@justair/justair-library 6.9.0 → 6.10.0-alpha.b5e7ec1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (65) hide show
  1. package/dist/index.d.ts +3 -1
  2. package/dist/index.d.ts.map +1 -1
  3. package/dist/models/admin.d.ts.map +1 -1
  4. package/dist/models/measurements.d.ts +6 -6
  5. package/dist/models/passwordResetToken.d.ts +158 -0
  6. package/dist/models/passwordResetToken.d.ts.map +1 -0
  7. package/dist/modules/audit/actions.d.ts +28 -0
  8. package/dist/modules/audit/actions.d.ts.map +1 -0
  9. package/dist/modules/audit/auditLog.d.ts +32 -0
  10. package/dist/modules/audit/auditLog.d.ts.map +1 -0
  11. package/dist/modules/audit/index.d.ts +4 -0
  12. package/dist/modules/audit/index.d.ts.map +1 -0
  13. package/dist/modules/audit/schema.d.ts +321 -0
  14. package/dist/modules/audit/schema.d.ts.map +1 -0
  15. package/dist/modules/audit/tests/actions.test.d.ts +2 -0
  16. package/dist/modules/audit/tests/actions.test.d.ts.map +1 -0
  17. package/dist/modules/audit/tests/auditLog.test.d.ts +2 -0
  18. package/dist/modules/audit/tests/auditLog.test.d.ts.map +1 -0
  19. package/dist/modules/audit/tests/schema.test.d.ts +2 -0
  20. package/dist/modules/audit/tests/schema.test.d.ts.map +1 -0
  21. package/dist/modules/auth/cookieConfig.d.ts +42 -0
  22. package/dist/modules/auth/cookieConfig.d.ts.map +1 -0
  23. package/dist/modules/auth/extractClaims.d.ts +22 -0
  24. package/dist/modules/auth/extractClaims.d.ts.map +1 -0
  25. package/dist/modules/auth/index.d.ts +6 -0
  26. package/dist/modules/auth/index.d.ts.map +1 -0
  27. package/dist/modules/auth/oidcVerifier.d.ts +22 -0
  28. package/dist/modules/auth/oidcVerifier.d.ts.map +1 -0
  29. package/dist/modules/auth/requestContext.d.ts +25 -0
  30. package/dist/modules/auth/requestContext.d.ts.map +1 -0
  31. package/dist/modules/auth/silentRefresh.d.ts +33 -0
  32. package/dist/modules/auth/silentRefresh.d.ts.map +1 -0
  33. package/dist/modules/auth/tests/cookieConfig.test.d.ts +2 -0
  34. package/dist/modules/auth/tests/cookieConfig.test.d.ts.map +1 -0
  35. package/dist/modules/auth/tests/extractClaims.test.d.ts +2 -0
  36. package/dist/modules/auth/tests/extractClaims.test.d.ts.map +1 -0
  37. package/dist/modules/auth/tests/oidcVerifier.test.d.ts +2 -0
  38. package/dist/modules/auth/tests/oidcVerifier.test.d.ts.map +1 -0
  39. package/dist/modules/auth/tests/requestContext.test.d.ts +2 -0
  40. package/dist/modules/auth/tests/requestContext.test.d.ts.map +1 -0
  41. package/dist/modules/auth/tests/silentRefresh.test.d.ts +2 -0
  42. package/dist/modules/auth/tests/silentRefresh.test.d.ts.map +1 -0
  43. package/package.json +14 -3
  44. package/src/index.js +4 -0
  45. package/src/models/admin.js +11 -1
  46. package/src/models/passwordResetToken.js +32 -0
  47. package/src/modules/audit/actions.js +28 -0
  48. package/src/modules/audit/auditLog.js +39 -0
  49. package/src/modules/audit/index.js +8 -0
  50. package/src/modules/audit/schema.js +44 -0
  51. package/src/modules/audit/tests/actions.test.js +26 -0
  52. package/src/modules/audit/tests/auditLog.test.js +47 -0
  53. package/src/modules/audit/tests/schema.test.js +50 -0
  54. package/src/modules/auth/cookieConfig.js +40 -0
  55. package/src/modules/auth/extractClaims.js +26 -0
  56. package/src/modules/auth/index.js +16 -0
  57. package/src/modules/auth/oidcVerifier.js +66 -0
  58. package/src/modules/auth/requestContext.js +20 -0
  59. package/src/modules/auth/silentRefresh.js +77 -0
  60. package/src/modules/auth/tests/cookieConfig.test.js +41 -0
  61. package/src/modules/auth/tests/extractClaims.test.js +36 -0
  62. package/src/modules/auth/tests/oidcVerifier.test.js +101 -0
  63. package/src/modules/auth/tests/requestContext.test.js +17 -0
  64. package/src/modules/auth/tests/silentRefresh.test.js +54 -0
  65. package/tsconfig.json +4 -0
package/dist/index.d.ts CHANGED
@@ -70,8 +70,10 @@ import { Samples } from "./models/samples.js";
70
70
  import { samplesAuditSchema } from "./models/samples.js";
71
71
  import { SamplesAudit } from "./models/samples.js";
72
72
  import { sampleParameterReferenceConcentrations } from "./models/samples.js";
73
+ import { passwordResetTokenSchema } from "./models/passwordResetToken.js";
74
+ import { PasswordResetToken } from "./models/passwordResetToken.js";
73
75
  import { PARAMETERS } from "./constants/pollutants.js";
74
76
  import { HEAVY_METALS } from "./constants/pollutants.js";
75
77
  import { splitName } from "./utils/splitName.js";
76
- export { Database, adminSchema, Admin, configurationsSchema, Configurations, measurementsSchema, Measurements, monitorRequestsSchema, MonitorRequests, monitorsSchema, Monitors, organizationsSchema, Organizations, usersSchema, Users, eventsSchema, Events, lightMonitorSchema, LightMonitors, monitorSuppliersSchema, MonitorSuppliers, contextsSchema, Contexts, parametersSchema, Parameters, announcementSchema, Announcements, jobsSchema, Jobs, apiKeySchema, ApiKey, UsageMetrics, usageMetricsSchema, Audit, auditSchema, EventsAudit, eventsAuditSchema, MonitorAudit, monitorAuditSchema, parametersEnum, deploymentTypesEnum, AlertsAudit, Alerts, alertsSchema, alertsAuditSchema, Features, featuresSchema, dataCompletenessSchema, DataCompleteness, networkMetricsSchema, NetworkMetrics, rateOfChangeSchema, RateOfChange, changeStreamCheckpointsSchema, ChangeStreamCheckpoints, sitesSchema, Sites, sampleSitesSchema, SampleSites, sampleSiteAuditSchema, SampleSiteAudit, sampleParametersEnum, samplesSchema, Samples, samplesAuditSchema, SamplesAudit, sampleParameterReferenceConcentrations, PARAMETERS, HEAVY_METALS, splitName };
78
+ export { Database, adminSchema, Admin, configurationsSchema, Configurations, measurementsSchema, Measurements, monitorRequestsSchema, MonitorRequests, monitorsSchema, Monitors, organizationsSchema, Organizations, usersSchema, Users, eventsSchema, Events, lightMonitorSchema, LightMonitors, monitorSuppliersSchema, MonitorSuppliers, contextsSchema, Contexts, parametersSchema, Parameters, announcementSchema, Announcements, jobsSchema, Jobs, apiKeySchema, ApiKey, UsageMetrics, usageMetricsSchema, Audit, auditSchema, EventsAudit, eventsAuditSchema, MonitorAudit, monitorAuditSchema, parametersEnum, deploymentTypesEnum, AlertsAudit, Alerts, alertsSchema, alertsAuditSchema, Features, featuresSchema, dataCompletenessSchema, DataCompleteness, networkMetricsSchema, NetworkMetrics, rateOfChangeSchema, RateOfChange, changeStreamCheckpointsSchema, ChangeStreamCheckpoints, sitesSchema, Sites, sampleSitesSchema, SampleSites, sampleSiteAuditSchema, SampleSiteAudit, sampleParametersEnum, samplesSchema, Samples, samplesAuditSchema, SamplesAudit, sampleParameterReferenceConcentrations, passwordResetTokenSchema, PasswordResetToken, PARAMETERS, HEAVY_METALS, splitName };
77
79
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.js"],"names":[],"mappings":"AAqFA;;;iBAEC;yBA3BwB,oBAAoB;qBADxB,gBAAgB;4BA3DF,mBAAmB;sBAAnB,mBAAmB;qCAI/C,4BAA4B;+BAA5B,4BAA4B;mCAM5B,0BAA0B;6BAA1B,0BAA0B;sCAI1B,6BAA6B;gCAA7B,6BAA6B;+BAQ7B,sBAAsB;yBAAtB,sBAAsB;oCACsB,2BAA2B;8BAA3B,2BAA2B;4BAQ3C,mBAAmB;sBAAnB,mBAAmB;6BAM/C,oBAAoB;uBAApB,oBAAoB;mCAbuB,2BAA2B;8BAA3B,2BAA2B;uCAItE,8BAA8B;iCAA9B,8BAA8B;+BACI,sBAAsB;yBAAtB,sBAAsB;iCAClB,wBAAwB;2BAAxB,wBAAwB;mCAQnB,2BAA2B;8BAA3B,2BAA2B;2BAC5C,kBAAkB;qBAAlB,kBAAkB;6BACd,oBAAoB;uBAApB,oBAAoB;6BACR,0BAA0B;mCAA1B,0BAA0B;sBA/BpE,0BAA0B;4BAA1B,0BAA0B;4BA2B1B,oBAAoB;kCAApB,oBAAoB;6BAfpB,sBAAsB;mCAAtB,sBAAsB;+BAAtB,sBAAsB;oCAAtB,sBAAsB;4BAyBtB,oBAAoB;uBAApB,oBAAoB;6BAApB,oBAAoB;kCAApB,oBAAoB;yBACc,sBAAsB;+BAAtB,sBAAsB;uCAIxD,8BAA8B;iCAA9B,8BAA8B;qCACgB,4BAA4B;+BAA5B,4BAA4B;mCAChC,0BAA0B;6BAA1B,0BAA0B;8CAIpE,qCAAqC;wCAArC,qCAAqC;4BAOT,mBAAmB;sBAAnB,mBAAmB;kCAS/C,yBAAyB;4BAAzB,yBAAyB;sCAAzB,yBAAyB;gCAAzB,yBAAyB;qCAAzB,yBAAyB;8BASzB,qBAAqB;wBAArB,qBAAqB;mCAArB,qBAAqB;6BAArB,qBAAqB;uDAArB,qBAAqB;2BAtBa,2BAA2B;6BAA3B,2BAA2B;0BAC1C,sBAAsB"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.js"],"names":[],"mappings":"AAsFA;;;iBAEC;yBA5BwB,oBAAoB;qBADxB,gBAAgB;4BA3DF,mBAAmB;sBAAnB,mBAAmB;qCAI/C,4BAA4B;+BAA5B,4BAA4B;mCAM5B,0BAA0B;6BAA1B,0BAA0B;sCAI1B,6BAA6B;gCAA7B,6BAA6B;+BAQ7B,sBAAsB;yBAAtB,sBAAsB;oCACsB,2BAA2B;8BAA3B,2BAA2B;4BAQ3C,mBAAmB;sBAAnB,mBAAmB;6BAM/C,oBAAoB;uBAApB,oBAAoB;mCAbuB,2BAA2B;8BAA3B,2BAA2B;uCAItE,8BAA8B;iCAA9B,8BAA8B;+BACI,sBAAsB;yBAAtB,sBAAsB;iCAClB,wBAAwB;2BAAxB,wBAAwB;mCAQnB,2BAA2B;8BAA3B,2BAA2B;2BAC5C,kBAAkB;qBAAlB,kBAAkB;6BACd,oBAAoB;uBAApB,oBAAoB;6BACR,0BAA0B;mCAA1B,0BAA0B;sBA/BpE,0BAA0B;4BAA1B,0BAA0B;4BA2B1B,oBAAoB;kCAApB,oBAAoB;6BAfpB,sBAAsB;mCAAtB,sBAAsB;+BAAtB,sBAAsB;oCAAtB,sBAAsB;4BAyBtB,oBAAoB;uBAApB,oBAAoB;6BAApB,oBAAoB;kCAApB,oBAAoB;yBACc,sBAAsB;+BAAtB,sBAAsB;uCAIxD,8BAA8B;iCAA9B,8BAA8B;qCACgB,4BAA4B;+BAA5B,4BAA4B;mCAChC,0BAA0B;6BAA1B,0BAA0B;8CAIpE,qCAAqC;wCAArC,qCAAqC;4BAOT,mBAAmB;sBAAnB,mBAAmB;kCAS/C,yBAAyB;4BAAzB,yBAAyB;sCAAzB,yBAAyB;gCAAzB,yBAAyB;qCAAzB,yBAAyB;8BASzB,qBAAqB;wBAArB,qBAAqB;mCAArB,qBAAqB;6BAArB,qBAAqB;uDAArB,qBAAqB;yCACiC,gCAAgC;mCAAhC,gCAAgC;2BAvBpD,2BAA2B;6BAA3B,2BAA2B;0BAC1C,sBAAsB"}
@@ -1 +1 @@
1
- {"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../src/models/admin.js"],"names":[],"mappings":"AAEA,8BAgBG;AAUH,wBAAmD"}
1
+ {"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../src/models/admin.js"],"names":[],"mappings":"AAEA,8BAsBG;AAcH,wBAAmD"}
@@ -6,10 +6,10 @@ export const annotationSchema: mongoose.Schema<any, mongoose.Model<any, any, any
6
6
  _id: true;
7
7
  timestamps: false;
8
8
  }, {
9
- source: "admin" | "processing_engine";
10
- timestamp: Date;
11
9
  comment: string;
12
10
  measurementIdentifier: string;
11
+ source: "admin" | "processing_engine";
12
+ timestamp: Date;
13
13
  adminId?: {
14
14
  prototype?: mongoose.Types.ObjectId;
15
15
  cacheHexString?: unknown;
@@ -20,10 +20,10 @@ export const annotationSchema: mongoose.Schema<any, mongoose.Model<any, any, any
20
20
  isValid?: {};
21
21
  };
22
22
  }, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
23
- source: "admin" | "processing_engine";
24
- timestamp: Date;
25
23
  comment: string;
26
24
  measurementIdentifier: string;
25
+ source: "admin" | "processing_engine";
26
+ timestamp: Date;
27
27
  adminId?: {
28
28
  prototype?: mongoose.Types.ObjectId;
29
29
  cacheHexString?: unknown;
@@ -34,10 +34,10 @@ export const annotationSchema: mongoose.Schema<any, mongoose.Model<any, any, any
34
34
  isValid?: {};
35
35
  };
36
36
  }>> & mongoose.FlatRecord<{
37
- source: "admin" | "processing_engine";
38
- timestamp: Date;
39
37
  comment: string;
40
38
  measurementIdentifier: string;
39
+ source: "admin" | "processing_engine";
40
+ timestamp: Date;
41
41
  adminId?: {
42
42
  prototype?: mongoose.Types.ObjectId;
43
43
  cacheHexString?: unknown;
@@ -0,0 +1,158 @@
1
+ export const passwordResetTokenSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, {
2
+ timestamps: true;
3
+ }, {
4
+ createdAt: NativeDate;
5
+ updatedAt: NativeDate;
6
+ } & {
7
+ adminId: {
8
+ prototype?: mongoose.Types.ObjectId;
9
+ cacheHexString?: unknown;
10
+ generate?: {};
11
+ createFromTime?: {};
12
+ createFromHexString?: {};
13
+ createFromBase64?: {};
14
+ isValid?: {};
15
+ };
16
+ tokenHash: string;
17
+ used: boolean;
18
+ expiresAt: Date;
19
+ }, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
20
+ createdAt: NativeDate;
21
+ updatedAt: NativeDate;
22
+ } & {
23
+ adminId: {
24
+ prototype?: mongoose.Types.ObjectId;
25
+ cacheHexString?: unknown;
26
+ generate?: {};
27
+ createFromTime?: {};
28
+ createFromHexString?: {};
29
+ createFromBase64?: {};
30
+ isValid?: {};
31
+ };
32
+ tokenHash: string;
33
+ used: boolean;
34
+ expiresAt: Date;
35
+ }>> & mongoose.FlatRecord<{
36
+ createdAt: NativeDate;
37
+ updatedAt: NativeDate;
38
+ } & {
39
+ adminId: {
40
+ prototype?: mongoose.Types.ObjectId;
41
+ cacheHexString?: unknown;
42
+ generate?: {};
43
+ createFromTime?: {};
44
+ createFromHexString?: {};
45
+ createFromBase64?: {};
46
+ isValid?: {};
47
+ };
48
+ tokenHash: string;
49
+ used: boolean;
50
+ expiresAt: Date;
51
+ }> & {
52
+ _id: mongoose.Types.ObjectId;
53
+ }>;
54
+ export const PasswordResetToken: mongoose.Model<{
55
+ createdAt: NativeDate;
56
+ updatedAt: NativeDate;
57
+ } & {
58
+ adminId: {
59
+ prototype?: mongoose.Types.ObjectId;
60
+ cacheHexString?: unknown;
61
+ generate?: {};
62
+ createFromTime?: {};
63
+ createFromHexString?: {};
64
+ createFromBase64?: {};
65
+ isValid?: {};
66
+ };
67
+ tokenHash: string;
68
+ used: boolean;
69
+ expiresAt: Date;
70
+ }, {}, {}, {}, mongoose.Document<unknown, {}, {
71
+ createdAt: NativeDate;
72
+ updatedAt: NativeDate;
73
+ } & {
74
+ adminId: {
75
+ prototype?: mongoose.Types.ObjectId;
76
+ cacheHexString?: unknown;
77
+ generate?: {};
78
+ createFromTime?: {};
79
+ createFromHexString?: {};
80
+ createFromBase64?: {};
81
+ isValid?: {};
82
+ };
83
+ tokenHash: string;
84
+ used: boolean;
85
+ expiresAt: Date;
86
+ }> & {
87
+ createdAt: NativeDate;
88
+ updatedAt: NativeDate;
89
+ } & {
90
+ adminId: {
91
+ prototype?: mongoose.Types.ObjectId;
92
+ cacheHexString?: unknown;
93
+ generate?: {};
94
+ createFromTime?: {};
95
+ createFromHexString?: {};
96
+ createFromBase64?: {};
97
+ isValid?: {};
98
+ };
99
+ tokenHash: string;
100
+ used: boolean;
101
+ expiresAt: Date;
102
+ } & {
103
+ _id: mongoose.Types.ObjectId;
104
+ }, mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, {
105
+ timestamps: true;
106
+ }, {
107
+ createdAt: NativeDate;
108
+ updatedAt: NativeDate;
109
+ } & {
110
+ adminId: {
111
+ prototype?: mongoose.Types.ObjectId;
112
+ cacheHexString?: unknown;
113
+ generate?: {};
114
+ createFromTime?: {};
115
+ createFromHexString?: {};
116
+ createFromBase64?: {};
117
+ isValid?: {};
118
+ };
119
+ tokenHash: string;
120
+ used: boolean;
121
+ expiresAt: Date;
122
+ }, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
123
+ createdAt: NativeDate;
124
+ updatedAt: NativeDate;
125
+ } & {
126
+ adminId: {
127
+ prototype?: mongoose.Types.ObjectId;
128
+ cacheHexString?: unknown;
129
+ generate?: {};
130
+ createFromTime?: {};
131
+ createFromHexString?: {};
132
+ createFromBase64?: {};
133
+ isValid?: {};
134
+ };
135
+ tokenHash: string;
136
+ used: boolean;
137
+ expiresAt: Date;
138
+ }>> & mongoose.FlatRecord<{
139
+ createdAt: NativeDate;
140
+ updatedAt: NativeDate;
141
+ } & {
142
+ adminId: {
143
+ prototype?: mongoose.Types.ObjectId;
144
+ cacheHexString?: unknown;
145
+ generate?: {};
146
+ createFromTime?: {};
147
+ createFromHexString?: {};
148
+ createFromBase64?: {};
149
+ isValid?: {};
150
+ };
151
+ tokenHash: string;
152
+ used: boolean;
153
+ expiresAt: Date;
154
+ }> & {
155
+ _id: mongoose.Types.ObjectId;
156
+ }>>;
157
+ import mongoose from 'mongoose';
158
+ //# sourceMappingURL=passwordResetToken.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"passwordResetToken.d.ts","sourceRoot":"","sources":["../../src/models/passwordResetToken.js"],"names":[],"mappings":"AAgBA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAQE;AAKF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAA0F;qBA7BrE,UAAU"}
@@ -0,0 +1,28 @@
1
+ /**
2
+ * Auth/compliance audit action enum (auth-contracts #4 — EXACT strings, frozen).
3
+ * Distinct domain from the measurement-lineage `Audit` model in
4
+ * models/measurements.js: this tracks WHO did WHAT to admin/auth state, for the
5
+ * government-compliance audit trail.
6
+ *
7
+ * Emit sites (in the services): login (success/failure), logout, forgot-password
8
+ * (requested/completed), silent refresh, and the admin mutation sites
9
+ * (create/update/delete, role.change when permissionName changes,
10
+ * deactivate/reactivate when isActive toggles).
11
+ */
12
+ export const AUDIT_ACTIONS: Readonly<{
13
+ LOGIN_SUCCESS: "auth.login.success";
14
+ LOGIN_FAILURE: "auth.login.failure";
15
+ LOGOUT: "auth.logout";
16
+ PASSWORD_RESET_REQUESTED: "auth.password.reset.requested";
17
+ PASSWORD_RESET_COMPLETED: "auth.password.reset.completed";
18
+ TOKEN_REFRESH: "auth.token.refresh";
19
+ ADMIN_CREATE: "admin.create";
20
+ ADMIN_UPDATE: "admin.update";
21
+ ADMIN_DELETE: "admin.delete";
22
+ ADMIN_ROLE_CHANGE: "admin.role.change";
23
+ ADMIN_DEACTIVATE: "admin.deactivate";
24
+ ADMIN_REACTIVATE: "admin.reactivate";
25
+ }>;
26
+ /** Frozen list of all valid action strings — used as the AuditLog schema enum. */
27
+ export const AUDIT_ACTION_VALUES: readonly ("auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate")[];
28
+ //# sourceMappingURL=actions.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../../../src/modules/audit/actions.js"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH;;;;;;;;;;;;;GAaG;AAEH,kFAAkF;AAClF,yTAA+E"}
@@ -0,0 +1,32 @@
1
+ /**
2
+ * Single canonical audit write path (auth-contracts #4).
3
+ *
4
+ * writeAudit(entry) ──► AuditLog.create
5
+ * │ ok │ throws (db down, validation)
6
+ * ▼ ▼
7
+ * return true logger.error + return false (NEVER throws)
8
+ *
9
+ * An audit hiccup must not fail the request it is recording (e.g. a login). The
10
+ * caller gets a boolean and decides; the failure is logged at error for compliance
11
+ * follow-up. Inject the consuming service's logger via deps.logger (DI); it falls
12
+ * back to a no-op rather than raw console so it honors the "no console" rule.
13
+ *
14
+ * @param {{action:string, actor?:object, resource?:object, outcome:string,
15
+ * reason?:string, metadata?:object, requestId?:string}} entry
16
+ * @param {{ logger?: { error: Function } }} [deps]
17
+ * @returns {Promise<boolean>} true if persisted, false if the write failed
18
+ */
19
+ export function writeAudit({ action, actor, resource, outcome, reason, metadata, requestId }?: {
20
+ action: string;
21
+ actor?: object;
22
+ resource?: object;
23
+ outcome: string;
24
+ reason?: string;
25
+ metadata?: object;
26
+ requestId?: string;
27
+ }, { logger }?: {
28
+ logger?: {
29
+ error: Function;
30
+ };
31
+ }): Promise<boolean>;
32
+ //# sourceMappingURL=auditLog.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auditLog.d.ts","sourceRoot":"","sources":["../../../src/modules/audit/auditLog.js"],"names":[],"mappings":"AAKA;;;;;;;;;;;;;;;;;GAiBG;AACH,+FALW;IAAC,MAAM,EAAC,MAAM,CAAC;IAAC,KAAK,CAAC,EAAC,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAC,MAAM,CAAC;IAAC,OAAO,EAAC,MAAM,CAAC;IAC/D,MAAM,CAAC,EAAC,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAC,MAAM,CAAC;IAAC,SAAS,CAAC,EAAC,MAAM,CAAA;CAAC,eACrD;IAAE,MAAM,CAAC,EAAE;QAAE,KAAK,WAAU;KAAE,CAAA;CAAE,GAC9B,OAAO,CAAC,OAAO,CAAC,CAiB5B"}
@@ -0,0 +1,4 @@
1
+ export { writeAudit } from "./auditLog.js";
2
+ export { AUDIT_ACTIONS, AUDIT_ACTION_VALUES } from "./actions.js";
3
+ export { AuditLog, auditLogSchema } from "./schema.js";
4
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/modules/audit/index.js"],"names":[],"mappings":""}
@@ -0,0 +1,321 @@
1
+ /**
2
+ * AuditLog — auth/compliance audit trail (JA-2814, auth-contracts #4).
3
+ * One model definition; both services import it, neither redefines it. This is NOT
4
+ * the measurement-lineage `Audit` model (models/measurements.js) — different domain,
5
+ * different collection.
6
+ *
7
+ * actor (who) ─┐
8
+ * action (what) ├─► AuditLog doc ──► compliance queries (by actor / action / target)
9
+ * resource (tgt) ┘
10
+ */
11
+ export const auditLogSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, {
12
+ timestamps: true;
13
+ }, {
14
+ createdAt: NativeDate;
15
+ updatedAt: NativeDate;
16
+ } & {
17
+ action: "auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate";
18
+ outcome: "success" | "failure";
19
+ metadata?: any;
20
+ actor?: {
21
+ adminId?: {
22
+ prototype?: mongoose.Types.ObjectId;
23
+ cacheHexString?: unknown;
24
+ generate?: {};
25
+ createFromTime?: {};
26
+ createFromHexString?: {};
27
+ createFromBase64?: {};
28
+ isValid?: {};
29
+ };
30
+ email?: string;
31
+ orgId?: {
32
+ prototype?: mongoose.Types.ObjectId;
33
+ cacheHexString?: unknown;
34
+ generate?: {};
35
+ createFromTime?: {};
36
+ createFromHexString?: {};
37
+ createFromBase64?: {};
38
+ isValid?: {};
39
+ };
40
+ };
41
+ resource?: {
42
+ type?: string;
43
+ };
44
+ reason?: string;
45
+ requestId?: string;
46
+ }, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
47
+ createdAt: NativeDate;
48
+ updatedAt: NativeDate;
49
+ } & {
50
+ action: "auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate";
51
+ outcome: "success" | "failure";
52
+ metadata?: any;
53
+ actor?: {
54
+ adminId?: {
55
+ prototype?: mongoose.Types.ObjectId;
56
+ cacheHexString?: unknown;
57
+ generate?: {};
58
+ createFromTime?: {};
59
+ createFromHexString?: {};
60
+ createFromBase64?: {};
61
+ isValid?: {};
62
+ };
63
+ email?: string;
64
+ orgId?: {
65
+ prototype?: mongoose.Types.ObjectId;
66
+ cacheHexString?: unknown;
67
+ generate?: {};
68
+ createFromTime?: {};
69
+ createFromHexString?: {};
70
+ createFromBase64?: {};
71
+ isValid?: {};
72
+ };
73
+ };
74
+ resource?: {
75
+ type?: string;
76
+ };
77
+ reason?: string;
78
+ requestId?: string;
79
+ }>> & mongoose.FlatRecord<{
80
+ createdAt: NativeDate;
81
+ updatedAt: NativeDate;
82
+ } & {
83
+ action: "auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate";
84
+ outcome: "success" | "failure";
85
+ metadata?: any;
86
+ actor?: {
87
+ adminId?: {
88
+ prototype?: mongoose.Types.ObjectId;
89
+ cacheHexString?: unknown;
90
+ generate?: {};
91
+ createFromTime?: {};
92
+ createFromHexString?: {};
93
+ createFromBase64?: {};
94
+ isValid?: {};
95
+ };
96
+ email?: string;
97
+ orgId?: {
98
+ prototype?: mongoose.Types.ObjectId;
99
+ cacheHexString?: unknown;
100
+ generate?: {};
101
+ createFromTime?: {};
102
+ createFromHexString?: {};
103
+ createFromBase64?: {};
104
+ isValid?: {};
105
+ };
106
+ };
107
+ resource?: {
108
+ type?: string;
109
+ };
110
+ reason?: string;
111
+ requestId?: string;
112
+ }> & {
113
+ _id: mongoose.Types.ObjectId;
114
+ }>;
115
+ export const AuditLog: mongoose.Model<{
116
+ createdAt: NativeDate;
117
+ updatedAt: NativeDate;
118
+ } & {
119
+ action: "auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate";
120
+ outcome: "success" | "failure";
121
+ metadata?: any;
122
+ actor?: {
123
+ adminId?: {
124
+ prototype?: mongoose.Types.ObjectId;
125
+ cacheHexString?: unknown;
126
+ generate?: {};
127
+ createFromTime?: {};
128
+ createFromHexString?: {};
129
+ createFromBase64?: {};
130
+ isValid?: {};
131
+ };
132
+ email?: string;
133
+ orgId?: {
134
+ prototype?: mongoose.Types.ObjectId;
135
+ cacheHexString?: unknown;
136
+ generate?: {};
137
+ createFromTime?: {};
138
+ createFromHexString?: {};
139
+ createFromBase64?: {};
140
+ isValid?: {};
141
+ };
142
+ };
143
+ resource?: {
144
+ type?: string;
145
+ };
146
+ reason?: string;
147
+ requestId?: string;
148
+ }, {}, {}, {}, mongoose.Document<unknown, {}, {
149
+ createdAt: NativeDate;
150
+ updatedAt: NativeDate;
151
+ } & {
152
+ action: "auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate";
153
+ outcome: "success" | "failure";
154
+ metadata?: any;
155
+ actor?: {
156
+ adminId?: {
157
+ prototype?: mongoose.Types.ObjectId;
158
+ cacheHexString?: unknown;
159
+ generate?: {};
160
+ createFromTime?: {};
161
+ createFromHexString?: {};
162
+ createFromBase64?: {};
163
+ isValid?: {};
164
+ };
165
+ email?: string;
166
+ orgId?: {
167
+ prototype?: mongoose.Types.ObjectId;
168
+ cacheHexString?: unknown;
169
+ generate?: {};
170
+ createFromTime?: {};
171
+ createFromHexString?: {};
172
+ createFromBase64?: {};
173
+ isValid?: {};
174
+ };
175
+ };
176
+ resource?: {
177
+ type?: string;
178
+ };
179
+ reason?: string;
180
+ requestId?: string;
181
+ }> & {
182
+ createdAt: NativeDate;
183
+ updatedAt: NativeDate;
184
+ } & {
185
+ action: "auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate";
186
+ outcome: "success" | "failure";
187
+ metadata?: any;
188
+ actor?: {
189
+ adminId?: {
190
+ prototype?: mongoose.Types.ObjectId;
191
+ cacheHexString?: unknown;
192
+ generate?: {};
193
+ createFromTime?: {};
194
+ createFromHexString?: {};
195
+ createFromBase64?: {};
196
+ isValid?: {};
197
+ };
198
+ email?: string;
199
+ orgId?: {
200
+ prototype?: mongoose.Types.ObjectId;
201
+ cacheHexString?: unknown;
202
+ generate?: {};
203
+ createFromTime?: {};
204
+ createFromHexString?: {};
205
+ createFromBase64?: {};
206
+ isValid?: {};
207
+ };
208
+ };
209
+ resource?: {
210
+ type?: string;
211
+ };
212
+ reason?: string;
213
+ requestId?: string;
214
+ } & {
215
+ _id: mongoose.Types.ObjectId;
216
+ }, mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any>, {}, {}, {}, {}, {
217
+ timestamps: true;
218
+ }, {
219
+ createdAt: NativeDate;
220
+ updatedAt: NativeDate;
221
+ } & {
222
+ action: "auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate";
223
+ outcome: "success" | "failure";
224
+ metadata?: any;
225
+ actor?: {
226
+ adminId?: {
227
+ prototype?: mongoose.Types.ObjectId;
228
+ cacheHexString?: unknown;
229
+ generate?: {};
230
+ createFromTime?: {};
231
+ createFromHexString?: {};
232
+ createFromBase64?: {};
233
+ isValid?: {};
234
+ };
235
+ email?: string;
236
+ orgId?: {
237
+ prototype?: mongoose.Types.ObjectId;
238
+ cacheHexString?: unknown;
239
+ generate?: {};
240
+ createFromTime?: {};
241
+ createFromHexString?: {};
242
+ createFromBase64?: {};
243
+ isValid?: {};
244
+ };
245
+ };
246
+ resource?: {
247
+ type?: string;
248
+ };
249
+ reason?: string;
250
+ requestId?: string;
251
+ }, mongoose.Document<unknown, {}, mongoose.FlatRecord<{
252
+ createdAt: NativeDate;
253
+ updatedAt: NativeDate;
254
+ } & {
255
+ action: "auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate";
256
+ outcome: "success" | "failure";
257
+ metadata?: any;
258
+ actor?: {
259
+ adminId?: {
260
+ prototype?: mongoose.Types.ObjectId;
261
+ cacheHexString?: unknown;
262
+ generate?: {};
263
+ createFromTime?: {};
264
+ createFromHexString?: {};
265
+ createFromBase64?: {};
266
+ isValid?: {};
267
+ };
268
+ email?: string;
269
+ orgId?: {
270
+ prototype?: mongoose.Types.ObjectId;
271
+ cacheHexString?: unknown;
272
+ generate?: {};
273
+ createFromTime?: {};
274
+ createFromHexString?: {};
275
+ createFromBase64?: {};
276
+ isValid?: {};
277
+ };
278
+ };
279
+ resource?: {
280
+ type?: string;
281
+ };
282
+ reason?: string;
283
+ requestId?: string;
284
+ }>> & mongoose.FlatRecord<{
285
+ createdAt: NativeDate;
286
+ updatedAt: NativeDate;
287
+ } & {
288
+ action: "auth.login.success" | "auth.login.failure" | "auth.logout" | "auth.password.reset.requested" | "auth.password.reset.completed" | "auth.token.refresh" | "admin.create" | "admin.update" | "admin.delete" | "admin.role.change" | "admin.deactivate" | "admin.reactivate";
289
+ outcome: "success" | "failure";
290
+ metadata?: any;
291
+ actor?: {
292
+ adminId?: {
293
+ prototype?: mongoose.Types.ObjectId;
294
+ cacheHexString?: unknown;
295
+ generate?: {};
296
+ createFromTime?: {};
297
+ createFromHexString?: {};
298
+ createFromBase64?: {};
299
+ isValid?: {};
300
+ };
301
+ email?: string;
302
+ orgId?: {
303
+ prototype?: mongoose.Types.ObjectId;
304
+ cacheHexString?: unknown;
305
+ generate?: {};
306
+ createFromTime?: {};
307
+ createFromHexString?: {};
308
+ createFromBase64?: {};
309
+ isValid?: {};
310
+ };
311
+ };
312
+ resource?: {
313
+ type?: string;
314
+ };
315
+ reason?: string;
316
+ requestId?: string;
317
+ }> & {
318
+ _id: mongoose.Types.ObjectId;
319
+ }>>;
320
+ import mongoose from 'mongoose';
321
+ //# sourceMappingURL=schema.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../src/modules/audit/schema.js"],"names":[],"mappings":"AAGA;;;;;;;;;GASG;AACH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqBE;AAOF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAA4D;qBAzCvC,UAAU"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=actions.test.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"actions.test.d.ts","sourceRoot":"","sources":["../../../../src/modules/audit/tests/actions.test.js"],"names":[],"mappings":""}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=auditLog.test.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auditLog.test.d.ts","sourceRoot":"","sources":["../../../../src/modules/audit/tests/auditLog.test.js"],"names":[],"mappings":""}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=schema.test.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.test.d.ts","sourceRoot":"","sources":["../../../../src/modules/audit/tests/schema.test.js"],"names":[],"mappings":""}