@serve.zone/dcrouter 13.17.0 → 13.17.2

package/dist_ts/monitoring/index.d.ts

@@ -0,0 +1 @@
+export * from './classes.metricsmanager.js';

package/dist_ts/monitoring/index.js

@@ -0,0 +1,2 @@
+export * from './classes.metricsmanager.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9tb25pdG9yaW5nL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsNkJBQTZCLENBQUMifQ==

package/dist_ts/opsserver/classes.opsserver.d.ts

@@ -0,0 +1,47 @@
+import type DcRouter from '../classes.dcrouter.js';
+import * as plugins from '../plugins.js';
+import * as handlers from './handlers/index.js';
+import * as interfaces from '../../dist_ts_interfaces/index.js';
+export declare class OpsServer {
+    dcRouterRef: DcRouter;
+    server: plugins.typedserver.utilityservers.UtilityWebsiteServer;
+    typedrouter: plugins.typedrequest.TypedRouter<interfaces.typedrequestInterfaces.ITypedRequest>;
+    viewRouter: plugins.typedrequest.TypedRouter<{
+        request: {
+            identity: interfaces.data.IIdentity;
+        };
+    }>;
+    adminRouter: plugins.typedrequest.TypedRouter<{
+        request: {
+            identity: interfaces.data.IIdentity;
+        };
+    }>;
+    adminHandler: handlers.AdminHandler;
+    private configHandler;
+    private logsHandler;
+    private securityHandler;
+    private statsHandler;
+    private radiusHandler;
+    private emailOpsHandler;
+    private certificateHandler;
+    private remoteIngressHandler;
+    private routeManagementHandler;
+    private apiTokenHandler;
+    private vpnHandler;
+    private sourceProfileHandler;
+    private targetProfileHandler;
+    private networkTargetHandler;
+    private usersHandler;
+    private dnsProviderHandler;
+    private domainHandler;
+    private dnsRecordHandler;
+    private acmeConfigHandler;
+    private emailDomainHandler;
+    constructor(dcRouterRefArg: DcRouter);
+    start(): Promise<void>;
+    /**
+     * Set up all TypedRequest handlers
+     */
+    private setupHandlers;
+    stop(): Promise<void>;
+}

package/dist_ts/opsserver/classes.opsserver.js

@@ -0,0 +1,105 @@
+import * as plugins from '../plugins.js';
+import * as paths from '../paths.js';
+import * as handlers from './handlers/index.js';
+import * as interfaces from '../../dist_ts_interfaces/index.js';
+import { requireValidIdentity, requireAdminIdentity } from './helpers/guards.js';
+export class OpsServer {
+    dcRouterRef;
+    server;
+    // Main TypedRouter — unauthenticated endpoints (login/logout/verify) and own-auth handlers
+    typedrouter = new plugins.typedrequest.TypedRouter();
+    // Auth-enforced routers — middleware validates identity before any handler runs
+    viewRouter = new plugins.typedrequest.TypedRouter();
+    adminRouter = new plugins.typedrequest.TypedRouter();
+    // Handler instances
+    adminHandler;
+    configHandler;
+    logsHandler;
+    securityHandler;
+    statsHandler;
+    radiusHandler;
+    emailOpsHandler;
+    certificateHandler;
+    remoteIngressHandler;
+    routeManagementHandler;
+    apiTokenHandler;
+    vpnHandler;
+    sourceProfileHandler;
+    targetProfileHandler;
+    networkTargetHandler;
+    usersHandler;
+    dnsProviderHandler;
+    domainHandler;
+    dnsRecordHandler;
+    acmeConfigHandler;
+    emailDomainHandler;
+    constructor(dcRouterRefArg) {
+        this.dcRouterRef = dcRouterRefArg;
+        // Add our typedrouter to the dcRouter's main typedrouter
+        this.dcRouterRef.typedrouter.addTypedRouter(this.typedrouter);
+    }
+    async start() {
+        this.server = new plugins.typedserver.utilityservers.UtilityWebsiteServer({
+            domain: 'localhost',
+            feedMetadata: undefined,
+            serveDir: paths.distServe,
+        });
+        // The server has a built-in typedrouter at /typedrequest
+        // Add the main dcRouter typedrouter to the server's typedrouter
+        this.server.typedrouter.addTypedRouter(this.dcRouterRef.typedrouter);
+        // Set up handlers
+        await this.setupHandlers();
+        await this.server.start(this.dcRouterRef.options.opsServerPort ?? 3000);
+    }
+    /**
+     * Set up all TypedRequest handlers
+     */
+    async setupHandlers() {
+        // AdminHandler must be initialized first (JWT setup needed for guards)
+        this.adminHandler = new handlers.AdminHandler(this);
+        await this.adminHandler.initialize();
+        // viewRouter middleware: requires valid identity (any logged-in user)
+        this.viewRouter.addMiddleware(async (typedRequest) => {
+            await requireValidIdentity(this.adminHandler, typedRequest.request);
+        });
+        // adminRouter middleware: requires admin identity
+        this.adminRouter.addMiddleware(async (typedRequest) => {
+            await requireAdminIdentity(this.adminHandler, typedRequest.request);
+        });
+        // Connect auth routers to the main typedrouter
+        this.typedrouter.addTypedRouter(this.viewRouter);
+        this.typedrouter.addTypedRouter(this.adminRouter);
+        // Instantiate all handlers — they self-register with the appropriate router
+        this.configHandler = new handlers.ConfigHandler(this);
+        this.logsHandler = new handlers.LogsHandler(this);
+        this.securityHandler = new handlers.SecurityHandler(this);
+        this.statsHandler = new handlers.StatsHandler(this);
+        this.radiusHandler = new handlers.RadiusHandler(this);
+        this.emailOpsHandler = new handlers.EmailOpsHandler(this);
+        this.certificateHandler = new handlers.CertificateHandler(this);
+        this.remoteIngressHandler = new handlers.RemoteIngressHandler(this);
+        this.routeManagementHandler = new handlers.RouteManagementHandler(this);
+        this.apiTokenHandler = new handlers.ApiTokenHandler(this);
+        this.vpnHandler = new handlers.VpnHandler(this);
+        this.sourceProfileHandler = new handlers.SourceProfileHandler(this);
+        this.targetProfileHandler = new handlers.TargetProfileHandler(this);
+        this.networkTargetHandler = new handlers.NetworkTargetHandler(this);
+        this.usersHandler = new handlers.UsersHandler(this);
+        this.dnsProviderHandler = new handlers.DnsProviderHandler(this);
+        this.domainHandler = new handlers.DomainHandler(this);
+        this.dnsRecordHandler = new handlers.DnsRecordHandler(this);
+        this.acmeConfigHandler = new handlers.AcmeConfigHandler(this);
+        this.emailDomainHandler = new handlers.EmailDomainHandler(this);
+        console.log('✅ OpsServer TypedRequest handlers initialized');
+    }
+    async stop() {
+        // Clean up log handler streams and push destination before stopping the server
+        if (this.logsHandler) {
+            this.logsHandler.cleanup();
+        }
+        if (this.server) {
+            await this.server.stop();
+        }
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5vcHNzZXJ2ZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9vcHNzZXJ2ZXIvY2xhc3Nlcy5vcHNzZXJ2ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQ0EsT0FBTyxLQUFLLE9BQU8sTUFBTSxlQUFlLENBQUM7QUFDekMsT0FBTyxLQUFLLEtBQUssTUFBTSxhQUFhLENBQUM7QUFDckMsT0FBTyxLQUFLLFFBQVEsTUFBTSxxQkFBcUIsQ0FBQztBQUNoRCxPQUFPLEtBQUssVUFBVSxNQUFNLDhCQUE4QixDQUFDO0FBQzNELE9BQU8sRUFBRSxvQkFBb0IsRUFBRSxvQkFBb0IsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBRWpGLE1BQU0sT0FBTyxTQUFTO0lBQ2IsV0FBVyxDQUFXO0lBQ3RCLE1BQU0sQ0FBMkQ7SUFFeEUsMkZBQTJGO0lBQ3BGLFdBQVcsR0FBRyxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsV0FBVyxFQUFFLENBQUM7SUFFNUQsZ0ZBQWdGO0lBQ3pFLFVBQVUsR0FBRyxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsV0FBVyxFQUF3RCxDQUFDO0lBQzFHLFdBQVcsR0FBRyxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsV0FBVyxFQUF3RCxDQUFDO0lBRWxILG9CQUFvQjtJQUNiLFlBQVksQ0FBeUI7SUFDcEMsYUFBYSxDQUEwQjtJQUN2QyxXQUFXLENBQXdCO0lBQ25DLGVBQWUsQ0FBNEI7SUFDM0MsWUFBWSxDQUF5QjtJQUNyQyxhQUFhLENBQTBCO0lBQ3ZDLGVBQWUsQ0FBNEI7SUFDM0Msa0JBQWtCLENBQStCO0lBQ2pELG9CQUFvQixDQUFpQztJQUNyRCxzQkFBc0IsQ0FBbUM7SUFDekQsZUFBZSxDQUE0QjtJQUMzQyxVQUFVLENBQXVCO0lBQ2pDLG9CQUFvQixDQUFpQztJQUNyRCxvQkFBb0IsQ0FBaUM7SUFDckQsb0JBQW9CLENBQWlDO0lBQ3JELFlBQVksQ0FBeUI7SUFDckMsa0JBQWtCLENBQStCO0lBQ2pELGFBQWEsQ0FBMEI7SUFDdkMsZ0JBQWdCLENBQTZCO0lBQzdDLGlCQUFpQixDQUE4QjtJQUMvQyxrQkFBa0IsQ0FBK0I7SUFFekQsWUFBWSxjQUF3QjtRQUNsQyxJQUFJLENBQUMsV0FBVyxHQUFHLGNBQWMsQ0FBQztRQUVsQyx5REFBeUQ7UUFDekQsSUFBSSxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUNoRSxDQUFDO0lBRU0sS0FBSyxDQUFDLEtBQUs7UUFDaEIsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLE9BQU8sQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLG9CQUFvQixDQUFDO1lBQ3hFLE1BQU0sRUFBRSxXQUFXO1lBQ25CLFlBQVksRUFBRSxTQUFTO1lBQ3ZCLFFBQVEsRUFBRSxLQUFLLENBQUMsU0FBUztTQUMxQixDQUFDLENBQUM7UUFFSCx5REFBeUQ7UUFDekQsZ0VBQWdFO1FBQ2hFLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBRXJFLGtCQUFrQjtRQUNsQixNQUFNLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUUzQixNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLGFBQWEsSUFBSSxJQUFJLENBQUMsQ0FBQztJQUMxRSxDQUFDO0lBRUQ7O09BRUc7SUFDSyxLQUFLLENBQUMsYUFBYTtRQUN6Qix1RUFBdUU7UUFDdkUsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDcEQsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBRXJDLHNFQUFzRTtRQUN0RSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsWUFBWSxFQUFFLEVBQUU7WUFDbkQsTUFBTSxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsWUFBWSxFQUFFLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RSxDQUFDLENBQUMsQ0FBQztRQUVILGtEQUFrRDtRQUNsRCxJQUFJLENBQUMsV0FBVyxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsWUFBWSxFQUFFLEVBQUU7WUFDcEQsTUFBTSxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsWUFBWSxFQUFFLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RSxDQUFDLENBQUMsQ0FBQztRQUVILCtDQUErQztRQUMvQyxJQUFJLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDakQsSUFBSSxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBRWxELDRFQUE0RTtRQUM1RSxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksUUFBUSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN0RCxJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksUUFBUSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNsRCxJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksUUFBUSxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMxRCxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksUUFBUSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRCxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksUUFBUSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN0RCxJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksUUFBUSxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMxRCxJQUFJLENBQUMsa0JBQWtCLEdBQUcsSUFBSSxRQUFRLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDaEUsSUFBSSxDQUFDLG9CQUFvQixHQUFHLElBQUksUUFBUSxDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3BFLElBQUksQ0FBQyxzQkFBc0IsR0FBRyxJQUFJLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN4RSxJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksUUFBUSxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMxRCxJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksUUFBUSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNoRCxJQUFJLENBQUMsb0JBQW9CLEdBQUcsSUFBSSxRQUFRLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDcEUsSUFBSSxDQUFDLG9CQUFvQixHQUFHLElBQUksUUFBUSxDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3BFLElBQUksQ0FBQyxvQkFBb0IsR0FBRyxJQUFJLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRSxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksUUFBUSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRCxJQUFJLENBQUMsa0JBQWtCLEdBQUcsSUFBSSxRQUFRLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDaEUsSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLFFBQVEsQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDdEQsSUFBSSxDQUFDLGdCQUFnQixHQUFHLElBQUksUUFBUSxDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzVELElBQUksQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUM5RCxJQUFJLENBQUMsa0JBQWtCLEdBQUcsSUFBSSxRQUFRLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFaEUsT0FBTyxDQUFDLEdBQUcsQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO0lBQy9ELENBQUM7SUFFTSxLQUFLLENBQUMsSUFBSTtRQUNmLCtFQUErRTtRQUMvRSxJQUFJLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNyQixJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQzdCLENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNoQixNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDM0IsQ0FBQztJQUNILENBQUM7Q0FDRiJ9

package/dist_ts/opsserver/handlers/acme-config.handler.d.ts

@@ -0,0 +1,16 @@
+import * as plugins from '../../plugins.js';
+import type { OpsServer } from '../classes.opsserver.js';
+import * as interfaces from '../../../dist_ts_interfaces/index.js';
+/**
+ * CRUD handler for the singleton `AcmeConfigDoc`.
+ *
+ * Auth: same dual-mode pattern as other handlers — admin JWT or API token
+ * with `acme-config:read` / `acme-config:write` scope.
+ */
+export declare class AcmeConfigHandler {
+    private opsServerRef;
+    typedrouter: plugins.typedrequest.TypedRouter<interfaces.typedrequestInterfaces.ITypedRequest>;
+    constructor(opsServerRef: OpsServer);
+    private requireAuth;
+    private registerHandlers;
+}

package/dist_ts/opsserver/handlers/acme-config.handler.js

@@ -0,0 +1,77 @@
+import * as plugins from '../../plugins.js';
+import * as interfaces from '../../../dist_ts_interfaces/index.js';
+/**
+ * CRUD handler for the singleton `AcmeConfigDoc`.
+ *
+ * Auth: same dual-mode pattern as other handlers — admin JWT or API token
+ * with `acme-config:read` / `acme-config:write` scope.
+ */
+export class AcmeConfigHandler {
+    opsServerRef;
+    typedrouter = new plugins.typedrequest.TypedRouter();
+    constructor(opsServerRef) {
+        this.opsServerRef = opsServerRef;
+        this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+        this.registerHandlers();
+    }
+    async requireAuth(request, requiredScope) {
+        if (request.identity?.jwt) {
+            try {
+                const isAdmin = await this.opsServerRef.adminHandler.adminIdentityGuard.exec({
+                    identity: request.identity,
+                });
+                if (isAdmin)
+                    return request.identity.userId;
+            }
+            catch { /* fall through */ }
+        }
+        if (request.apiToken) {
+            const tokenManager = this.opsServerRef.dcRouterRef.apiTokenManager;
+            if (tokenManager) {
+                const token = await tokenManager.validateToken(request.apiToken);
+                if (token) {
+                    if (!requiredScope || tokenManager.hasScope(token, requiredScope)) {
+                        return token.createdBy;
+                    }
+                    throw new plugins.typedrequest.TypedResponseError('insufficient scope');
+                }
+            }
+        }
+        throw new plugins.typedrequest.TypedResponseError('unauthorized');
+    }
+    registerHandlers() {
+        // Get current ACME config
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('getAcmeConfig', async (dataArg) => {
+            await this.requireAuth(dataArg, 'acme-config:read');
+            const mgr = this.opsServerRef.dcRouterRef.acmeConfigManager;
+            if (!mgr)
+                return { config: null };
+            return { config: mgr.getConfig() };
+        }));
+        // Update (upsert) the ACME config
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('updateAcmeConfig', async (dataArg) => {
+            const userId = await this.requireAuth(dataArg, 'acme-config:write');
+            const mgr = this.opsServerRef.dcRouterRef.acmeConfigManager;
+            if (!mgr) {
+                return {
+                    success: false,
+                    message: 'AcmeConfigManager not initialized (DB disabled?)',
+                };
+            }
+            try {
+                const updated = await mgr.updateConfig({
+                    accountEmail: dataArg.accountEmail,
+                    enabled: dataArg.enabled,
+                    useProduction: dataArg.useProduction,
+                    autoRenew: dataArg.autoRenew,
+                    renewThresholdDays: dataArg.renewThresholdDays,
+                }, userId);
+                return { success: true, config: updated };
+            }
+            catch (err) {
+                return { success: false, message: err.message };
+            }
+        }));
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNtZS1jb25maWcuaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RzL29wc3NlcnZlci9oYW5kbGVycy9hY21lLWNvbmZpZy5oYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFFNUMsT0FBTyxLQUFLLFVBQVUsTUFBTSxpQ0FBaUMsQ0FBQztBQUU5RDs7Ozs7R0FLRztBQUNILE1BQU0sT0FBTyxpQkFBaUI7SUFHUjtJQUZiLFdBQVcsR0FBRyxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsV0FBVyxFQUFFLENBQUM7SUFFNUQsWUFBb0IsWUFBdUI7UUFBdkIsaUJBQVksR0FBWixZQUFZLENBQVc7UUFDekMsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMvRCxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztJQUMxQixDQUFDO0lBRU8sS0FBSyxDQUFDLFdBQVcsQ0FDdkIsT0FBb0UsRUFDcEUsYUFBOEM7UUFFOUMsSUFBSSxPQUFPLENBQUMsUUFBUSxFQUFFLEdBQUcsRUFBRSxDQUFDO1lBQzFCLElBQUksQ0FBQztnQkFDSCxNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FBQztvQkFDM0UsUUFBUSxFQUFFLE9BQU8sQ0FBQyxRQUFRO2lCQUMzQixDQUFDLENBQUM7Z0JBQ0gsSUFBSSxPQUFPO29CQUFFLE9BQU8sT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7WUFDOUMsQ0FBQztZQUFDLE1BQU0sQ0FBQyxDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUVELElBQUksT0FBTyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQztZQUNuRSxJQUFJLFlBQVksRUFBRSxDQUFDO2dCQUNqQixNQUFNLEtBQUssR0FBRyxNQUFNLFlBQVksQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUNqRSxJQUFJLEtBQUssRUFBRSxDQUFDO29CQUNWLElBQUksQ0FBQyxhQUFhLElBQUksWUFBWSxDQUFDLFFBQVEsQ0FBQyxLQUFLLEVBQUUsYUFBYSxDQUFDLEVBQUUsQ0FBQzt3QkFDbEUsT0FBTyxLQUFLLENBQUMsU0FBUyxDQUFDO29CQUN6QixDQUFDO29CQUNELE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLG9CQUFvQixDQUFDLENBQUM7Z0JBQzFFLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFTyxnQkFBZ0I7UUFDdEIsMEJBQTBCO1FBQzFCLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxlQUFlLEVBQ2YsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztZQUNwRCxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxpQkFBaUIsQ0FBQztZQUM1RCxJQUFJLENBQUMsR0FBRztnQkFBRSxPQUFPLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUFDO1lBQ2xDLE9BQU8sRUFBRSxNQUFNLEVBQUUsR0FBRyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUM7UUFDckMsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLGtDQUFrQztRQUNsQyxJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsa0JBQWtCLEVBQ2xCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLG1CQUFtQixDQUFDLENBQUM7WUFDcEUsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsaUJBQWlCLENBQUM7WUFDNUQsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO2dCQUNULE9BQU87b0JBQ0wsT0FBTyxFQUFFLEtBQUs7b0JBQ2QsT0FBTyxFQUFFLGtEQUFrRDtpQkFDNUQsQ0FBQztZQUNKLENBQUM7WUFDRCxJQUFJLENBQUM7Z0JBQ0gsTUFBTSxPQUFPLEdBQUcsTUFBTSxHQUFHLENBQUMsWUFBWSxDQUNwQztvQkFDRSxZQUFZLEVBQUUsT0FBTyxDQUFDLFlBQVk7b0JBQ2xDLE9BQU8sRUFBRSxPQUFPLENBQUMsT0FBTztvQkFDeEIsYUFBYSxFQUFFLE9BQU8sQ0FBQyxhQUFhO29CQUNwQyxTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVM7b0JBQzVCLGtCQUFrQixFQUFFLE9BQU8sQ0FBQyxrQkFBa0I7aUJBQy9DLEVBQ0QsTUFBTSxDQUNQLENBQUM7Z0JBQ0YsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE9BQU8sRUFBRSxDQUFDO1lBQzVDLENBQUM7WUFBQyxPQUFPLEdBQVksRUFBRSxDQUFDO2dCQUN0QixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUcsR0FBYSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQzdELENBQUM7UUFDSCxDQUFDLENBQ0YsQ0FDRixDQUFDO0lBQ0osQ0FBQztDQUNGIn0=

package/dist_ts/opsserver/handlers/admin.handler.d.ts

@@ -0,0 +1,40 @@
+import * as plugins from '../../plugins.js';
+import type { OpsServer } from '../classes.opsserver.js';
+import * as interfaces from '../../../dist_ts_interfaces/index.js';
+export interface IJwtData {
+    userId: string;
+    status: 'loggedIn' | 'loggedOut';
+    expiresAt: number;
+}
+export declare class AdminHandler {
+    private opsServerRef;
+    typedrouter: plugins.typedrequest.TypedRouter<interfaces.typedrequestInterfaces.ITypedRequest>;
+    smartjwtInstance: plugins.smartjwt.SmartJwt<IJwtData>;
+    private users;
+    constructor(opsServerRef: OpsServer);
+    initialize(): Promise<void>;
+    private initializeJwt;
+    private initializeDefaultUsers;
+    /**
+     * Return a safe projection of the users Map — excludes password fields.
+     * Used by UsersHandler to serve the admin-only listUsers endpoint.
+     */
+    listUsers(): Array<{
+        id: string;
+        username: string;
+        role: string;
+    }>;
+    private registerHandlers;
+    /**
+     * Create a guard for valid identity (matching cloudly pattern)
+     */
+    validIdentityGuard: plugins.smartguard.Guard<{
+        identity: interfaces.data.IIdentity;
+    }>;
+    /**
+     * Create a guard for admin identity (matching cloudly pattern)
+     */
+    adminIdentityGuard: plugins.smartguard.Guard<{
+        identity: interfaces.data.IIdentity;
+    }>;
+}

package/dist_ts/opsserver/handlers/admin.handler.js

@@ -0,0 +1,191 @@
+import * as plugins from '../../plugins.js';
+import * as interfaces from '../../../dist_ts_interfaces/index.js';
+export class AdminHandler {
+    opsServerRef;
+    typedrouter = new plugins.typedrequest.TypedRouter();
+    // JWT instance
+    smartjwtInstance;
+    // Simple in-memory user storage (in production, use proper database)
+    users = new Map();
+    constructor(opsServerRef) {
+        this.opsServerRef = opsServerRef;
+        // Add this handler's router to the parent
+        this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    }
+    async initialize() {
+        await this.initializeJwt();
+        this.initializeDefaultUsers();
+        this.registerHandlers();
+    }
+    async initializeJwt() {
+        this.smartjwtInstance = new plugins.smartjwt.SmartJwt();
+        await this.smartjwtInstance.init();
+        // For development, create new keypair each time
+        // In production, load from storage like cloudly does
+        await this.smartjwtInstance.createNewKeyPair();
+    }
+    initializeDefaultUsers() {
+        // Add default admin user
+        const adminId = plugins.uuid.v4();
+        this.users.set(adminId, {
+            id: adminId,
+            username: 'admin',
+            password: 'admin',
+            role: 'admin',
+        });
+    }
+    /**
+     * Return a safe projection of the users Map — excludes password fields.
+     * Used by UsersHandler to serve the admin-only listUsers endpoint.
+     */
+    listUsers() {
+        return Array.from(this.users.values()).map((user) => ({
+            id: user.id,
+            username: user.username,
+            role: user.role,
+        }));
+    }
+    registerHandlers() {
+        // Admin Login Handler
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('adminLoginWithUsernameAndPassword', async (dataArg) => {
+            try {
+                // Find user by username and password
+                let user = null;
+                for (const [_, userData] of this.users) {
+                    if (userData.username === dataArg.username && userData.password === dataArg.password) {
+                        user = userData;
+                        break;
+                    }
+                }
+                if (!user) {
+                    throw new plugins.typedrequest.TypedResponseError('login failed');
+                }
+                const expiresAtTimestamp = Date.now() + 3600 * 1000 * 24; // 24 hours
+                const jwt = await this.smartjwtInstance.createJWT({
+                    userId: user.id,
+                    status: 'loggedIn',
+                    expiresAt: expiresAtTimestamp,
+                });
+                return {
+                    identity: {
+                        jwt,
+                        userId: user.id,
+                        name: user.username,
+                        expiresAt: expiresAtTimestamp,
+                        role: user.role,
+                        type: 'user',
+                    },
+                };
+            }
+            catch (error) {
+                if (error instanceof plugins.typedrequest.TypedResponseError) {
+                    throw error;
+                }
+                throw new plugins.typedrequest.TypedResponseError('login failed');
+            }
+        }));
+        // Admin Logout Handler
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('adminLogout', async (dataArg) => {
+            // In a real implementation, you might want to blacklist the JWT
+            // For now, just return success
+            return {
+                success: true,
+            };
+        }));
+        // Verify Identity Handler
+        this.typedrouter.addTypedHandler(new plugins.typedrequest.TypedHandler('verifyIdentity', async (dataArg) => {
+            if (!dataArg.identity?.jwt) {
+                return {
+                    valid: false,
+                };
+            }
+            try {
+                const jwtData = await this.smartjwtInstance.verifyJWTAndGetData(dataArg.identity.jwt);
+                // Check if expired
+                if (jwtData.expiresAt < Date.now()) {
+                    return {
+                        valid: false,
+                    };
+                }
+                // Check if logged in
+                if (jwtData.status !== 'loggedIn') {
+                    return {
+                        valid: false,
+                    };
+                }
+                // Find user
+                const user = this.users.get(jwtData.userId);
+                if (!user) {
+                    return {
+                        valid: false,
+                    };
+                }
+                return {
+                    valid: true,
+                    identity: {
+                        jwt: dataArg.identity.jwt,
+                        userId: user.id,
+                        name: user.username,
+                        expiresAt: jwtData.expiresAt,
+                        role: user.role,
+                        type: 'user',
+                    },
+                };
+            }
+            catch (error) {
+                return {
+                    valid: false,
+                };
+            }
+        }));
+    }
+    /**
+     * Create a guard for valid identity (matching cloudly pattern)
+     */
+    validIdentityGuard = new plugins.smartguard.Guard(async (dataArg) => {
+        if (!dataArg.identity?.jwt) {
+            return false;
+        }
+        try {
+            const jwtData = await this.smartjwtInstance.verifyJWTAndGetData(dataArg.identity.jwt);
+            // Check expiration
+            if (jwtData.expiresAt < Date.now()) {
+                return false;
+            }
+            // Check status
+            if (jwtData.status !== 'loggedIn') {
+                return false;
+            }
+            // Verify data hasn't been tampered with
+            if (dataArg.identity.expiresAt !== jwtData.expiresAt) {
+                return false;
+            }
+            if (dataArg.identity.userId !== jwtData.userId) {
+                return false;
+            }
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }, {
+        failedHint: 'identity is not valid',
+        name: 'validIdentityGuard',
+    });
+    /**
+     * Create a guard for admin identity (matching cloudly pattern)
+     */
+    adminIdentityGuard = new plugins.smartguard.Guard(async (dataArg) => {
+        // First check if identity is valid
+        const isValid = await this.validIdentityGuard.exec(dataArg);
+        if (!isValid) {
+            return false;
+        }
+        // Check if user has admin role
+        return dataArg.identity.role === 'admin';
+    }, {
+        failedHint: 'user is not admin',
+        name: 'adminIdentityGuard',
+    });
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWRtaW4uaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RzL29wc3NlcnZlci9oYW5kbGVycy9hZG1pbi5oYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFFNUMsT0FBTyxLQUFLLFVBQVUsTUFBTSxpQ0FBaUMsQ0FBQztBQVE5RCxNQUFNLE9BQU8sWUFBWTtJQWNIO0lBYmIsV0FBVyxHQUFHLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUU1RCxlQUFlO0lBQ1IsZ0JBQWdCLENBQXVDO0lBRTlELHFFQUFxRTtJQUM3RCxLQUFLLEdBQUcsSUFBSSxHQUFHLEVBS25CLENBQUM7SUFFTCxZQUFvQixZQUF1QjtRQUF2QixpQkFBWSxHQUFaLFlBQVksQ0FBVztRQUN6QywwQ0FBMEM7UUFDMUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUNqRSxDQUFDO0lBRU0sS0FBSyxDQUFDLFVBQVU7UUFDckIsTUFBTSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDM0IsSUFBSSxDQUFDLHNCQUFzQixFQUFFLENBQUM7UUFDOUIsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVPLEtBQUssQ0FBQyxhQUFhO1FBQ3pCLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxJQUFJLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDeEQsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFbkMsZ0RBQWdEO1FBQ2hELHFEQUFxRDtRQUNyRCxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO0lBQ2pELENBQUM7SUFFTyxzQkFBc0I7UUFDNUIseUJBQXlCO1FBQ3pCLE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDbEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFO1lBQ3RCLEVBQUUsRUFBRSxPQUFPO1lBQ1gsUUFBUSxFQUFFLE9BQU87WUFDakIsUUFBUSxFQUFFLE9BQU87WUFDakIsSUFBSSxFQUFFLE9BQU87U0FDZCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksU0FBUztRQUNkLE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ3BELEVBQUUsRUFBRSxJQUFJLENBQUMsRUFBRTtZQUNYLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUk7U0FDaEIsQ0FBQyxDQUFDLENBQUM7SUFDTixDQUFDO0lBRU8sZ0JBQWdCO1FBQ3RCLHNCQUFzQjtRQUN0QixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDOUIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsbUNBQW1DLEVBQ25DLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixJQUFJLENBQUM7Z0JBQ0gscUNBQXFDO2dCQUNyQyxJQUFJLElBQUksR0FBNEUsSUFBSSxDQUFDO2dCQUN6RixLQUFLLE1BQU0sQ0FBQyxDQUFDLEVBQUUsUUFBUSxDQUFDLElBQUksSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO29CQUN2QyxJQUFJLFFBQVEsQ0FBQyxRQUFRLEtBQUssT0FBTyxDQUFDLFFBQVEsSUFBSSxRQUFRLENBQUMsUUFBUSxLQUFLLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQzt3QkFDckYsSUFBSSxHQUFHLFFBQVEsQ0FBQzt3QkFDaEIsTUFBTTtvQkFDUixDQUFDO2dCQUNILENBQUM7Z0JBRUQsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO29CQUNWLE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLGNBQWMsQ0FBQyxDQUFDO2dCQUNwRSxDQUFDO2dCQUVELE1BQU0sa0JBQWtCLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksR0FBRyxJQUFJLEdBQUcsRUFBRSxDQUFDLENBQUMsV0FBVztnQkFFckUsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsU0FBUyxDQUFDO29CQUNoRCxNQUFNLEVBQUUsSUFBSSxDQUFDLEVBQUU7b0JBQ2YsTUFBTSxFQUFFLFVBQVU7b0JBQ2xCLFNBQVMsRUFBRSxrQkFBa0I7aUJBQzlCLENBQUMsQ0FBQztnQkFFSCxPQUFPO29CQUNMLFFBQVEsRUFBRTt3QkFDUixHQUFHO3dCQUNILE1BQU0sRUFBRSxJQUFJLENBQUMsRUFBRTt3QkFDZixJQUFJLEVBQUUsSUFBSSxDQUFDLFFBQVE7d0JBQ25CLFNBQVMsRUFBRSxrQkFBa0I7d0JBQzdCLElBQUksRUFBRSxJQUFJLENBQUMsSUFBSTt3QkFDZixJQUFJLEVBQUUsTUFBTTtxQkFDYjtpQkFDRixDQUFDO1lBQ0osQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2YsSUFBSSxLQUFLLFlBQVksT0FBTyxDQUFDLFlBQVksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO29CQUM3RCxNQUFNLEtBQUssQ0FBQztnQkFDZCxDQUFDO2dCQUNELE1BQU0sSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLGNBQWMsQ0FBQyxDQUFDO1lBQ3BFLENBQUM7UUFDSCxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsdUJBQXVCO1FBQ3ZCLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxhQUFhLEVBQ2IsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLGdFQUFnRTtZQUNoRSwrQkFBK0I7WUFDL0IsT0FBTztnQkFDTCxPQUFPLEVBQUUsSUFBSTthQUNkLENBQUM7UUFDSixDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsMEJBQTBCO1FBQzFCLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxnQkFBZ0IsRUFDaEIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLEdBQUcsRUFBRSxDQUFDO2dCQUMzQixPQUFPO29CQUNMLEtBQUssRUFBRSxLQUFLO2lCQUNiLENBQUM7WUFDSixDQUFDO1lBRUQsSUFBSSxDQUFDO2dCQUNILE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLGdCQUFnQixDQUFDLG1CQUFtQixDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBRXRGLG1CQUFtQjtnQkFDbkIsSUFBSSxPQUFPLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO29CQUNuQyxPQUFPO3dCQUNMLEtBQUssRUFBRSxLQUFLO3FCQUNiLENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxxQkFBcUI7Z0JBQ3JCLElBQUksT0FBTyxDQUFDLE1BQU0sS0FBSyxVQUFVLEVBQUUsQ0FBQztvQkFDbEMsT0FBTzt3QkFDTCxLQUFLLEVBQUUsS0FBSztxQkFDYixDQUFDO2dCQUNKLENBQUM7Z0JBRUQsWUFBWTtnQkFDWixNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQzVDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztvQkFDVixPQUFPO3dCQUNMLEtBQUssRUFBRSxLQUFLO3FCQUNiLENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxPQUFPO29CQUNMLEtBQUssRUFBRSxJQUFJO29CQUNYLFFBQVEsRUFBRTt3QkFDUixHQUFHLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxHQUFHO3dCQUN6QixNQUFNLEVBQUUsSUFBSSxDQUFDLEVBQUU7d0JBQ2YsSUFBSSxFQUFFLElBQUksQ0FBQyxRQUFRO3dCQUNuQixTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVM7d0JBQzVCLElBQUksRUFBRSxJQUFJLENBQUMsSUFBSTt3QkFDZixJQUFJLEVBQUUsTUFBTTtxQkFDYjtpQkFDRixDQUFDO1lBQ0osQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2YsT0FBTztvQkFDTCxLQUFLLEVBQUUsS0FBSztpQkFDYixDQUFDO1lBQ0osQ0FBQztRQUNILENBQUMsQ0FDRixDQUNGLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSSxrQkFBa0IsR0FBRyxJQUFJLE9BQU8sQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUd0RCxLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7UUFDaEIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsR0FBRyxFQUFFLENBQUM7WUFDM0IsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsbUJBQW1CLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUV0RixtQkFBbUI7WUFDbkIsSUFBSSxPQUFPLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO2dCQUNuQyxPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7WUFFRCxlQUFlO1lBQ2YsSUFBSSxPQUFPLENBQUMsTUFBTSxLQUFLLFVBQVUsRUFBRSxDQUFDO2dCQUNsQyxPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7WUFFRCx3Q0FBd0M7WUFDeEMsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLFNBQVMsS0FBSyxPQUFPLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ3JELE9BQU8sS0FBSyxDQUFDO1lBQ2YsQ0FBQztZQUVELElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEtBQUssT0FBTyxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUMvQyxPQUFPLEtBQUssQ0FBQztZQUNmLENBQUM7WUFFRCxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2YsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO0lBQ0gsQ0FBQyxFQUNEO1FBQ0UsVUFBVSxFQUFFLHVCQUF1QjtRQUNuQyxJQUFJLEVBQUUsb0JBQW9CO0tBQzNCLENBQ0YsQ0FBQztJQUVGOztPQUVHO0lBQ0ksa0JBQWtCLEdBQUcsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FHdEQsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1FBQ2hCLG1DQUFtQztRQUNuQyxNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDNUQsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBRUQsK0JBQStCO1FBQy9CLE9BQU8sT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLEtBQUssT0FBTyxDQUFDO0lBQzNDLENBQUMsRUFDRDtRQUNFLFVBQVUsRUFBRSxtQkFBbUI7UUFDL0IsSUFBSSxFQUFFLG9CQUFvQjtLQUMzQixDQUNGLENBQUM7Q0FDSCJ9

package/dist_ts/opsserver/handlers/api-token.handler.d.ts

@@ -0,0 +1,6 @@
+import type { OpsServer } from '../classes.opsserver.js';
+export declare class ApiTokenHandler {
+    private opsServerRef;
+    constructor(opsServerRef: OpsServer);
+    private registerHandlers;
+}

package/dist_ts/opsserver/handlers/api-token.handler.js

@@ -0,0 +1,62 @@
+import * as plugins from '../../plugins.js';
+import * as interfaces from '../../../dist_ts_interfaces/index.js';
+export class ApiTokenHandler {
+    opsServerRef;
+    constructor(opsServerRef) {
+        this.opsServerRef = opsServerRef;
+        this.registerHandlers();
+    }
+    registerHandlers() {
+        // All token management endpoints register directly on adminRouter
+        // (middleware enforces admin JWT check, so no per-handler requireAdmin needed)
+        const router = this.opsServerRef.adminRouter;
+        // Create API token
+        router.addTypedHandler(new plugins.typedrequest.TypedHandler('createApiToken', async (dataArg) => {
+            const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
+            if (!manager) {
+                return { success: false, message: 'Token management not initialized' };
+            }
+            const result = await manager.createToken(dataArg.name, dataArg.scopes, dataArg.expiresInDays ?? null, dataArg.identity.userId);
+            return { success: true, tokenId: result.id, tokenValue: result.rawToken };
+        }));
+        // List API tokens
+        router.addTypedHandler(new plugins.typedrequest.TypedHandler('listApiTokens', async (dataArg) => {
+            const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
+            if (!manager) {
+                return { tokens: [] };
+            }
+            return { tokens: manager.listTokens() };
+        }));
+        // Revoke API token
+        router.addTypedHandler(new plugins.typedrequest.TypedHandler('revokeApiToken', async (dataArg) => {
+            const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
+            if (!manager) {
+                return { success: false, message: 'Token management not initialized' };
+            }
+            const ok = await manager.revokeToken(dataArg.id);
+            return { success: ok, message: ok ? undefined : 'Token not found' };
+        }));
+        // Roll API token
+        router.addTypedHandler(new plugins.typedrequest.TypedHandler('rollApiToken', async (dataArg) => {
+            const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
+            if (!manager) {
+                return { success: false, message: 'Token management not initialized' };
+            }
+            const result = await manager.rollToken(dataArg.id);
+            if (!result) {
+                return { success: false, message: 'Token not found' };
+            }
+            return { success: true, tokenValue: result.rawToken };
+        }));
+        // Toggle API token
+        router.addTypedHandler(new plugins.typedrequest.TypedHandler('toggleApiToken', async (dataArg) => {
+            const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
+            if (!manager) {
+                return { success: false, message: 'Token management not initialized' };
+            }
+            const ok = await manager.toggleToken(dataArg.id, dataArg.enabled);
+            return { success: ok, message: ok ? undefined : 'Token not found' };
+        }));
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBpLXRva2VuLmhhbmRsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9vcHNzZXJ2ZXIvaGFuZGxlcnMvYXBpLXRva2VuLmhhbmRsZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxrQkFBa0IsQ0FBQztBQUU1QyxPQUFPLEtBQUssVUFBVSxNQUFNLGlDQUFpQyxDQUFDO0FBRTlELE1BQU0sT0FBTyxlQUFlO0lBQ047SUFBcEIsWUFBb0IsWUFBdUI7UUFBdkIsaUJBQVksR0FBWixZQUFZLENBQVc7UUFDekMsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVPLGdCQUFnQjtRQUN0QixrRUFBa0U7UUFDbEUsK0VBQStFO1FBQy9FLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDO1FBRTdDLG1CQUFtQjtRQUNuQixNQUFNLENBQUMsZUFBZSxDQUNwQixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxnQkFBZ0IsRUFDaEIsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQztZQUM5RCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ2IsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLGtDQUFrQyxFQUFFLENBQUM7WUFDekUsQ0FBQztZQUNELE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLFdBQVcsQ0FDdEMsT0FBTyxDQUFDLElBQUksRUFDWixPQUFPLENBQUMsTUFBTSxFQUNkLE9BQU8sQ0FBQyxhQUFhLElBQUksSUFBSSxFQUM3QixPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FDeEIsQ0FBQztZQUNGLE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxNQUFNLENBQUMsRUFBRSxFQUFFLFVBQVUsRUFBRSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDNUUsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLGtCQUFrQjtRQUNsQixNQUFNLENBQUMsZUFBZSxDQUNwQixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxlQUFlLEVBQ2YsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQztZQUM5RCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ2IsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFLEVBQUUsQ0FBQztZQUN4QixDQUFDO1lBQ0QsT0FBTyxFQUFFLE1BQU0sRUFBRSxPQUFPLENBQUMsVUFBVSxFQUFFLEVBQUUsQ0FBQztRQUMxQyxDQUFDLENBQ0YsQ0FDRixDQUFDO1FBRUYsbUJBQW1CO1FBQ25CLE1BQU0sQ0FBQyxlQUFlLENBQ3BCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLGdCQUFnQixFQUNoQixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUFDO1lBQzlELElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDYixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsa0NBQWtDLEVBQUUsQ0FBQztZQUN6RSxDQUFDO1lBQ0QsTUFBTSxFQUFFLEdBQUcsTUFBTSxPQUFPLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNqRCxPQUFPLEVBQUUsT0FBTyxFQUFFLEVBQUUsRUFBRSxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLGlCQUFpQixFQUFFLENBQUM7UUFDdEUsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLGlCQUFpQjtRQUNqQixNQUFNLENBQUMsZUFBZSxDQUNwQixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQyxjQUFjLEVBQ2QsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQztZQUM5RCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ2IsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLGtDQUFrQyxFQUFFLENBQUM7WUFDekUsQ0FBQztZQUNELE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDbkQsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUNaLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxDQUFDO1lBQ3hELENBQUM7WUFDRCxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ3hELENBQUMsQ0FDRixDQUNGLENBQUM7UUFFRixtQkFBbUI7UUFDbkIsTUFBTSxDQUFDLGVBQWUsQ0FDcEIsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDbkMsZ0JBQWdCLEVBQ2hCLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtZQUNoQixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQUM7WUFDOUQsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUNiLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxrQ0FBa0MsRUFBRSxDQUFDO1lBQ3pFLENBQUM7WUFDRCxNQUFNLEVBQUUsR0FBRyxNQUFNLE9BQU8sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDbEUsT0FBTyxFQUFFLE9BQU8sRUFBRSxFQUFFLEVBQUUsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1FBQ3RFLENBQUMsQ0FDRixDQUNGLENBQUM7SUFDSixDQUFDO0NBQ0YifQ==