@resolveio/server-lib 22.2.21 → 22.2.23

package/methods.ts

@@ -108,6 +108,9 @@ export function SERVER_METHODS(resolveioServer) {
 		generatePDFNoPageNumber: (html, fileName, orientation = 'portrait', fontSize = '12px', upload = false, uploadFileOrder = -1, uploadFileType = '', cb?: Function): Promise<any> => {
 			return resolveioServer.call('generatePDFNoPageNumber', html, fileName, orientation, fontSize, upload, uploadFileOrder, uploadFileType, cb);
 		},
+		getCustomerPortalUserPassword: (userId: string, cb?: Function): Promise<any> => {
+			return resolveioServer.call('getCustomerPortalUserPassword', userId, cb);
+		},
 		getDataURIfromURL: (url: string, cb?: Function): Promise<any> => {
 			return resolveioServer.call('getDataURIfromURL', url, cb);
 		},
@@ -253,10 +256,10 @@ export function SERVER_METHODS(resolveioServer) {
 			return resolveioServer.call('superAdminDeploySlowQueryLog', logId, cb);
 		},
 		superAdminListAutoFixLogs: (payload: Record<string, any> = {}, cb?: Function): Promise<any> => {
-			return resolveioServer.call('superAdminListAutoFixLogs', payload, any>, cb);
+			return resolveioServer.call('superAdminListAutoFixLogs', payload, cb);
 		},
 		superAdminListSlowQueryLogs: (payload: Record<string, any> = {}, cb?: Function): Promise<any> => {
-			return resolveioServer.call('superAdminListSlowQueryLogs', payload, any>, cb);
+			return resolveioServer.call('superAdminListSlowQueryLogs', payload, cb);
 		},
 		superAdminRunAutoFixLog: (logId: string, cb?: Function): Promise<any> => {
 			return resolveioServer.call('superAdminRunAutoFixLog', logId, cb);

package/models/customer-portal-password.model.d.ts

@@ -0,0 +1,11 @@
+import { CollectionDocument } from './collection-document.model';
+export interface CustomerPortalPasswordModel extends CollectionDocument {
+    id_user: string;
+    cipher_text: string;
+    iv: string;
+    auth_tag: string;
+    key_version: number;
+    last_set_at: Date;
+    updated_by_user_id?: string;
+    updated_by_user?: string;
+}

package/models/customer-portal-password.model.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+
+//# sourceMappingURL=customer-portal-password.model.js.map

package/models/customer-portal-password.model.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/models/customer-portal-password.model.ts"],"names":[],"mappings":"","file":"customer-portal-password.model.js","sourcesContent":["import { CollectionDocument } from './collection-document.model';\n\nexport interface CustomerPortalPasswordModel extends CollectionDocument {\n\tid_user: string;\n\tcipher_text: string;\n\tiv: string;\n\tauth_tag: string;\n\tkey_version: number;\n\tlast_set_at: Date;\n\tupdated_by_user_id?: string;\n\tupdated_by_user?: string;\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@resolveio/server-lib",
-  "version": "22.2.21",
+  "version": "22.2.23",
   "description": "",
 	"scripts": {
 		"package": "./build_package.sh",

package/public_api.d.ts

@@ -4,6 +4,7 @@ export * from './collections/ai-terminal-issue-report.collection';
 export * from './collections/ai-terminal-conversation.collection';
 export * from './collections/ai-terminal-message.collection';
 export * from './collections/counter.collection';
+export * from './collections/customer-portal-password.collection';
 export * from './collections/customer-notification.collection';
 export * from './collections/communication-metric.collection';
 export * from './collections/cron-job-history.collection';
@@ -43,6 +44,7 @@ export * from './models/billing-logged-in-users.model';
 export * from './models/collection-document.model';
 export * from './models/communication-metric.model';
 export * from './models/counter.model';
+export * from './models/customer-portal-password.model';
 export * from './models/customer-notification.model';
 export * from './models/cron-job-history.model';
 export * from './models/cron-job.model';
@@ -83,4 +85,5 @@ export * from './resolveio-server-app';
 export * from './services/openai-client';
 export * from './services/codex-client';
 export * from './util/common';
+export * from './util/customer-portal-password';
 export * from './util/tokenizer';

package/public_api.js

@@ -20,6 +20,7 @@ __exportStar(require("./collections/ai-terminal-issue-report.collection"), expor
 __exportStar(require("./collections/ai-terminal-conversation.collection"), exports);
 __exportStar(require("./collections/ai-terminal-message.collection"), exports);
 __exportStar(require("./collections/counter.collection"), exports);
+__exportStar(require("./collections/customer-portal-password.collection"), exports);
 __exportStar(require("./collections/customer-notification.collection"), exports);
 __exportStar(require("./collections/communication-metric.collection"), exports);
 __exportStar(require("./collections/cron-job-history.collection"), exports);
@@ -59,6 +60,7 @@ __exportStar(require("./models/billing-logged-in-users.model"), exports);
 __exportStar(require("./models/collection-document.model"), exports);
 __exportStar(require("./models/communication-metric.model"), exports);
 __exportStar(require("./models/counter.model"), exports);
+__exportStar(require("./models/customer-portal-password.model"), exports);
 __exportStar(require("./models/customer-notification.model"), exports);
 __exportStar(require("./models/cron-job-history.model"), exports);
 __exportStar(require("./models/cron-job.model"), exports);
@@ -99,6 +101,7 @@ __exportStar(require("./resolveio-server-app"), exports);
 __exportStar(require("./services/openai-client"), exports);
 __exportStar(require("./services/codex-client"), exports);
 __exportStar(require("./util/common"), exports);
+__exportStar(require("./util/customer-portal-password"), exports);
 __exportStar(require("./util/tokenizer"), exports);
 
 //# sourceMappingURL=public_api.js.map

package/public_api.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/public_api.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sEAAoD;AACpD,uEAAqD;AACrD,oFAAkE;AAClE,oFAAkE;AAClE,+EAA6D;AAC7D,mEAAiD;AACjD,iFAA+D;AAC/D,gFAA8D;AAC9D,4EAA0D;AAC1D,oEAAkD;AAClD,yEAAuD;AACvD,0EAAwD;AACxD,gEAA8C;AAC9C,uEAAqD;AACrD,gEAA8C;AAC9C,8EAA4D;AAC5D,4EAA0D;AAC1D,+DAA6C;AAC7C,2EAAyD;AACzD,uEAAqD;AACrD,4EAA0D;AAC1D,0EAAwD;AACxD,yEAAuD;AACvD,wEAAsD;AACtD,+EAA6D;AAC7D,kFAAgE;AAChE,iFAA+D;AAC/D,sEAAoD;AACpD,sEAAoD;AACpD,gEAA8C;AAC9C,2DAAyC;AACzC,oEAAkD;AAClD,yEAAuD;AACvD,gEAA8C;AAC9C,mFAAiE;AACjE,0EAAwD;AACxD,4DAA0C;AAC1C,6DAA2C;AAC3C,0EAAwD;AACxD,0EAAwD;AACxD,qEAAmD;AACnD,yEAAuD;AACvD,qEAAmD;AACnD,sEAAoD;AACpD,yDAAuC;AACvC,uEAAqD;AACrD,kEAAgD;AAChD,0DAAwC;AACxC,wDAAsC;AACtC,+DAA6C;AAC7C,gEAA8C;AAC9C,sDAAoC;AACpC,6DAA2C;AAC3C,sDAAoC;AACpC,oEAAkD;AAClD,kEAAgD;AAChD,qDAAmC;AACnC,iEAA+C;AAC/C,iEAA+C;AAC/C,wDAAsC;AACtC,6DAA2C;AAC3C,gEAA8C;AAC9C,+DAA6C;AAC7C,8DAA4C;AAC5C,qEAAmD;AACnD,4DAA0C;AAC1C,4DAA0C;AAC1C,wEAAsD;AACtD,uEAAqD;AACrD,gEAA8C;AAC9C,mEAAiD;AACjD,gEAA8C;AAC9C,8DAA4C;AAC5C,gEAA8C;AAC9C,4DAA0C;AAC1C,4DAA0C;AAC1C,sDAAoC;AACpC,uDAAqC;AACrC,4DAA0C;AAC1C,yEAAuD;AACvD,0EAAwD;AACxD,yDAAuC;AACvC,2DAAyC;AACzC,0DAAwC;AACxC,gDAA8B;AAC9B,mDAAiC","file":"public_api.js","sourcesContent":["export * from './collections/app-status.collection';\nexport * from './collections/app-setting.collection';\nexport * from './collections/ai-terminal-issue-report.collection';\nexport * from './collections/ai-terminal-conversation.collection';\nexport * from './collections/ai-terminal-message.collection';\nexport * from './collections/counter.collection';\nexport * from './collections/customer-notification.collection';\nexport * from './collections/communication-metric.collection';\nexport * from './collections/cron-job-history.collection';\nexport * from './collections/cron-job.collection';\nexport * from './collections/email-history.collection';\nexport * from './collections/email-verified.collection';\nexport * from './collections/file.collection';\nexport * from './collections/flag-update.collection';\nexport * from './collections/flag.collection';\nexport * from './collections/log-method-latency.collection';\nexport * from './collections/log-subscription.collection';\nexport * from './collections/log.collection';\nexport * from './collections/logged-in-users.collection';\nexport * from './collections/monitor-cpu.collection';\nexport * from './collections/monitor-function.collection';\nexport * from './collections/monitor-memory.collection';\nexport * from './collections/monitor-mongo.collection';\nexport * from './collections/notification.collection';\nexport * from './collections/openai-usage-ledger.collection';\nexport * from './collections/report-builder-library.collection';\nexport * from './collections/report-builder-report.collection';\nexport * from './collections/user-group.collection';\nexport * from './collections/user-guide.collection';\nexport * from './collections/user.collection';\nexport * from './managers/mongo.manager';\nexport * from './managers/error-auto-fix.manager';\nexport * from './managers/slow-query-verifier.manager';\nexport * from './managers/slow-query.manager';\nexport * from './managers/customer-notification-content.manager';\nexport * from './managers/diagnostic-manager-bootstrap';\nexport * from './models/app-status.model';\nexport * from './models/app-setting.model';\nexport * from './models/ai-terminal-issue-report.model';\nexport * from './models/ai-terminal-conversation.model';\nexport * from './models/ai-terminal-message.model';\nexport * from './models/billing-logged-in-users.model';\nexport * from './models/collection-document.model';\nexport * from './models/communication-metric.model';\nexport * from './models/counter.model';\nexport * from './models/customer-notification.model';\nexport * from './models/cron-job-history.model';\nexport * from './models/cron-job.model';\nexport * from './models/dialog.model';\nexport * from './models/email-history.model';\nexport * from './models/email-verified.model';\nexport * from './models/file.model';\nexport * from './models/flag-update.model';\nexport * from './models/flag.model';\nexport * from './models/log-method-latency.model';\nexport * from './models/log-subscription.model';\nexport * from './models/log.model';\nexport * from './models/logged-in-users.model';\nexport * from './models/method-response.model';\nexport * from './models/method.model';\nexport * from './models/monitor-cpu.model';\nexport * from './models/monitor-memory.model';\nexport * from './models/monitor-mongo.model';\nexport * from './models/notification.model';\nexport * from './models/openai-usage-ledger.model';\nexport * from './models/pagination.model';\nexport * from './models/permission.model';\nexport * from './models/report-builder-library.model';\nexport * from './models/report-builder-report.model';\nexport * from './models/report-builder.model';\nexport * from './models/select-data-label.model';\nexport * from './models/server-message.model';\nexport * from './models/subscription.model';\nexport * from './models/support-ticket.model';\nexport * from './models/user-group.model';\nexport * from './models/user-guide.model';\nexport * from './models/user.model';\nexport * from './types/error-report';\nexport * from './types/slow-query-report';\nexport * from './managers/openai-usage-ledger.manager';\nexport * from './managers/communication-metric.manager';\nexport * from './resolveio-server-app';\nexport * from './services/openai-client';\nexport * from './services/codex-client';\nexport * from './util/common';\nexport * from './util/tokenizer';\n"]}
+{"version":3,"sources":["../../src/public_api.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sEAAoD;AACpD,uEAAqD;AACrD,oFAAkE;AAClE,oFAAkE;AAClE,+EAA6D;AAC7D,mEAAiD;AACjD,oFAAkE;AAClE,iFAA+D;AAC/D,gFAA8D;AAC9D,4EAA0D;AAC1D,oEAAkD;AAClD,yEAAuD;AACvD,0EAAwD;AACxD,gEAA8C;AAC9C,uEAAqD;AACrD,gEAA8C;AAC9C,8EAA4D;AAC5D,4EAA0D;AAC1D,+DAA6C;AAC7C,2EAAyD;AACzD,uEAAqD;AACrD,4EAA0D;AAC1D,0EAAwD;AACxD,yEAAuD;AACvD,wEAAsD;AACtD,+EAA6D;AAC7D,kFAAgE;AAChE,iFAA+D;AAC/D,sEAAoD;AACpD,sEAAoD;AACpD,gEAA8C;AAC9C,2DAAyC;AACzC,oEAAkD;AAClD,yEAAuD;AACvD,gEAA8C;AAC9C,mFAAiE;AACjE,0EAAwD;AACxD,4DAA0C;AAC1C,6DAA2C;AAC3C,0EAAwD;AACxD,0EAAwD;AACxD,qEAAmD;AACnD,yEAAuD;AACvD,qEAAmD;AACnD,sEAAoD;AACpD,yDAAuC;AACvC,0EAAwD;AACxD,uEAAqD;AACrD,kEAAgD;AAChD,0DAAwC;AACxC,wDAAsC;AACtC,+DAA6C;AAC7C,gEAA8C;AAC9C,sDAAoC;AACpC,6DAA2C;AAC3C,sDAAoC;AACpC,oEAAkD;AAClD,kEAAgD;AAChD,qDAAmC;AACnC,iEAA+C;AAC/C,iEAA+C;AAC/C,wDAAsC;AACtC,6DAA2C;AAC3C,gEAA8C;AAC9C,+DAA6C;AAC7C,8DAA4C;AAC5C,qEAAmD;AACnD,4DAA0C;AAC1C,4DAA0C;AAC1C,wEAAsD;AACtD,uEAAqD;AACrD,gEAA8C;AAC9C,mEAAiD;AACjD,gEAA8C;AAC9C,8DAA4C;AAC5C,gEAA8C;AAC9C,4DAA0C;AAC1C,4DAA0C;AAC1C,sDAAoC;AACpC,uDAAqC;AACrC,4DAA0C;AAC1C,yEAAuD;AACvD,0EAAwD;AACxD,yDAAuC;AACvC,2DAAyC;AACzC,0DAAwC;AACxC,gDAA8B;AAC9B,kEAAgD;AAChD,mDAAiC","file":"public_api.js","sourcesContent":["export * from './collections/app-status.collection';\nexport * from './collections/app-setting.collection';\nexport * from './collections/ai-terminal-issue-report.collection';\nexport * from './collections/ai-terminal-conversation.collection';\nexport * from './collections/ai-terminal-message.collection';\nexport * from './collections/counter.collection';\nexport * from './collections/customer-portal-password.collection';\nexport * from './collections/customer-notification.collection';\nexport * from './collections/communication-metric.collection';\nexport * from './collections/cron-job-history.collection';\nexport * from './collections/cron-job.collection';\nexport * from './collections/email-history.collection';\nexport * from './collections/email-verified.collection';\nexport * from './collections/file.collection';\nexport * from './collections/flag-update.collection';\nexport * from './collections/flag.collection';\nexport * from './collections/log-method-latency.collection';\nexport * from './collections/log-subscription.collection';\nexport * from './collections/log.collection';\nexport * from './collections/logged-in-users.collection';\nexport * from './collections/monitor-cpu.collection';\nexport * from './collections/monitor-function.collection';\nexport * from './collections/monitor-memory.collection';\nexport * from './collections/monitor-mongo.collection';\nexport * from './collections/notification.collection';\nexport * from './collections/openai-usage-ledger.collection';\nexport * from './collections/report-builder-library.collection';\nexport * from './collections/report-builder-report.collection';\nexport * from './collections/user-group.collection';\nexport * from './collections/user-guide.collection';\nexport * from './collections/user.collection';\nexport * from './managers/mongo.manager';\nexport * from './managers/error-auto-fix.manager';\nexport * from './managers/slow-query-verifier.manager';\nexport * from './managers/slow-query.manager';\nexport * from './managers/customer-notification-content.manager';\nexport * from './managers/diagnostic-manager-bootstrap';\nexport * from './models/app-status.model';\nexport * from './models/app-setting.model';\nexport * from './models/ai-terminal-issue-report.model';\nexport * from './models/ai-terminal-conversation.model';\nexport * from './models/ai-terminal-message.model';\nexport * from './models/billing-logged-in-users.model';\nexport * from './models/collection-document.model';\nexport * from './models/communication-metric.model';\nexport * from './models/counter.model';\nexport * from './models/customer-portal-password.model';\nexport * from './models/customer-notification.model';\nexport * from './models/cron-job-history.model';\nexport * from './models/cron-job.model';\nexport * from './models/dialog.model';\nexport * from './models/email-history.model';\nexport * from './models/email-verified.model';\nexport * from './models/file.model';\nexport * from './models/flag-update.model';\nexport * from './models/flag.model';\nexport * from './models/log-method-latency.model';\nexport * from './models/log-subscription.model';\nexport * from './models/log.model';\nexport * from './models/logged-in-users.model';\nexport * from './models/method-response.model';\nexport * from './models/method.model';\nexport * from './models/monitor-cpu.model';\nexport * from './models/monitor-memory.model';\nexport * from './models/monitor-mongo.model';\nexport * from './models/notification.model';\nexport * from './models/openai-usage-ledger.model';\nexport * from './models/pagination.model';\nexport * from './models/permission.model';\nexport * from './models/report-builder-library.model';\nexport * from './models/report-builder-report.model';\nexport * from './models/report-builder.model';\nexport * from './models/select-data-label.model';\nexport * from './models/server-message.model';\nexport * from './models/subscription.model';\nexport * from './models/support-ticket.model';\nexport * from './models/user-group.model';\nexport * from './models/user-guide.model';\nexport * from './models/user.model';\nexport * from './types/error-report';\nexport * from './types/slow-query-report';\nexport * from './managers/openai-usage-ledger.manager';\nexport * from './managers/communication-metric.manager';\nexport * from './resolveio-server-app';\nexport * from './services/openai-client';\nexport * from './services/codex-client';\nexport * from './util/common';\nexport * from './util/customer-portal-password';\nexport * from './util/tokenizer';\n"]}

package/util/customer-portal-password.d.ts

@@ -0,0 +1,13 @@
+import { UserModel } from '../models/user.model';
+interface PasswordRecordMeta {
+    updatedByUserId?: string;
+    updatedByUser?: string;
+}
+export declare function isCustomerPortalUser(user: UserModel | any): boolean;
+export declare function saveCustomerPortalPassword(user: UserModel | any, password: string, meta?: PasswordRecordMeta): Promise<void>;
+export declare function clearCustomerPortalPassword(userId: string): Promise<void>;
+export declare function getDecryptedCustomerPortalPassword(userId: string): Promise<{
+    password: string;
+    lastSetAt?: Date;
+}>;
+export {};

package/util/customer-portal-password.js

@@ -0,0 +1,209 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isCustomerPortalUser = isCustomerPortalUser;
+exports.saveCustomerPortalPassword = saveCustomerPortalPassword;
+exports.clearCustomerPortalPassword = clearCustomerPortalPassword;
+exports.getDecryptedCustomerPortalPassword = getDecryptedCustomerPortalPassword;
+var customer_portal_password_collection_1 = require("../collections/customer-portal-password.collection");
+var resolveio_server_app_1 = require("../resolveio-server-app");
+var crypto = require('crypto');
+var ALGORITHM = 'aes-256-gcm';
+var ENCRYPTION_KEY_VERSION = 1;
+var IV_LENGTH_BYTES = 12;
+function isCustomerPortalUser(user) {
+    var _a;
+    if (!user || typeof user !== 'object') {
+        return false;
+    }
+    var other = user.other || {};
+    if (other.id_customer) {
+        return true;
+    }
+    if (Array.isArray(other.customers) && other.customers.length > 0) {
+        return true;
+    }
+    var groups = Array.isArray((_a = user === null || user === void 0 ? void 0 : user.roles) === null || _a === void 0 ? void 0 : _a.groups) ? user.roles.groups : [];
+    if (groups.some(function (group) {
+        if (!group || typeof group.name !== 'string') {
+            return false;
+        }
+        var normalized = group.name.trim().toLowerCase();
+        return normalized === 'customer portal' || normalized === 'customer-portal';
+    })) {
+        return true;
+    }
+    return false;
+}
+function saveCustomerPortalPassword(user, password, meta) {
+    return __awaiter(this, void 0, void 0, function () {
+        var payload, setData;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    if (!(user === null || user === void 0 ? void 0 : user._id)) {
+                        return [2 /*return*/];
+                    }
+                    if (!customer_portal_password_collection_1.CustomerPortalPasswords) {
+                        return [2 /*return*/];
+                    }
+                    if (!!isCustomerPortalUser(user)) return [3 /*break*/, 2];
+                    return [4 /*yield*/, clearCustomerPortalPassword(user._id)];
+                case 1:
+                    _a.sent();
+                    return [2 /*return*/];
+                case 2:
+                    if (!(!password || typeof password !== 'string')) return [3 /*break*/, 4];
+                    return [4 /*yield*/, clearCustomerPortalPassword(user._id)];
+                case 3:
+                    _a.sent();
+                    return [2 /*return*/];
+                case 4:
+                    payload = encryptPassword(password);
+                    setData = {
+                        id_user: user._id,
+                        cipher_text: payload.cipherText,
+                        iv: payload.iv,
+                        auth_tag: payload.authTag,
+                        key_version: payload.keyVersion,
+                        last_set_at: new Date()
+                    };
+                    if (meta === null || meta === void 0 ? void 0 : meta.updatedByUserId) {
+                        setData.updated_by_user_id = meta.updatedByUserId;
+                    }
+                    if (meta === null || meta === void 0 ? void 0 : meta.updatedByUser) {
+                        setData.updated_by_user = meta.updatedByUser;
+                    }
+                    return [4 /*yield*/, customer_portal_password_collection_1.CustomerPortalPasswords.updateOne({ id_user: user._id }, {
+                            $set: setData
+                        }, { upsert: true })];
+                case 5:
+                    _a.sent();
+                    return [2 /*return*/];
+            }
+        });
+    });
+}
+function clearCustomerPortalPassword(userId) {
+    return __awaiter(this, void 0, void 0, function () {
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    if (!userId || !customer_portal_password_collection_1.CustomerPortalPasswords) {
+                        return [2 /*return*/];
+                    }
+                    return [4 /*yield*/, customer_portal_password_collection_1.CustomerPortalPasswords.deleteOne({ id_user: userId })];
+                case 1:
+                    _a.sent();
+                    return [2 /*return*/];
+            }
+        });
+    });
+}
+function getDecryptedCustomerPortalPassword(userId) {
+    return __awaiter(this, void 0, void 0, function () {
+        var record, password;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    if (!userId) {
+                        throw new Error('Customer portal user id is required.');
+                    }
+                    if (!customer_portal_password_collection_1.CustomerPortalPasswords) {
+                        throw new Error('Customer portal password store is not available.');
+                    }
+                    return [4 /*yield*/, customer_portal_password_collection_1.CustomerPortalPasswords.findOne({ id_user: userId })];
+                case 1:
+                    record = _a.sent();
+                    if (!record) {
+                        throw new Error('No stored customer portal password is available for this user.');
+                    }
+                    password = decryptPassword({
+                        cipherText: record.cipher_text,
+                        iv: record.iv,
+                        authTag: record.auth_tag,
+                        keyVersion: record.key_version
+                    });
+                    return [2 /*return*/, {
+                            password: password,
+                            lastSetAt: record.last_set_at
+                        }];
+            }
+        });
+    });
+}
+function encryptPassword(plainText) {
+    var key = resolveEncryptionKey();
+    var ivBuffer = crypto.randomBytes(IV_LENGTH_BYTES);
+    var cipher = crypto.createCipheriv(ALGORITHM, key, ivBuffer);
+    var encrypted = Buffer.concat([cipher.update(plainText, 'utf8'), cipher.final()]);
+    var authTag = cipher.getAuthTag();
+    return {
+        cipherText: encrypted.toString('base64'),
+        iv: ivBuffer.toString('base64'),
+        authTag: authTag.toString('base64'),
+        keyVersion: ENCRYPTION_KEY_VERSION
+    };
+}
+function decryptPassword(payload) {
+    if (!payload || payload.keyVersion !== ENCRYPTION_KEY_VERSION) {
+        throw new Error('Unsupported customer portal password encryption version.');
+    }
+    var key = resolveEncryptionKey();
+    var decipher = crypto.createDecipheriv(ALGORITHM, key, Buffer.from(payload.iv, 'base64'));
+    decipher.setAuthTag(Buffer.from(payload.authTag, 'base64'));
+    var decrypted = Buffer.concat([
+        decipher.update(Buffer.from(payload.cipherText, 'base64')),
+        decipher.final()
+    ]);
+    return decrypted.toString('utf8');
+}
+function resolveEncryptionKey() {
+    var config = resolveio_server_app_1.ResolveIOServer.getServerConfig ? resolveio_server_app_1.ResolveIOServer.getServerConfig() : {};
+    var secret = String((config && config['CUSTOMER_PORTAL_PASSWORD_SECRET'])
+        || process.env.CUSTOMER_PORTAL_PASSWORD_SECRET
+        || (config && config['JWT_SECRET'])
+        || process.env.JWT_SECRET
+        || '').trim();
+    if (!secret) {
+        throw new Error('Missing CUSTOMER_PORTAL_PASSWORD_SECRET (or JWT_SECRET) for customer portal password encryption.');
+    }
+    return crypto.createHash('sha256').update(secret, 'utf8').digest();
+}
+
+//# sourceMappingURL=customer-portal-password.js.map

package/util/customer-portal-password.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/util/customer-portal-password.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqBA,oDA2BC;AAED,gEA4CC;AAED,kEAMC;AAED,gFAyBC;AAjID,0GAA6F;AAE7F,gEAA0D;AAC1D,IAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;AAEjC,IAAM,SAAS,GAAG,aAAa,CAAC;AAChC,IAAM,sBAAsB,GAAG,CAAC,CAAC;AACjC,IAAM,eAAe,GAAG,EAAE,CAAC;AAc3B,SAAgB,oBAAoB,CAAC,IAAqB;;IACzD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACvC,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC/B,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClE,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,KAAK,0CAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3E,IAAI,MAAM,CAAC,IAAI,CAAC,UAAA,KAAK;QACpB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC;QACd,CAAC;QAED,IAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACnD,OAAO,UAAU,KAAK,iBAAiB,IAAI,UAAU,KAAK,iBAAiB,CAAC;IAC7E,CAAC,CAAC,EAAE,CAAC;QACJ,OAAO,IAAI,CAAC;IACb,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC;AAED,SAAsB,0BAA0B,CAAC,IAAqB,EAAE,QAAgB,EAAE,IAAyB;;;;;;oBAClH,IAAI,CAAC,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,CAAA,EAAE,CAAC;wBAChB,sBAAO;oBACR,CAAC;oBAED,IAAI,CAAC,6DAAuB,EAAE,CAAC;wBAC9B,sBAAO;oBACR,CAAC;yBAEG,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAA3B,wBAA2B;oBAC9B,qBAAM,2BAA2B,CAAC,IAAI,CAAC,GAAG,CAAC,EAAA;;oBAA3C,SAA2C,CAAC;oBAC5C,sBAAO;;yBAGJ,CAAA,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,CAAA,EAAzC,wBAAyC;oBAC5C,qBAAM,2BAA2B,CAAC,IAAI,CAAC,GAAG,CAAC,EAAA;;oBAA3C,SAA2C,CAAC;oBAC5C,sBAAO;;oBAGF,OAAO,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;oBACpC,OAAO,GAAQ;wBACpB,OAAO,EAAE,IAAI,CAAC,GAAG;wBACjB,WAAW,EAAE,OAAO,CAAC,UAAU;wBAC/B,EAAE,EAAE,OAAO,CAAC,EAAE;wBACd,QAAQ,EAAE,OAAO,CAAC,OAAO;wBACzB,WAAW,EAAE,OAAO,CAAC,UAAU;wBAC/B,WAAW,EAAE,IAAI,IAAI,EAAE;qBACvB,CAAC;oBAEF,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe,EAAE,CAAC;wBAC3B,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,eAAe,CAAC;oBACnD,CAAC;oBAED,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,EAAE,CAAC;wBACzB,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC;oBAC9C,CAAC;oBAED,qBAAM,6DAAuB,CAAC,SAAS,CACtC,EAAC,OAAO,EAAE,IAAI,CAAC,GAAG,EAAC,EACnB;4BACC,IAAI,EAAE,OAAO;yBACb,EACD,EAAC,MAAM,EAAE,IAAI,EAAC,CACd,EAAA;;oBAND,SAMC,CAAC;;;;;CACF;AAED,SAAsB,2BAA2B,CAAC,MAAc;;;;;oBAC/D,IAAI,CAAC,MAAM,IAAI,CAAC,6DAAuB,EAAE,CAAC;wBACzC,sBAAO;oBACR,CAAC;oBAED,qBAAM,6DAAuB,CAAC,SAAS,CAAC,EAAC,OAAO,EAAE,MAAM,EAAC,CAAC,EAAA;;oBAA1D,SAA0D,CAAC;;;;;CAC3D;AAED,SAAsB,kCAAkC,CAAC,MAAc;;;;;;oBACtE,IAAI,CAAC,MAAM,EAAE,CAAC;wBACb,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;oBACzD,CAAC;oBAED,IAAI,CAAC,6DAAuB,EAAE,CAAC;wBAC9B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;oBACrE,CAAC;oBAEc,qBAAM,6DAAuB,CAAC,OAAO,CAAC,EAAC,OAAO,EAAE,MAAM,EAAC,CAAC,EAAA;;oBAAjE,MAAM,GAAG,SAAwD;oBACvE,IAAI,CAAC,MAAM,EAAE,CAAC;wBACb,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;oBACnF,CAAC;oBAEK,QAAQ,GAAG,eAAe,CAAC;wBAChC,UAAU,EAAE,MAAM,CAAC,WAAW;wBAC9B,EAAE,EAAE,MAAM,CAAC,EAAE;wBACb,OAAO,EAAE,MAAM,CAAC,QAAQ;wBACxB,UAAU,EAAE,MAAM,CAAC,WAAW;qBAC9B,CAAC,CAAC;oBAEH,sBAAO;4BACN,QAAQ,UAAA;4BACR,SAAS,EAAE,MAAM,CAAC,WAAW;yBAC7B,EAAC;;;;CACF;AAED,SAAS,eAAe,CAAC,SAAiB;IACzC,IAAM,GAAG,GAAG,oBAAoB,EAAE,CAAC;IACnC,IAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC;IACrD,IAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC/D,IAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACpF,IAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEpC,OAAO;QACN,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACxC,EAAE,EAAE,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC/B,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACnC,UAAU,EAAE,sBAAsB;KAClC,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,OAA8B;IACtD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,KAAK,sBAAsB,EAAE,CAAC;QAC/D,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC7E,CAAC;IAED,IAAM,GAAG,GAAG,oBAAoB,EAAE,CAAC;IACnC,IAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CACvC,SAAS,EACT,GAAG,EACH,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,QAAQ,CAAC,CACjC,CAAC;IACF,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE5D,IAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC/B,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC1D,QAAQ,CAAC,KAAK,EAAE;KAChB,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,oBAAoB;IAC5B,IAAM,MAAM,GAAG,sCAAe,CAAC,eAAe,CAAC,CAAC,CAAC,sCAAe,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACxF,IAAM,MAAM,GAAG,MAAM,CACpB,CAAC,MAAM,IAAI,MAAM,CAAC,iCAAiC,CAAC,CAAC;WAClD,OAAO,CAAC,GAAG,CAAC,+BAA+B;WAC3C,CAAC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC;WAChC,OAAO,CAAC,GAAG,CAAC,UAAU;WACtB,EAAE,CACL,CAAC,IAAI,EAAE,CAAC;IAET,IAAI,CAAC,MAAM,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;IACrH,CAAC;IAED,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;AACpE,CAAC","file":"customer-portal-password.js","sourcesContent":["import { CustomerPortalPasswords } from '../collections/customer-portal-password.collection';\nimport { UserModel } from '../models/user.model';\nimport { ResolveIOServer } from '../resolveio-server-app';\nconst crypto = require('crypto');\n\nconst ALGORITHM = 'aes-256-gcm';\nconst ENCRYPTION_KEY_VERSION = 1;\nconst IV_LENGTH_BYTES = 12;\n\ninterface PasswordCipherPayload {\n\tcipherText: string;\n\tiv: string;\n\tauthTag: string;\n\tkeyVersion: number;\n}\n\ninterface PasswordRecordMeta {\n\tupdatedByUserId?: string;\n\tupdatedByUser?: string;\n}\n\nexport function isCustomerPortalUser(user: UserModel | any): boolean {\n\tif (!user || typeof user !== 'object') {\n\t\treturn false;\n\t}\n\n\tconst other = user.other || {};\n\tif (other.id_customer) {\n\t\treturn true;\n\t}\n\n\tif (Array.isArray(other.customers) && other.customers.length > 0) {\n\t\treturn true;\n\t}\n\n\tconst groups = Array.isArray(user?.roles?.groups) ? user.roles.groups : [];\n\tif (groups.some(group => {\n\t\tif (!group || typeof group.name !== 'string') {\n\t\t\treturn false;\n\t\t}\n\n\t\tconst normalized = group.name.trim().toLowerCase();\n\t\treturn normalized === 'customer portal' || normalized === 'customer-portal';\n\t})) {\n\t\treturn true;\n\t}\n\n\treturn false;\n}\n\nexport async function saveCustomerPortalPassword(user: UserModel | any, password: string, meta?: PasswordRecordMeta): Promise<void> {\n\tif (!user?._id) {\n\t\treturn;\n\t}\n\n\tif (!CustomerPortalPasswords) {\n\t\treturn;\n\t}\n\n\tif (!isCustomerPortalUser(user)) {\n\t\tawait clearCustomerPortalPassword(user._id);\n\t\treturn;\n\t}\n\n\tif (!password || typeof password !== 'string') {\n\t\tawait clearCustomerPortalPassword(user._id);\n\t\treturn;\n\t}\n\n\tconst payload = encryptPassword(password);\n\tconst setData: any = {\n\t\tid_user: user._id,\n\t\tcipher_text: payload.cipherText,\n\t\tiv: payload.iv,\n\t\tauth_tag: payload.authTag,\n\t\tkey_version: payload.keyVersion,\n\t\tlast_set_at: new Date()\n\t};\n\n\tif (meta?.updatedByUserId) {\n\t\tsetData.updated_by_user_id = meta.updatedByUserId;\n\t}\n\n\tif (meta?.updatedByUser) {\n\t\tsetData.updated_by_user = meta.updatedByUser;\n\t}\n\n\tawait CustomerPortalPasswords.updateOne(\n\t\t{id_user: user._id},\n\t\t{\n\t\t\t$set: setData\n\t\t},\n\t\t{upsert: true}\n\t);\n}\n\nexport async function clearCustomerPortalPassword(userId: string): Promise<void> {\n\tif (!userId || !CustomerPortalPasswords) {\n\t\treturn;\n\t}\n\n\tawait CustomerPortalPasswords.deleteOne({id_user: userId});\n}\n\nexport async function getDecryptedCustomerPortalPassword(userId: string): Promise<{password: string; lastSetAt?: Date}> {\n\tif (!userId) {\n\t\tthrow new Error('Customer portal user id is required.');\n\t}\n\n\tif (!CustomerPortalPasswords) {\n\t\tthrow new Error('Customer portal password store is not available.');\n\t}\n\n\tconst record = await CustomerPortalPasswords.findOne({id_user: userId});\n\tif (!record) {\n\t\tthrow new Error('No stored customer portal password is available for this user.');\n\t}\n\n\tconst password = decryptPassword({\n\t\tcipherText: record.cipher_text,\n\t\tiv: record.iv,\n\t\tauthTag: record.auth_tag,\n\t\tkeyVersion: record.key_version\n\t});\n\n\treturn {\n\t\tpassword,\n\t\tlastSetAt: record.last_set_at\n\t};\n}\n\nfunction encryptPassword(plainText: string): PasswordCipherPayload {\n\tconst key = resolveEncryptionKey();\n\tconst ivBuffer = crypto.randomBytes(IV_LENGTH_BYTES);\n\tconst cipher = crypto.createCipheriv(ALGORITHM, key, ivBuffer);\n\tconst encrypted = Buffer.concat([cipher.update(plainText, 'utf8'), cipher.final()]);\n\tconst authTag = cipher.getAuthTag();\n\n\treturn {\n\t\tcipherText: encrypted.toString('base64'),\n\t\tiv: ivBuffer.toString('base64'),\n\t\tauthTag: authTag.toString('base64'),\n\t\tkeyVersion: ENCRYPTION_KEY_VERSION\n\t};\n}\n\nfunction decryptPassword(payload: PasswordCipherPayload): string {\n\tif (!payload || payload.keyVersion !== ENCRYPTION_KEY_VERSION) {\n\t\tthrow new Error('Unsupported customer portal password encryption version.');\n\t}\n\n\tconst key = resolveEncryptionKey();\n\tconst decipher = crypto.createDecipheriv(\n\t\tALGORITHM,\n\t\tkey,\n\t\tBuffer.from(payload.iv, 'base64')\n\t);\n\tdecipher.setAuthTag(Buffer.from(payload.authTag, 'base64'));\n\n\tconst decrypted = Buffer.concat([\n\t\tdecipher.update(Buffer.from(payload.cipherText, 'base64')),\n\t\tdecipher.final()\n\t]);\n\n\treturn decrypted.toString('utf8');\n}\n\nfunction resolveEncryptionKey(): Buffer {\n\tconst config = ResolveIOServer.getServerConfig ? ResolveIOServer.getServerConfig() : {};\n\tconst secret = String(\n\t\t(config && config['CUSTOMER_PORTAL_PASSWORD_SECRET'])\n\t\t|| process.env.CUSTOMER_PORTAL_PASSWORD_SECRET\n\t\t|| (config && config['JWT_SECRET'])\n\t\t|| process.env.JWT_SECRET\n\t\t|| ''\n\t).trim();\n\n\tif (!secret) {\n\t\tthrow new Error('Missing CUSTOMER_PORTAL_PASSWORD_SECRET (or JWT_SECRET) for customer portal password encryption.');\n\t}\n\n\treturn crypto.createHash('sha256').update(secret, 'utf8').digest();\n}\n"]}