@justair/justair-library 6.10.0-alpha.b5e7ec1 → 6.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +4 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/models/admin.d.ts.map +1 -1
- package/dist/models/measurements.d.ts +6 -6
- package/dist/models/tests/cookieConsent.test.d.ts +2 -0
- package/dist/models/tests/cookieConsent.test.d.ts.map +1 -0
- package/dist/models/users.d.ts +3 -0
- package/dist/models/users.d.ts.map +1 -1
- package/package.json +3 -14
- package/src/index.js +10 -5
- package/src/models/admin.js +1 -11
- package/src/models/users.js +43 -1
- package/tsconfig.json +0 -4
- package/dist/models/passwordResetToken.d.ts +0 -158
- package/dist/models/passwordResetToken.d.ts.map +0 -1
- package/dist/modules/audit/actions.d.ts +0 -28
- package/dist/modules/audit/actions.d.ts.map +0 -1
- package/dist/modules/audit/auditLog.d.ts +0 -32
- package/dist/modules/audit/auditLog.d.ts.map +0 -1
- package/dist/modules/audit/index.d.ts +0 -4
- package/dist/modules/audit/index.d.ts.map +0 -1
- package/dist/modules/audit/schema.d.ts +0 -321
- package/dist/modules/audit/schema.d.ts.map +0 -1
- package/dist/modules/audit/tests/actions.test.d.ts +0 -2
- package/dist/modules/audit/tests/actions.test.d.ts.map +0 -1
- package/dist/modules/audit/tests/auditLog.test.d.ts +0 -2
- package/dist/modules/audit/tests/auditLog.test.d.ts.map +0 -1
- package/dist/modules/audit/tests/schema.test.d.ts +0 -2
- package/dist/modules/audit/tests/schema.test.d.ts.map +0 -1
- package/dist/modules/auth/cookieConfig.d.ts +0 -42
- package/dist/modules/auth/cookieConfig.d.ts.map +0 -1
- package/dist/modules/auth/extractClaims.d.ts +0 -22
- package/dist/modules/auth/extractClaims.d.ts.map +0 -1
- package/dist/modules/auth/index.d.ts +0 -6
- package/dist/modules/auth/index.d.ts.map +0 -1
- package/dist/modules/auth/oidcVerifier.d.ts +0 -22
- package/dist/modules/auth/oidcVerifier.d.ts.map +0 -1
- package/dist/modules/auth/requestContext.d.ts +0 -25
- package/dist/modules/auth/requestContext.d.ts.map +0 -1
- package/dist/modules/auth/silentRefresh.d.ts +0 -33
- package/dist/modules/auth/silentRefresh.d.ts.map +0 -1
- package/dist/modules/auth/tests/cookieConfig.test.d.ts +0 -2
- package/dist/modules/auth/tests/cookieConfig.test.d.ts.map +0 -1
- package/dist/modules/auth/tests/extractClaims.test.d.ts +0 -2
- package/dist/modules/auth/tests/extractClaims.test.d.ts.map +0 -1
- package/dist/modules/auth/tests/oidcVerifier.test.d.ts +0 -2
- package/dist/modules/auth/tests/oidcVerifier.test.d.ts.map +0 -1
- package/dist/modules/auth/tests/requestContext.test.d.ts +0 -2
- package/dist/modules/auth/tests/requestContext.test.d.ts.map +0 -1
- package/dist/modules/auth/tests/silentRefresh.test.d.ts +0 -2
- package/dist/modules/auth/tests/silentRefresh.test.d.ts.map +0 -1
- package/src/models/passwordResetToken.js +0 -32
- package/src/modules/audit/actions.js +0 -28
- package/src/modules/audit/auditLog.js +0 -39
- package/src/modules/audit/index.js +0 -8
- package/src/modules/audit/schema.js +0 -44
- package/src/modules/audit/tests/actions.test.js +0 -26
- package/src/modules/audit/tests/auditLog.test.js +0 -47
- package/src/modules/audit/tests/schema.test.js +0 -50
- package/src/modules/auth/cookieConfig.js +0 -40
- package/src/modules/auth/extractClaims.js +0 -26
- package/src/modules/auth/index.js +0 -16
- package/src/modules/auth/oidcVerifier.js +0 -66
- package/src/modules/auth/requestContext.js +0 -20
- package/src/modules/auth/silentRefresh.js +0 -77
- package/src/modules/auth/tests/cookieConfig.test.js +0 -41
- package/src/modules/auth/tests/extractClaims.test.js +0 -36
- package/src/modules/auth/tests/oidcVerifier.test.js +0 -101
- package/src/modules/auth/tests/requestContext.test.js +0 -17
- package/src/modules/auth/tests/silentRefresh.test.js +0 -54
package/dist/index.d.ts
CHANGED
|
@@ -18,6 +18,9 @@ import { organizationsSchema } from "./models/organizations.js";
|
|
|
18
18
|
import { Organizations } from "./models/organizations.js";
|
|
19
19
|
import { usersSchema } from "./models/users.js";
|
|
20
20
|
import { Users } from "./models/users.js";
|
|
21
|
+
import { COOKIE_CONSENT_CATEGORIES } from "./models/users.js";
|
|
22
|
+
import { COOKIE_CONSENT_VALUES } from "./models/users.js";
|
|
23
|
+
import { validateCookieConsent } from "./models/users.js";
|
|
21
24
|
import { eventsSchema } from "./models/events.js";
|
|
22
25
|
import { Events } from "./models/events.js";
|
|
23
26
|
import { lightMonitorSchema } from "./models/lightmonitors.js";
|
|
@@ -70,10 +73,8 @@ import { Samples } from "./models/samples.js";
|
|
|
70
73
|
import { samplesAuditSchema } from "./models/samples.js";
|
|
71
74
|
import { SamplesAudit } from "./models/samples.js";
|
|
72
75
|
import { sampleParameterReferenceConcentrations } from "./models/samples.js";
|
|
73
|
-
import { passwordResetTokenSchema } from "./models/passwordResetToken.js";
|
|
74
|
-
import { PasswordResetToken } from "./models/passwordResetToken.js";
|
|
75
76
|
import { PARAMETERS } from "./constants/pollutants.js";
|
|
76
77
|
import { HEAVY_METALS } from "./constants/pollutants.js";
|
|
77
78
|
import { splitName } from "./utils/splitName.js";
|
|
78
|
-
export { Database, adminSchema, Admin, configurationsSchema, Configurations, measurementsSchema, Measurements, monitorRequestsSchema, MonitorRequests, monitorsSchema, Monitors, organizationsSchema, Organizations, usersSchema, Users, eventsSchema, Events, lightMonitorSchema, LightMonitors, monitorSuppliersSchema, MonitorSuppliers, contextsSchema, Contexts, parametersSchema, Parameters, announcementSchema, Announcements, jobsSchema, Jobs, apiKeySchema, ApiKey, UsageMetrics, usageMetricsSchema, Audit, auditSchema, EventsAudit, eventsAuditSchema, MonitorAudit, monitorAuditSchema, parametersEnum, deploymentTypesEnum, AlertsAudit, Alerts, alertsSchema, alertsAuditSchema, Features, featuresSchema, dataCompletenessSchema, DataCompleteness, networkMetricsSchema, NetworkMetrics, rateOfChangeSchema, RateOfChange, changeStreamCheckpointsSchema, ChangeStreamCheckpoints, sitesSchema, Sites, sampleSitesSchema, SampleSites, sampleSiteAuditSchema, SampleSiteAudit, sampleParametersEnum, samplesSchema, Samples, samplesAuditSchema, SamplesAudit, sampleParameterReferenceConcentrations,
|
|
79
|
+
export { Database, adminSchema, Admin, configurationsSchema, Configurations, measurementsSchema, Measurements, monitorRequestsSchema, MonitorRequests, monitorsSchema, Monitors, organizationsSchema, Organizations, usersSchema, Users, COOKIE_CONSENT_CATEGORIES, COOKIE_CONSENT_VALUES, validateCookieConsent, eventsSchema, Events, lightMonitorSchema, LightMonitors, monitorSuppliersSchema, MonitorSuppliers, contextsSchema, Contexts, parametersSchema, Parameters, announcementSchema, Announcements, jobsSchema, Jobs, apiKeySchema, ApiKey, UsageMetrics, usageMetricsSchema, Audit, auditSchema, EventsAudit, eventsAuditSchema, MonitorAudit, monitorAuditSchema, parametersEnum, deploymentTypesEnum, AlertsAudit, Alerts, alertsSchema, alertsAuditSchema, Features, featuresSchema, dataCompletenessSchema, DataCompleteness, networkMetricsSchema, NetworkMetrics, rateOfChangeSchema, RateOfChange, changeStreamCheckpointsSchema, ChangeStreamCheckpoints, sitesSchema, Sites, sampleSitesSchema, SampleSites, sampleSiteAuditSchema, SampleSiteAudit, sampleParametersEnum, samplesSchema, Samples, samplesAuditSchema, SamplesAudit, sampleParameterReferenceConcentrations, PARAMETERS, HEAVY_METALS, splitName };
|
|
79
80
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.js"],"names":[],"mappings":"AA2FA;;;iBAEC;yBA3BwB,oBAAoB;qBADxB,gBAAgB;4BAjEF,mBAAmB;sBAAnB,mBAAmB;qCAI/C,4BAA4B;+BAA5B,4BAA4B;mCAM5B,0BAA0B;6BAA1B,0BAA0B;sCAI1B,6BAA6B;gCAA7B,6BAA6B;+BAQ7B,sBAAsB;yBAAtB,sBAAsB;oCACsB,2BAA2B;8BAA3B,2BAA2B;4BAcvE,mBAAmB;sBAAnB,mBAAmB;0CAAnB,mBAAmB;sCAAnB,mBAAmB;sCAAnB,mBAAmB;6BAMnB,oBAAoB;uBAApB,oBAAoB;mCAnBuB,2BAA2B;8BAA3B,2BAA2B;uCAItE,8BAA8B;iCAA9B,8BAA8B;+BACI,sBAAsB;yBAAtB,sBAAsB;iCAClB,wBAAwB;2BAAxB,wBAAwB;mCAcnB,2BAA2B;8BAA3B,2BAA2B;2BAC5C,kBAAkB;qBAAlB,kBAAkB;6BACd,oBAAoB;uBAApB,oBAAoB;6BACR,0BAA0B;mCAA1B,0BAA0B;sBArCpE,0BAA0B;4BAA1B,0BAA0B;4BAiC1B,oBAAoB;kCAApB,oBAAoB;6BArBpB,sBAAsB;mCAAtB,sBAAsB;+BAAtB,sBAAsB;oCAAtB,sBAAsB;4BA+BtB,oBAAoB;uBAApB,oBAAoB;6BAApB,oBAAoB;kCAApB,oBAAoB;yBACc,sBAAsB;+BAAtB,sBAAsB;uCAIxD,8BAA8B;iCAA9B,8BAA8B;qCACgB,4BAA4B;+BAA5B,4BAA4B;mCAChC,0BAA0B;6BAA1B,0BAA0B;8CAIpE,qCAAqC;wCAArC,qCAAqC;4BAOT,mBAAmB;sBAAnB,mBAAmB;kCAS/C,yBAAyB;4BAAzB,yBAAyB;sCAAzB,yBAAyB;gCAAzB,yBAAyB;qCAAzB,yBAAyB;8BASzB,qBAAqB;wBAArB,qBAAqB;mCAArB,qBAAqB;6BAArB,qBAAqB;uDAArB,qBAAqB;2BAtBa,2BAA2B;6BAA3B,2BAA2B;0BAC1C,sBAAsB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../src/models/admin.js"],"names":[],"mappings":"AAEA,
|
|
1
|
+
{"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../src/models/admin.js"],"names":[],"mappings":"AAEA,8BAgBG;AAUH,wBAAmD"}
|
|
@@ -6,10 +6,10 @@ export const annotationSchema: mongoose.Schema<any, mongoose.Model<any, any, any
|
|
|
6
6
|
_id: true;
|
|
7
7
|
timestamps: false;
|
|
8
8
|
}, {
|
|
9
|
-
comment: string;
|
|
10
|
-
measurementIdentifier: string;
|
|
11
9
|
source: "admin" | "processing_engine";
|
|
12
10
|
timestamp: Date;
|
|
11
|
+
comment: string;
|
|
12
|
+
measurementIdentifier: string;
|
|
13
13
|
adminId?: {
|
|
14
14
|
prototype?: mongoose.Types.ObjectId;
|
|
15
15
|
cacheHexString?: unknown;
|
|
@@ -20,10 +20,10 @@ export const annotationSchema: mongoose.Schema<any, mongoose.Model<any, any, any
|
|
|
20
20
|
isValid?: {};
|
|
21
21
|
};
|
|
22
22
|
}, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
|
|
23
|
-
comment: string;
|
|
24
|
-
measurementIdentifier: string;
|
|
25
23
|
source: "admin" | "processing_engine";
|
|
26
24
|
timestamp: Date;
|
|
25
|
+
comment: string;
|
|
26
|
+
measurementIdentifier: string;
|
|
27
27
|
adminId?: {
|
|
28
28
|
prototype?: mongoose.Types.ObjectId;
|
|
29
29
|
cacheHexString?: unknown;
|
|
@@ -34,10 +34,10 @@ export const annotationSchema: mongoose.Schema<any, mongoose.Model<any, any, any
|
|
|
34
34
|
isValid?: {};
|
|
35
35
|
};
|
|
36
36
|
}>> & mongoose.FlatRecord<{
|
|
37
|
-
comment: string;
|
|
38
|
-
measurementIdentifier: string;
|
|
39
37
|
source: "admin" | "processing_engine";
|
|
40
38
|
timestamp: Date;
|
|
39
|
+
comment: string;
|
|
40
|
+
measurementIdentifier: string;
|
|
41
41
|
adminId?: {
|
|
42
42
|
prototype?: mongoose.Types.ObjectId;
|
|
43
43
|
cacheHexString?: unknown;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cookieConsent.test.d.ts","sourceRoot":"","sources":["../../../src/models/tests/cookieConsent.test.js"],"names":[],"mappings":""}
|
package/dist/models/users.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../src/models/users.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../src/models/users.js"],"names":[],"mappings":"AAqCA,8BAiDE;AAIF,wBAAmD;AAxFnD,iDAA4D;AAC5D,6CAAmD;AAUnD,4DAsBC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@justair/justair-library",
|
|
3
|
-
"version": "6.10.0
|
|
3
|
+
"version": "6.10.0",
|
|
4
4
|
"description": "JustAir Internal Library",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"type": "module",
|
|
@@ -13,18 +13,10 @@
|
|
|
13
13
|
"./constants": {
|
|
14
14
|
"types": "./dist/constants/pollutants.d.ts",
|
|
15
15
|
"default": "./src/constants/pollutants.js"
|
|
16
|
-
},
|
|
17
|
-
"./auth": {
|
|
18
|
-
"types": "./dist/modules/auth/index.d.ts",
|
|
19
|
-
"default": "./src/modules/auth/index.js"
|
|
20
|
-
},
|
|
21
|
-
"./audit": {
|
|
22
|
-
"types": "./dist/modules/audit/index.d.ts",
|
|
23
|
-
"default": "./src/modules/audit/index.js"
|
|
24
16
|
}
|
|
25
17
|
},
|
|
26
18
|
"scripts": {
|
|
27
|
-
"test": "node --experimental-vm-modules node_modules
|
|
19
|
+
"test": "node --experimental-vm-modules node_modules/.bin/jest",
|
|
28
20
|
"build": "tsc",
|
|
29
21
|
"prepublish": "npm run build"
|
|
30
22
|
},
|
|
@@ -34,21 +26,18 @@
|
|
|
34
26
|
"author": "Britney Epps",
|
|
35
27
|
"license": "ISC",
|
|
36
28
|
"dependencies": {
|
|
37
|
-
"jose": "^5.10.0",
|
|
38
29
|
"mongoose": "^7.8.3",
|
|
39
30
|
"nanoid": "^5.1.6",
|
|
40
31
|
"winston": "^3.10.0"
|
|
41
32
|
},
|
|
42
33
|
"jest": {
|
|
43
34
|
"testEnvironment": "node",
|
|
44
|
-
"transform": {}
|
|
45
|
-
"testTimeout": 60000
|
|
35
|
+
"transform": {}
|
|
46
36
|
},
|
|
47
37
|
"devDependencies": {
|
|
48
38
|
"@jest/globals": "^29",
|
|
49
39
|
"@types/node": "^16.0.0",
|
|
50
40
|
"jest": "^29",
|
|
51
|
-
"mongodb-memory-server": "^11.2.0",
|
|
52
41
|
"jest-environment-node": "^29",
|
|
53
42
|
"ts-node": "^10.0.0",
|
|
54
43
|
"typescript": "^5.3.2"
|
package/src/index.js
CHANGED
|
@@ -29,7 +29,13 @@ import {
|
|
|
29
29
|
} from "./models/monitorSuppliers.js";
|
|
30
30
|
import { contextsSchema, Contexts } from "./models/contexts.js";
|
|
31
31
|
import { parametersSchema, Parameters } from "./models/parameters.js";
|
|
32
|
-
import {
|
|
32
|
+
import {
|
|
33
|
+
usersSchema,
|
|
34
|
+
Users,
|
|
35
|
+
COOKIE_CONSENT_CATEGORIES,
|
|
36
|
+
COOKIE_CONSENT_VALUES,
|
|
37
|
+
validateCookieConsent,
|
|
38
|
+
} from "./models/users.js";
|
|
33
39
|
import {
|
|
34
40
|
eventsSchema,
|
|
35
41
|
Events,
|
|
@@ -82,7 +88,6 @@ import {
|
|
|
82
88
|
SamplesAudit,
|
|
83
89
|
sampleParameterReferenceConcentrations,
|
|
84
90
|
} from "./models/samples.js";
|
|
85
|
-
import { passwordResetTokenSchema, PasswordResetToken } from "./models/passwordResetToken.js";
|
|
86
91
|
|
|
87
92
|
export function createLoggerInstance({ DATADOG_API_KEY, APPLICATION_NAME }) {
|
|
88
93
|
return new CustomLogger({ DATADOG_API_KEY, APPLICATION_NAME });
|
|
@@ -104,6 +109,9 @@ export {
|
|
|
104
109
|
Organizations,
|
|
105
110
|
usersSchema,
|
|
106
111
|
Users,
|
|
112
|
+
COOKIE_CONSENT_CATEGORIES,
|
|
113
|
+
COOKIE_CONSENT_VALUES,
|
|
114
|
+
validateCookieConsent,
|
|
107
115
|
eventsSchema,
|
|
108
116
|
Events,
|
|
109
117
|
lightMonitorSchema,
|
|
@@ -159,9 +167,6 @@ export {
|
|
|
159
167
|
samplesAuditSchema,
|
|
160
168
|
SamplesAudit,
|
|
161
169
|
sampleParameterReferenceConcentrations,
|
|
162
|
-
// Password reset tokens (JA-2946)
|
|
163
|
-
passwordResetTokenSchema,
|
|
164
|
-
PasswordResetToken,
|
|
165
170
|
// Pollutant constants
|
|
166
171
|
PARAMETERS,
|
|
167
172
|
HEAVY_METALS,
|
package/src/models/admin.js
CHANGED
|
@@ -13,12 +13,6 @@ const adminSchema = mongoose.Schema({
|
|
|
13
13
|
authorized: { type: Boolean, default: false },
|
|
14
14
|
isActive: { type: Boolean, default: false },
|
|
15
15
|
hasSeenWelcomeScreen: { type: Boolean, default: false },
|
|
16
|
-
// Keycloak migration (JA-2814, auth-contracts #5). externalAuthId = Keycloak `sub`.
|
|
17
|
-
// Intentionally NO default: it must stay `undefined` (not null) until the migration
|
|
18
|
-
// writes it, so the sparse-unique index below skips un-migrated admins instead of
|
|
19
|
-
// colliding on many nulls. ssoProvider is reserved for future IdP brokering.
|
|
20
|
-
externalAuthId: { type: String },
|
|
21
|
-
ssoProvider: { type: String, default: null },
|
|
22
16
|
},
|
|
23
17
|
{
|
|
24
18
|
timestamps: true
|
|
@@ -30,12 +24,8 @@ adminSchema.index({ orgId: 1, isActive: 1 });
|
|
|
30
24
|
adminSchema.index({ email: 1, isActive: 1 });
|
|
31
25
|
// Permission-based queries
|
|
32
26
|
adminSchema.index({ orgId: 1, permissionName: 1 });
|
|
33
|
-
// Keycloak subject join key — unique per migrated admin; sparse so absent values
|
|
34
|
-
// (un-migrated admins, where externalAuthId is undefined) are not indexed and do
|
|
35
|
-
// not collide. Depends on externalAuthId having NO schema default (see above).
|
|
36
|
-
adminSchema.index({ externalAuthId: 1 }, { unique: true, sparse: true });
|
|
37
27
|
|
|
38
28
|
|
|
39
29
|
const Admin = mongoose.model('Admin', adminSchema);
|
|
40
30
|
|
|
41
|
-
export {adminSchema, Admin};
|
|
31
|
+
export {adminSchema, Admin};
|
package/src/models/users.js
CHANGED
|
@@ -1,5 +1,40 @@
|
|
|
1
1
|
import mongoose from "mongoose";
|
|
2
2
|
|
|
3
|
+
const COOKIE_CONSENT_CATEGORIES = ["analytics_performance"];
|
|
4
|
+
const COOKIE_CONSENT_VALUES = ["accept", "reject"];
|
|
5
|
+
|
|
6
|
+
const cookieConsentSchemaDefinition = COOKIE_CONSENT_CATEGORIES.reduce(
|
|
7
|
+
(definition, category) => {
|
|
8
|
+
definition[category] = { type: String, enum: COOKIE_CONSENT_VALUES };
|
|
9
|
+
return definition;
|
|
10
|
+
},
|
|
11
|
+
{}
|
|
12
|
+
);
|
|
13
|
+
|
|
14
|
+
const validateCookieConsent = (consent) => {
|
|
15
|
+
if (typeof consent !== "object" || consent === null || Array.isArray(consent)) {
|
|
16
|
+
return "cookie_consent must be an object";
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
const entries = Object.entries(consent);
|
|
20
|
+
if (entries.length === 0) {
|
|
21
|
+
return "cookie_consent must include at least one category";
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
for (const [category, value] of entries) {
|
|
25
|
+
if (!COOKIE_CONSENT_CATEGORIES.includes(category)) {
|
|
26
|
+
return `Unknown cookie consent category: ${category}`;
|
|
27
|
+
}
|
|
28
|
+
if (!COOKIE_CONSENT_VALUES.includes(value)) {
|
|
29
|
+
return `Invalid value for ${category}: must be one of ${COOKIE_CONSENT_VALUES.join(
|
|
30
|
+
", "
|
|
31
|
+
)}`;
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
return null;
|
|
36
|
+
};
|
|
37
|
+
|
|
3
38
|
const usersSchema = mongoose.Schema(
|
|
4
39
|
{
|
|
5
40
|
name: String,
|
|
@@ -44,6 +79,7 @@ const usersSchema = mongoose.Schema(
|
|
|
44
79
|
],
|
|
45
80
|
default: "Good",
|
|
46
81
|
},
|
|
82
|
+
cookie_consent: cookieConsentSchemaDefinition,
|
|
47
83
|
},
|
|
48
84
|
{
|
|
49
85
|
timestamps: true,
|
|
@@ -54,4 +90,10 @@ usersSchema.index({ phone: 1 });
|
|
|
54
90
|
|
|
55
91
|
const Users = mongoose.model("Users", usersSchema);
|
|
56
92
|
|
|
57
|
-
export {
|
|
93
|
+
export {
|
|
94
|
+
usersSchema,
|
|
95
|
+
Users,
|
|
96
|
+
COOKIE_CONSENT_CATEGORIES,
|
|
97
|
+
COOKIE_CONSENT_VALUES,
|
|
98
|
+
validateCookieConsent,
|
|
99
|
+
};
|
package/tsconfig.json
CHANGED
|
@@ -2,10 +2,6 @@
|
|
|
2
2
|
"include": ["src/**/*"],
|
|
3
3
|
"compilerOptions": {
|
|
4
4
|
"allowJs": true,
|
|
5
|
-
// Don't type-check dependency .d.ts files (e.g. mongodb-memory-server's bundled
|
|
6
|
-
// mongodb types use AsyncDisposable/Symbol.asyncDispose from a newer lib). Our own
|
|
7
|
-
// src is still fully checked; this only skips node_modules declarations.
|
|
8
|
-
"skipLibCheck": true,
|
|
9
5
|
// Generate d.ts files
|
|
10
6
|
"declaration": true,
|
|
11
7
|
"emitDeclarationOnly": true,
|
|
@@ -1,158 +0,0 @@
|
|
|
1
|
-
export const passwordResetTokenSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, {
|
|
2
|
-
timestamps: true;
|
|
3
|
-
}, {
|
|
4
|
-
createdAt: NativeDate;
|
|
5
|
-
updatedAt: NativeDate;
|
|
6
|
-
} & {
|
|
7
|
-
adminId: {
|
|
8
|
-
prototype?: mongoose.Types.ObjectId;
|
|
9
|
-
cacheHexString?: unknown;
|
|
10
|
-
generate?: {};
|
|
11
|
-
createFromTime?: {};
|
|
12
|
-
createFromHexString?: {};
|
|
13
|
-
createFromBase64?: {};
|
|
14
|
-
isValid?: {};
|
|
15
|
-
};
|
|
16
|
-
tokenHash: string;
|
|
17
|
-
used: boolean;
|
|
18
|
-
expiresAt: Date;
|
|
19
|
-
}, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
|
|
20
|
-
createdAt: NativeDate;
|
|
21
|
-
updatedAt: NativeDate;
|
|
22
|
-
} & {
|
|
23
|
-
adminId: {
|
|
24
|
-
prototype?: mongoose.Types.ObjectId;
|
|
25
|
-
cacheHexString?: unknown;
|
|
26
|
-
generate?: {};
|
|
27
|
-
createFromTime?: {};
|
|
28
|
-
createFromHexString?: {};
|
|
29
|
-
createFromBase64?: {};
|
|
30
|
-
isValid?: {};
|
|
31
|
-
};
|
|
32
|
-
tokenHash: string;
|
|
33
|
-
used: boolean;
|
|
34
|
-
expiresAt: Date;
|
|
35
|
-
}>> & mongoose.FlatRecord<{
|
|
36
|
-
createdAt: NativeDate;
|
|
37
|
-
updatedAt: NativeDate;
|
|
38
|
-
} & {
|
|
39
|
-
adminId: {
|
|
40
|
-
prototype?: mongoose.Types.ObjectId;
|
|
41
|
-
cacheHexString?: unknown;
|
|
42
|
-
generate?: {};
|
|
43
|
-
createFromTime?: {};
|
|
44
|
-
createFromHexString?: {};
|
|
45
|
-
createFromBase64?: {};
|
|
46
|
-
isValid?: {};
|
|
47
|
-
};
|
|
48
|
-
tokenHash: string;
|
|
49
|
-
used: boolean;
|
|
50
|
-
expiresAt: Date;
|
|
51
|
-
}> & {
|
|
52
|
-
_id: mongoose.Types.ObjectId;
|
|
53
|
-
}>;
|
|
54
|
-
export const PasswordResetToken: mongoose.Model<{
|
|
55
|
-
createdAt: NativeDate;
|
|
56
|
-
updatedAt: NativeDate;
|
|
57
|
-
} & {
|
|
58
|
-
adminId: {
|
|
59
|
-
prototype?: mongoose.Types.ObjectId;
|
|
60
|
-
cacheHexString?: unknown;
|
|
61
|
-
generate?: {};
|
|
62
|
-
createFromTime?: {};
|
|
63
|
-
createFromHexString?: {};
|
|
64
|
-
createFromBase64?: {};
|
|
65
|
-
isValid?: {};
|
|
66
|
-
};
|
|
67
|
-
tokenHash: string;
|
|
68
|
-
used: boolean;
|
|
69
|
-
expiresAt: Date;
|
|
70
|
-
}, {}, {}, {}, mongoose.Document<unknown, {}, {
|
|
71
|
-
createdAt: NativeDate;
|
|
72
|
-
updatedAt: NativeDate;
|
|
73
|
-
} & {
|
|
74
|
-
adminId: {
|
|
75
|
-
prototype?: mongoose.Types.ObjectId;
|
|
76
|
-
cacheHexString?: unknown;
|
|
77
|
-
generate?: {};
|
|
78
|
-
createFromTime?: {};
|
|
79
|
-
createFromHexString?: {};
|
|
80
|
-
createFromBase64?: {};
|
|
81
|
-
isValid?: {};
|
|
82
|
-
};
|
|
83
|
-
tokenHash: string;
|
|
84
|
-
used: boolean;
|
|
85
|
-
expiresAt: Date;
|
|
86
|
-
}> & {
|
|
87
|
-
createdAt: NativeDate;
|
|
88
|
-
updatedAt: NativeDate;
|
|
89
|
-
} & {
|
|
90
|
-
adminId: {
|
|
91
|
-
prototype?: mongoose.Types.ObjectId;
|
|
92
|
-
cacheHexString?: unknown;
|
|
93
|
-
generate?: {};
|
|
94
|
-
createFromTime?: {};
|
|
95
|
-
createFromHexString?: {};
|
|
96
|
-
createFromBase64?: {};
|
|
97
|
-
isValid?: {};
|
|
98
|
-
};
|
|
99
|
-
tokenHash: string;
|
|
100
|
-
used: boolean;
|
|
101
|
-
expiresAt: Date;
|
|
102
|
-
} & {
|
|
103
|
-
_id: mongoose.Types.ObjectId;
|
|
104
|
-
}, mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, {
|
|
105
|
-
timestamps: true;
|
|
106
|
-
}, {
|
|
107
|
-
createdAt: NativeDate;
|
|
108
|
-
updatedAt: NativeDate;
|
|
109
|
-
} & {
|
|
110
|
-
adminId: {
|
|
111
|
-
prototype?: mongoose.Types.ObjectId;
|
|
112
|
-
cacheHexString?: unknown;
|
|
113
|
-
generate?: {};
|
|
114
|
-
createFromTime?: {};
|
|
115
|
-
createFromHexString?: {};
|
|
116
|
-
createFromBase64?: {};
|
|
117
|
-
isValid?: {};
|
|
118
|
-
};
|
|
119
|
-
tokenHash: string;
|
|
120
|
-
used: boolean;
|
|
121
|
-
expiresAt: Date;
|
|
122
|
-
}, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
|
|
123
|
-
createdAt: NativeDate;
|
|
124
|
-
updatedAt: NativeDate;
|
|
125
|
-
} & {
|
|
126
|
-
adminId: {
|
|
127
|
-
prototype?: mongoose.Types.ObjectId;
|
|
128
|
-
cacheHexString?: unknown;
|
|
129
|
-
generate?: {};
|
|
130
|
-
createFromTime?: {};
|
|
131
|
-
createFromHexString?: {};
|
|
132
|
-
createFromBase64?: {};
|
|
133
|
-
isValid?: {};
|
|
134
|
-
};
|
|
135
|
-
tokenHash: string;
|
|
136
|
-
used: boolean;
|
|
137
|
-
expiresAt: Date;
|
|
138
|
-
}>> & mongoose.FlatRecord<{
|
|
139
|
-
createdAt: NativeDate;
|
|
140
|
-
updatedAt: NativeDate;
|
|
141
|
-
} & {
|
|
142
|
-
adminId: {
|
|
143
|
-
prototype?: mongoose.Types.ObjectId;
|
|
144
|
-
cacheHexString?: unknown;
|
|
145
|
-
generate?: {};
|
|
146
|
-
createFromTime?: {};
|
|
147
|
-
createFromHexString?: {};
|
|
148
|
-
createFromBase64?: {};
|
|
149
|
-
isValid?: {};
|
|
150
|
-
};
|
|
151
|
-
tokenHash: string;
|
|
152
|
-
used: boolean;
|
|
153
|
-
expiresAt: Date;
|
|
154
|
-
}> & {
|
|
155
|
-
_id: mongoose.Types.ObjectId;
|
|
156
|
-
}>>;
|
|
157
|
-
import mongoose from 'mongoose';
|
|
158
|
-
//# sourceMappingURL=passwordResetToken.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"passwordResetToken.d.ts","sourceRoot":"","sources":["../../src/models/passwordResetToken.js"],"names":[],"mappings":"AAgBA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAQE;AAKF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAA0F;qBA7BrE,UAAU"}
|
|
@@ -1,28 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Auth/compliance audit action enum (auth-contracts #4 — EXACT strings, frozen).
|
|
3
|
-
* Distinct domain from the measurement-lineage `Audit` model in
|
|
4
|
-
* models/measurements.js: this tracks WHO did WHAT to admin/auth state, for the
|
|
5
|
-
* government-compliance audit trail.
|
|
6
|
-
*
|
|
7
|
-
* Emit sites (in the services): login (success/failure), logout, forgot-password
|
|
8
|
-
* (requested/completed), silent refresh, and the admin mutation sites
|
|
9
|
-
* (create/update/delete, role.change when permissionName changes,
|
|
10
|
-
* deactivate/reactivate when isActive toggles).
|
|
11
|
-
*/
|
|
12
|
-
export const AUDIT_ACTIONS: Readonly<{
|
|
13
|
-
LOGIN_SUCCESS: "auth.login.success";
|
|
14
|
-
LOGIN_FAILURE: "auth.login.failure";
|
|
15
|
-
LOGOUT: "auth.logout";
|
|
16
|
-
PASSWORD_RESET_REQUESTED: "auth.password.reset.requested";
|
|
17
|
-
PASSWORD_RESET_COMPLETED: "auth.password.reset.completed";
|
|
18
|
-
TOKEN_REFRESH: "auth.token.refresh";
|
|
19
|
-
ADMIN_CREATE: "admin.create";
|
|
20
|
-
ADMIN_UPDATE: "admin.update";
|
|
21
|
-
ADMIN_DELETE: "admin.delete";
|
|
22
|
-
ADMIN_ROLE_CHANGE: "admin.role.change";
|
|
23
|
-
ADMIN_DEACTIVATE: "admin.deactivate";
|
|
24
|
-
ADMIN_REACTIVATE: "admin.reactivate";
|
|
25
|
-
}>;
|
|
26
|
-
/** Frozen list of all valid action strings — used as the AuditLog schema enum. */
|
|
27
|
-
export const AUDIT_ACTION_VALUES: readonly ("auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate")[];
|
|
28
|
-
//# sourceMappingURL=actions.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../../../src/modules/audit/actions.js"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH;;;;;;;;;;;;;GAaG;AAEH,kFAAkF;AAClF,yTAA+E"}
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Single canonical audit write path (auth-contracts #4).
|
|
3
|
-
*
|
|
4
|
-
* writeAudit(entry) ──► AuditLog.create
|
|
5
|
-
* │ ok │ throws (db down, validation)
|
|
6
|
-
* ▼ ▼
|
|
7
|
-
* return true logger.error + return false (NEVER throws)
|
|
8
|
-
*
|
|
9
|
-
* An audit hiccup must not fail the request it is recording (e.g. a login). The
|
|
10
|
-
* caller gets a boolean and decides; the failure is logged at error for compliance
|
|
11
|
-
* follow-up. Inject the consuming service's logger via deps.logger (DI); it falls
|
|
12
|
-
* back to a no-op rather than raw console so it honors the "no console" rule.
|
|
13
|
-
*
|
|
14
|
-
* @param {{action:string, actor?:object, resource?:object, outcome:string,
|
|
15
|
-
* reason?:string, metadata?:object, requestId?:string}} entry
|
|
16
|
-
* @param {{ logger?: { error: Function } }} [deps]
|
|
17
|
-
* @returns {Promise<boolean>} true if persisted, false if the write failed
|
|
18
|
-
*/
|
|
19
|
-
export function writeAudit({ action, actor, resource, outcome, reason, metadata, requestId }?: {
|
|
20
|
-
action: string;
|
|
21
|
-
actor?: object;
|
|
22
|
-
resource?: object;
|
|
23
|
-
outcome: string;
|
|
24
|
-
reason?: string;
|
|
25
|
-
metadata?: object;
|
|
26
|
-
requestId?: string;
|
|
27
|
-
}, { logger }?: {
|
|
28
|
-
logger?: {
|
|
29
|
-
error: Function;
|
|
30
|
-
};
|
|
31
|
-
}): Promise<boolean>;
|
|
32
|
-
//# sourceMappingURL=auditLog.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"auditLog.d.ts","sourceRoot":"","sources":["../../../src/modules/audit/auditLog.js"],"names":[],"mappings":"AAKA;;;;;;;;;;;;;;;;;GAiBG;AACH,+FALW;IAAC,MAAM,EAAC,MAAM,CAAC;IAAC,KAAK,CAAC,EAAC,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAC,MAAM,CAAC;IAAC,OAAO,EAAC,MAAM,CAAC;IAC/D,MAAM,CAAC,EAAC,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAC,MAAM,CAAC;IAAC,SAAS,CAAC,EAAC,MAAM,CAAA;CAAC,eACrD;IAAE,MAAM,CAAC,EAAE;QAAE,KAAK,WAAU;KAAE,CAAA;CAAE,GAC9B,OAAO,CAAC,OAAO,CAAC,CAiB5B"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/modules/audit/index.js"],"names":[],"mappings":""}
|