npm - @ozdao/martyrs - Versions diffs - 0.2.585 → 0.2.586 - Mend

@ozdao/martyrs 0.2.585 → 0.2.586

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (386) hide show

package/dist/auth.server.js CHANGED Viewed

@@ -1,12 +1,13 @@
-import { a as applyProfileSchema, m as modelsFactory } from "./profile.schema-CjLOfG7b.js";
-import { m as middlewareIndexFactory } from "./index-_Edcmck_.js";
+import { m as middlewareIndexFactory, i as initOtpService } from "./index-kvBwwb0w.js";
 import bcrypt from "bcryptjs";
 import jwt from "jsonwebtoken";
 import { Types } from "mongoose";
 import jwkToPem from "jwk-to-pem";
-import { m as mailing } from "./mailing-DuEFRsa3.js";
+import { g as getSessionsService } from "./sessions.service-COcwjd0f.js";
+import { g as getVisitorsService } from "./visitors.service-B1dhhuSo.js";
 import { a as addUserStatusFields, b as addMembersQuantity } from "./addUserStatusFields-Cc-JpmPo.js";
 import { a as applyCredentialsSchema } from "./credentials.schema--2vvcu8c.js";
+import { a as applyProfileSchema } from "./profile.schema-C31Lynn3.js";
 import { a as applySocialsSchema } from "./socials.schema-DxnnaBgO.js";
 async function verifyAppleIdToken(id_token) {
   const decodedToken = jwt.decode(id_token, { complete: true });
@@ -43,7 +44,7 @@ async function verifyAppleIdToken(id_token) {
   return decodedToken.payload;
 }
 const ObjectId$1 = { Types }.Types.ObjectId;
-const controllerFactory$2 = (db) => {
+const controllerFactory$1 = (db) => {
   const User = db.user;
   const Membership = db.membership;
   db.department;
@@ -91,9 +92,24 @@ const controllerFactory$2 = (db) => {
           return res.status(401).send({ errorCode: "INCORRECT_PASSWORD_ENTERED", accessToken: null });
         }
       }
+      const sessionsService = getSessionsService();
+      const session = await sessionsService.createSession({
+        userId: user._id,
+        visitorId: req.visitorId || null,
+        req
+      });
+      if (req.visitorId) {
+        const visitorsService = getVisitorsService();
+        await visitorsService.linkVisitorToUser({
+          visitorId: req.visitorId,
+          userId: user._id,
+          sessionId: session._id
+        });
+      }
       const token = jwt.sign(
         {
-          _id: user._id
+          _id: user._id,
+          session_id: session._id
         },
         process.env.SECRET_KEY,
         {
@@ -167,9 +183,24 @@ const controllerFactory$2 = (db) => {
         console.log(err);
       }
     }
+    const sessionsService = getSessionsService();
+    const session = await sessionsService.createSession({
+      userId: user._id,
+      visitorId: req.visitorId || null,
+      req
+    });
+    if (req.visitorId) {
+      const visitorsService = getVisitorsService();
+      await visitorsService.linkVisitorToUser({
+        visitorId: req.visitorId,
+        userId: user._id,
+        sessionId: session._id
+      });
+    }
     const token = jwt.sign(
       {
         _id: user._id,
+        session_id: session._id,
         organization: invite ? invite.organization : null
       },
       process.env.SECRET_KEY,
@@ -189,17 +220,11 @@ const controllerFactory$2 = (db) => {
   };
   const updatePassword = async (req, res) => {
     try {
-      const { phone, email, password, type } = req.body;
-      let query;
-      if (type === "phone" && phone) {
-        query = { phone };
-      }
-      if (type === "email" && email) {
-        query = { email };
-      }
-      if (!query || !password) {
+      const { identifier, password, type } = req.body;
+      if (!identifier || !type || !password) {
         return res.status(400).send({ errorCode: "MISSING_REQUIRED_PARAMETERS" });
       }
+      const query = type === "phone" ? { phone: identifier } : { email: identifier };
       const salt = await bcrypt.genSalt(8);
       const hashedPassword = await bcrypt.hash(password, salt);
       const user = await User.findOneAndUpdate(query, {
@@ -208,7 +233,14 @@ const controllerFactory$2 = (db) => {
       if (!user) {
         return res.status(404).send({ errorCode: "ERROR_UPDATING_USER" });
       }
-      const token = jwt.sign({ _id: user._id }, process.env.SECRET_KEY, {
+      const sessionsService = getSessionsService();
+      await sessionsService.deactivateAllUserSessions(user._id);
+      const session = await sessionsService.createSession({
+        userId: user._id,
+        visitorId: req.visitorId || null,
+        req
+      });
+      const token = jwt.sign({ _id: user._id, session_id: session._id }, process.env.SECRET_KEY, {
         expiresIn: 86400
       });
       const authorities = user.roles.map((role) => `ROLE_${role.name.toUpperCase()}`);
@@ -231,54 +263,54 @@ const controllerFactory$2 = (db) => {
     updatePassword
   };
 };
-const { sendEmail, sendSms } = mailing;
-const controllerFactory$1 = (db) => {
-  const sendcode = async (req, res) => {
-    const code = Math.floor(1e3 + Math.random() * 9e3);
-    const type = req.body.type;
-    const method = req.body.method;
-    if (type === "email") {
-      const emailSent = await sendEmail(req.body.email, `${process.env.APP_NAME} Verification Code`, `Your ${process.env.APP_NAME} verification code is ${code}`);
-      if (emailSent) {
-        res.send({ code, type, method });
-      } else {
-        console.log(emailSent);
-        res.status(500).send("Failed to send email");
-      }
-    } else if (type === "phone") {
-      const smsSent = await sendSms(req.body.phone, `Your ${process.env.APP_NAME} verification code: ${code}`);
-      if (smsSent) {
-        res.send({ code, type, method });
-      } else {
-        res.status(500).send("Failed to send SMS");
-      }
-    }
-  };
-  return {
-    sendcode
-  };
-};
 const authRoutes = (function(app, db, origins) {
-  const controller = controllerFactory$2(db);
-  const controllerTwofa = controllerFactory$1();
-  const { verifySignUp, verifyUser } = middlewareIndexFactory(db);
+  const controller = controllerFactory$1(db);
+  const { verifySignUp, verifyUser, otp, authJwt } = middlewareIndexFactory(db);
   app.post(
     "/api/auth/signup",
     [
-      verifySignUp.checkDuplicateUsernameOrEmail
-      // verifySignUp.checkRolesExisted
+      verifySignUp.checkDuplicateUsernameOrEmail,
+      otp.stepUp("signup", (req) => ({
+        identifier: req.body.type === "email" ? req.body.email : req.body.phone,
+        type: req.body.type
+      }))
     ],
     controller.signup
   );
   app.post("/api/auth/signin", controller.signin);
-  app.post("/api/auth/reset-password", [verifyUser.checkUserExist], controllerTwofa.sendcode);
-  app.post("/api/auth/update-password", controller.updatePassword);
-});
-const twofaRoutes = (function(app, db) {
-  const controller = controllerFactory$1();
-  const { verifySignUp, verifyUser } = middlewareIndexFactory(db);
-  app.post("/api/twofa/sendcode", [verifySignUp.checkDuplicateUsernameOrEmail], controller.sendcode);
-  app.post("/api/twofa/sendcodereset", [verifyUser.checkUserExist], controller.sendcode);
+  app.post(
+    "/api/auth/reset-password",
+    [
+      verifyUser.checkUserExist,
+      otp.stepUp("reset-password", (req) => ({
+        identifier: req.body.identifier,
+        type: req.body.type
+      }))
+    ],
+    controller.updatePassword
+  );
+  app.post("/api/auth/logout", [authJwt.verifyToken()], async (req, res) => {
+    try {
+      if (req.sessionId) {
+        const sessionsService = getSessionsService();
+        await sessionsService.deactivateSession(req.sessionId);
+      }
+      res.status(200).send({ success: true });
+    } catch (err) {
+      res.status(500).send({ message: err.message });
+    }
+  });
+  app.post("/api/auth/logout-all", [authJwt.verifyToken()], async (req, res) => {
+    try {
+      if (req.userId) {
+        const sessionsService = getSessionsService();
+        await sessionsService.deactivateAllUserSessions(req.userId);
+      }
+      res.status(200).send({ success: true });
+    } catch (err) {
+      res.status(500).send({ message: err.message });
+    }
+  });
 });
 const ObjectId = { Types }.Types.ObjectId;
 const controllerFactory = (db) => {
@@ -343,6 +375,13 @@ const controllerFactory = (db) => {
     });
     query.push(addMembersQuantity());
     if (req.query.user) query.push(addUserStatusFields(req.query.user));
+    query.push({
+      $project: {
+        password: 0,
+        refreshToken: 0,
+        __v: 0
+      }
+    });
     query.push({
       $skip: skip
     });
@@ -371,14 +410,16 @@ const controllerFactory = (db) => {
       if (!user) {
         return res.status(404).send({ errorCode: "USER_NOT_CREATED", message: "User is not created." });
       }
-      res.status(200).send(user);
+      const { password, refreshToken, __v, ...safeUser } = user.toObject();
+      res.status(200).send(safeUser);
     } catch (err) {
       return res.status(500).send({ errorCode: "INTERNAL_SERVER_ERROR", message: err });
     }
   };
   const update = async (req, res) => {
     try {
-      const user = await User.findOneAndUpdate({ _id: req.params._id }, req.body, { new: true });
+      const { email, phone, ...safeData } = req.body;
+      const user = await User.findOneAndUpdate({ _id: req.params._id }, safeData, { new: true }).select("-password -refreshToken -__v");
       if (!user) {
         return res.status(404).send({ errorCode: "UPDATE_FAILED", message: "Something wrong when updating user." });
       }
@@ -387,11 +428,30 @@ const controllerFactory = (db) => {
       return res.status(500).send({ errorCode: "INTERNAL_SERVER_ERROR", message: err });
     }
   };
-  const remove = async (req, res) => {
+  const updateEmail = async (req, res) => {
     try {
-      const user = await User.findOneAndDelete({ phone: req.params.phone });
+      const user = await User.findOneAndUpdate(
+        { _id: req.params._id },
+        { email: req.body.email },
+        { new: true }
+      ).select("-password -refreshToken -__v");
       if (!user) {
-        return res.status(404).send({ errorCode: "DELETION_FAILED", message: "User is not deleted." });
+        return res.status(404).send({ errorCode: "UPDATE_FAILED", message: "Something wrong when updating email." });
+      }
+      res.status(200).send(user);
+    } catch (err) {
+      return res.status(500).send({ errorCode: "INTERNAL_SERVER_ERROR", message: err });
+    }
+  };
+  const updatePhone = async (req, res) => {
+    try {
+      const user = await User.findOneAndUpdate(
+        { _id: req.params._id },
+        { phone: req.body.phone },
+        { new: true }
+      ).select("-password -refreshToken -__v");
+      if (!user) {
+        return res.status(404).send({ errorCode: "UPDATE_FAILED", message: "Something wrong when updating phone." });
       }
       res.status(200).send(user);
     } catch (err) {
@@ -402,31 +462,35 @@ const controllerFactory = (db) => {
     read,
     create,
     update,
-    remove
+    updateEmail,
+    updatePhone
   };
 };
 const usersRoutes = (function(app, db, origins) {
   const controller = controllerFactory(db);
-  const { authJwt, verifyUser } = middlewareIndexFactory(db);
+  const { authJwt, verifyUser, otp } = middlewareIndexFactory(db);
   app.post("/api/users", [authJwt.verifyToken(), verifyUser.checkDuplicateUsername], controller.create);
   app.get("/api/users", controller.read);
-  app.put("/api/users/:_id", [authJwt.verifyToken(), verifyUser.checkDuplicateUsername], controller.update);
-  app.delete("/api/users/:_id", [authJwt.verifyToken()], controller.remove);
+  app.put("/api/users/:_id", [
+    authJwt.verifyToken(),
+    verifyUser.checkOwnership,
+    verifyUser.checkDuplicateUsername
+  ], controller.update);
+  app.put("/api/users/:_id/email", [
+    authJwt.verifyToken(),
+    authJwt.loadUser,
+    verifyUser.checkOwnership,
+    verifyUser.checkDuplicateEmail,
+    otp.dualVerify("email")
+  ], controller.updateEmail);
+  app.put("/api/users/:_id/phone", [
+    authJwt.verifyToken(),
+    authJwt.loadUser,
+    verifyUser.checkOwnership,
+    verifyUser.checkDuplicatePhone,
+    otp.dualVerify("phone")
+  ], controller.updatePhone);
 });
-const RequestModel = (db) => {
-  const RequestSchema = new db.mongoose.Schema({
-    visitor: {
-      type: db.mongoose.Schema.Types.ObjectId,
-      ref: "Visitor"
-    },
-    path: String,
-    method: String,
-    timestamp: { type: Date, default: Date.now }
-  });
-  RequestSchema.index({ visitor: 1 });
-  const Request = db.mongoose.model("Request", RequestSchema);
-  return Request;
-};
 const RoleModel = (db) => {
   const RoleSchema = new db.mongoose.Schema({
     name: String
@@ -476,42 +540,43 @@ const UserModel = (db) => {
   const User = db.mongoose.model("User", UserSchema);
   return User;
 };
-const VisitorModel = (db) => {
-  const VisitorSchema = new db.mongoose.Schema({
-    ip: String,
-    userAgent: String,
-    acceptLanguage: String,
-    fingerprint: { type: String, unique: true }
+const OtpModel = (db) => {
+  const OtpSchema = new db.mongoose.Schema({
+    challengeId: { type: String, required: true, unique: true },
+    identifier: { type: String, required: true },
+    target: { type: db.mongoose.Schema.Types.ObjectId, ref: "User", default: null },
+    code: { type: String, required: true },
+    type: { type: String, enum: ["email", "phone"], required: true },
+    purpose: { type: String, required: true },
+    attempts: { type: Number, default: 0 },
+    verifiedAt: { type: Date, default: null },
+    invalidatedAt: { type: Date, default: null },
+    createdAt: { type: Date, default: Date.now, expires: 600 }
   });
-  const Visitor = db.mongoose.model("Visitor", VisitorSchema);
-  return Visitor;
+  OtpSchema.index({ identifier: 1, purpose: 1 });
+  OtpSchema.index({ target: 1, purpose: 1 }, { sparse: true });
+  return db.mongoose.model("Otp", OtpSchema);
 };
 function initializeAuth(app, db, origins, publicPath) {
   db.role = RoleModel(db);
   db.user = UserModel(db);
-  db.visitor = VisitorModel(db);
-  db.request = RequestModel(db);
+  db.otp = OtpModel(db);
+  initOtpService(db);
   if (app) {
     authRoutes(app, db);
-    twofaRoutes(app, db);
     usersRoutes(app, db);
-    const visitorModule = modelsFactory(db);
-    app.use(visitorModule.visitorLogger);
   }
 }
 const models = {
   RoleModel,
-  UserModel,
-  VisitorModel
+  UserModel
 };
 const routes = {
   authRoutes,
-  twofaRoutes,
   usersRoutes
 };
 const controllers = {
-  AuthController: controllerFactory$2,
-  TwoFaController: controllerFactory$1,
+  AuthController: controllerFactory$1,
   UsersController: controllerFactory
 };
 const auth_server = {

package/dist/{authJwt-J1csaMWA.js → authJwt-DKbMMjw0.js} RENAMED Viewed

@@ -1,4 +1,5 @@
 import jwt from "jsonwebtoken";
+import { g as getSessionsService } from "./sessions.service-COcwjd0f.js";
 const middlewareFactory = (db) => {
   const User = db.user;
   const Role = db.role;
@@ -28,6 +29,22 @@ const middlewareFactory = (db) => {
           }
         }
         const decoded = jwt.verify(token, process.env.SECRET_KEY);
+        if (decoded.session_id) {
+          const sessionsService = getSessionsService();
+          const session = await sessionsService.validateSession({
+            sessionId: decoded.session_id,
+            userId: decoded._id
+          });
+          if (!session) {
+            req.userId = null;
+            if (continueOnFail) {
+              return next();
+            } else {
+              return res.status(401).send({ message: "Unauthorized: Session expired or revoked" });
+            }
+          }
+          req.sessionId = decoded.session_id;
+        }
         req.userId = decoded._id;
         req.user = {
           _id: decoded._id
@@ -43,6 +60,21 @@ const middlewareFactory = (db) => {
       }
     };
   };
+  const loadUser = async (req, res, next) => {
+    try {
+      if (!req.userId) {
+        return res.status(401).json({ errorCode: "AUTH_REQUIRED" });
+      }
+      const user = await User.findById(req.userId).exec();
+      if (!user) {
+        return res.status(404).json({ errorCode: "USER_NOT_FOUND" });
+      }
+      req.user = user;
+      next();
+    } catch (err) {
+      res.status(500).send({ message: err.message });
+    }
+  };
   const checkRole = (roleToCheck) => async (req, res, next) => {
     try {
       const user = await User.findById(req.userId).exec();
@@ -66,6 +98,7 @@ const middlewareFactory = (db) => {
   const isModerator = checkRole("moderator");
   const authJwt = {
     verifyToken,
+    loadUser,
     isAdmin,
     isModerator
   };

package/dist/chats.server.js CHANGED Viewed

@@ -1,5 +1,5 @@
-import "./mailing-DuEFRsa3.js";
-import { m as middlewareIndexFactory } from "./index-_Edcmck_.js";
+import "./mailing-DT7nbNjZ.js";
+import { m as middlewareIndexFactory } from "./index-kvBwwb0w.js";
 const controllerFactory = (db) => {
   const ChatMessage = db.chat;
   const Department = db.department;

package/dist/community.server.js CHANGED Viewed

@@ -4,7 +4,7 @@ import { a as applyCommonSchema } from "./common.schema-DswiUXKB.js";
 import { a as applyEngagementSchema } from "./engagement.schema-fh6W1fb_.js";
 import { a as applyMetadataSchema } from "./metadata.schema-CIRR_WQ-.js";
 import { a as applyOwnershipSchema } from "./ownership.schema-fwwDf_e5.js";
-import { m as middlewareIndexFactory$1 } from "./index-_Edcmck_.js";
+import { m as middlewareIndexFactory$1 } from "./index-kvBwwb0w.js";
 import { c as coreabac } from "./abac-BPl9Bmf9.js";
 const ObjectId$2 = { Types }.Types.ObjectId;
 function getCommentsLookupStage() {

package/dist/core.server.js CHANGED Viewed

@@ -1,4 +1,6 @@
 import { c as coreabac } from "./abac-BPl9Bmf9.js";
+import { i as initSessionsService } from "./sessions.service-COcwjd0f.js";
+import { g as getVisitorsService, i as initVisitorsService } from "./visitors.service-B1dhhuSo.js";
 const initCorePolicies = (function initializeDefaultPolicies(abacAccessControl) {
   abacAccessControl.registerGlobalPolicy("AdminModeratorAccessPolicy", async (context) => {
     const { user, req } = context;
@@ -101,17 +103,181 @@ const initCorePolicies = (function initializeDefaultPolicies(abacAccessControl)
   });
   return abacAccessControl;
 });
+const SessionModel = (db) => {
+  const SessionSchema = new db.mongoose.Schema(
+    {
+      target: {
+        type: db.mongoose.Schema.Types.ObjectId,
+        ref: "User",
+        required: true
+      },
+      visitor: {
+        type: db.mongoose.Schema.Types.ObjectId,
+        ref: "Visitor",
+        default: null
+      },
+      isActive: {
+        type: Boolean,
+        default: true
+      },
+      ip: String,
+      userAgent: String,
+      lastSeenAt: {
+        type: Date,
+        default: Date.now
+      },
+      revokedAt: {
+        type: Date,
+        default: null
+      },
+      expiresAt: {
+        type: Date,
+        required: true
+      }
+    },
+    {
+      timestamps: true
+    }
+  );
+  SessionSchema.index({ target: 1, isActive: 1 });
+  SessionSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
+  const Session = db.mongoose.models.Session || db.mongoose.model("Session", SessionSchema);
+  return Session;
+};
+const VisitorModel = (db) => {
+  const VisitorSchema = new db.mongoose.Schema(
+    {
+      ip: String,
+      userAgent: String,
+      acceptLanguage: String,
+      fingerprint: { type: String, unique: true },
+      target: {
+        type: db.mongoose.Schema.Types.ObjectId,
+        ref: "User",
+        default: null
+      },
+      linkedAt: {
+        type: Date,
+        default: null
+      }
+    },
+    {
+      timestamps: true
+    }
+  );
+  VisitorSchema.index({ target: 1 }, { sparse: true });
+  const Visitor = db.mongoose.models.Visitor || db.mongoose.model("Visitor", VisitorSchema);
+  return Visitor;
+};
+const RequestModel = (db) => {
+  const RequestSchema = new db.mongoose.Schema({
+    visitor: {
+      type: db.mongoose.Schema.Types.ObjectId,
+      ref: "Visitor"
+    },
+    target: {
+      type: db.mongoose.Schema.Types.ObjectId,
+      ref: "User",
+      default: null
+    },
+    session: {
+      type: db.mongoose.Schema.Types.ObjectId,
+      ref: "Session",
+      default: null
+    },
+    path: String,
+    method: String,
+    referer: String,
+    query: String,
+    timestamp: { type: Date, default: Date.now }
+  });
+  RequestSchema.index({ visitor: 1 });
+  RequestSchema.index({ target: 1 }, { sparse: true });
+  RequestSchema.index({ timestamp: -1 });
+  const Request = db.mongoose.models.Request || db.mongoose.model("Request", RequestSchema);
+  return Request;
+};
+let instance = null;
+function initRequestsService(db) {
+  const Request = db.request;
+  async function logRequest({ visitorId, req, userId = null, sessionId = null }) {
+    const request = await Request.create({
+      visitor: visitorId ? new db.mongoose.Types.ObjectId(visitorId) : null,
+      target: userId ? new db.mongoose.Types.ObjectId(userId) : null,
+      session: sessionId ? new db.mongoose.Types.ObjectId(sessionId) : null,
+      path: req.path,
+      method: req.method,
+      referer: req.headers["referer"] || null,
+      query: req.query ? JSON.stringify(req.query) : null
+    });
+    return request;
+  }
+  async function getJourney(visitorId, { limit = 50, skip = 0 } = {}) {
+    const requests = await Request.find({ visitor: new db.mongoose.Types.ObjectId(visitorId) }).sort({ timestamp: -1 }).skip(skip).limit(limit).lean();
+    return requests;
+  }
+  async function getUserJourney(userId, { limit = 50, skip = 0 } = {}) {
+    const requests = await Request.find({ target: new db.mongoose.Types.ObjectId(userId) }).sort({ timestamp: -1 }).skip(skip).limit(limit).lean();
+    return requests;
+  }
+  instance = {
+    logRequest,
+    getJourney,
+    getUserJourney
+  };
+  return instance;
+}
+function getRequestsService() {
+  if (!instance) {
+    throw new Error("Requests service not initialized. Call initRequestsService(db) first.");
+  }
+  return instance;
+}
+const VISITOR_COOKIE_NAME = "visitorId";
+const VISITOR_COOKIE_MAX_AGE = 365 * 24 * 60 * 60 * 1e3;
+const createVisitorLogger = () => {
+  const visitorLogger = async (req, res, next) => {
+    try {
+      const visitorsService = getVisitorsService();
+      const requestsService = getRequestsService();
+      const visitor = await visitorsService.findOrCreateVisitor(req);
+      const cookieVisitorId = req.cookies?.visitorId;
+      if (!cookieVisitorId || cookieVisitorId !== visitor._id.toString()) {
+        res.cookie(VISITOR_COOKIE_NAME, visitor._id.toString(), {
+          maxAge: VISITOR_COOKIE_MAX_AGE,
+          httpOnly: true,
+          sameSite: "lax"
+        });
+      }
+      req.visitor = visitor;
+      req.visitorId = visitor._id;
+      res.on("finish", () => {
+        requestsService.logRequest({
+          visitorId: visitor._id,
+          req,
+          userId: req.userId || null,
+          sessionId: req.sessionId || null
+        }).catch((err) => console.error("Error logging request:", err));
+      });
+      next();
+    } catch (error) {
+      console.error("Error processing visitor:", error);
+      next();
+    }
+  };
+  return { visitorLogger };
+};
 const { getInstance } = coreabac;
 let _WebSocketManagerClass = null;
 async function createWebSocketManager(...args) {
   if (!_WebSocketManagerClass) {
-    const module = await import("./core.websocket-C2FxNmZ1.js");
+    const module = await import("./core.websocket-Cl76z2wT.js");
     _WebSocketManagerClass = module.default;
   }
   return new _WebSocketManagerClass(...args);
 }
 const WebSocketManager = createWebSocketManager;
-function initializeCore(app, db, origins, publicPath) {
+function initializeCore(app, db, origins, publicPath, wss = null) {
   db.log = db.mongoose.models.Log || db.mongoose.model(
     "Log",
     new db.mongoose.Schema(
@@ -123,8 +289,31 @@ function initializeCore(app, db, origins, publicPath) {
       { versionKey: false }
     )
   );
+  db.session = SessionModel(db);
+  db.visitor = VisitorModel(db);
+  db.request = RequestModel(db);
+  initSessionsService(db);
+  initVisitorsService(db);
+  initRequestsService(db);
   const abac = getInstance(db);
   initCorePolicies(abac);
+  if (app) {
+    const { visitorLogger } = createVisitorLogger();
+    app.use(visitorLogger);
+  }
+  if (wss) {
+    wss.registerRpcMethod("core", "getOnlineStatus", async ({ userId }) => {
+      if (!userId) return { isOnline: false, lastSeenAt: null };
+      const isOnline = wss.userConnections.has(userId.toString());
+      if (isOnline) return { isOnline: true, lastSeenAt: /* @__PURE__ */ new Date() };
+      const session = await db.session.findOne(
+        { target: new db.mongoose.Types.ObjectId(userId), isActive: true },
+        { lastSeenAt: 1 },
+        { sort: { lastSeenAt: -1 } }
+      ).lean();
+      return { isOnline: false, lastSeenAt: session?.lastSeenAt || null };
+    }, { requireAuth: false });
+  }
 }
 const core_server = {
   initialize: initializeCore,