok.
+ *
+ * Egyetlen mod aktiv egyszerre. Prioritas: range > head > tail.
+ * Egyik sem megadott → default `tail: 200`.
+ */
+export interface DyNTS_FileLog_ReadOptions {
+    /** Utolso N sor (default mod ha semmi mas nincs). */
+    tail?: number;
+    /** Elso N sor. */
+    head?: number;
+    /** 1-based line range start (inclusive). `rangeEnd` is kell. */
+    rangeStart?: number;
+    /** 1-based line range end (inclusive). */
+    rangeEnd?: number;
+}
+//# sourceMappingURL=file-log-read-result.interface.d.ts.map

package/build/_modules/logs/_models/file-log-read-result.interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-log-read-result.interface.d.ts","sourceRoot":"","sources":["../../../../src/_modules/logs/_models/file-log-read-result.interface.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,UAAU,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,uDAAuD;IACvD,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAChC,0EAA0E;IAC1E,UAAU,EAAE,MAAM,CAAC;IACnB,qDAAqD;IACrD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAGD;;;;;GAKG;AACH,MAAM,WAAW,yBAAyB;IACxC,qDAAqD;IACrD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kBAAkB;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}

package/build/_modules/logs/_models/file-log-read-result.interface.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=file-log-read-result.interface.js.map

package/build/_modules/logs/_models/file-log-read-result.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-log-read-result.interface.js","sourceRoot":"","sources":["../../../../src/_modules/logs/_models/file-log-read-result.interface.ts"],"names":[],"mappings":""}

package/build/_modules/logs/file-log.service.d.ts

@@ -1,4 +1,6 @@
 import { DyNTS_SingletonServiceBase } from '../../_services/base/singleton.service-base';
+import { DyNTS_FileLog_Entry } from './_models/file-log-entry.interface';
+import { DyNTS_FileLog_ReadOptions, DyNTS_FileLog_ReadResult } from './_models/file-log-read-result.interface';
 /**
  * File-based szerver log service — duplikalja a stdout/stderr-t per-session
  * log fajl(ok)ba, miközben a console kimenet erintetlenul marad. Az
@@ -48,6 +50,50 @@ export declare class DyNTS_FileLog_Service extends DyNTS_SingletonServiceBase {
      * ha az install() sikeresen lefutott; egyebkent ures string).
      */
     getCurrentLogPath(): string;
+    /**
+     * Az aktualis aktiv log fajl basename-je (NEM teljes path). Csak akkor
+     * nem-ures, ha az install() sikeresen lefutott.
+     */
+    getCurrentLogFilename(): string;
+    /**
+     * Aktiv log dir abszolut path-ja. Csak akkor nem-ures, ha az install()
+     * sikeresen lefutott.
+     */
+    getActiveLogDir(): string;
+    /**
+     * Aktiv filename prefix (a service config-jabol). Hasznalja a controller
+     * a request-fajlnev whitelist regex epitesehez.
+     */
+    getFilenamePrefix(): string;
+    /**
+     * Osszes log fajl listazasa az aktiv log dir-bol. Csak a service prefix-evel
+     * matchelo fajlokat veszi (`{prefix}*.log`).
+     *
+     * Rendezes: mtime DESC (legujabb elol). Hibakat csendben elnyel — ha a dir
+     * nem letezik vagy nem olvashato, ures array-t ad vissza.
+     */
+    listLogFiles(): DyNTS_FileLog_Entry[];
+    /**
+     * Egy konkret log fajl olvasasa, line-based mode-ban (tail / head / range).
+     *
+     * **Biztonsagi safeguards:**
+     * - Filename whitelist: `{prefix}*.log` mintara matchelo nev kotelezo
+     * - Path resolution `path.resolve(activeLogDir, name)` + `startsWith(activeLogDir)` (path traversal vedelem)
+     * - Sor szam cap: `MAX_READ_LINES` (10000)
+     *
+     * **Hibak:**
+     * - Throw `Error('not installed')` ha a service nincs install-olva
+     * - Throw `Error('invalid filename')` ha a name nem matchel a whitelist-re VAGY kilep az activeLogDir-bol
+     * - Throw `Error('file not found')` ha a fajl nem letezik
+     *
+     * A hivot kell vigyaznia hogy ezeket HTTP status code-okra forditja.
+     */
+    readLogFile(name: string, options?: DyNTS_FileLog_ReadOptions): DyNTS_FileLog_ReadResult;
+    /**
+     * Filename whitelist ellenorzes. Csak a service prefix-evel matchelo,
+     * biztonsagos karakterkeszletu fajlnev megengedett.
+     */
+    private isValidFilename;
     /**
      * Telepitve van-e (csak akkor true, ha az enabled === true es a setup nem bukott).
      */

package/build/_modules/logs/file-log.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"file-log.service.d.ts","sourceRoot":"","sources":["../../../src/_modules/logs/file-log.service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAsBzF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,qBAAsB,SAAQ,0BAA0B;IAEnE,MAAM,CAAC,WAAW,IAAI,qBAAqB;IAI3C,OAAO,CAAC,SAAS,CAAkB;IACnC,OAAO,CAAC,YAAY,CAAc;IAClC,OAAO,CAAC,cAAc,CAAmC;IACzD,OAAO,CAAC,gBAAgB,CAAkD;IAC1E,OAAO,CAAC,QAAQ,CAA6B;IAC7C,OAAO,CAAC,aAAa,CAAkC;IACvD,OAAO,CAAC,gBAAgB,CAA+B;IACvD,OAAO,CAAC,cAAc,CAAc;IACpC,OAAO,CAAC,mBAAmB,CAAa;IAExC,OAAO,CAAC,mBAAmB,CAA4C;IACvE,OAAO,CAAC,mBAAmB,CAA4C;IAGvE;;;;;;OAMG;IACH,OAAO,IAAI,IAAI;IAoEf;;;OAGG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;;OAGG;IACH,mBAAmB,IAAI,IAAI;IAgB3B;;;;OAIG;IACH,OAAO,CAAC,oBAAoB;IAa5B;;;;OAIG;IACH,OAAO,CAAC,QAAQ;IAsBhB;;;OAGG;IACH,OAAO,CAAC,MAAM;IAWd;;;;;;;OAOG;IACH,OAAO,CAAC,cAAc;CAoCvB"}
+{"version":3,"file":"file-log.service.d.ts","sourceRoot":"","sources":["../../../src/_modules/logs/file-log.service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,0BAA0B,EAAE,MAAM,6CAA6C,CAAC;AAEzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,EAAE,yBAAyB,EAAE,wBAAwB,EAAE,MAAM,0CAA0C,CAAC;AA2B/G;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,qBAAsB,SAAQ,0BAA0B;IAEnE,MAAM,CAAC,WAAW,IAAI,qBAAqB;IAI3C,OAAO,CAAC,SAAS,CAAkB;IACnC,OAAO,CAAC,YAAY,CAAc;IAClC,OAAO,CAAC,cAAc,CAAmC;IACzD,OAAO,CAAC,gBAAgB,CAAkD;IAC1E,OAAO,CAAC,QAAQ,CAA6B;IAC7C,OAAO,CAAC,aAAa,CAAkC;IACvD,OAAO,CAAC,gBAAgB,CAA+B;IACvD,OAAO,CAAC,cAAc,CAAc;IACpC,OAAO,CAAC,mBAAmB,CAAa;IAExC,OAAO,CAAC,mBAAmB,CAA4C;IACvE,OAAO,CAAC,mBAAmB,CAA4C;IAGvE;;;;;;OAMG;IACH,OAAO,IAAI,IAAI;IAoEf;;;OAGG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;;OAGG;IACH,qBAAqB,IAAI,MAAM;IAK/B;;;OAGG;IACH,eAAe,IAAI,MAAM;IAIzB;;;OAGG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;;;;;OAMG;IACH,YAAY,IAAI,mBAAmB,EAAE;IAiCrC;;;;;;;;;;;;;;OAcG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,GAAE,yBAA8B,GAAG,wBAAwB;IAiF5F;;;OAGG;IACH,OAAO,CAAC,eAAe;IAUvB;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;;OAGG;IACH,mBAAmB,IAAI,IAAI;IAgB3B;;;;OAIG;IACH,OAAO,CAAC,oBAAoB;IAa5B;;;;OAIG;IACH,OAAO,CAAC,QAAQ;IAsBhB;;;OAGG;IACH,OAAO,CAAC,MAAM;IAWd;;;;;;;OAOG;IACH,OAAO,CAAC,cAAc;CAoCvB"}