@futdevpro/nts-dynamo 1.15.19 → 1.15.21

package/src/_modules/admin-auth/admin-api-key.auth-service.spec.ts

@@ -0,0 +1,200 @@
+import { Request, Response } from 'express';
+
+import { DyFM_Error } from '@futdevpro/fsm-dynamo';
+
+import { DyNTS_AdminApiKey_AuthService } from './admin-api-key.auth-service';
+
+
+const TEST_KEY: string = 'super-secret-admin-key-1234567890';
+const TEST_ENV_VAR: string = 'DYNTS_ADMIN_API_KEY';
+
+
+/** Test-only — minimal Request mock-ot ad vissza adott headers-szel. */
+const mockReq = (headers: Record<string, string | undefined> = {}): Request => {
+  return { headers: headers } as unknown as Request;
+};
+
+/** Test-only — minimal Response stub (verify nem irja, csak typing miatt kell). */
+const mockRes = (): Response => {
+  return {} as unknown as Response;
+};
+
+
+describe('| DyNTS_AdminApiKey_AuthService', (): void => {
+  let svc: DyNTS_AdminApiKey_AuthService;
+  let originalEnv: string | undefined;
+
+  beforeEach((): void => {
+    svc = DyNTS_AdminApiKey_AuthService.getInstance();
+    svc._resetForTesting();
+    originalEnv = process.env[TEST_ENV_VAR];
+  });
+
+  afterEach((): void => {
+    svc._resetForTesting();
+    if (originalEnv === undefined) {
+      delete process.env[TEST_ENV_VAR];
+    } else {
+      process.env[TEST_ENV_VAR] = originalEnv;
+    }
+  });
+
+
+  describe('| verify() — config errors', (): void => {
+    it('| 500 ha az env var nincs beallitva', async (): Promise<void> => {
+      delete process.env[TEST_ENV_VAR];
+      let thrown: any = null;
+      try { await svc.verify(mockReq({}), mockRes()); } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(500);
+      expect(DyFM_Error.getErrorCode(thrown)).toContain('DyNTS-AAK-CONFIG');
+    });
+
+    it('| 500 ha az env var ures string', async (): Promise<void> => {
+      process.env[TEST_ENV_VAR] = '';
+      let thrown: any = null;
+      try { await svc.verify(mockReq({}), mockRes()); } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(500);
+    });
+  });
+
+  describe('| verify() — auth errors', (): void => {
+    beforeEach((): void => { process.env[TEST_ENV_VAR] = TEST_KEY; });
+
+    it('| 401 ha a header teljesen hianyzik', async (): Promise<void> => {
+      let thrown: any = null;
+      try { await svc.verify(mockReq({}), mockRes()); } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(401);
+      expect(DyFM_Error.getErrorCode(thrown)).toContain('DyNTS-AAK-MISSING');
+    });
+
+    it('| 401 ha a header rossz erteku', async (): Promise<void> => {
+      let thrown: any = null;
+      try {
+        await svc.verify(mockReq({ 'x-admin-api-key': 'wrong-key' }), mockRes());
+      } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(401);
+      expect(DyFM_Error.getErrorCode(thrown)).toContain('DyNTS-AAK-INVALID');
+    });
+
+    it('| 401 length-mismatch eseten is (timing-safe path)', async (): Promise<void> => {
+      let thrown: any = null;
+      try {
+        await svc.verify(mockReq({ 'x-admin-api-key': 'short' }), mockRes());
+      } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(401);
+      expect(DyFM_Error.getErrorCode(thrown)).toContain('DyNTS-AAK-INVALID');
+    });
+  });
+
+  describe('| verify() — happy paths', (): void => {
+    beforeEach((): void => { process.env[TEST_ENV_VAR] = TEST_KEY; });
+
+    it('| silent pass ha az x-admin-api-key header egyezik', async (): Promise<void> => {
+      await expectAsync(
+        svc.verify(mockReq({ 'x-admin-api-key': TEST_KEY }), mockRes()),
+      ).toBeResolved();
+    });
+
+    it('| silent pass Authorization Bearer fallback-bol (default engedelyezve)', async (): Promise<void> => {
+      await expectAsync(
+        svc.verify(mockReq({ authorization: `Bearer ${TEST_KEY}` }), mockRes()),
+      ).toBeResolved();
+    });
+
+    it('| silent pass Authorization Bearer kis-nagybetu case-insensitive', async (): Promise<void> => {
+      await expectAsync(
+        svc.verify(mockReq({ authorization: `bearer ${TEST_KEY}` }), mockRes()),
+      ).toBeResolved();
+    });
+  });
+
+  describe('| configure() — overrides', (): void => {
+    it('| custom envVarName-bol olvas', async (): Promise<void> => {
+      svc.configure({ envVarName: 'MY_CUSTOM_KEY' });
+      process.env['MY_CUSTOM_KEY'] = TEST_KEY;
+
+      await expectAsync(
+        svc.verify(mockReq({ 'x-admin-api-key': TEST_KEY }), mockRes()),
+      ).toBeResolved();
+
+      delete process.env['MY_CUSTOM_KEY'];
+    });
+
+    it('| custom headerName-rol olvas', async (): Promise<void> => {
+      process.env[TEST_ENV_VAR] = TEST_KEY;
+      svc.configure({ headerName: 'x-my-admin' });
+
+      // Default x-admin-api-key MOSTANTOL NEM mukodik
+      let thrown: any = null;
+      try {
+        await svc.verify(mockReq({ 'x-admin-api-key': TEST_KEY }), mockRes());
+      } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(401);
+
+      // Az uj header viszont igen
+      await expectAsync(
+        svc.verify(mockReq({ 'x-my-admin': TEST_KEY }), mockRes()),
+      ).toBeResolved();
+    });
+
+    it('| allowAuthorizationBearer=false letiltja a Bearer fallback-et', async (): Promise<void> => {
+      process.env[TEST_ENV_VAR] = TEST_KEY;
+      svc.configure({ allowAuthorizationBearer: false });
+
+      let thrown: any = null;
+      try {
+        await svc.verify(mockReq({ authorization: `Bearer ${TEST_KEY}` }), mockRes());
+      } catch (e) { thrown = e; }
+      expect(thrown).not.toBeNull();
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(401);
+    });
+
+    it('| configure() partial override — a tobbi mezo default marad', (): void => {
+      svc.configure({ headerName: 'x-only-header' });
+      const config = svc.getConfig();
+      expect(config.headerName).toBe('x-only-header');
+      expect(config.envVarName).toBe('DYNTS_ADMIN_API_KEY');
+      expect(config.allowAuthorizationBearer).toBe(true);
+    });
+
+    it('| configure() headerName lowercase-re normalizal', (): void => {
+      svc.configure({ headerName: 'X-Mixed-Case-Header' });
+      expect(svc.getConfig().headerName).toBe('x-mixed-case-header');
+    });
+  });
+
+  describe('| env-read-on-each-call (dynamic)', (): void => {
+    it('| env var update kozben hat: install-utani env-modositas ervenyes', async (): Promise<void> => {
+      delete process.env[TEST_ENV_VAR];
+      // Elso hivas: env hianyzik → 500
+      let thrown: any = null;
+      try { await svc.verify(mockReq({}), mockRes()); } catch (e) { thrown = e; }
+      expect(DyFM_Error.getErrorStatus(thrown)).toBe(500);
+
+      // Most allitsuk be az env-et
+      process.env[TEST_ENV_VAR] = TEST_KEY;
+
+      // Masodik hivas helyes header-rel → pass
+      await expectAsync(
+        svc.verify(mockReq({ 'x-admin-api-key': TEST_KEY }), mockRes()),
+      ).toBeResolved();
+    });
+  });
+
+  describe('| .verify binding', (): void => {
+    it('| verify atadhato preProcesses-be detached method-kent (this-binding megtarttva)', async (): Promise<void> => {
+      process.env[TEST_ENV_VAR] = TEST_KEY;
+      const detached: (req: Request, res: Response) => Promise<void> = svc.verify;
+      // NEM call-ban svc.verify(...) hanem szabad fuggveny-kent — bindelt this-re kell hagyatkozni
+      await expectAsync(
+        detached(mockReq({ 'x-admin-api-key': TEST_KEY }), mockRes()),
+      ).toBeResolved();
+    });
+  });
+});

package/src/_modules/admin-auth/admin-api-key.auth-service.ts

@@ -0,0 +1,220 @@
+import { Request, Response } from 'express';
+import * as crypto from 'crypto';
+
+import { DyFM_Error } from '@futdevpro/fsm-dynamo';
+
+import { DyNTS_SingletonServiceBase } from '../../_services/base/singleton.service-base';
+import { DyNTS_global_settings } from '../../_collections/global-settings.const';
+
+import { DyNTS_AdminApiKey_Config } from './_models/admin-api-key-config.interface';
+
+
+/** Default env var nev az admin API key-hez. */
+const DEFAULT_ENV_VAR_NAME: string = 'DYNTS_ADMIN_API_KEY';
+
+/** Default header nev (Express lowercase-re normalizalja az osszes header-t). */
+const DEFAULT_HEADER_NAME: string = 'x-admin-api-key';
+
+/** Default Bearer fallback engedelyezve van. */
+const DEFAULT_ALLOW_BEARER: boolean = true;
+
+/** Service-nev az error-okhoz. */
+const SERVICE_NAME: string = 'DyNTS_AdminApiKey_AuthService';
+
+/** ErrorCode prefix — system shortcode + saját kod. */
+const buildErrorCode = (subcode: string): string => {
+  const sys: string = DyNTS_global_settings.systemShortCodeName ?? 'DyNTS';
+  return `${sys}|DyNTS-AAK-${subcode}`;
+};
+
+
+/**
+ * Admin API key auth service — opt-in HTTP guard a meglevo `DyNTS_Endpoint_Params.preProcesses`
+ * mechanizmushoz. Egy env var-ban tarolt fix kulccsal valid-alja a bejovo kerest.
+ *
+ * **Hasznalat (host app):**
+ * ```ts
+ * const adminAuth = DyNTS_AdminApiKey_AuthService.getInstance();
+ * // opcionalis konfig:
+ * // adminAuth.configure({ envVarName: 'MY_KEY', headerName: 'x-my-key' });
+ *
+ * new DyNTS_Endpoint_Params({
+ *   ...,
+ *   preProcesses: [adminAuth.verify, ...other],
+ * });
+ *
+ * // vagy a logs routing module-on at
+ * DyNTS_getLogsRoutingModule({ authPreProcess: adminAuth.verify });
+ * ```
+ *
+ * **Viselkedes:**
+ * - env var beallitva ES helyes header → silent pass
+ * - env var beallitva, header hianyzik / rossz → 401 DyFM_Error
+ * - env var NINCS beallitva → 500 DyFM_Error (fail-closed; NEM silent allow)
+ *
+ * **Header lookup:**
+ * 1. `x-admin-api-key` (default canonical header)
+ * 2. `Authorization: Bearer <key>` (fallback ha `allowAuthorizationBearer === true`)
+ *
+ * **Timing-safe:** `crypto.timingSafeEqual` Buffer-konvertalassal. Length-mismatch
+ * eseten dummy compare-rel azonos idő, hogy a kulcs-hossz ne szivarogjon ki.
+ *
+ * **Env var read-on-each-call:** a `verify()` minden hivasnal olvassa az env-et,
+ * nem cache-eli. Igy a host az env-et utolagosan is allithatja (pl. config
+ * loader az auth.service.install() utan).
+ *
+ * **Singleton:** `getInstance()`-szel hivd. A `.verify` mezo binding-elve van
+ * `this`-re, igy direkt atadhato `preProcesses`-be ujracsomagolas nelkul.
+ */
+export class DyNTS_AdminApiKey_AuthService extends DyNTS_SingletonServiceBase {
+
+  static getInstance(): DyNTS_AdminApiKey_AuthService {
+    return DyNTS_AdminApiKey_AuthService.getSingletonInstance() as DyNTS_AdminApiKey_AuthService;
+  }
+
+  private envVarName: string = DEFAULT_ENV_VAR_NAME;
+  private headerName: string = DEFAULT_HEADER_NAME;
+  private allowAuthorizationBearer: boolean = DEFAULT_ALLOW_BEARER;
+
+
+  /**
+   * Konfig override. Hianyzo mezok a default-okat orzik.
+   * Hivhato barmikor — a `verify()` a friss config-ot olvassa.
+   */
+  configure(config: DyNTS_AdminApiKey_Config): void {
+    if (config.envVarName !== undefined) {
+      this.envVarName = config.envVarName;
+    }
+    if (config.headerName !== undefined) {
+      // Express lowercase-re normalizal — itt is lowercase-eljuk a konzisztenciaert
+      this.headerName = config.headerName.toLowerCase();
+    }
+    if (config.allowAuthorizationBearer !== undefined) {
+      this.allowAuthorizationBearer = config.allowAuthorizationBearer;
+    }
+  }
+
+  /**
+   * Aktualis konfig olvasasa (test/diagnosztika celokra).
+   */
+  getConfig(): Required<DyNTS_AdminApiKey_Config> {
+    return {
+      envVarName:               this.envVarName,
+      headerName:               this.headerName,
+      allowAuthorizationBearer: this.allowAuthorizationBearer,
+    };
+  }
+
+  /**
+   * Pre-process function — atadhato `DyNTS_Endpoint_Params.preProcesses`-be,
+   * vagy `DyNTS_getLogsRoutingModule({ authPreProcess: ... })`-be.
+   *
+   * Throws:
+   *   - 500 ha az env var nincs beallitva (vagy ures string)
+   *   - 401 ha a header hianyzik vagy nem egyezik
+   *
+   * A `req`/`res` parametereket NEM modositja (a kerest tovabb engedi a tovabbi
+   * preProcess-eknek; csak hiba eseten throw-ol).
+   */
+  readonly verify = async (req: Request, _res: Response): Promise<void> => {
+    const expectedKey: string = process.env[this.envVarName] ?? '';
+    if (expectedKey.length === 0) {
+      throw new DyFM_Error({
+        status: 500,
+        errorCode: buildErrorCode('CONFIG'),
+        addECToUserMsg: true,
+        message: `Admin API key not configured: env var ${this.envVarName} is not set or empty`,
+        userMessage: 'Server configuration error',
+        issuerService: SERVICE_NAME,
+      });
+    }
+
+    const providedKey: string | null = this.extractKeyFromRequest(req);
+    if (providedKey === null) {
+      throw new DyFM_Error({
+        status: 401,
+        errorCode: buildErrorCode('MISSING'),
+        addECToUserMsg: true,
+        message: `Admin API key required (expected header: ${this.headerName})`,
+        userMessage: 'Admin API key required',
+        issuerService: SERVICE_NAME,
+      });
+    }
+
+    if (!this.timingSafeEquals(providedKey, expectedKey)) {
+      throw new DyFM_Error({
+        status: 401,
+        errorCode: buildErrorCode('INVALID'),
+        addECToUserMsg: true,
+        message: 'Admin API key invalid',
+        userMessage: 'Admin API key invalid',
+        issuerService: SERVICE_NAME,
+      });
+    }
+
+    // Silent pass — return resolved promise
+  };
+
+
+  /**
+   * Header lookup — elobb a primer header, aztan opcionalisan az Authorization Bearer.
+   * Az ures string is "hianyzo"-nak szamit (a Buffer.from('') es timingSafeEqual
+   * konzisztencia miatt).
+   */
+  private extractKeyFromRequest(req: Request): string | null {
+    // Primer header
+    const primary: unknown = req.headers[this.headerName];
+    const primaryStr: string = Array.isArray(primary) ? primary[0] ?? '' : (typeof primary === 'string' ? primary : '');
+    if (primaryStr.length > 0) {
+      return primaryStr;
+    }
+
+    // Authorization Bearer fallback
+    if (this.allowAuthorizationBearer) {
+      const authHeader: unknown = req.headers['authorization'];
+      const authStr: string = Array.isArray(authHeader) ? authHeader[0] ?? '' : (typeof authHeader === 'string' ? authHeader : '');
+      if (authStr.toLowerCase().startsWith('bearer ')) {
+        const token: string = authStr.substring(7).trim();
+        if (token.length > 0) {
+          return token;
+        }
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Timing-safe compare ket string kozott. Length-mismatch eseten egy dummy
+   * compare-rel azonos idot kenyszeritunk (a kulcs-hossz nem szivaroghat ki
+   * timing-attackal).
+   *
+   * crypto.timingSafeEqual KOTELEZOEN azonos Buffer-hosszt var — kulonbozo
+   * hosszra throw-ol, ezert vizsgaljuk elobb a length-et es csak utana
+   * compare-elunk.
+   */
+  private timingSafeEquals(a: string, b: string): boolean {
+    const aBuf: Buffer = Buffer.from(a, 'utf-8');
+    const bBuf: Buffer = Buffer.from(b, 'utf-8');
+
+    if (aBuf.length !== bBuf.length) {
+      // Dummy compare ugyanazzal a string-gel: konstans ideju mukodest biztosit
+      // mielott visszaternenk false-szal — igy a length-mismatch nem szivaroghat ki.
+      crypto.timingSafeEqual(bBuf, bBuf);
+      return false;
+    }
+
+    return crypto.timingSafeEqual(aBuf, bBuf);
+  }
+
+
+  /**
+   * Test-only: visszaallitja a default config-ot, hogy a specfajlok ne szivarogjak
+   * at egymas state-jet. Production code NE hivja.
+   */
+  _resetForTesting(): void {
+    this.envVarName               = DEFAULT_ENV_VAR_NAME;
+    this.headerName               = DEFAULT_HEADER_NAME;
+    this.allowAuthorizationBearer = DEFAULT_ALLOW_BEARER;
+  }
+}

package/src/_modules/admin-auth/index.ts

@@ -0,0 +1,2 @@
+export { DyNTS_AdminApiKey_AuthService } from './admin-api-key.auth-service';
+export { DyNTS_AdminApiKey_Config } from './_models/admin-api-key-config.interface';

package/src/_modules/logs/_models/file-log-entry.interface.ts

@@ -0,0 +1,13 @@
+/**
+ * Egy log fajl meta-adata a listazasban.
+ */
+export interface DyNTS_FileLog_Entry {
+  /** Fajlnev (csak basename — NEM teljes path). */
+  name: string;
+  /** Fajlmeret byte-ban. */
+  sizeBytes: number;
+  /** Modositasi ido ms-ban (mtimeMs). */
+  mtimeMs: number;
+  /** Igaz, ha ez az aktualis aktiv session fajlja. */
+  isCurrent: boolean;
+}

package/src/_modules/logs/_models/file-log-read-result.interface.ts

@@ -0,0 +1,37 @@
+/**
+ * `readLogFile()` valaszobjektum.
+ */
+export interface DyNTS_FileLog_ReadResult {
+  /** Fajlnev (csak basename). */
+  name: string;
+  /** Teljes fajlmeret byte-ban. */
+  sizeBytes: number;
+  /** A fajlban talalhato osszes sor szama. */
+  totalLines: number;
+  /** A visszaadott sorok. */
+  lines: string[];
+  /** Mod amiben olvastunk: 'tail' | 'head' | 'range'. */
+  mode: 'tail' | 'head' | 'range';
+  /** Visszaadott tartomany 1-based start (range/tail/head normalizalva). */
+  rangeStart: number;
+  /** Visszaadott tartomany 1-based end (inclusive). */
+  rangeEnd: number;
+}
+
+
+/**
+ * `readLogFile(name, options)` opciok.
+ *
+ * Egyetlen mod aktiv egyszerre. Prioritas: range > head > tail.
+ * Egyik sem megadott → default `tail: 200`.
+ */
+export interface DyNTS_FileLog_ReadOptions {
+  /** Utolso N sor (default mod ha semmi mas nincs). */
+  tail?: number;
+  /** Elso N sor. */
+  head?: number;
+  /** 1-based line range start (inclusive). `rangeEnd` is kell. */
+  rangeStart?: number;
+  /** 1-based line range end (inclusive). */
+  rangeEnd?: number;
+}

package/src/_modules/logs/file-log.service.spec.ts

@@ -199,4 +199,143 @@ describe('| DyNTS_FileLog_Service', (): void => {
       expect(DyNTS_FileLog_Service.getInstance().isInstalled()).toBe(false);
     });
   });
+
+  describe('| listLogFiles()', (): void => {
+    it('| ures lista ha nincs installalva', (): void => {
+      const svc = DyNTS_FileLog_Service.getInstance();
+      // NEM hivunk install-t
+      expect(svc.listLogFiles()).toEqual([]);
+    });
+
+    it('| listazza az osszes prefix-elt log fajlt + jelzi az isCurrent flag-et', (): void => {
+      // 3 fajl letrehozasa kezzel kulonbozo prefix-szel
+      fs.writeFileSync(path.join(tempDir, 'spec-2026-01-01_aaa.log'), 'a');
+      fs.writeFileSync(path.join(tempDir, 'spec-2026-01-02_bbb.log'), 'bb');
+      fs.writeFileSync(path.join(tempDir, 'spec-2026-01-03_ccc.log'), 'ccc');
+      fs.writeFileSync(path.join(tempDir, 'other-2026-01-04_zzz.log'), 'should-be-ignored');
+
+      DyNTS_global_settings.log_settings.file_log = {
+        enabled: true,
+        logDir: tempDir,
+        filenamePrefix: 'spec-',
+      };
+      const svc = DyNTS_FileLog_Service.getInstance();
+      svc.install();
+
+      const list = svc.listLogFiles();
+      // 3 spec- fajl + 1 aktualis session fajl = 4
+      expect(list.length).toBe(4);
+      const names: string[] = list.map((e) => e.name);
+      expect(names.find((n) => n.startsWith('other-'))).toBeUndefined();
+      expect(list.filter((e) => e.isCurrent).length).toBe(1);
+    });
+  });
+
+  describe('| readLogFile() — happy paths', (): void => {
+    let svc: DyNTS_FileLog_Service;
+    let testFile: string;
+
+    beforeEach((): void => {
+      DyNTS_global_settings.log_settings.file_log = {
+        enabled: true,
+        logDir: tempDir,
+        filenamePrefix: 'spec-',
+      };
+      svc = DyNTS_FileLog_Service.getInstance();
+      svc.install();
+      // Kulon teszt-fajl
+      testFile = `spec-test-${Date.now()}.log`;
+      const lines: string[] = [];
+      for (let i: number = 1; i <= 50; i++) {
+        lines.push(`line-${i}`);
+      }
+      fs.writeFileSync(path.join(tempDir, testFile), lines.join('\n') + '\n');
+    });
+
+    it('| tail mod: utolso N sor', (): void => {
+      const result = svc.readLogFile(testFile, { tail: 5 });
+      expect(result.mode).toBe('tail');
+      expect(result.lines).toEqual(['line-46', 'line-47', 'line-48', 'line-49', 'line-50']);
+      expect(result.totalLines).toBe(50);
+      expect(result.rangeStart).toBe(46);
+      expect(result.rangeEnd).toBe(50);
+    });
+
+    it('| head mod: elso N sor', (): void => {
+      const result = svc.readLogFile(testFile, { head: 3 });
+      expect(result.mode).toBe('head');
+      expect(result.lines).toEqual(['line-1', 'line-2', 'line-3']);
+      expect(result.rangeStart).toBe(1);
+      expect(result.rangeEnd).toBe(3);
+    });
+
+    it('| range mod: explicit 10-15 tartomany', (): void => {
+      const result = svc.readLogFile(testFile, { rangeStart: 10, rangeEnd: 15 });
+      expect(result.mode).toBe('range');
+      expect(result.lines).toEqual(['line-10', 'line-11', 'line-12', 'line-13', 'line-14', 'line-15']);
+    });
+
+    it('| default tail 200 ha semmi mod nincs megadva', (): void => {
+      const result = svc.readLogFile(testFile, {});
+      expect(result.mode).toBe('tail');
+      // A teszt fajl 50 sor → mind visszajon
+      expect(result.lines.length).toBe(50);
+    });
+  });
+
+  describe('| readLogFile() — error paths', (): void => {
+    let svc: DyNTS_FileLog_Service;
+
+    beforeEach((): void => {
+      DyNTS_global_settings.log_settings.file_log = {
+        enabled: true,
+        logDir: tempDir,
+        filenamePrefix: 'spec-',
+      };
+      svc = DyNTS_FileLog_Service.getInstance();
+      svc.install();
+    });
+
+    it('| throw ha invalid filename (prefix nem matchel)', (): void => {
+      expect(() => svc.readLogFile('other-2026.log')).toThrowError('invalid filename');
+    });
+
+    it('| throw ha path traversal kiserlet (`../`)', (): void => {
+      expect(() => svc.readLogFile('../etc/passwd')).toThrowError('invalid filename');
+    });
+
+    it('| throw ha path separator (`/`) van a nevben', (): void => {
+      expect(() => svc.readLogFile('spec-foo/bar.log')).toThrowError('invalid filename');
+    });
+
+    it('| throw ha file nem letezik', (): void => {
+      expect(() => svc.readLogFile('spec-nonexistent.log')).toThrowError('file not found');
+    });
+
+    it('| NEM installalt service → throw `not installed`', (): void => {
+      svc._teardownForTesting();
+      expect(() => svc.readLogFile('spec-foo.log')).toThrowError(/not installed/);
+    });
+  });
+
+  describe('| getCurrentLogFilename()', (): void => {
+    it('| ures string ha nincs installalva', (): void => {
+      expect(DyNTS_FileLog_Service.getInstance().getCurrentLogFilename()).toBe('');
+    });
+
+    it('| basename-t ad vissza ha installalva van', (): void => {
+      DyNTS_global_settings.log_settings.file_log = {
+        enabled: true,
+        logDir: tempDir,
+        filenamePrefix: 'spec-',
+      };
+      const svc = DyNTS_FileLog_Service.getInstance();
+      svc.install();
+      const basename: string = svc.getCurrentLogFilename();
+      expect(basename.startsWith('spec-')).toBe(true);
+      expect(basename.endsWith('.log')).toBe(true);
+      expect(basename.includes('/')).toBe(false);
+      expect(basename.includes('\\')).toBe(false);
+    });
+  });
 });