@sync-in/server 1.8.0 → 1.9.0

package/server/authentication/services/auth-methods/auth-method-ldap.service.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-ldap.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common'\nimport { AndFilter, Client, ClientOptions, Entry, EqualityFilter, InvalidCredentialsError, OrFilter } from 'ldapts'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { USER_ROLE } from '../../../applications/users/constants/user'\nimport type { CreateUserDto, UpdateUserDto } from '../../../applications/users/dto/create-or-update-user.dto'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { AdminUsersManager } from '../../../applications/users/services/admin-users-manager.service'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { comparePassword, splitFullName } from '../../../common/functions'\nimport { configuration } from '../../../configuration/config.environment'\nimport { ALL_LDAP_ATTRIBUTES, LDAP_COMMON_ATTR, LDAP_LOGIN_ATTR } from '../../constants/auth-ldap'\nimport type { AUTH_SCOPE } from '../../constants/scope'\nimport { AuthMethod } from '../../models/auth-method'\n\ntype LdapUserEntry = Entry & Record<LDAP_LOGIN_ATTR | (typeof LDAP_COMMON_ATTR)[keyof typeof LDAP_COMMON_ATTR], string>\n\n@Injectable()\nexport class AuthMethodLdapService implements AuthMethod {\n  private readonly logger = new Logger(AuthMethodLdapService.name)\n  private readonly ldapConfig = configuration.auth.ldap\n  private clientOptions: ClientOptions = { timeout: 6000, connectTimeout: 6000, url: '' }\n\n  constructor(\n    private readonly usersManager: UsersManager,\n    private readonly adminUsersManager: AdminUsersManager\n  ) {}\n\n  async validateUser(login: string, password: string, ip?: string, scope?: AUTH_SCOPE): Promise<UserModel> {\n    let user: UserModel = await this.usersManager.findUser(this.dbLogin(login), false)\n    if (user) {\n      if (user.isGuest) {\n        // allow guests to be authenticated from db and check if the current user is defined as active\n        return this.usersManager.logUser(user, password, ip)\n      }\n      if (!user.isActive) {\n        this.logger.error(`${this.validateUser.name} - user *${user.login}* is locked`)\n        throw new HttpException('Account locked', HttpStatus.FORBIDDEN)\n      }\n    }\n    const entry: false | LdapUserEntry = await this.checkAuth(login, password)\n    if (entry === false) {\n      // LDAP auth failed\n      if (user) {\n        let authSuccess = false\n        if (scope) {\n          // try user app password\n          authSuccess = await this.usersManager.validateAppPassword(user, password, ip, scope)\n        }\n        this.usersManager.updateAccesses(user, ip, authSuccess).catch((e: Error) => this.logger.error(`${this.validateUser.name} : ${e}`))\n        if (authSuccess) {\n          // logged with app password\n          return user\n        }\n      }\n      return null\n    } else if (!entry[this.ldapConfig.attributes.login] || !entry[this.ldapConfig.attributes.email]) {\n      this.logger.error(`${this.validateUser.name} - required ldap fields are missing : \n      [${this.ldapConfig.attributes.login}, ${this.ldapConfig.attributes.email}] => \n      (${JSON.stringify(entry)})`)\n      return null\n    }\n    const identity = this.createIdentity(entry, password)\n    user = await this.updateOrCreateUser(identity, user)\n    this.usersManager.updateAccesses(user, ip, true).catch((e: Error) => this.logger.error(`${this.validateUser.name} : ${e}`))\n    return user\n  }\n\n  private async checkAuth(login: string, password: string): Promise<LdapUserEntry | false> {\n    const ldapLogin = this.buildLdapLogin(login)\n    const isAD = this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.SAM || this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.UPN\n    // AD: bind directly with the user input (UPN or DOMAIN\\user)\n    // Generic LDAP: build DN from login attribute + baseDN\n    const bindUserDN = isAD ? ldapLogin : `${this.ldapConfig.attributes.login}=${ldapLogin},${this.ldapConfig.baseDN}`\n    let client: Client\n    let error: any\n    for (const s of this.ldapConfig.servers) {\n      client = new Client({ ...this.clientOptions, url: s })\n      try {\n        await client.bind(bindUserDN, password)\n        return await this.checkAccess(ldapLogin, client)\n      } catch (e) {\n        if (e.errors?.length) {\n          for (const err of e.errors) {\n            this.logger.warn(`${this.checkAuth.name} - ${ldapLogin} : ${err}`)\n            error = err\n          }\n        } else {\n          error = e\n          this.logger.warn(`${this.checkAuth.name} - ${ldapLogin} : ${e}`)\n        }\n        if (error instanceof InvalidCredentialsError) {\n          return false\n        }\n      } finally {\n        await client.unbind()\n      }\n    }\n    if (error && CONNECT_ERROR_CODE.has(error.code)) {\n      throw new HttpException('Authentication service error', HttpStatus.INTERNAL_SERVER_ERROR)\n    }\n    return false\n  }\n\n  private async checkAccess(login: string, client: Client): Promise<LdapUserEntry | false> {\n    const searchFilter = this.buildUserFilter(login, this.ldapConfig.filter)\n    try {\n      const { searchEntries } = await client.search(this.ldapConfig.baseDN, {\n        scope: 'sub',\n        filter: searchFilter,\n        attributes: ALL_LDAP_ATTRIBUTES\n      })\n\n      if (searchEntries.length === 0) {\n        this.logger.debug(`${this.checkAccess.name} - search filter : ${searchFilter}`)\n        this.logger.warn(`${this.checkAccess.name} - no LDAP entry found for : ${login}`)\n        return false\n      }\n\n      if (searchEntries.length > 1) {\n        this.logger.warn(`${this.checkAccess.name} - multiple LDAP entries found for : ${login}, using first one`)\n      }\n\n      // Always return the first valid entry\n      return this.convertToLdapUserEntry(searchEntries[0])\n    } catch (e) {\n      this.logger.debug(`${this.checkAccess.name} - search filter : ${searchFilter}`)\n      this.logger.error(`${this.checkAccess.name} - ${login} : ${e}`)\n      return false\n    }\n  }\n\n  private async updateOrCreateUser(identity: CreateUserDto, user: UserModel): Promise<UserModel> {\n    if (user === null) {\n      // create\n      const createdUser = await this.adminUsersManager.createUserOrGuest(identity, identity.role)\n      const freshUser = await this.usersManager.fromUserId(createdUser.id)\n      if (!freshUser) {\n        this.logger.error(`${this.updateOrCreateUser.name} - user was not found : ${createdUser.login} (${createdUser.id})`)\n        throw new HttpException('User not found', HttpStatus.NOT_FOUND)\n      }\n      return freshUser\n    }\n    if (identity.login !== user.login) {\n      this.logger.error(`${this.updateOrCreateUser.name} - user login mismatch : ${identity.login} !== ${user.login}`)\n      throw new HttpException('Account matching error', HttpStatus.FORBIDDEN)\n    }\n    // update: check if user information has changed\n    const identityHasChanged: UpdateUserDto = Object.fromEntries(\n      (\n        await Promise.all(\n          Object.keys(identity).map(async (key: string) => {\n            if (key === 'password') {\n              const isSame = await comparePassword(identity[key], user.password)\n              return isSame ? null : [key, identity[key]]\n            }\n            return identity[key] !== user[key] ? [key, identity[key]] : null\n          })\n        )\n      ).filter(Boolean)\n    )\n    if (Object.keys(identityHasChanged).length > 0) {\n      try {\n        if (identityHasChanged?.role != null) {\n          if (user.role === USER_ROLE.ADMINISTRATOR && !this.ldapConfig.adminGroup) {\n            // Prevent removing admin role when adminGroup was removed or not defined\n            delete identityHasChanged.role\n          }\n        }\n        // Update user properties\n        await this.adminUsersManager.updateUserOrGuest(user.id, identityHasChanged)\n        // Extra stuff\n        if (identityHasChanged?.password) {\n          delete identityHasChanged.password\n        }\n        Object.assign(user, identityHasChanged)\n        if ('lastName' in identityHasChanged || 'firstName' in identityHasChanged) {\n          // force fullName update in current user model\n          user.setFullName(true)\n        }\n      } catch (e) {\n        this.logger.warn(`${this.updateOrCreateUser.name} - unable to update user *${user.login}* : ${e}`)\n      }\n    }\n    return user\n  }\n\n  private convertToLdapUserEntry(entry: Entry): LdapUserEntry {\n    for (const attr of ALL_LDAP_ATTRIBUTES) {\n      if (attr === LDAP_COMMON_ATTR.MEMBER_OF && entry[attr]) {\n        entry[attr] = (Array.isArray(entry[attr]) ? entry[attr] : entry[attr] ? [entry[attr]] : [])\n          .filter((v: any) => typeof v === 'string')\n          .map((v) => v.match(/cn\\s*=\\s*([^,]+)/i)?.[1]?.trim())\n          .filter(Boolean)\n        continue\n      }\n      if (Array.isArray(entry[attr])) {\n        // Keep only the first value for all other attributes (e.g., email)\n        entry[attr] = entry[attr].length > 0 ? entry[attr][0] : null\n      }\n    }\n    return entry as LdapUserEntry\n  }\n\n  private createIdentity(entry: LdapUserEntry, password: string): CreateUserDto {\n    const isAdmin =\n      typeof this.ldapConfig.adminGroup === 'string' &&\n      this.ldapConfig.adminGroup &&\n      entry[LDAP_COMMON_ATTR.MEMBER_OF]?.includes(this.ldapConfig.adminGroup)\n    return {\n      login: this.dbLogin(entry[this.ldapConfig.attributes.login]),\n      email: entry[this.ldapConfig.attributes.email] as string,\n      password: password,\n      role: isAdmin ? USER_ROLE.ADMINISTRATOR : USER_ROLE.USER,\n      ...this.getFirstNameAndLastName(entry)\n    } satisfies CreateUserDto\n  }\n\n  private getFirstNameAndLastName(entry: LdapUserEntry): { firstName: string; lastName: string } {\n    // 1) Prefer structured attributes\n    if (entry.sn && entry.givenName) {\n      return { firstName: entry.givenName, lastName: entry.sn }\n    }\n    // 2) Fallback to displayName if available\n    if (entry.displayName && entry.displayName.trim()) {\n      return splitFullName(entry.displayName)\n    }\n    // 3) Fallback to cn\n    if (entry.cn && entry.cn.trim()) {\n      return splitFullName(entry.cn)\n    }\n    // 4) Nothing usable\n    return { firstName: '', lastName: '' }\n  }\n\n  private dbLogin(login: string): string {\n    if (login.includes('@')) {\n      return login.split('@')[0]\n    } else if (login.includes('\\\\')) {\n      return login.split('\\\\').slice(-1)[0]\n    }\n    return login\n  }\n\n  private buildLdapLogin(login: string): string {\n    if (this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.UPN) {\n      if (this.ldapConfig.upnSuffix && !login.includes('@')) {\n        return `${login}@${this.ldapConfig.upnSuffix}`\n      }\n    } else if (this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.SAM) {\n      if (this.ldapConfig.netbiosName && !login.includes('\\\\')) {\n        return `${this.ldapConfig.netbiosName}\\\\${login}`\n      }\n    }\n    return login\n  }\n\n  private buildUserFilter(login: string, extraFilter?: string): string {\n    // Build a safe LDAP filter to search for a user.\n    // Important: - Values passed to EqualityFilter are auto-escaped by ldapts\n    //            - extraFilter is appended as-is (assumed trusted configuration)\n    // Output: (&(|(userPrincipalName=john.doe@sync-in.com)(sAMAccountName=john.doe)(uid=john.doe))(*extraFilter*))\n\n    // Handle the case where the sAMAccountName is provided in domain-qualified format (e.g., SYNC_IN\\\\user)\n    // Note: sAMAccountName is always stored without the domain in Active Directory.\n    const uid = this.dbLogin(login)\n\n    const or = new OrFilter({\n      filters: [\n        new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.UPN, value: login }),\n        new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.SAM, value: uid }),\n        new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.UID, value: uid })\n      ]\n    })\n\n    // Convert to LDAP filter string\n    let filterString = new AndFilter({ filters: [or] }).toString()\n\n    // Optionally append an extra filter from config (trusted source)\n    if (extraFilter && extraFilter.trim()) {\n      filterString = `(&${filterString}${extraFilter})`\n    }\n    return filterString\n  }\n}\n"],"names":["AuthMethodLdapService","validateUser","login","password","ip","scope","user","usersManager","findUser","dbLogin","isGuest","logUser","isActive","logger","error","name","HttpException","HttpStatus","FORBIDDEN","entry","checkAuth","authSuccess","validateAppPassword","updateAccesses","catch","e","ldapConfig","attributes","email","JSON","stringify","identity","createIdentity","updateOrCreateUser","ldapLogin","buildLdapLogin","isAD","LDAP_LOGIN_ATTR","SAM","UPN","bindUserDN","baseDN","client","s","servers","Client","clientOptions","url","bind","checkAccess","errors","length","err","warn","InvalidCredentialsError","unbind","CONNECT_ERROR_CODE","has","code","INTERNAL_SERVER_ERROR","searchFilter","buildUserFilter","filter","searchEntries","search","ALL_LDAP_ATTRIBUTES","debug","convertToLdapUserEntry","createdUser","adminUsersManager","createUserOrGuest","role","freshUser","fromUserId","id","NOT_FOUND","identityHasChanged","Object","fromEntries","Promise","all","keys","map","key","isSame","comparePassword","Boolean","USER_ROLE","ADMINISTRATOR","adminGroup","updateUserOrGuest","assign","setFullName","attr","LDAP_COMMON_ATTR","MEMBER_OF","Array","isArray","v","match","trim","isAdmin","includes","USER","getFirstNameAndLastName","sn","givenName","firstName","lastName","displayName","splitFullName","cn","split","slice","upnSuffix","netbiosName","extraFilter","uid","or","OrFilter","filters","EqualityFilter","attribute","value","UID","filterString","AndFilter","toString","Logger","configuration","auth","ldap","timeout","connectTimeout"],"mappings":"AAAA;;;;CAIC;;;;+BAmBYA;;;eAAAA;;;wBAjBiD;wBAC6C;8BACxE;sBACT;0CAGQ;qCACL;2BACkB;mCACjB;0BACyC;;;;;;;;;;AAOhE,IAAA,AAAMA,wBAAN,MAAMA;IAUX,MAAMC,aAAaC,KAAa,EAAEC,QAAgB,EAAEC,EAAW,EAAEC,KAAkB,EAAsB;QACvG,IAAIC,OAAkB,MAAM,IAAI,CAACC,YAAY,CAACC,QAAQ,CAAC,IAAI,CAACC,OAAO,CAACP,QAAQ;QAC5E,IAAII,MAAM;YACR,IAAIA,KAAKI,OAAO,EAAE;gBAChB,8FAA8F;gBAC9F,OAAO,IAAI,CAACH,YAAY,CAACI,OAAO,CAACL,MAAMH,UAAUC;YACnD;YACA,IAAI,CAACE,KAAKM,QAAQ,EAAE;gBAClB,IAAI,CAACC,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC,SAAS,EAAET,KAAKJ,KAAK,CAAC,WAAW,CAAC;gBAC9E,MAAM,IAAIc,qBAAa,CAAC,kBAAkBC,kBAAU,CAACC,SAAS;YAChE;QACF;QACA,MAAMC,QAA+B,MAAM,IAAI,CAACC,SAAS,CAAClB,OAAOC;QACjE,IAAIgB,UAAU,OAAO;YACnB,mBAAmB;YACnB,IAAIb,MAAM;gBACR,IAAIe,cAAc;gBAClB,IAAIhB,OAAO;oBACT,wBAAwB;oBACxBgB,cAAc,MAAM,IAAI,CAACd,YAAY,CAACe,mBAAmB,CAAChB,MAAMH,UAAUC,IAAIC;gBAChF;gBACA,IAAI,CAACE,YAAY,CAACgB,cAAc,CAACjB,MAAMF,IAAIiB,aAAaG,KAAK,CAAC,CAACC,IAAa,IAAI,CAACZ,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC,GAAG,EAAEU,GAAG;gBAChI,IAAIJ,aAAa;oBACf,2BAA2B;oBAC3B,OAAOf;gBACT;YACF;YACA,OAAO;QACT,OAAO,IAAI,CAACa,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC,IAAI,CAACiB,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACC,KAAK,CAAC,EAAE;YAC/F,IAAI,CAACf,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC;OAC3C,EAAE,IAAI,CAACW,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC,EAAE,EAAE,IAAI,CAACwB,UAAU,CAACC,UAAU,CAACC,KAAK,CAAC;OACxE,EAAEC,KAAKC,SAAS,CAACX,OAAO,CAAC,CAAC;YAC3B,OAAO;QACT;QACA,MAAMY,WAAW,IAAI,CAACC,cAAc,CAACb,OAAOhB;QAC5CG,OAAO,MAAM,IAAI,CAAC2B,kBAAkB,CAACF,UAAUzB;QAC/C,IAAI,CAACC,YAAY,CAACgB,cAAc,CAACjB,MAAMF,IAAI,MAAMoB,KAAK,CAAC,CAACC,IAAa,IAAI,CAACZ,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC,GAAG,EAAEU,GAAG;QACzH,OAAOnB;IACT;IAEA,MAAcc,UAAUlB,KAAa,EAAEC,QAAgB,EAAkC;QACvF,MAAM+B,YAAY,IAAI,CAACC,cAAc,CAACjC;QACtC,MAAMkC,OAAO,IAAI,CAACV,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAKmC,yBAAe,CAACC,GAAG,IAAI,IAAI,CAACZ,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAKmC,yBAAe,CAACE,GAAG;QACjI,6DAA6D;QAC7D,uDAAuD;QACvD,MAAMC,aAAaJ,OAAOF,YAAY,GAAG,IAAI,CAACR,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC,CAAC,EAAEgC,UAAU,CAAC,EAAE,IAAI,CAACR,UAAU,CAACe,MAAM,EAAE;QAClH,IAAIC;QACJ,IAAI5B;QACJ,KAAK,MAAM6B,KAAK,IAAI,CAACjB,UAAU,CAACkB,OAAO,CAAE;YACvCF,SAAS,IAAIG,cAAM,CAAC;gBAAE,GAAG,IAAI,CAACC,aAAa;gBAAEC,KAAKJ;YAAE;YACpD,IAAI;gBACF,MAAMD,OAAOM,IAAI,CAACR,YAAYrC;gBAC9B,OAAO,MAAM,IAAI,CAAC8C,WAAW,CAACf,WAAWQ;YAC3C,EAAE,OAAOjB,GAAG;gBACV,IAAIA,EAAEyB,MAAM,EAAEC,QAAQ;oBACpB,KAAK,MAAMC,OAAO3B,EAAEyB,MAAM,CAAE;wBAC1B,IAAI,CAACrC,MAAM,CAACwC,IAAI,CAAC,GAAG,IAAI,CAACjC,SAAS,CAACL,IAAI,CAAC,GAAG,EAAEmB,UAAU,GAAG,EAAEkB,KAAK;wBACjEtC,QAAQsC;oBACV;gBACF,OAAO;oBACLtC,QAAQW;oBACR,IAAI,CAACZ,MAAM,CAACwC,IAAI,CAAC,GAAG,IAAI,CAACjC,SAAS,CAACL,IAAI,CAAC,GAAG,EAAEmB,UAAU,GAAG,EAAET,GAAG;gBACjE;gBACA,IAAIX,iBAAiBwC,+BAAuB,EAAE;oBAC5C,OAAO;gBACT;YACF,SAAU;gBACR,MAAMZ,OAAOa,MAAM;YACrB;QACF;QACA,IAAIzC,SAAS0C,gCAAkB,CAACC,GAAG,CAAC3C,MAAM4C,IAAI,GAAG;YAC/C,MAAM,IAAI1C,qBAAa,CAAC,gCAAgCC,kBAAU,CAAC0C,qBAAqB;QAC1F;QACA,OAAO;IACT;IAEA,MAAcV,YAAY/C,KAAa,EAAEwC,MAAc,EAAkC;QACvF,MAAMkB,eAAe,IAAI,CAACC,eAAe,CAAC3D,OAAO,IAAI,CAACwB,UAAU,CAACoC,MAAM;QACvE,IAAI;YACF,MAAM,EAAEC,aAAa,EAAE,GAAG,MAAMrB,OAAOsB,MAAM,CAAC,IAAI,CAACtC,UAAU,CAACe,MAAM,EAAE;gBACpEpC,OAAO;gBACPyD,QAAQF;gBACRjC,YAAYsC,6BAAmB;YACjC;YAEA,IAAIF,cAAcZ,MAAM,KAAK,GAAG;gBAC9B,IAAI,CAACtC,MAAM,CAACqD,KAAK,CAAC,GAAG,IAAI,CAACjB,WAAW,CAAClC,IAAI,CAAC,mBAAmB,EAAE6C,cAAc;gBAC9E,IAAI,CAAC/C,MAAM,CAACwC,IAAI,CAAC,GAAG,IAAI,CAACJ,WAAW,CAAClC,IAAI,CAAC,6BAA6B,EAAEb,OAAO;gBAChF,OAAO;YACT;YAEA,IAAI6D,cAAcZ,MAAM,GAAG,GAAG;gBAC5B,IAAI,CAACtC,MAAM,CAACwC,IAAI,CAAC,GAAG,IAAI,CAACJ,WAAW,CAAClC,IAAI,CAAC,qCAAqC,EAAEb,MAAM,iBAAiB,CAAC;YAC3G;YAEA,sCAAsC;YACtC,OAAO,IAAI,CAACiE,sBAAsB,CAACJ,aAAa,CAAC,EAAE;QACrD,EAAE,OAAOtC,GAAG;YACV,IAAI,CAACZ,MAAM,CAACqD,KAAK,CAAC,GAAG,IAAI,CAACjB,WAAW,CAAClC,IAAI,CAAC,mBAAmB,EAAE6C,cAAc;YAC9E,IAAI,CAAC/C,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACmC,WAAW,CAAClC,IAAI,CAAC,GAAG,EAAEb,MAAM,GAAG,EAAEuB,GAAG;YAC9D,OAAO;QACT;IACF;IAEA,MAAcQ,mBAAmBF,QAAuB,EAAEzB,IAAe,EAAsB;QAC7F,IAAIA,SAAS,MAAM;YACjB,SAAS;YACT,MAAM8D,cAAc,MAAM,IAAI,CAACC,iBAAiB,CAACC,iBAAiB,CAACvC,UAAUA,SAASwC,IAAI;YAC1F,MAAMC,YAAY,MAAM,IAAI,CAACjE,YAAY,CAACkE,UAAU,CAACL,YAAYM,EAAE;YACnE,IAAI,CAACF,WAAW;gBACd,IAAI,CAAC3D,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACmB,kBAAkB,CAAClB,IAAI,CAAC,wBAAwB,EAAEqD,YAAYlE,KAAK,CAAC,EAAE,EAAEkE,YAAYM,EAAE,CAAC,CAAC,CAAC;gBACnH,MAAM,IAAI1D,qBAAa,CAAC,kBAAkBC,kBAAU,CAAC0D,SAAS;YAChE;YACA,OAAOH;QACT;QACA,IAAIzC,SAAS7B,KAAK,KAAKI,KAAKJ,KAAK,EAAE;YACjC,IAAI,CAACW,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACmB,kBAAkB,CAAClB,IAAI,CAAC,yBAAyB,EAAEgB,SAAS7B,KAAK,CAAC,KAAK,EAAEI,KAAKJ,KAAK,EAAE;YAC/G,MAAM,IAAIc,qBAAa,CAAC,0BAA0BC,kBAAU,CAACC,SAAS;QACxE;QACA,gDAAgD;QAChD,MAAM0D,qBAAoCC,OAAOC,WAAW,CAC1D,AACE,CAAA,MAAMC,QAAQC,GAAG,CACfH,OAAOI,IAAI,CAAClD,UAAUmD,GAAG,CAAC,OAAOC;YAC/B,IAAIA,QAAQ,YAAY;gBACtB,MAAMC,SAAS,MAAMC,IAAAA,0BAAe,EAACtD,QAAQ,CAACoD,IAAI,EAAE7E,KAAKH,QAAQ;gBACjE,OAAOiF,SAAS,OAAO;oBAACD;oBAAKpD,QAAQ,CAACoD,IAAI;iBAAC;YAC7C;YACA,OAAOpD,QAAQ,CAACoD,IAAI,KAAK7E,IAAI,CAAC6E,IAAI,GAAG;gBAACA;gBAAKpD,QAAQ,CAACoD,IAAI;aAAC,GAAG;QAC9D,GACF,EACArB,MAAM,CAACwB;QAEX,IAAIT,OAAOI,IAAI,CAACL,oBAAoBzB,MAAM,GAAG,GAAG;YAC9C,IAAI;gBACF,IAAIyB,oBAAoBL,QAAQ,MAAM;oBACpC,IAAIjE,KAAKiE,IAAI,KAAKgB,eAAS,CAACC,aAAa,IAAI,CAAC,IAAI,CAAC9D,UAAU,CAAC+D,UAAU,EAAE;wBACxE,yEAAyE;wBACzE,OAAOb,mBAAmBL,IAAI;oBAChC;gBACF;gBACA,yBAAyB;gBACzB,MAAM,IAAI,CAACF,iBAAiB,CAACqB,iBAAiB,CAACpF,KAAKoE,EAAE,EAAEE;gBACxD,cAAc;gBACd,IAAIA,oBAAoBzE,UAAU;oBAChC,OAAOyE,mBAAmBzE,QAAQ;gBACpC;gBACA0E,OAAOc,MAAM,CAACrF,MAAMsE;gBACpB,IAAI,cAAcA,sBAAsB,eAAeA,oBAAoB;oBACzE,8CAA8C;oBAC9CtE,KAAKsF,WAAW,CAAC;gBACnB;YACF,EAAE,OAAOnE,GAAG;gBACV,IAAI,CAACZ,MAAM,CAACwC,IAAI,CAAC,GAAG,IAAI,CAACpB,kBAAkB,CAAClB,IAAI,CAAC,0BAA0B,EAAET,KAAKJ,KAAK,CAAC,IAAI,EAAEuB,GAAG;YACnG;QACF;QACA,OAAOnB;IACT;IAEQ6D,uBAAuBhD,KAAY,EAAiB;QAC1D,KAAK,MAAM0E,QAAQ5B,6BAAmB,CAAE;YACtC,IAAI4B,SAASC,0BAAgB,CAACC,SAAS,IAAI5E,KAAK,CAAC0E,KAAK,EAAE;gBACtD1E,KAAK,CAAC0E,KAAK,GAAG,AAACG,CAAAA,MAAMC,OAAO,CAAC9E,KAAK,CAAC0E,KAAK,IAAI1E,KAAK,CAAC0E,KAAK,GAAG1E,KAAK,CAAC0E,KAAK,GAAG;oBAAC1E,KAAK,CAAC0E,KAAK;iBAAC,GAAG,EAAE,AAAD,EACtF/B,MAAM,CAAC,CAACoC,IAAW,OAAOA,MAAM,UAChChB,GAAG,CAAC,CAACgB,IAAMA,EAAEC,KAAK,CAAC,sBAAsB,CAAC,EAAE,EAAEC,QAC9CtC,MAAM,CAACwB;gBACV;YACF;YACA,IAAIU,MAAMC,OAAO,CAAC9E,KAAK,CAAC0E,KAAK,GAAG;gBAC9B,mEAAmE;gBACnE1E,KAAK,CAAC0E,KAAK,GAAG1E,KAAK,CAAC0E,KAAK,CAAC1C,MAAM,GAAG,IAAIhC,KAAK,CAAC0E,KAAK,CAAC,EAAE,GAAG;YAC1D;QACF;QACA,OAAO1E;IACT;IAEQa,eAAeb,KAAoB,EAAEhB,QAAgB,EAAiB;QAC5E,MAAMkG,UACJ,OAAO,IAAI,CAAC3E,UAAU,CAAC+D,UAAU,KAAK,YACtC,IAAI,CAAC/D,UAAU,CAAC+D,UAAU,IAC1BtE,KAAK,CAAC2E,0BAAgB,CAACC,SAAS,CAAC,EAAEO,SAAS,IAAI,CAAC5E,UAAU,CAAC+D,UAAU;QACxE,OAAO;YACLvF,OAAO,IAAI,CAACO,OAAO,CAACU,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC;YAC3D0B,OAAOT,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACC,KAAK,CAAC;YAC9CzB,UAAUA;YACVoE,MAAM8B,UAAUd,eAAS,CAACC,aAAa,GAAGD,eAAS,CAACgB,IAAI;YACxD,GAAG,IAAI,CAACC,uBAAuB,CAACrF,MAAM;QACxC;IACF;IAEQqF,wBAAwBrF,KAAoB,EAA2C;QAC7F,kCAAkC;QAClC,IAAIA,MAAMsF,EAAE,IAAItF,MAAMuF,SAAS,EAAE;YAC/B,OAAO;gBAAEC,WAAWxF,MAAMuF,SAAS;gBAAEE,UAAUzF,MAAMsF,EAAE;YAAC;QAC1D;QACA,0CAA0C;QAC1C,IAAItF,MAAM0F,WAAW,IAAI1F,MAAM0F,WAAW,CAACT,IAAI,IAAI;YACjD,OAAOU,IAAAA,wBAAa,EAAC3F,MAAM0F,WAAW;QACxC;QACA,oBAAoB;QACpB,IAAI1F,MAAM4F,EAAE,IAAI5F,MAAM4F,EAAE,CAACX,IAAI,IAAI;YAC/B,OAAOU,IAAAA,wBAAa,EAAC3F,MAAM4F,EAAE;QAC/B;QACA,oBAAoB;QACpB,OAAO;YAAEJ,WAAW;YAAIC,UAAU;QAAG;IACvC;IAEQnG,QAAQP,KAAa,EAAU;QACrC,IAAIA,MAAMoG,QAAQ,CAAC,MAAM;YACvB,OAAOpG,MAAM8G,KAAK,CAAC,IAAI,CAAC,EAAE;QAC5B,OAAO,IAAI9G,MAAMoG,QAAQ,CAAC,OAAO;YAC/B,OAAOpG,MAAM8G,KAAK,CAAC,MAAMC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE;QACvC;QACA,OAAO/G;IACT;IAEQiC,eAAejC,KAAa,EAAU;QAC5C,IAAI,IAAI,CAACwB,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAKmC,yBAAe,CAACE,GAAG,EAAE;YAC5D,IAAI,IAAI,CAACb,UAAU,CAACwF,SAAS,IAAI,CAAChH,MAAMoG,QAAQ,CAAC,MAAM;gBACrD,OAAO,GAAGpG,MAAM,CAAC,EAAE,IAAI,CAACwB,UAAU,CAACwF,SAAS,EAAE;YAChD;QACF,OAAO,IAAI,IAAI,CAACxF,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAKmC,yBAAe,CAACC,GAAG,EAAE;YACnE,IAAI,IAAI,CAACZ,UAAU,CAACyF,WAAW,IAAI,CAACjH,MAAMoG,QAAQ,CAAC,OAAO;gBACxD,OAAO,GAAG,IAAI,CAAC5E,UAAU,CAACyF,WAAW,CAAC,EAAE,EAAEjH,OAAO;YACnD;QACF;QACA,OAAOA;IACT;IAEQ2D,gBAAgB3D,KAAa,EAAEkH,WAAoB,EAAU;QACnE,iDAAiD;QACjD,0EAA0E;QAC1E,6EAA6E;QAC7E,+GAA+G;QAE/G,wGAAwG;QACxG,gFAAgF;QAChF,MAAMC,MAAM,IAAI,CAAC5G,OAAO,CAACP;QAEzB,MAAMoH,KAAK,IAAIC,gBAAQ,CAAC;YACtBC,SAAS;gBACP,IAAIC,sBAAc,CAAC;oBAAEC,WAAWrF,yBAAe,CAACE,GAAG;oBAAEoF,OAAOzH;gBAAM;gBAClE,IAAIuH,sBAAc,CAAC;oBAAEC,WAAWrF,yBAAe,CAACC,GAAG;oBAAEqF,OAAON;gBAAI;gBAChE,IAAII,sBAAc,CAAC;oBAAEC,WAAWrF,yBAAe,CAACuF,GAAG;oBAAED,OAAON;gBAAI;aACjE;QACH;QAEA,gCAAgC;QAChC,IAAIQ,eAAe,IAAIC,iBAAS,CAAC;YAAEN,SAAS;gBAACF;aAAG;QAAC,GAAGS,QAAQ;QAE5D,iEAAiE;QACjE,IAAIX,eAAeA,YAAYhB,IAAI,IAAI;YACrCyB,eAAe,CAAC,EAAE,EAAEA,eAAeT,YAAY,CAAC,CAAC;QACnD;QACA,OAAOS;IACT;IApQA,YACE,AAAiBtH,YAA0B,EAC3C,AAAiB8D,iBAAoC,CACrD;aAFiB9D,eAAAA;aACA8D,oBAAAA;aANFxD,SAAS,IAAImH,cAAM,CAAChI,sBAAsBe,IAAI;aAC9CW,aAAauG,gCAAa,CAACC,IAAI,CAACC,IAAI;aAC7CrF,gBAA+B;YAAEsF,SAAS;YAAMC,gBAAgB;YAAMtF,KAAK;QAAG;IAKnF;AAkQL"}
+{"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-ldap.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common'\nimport { AndFilter, Client, ClientOptions, Entry, EqualityFilter, InvalidCredentialsError, OrFilter } from 'ldapts'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { USER_ROLE } from '../../../applications/users/constants/user'\nimport type { CreateUserDto, UpdateUserDto } from '../../../applications/users/dto/create-or-update-user.dto'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { AdminUsersManager } from '../../../applications/users/services/admin-users-manager.service'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { comparePassword, splitFullName } from '../../../common/functions'\nimport { configuration } from '../../../configuration/config.environment'\nimport { ALL_LDAP_ATTRIBUTES, LDAP_COMMON_ATTR, LDAP_LOGIN_ATTR } from '../../constants/auth-ldap'\nimport type { AUTH_SCOPE } from '../../constants/scope'\nimport { AuthMethod } from '../../models/auth-method'\n\ntype LdapUserEntry = Entry & Record<LDAP_LOGIN_ATTR | (typeof LDAP_COMMON_ATTR)[keyof typeof LDAP_COMMON_ATTR], string>\n\n@Injectable()\nexport class AuthMethodLdapService implements AuthMethod {\n  private readonly logger = new Logger(AuthMethodLdapService.name)\n  private readonly ldapConfig = configuration.auth.ldap\n  private readonly isAD = this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.SAM || this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.UPN\n  private clientOptions: ClientOptions = { timeout: 6000, connectTimeout: 6000, url: '' }\n\n  constructor(\n    private readonly usersManager: UsersManager,\n    private readonly adminUsersManager: AdminUsersManager\n  ) {}\n\n  async validateUser(login: string, password: string, ip?: string, scope?: AUTH_SCOPE): Promise<UserModel> {\n    // Find user from his login or email\n    let user: UserModel = await this.usersManager.findUser(this.dbLogin(login), false)\n    if (user) {\n      if (user.isGuest) {\n        // Allow guests to be authenticated from db and check if the current user is defined as active\n        return this.usersManager.logUser(user, password, ip)\n      }\n      if (!user.isActive) {\n        this.logger.error(`${this.validateUser.name} - user *${user.login}* is locked`)\n        throw new HttpException('Account locked', HttpStatus.FORBIDDEN)\n      }\n    }\n    // If a user was found, use the stored login. This allows logging in with an email.\n    const entry: false | LdapUserEntry = await this.checkAuth(user?.login || login, password)\n    if (entry === false) {\n      // LDAP auth failed\n      if (user) {\n        let authSuccess = false\n        if (scope) {\n          // Try user app password\n          authSuccess = await this.usersManager.validateAppPassword(user, password, ip, scope)\n        }\n        this.usersManager.updateAccesses(user, ip, authSuccess).catch((e: Error) => this.logger.error(`${this.validateUser.name} : ${e}`))\n        if (authSuccess) {\n          // Logged with app password\n          return user\n        }\n      }\n      return null\n    } else if (!entry[this.ldapConfig.attributes.login] || !entry[this.ldapConfig.attributes.email]) {\n      this.logger.error(`${this.validateUser.name} - required ldap fields are missing : \n      [${this.ldapConfig.attributes.login}, ${this.ldapConfig.attributes.email}] => \n      (${JSON.stringify(entry)})`)\n      return null\n    }\n    const identity = this.createIdentity(entry, password)\n    user = await this.updateOrCreateUser(identity, user)\n    this.usersManager.updateAccesses(user, ip, true).catch((e: Error) => this.logger.error(`${this.validateUser.name} : ${e}`))\n    return user\n  }\n\n  private async checkAuth(login: string, password: string): Promise<LdapUserEntry | false> {\n    const ldapLogin = this.buildLdapLogin(login)\n    // AD: bind directly with the user input (UPN or DOMAIN\\user)\n    // Generic LDAP: build DN from login attribute + baseDN\n    const bindUserDN = this.isAD ? ldapLogin : `${this.ldapConfig.attributes.login}=${ldapLogin},${this.ldapConfig.baseDN}`\n    let client: Client\n    let error: any\n    for (const s of this.ldapConfig.servers) {\n      client = new Client({ ...this.clientOptions, url: s })\n      try {\n        await client.bind(bindUserDN, password)\n        return await this.checkAccess(ldapLogin, client)\n      } catch (e) {\n        if (e.errors?.length) {\n          for (const err of e.errors) {\n            this.logger.warn(`${this.checkAuth.name} - ${ldapLogin} : ${err}`)\n            error = err\n          }\n        } else {\n          error = e\n          this.logger.warn(`${this.checkAuth.name} - ${ldapLogin} : ${e}`)\n        }\n        if (error instanceof InvalidCredentialsError) {\n          return false\n        }\n      } finally {\n        await client.unbind()\n      }\n    }\n    if (error && CONNECT_ERROR_CODE.has(error.code)) {\n      throw new HttpException('Authentication service error', HttpStatus.INTERNAL_SERVER_ERROR)\n    }\n    return false\n  }\n\n  private async checkAccess(login: string, client: Client): Promise<LdapUserEntry | false> {\n    const searchFilter = this.buildUserFilter(login, this.ldapConfig.filter)\n    try {\n      const { searchEntries } = await client.search(this.ldapConfig.baseDN, {\n        scope: 'sub',\n        filter: searchFilter,\n        attributes: ALL_LDAP_ATTRIBUTES\n      })\n\n      if (searchEntries.length === 0) {\n        this.logger.debug(`${this.checkAccess.name} - search filter : ${searchFilter}`)\n        this.logger.warn(`${this.checkAccess.name} - no LDAP entry found for : ${login}`)\n        return false\n      }\n\n      if (searchEntries.length > 1) {\n        this.logger.warn(`${this.checkAccess.name} - multiple LDAP entries found for : ${login}, using first one`)\n      }\n\n      // Always return the first valid entry\n      return this.convertToLdapUserEntry(searchEntries[0])\n    } catch (e) {\n      this.logger.debug(`${this.checkAccess.name} - search filter : ${searchFilter}`)\n      this.logger.error(`${this.checkAccess.name} - ${login} : ${e}`)\n      return false\n    }\n  }\n\n  private async updateOrCreateUser(identity: CreateUserDto, user: UserModel): Promise<UserModel> {\n    if (user === null) {\n      // Create\n      const createdUser = await this.adminUsersManager.createUserOrGuest(identity, identity.role)\n      const freshUser = await this.usersManager.fromUserId(createdUser.id)\n      if (!freshUser) {\n        this.logger.error(`${this.updateOrCreateUser.name} - user was not found : ${createdUser.login} (${createdUser.id})`)\n        throw new HttpException('User not found', HttpStatus.NOT_FOUND)\n      }\n      return freshUser\n    }\n    if (identity.login !== user.login) {\n      this.logger.error(`${this.updateOrCreateUser.name} - user login mismatch : ${identity.login} !== ${user.login}`)\n      throw new HttpException('Account matching error', HttpStatus.FORBIDDEN)\n    }\n    // Update: check if user information has changed\n    const identityHasChanged: UpdateUserDto = Object.fromEntries(\n      (\n        await Promise.all(\n          Object.keys(identity).map(async (key: string) => {\n            if (key === 'password') {\n              const isSame = await comparePassword(identity[key], user.password)\n              return isSame ? null : [key, identity[key]]\n            }\n            return identity[key] !== user[key] ? [key, identity[key]] : null\n          })\n        )\n      ).filter(Boolean)\n    )\n    if (Object.keys(identityHasChanged).length > 0) {\n      try {\n        if (identityHasChanged?.role != null) {\n          if (user.role === USER_ROLE.ADMINISTRATOR && !this.ldapConfig.adminGroup) {\n            // Prevent removing the admin role when adminGroup was removed or not defined\n            delete identityHasChanged.role\n          }\n        }\n        // Update user properties\n        await this.adminUsersManager.updateUserOrGuest(user.id, identityHasChanged)\n        // Extra stuff\n        if (identityHasChanged?.password) {\n          delete identityHasChanged.password\n        }\n        Object.assign(user, identityHasChanged)\n        if ('lastName' in identityHasChanged || 'firstName' in identityHasChanged) {\n          // Force fullName update in the current user model\n          user.setFullName(true)\n        }\n      } catch (e) {\n        this.logger.warn(`${this.updateOrCreateUser.name} - unable to update user *${user.login}* : ${e}`)\n      }\n    }\n    return user\n  }\n\n  private convertToLdapUserEntry(entry: Entry): LdapUserEntry {\n    for (const attr of ALL_LDAP_ATTRIBUTES) {\n      if (attr === LDAP_COMMON_ATTR.MEMBER_OF && entry[attr]) {\n        entry[attr] = (Array.isArray(entry[attr]) ? entry[attr] : entry[attr] ? [entry[attr]] : [])\n          .filter((v: any) => typeof v === 'string')\n          .map((v) => v.match(/cn\\s*=\\s*([^,]+)/i)?.[1]?.trim())\n          .filter(Boolean)\n        continue\n      }\n      if (Array.isArray(entry[attr])) {\n        // Keep only the first value for all other attributes (e.g., email)\n        entry[attr] = entry[attr].length > 0 ? entry[attr][0] : null\n      }\n    }\n    return entry as LdapUserEntry\n  }\n\n  private createIdentity(entry: LdapUserEntry, password: string): CreateUserDto {\n    const isAdmin =\n      typeof this.ldapConfig.adminGroup === 'string' &&\n      this.ldapConfig.adminGroup &&\n      entry[LDAP_COMMON_ATTR.MEMBER_OF]?.includes(this.ldapConfig.adminGroup)\n    return {\n      login: this.dbLogin(entry[this.ldapConfig.attributes.login]),\n      email: entry[this.ldapConfig.attributes.email] as string,\n      password: password,\n      role: isAdmin ? USER_ROLE.ADMINISTRATOR : USER_ROLE.USER,\n      ...this.getFirstNameAndLastName(entry)\n    } satisfies CreateUserDto\n  }\n\n  private getFirstNameAndLastName(entry: LdapUserEntry): { firstName: string; lastName: string } {\n    // 1) Prefer structured attributes\n    if (entry.sn && entry.givenName) {\n      return { firstName: entry.givenName, lastName: entry.sn }\n    }\n    // 2) Fallback to displayName if available\n    if (entry.displayName && entry.displayName.trim()) {\n      return splitFullName(entry.displayName)\n    }\n    // 3) Fallback to cn\n    if (entry.cn && entry.cn.trim()) {\n      return splitFullName(entry.cn)\n    }\n    // 4) Nothing usable\n    return { firstName: '', lastName: '' }\n  }\n\n  private dbLogin(login: string): string {\n    if (login.includes('\\\\')) {\n      return login.split('\\\\').slice(-1)[0]\n    }\n    return login\n  }\n\n  private buildLdapLogin(login: string): string {\n    if (this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.UPN) {\n      if (this.ldapConfig.upnSuffix && !login.includes('@')) {\n        return `${login}@${this.ldapConfig.upnSuffix}`\n      }\n    } else if (this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.SAM) {\n      if (this.ldapConfig.netbiosName && !login.includes('\\\\')) {\n        return `${this.ldapConfig.netbiosName}\\\\${login}`\n      }\n    }\n    return login\n  }\n\n  private buildUserFilter(login: string, extraFilter?: string): string {\n    // Build a safe LDAP filter to search for a user.\n    // Important: - Values passed to EqualityFilter are auto-escaped by ldapts\n    //            - extraFilter is appended as-is (assumed trusted configuration)\n    // Output: (&(|(userPrincipalName=john.doe@sync-in.com)(sAMAccountName=john.doe)(cn=john.doe)(uid=john.doe)(mail=john.doe@sync-in.com))(*extraFilter*))\n\n    // Handle the case where the sAMAccountName is provided in domain-qualified format (e.g., SYNC_IN\\\\user)\n    // Note: sAMAccountName is always stored without the domain in Active Directory.\n    const dbLogin = this.dbLogin(login)\n\n    const or = new OrFilter({\n      filters: this.isAD\n        ? [\n            new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.SAM, value: dbLogin }),\n            new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.UPN, value: dbLogin }),\n            new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.MAIL, value: dbLogin })\n          ]\n        : [\n            new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.UID, value: dbLogin }),\n            new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.CN, value: dbLogin }),\n            new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.MAIL, value: dbLogin })\n          ]\n    })\n\n    // Convert to LDAP filter string\n    let filterString = new AndFilter({ filters: [or] }).toString()\n\n    // Optionally append an extra filter from config (trusted source)\n    if (extraFilter && extraFilter.trim()) {\n      filterString = `(&${filterString}${extraFilter})`\n    }\n    return filterString\n  }\n}\n"],"names":["AuthMethodLdapService","validateUser","login","password","ip","scope","user","usersManager","findUser","dbLogin","isGuest","logUser","isActive","logger","error","name","HttpException","HttpStatus","FORBIDDEN","entry","checkAuth","authSuccess","validateAppPassword","updateAccesses","catch","e","ldapConfig","attributes","email","JSON","stringify","identity","createIdentity","updateOrCreateUser","ldapLogin","buildLdapLogin","bindUserDN","isAD","baseDN","client","s","servers","Client","clientOptions","url","bind","checkAccess","errors","length","err","warn","InvalidCredentialsError","unbind","CONNECT_ERROR_CODE","has","code","INTERNAL_SERVER_ERROR","searchFilter","buildUserFilter","filter","searchEntries","search","ALL_LDAP_ATTRIBUTES","debug","convertToLdapUserEntry","createdUser","adminUsersManager","createUserOrGuest","role","freshUser","fromUserId","id","NOT_FOUND","identityHasChanged","Object","fromEntries","Promise","all","keys","map","key","isSame","comparePassword","Boolean","USER_ROLE","ADMINISTRATOR","adminGroup","updateUserOrGuest","assign","setFullName","attr","LDAP_COMMON_ATTR","MEMBER_OF","Array","isArray","v","match","trim","isAdmin","includes","USER","getFirstNameAndLastName","sn","givenName","firstName","lastName","displayName","splitFullName","cn","split","slice","LDAP_LOGIN_ATTR","UPN","upnSuffix","SAM","netbiosName","extraFilter","or","OrFilter","filters","EqualityFilter","attribute","value","MAIL","UID","CN","filterString","AndFilter","toString","Logger","configuration","auth","ldap","timeout","connectTimeout"],"mappings":"AAAA;;;;CAIC;;;;+BAmBYA;;;eAAAA;;;wBAjBiD;wBAC6C;8BACxE;sBACT;0CAGQ;qCACL;2BACkB;mCACjB;0BACyC;;;;;;;;;;AAOhE,IAAA,AAAMA,wBAAN,MAAMA;IAWX,MAAMC,aAAaC,KAAa,EAAEC,QAAgB,EAAEC,EAAW,EAAEC,KAAkB,EAAsB;QACvG,oCAAoC;QACpC,IAAIC,OAAkB,MAAM,IAAI,CAACC,YAAY,CAACC,QAAQ,CAAC,IAAI,CAACC,OAAO,CAACP,QAAQ;QAC5E,IAAII,MAAM;YACR,IAAIA,KAAKI,OAAO,EAAE;gBAChB,8FAA8F;gBAC9F,OAAO,IAAI,CAACH,YAAY,CAACI,OAAO,CAACL,MAAMH,UAAUC;YACnD;YACA,IAAI,CAACE,KAAKM,QAAQ,EAAE;gBAClB,IAAI,CAACC,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC,SAAS,EAAET,KAAKJ,KAAK,CAAC,WAAW,CAAC;gBAC9E,MAAM,IAAIc,qBAAa,CAAC,kBAAkBC,kBAAU,CAACC,SAAS;YAChE;QACF;QACA,mFAAmF;QACnF,MAAMC,QAA+B,MAAM,IAAI,CAACC,SAAS,CAACd,MAAMJ,SAASA,OAAOC;QAChF,IAAIgB,UAAU,OAAO;YACnB,mBAAmB;YACnB,IAAIb,MAAM;gBACR,IAAIe,cAAc;gBAClB,IAAIhB,OAAO;oBACT,wBAAwB;oBACxBgB,cAAc,MAAM,IAAI,CAACd,YAAY,CAACe,mBAAmB,CAAChB,MAAMH,UAAUC,IAAIC;gBAChF;gBACA,IAAI,CAACE,YAAY,CAACgB,cAAc,CAACjB,MAAMF,IAAIiB,aAAaG,KAAK,CAAC,CAACC,IAAa,IAAI,CAACZ,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC,GAAG,EAAEU,GAAG;gBAChI,IAAIJ,aAAa;oBACf,2BAA2B;oBAC3B,OAAOf;gBACT;YACF;YACA,OAAO;QACT,OAAO,IAAI,CAACa,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC,IAAI,CAACiB,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACC,KAAK,CAAC,EAAE;YAC/F,IAAI,CAACf,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC;OAC3C,EAAE,IAAI,CAACW,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC,EAAE,EAAE,IAAI,CAACwB,UAAU,CAACC,UAAU,CAACC,KAAK,CAAC;OACxE,EAAEC,KAAKC,SAAS,CAACX,OAAO,CAAC,CAAC;YAC3B,OAAO;QACT;QACA,MAAMY,WAAW,IAAI,CAACC,cAAc,CAACb,OAAOhB;QAC5CG,OAAO,MAAM,IAAI,CAAC2B,kBAAkB,CAACF,UAAUzB;QAC/C,IAAI,CAACC,YAAY,CAACgB,cAAc,CAACjB,MAAMF,IAAI,MAAMoB,KAAK,CAAC,CAACC,IAAa,IAAI,CAACZ,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC,GAAG,EAAEU,GAAG;QACzH,OAAOnB;IACT;IAEA,MAAcc,UAAUlB,KAAa,EAAEC,QAAgB,EAAkC;QACvF,MAAM+B,YAAY,IAAI,CAACC,cAAc,CAACjC;QACtC,6DAA6D;QAC7D,uDAAuD;QACvD,MAAMkC,aAAa,IAAI,CAACC,IAAI,GAAGH,YAAY,GAAG,IAAI,CAACR,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC,CAAC,EAAEgC,UAAU,CAAC,EAAE,IAAI,CAACR,UAAU,CAACY,MAAM,EAAE;QACvH,IAAIC;QACJ,IAAIzB;QACJ,KAAK,MAAM0B,KAAK,IAAI,CAACd,UAAU,CAACe,OAAO,CAAE;YACvCF,SAAS,IAAIG,cAAM,CAAC;gBAAE,GAAG,IAAI,CAACC,aAAa;gBAAEC,KAAKJ;YAAE;YACpD,IAAI;gBACF,MAAMD,OAAOM,IAAI,CAACT,YAAYjC;gBAC9B,OAAO,MAAM,IAAI,CAAC2C,WAAW,CAACZ,WAAWK;YAC3C,EAAE,OAAOd,GAAG;gBACV,IAAIA,EAAEsB,MAAM,EAAEC,QAAQ;oBACpB,KAAK,MAAMC,OAAOxB,EAAEsB,MAAM,CAAE;wBAC1B,IAAI,CAAClC,MAAM,CAACqC,IAAI,CAAC,GAAG,IAAI,CAAC9B,SAAS,CAACL,IAAI,CAAC,GAAG,EAAEmB,UAAU,GAAG,EAAEe,KAAK;wBACjEnC,QAAQmC;oBACV;gBACF,OAAO;oBACLnC,QAAQW;oBACR,IAAI,CAACZ,MAAM,CAACqC,IAAI,CAAC,GAAG,IAAI,CAAC9B,SAAS,CAACL,IAAI,CAAC,GAAG,EAAEmB,UAAU,GAAG,EAAET,GAAG;gBACjE;gBACA,IAAIX,iBAAiBqC,+BAAuB,EAAE;oBAC5C,OAAO;gBACT;YACF,SAAU;gBACR,MAAMZ,OAAOa,MAAM;YACrB;QACF;QACA,IAAItC,SAASuC,gCAAkB,CAACC,GAAG,CAACxC,MAAMyC,IAAI,GAAG;YAC/C,MAAM,IAAIvC,qBAAa,CAAC,gCAAgCC,kBAAU,CAACuC,qBAAqB;QAC1F;QACA,OAAO;IACT;IAEA,MAAcV,YAAY5C,KAAa,EAAEqC,MAAc,EAAkC;QACvF,MAAMkB,eAAe,IAAI,CAACC,eAAe,CAACxD,OAAO,IAAI,CAACwB,UAAU,CAACiC,MAAM;QACvE,IAAI;YACF,MAAM,EAAEC,aAAa,EAAE,GAAG,MAAMrB,OAAOsB,MAAM,CAAC,IAAI,CAACnC,UAAU,CAACY,MAAM,EAAE;gBACpEjC,OAAO;gBACPsD,QAAQF;gBACR9B,YAAYmC,6BAAmB;YACjC;YAEA,IAAIF,cAAcZ,MAAM,KAAK,GAAG;gBAC9B,IAAI,CAACnC,MAAM,CAACkD,KAAK,CAAC,GAAG,IAAI,CAACjB,WAAW,CAAC/B,IAAI,CAAC,mBAAmB,EAAE0C,cAAc;gBAC9E,IAAI,CAAC5C,MAAM,CAACqC,IAAI,CAAC,GAAG,IAAI,CAACJ,WAAW,CAAC/B,IAAI,CAAC,6BAA6B,EAAEb,OAAO;gBAChF,OAAO;YACT;YAEA,IAAI0D,cAAcZ,MAAM,GAAG,GAAG;gBAC5B,IAAI,CAACnC,MAAM,CAACqC,IAAI,CAAC,GAAG,IAAI,CAACJ,WAAW,CAAC/B,IAAI,CAAC,qCAAqC,EAAEb,MAAM,iBAAiB,CAAC;YAC3G;YAEA,sCAAsC;YACtC,OAAO,IAAI,CAAC8D,sBAAsB,CAACJ,aAAa,CAAC,EAAE;QACrD,EAAE,OAAOnC,GAAG;YACV,IAAI,CAACZ,MAAM,CAACkD,KAAK,CAAC,GAAG,IAAI,CAACjB,WAAW,CAAC/B,IAAI,CAAC,mBAAmB,EAAE0C,cAAc;YAC9E,IAAI,CAAC5C,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACgC,WAAW,CAAC/B,IAAI,CAAC,GAAG,EAAEb,MAAM,GAAG,EAAEuB,GAAG;YAC9D,OAAO;QACT;IACF;IAEA,MAAcQ,mBAAmBF,QAAuB,EAAEzB,IAAe,EAAsB;QAC7F,IAAIA,SAAS,MAAM;YACjB,SAAS;YACT,MAAM2D,cAAc,MAAM,IAAI,CAACC,iBAAiB,CAACC,iBAAiB,CAACpC,UAAUA,SAASqC,IAAI;YAC1F,MAAMC,YAAY,MAAM,IAAI,CAAC9D,YAAY,CAAC+D,UAAU,CAACL,YAAYM,EAAE;YACnE,IAAI,CAACF,WAAW;gBACd,IAAI,CAACxD,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACmB,kBAAkB,CAAClB,IAAI,CAAC,wBAAwB,EAAEkD,YAAY/D,KAAK,CAAC,EAAE,EAAE+D,YAAYM,EAAE,CAAC,CAAC,CAAC;gBACnH,MAAM,IAAIvD,qBAAa,CAAC,kBAAkBC,kBAAU,CAACuD,SAAS;YAChE;YACA,OAAOH;QACT;QACA,IAAItC,SAAS7B,KAAK,KAAKI,KAAKJ,KAAK,EAAE;YACjC,IAAI,CAACW,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACmB,kBAAkB,CAAClB,IAAI,CAAC,yBAAyB,EAAEgB,SAAS7B,KAAK,CAAC,KAAK,EAAEI,KAAKJ,KAAK,EAAE;YAC/G,MAAM,IAAIc,qBAAa,CAAC,0BAA0BC,kBAAU,CAACC,SAAS;QACxE;QACA,gDAAgD;QAChD,MAAMuD,qBAAoCC,OAAOC,WAAW,CAC1D,AACE,CAAA,MAAMC,QAAQC,GAAG,CACfH,OAAOI,IAAI,CAAC/C,UAAUgD,GAAG,CAAC,OAAOC;YAC/B,IAAIA,QAAQ,YAAY;gBACtB,MAAMC,SAAS,MAAMC,IAAAA,0BAAe,EAACnD,QAAQ,CAACiD,IAAI,EAAE1E,KAAKH,QAAQ;gBACjE,OAAO8E,SAAS,OAAO;oBAACD;oBAAKjD,QAAQ,CAACiD,IAAI;iBAAC;YAC7C;YACA,OAAOjD,QAAQ,CAACiD,IAAI,KAAK1E,IAAI,CAAC0E,IAAI,GAAG;gBAACA;gBAAKjD,QAAQ,CAACiD,IAAI;aAAC,GAAG;QAC9D,GACF,EACArB,MAAM,CAACwB;QAEX,IAAIT,OAAOI,IAAI,CAACL,oBAAoBzB,MAAM,GAAG,GAAG;YAC9C,IAAI;gBACF,IAAIyB,oBAAoBL,QAAQ,MAAM;oBACpC,IAAI9D,KAAK8D,IAAI,KAAKgB,eAAS,CAACC,aAAa,IAAI,CAAC,IAAI,CAAC3D,UAAU,CAAC4D,UAAU,EAAE;wBACxE,6EAA6E;wBAC7E,OAAOb,mBAAmBL,IAAI;oBAChC;gBACF;gBACA,yBAAyB;gBACzB,MAAM,IAAI,CAACF,iBAAiB,CAACqB,iBAAiB,CAACjF,KAAKiE,EAAE,EAAEE;gBACxD,cAAc;gBACd,IAAIA,oBAAoBtE,UAAU;oBAChC,OAAOsE,mBAAmBtE,QAAQ;gBACpC;gBACAuE,OAAOc,MAAM,CAAClF,MAAMmE;gBACpB,IAAI,cAAcA,sBAAsB,eAAeA,oBAAoB;oBACzE,kDAAkD;oBAClDnE,KAAKmF,WAAW,CAAC;gBACnB;YACF,EAAE,OAAOhE,GAAG;gBACV,IAAI,CAACZ,MAAM,CAACqC,IAAI,CAAC,GAAG,IAAI,CAACjB,kBAAkB,CAAClB,IAAI,CAAC,0BAA0B,EAAET,KAAKJ,KAAK,CAAC,IAAI,EAAEuB,GAAG;YACnG;QACF;QACA,OAAOnB;IACT;IAEQ0D,uBAAuB7C,KAAY,EAAiB;QAC1D,KAAK,MAAMuE,QAAQ5B,6BAAmB,CAAE;YACtC,IAAI4B,SAASC,0BAAgB,CAACC,SAAS,IAAIzE,KAAK,CAACuE,KAAK,EAAE;gBACtDvE,KAAK,CAACuE,KAAK,GAAG,AAACG,CAAAA,MAAMC,OAAO,CAAC3E,KAAK,CAACuE,KAAK,IAAIvE,KAAK,CAACuE,KAAK,GAAGvE,KAAK,CAACuE,KAAK,GAAG;oBAACvE,KAAK,CAACuE,KAAK;iBAAC,GAAG,EAAE,AAAD,EACtF/B,MAAM,CAAC,CAACoC,IAAW,OAAOA,MAAM,UAChChB,GAAG,CAAC,CAACgB,IAAMA,EAAEC,KAAK,CAAC,sBAAsB,CAAC,EAAE,EAAEC,QAC9CtC,MAAM,CAACwB;gBACV;YACF;YACA,IAAIU,MAAMC,OAAO,CAAC3E,KAAK,CAACuE,KAAK,GAAG;gBAC9B,mEAAmE;gBACnEvE,KAAK,CAACuE,KAAK,GAAGvE,KAAK,CAACuE,KAAK,CAAC1C,MAAM,GAAG,IAAI7B,KAAK,CAACuE,KAAK,CAAC,EAAE,GAAG;YAC1D;QACF;QACA,OAAOvE;IACT;IAEQa,eAAeb,KAAoB,EAAEhB,QAAgB,EAAiB;QAC5E,MAAM+F,UACJ,OAAO,IAAI,CAACxE,UAAU,CAAC4D,UAAU,KAAK,YACtC,IAAI,CAAC5D,UAAU,CAAC4D,UAAU,IAC1BnE,KAAK,CAACwE,0BAAgB,CAACC,SAAS,CAAC,EAAEO,SAAS,IAAI,CAACzE,UAAU,CAAC4D,UAAU;QACxE,OAAO;YACLpF,OAAO,IAAI,CAACO,OAAO,CAACU,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC;YAC3D0B,OAAOT,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACC,KAAK,CAAC;YAC9CzB,UAAUA;YACViE,MAAM8B,UAAUd,eAAS,CAACC,aAAa,GAAGD,eAAS,CAACgB,IAAI;YACxD,GAAG,IAAI,CAACC,uBAAuB,CAAClF,MAAM;QACxC;IACF;IAEQkF,wBAAwBlF,KAAoB,EAA2C;QAC7F,kCAAkC;QAClC,IAAIA,MAAMmF,EAAE,IAAInF,MAAMoF,SAAS,EAAE;YAC/B,OAAO;gBAAEC,WAAWrF,MAAMoF,SAAS;gBAAEE,UAAUtF,MAAMmF,EAAE;YAAC;QAC1D;QACA,0CAA0C;QAC1C,IAAInF,MAAMuF,WAAW,IAAIvF,MAAMuF,WAAW,CAACT,IAAI,IAAI;YACjD,OAAOU,IAAAA,wBAAa,EAACxF,MAAMuF,WAAW;QACxC;QACA,oBAAoB;QACpB,IAAIvF,MAAMyF,EAAE,IAAIzF,MAAMyF,EAAE,CAACX,IAAI,IAAI;YAC/B,OAAOU,IAAAA,wBAAa,EAACxF,MAAMyF,EAAE;QAC/B;QACA,oBAAoB;QACpB,OAAO;YAAEJ,WAAW;YAAIC,UAAU;QAAG;IACvC;IAEQhG,QAAQP,KAAa,EAAU;QACrC,IAAIA,MAAMiG,QAAQ,CAAC,OAAO;YACxB,OAAOjG,MAAM2G,KAAK,CAAC,MAAMC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE;QACvC;QACA,OAAO5G;IACT;IAEQiC,eAAejC,KAAa,EAAU;QAC5C,IAAI,IAAI,CAACwB,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAK6G,yBAAe,CAACC,GAAG,EAAE;YAC5D,IAAI,IAAI,CAACtF,UAAU,CAACuF,SAAS,IAAI,CAAC/G,MAAMiG,QAAQ,CAAC,MAAM;gBACrD,OAAO,GAAGjG,MAAM,CAAC,EAAE,IAAI,CAACwB,UAAU,CAACuF,SAAS,EAAE;YAChD;QACF,OAAO,IAAI,IAAI,CAACvF,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAK6G,yBAAe,CAACG,GAAG,EAAE;YACnE,IAAI,IAAI,CAACxF,UAAU,CAACyF,WAAW,IAAI,CAACjH,MAAMiG,QAAQ,CAAC,OAAO;gBACxD,OAAO,GAAG,IAAI,CAACzE,UAAU,CAACyF,WAAW,CAAC,EAAE,EAAEjH,OAAO;YACnD;QACF;QACA,OAAOA;IACT;IAEQwD,gBAAgBxD,KAAa,EAAEkH,WAAoB,EAAU;QACnE,iDAAiD;QACjD,0EAA0E;QAC1E,6EAA6E;QAC7E,uJAAuJ;QAEvJ,wGAAwG;QACxG,gFAAgF;QAChF,MAAM3G,UAAU,IAAI,CAACA,OAAO,CAACP;QAE7B,MAAMmH,KAAK,IAAIC,gBAAQ,CAAC;YACtBC,SAAS,IAAI,CAAClF,IAAI,GACd;gBACE,IAAImF,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACG,GAAG;oBAAEQ,OAAOjH;gBAAQ;gBACpE,IAAI+G,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACC,GAAG;oBAAEU,OAAOjH;gBAAQ;gBACpE,IAAI+G,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACY,IAAI;oBAAED,OAAOjH;gBAAQ;aACtE,GACD;gBACE,IAAI+G,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACa,GAAG;oBAAEF,OAAOjH;gBAAQ;gBACpE,IAAI+G,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACc,EAAE;oBAAEH,OAAOjH;gBAAQ;gBACnE,IAAI+G,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACY,IAAI;oBAAED,OAAOjH;gBAAQ;aACtE;QACP;QAEA,gCAAgC;QAChC,IAAIqH,eAAe,IAAIC,iBAAS,CAAC;YAAER,SAAS;gBAACF;aAAG;QAAC,GAAGW,QAAQ;QAE5D,iEAAiE;QACjE,IAAIZ,eAAeA,YAAYnB,IAAI,IAAI;YACrC6B,eAAe,CAAC,EAAE,EAAEA,eAAeV,YAAY,CAAC,CAAC;QACnD;QACA,OAAOU;IACT;IAzQA,YACE,AAAiBvH,YAA0B,EAC3C,AAAiB2D,iBAAoC,CACrD;aAFiB3D,eAAAA;aACA2D,oBAAAA;aAPFrD,SAAS,IAAIoH,cAAM,CAACjI,sBAAsBe,IAAI;aAC9CW,aAAawG,gCAAa,CAACC,IAAI,CAACC,IAAI;aACpC/F,OAAO,IAAI,CAACX,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAK6G,yBAAe,CAACG,GAAG,IAAI,IAAI,CAACxF,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAK6G,yBAAe,CAACC,GAAG;aACpIrE,gBAA+B;YAAE0F,SAAS;YAAMC,gBAAgB;YAAM1F,KAAK;QAAG;IAKnF;AAuQL"}

package/server/common/functions.js

@@ -52,9 +52,6 @@ _export(exports, {
     get hashPassword () {
         return hashPassword;
     },
-    get intersectPermissions () {
-        return intersectPermissions;
-    },
     get loadOptionalModule () {
         return loadOptionalModule;
     },
@@ -240,11 +237,6 @@ function uniquePermissions(permissions, permissionsSeparator = _spaces.SPACE_PER
         ...new Set(permissions.split(permissionsSeparator).filter((p)=>p && p !== 'null').sort())
     ].join(permissionsSeparator);
 }
-function intersectPermissions(aPermissions, bPermissions, permissionsSeparator = _spaces.SPACE_PERMS_SEP) {
-    const aPerms = aPermissions.split(permissionsSeparator);
-    const bPerms = bPermissions.split(permissionsSeparator);
-    return aPerms.filter((p)=>p !== '' && p !== 'null' && bPerms.indexOf(p) > -1).sort().join(permissionsSeparator);
-}
 function differencePermissions(aPermissions, bPermissions, permissionsSeparator = _spaces.SPACE_PERMS_SEP) {
     const aPerms = aPermissions.split(permissionsSeparator);
     const bPerms = bPermissions.split(permissionsSeparator);

package/server/common/functions.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../backend/src/common/functions.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { parse as parseMs } from '@lukeed/ms'\nimport bcrypt from 'bcryptjs'\nimport { ClassTransformOptions, plainToInstance } from 'class-transformer'\nimport { validateSync } from 'class-validator'\nimport { ValidationError } from 'class-validator/types/validation/ValidationError'\nimport { ValidatorOptions } from 'class-validator/types/validation/ValidatorOptions'\nimport crypto from 'node:crypto'\nimport { setTimeout } from 'node:timers/promises'\nimport { SPACE_PERMS_SEP } from '../applications/spaces/constants/spaces'\n\nexport const regexpEscape = /[.*+?^${}()|[\\]\\\\]/g\nexport const regexSpecialChars = /[-[\\]{}()*+!<=:?./\\\\^$|#,]/g\nexport const regexSpecialCharsWithSpace = /[-[\\]{}()*+!<=:?./\\\\^$|#\\s,]/g\n\nexport async function loadOptionalModule(moduleName: string): Promise<any> {\n  return await import(moduleName)\n}\n\nexport async function sleep(ms: number): Promise<void> {\n  await setTimeout(ms)\n}\n\nexport function escapeSQLRegexp(input: string): string {\n  return input.replace(regexSpecialCharsWithSpace, '\\\\\\\\$&').replaceAll(\"'\", \"''\")\n}\n\nexport function escapeString(input: string): string {\n  return input.replace(regexSpecialChars, '\\\\$&')\n}\n\nexport function escapePath(path: string): string {\n  return path.replace(regexpEscape, '\\\\$&')\n}\n\nexport function regExpPathPattern(path: string): RegExp {\n  return new RegExp(`^${escapePath(path)}[/\\\\\\\\]`)\n}\n\nexport function convertHumanTimeToSeconds(value: string): number {\n  return parseMs(value) / 1000\n}\n\nexport function convertHumanTimeToMs(value: string): number {\n  return parseMs(value)\n}\n\nexport function formatDateISOString(date: Date): string {\n  return date.toISOString().replaceAll('-', '.').replaceAll(':', '-').replace('T', ' ').replace('Z', '')\n}\n\nexport function urlToPath(url: string): string {\n  // transform https://sync-in.com/webdav/ to /webdav/\n  try {\n    // transform https://sync-in.com/webdav/ to /webdav/\n    return new URL(url).pathname\n  } catch {\n    // or allows uri like : /webdav/\n    return url\n  }\n}\n\nexport async function hashPassword(password: string): Promise<string> {\n  return await bcrypt.hash(password, 10)\n}\n\nexport async function comparePassword(password: string, hash: string): Promise<boolean> {\n  return await bcrypt.compare(password, hash)\n}\n\nexport function generateShortUUID(length: number = 32, encoding: BufferEncoding = 'base64url'): string {\n  const bytes = Math.ceil((length * 3) / 4) // adapt to real length\n  return crypto.randomBytes(bytes).toString(encoding)\n}\n\nexport function anonymizePassword(obj: { password?: string; secrets?: string }) {\n  return { ...obj, ...(obj?.password && { password: '********' }), ...(obj?.secrets && { secrets: '********' }) }\n}\n\nexport function splitFullName(fullName?: string): { firstName: string; lastName: string } {\n  if (!fullName || !fullName.trim()) return { firstName: '', lastName: '' }\n  const parts = fullName.trim().split(/\\s+/)\n  if (parts.length === 1) {\n    return { firstName: '', lastName: parts[0] }\n  }\n  const lastName = parts.pop()!\n  const firstName = parts.join(' ')\n  return { firstName, lastName }\n}\n\nexport function transformAndValidate<T extends object>(\n  schema: new () => T,\n  object: any,\n  transformOptions: ClassTransformOptions = {},\n  validatorOptions: ValidatorOptions = {}\n): T {\n  // warning: plainToInstance do not use constructor to instantiate class\n  const instance: T = plainToInstance(schema, object, transformOptions)\n  const errors: ValidationError[] = validateSync(instance, validatorOptions)\n  if (errors.length > 0) {\n    throw new Error(errors.toString())\n  }\n  return instance\n}\n\nexport function uniquePermissions(permissions: string, permissionsSeparator: string = SPACE_PERMS_SEP) {\n  /*\n    Returns unique permissions : 'c:r:w:c:r' -> 'c:r:w'\n  */\n  if (permissions.length === 0) return permissions\n  return [\n    ...new Set(\n      permissions\n        .split(permissionsSeparator)\n        .filter((p: string) => p && p !== 'null')\n        .sort()\n    )\n  ].join(permissionsSeparator)\n}\n\nexport function intersectPermissions(aPermissions: string, bPermissions: string, permissionsSeparator: string = SPACE_PERMS_SEP): string {\n  const aPerms = aPermissions.split(permissionsSeparator)\n  const bPerms = bPermissions.split(permissionsSeparator)\n  return aPerms\n    .filter((p: string) => p !== '' && p !== 'null' && bPerms.indexOf(p) > -1)\n    .sort()\n    .join(permissionsSeparator)\n}\n\nexport function differencePermissions(aPermissions: string, bPermissions: string, permissionsSeparator: string = SPACE_PERMS_SEP): string[] {\n  const aPerms = aPermissions.split(permissionsSeparator)\n  const bPerms = bPermissions.split(permissionsSeparator)\n  return aPerms.filter((p: string) => p !== '' && bPerms.indexOf(p) === -1).sort()\n}\n\nexport function sortObjByName(a: { name: string }, b: { name: string }, asc = false): 0 | 1 | -1 {\n  const aN = a.name.toLowerCase()\n  const bN = b.name.toLowerCase()\n  if (asc) {\n    return aN < bN ? 1 : aN > bN ? -1 : 0\n  } else {\n    return aN < bN ? -1 : aN > bN ? 1 : 0\n  }\n}\n\nfunction diffProperties(a: any, b: any, props: string[]): boolean {\n  for (const p of props) {\n    if (a[p] !== b[p]) {\n      return false\n    }\n  }\n  return true\n}\n\nexport function diffCollection<T>(\n  curCollection: T[],\n  newCollection: T[],\n  updateProps: string[],\n  compareProps: string[] = ['id']\n): [T[], Record<string | 'object', { old: any; new: any } | T>[], T[]] {\n  const toAdd: T[] = []\n  const toUpdate: Record<string | 'object', { old: any; new: any } | T>[] = []\n  const toRemove: T[] = curCollection.filter((c: T) => !newCollection.find((n: T) => diffProperties(c, n, compareProps)))\n  for (const n of newCollection) {\n    const o = curCollection.find((c: T) => diffProperties(c, n, compareProps))\n    if (o) {\n      const diff: Record<string | 'object', { old: any; new: any } | T> = {}\n      for (const p of updateProps.filter((p: string) => n[p] !== o[p])) {\n        diff[p] = { old: o[p], new: n[p] }\n      }\n      if (Object.keys(diff).length) {\n        diff['object'] = n\n        toUpdate.push(diff)\n      }\n    } else {\n      toAdd.push(n)\n    }\n  }\n  return [toAdd, toUpdate, toRemove]\n}\n\nexport function convertDiffUpdate(update: Record<string | 'object', { old: any; new: any } | any>[]): Record<string | 'object', any>[] {\n  // only keep the new values\n  return update.map((o) => Object.fromEntries(Object.entries(o).map(([p, v]) => [p, p === 'object' ? v : v.new])))\n}\n"],"names":["anonymizePassword","comparePassword","convertDiffUpdate","convertHumanTimeToMs","convertHumanTimeToSeconds","diffCollection","differencePermissions","escapePath","escapeSQLRegexp","escapeString","formatDateISOString","generateShortUUID","hashPassword","intersectPermissions","loadOptionalModule","regExpPathPattern","regexSpecialChars","regexSpecialCharsWithSpace","regexpEscape","sleep","sortObjByName","splitFullName","transformAndValidate","uniquePermissions","urlToPath","moduleName","ms","setTimeout","input","replace","replaceAll","path","RegExp","value","parseMs","date","toISOString","url","URL","pathname","password","bcrypt","hash","compare","length","encoding","bytes","Math","ceil","crypto","randomBytes","toString","obj","secrets","fullName","trim","firstName","lastName","parts","split","pop","join","schema","object","transformOptions","validatorOptions","instance","plainToInstance","errors","validateSync","Error","permissions","permissionsSeparator","SPACE_PERMS_SEP","Set","filter","p","sort","aPermissions","bPermissions","aPerms","bPerms","indexOf","a","b","asc","aN","name","toLowerCase","bN","diffProperties","props","curCollection","newCollection","updateProps","compareProps","toAdd","toUpdate","toRemove","c","find","n","o","diff","old","new","Object","keys","push","update","map","fromEntries","entries","v"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QA4EeA;eAAAA;;QATMC;eAAAA;;QAmHNC;eAAAA;;QA1IAC;eAAAA;;QAJAC;eAAAA;;QAmHAC;eAAAA;;QAzBAC;eAAAA;;QAlGAC;eAAAA;;QARAC;eAAAA;;QAIAC;eAAAA;;QAoBAC;eAAAA;;QAuBAC;eAAAA;;QARMC;eAAAA;;QA0DNC;eAAAA;;QAzGMC;eAAAA;;QAoBNC;eAAAA;;QAvBHC;eAAAA;;QACAC;eAAAA;;QAFAC;eAAAA;;QAQSC;eAAAA;;QAoHNC;eAAAA;;QAxDAC;eAAAA;;QAWAC;eAAAA;;QAeAC;eAAAA;;QAtDAC;eAAAA;;;oBAlDiB;iEACd;kCACoC;gCAC1B;mEAGV;0BACQ;wBACK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEzB,MAAMN,eAAe;AACrB,MAAMF,oBAAoB;AAC1B,MAAMC,6BAA6B;AAEnC,eAAeH,mBAAmBW,UAAkB;IACzD,OAAO,MAAM,gBAAOA,8DAAP;AACf;AAEO,eAAeN,MAAMO,EAAU;IACpC,MAAMC,IAAAA,oBAAU,EAACD;AACnB;AAEO,SAASlB,gBAAgBoB,KAAa;IAC3C,OAAOA,MAAMC,OAAO,CAACZ,4BAA4B,UAAUa,UAAU,CAAC,KAAK;AAC7E;AAEO,SAASrB,aAAamB,KAAa;IACxC,OAAOA,MAAMC,OAAO,CAACb,mBAAmB;AAC1C;AAEO,SAAST,WAAWwB,IAAY;IACrC,OAAOA,KAAKF,OAAO,CAACX,cAAc;AACpC;AAEO,SAASH,kBAAkBgB,IAAY;IAC5C,OAAO,IAAIC,OAAO,CAAC,CAAC,EAAEzB,WAAWwB,MAAM,OAAO,CAAC;AACjD;AAEO,SAAS3B,0BAA0B6B,KAAa;IACrD,OAAOC,IAAAA,SAAO,EAACD,SAAS;AAC1B;AAEO,SAAS9B,qBAAqB8B,KAAa;IAChD,OAAOC,IAAAA,SAAO,EAACD;AACjB;AAEO,SAASvB,oBAAoByB,IAAU;IAC5C,OAAOA,KAAKC,WAAW,GAAGN,UAAU,CAAC,KAAK,KAAKA,UAAU,CAAC,KAAK,KAAKD,OAAO,CAAC,KAAK,KAAKA,OAAO,CAAC,KAAK;AACrG;AAEO,SAASL,UAAUa,GAAW;IACnC,oDAAoD;IACpD,IAAI;QACF,oDAAoD;QACpD,OAAO,IAAIC,IAAID,KAAKE,QAAQ;IAC9B,EAAE,OAAM;QACN,gCAAgC;QAChC,OAAOF;IACT;AACF;AAEO,eAAezB,aAAa4B,QAAgB;IACjD,OAAO,MAAMC,iBAAM,CAACC,IAAI,CAACF,UAAU;AACrC;AAEO,eAAevC,gBAAgBuC,QAAgB,EAAEE,IAAY;IAClE,OAAO,MAAMD,iBAAM,CAACE,OAAO,CAACH,UAAUE;AACxC;AAEO,SAAS/B,kBAAkBiC,SAAiB,EAAE,EAAEC,WAA2B,WAAW;IAC3F,MAAMC,QAAQC,KAAKC,IAAI,CAAC,AAACJ,SAAS,IAAK,GAAG,uBAAuB;;IACjE,OAAOK,mBAAM,CAACC,WAAW,CAACJ,OAAOK,QAAQ,CAACN;AAC5C;AAEO,SAAS7C,kBAAkBoD,GAA4C;IAC5E,OAAO;QAAE,GAAGA,GAAG;QAAE,GAAIA,KAAKZ,YAAY;YAAEA,UAAU;QAAW,CAAC;QAAG,GAAIY,KAAKC,WAAW;YAAEA,SAAS;QAAW,CAAC;IAAE;AAChH;AAEO,SAAShC,cAAciC,QAAiB;IAC7C,IAAI,CAACA,YAAY,CAACA,SAASC,IAAI,IAAI,OAAO;QAAEC,WAAW;QAAIC,UAAU;IAAG;IACxE,MAAMC,QAAQJ,SAASC,IAAI,GAAGI,KAAK,CAAC;IACpC,IAAID,MAAMd,MAAM,KAAK,GAAG;QACtB,OAAO;YAAEY,WAAW;YAAIC,UAAUC,KAAK,CAAC,EAAE;QAAC;IAC7C;IACA,MAAMD,WAAWC,MAAME,GAAG;IAC1B,MAAMJ,YAAYE,MAAMG,IAAI,CAAC;IAC7B,OAAO;QAAEL;QAAWC;IAAS;AAC/B;AAEO,SAASnC,qBACdwC,MAAmB,EACnBC,MAAW,EACXC,mBAA0C,CAAC,CAAC,EAC5CC,mBAAqC,CAAC,CAAC;IAEvC,uEAAuE;IACvE,MAAMC,WAAcC,IAAAA,iCAAe,EAACL,QAAQC,QAAQC;IACpD,MAAMI,SAA4BC,IAAAA,4BAAY,EAACH,UAAUD;IACzD,IAAIG,OAAOxB,MAAM,GAAG,GAAG;QACrB,MAAM,IAAI0B,MAAMF,OAAOjB,QAAQ;IACjC;IACA,OAAOe;AACT;AAEO,SAAS3C,kBAAkBgD,WAAmB,EAAEC,uBAA+BC,uBAAe;IACnG;;EAEA,GACA,IAAIF,YAAY3B,MAAM,KAAK,GAAG,OAAO2B;IACrC,OAAO;WACF,IAAIG,IACLH,YACGZ,KAAK,CAACa,sBACNG,MAAM,CAAC,CAACC,IAAcA,KAAKA,MAAM,QACjCC,IAAI;KAEV,CAAChB,IAAI,CAACW;AACT;AAEO,SAAS3D,qBAAqBiE,YAAoB,EAAEC,YAAoB,EAAEP,uBAA+BC,uBAAe;IAC7H,MAAMO,SAASF,aAAanB,KAAK,CAACa;IAClC,MAAMS,SAASF,aAAapB,KAAK,CAACa;IAClC,OAAOQ,OACJL,MAAM,CAAC,CAACC,IAAcA,MAAM,MAAMA,MAAM,UAAUK,OAAOC,OAAO,CAACN,KAAK,CAAC,GACvEC,IAAI,GACJhB,IAAI,CAACW;AACV;AAEO,SAASlE,sBAAsBwE,YAAoB,EAAEC,YAAoB,EAAEP,uBAA+BC,uBAAe;IAC9H,MAAMO,SAASF,aAAanB,KAAK,CAACa;IAClC,MAAMS,SAASF,aAAapB,KAAK,CAACa;IAClC,OAAOQ,OAAOL,MAAM,CAAC,CAACC,IAAcA,MAAM,MAAMK,OAAOC,OAAO,CAACN,OAAO,CAAC,GAAGC,IAAI;AAChF;AAEO,SAASzD,cAAc+D,CAAmB,EAAEC,CAAmB,EAAEC,MAAM,KAAK;IACjF,MAAMC,KAAKH,EAAEI,IAAI,CAACC,WAAW;IAC7B,MAAMC,KAAKL,EAAEG,IAAI,CAACC,WAAW;IAC7B,IAAIH,KAAK;QACP,OAAOC,KAAKG,KAAK,IAAIH,KAAKG,KAAK,CAAC,IAAI;IACtC,OAAO;QACL,OAAOH,KAAKG,KAAK,CAAC,IAAIH,KAAKG,KAAK,IAAI;IACtC;AACF;AAEA,SAASC,eAAeP,CAAM,EAAEC,CAAM,EAAEO,KAAe;IACrD,KAAK,MAAMf,KAAKe,MAAO;QACrB,IAAIR,CAAC,CAACP,EAAE,KAAKQ,CAAC,CAACR,EAAE,EAAE;YACjB,OAAO;QACT;IACF;IACA,OAAO;AACT;AAEO,SAASvE,eACduF,aAAkB,EAClBC,aAAkB,EAClBC,WAAqB,EACrBC,eAAyB;IAAC;CAAK;IAE/B,MAAMC,QAAa,EAAE;IACrB,MAAMC,WAAoE,EAAE;IAC5E,MAAMC,WAAgBN,cAAcjB,MAAM,CAAC,CAACwB,IAAS,CAACN,cAAcO,IAAI,CAAC,CAACC,IAASX,eAAeS,GAAGE,GAAGN;IACxG,KAAK,MAAMM,KAAKR,cAAe;QAC7B,MAAMS,IAAIV,cAAcQ,IAAI,CAAC,CAACD,IAAST,eAAeS,GAAGE,GAAGN;QAC5D,IAAIO,GAAG;YACL,MAAMC,OAA8D,CAAC;YACrE,KAAK,MAAM3B,KAAKkB,YAAYnB,MAAM,CAAC,CAACC,IAAcyB,CAAC,CAACzB,EAAE,KAAK0B,CAAC,CAAC1B,EAAE,EAAG;gBAChE2B,IAAI,CAAC3B,EAAE,GAAG;oBAAE4B,KAAKF,CAAC,CAAC1B,EAAE;oBAAE6B,KAAKJ,CAAC,CAACzB,EAAE;gBAAC;YACnC;YACA,IAAI8B,OAAOC,IAAI,CAACJ,MAAM3D,MAAM,EAAE;gBAC5B2D,IAAI,CAAC,SAAS,GAAGF;gBACjBJ,SAASW,IAAI,CAACL;YAChB;QACF,OAAO;YACLP,MAAMY,IAAI,CAACP;QACb;IACF;IACA,OAAO;QAACL;QAAOC;QAAUC;KAAS;AACpC;AAEO,SAAShG,kBAAkB2G,MAAiE;IACjG,2BAA2B;IAC3B,OAAOA,OAAOC,GAAG,CAAC,CAACR,IAAMI,OAAOK,WAAW,CAACL,OAAOM,OAAO,CAACV,GAAGQ,GAAG,CAAC,CAAC,CAAClC,GAAGqC,EAAE,GAAK;gBAACrC;gBAAGA,MAAM,WAAWqC,IAAIA,EAAER,GAAG;aAAC;AAC/G"}
+{"version":3,"sources":["../../../backend/src/common/functions.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { parse as parseMs } from '@lukeed/ms'\nimport bcrypt from 'bcryptjs'\nimport { ClassTransformOptions, plainToInstance } from 'class-transformer'\nimport { validateSync } from 'class-validator'\nimport { ValidationError } from 'class-validator/types/validation/ValidationError'\nimport { ValidatorOptions } from 'class-validator/types/validation/ValidatorOptions'\nimport crypto from 'node:crypto'\nimport { setTimeout } from 'node:timers/promises'\nimport { SPACE_PERMS_SEP } from '../applications/spaces/constants/spaces'\n\nexport const regexpEscape = /[.*+?^${}()|[\\]\\\\]/g\nexport const regexSpecialChars = /[-[\\]{}()*+!<=:?./\\\\^$|#,]/g\nexport const regexSpecialCharsWithSpace = /[-[\\]{}()*+!<=:?./\\\\^$|#\\s,]/g\n\nexport async function loadOptionalModule(moduleName: string): Promise<any> {\n  return await import(moduleName)\n}\n\nexport async function sleep(ms: number): Promise<void> {\n  await setTimeout(ms)\n}\n\nexport function escapeSQLRegexp(input: string): string {\n  return input.replace(regexSpecialCharsWithSpace, '\\\\\\\\$&').replaceAll(\"'\", \"''\")\n}\n\nexport function escapeString(input: string): string {\n  return input.replace(regexSpecialChars, '\\\\$&')\n}\n\nexport function escapePath(path: string): string {\n  return path.replace(regexpEscape, '\\\\$&')\n}\n\nexport function regExpPathPattern(path: string): RegExp {\n  return new RegExp(`^${escapePath(path)}[/\\\\\\\\]`)\n}\n\nexport function convertHumanTimeToSeconds(value: string): number {\n  return parseMs(value) / 1000\n}\n\nexport function convertHumanTimeToMs(value: string): number {\n  return parseMs(value)\n}\n\nexport function formatDateISOString(date: Date): string {\n  return date.toISOString().replaceAll('-', '.').replaceAll(':', '-').replace('T', ' ').replace('Z', '')\n}\n\nexport function urlToPath(url: string): string {\n  // transform https://sync-in.com/webdav/ to /webdav/\n  try {\n    // transform https://sync-in.com/webdav/ to /webdav/\n    return new URL(url).pathname\n  } catch {\n    // or allows uri like : /webdav/\n    return url\n  }\n}\n\nexport async function hashPassword(password: string): Promise<string> {\n  return await bcrypt.hash(password, 10)\n}\n\nexport async function comparePassword(password: string, hash: string): Promise<boolean> {\n  return await bcrypt.compare(password, hash)\n}\n\nexport function generateShortUUID(length: number = 32, encoding: BufferEncoding = 'base64url'): string {\n  const bytes = Math.ceil((length * 3) / 4) // adapt to real length\n  return crypto.randomBytes(bytes).toString(encoding)\n}\n\nexport function anonymizePassword(obj: { password?: string; secrets?: string }) {\n  return { ...obj, ...(obj?.password && { password: '********' }), ...(obj?.secrets && { secrets: '********' }) }\n}\n\nexport function splitFullName(fullName?: string): { firstName: string; lastName: string } {\n  if (!fullName || !fullName.trim()) return { firstName: '', lastName: '' }\n  const parts = fullName.trim().split(/\\s+/)\n  if (parts.length === 1) {\n    return { firstName: '', lastName: parts[0] }\n  }\n  const lastName = parts.pop()!\n  const firstName = parts.join(' ')\n  return { firstName, lastName }\n}\n\nexport function transformAndValidate<T extends object>(\n  schema: new () => T,\n  object: any,\n  transformOptions: ClassTransformOptions = {},\n  validatorOptions: ValidatorOptions = {}\n): T {\n  // warning: plainToInstance do not use constructor to instantiate class\n  const instance: T = plainToInstance(schema, object, transformOptions)\n  const errors: ValidationError[] = validateSync(instance, validatorOptions)\n  if (errors.length > 0) {\n    throw new Error(errors.toString())\n  }\n  return instance\n}\n\nexport function uniquePermissions(permissions: string, permissionsSeparator: string = SPACE_PERMS_SEP) {\n  /*\n    Returns unique permissions : 'c:r:w:c:r' -> 'c:r:w'\n  */\n  if (permissions.length === 0) return permissions\n  return [\n    ...new Set(\n      permissions\n        .split(permissionsSeparator)\n        .filter((p: string) => p && p !== 'null')\n        .sort()\n    )\n  ].join(permissionsSeparator)\n}\n\nexport function differencePermissions(aPermissions: string, bPermissions: string, permissionsSeparator: string = SPACE_PERMS_SEP): string[] {\n  const aPerms = aPermissions.split(permissionsSeparator)\n  const bPerms = bPermissions.split(permissionsSeparator)\n  return aPerms.filter((p: string) => p !== '' && bPerms.indexOf(p) === -1).sort()\n}\n\nexport function sortObjByName(a: { name: string }, b: { name: string }, asc = false): 0 | 1 | -1 {\n  const aN = a.name.toLowerCase()\n  const bN = b.name.toLowerCase()\n  if (asc) {\n    return aN < bN ? 1 : aN > bN ? -1 : 0\n  } else {\n    return aN < bN ? -1 : aN > bN ? 1 : 0\n  }\n}\n\nfunction diffProperties(a: any, b: any, props: string[]): boolean {\n  for (const p of props) {\n    if (a[p] !== b[p]) {\n      return false\n    }\n  }\n  return true\n}\n\nexport function diffCollection<T>(\n  curCollection: T[],\n  newCollection: T[],\n  updateProps: string[],\n  compareProps: string[] = ['id']\n): [T[], Record<string | 'object', { old: any; new: any } | T>[], T[]] {\n  const toAdd: T[] = []\n  const toUpdate: Record<string | 'object', { old: any; new: any } | T>[] = []\n  const toRemove: T[] = curCollection.filter((c: T) => !newCollection.find((n: T) => diffProperties(c, n, compareProps)))\n  for (const n of newCollection) {\n    const o = curCollection.find((c: T) => diffProperties(c, n, compareProps))\n    if (o) {\n      const diff: Record<string | 'object', { old: any; new: any } | T> = {}\n      for (const p of updateProps.filter((p: string) => n[p] !== o[p])) {\n        diff[p] = { old: o[p], new: n[p] }\n      }\n      if (Object.keys(diff).length) {\n        diff['object'] = n\n        toUpdate.push(diff)\n      }\n    } else {\n      toAdd.push(n)\n    }\n  }\n  return [toAdd, toUpdate, toRemove]\n}\n\nexport function convertDiffUpdate(update: Record<string | 'object', { old: any; new: any } | any>[]): Record<string | 'object', any>[] {\n  // only keep the new values\n  return update.map((o) => Object.fromEntries(Object.entries(o).map(([p, v]) => [p, p === 'object' ? v : v.new])))\n}\n"],"names":["anonymizePassword","comparePassword","convertDiffUpdate","convertHumanTimeToMs","convertHumanTimeToSeconds","diffCollection","differencePermissions","escapePath","escapeSQLRegexp","escapeString","formatDateISOString","generateShortUUID","hashPassword","loadOptionalModule","regExpPathPattern","regexSpecialChars","regexSpecialCharsWithSpace","regexpEscape","sleep","sortObjByName","splitFullName","transformAndValidate","uniquePermissions","urlToPath","moduleName","ms","setTimeout","input","replace","replaceAll","path","RegExp","value","parseMs","date","toISOString","url","URL","pathname","password","bcrypt","hash","compare","length","encoding","bytes","Math","ceil","crypto","randomBytes","toString","obj","secrets","fullName","trim","firstName","lastName","parts","split","pop","join","schema","object","transformOptions","validatorOptions","instance","plainToInstance","errors","validateSync","Error","permissions","permissionsSeparator","SPACE_PERMS_SEP","Set","filter","p","sort","aPermissions","bPermissions","aPerms","bPerms","indexOf","a","b","asc","aN","name","toLowerCase","bN","diffProperties","props","curCollection","newCollection","updateProps","compareProps","toAdd","toUpdate","toRemove","c","find","n","o","diff","old","new","Object","keys","push","update","map","fromEntries","entries","v"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QA4EeA;eAAAA;;QATMC;eAAAA;;QA0GNC;eAAAA;;QAjIAC;eAAAA;;QAJAC;eAAAA;;QA0GAC;eAAAA;;QAzBAC;eAAAA;;QAzFAC;eAAAA;;QARAC;eAAAA;;QAIAC;eAAAA;;QAoBAC;eAAAA;;QAuBAC;eAAAA;;QARMC;eAAAA;;QA/CAC;eAAAA;;QAoBNC;eAAAA;;QAvBHC;eAAAA;;QACAC;eAAAA;;QAFAC;eAAAA;;QAQSC;eAAAA;;QA2GNC;eAAAA;;QA/CAC;eAAAA;;QAWAC;eAAAA;;QAeAC;eAAAA;;QAtDAC;eAAAA;;;oBAlDiB;iEACd;kCACoC;gCAC1B;mEAGV;0BACQ;wBACK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEzB,MAAMN,eAAe;AACrB,MAAMF,oBAAoB;AAC1B,MAAMC,6BAA6B;AAEnC,eAAeH,mBAAmBW,UAAkB;IACzD,OAAO,MAAM,gBAAOA,8DAAP;AACf;AAEO,eAAeN,MAAMO,EAAU;IACpC,MAAMC,IAAAA,oBAAU,EAACD;AACnB;AAEO,SAASjB,gBAAgBmB,KAAa;IAC3C,OAAOA,MAAMC,OAAO,CAACZ,4BAA4B,UAAUa,UAAU,CAAC,KAAK;AAC7E;AAEO,SAASpB,aAAakB,KAAa;IACxC,OAAOA,MAAMC,OAAO,CAACb,mBAAmB;AAC1C;AAEO,SAASR,WAAWuB,IAAY;IACrC,OAAOA,KAAKF,OAAO,CAACX,cAAc;AACpC;AAEO,SAASH,kBAAkBgB,IAAY;IAC5C,OAAO,IAAIC,OAAO,CAAC,CAAC,EAAExB,WAAWuB,MAAM,OAAO,CAAC;AACjD;AAEO,SAAS1B,0BAA0B4B,KAAa;IACrD,OAAOC,IAAAA,SAAO,EAACD,SAAS;AAC1B;AAEO,SAAS7B,qBAAqB6B,KAAa;IAChD,OAAOC,IAAAA,SAAO,EAACD;AACjB;AAEO,SAAStB,oBAAoBwB,IAAU;IAC5C,OAAOA,KAAKC,WAAW,GAAGN,UAAU,CAAC,KAAK,KAAKA,UAAU,CAAC,KAAK,KAAKD,OAAO,CAAC,KAAK,KAAKA,OAAO,CAAC,KAAK;AACrG;AAEO,SAASL,UAAUa,GAAW;IACnC,oDAAoD;IACpD,IAAI;QACF,oDAAoD;QACpD,OAAO,IAAIC,IAAID,KAAKE,QAAQ;IAC9B,EAAE,OAAM;QACN,gCAAgC;QAChC,OAAOF;IACT;AACF;AAEO,eAAexB,aAAa2B,QAAgB;IACjD,OAAO,MAAMC,iBAAM,CAACC,IAAI,CAACF,UAAU;AACrC;AAEO,eAAetC,gBAAgBsC,QAAgB,EAAEE,IAAY;IAClE,OAAO,MAAMD,iBAAM,CAACE,OAAO,CAACH,UAAUE;AACxC;AAEO,SAAS9B,kBAAkBgC,SAAiB,EAAE,EAAEC,WAA2B,WAAW;IAC3F,MAAMC,QAAQC,KAAKC,IAAI,CAAC,AAACJ,SAAS,IAAK,GAAG,uBAAuB;;IACjE,OAAOK,mBAAM,CAACC,WAAW,CAACJ,OAAOK,QAAQ,CAACN;AAC5C;AAEO,SAAS5C,kBAAkBmD,GAA4C;IAC5E,OAAO;QAAE,GAAGA,GAAG;QAAE,GAAIA,KAAKZ,YAAY;YAAEA,UAAU;QAAW,CAAC;QAAG,GAAIY,KAAKC,WAAW;YAAEA,SAAS;QAAW,CAAC;IAAE;AAChH;AAEO,SAAShC,cAAciC,QAAiB;IAC7C,IAAI,CAACA,YAAY,CAACA,SAASC,IAAI,IAAI,OAAO;QAAEC,WAAW;QAAIC,UAAU;IAAG;IACxE,MAAMC,QAAQJ,SAASC,IAAI,GAAGI,KAAK,CAAC;IACpC,IAAID,MAAMd,MAAM,KAAK,GAAG;QACtB,OAAO;YAAEY,WAAW;YAAIC,UAAUC,KAAK,CAAC,EAAE;QAAC;IAC7C;IACA,MAAMD,WAAWC,MAAME,GAAG;IAC1B,MAAMJ,YAAYE,MAAMG,IAAI,CAAC;IAC7B,OAAO;QAAEL;QAAWC;IAAS;AAC/B;AAEO,SAASnC,qBACdwC,MAAmB,EACnBC,MAAW,EACXC,mBAA0C,CAAC,CAAC,EAC5CC,mBAAqC,CAAC,CAAC;IAEvC,uEAAuE;IACvE,MAAMC,WAAcC,IAAAA,iCAAe,EAACL,QAAQC,QAAQC;IACpD,MAAMI,SAA4BC,IAAAA,4BAAY,EAACH,UAAUD;IACzD,IAAIG,OAAOxB,MAAM,GAAG,GAAG;QACrB,MAAM,IAAI0B,MAAMF,OAAOjB,QAAQ;IACjC;IACA,OAAOe;AACT;AAEO,SAAS3C,kBAAkBgD,WAAmB,EAAEC,uBAA+BC,uBAAe;IACnG;;EAEA,GACA,IAAIF,YAAY3B,MAAM,KAAK,GAAG,OAAO2B;IACrC,OAAO;WACF,IAAIG,IACLH,YACGZ,KAAK,CAACa,sBACNG,MAAM,CAAC,CAACC,IAAcA,KAAKA,MAAM,QACjCC,IAAI;KAEV,CAAChB,IAAI,CAACW;AACT;AAEO,SAASjE,sBAAsBuE,YAAoB,EAAEC,YAAoB,EAAEP,uBAA+BC,uBAAe;IAC9H,MAAMO,SAASF,aAAanB,KAAK,CAACa;IAClC,MAAMS,SAASF,aAAapB,KAAK,CAACa;IAClC,OAAOQ,OAAOL,MAAM,CAAC,CAACC,IAAcA,MAAM,MAAMK,OAAOC,OAAO,CAACN,OAAO,CAAC,GAAGC,IAAI;AAChF;AAEO,SAASzD,cAAc+D,CAAmB,EAAEC,CAAmB,EAAEC,MAAM,KAAK;IACjF,MAAMC,KAAKH,EAAEI,IAAI,CAACC,WAAW;IAC7B,MAAMC,KAAKL,EAAEG,IAAI,CAACC,WAAW;IAC7B,IAAIH,KAAK;QACP,OAAOC,KAAKG,KAAK,IAAIH,KAAKG,KAAK,CAAC,IAAI;IACtC,OAAO;QACL,OAAOH,KAAKG,KAAK,CAAC,IAAIH,KAAKG,KAAK,IAAI;IACtC;AACF;AAEA,SAASC,eAAeP,CAAM,EAAEC,CAAM,EAAEO,KAAe;IACrD,KAAK,MAAMf,KAAKe,MAAO;QACrB,IAAIR,CAAC,CAACP,EAAE,KAAKQ,CAAC,CAACR,EAAE,EAAE;YACjB,OAAO;QACT;IACF;IACA,OAAO;AACT;AAEO,SAAStE,eACdsF,aAAkB,EAClBC,aAAkB,EAClBC,WAAqB,EACrBC,eAAyB;IAAC;CAAK;IAE/B,MAAMC,QAAa,EAAE;IACrB,MAAMC,WAAoE,EAAE;IAC5E,MAAMC,WAAgBN,cAAcjB,MAAM,CAAC,CAACwB,IAAS,CAACN,cAAcO,IAAI,CAAC,CAACC,IAASX,eAAeS,GAAGE,GAAGN;IACxG,KAAK,MAAMM,KAAKR,cAAe;QAC7B,MAAMS,IAAIV,cAAcQ,IAAI,CAAC,CAACD,IAAST,eAAeS,GAAGE,GAAGN;QAC5D,IAAIO,GAAG;YACL,MAAMC,OAA8D,CAAC;YACrE,KAAK,MAAM3B,KAAKkB,YAAYnB,MAAM,CAAC,CAACC,IAAcyB,CAAC,CAACzB,EAAE,KAAK0B,CAAC,CAAC1B,EAAE,EAAG;gBAChE2B,IAAI,CAAC3B,EAAE,GAAG;oBAAE4B,KAAKF,CAAC,CAAC1B,EAAE;oBAAE6B,KAAKJ,CAAC,CAACzB,EAAE;gBAAC;YACnC;YACA,IAAI8B,OAAOC,IAAI,CAACJ,MAAM3D,MAAM,EAAE;gBAC5B2D,IAAI,CAAC,SAAS,GAAGF;gBACjBJ,SAASW,IAAI,CAACL;YAChB;QACF,OAAO;YACLP,MAAMY,IAAI,CAACP;QACb;IACF;IACA,OAAO;QAACL;QAAOC;QAAUC;KAAS;AACpC;AAEO,SAAS/F,kBAAkB0G,MAAiE;IACjG,2BAA2B;IAC3B,OAAOA,OAAOC,GAAG,CAAC,CAACR,IAAMI,OAAOK,WAAW,CAACL,OAAOM,OAAO,CAACV,GAAGQ,GAAG,CAAC,CAAC,CAAClC,GAAGqC,EAAE,GAAK;gBAACrC;gBAAGA,MAAM,WAAWqC,IAAIA,EAAER,GAAG;aAAC;AAC/G"}

package/server/common/image.js

@@ -27,80 +27,68 @@ _export(exports, {
     },
     get svgMimeType () {
         return svgMimeType;
+    },
+    get webpMimeType () {
+        return webpMimeType;
     }
 });
-const _sharp = /*#__PURE__*/ _interop_require_default(require("sharp"));
-const _resvgjs = require("@resvg/resvg-js");
 const _promises = /*#__PURE__*/ _interop_require_default(require("node:fs/promises"));
+const _nodeos = /*#__PURE__*/ _interop_require_default(require("node:os"));
 const _nodepath = /*#__PURE__*/ _interop_require_default(require("node:path"));
+const _nodeutil = require("node:util");
+const _sharp = /*#__PURE__*/ _interop_require_default(require("sharp"));
+const _texttosvg = /*#__PURE__*/ _interop_require_default(require("text-to-svg" // Sharp settings
+));
 function _interop_require_default(obj) {
     return obj && obj.__esModule ? obj : {
         default: obj
     };
 }
+// Sharp settings
+_sharp.default.cache(false);
+_sharp.default.concurrency(Math.min(2, _nodeos.default.cpus()?.length || 1));
 const pngMimeType = 'image/png';
 const svgMimeType = 'image/svg+xml';
+const webpMimeType = 'image/webp';
+const avatarSize = 256;
+const fontPath = _nodepath.default.join(__dirname, 'fonts', 'avatar.ttf');
+const loadTextToSVG = (0, _nodeutil.promisify)(_texttosvg.default.load.bind(_texttosvg.default));
+let textToSvgCache = null;
 async function generateThumbnail(filePath, size) {
-    const image = (0, _sharp.default)(filePath).rotate();
-    let { width, height } = await image.metadata();
-    if (!width || !height) throw new Error('Invalid image dimensions');
-    // Calculate the new dimensions, maintaining the aspect ratio
-    if (width > height) {
-        if (width > size) {
-            height = Math.round(height * size / width);
-            width = size;
-        }
-    } else {
-        if (height > size) {
-            width = Math.round(width * size / height);
-            height = size;
-        }
-    }
-    return image.resize(width, height, {
-        fit: 'inside'
-    }).png({
-        compressionLevel: 0
-    }).toBuffer();
+    return (0, _sharp.default)(filePath, {
+        failOn: 'none',
+        sequentialRead: true,
+        limitInputPixels: 268e6 // protects against extremely large images
+    }).rotate().resize({
+        width: size,
+        height: size,
+        fit: 'inside',
+        kernel: 'nearest',
+        withoutEnlargement: true,
+        fastShrinkOnLoad: true // true by default, added for clarity
+    }).webp({
+        quality: 80,
+        effort: 0,
+        alphaQuality: 90
+    });
 }
 async function generateAvatar(initials) {
-    const width = 256;
-    const height = 256;
+    const tts = await getTextToSvg();
     const { backgroundColor, foregroundColor } = randomColor();
-    const fontPath = _nodepath.default.join(__dirname, 'fonts', 'avatar.ttf');
-    const fontBase64 = (await _promises.default.readFile(fontPath)).toString('base64');
-    const svg = `
-  <svg xmlns="http://www.w3.org/2000/svg" width="${width}" height="${height}">
-    <style>
-      @font-face {
-        font-family: 'Avatar';
-        src: url('data:font/ttf;base64,${fontBase64}') format('truetype');
-      }
-      text {
-        font-family: 'Avatar', sans-serif;
-        font-size: 150px;
-        fill: ${foregroundColor};
-        dominant-baseline: central;
-        text-anchor: middle;
-      }
-    </style>
-    <rect width="100%" height="100%" fill="${backgroundColor}" />
-    <text x="50%" y="50%">${initials}</text>
-  </svg>
-  `;
-    // Rasterize SVG to PNG
-    const resvg = new _resvgjs.Resvg(svg, {
-        fitTo: {
-            mode: 'width',
-            value: width
-        },
-        font: {
-            fontFiles: [
-                fontPath
-            ],
-            loadSystemFonts: false
-        }
+    const fontSize = fitFontSize(tts, initials, avatarSize * 0.8, 170);
+    const d = tts.getD(initials, {
+        x: avatarSize / 2,
+        y: avatarSize / 2.1,
+        fontSize,
+        anchor: 'center middle'
     });
-    return resvg.render().asPng();
+    const svg = `
+<svg width="${avatarSize}" height="${avatarSize}" viewBox="0 0 ${avatarSize} ${avatarSize}"
+     xmlns="http://www.w3.org/2000/svg">
+  <rect width="100%" height="100%" fill="${backgroundColor}"/>
+  <path d="${d}" fill="${foregroundColor}" />
+</svg>`.trim();
+    return (0, _sharp.default)(Buffer.from(svg, 'utf8')).png();
 }
 async function convertImageToBase64(imgPath) {
     const base64String = await _promises.default.readFile(imgPath, {
@@ -125,5 +113,22 @@ function randomColor() {
         foregroundColor: brightness > 180 ? '#000000' : '#ffffff'
     };
 }
+function fitFontSize(tts, text, box, start = 170) {
+    // Heuristic to make the text occupy ~80% of the available width
+    let size = start;
+    // Lower bound to prevent infinite loops when the font renders very small
+    while(size > 20){
+        const m = tts.getMetrics(text, {
+            fontSize: size,
+            anchor: 'center middle'
+        });
+        if (m.width <= box) break;
+        size -= 4;
+    }
+    return size;
+}
+function getTextToSvg() {
+    return textToSvgCache ??= loadTextToSVG(fontPath);
+}
 
 //# sourceMappingURL=image.js.map

package/server/common/image.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../backend/src/common/image.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport sharp from 'sharp'\nimport { Resvg } from '@resvg/resvg-js'\nimport fs from 'node:fs/promises'\nimport path from 'node:path'\n\nexport const pngMimeType = 'image/png'\nexport const svgMimeType = 'image/svg+xml'\n\nexport async function generateThumbnail(filePath: string, size: number) {\n  const image = sharp(filePath).rotate()\n  let { width, height } = await image.metadata()\n\n  if (!width || !height) throw new Error('Invalid image dimensions')\n\n  // Calculate the new dimensions, maintaining the aspect ratio\n  if (width > height) {\n    if (width > size) {\n      height = Math.round((height * size) / width)\n      width = size\n    }\n  } else {\n    if (height > size) {\n      width = Math.round((width * size) / height)\n      height = size\n    }\n  }\n\n  return image.resize(width, height, { fit: 'inside' }).png({ compressionLevel: 0 }).toBuffer()\n}\n\nexport async function generateAvatar(initials: string): Promise<Buffer> {\n  const width = 256\n  const height = 256\n  const { backgroundColor, foregroundColor } = randomColor()\n\n  const fontPath = path.join(__dirname, 'fonts', 'avatar.ttf')\n  const fontBase64 = (await fs.readFile(fontPath)).toString('base64')\n\n  const svg = `\n  <svg xmlns=\"http://www.w3.org/2000/svg\" width=\"${width}\" height=\"${height}\">\n    <style>\n      @font-face {\n        font-family: 'Avatar';\n        src: url('data:font/ttf;base64,${fontBase64}') format('truetype');\n      }\n      text {\n        font-family: 'Avatar', sans-serif;\n        font-size: 150px;\n        fill: ${foregroundColor};\n        dominant-baseline: central;\n        text-anchor: middle;\n      }\n    </style>\n    <rect width=\"100%\" height=\"100%\" fill=\"${backgroundColor}\" />\n    <text x=\"50%\" y=\"50%\">${initials}</text>\n  </svg>\n  `\n\n  // Rasterize SVG to PNG\n  const resvg = new Resvg(svg, {\n    fitTo: { mode: 'width', value: width },\n    font: {\n      fontFiles: [fontPath],\n      loadSystemFonts: false\n    }\n  })\n\n  return resvg.render().asPng()\n}\n\nexport async function convertImageToBase64(imgPath: string) {\n  const base64String = await fs.readFile(imgPath, { encoding: 'base64' })\n  return `data:image/png;base64,${base64String}`\n}\n\nfunction randomColor() {\n  let color = ''\n  while (color.length < 6) {\n    /* sometimes the returned value does not have\n     * the 6 digits needed, so we do it again until\n     * it does\n     */\n    color = Math.floor(Math.random() * 16777215).toString(16)\n  }\n  const red = parseInt(color.substring(0, 2), 16)\n  const green = parseInt(color.substring(2, 4), 16)\n  const blue = parseInt(color.substring(4, 6), 16)\n  const brightness = red * 0.299 + green * 0.587 + blue * 0.114\n\n  return {\n    backgroundColor: `#${color}`,\n    foregroundColor: brightness > 180 ? '#000000' : '#ffffff'\n  }\n}\n"],"names":["convertImageToBase64","generateAvatar","generateThumbnail","pngMimeType","svgMimeType","filePath","size","image","sharp","rotate","width","height","metadata","Error","Math","round","resize","fit","png","compressionLevel","toBuffer","initials","backgroundColor","foregroundColor","randomColor","fontPath","path","join","__dirname","fontBase64","fs","readFile","toString","svg","resvg","Resvg","fitTo","mode","value","font","fontFiles","loadSystemFonts","render","asPng","imgPath","base64String","encoding","color","length","floor","random","red","parseInt","substring","green","blue","brightness"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAwEqBA;eAAAA;;QAxCAC;eAAAA;;QAtBAC;eAAAA;;QAHTC;eAAAA;;QACAC;eAAAA;;;8DANK;yBACI;iEACP;iEACE;;;;;;AAEV,MAAMD,cAAc;AACpB,MAAMC,cAAc;AAEpB,eAAeF,kBAAkBG,QAAgB,EAAEC,IAAY;IACpE,MAAMC,QAAQC,IAAAA,cAAK,EAACH,UAAUI,MAAM;IACpC,IAAI,EAAEC,KAAK,EAAEC,MAAM,EAAE,GAAG,MAAMJ,MAAMK,QAAQ;IAE5C,IAAI,CAACF,SAAS,CAACC,QAAQ,MAAM,IAAIE,MAAM;IAEvC,6DAA6D;IAC7D,IAAIH,QAAQC,QAAQ;QAClB,IAAID,QAAQJ,MAAM;YAChBK,SAASG,KAAKC,KAAK,CAAC,AAACJ,SAASL,OAAQI;YACtCA,QAAQJ;QACV;IACF,OAAO;QACL,IAAIK,SAASL,MAAM;YACjBI,QAAQI,KAAKC,KAAK,CAAC,AAACL,QAAQJ,OAAQK;YACpCA,SAASL;QACX;IACF;IAEA,OAAOC,MAAMS,MAAM,CAACN,OAAOC,QAAQ;QAAEM,KAAK;IAAS,GAAGC,GAAG,CAAC;QAAEC,kBAAkB;IAAE,GAAGC,QAAQ;AAC7F;AAEO,eAAenB,eAAeoB,QAAgB;IACnD,MAAMX,QAAQ;IACd,MAAMC,SAAS;IACf,MAAM,EAAEW,eAAe,EAAEC,eAAe,EAAE,GAAGC;IAE7C,MAAMC,WAAWC,iBAAI,CAACC,IAAI,CAACC,WAAW,SAAS;IAC/C,MAAMC,aAAa,AAAC,CAAA,MAAMC,iBAAE,CAACC,QAAQ,CAACN,SAAQ,EAAGO,QAAQ,CAAC;IAE1D,MAAMC,MAAM,CAAC;iDACkC,EAAEvB,MAAM,UAAU,EAAEC,OAAO;;;;uCAIrC,EAAEkB,WAAW;;;;;cAKtC,EAAEN,gBAAgB;;;;;2CAKW,EAAED,gBAAgB;0BACnC,EAAED,SAAS;;EAEnC,CAAC;IAED,uBAAuB;IACvB,MAAMa,QAAQ,IAAIC,cAAK,CAACF,KAAK;QAC3BG,OAAO;YAAEC,MAAM;YAASC,OAAO5B;QAAM;QACrC6B,MAAM;YACJC,WAAW;gBAACf;aAAS;YACrBgB,iBAAiB;QACnB;IACF;IAEA,OAAOP,MAAMQ,MAAM,GAAGC,KAAK;AAC7B;AAEO,eAAe3C,qBAAqB4C,OAAe;IACxD,MAAMC,eAAe,MAAMf,iBAAE,CAACC,QAAQ,CAACa,SAAS;QAAEE,UAAU;IAAS;IACrE,OAAO,CAAC,sBAAsB,EAAED,cAAc;AAChD;AAEA,SAASrB;IACP,IAAIuB,QAAQ;IACZ,MAAOA,MAAMC,MAAM,GAAG,EAAG;QACvB;;;KAGC,GACDD,QAAQjC,KAAKmC,KAAK,CAACnC,KAAKoC,MAAM,KAAK,UAAUlB,QAAQ,CAAC;IACxD;IACA,MAAMmB,MAAMC,SAASL,MAAMM,SAAS,CAAC,GAAG,IAAI;IAC5C,MAAMC,QAAQF,SAASL,MAAMM,SAAS,CAAC,GAAG,IAAI;IAC9C,MAAME,OAAOH,SAASL,MAAMM,SAAS,CAAC,GAAG,IAAI;IAC7C,MAAMG,aAAaL,MAAM,QAAQG,QAAQ,QAAQC,OAAO;IAExD,OAAO;QACLjC,iBAAiB,CAAC,CAAC,EAAEyB,OAAO;QAC5BxB,iBAAiBiC,aAAa,MAAM,YAAY;IAClD;AACF"}
+{"version":3,"sources":["../../../backend/src/common/image.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport fs from 'node:fs/promises'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { Readable } from 'node:stream'\nimport { promisify } from 'node:util'\nimport sharp from 'sharp'\nimport TextToSVG from 'text-to-svg' // Sharp settings\n\n// Sharp settings\nsharp.cache(false)\nsharp.concurrency(Math.min(2, os.cpus()?.length || 1))\n\n// Constants\nexport const pngMimeType = 'image/png'\nexport const svgMimeType = 'image/svg+xml'\nexport const webpMimeType = 'image/webp'\nconst avatarSize = 256\nconst fontPath = path.join(__dirname, 'fonts', 'avatar.ttf')\nconst loadTextToSVG = promisify(TextToSVG.load.bind(TextToSVG))\nlet textToSvgCache: Promise<TextToSVG> | null = null\n\nexport async function generateThumbnail(filePath: string, size: number): Promise<Readable> {\n  return sharp(filePath, {\n    failOn: 'none',\n    sequentialRead: true, // sequential read = more efficient I/O\n    limitInputPixels: 268e6 // protects against extremely large images\n  })\n    .rotate()\n    .resize({\n      width: size,\n      height: size,\n      fit: 'inside',\n      kernel: 'nearest',\n      withoutEnlargement: true,\n      fastShrinkOnLoad: true // true by default, added for clarity\n    })\n    .webp({ quality: 80, effort: 0, alphaQuality: 90 })\n}\n\nexport async function generateAvatar(initials: string): Promise<NodeJS.ReadableStream> {\n  const tts = await getTextToSvg()\n  const { backgroundColor, foregroundColor } = randomColor()\n  const fontSize = fitFontSize(tts, initials, avatarSize * 0.8, 170)\n\n  const d = tts.getD(initials, {\n    x: avatarSize / 2,\n    y: avatarSize / 2.1,\n    fontSize,\n    anchor: 'center middle'\n  })\n\n  const svg = `\n<svg width=\"${avatarSize}\" height=\"${avatarSize}\" viewBox=\"0 0 ${avatarSize} ${avatarSize}\"\n     xmlns=\"http://www.w3.org/2000/svg\">\n  <rect width=\"100%\" height=\"100%\" fill=\"${backgroundColor}\"/>\n  <path d=\"${d}\" fill=\"${foregroundColor}\" />\n</svg>`.trim()\n\n  return sharp(Buffer.from(svg, 'utf8')).png()\n}\n\nexport async function convertImageToBase64(imgPath: string) {\n  const base64String = await fs.readFile(imgPath, { encoding: 'base64' })\n  return `data:image/png;base64,${base64String}`\n}\n\nfunction randomColor() {\n  let color = ''\n  while (color.length < 6) {\n    /* sometimes the returned value does not have\n     * the 6 digits needed, so we do it again until\n     * it does\n     */\n    color = Math.floor(Math.random() * 16777215).toString(16)\n  }\n  const red = parseInt(color.substring(0, 2), 16)\n  const green = parseInt(color.substring(2, 4), 16)\n  const blue = parseInt(color.substring(4, 6), 16)\n  const brightness = red * 0.299 + green * 0.587 + blue * 0.114\n\n  return {\n    backgroundColor: `#${color}`,\n    foregroundColor: brightness > 180 ? '#000000' : '#ffffff'\n  }\n}\n\nfunction fitFontSize(tts: TextToSVG, text: string, box: number, start = 170): number {\n  // Heuristic to make the text occupy ~80% of the available width\n  let size = start\n  // Lower bound to prevent infinite loops when the font renders very small\n  while (size > 20) {\n    const m = tts.getMetrics(text, { fontSize: size, anchor: 'center middle' })\n    if (m.width <= box) break\n    size -= 4\n  }\n  return size\n}\n\nfunction getTextToSvg(): Promise<TextToSVG> {\n  return (textToSvgCache ??= loadTextToSVG(fontPath) as Promise<TextToSVG>)\n}\n"],"names":["convertImageToBase64","generateAvatar","generateThumbnail","pngMimeType","svgMimeType","webpMimeType","sharp","cache","concurrency","Math","min","os","cpus","length","avatarSize","fontPath","path","join","__dirname","loadTextToSVG","promisify","TextToSVG","load","bind","textToSvgCache","filePath","size","failOn","sequentialRead","limitInputPixels","rotate","resize","width","height","fit","kernel","withoutEnlargement","fastShrinkOnLoad","webp","quality","effort","alphaQuality","initials","tts","getTextToSvg","backgroundColor","foregroundColor","randomColor","fontSize","fitFontSize","d","getD","x","y","anchor","svg","trim","Buffer","from","png","imgPath","base64String","fs","readFile","encoding","color","floor","random","toString","red","parseInt","substring","green","blue","brightness","text","box","start","m","getMetrics"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QA+DqBA;eAAAA;;QAtBAC;eAAAA;;QAlBAC;eAAAA;;QARTC;eAAAA;;QACAC;eAAAA;;QACAC;eAAAA;;;iEAfE;+DACA;iEACE;0BAES;8DACR;kEACI,cAAc,iBAAiB;;;;;;;AAErD,iBAAiB;AACjBC,cAAK,CAACC,KAAK,CAAC;AACZD,cAAK,CAACE,WAAW,CAACC,KAAKC,GAAG,CAAC,GAAGC,eAAE,CAACC,IAAI,IAAIC,UAAU;AAG5C,MAAMV,cAAc;AACpB,MAAMC,cAAc;AACpB,MAAMC,eAAe;AAC5B,MAAMS,aAAa;AACnB,MAAMC,WAAWC,iBAAI,CAACC,IAAI,CAACC,WAAW,SAAS;AAC/C,MAAMC,gBAAgBC,IAAAA,mBAAS,EAACC,kBAAS,CAACC,IAAI,CAACC,IAAI,CAACF,kBAAS;AAC7D,IAAIG,iBAA4C;AAEzC,eAAetB,kBAAkBuB,QAAgB,EAAEC,IAAY;IACpE,OAAOpB,IAAAA,cAAK,EAACmB,UAAU;QACrBE,QAAQ;QACRC,gBAAgB;QAChBC,kBAAkB,MAAM,0CAA0C;IACpE,GACGC,MAAM,GACNC,MAAM,CAAC;QACNC,OAAON;QACPO,QAAQP;QACRQ,KAAK;QACLC,QAAQ;QACRC,oBAAoB;QACpBC,kBAAkB,KAAK,qCAAqC;IAC9D,GACCC,IAAI,CAAC;QAAEC,SAAS;QAAIC,QAAQ;QAAGC,cAAc;IAAG;AACrD;AAEO,eAAexC,eAAeyC,QAAgB;IACnD,MAAMC,MAAM,MAAMC;IAClB,MAAM,EAAEC,eAAe,EAAEC,eAAe,EAAE,GAAGC;IAC7C,MAAMC,WAAWC,YAAYN,KAAKD,UAAU5B,aAAa,KAAK;IAE9D,MAAMoC,IAAIP,IAAIQ,IAAI,CAACT,UAAU;QAC3BU,GAAGtC,aAAa;QAChBuC,GAAGvC,aAAa;QAChBkC;QACAM,QAAQ;IACV;IAEA,MAAMC,MAAM,CAAC;YACH,EAAEzC,WAAW,UAAU,EAAEA,WAAW,eAAe,EAAEA,WAAW,CAAC,EAAEA,WAAW;;yCAEjD,EAAE+B,gBAAgB;WAChD,EAAEK,EAAE,QAAQ,EAAEJ,gBAAgB;MACnC,CAAC,CAACU,IAAI;IAEV,OAAOlD,IAAAA,cAAK,EAACmD,OAAOC,IAAI,CAACH,KAAK,SAASI,GAAG;AAC5C;AAEO,eAAe3D,qBAAqB4D,OAAe;IACxD,MAAMC,eAAe,MAAMC,iBAAE,CAACC,QAAQ,CAACH,SAAS;QAAEI,UAAU;IAAS;IACrE,OAAO,CAAC,sBAAsB,EAAEH,cAAc;AAChD;AAEA,SAASd;IACP,IAAIkB,QAAQ;IACZ,MAAOA,MAAMpD,MAAM,GAAG,EAAG;QACvB;;;KAGC,GACDoD,QAAQxD,KAAKyD,KAAK,CAACzD,KAAK0D,MAAM,KAAK,UAAUC,QAAQ,CAAC;IACxD;IACA,MAAMC,MAAMC,SAASL,MAAMM,SAAS,CAAC,GAAG,IAAI;IAC5C,MAAMC,QAAQF,SAASL,MAAMM,SAAS,CAAC,GAAG,IAAI;IAC9C,MAAME,OAAOH,SAASL,MAAMM,SAAS,CAAC,GAAG,IAAI;IAC7C,MAAMG,aAAaL,MAAM,QAAQG,QAAQ,QAAQC,OAAO;IAExD,OAAO;QACL5B,iBAAiB,CAAC,CAAC,EAAEoB,OAAO;QAC5BnB,iBAAiB4B,aAAa,MAAM,YAAY;IAClD;AACF;AAEA,SAASzB,YAAYN,GAAc,EAAEgC,IAAY,EAAEC,GAAW,EAAEC,QAAQ,GAAG;IACzE,gEAAgE;IAChE,IAAInD,OAAOmD;IACX,yEAAyE;IACzE,MAAOnD,OAAO,GAAI;QAChB,MAAMoD,IAAInC,IAAIoC,UAAU,CAACJ,MAAM;YAAE3B,UAAUtB;YAAM4B,QAAQ;QAAgB;QACzE,IAAIwB,EAAE9C,KAAK,IAAI4C,KAAK;QACpBlD,QAAQ;IACV;IACA,OAAOA;AACT;AAEA,SAASkB;IACP,OAAQpB,mBAAmBL,cAAcJ;AAC3C"}

package/server/common/shared.js

@@ -2,7 +2,7 @@
  * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
  * This file is part of Sync-in | The open source file sync and share solution
  * See the LICENSE file for licensing details
- */ "use strict";
+ */ /* THIS FILE IS SHARED WITH THE FRONTEND PACKAGE */ "use strict";
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
@@ -13,6 +13,9 @@ function _export(target, all) {
     });
 }
 _export(exports, {
+    get APP_URL () {
+        return APP_URL;
+    },
     get SERVER_NAME () {
         return SERVER_NAME;
     },
@@ -43,6 +46,9 @@ _export(exports, {
     get genPassword () {
         return genPassword;
     },
+    get intersectPermissions () {
+        return intersectPermissions;
+    },
     get isValidFileName () {
         return isValidFileName;
     },
@@ -62,7 +68,13 @@ _export(exports, {
         return regExpPreventPathTraversal;
     }
 });
+const _spaces = require("../applications/spaces/constants/spaces");
 const SERVER_NAME = 'Sync-in';
+const APP_URL = {
+    WEBSITE: 'https://sync-in.com',
+    RELEASES: 'https://github.com/Sync-in/server/releases',
+    SERVER_VERSION_MANIFEST: 'https://releases.sync-in.org/sync-in-server/latest.json'
+};
 const regExpInvalidFileName = /^(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])$|[<>:"/\\|?*\x00-\x1f\x80-\x9f]/;
 const regExpPreventPathTraversal = /^(\.\.(\/|\\|$))+/;
 const regExpNumberSuffix = /-\d+$/;
@@ -122,5 +134,10 @@ function objectPropertyFromString(obj, property) {
 function capitalizeString(value) {
     return value.charAt(0).toUpperCase() + value.slice(1);
 }
+function intersectPermissions(aPermissions, bPermissions, permissionsSeparator = _spaces.SPACE_PERMS_SEP) {
+    const aPerms = aPermissions.split(permissionsSeparator);
+    const bPerms = bPermissions.split(permissionsSeparator);
+    return aPerms.filter((p)=>p !== '' && p !== 'null' && bPerms.indexOf(p) > -1).sort().join(permissionsSeparator);
+}
 
 //# sourceMappingURL=shared.js.map

package/server/common/shared.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../backend/src/common/shared.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nexport const SERVER_NAME = 'Sync-in' as const\n\n// eslint-disable-next-line no-control-regex\nexport const regExpInvalidFileName = /^(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])$|[<>:\"/\\\\|?*\\x00-\\x1f\\x80-\\x9f]/\nexport const regExpPreventPathTraversal = /^(\\.\\.(\\/|\\\\|$))+/\nexport const regExpNumberSuffix = /-\\d+$/\nexport const forbiddenChars = '\\\\ / : * ? \" < > |'\n\nexport function isValidFileName(fileName: string) {\n  if (regExpInvalidFileName.test(fileName)) {\n    throw new Error('Forbidden characters')\n  }\n}\n\nexport function currentTimeStamp(date?: Date, ms = false): number {\n  return Math.floor((date ? date : new Date()).getTime() / (ms ? 1 : 1000))\n}\n\nexport function currentDate(value?: string): Date {\n  return new Date((value ? value : new Date().toISOString()).split('T')[0])\n}\n\nexport function createSlug(input: string, replaceCount = false): string {\n  const r = input\n    .toLowerCase()\n    .trim()\n    .replace(/[\\s_-]+/g, '-')\n    .replace(/^-+|-+$/g, '')\n    .normalize('NFD')\n    .replace(/[\\u0300-\\u036f]/g, '')\n  if (replaceCount) return r.replace(regExpNumberSuffix, '')\n  return r\n}\n\nexport function createLightSlug(input: string) {\n  return input\n    .toLowerCase()\n    .trim()\n    .normalize('NFD')\n    .replace(/[\\u0300-\\u036f]/g, '')\n}\n\nexport function genPassword(length = 12) {\n  const chars = '0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()ABCDEFGHIJKLMNOPQRSTUVWXYZ'\n  let password = ''\n  for (let i = 0; i <= length; i++) {\n    const randomNumber = Math.floor(Math.random() * chars.length)\n    password += chars.substring(randomNumber, randomNumber + 1)\n  }\n  return password\n}\n\nexport function popFromObject(key: string, object: any): any {\n  const item = object[key]\n  delete object[key]\n  return item\n}\n\nexport function encodeUrl(url: string): string {\n  return url\n    .split('/')\n    .map((e) => encodeURIComponent(e))\n    .join('/')\n}\n\nexport function decodeUrl(url: string): string {\n  return url\n    .split('/')\n    .map((e) => decodeURIComponent(e))\n    .join('/')\n}\n\nexport function objectPropertyFromString(obj: any, property: string): any {\n  const a = property.split('.')\n  let o = obj\n  for (let i = 0, n = a.length; i < n; i++) {\n    const k = a[i]\n    if (k in o) {\n      o = o[k]\n    } else {\n      return null\n    }\n  }\n  return o\n}\n\nexport function capitalizeString(value: string): string {\n  return value.charAt(0).toUpperCase() + value.slice(1)\n}\n"],"names":["SERVER_NAME","capitalizeString","createLightSlug","createSlug","currentDate","currentTimeStamp","decodeUrl","encodeUrl","forbiddenChars","genPassword","isValidFileName","objectPropertyFromString","popFromObject","regExpInvalidFileName","regExpNumberSuffix","regExpPreventPathTraversal","fileName","test","Error","date","ms","Math","floor","Date","getTime","value","toISOString","split","input","replaceCount","r","toLowerCase","trim","replace","normalize","length","chars","password","i","randomNumber","random","substring","key","object","item","url","map","e","encodeURIComponent","join","decodeURIComponent","obj","property","a","o","n","k","charAt","toUpperCase","slice"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAEYA;eAAAA;;QAsFGC;eAAAA;;QApDAC;eAAAA;;QAZAC;eAAAA;;QAJAC;eAAAA;;QAJAC;eAAAA;;QAmDAC;eAAAA;;QAPAC;eAAAA;;QApDHC;eAAAA;;QAoCGC;eAAAA;;QAlCAC;eAAAA;;QAgEAC;eAAAA;;QApBAC;eAAAA;;QAjDHC;eAAAA;;QAEAC;eAAAA;;QADAC;eAAAA;;;AAJN,MAAMf,cAAc;AAGpB,MAAMa,wBAAwB;AAC9B,MAAME,6BAA6B;AACnC,MAAMD,qBAAqB;AAC3B,MAAMN,iBAAiB;AAEvB,SAASE,gBAAgBM,QAAgB;IAC9C,IAAIH,sBAAsBI,IAAI,CAACD,WAAW;QACxC,MAAM,IAAIE,MAAM;IAClB;AACF;AAEO,SAASb,iBAAiBc,IAAW,EAAEC,KAAK,KAAK;IACtD,OAAOC,KAAKC,KAAK,CAAC,AAACH,CAAAA,OAAOA,OAAO,IAAII,MAAK,EAAGC,OAAO,KAAMJ,CAAAA,KAAK,IAAI,IAAG;AACxE;AAEO,SAAShB,YAAYqB,KAAc;IACxC,OAAO,IAAIF,KAAK,AAACE,CAAAA,QAAQA,QAAQ,IAAIF,OAAOG,WAAW,EAAC,EAAGC,KAAK,CAAC,IAAI,CAAC,EAAE;AAC1E;AAEO,SAASxB,WAAWyB,KAAa,EAAEC,eAAe,KAAK;IAC5D,MAAMC,IAAIF,MACPG,WAAW,GACXC,IAAI,GACJC,OAAO,CAAC,YAAY,KACpBA,OAAO,CAAC,YAAY,IACpBC,SAAS,CAAC,OACVD,OAAO,CAAC,oBAAoB;IAC/B,IAAIJ,cAAc,OAAOC,EAAEG,OAAO,CAACnB,oBAAoB;IACvD,OAAOgB;AACT;AAEO,SAAS5B,gBAAgB0B,KAAa;IAC3C,OAAOA,MACJG,WAAW,GACXC,IAAI,GACJE,SAAS,CAAC,OACVD,OAAO,CAAC,oBAAoB;AACjC;AAEO,SAASxB,YAAY0B,SAAS,EAAE;IACrC,MAAMC,QAAQ;IACd,IAAIC,WAAW;IACf,IAAK,IAAIC,IAAI,GAAGA,KAAKH,QAAQG,IAAK;QAChC,MAAMC,eAAelB,KAAKC,KAAK,CAACD,KAAKmB,MAAM,KAAKJ,MAAMD,MAAM;QAC5DE,YAAYD,MAAMK,SAAS,CAACF,cAAcA,eAAe;IAC3D;IACA,OAAOF;AACT;AAEO,SAASzB,cAAc8B,GAAW,EAAEC,MAAW;IACpD,MAAMC,OAAOD,MAAM,CAACD,IAAI;IACxB,OAAOC,MAAM,CAACD,IAAI;IAClB,OAAOE;AACT;AAEO,SAASrC,UAAUsC,GAAW;IACnC,OAAOA,IACJlB,KAAK,CAAC,KACNmB,GAAG,CAAC,CAACC,IAAMC,mBAAmBD,IAC9BE,IAAI,CAAC;AACV;AAEO,SAAS3C,UAAUuC,GAAW;IACnC,OAAOA,IACJlB,KAAK,CAAC,KACNmB,GAAG,CAAC,CAACC,IAAMG,mBAAmBH,IAC9BE,IAAI,CAAC;AACV;AAEO,SAAStC,yBAAyBwC,GAAQ,EAAEC,QAAgB;IACjE,MAAMC,IAAID,SAASzB,KAAK,CAAC;IACzB,IAAI2B,IAAIH;IACR,IAAK,IAAIb,IAAI,GAAGiB,IAAIF,EAAElB,MAAM,EAAEG,IAAIiB,GAAGjB,IAAK;QACxC,MAAMkB,IAAIH,CAAC,CAACf,EAAE;QACd,IAAIkB,KAAKF,GAAG;YACVA,IAAIA,CAAC,CAACE,EAAE;QACV,OAAO;YACL,OAAO;QACT;IACF;IACA,OAAOF;AACT;AAEO,SAASrD,iBAAiBwB,KAAa;IAC5C,OAAOA,MAAMgC,MAAM,CAAC,GAAGC,WAAW,KAAKjC,MAAMkC,KAAK,CAAC;AACrD"}
+{"version":3,"sources":["../../../backend/src/common/shared.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\n/* THIS FILE IS SHARED WITH THE FRONTEND PACKAGE */\n\nimport { SPACE_PERMS_SEP } from '../applications/spaces/constants/spaces'\n\nexport const SERVER_NAME = 'Sync-in' as const\n\nexport const APP_URL = {\n  WEBSITE: 'https://sync-in.com',\n  RELEASES: 'https://github.com/Sync-in/server/releases',\n  SERVER_VERSION_MANIFEST: 'https://releases.sync-in.org/sync-in-server/latest.json'\n} as const\n\n// eslint-disable-next-line no-control-regex\nexport const regExpInvalidFileName = /^(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])$|[<>:\"/\\\\|?*\\x00-\\x1f\\x80-\\x9f]/\nexport const regExpPreventPathTraversal = /^(\\.\\.(\\/|\\\\|$))+/\nexport const regExpNumberSuffix = /-\\d+$/\nexport const forbiddenChars = '\\\\ / : * ? \" < > |'\n\nexport function isValidFileName(fileName: string) {\n  if (regExpInvalidFileName.test(fileName)) {\n    throw new Error('Forbidden characters')\n  }\n}\n\nexport function currentTimeStamp(date?: Date, ms = false): number {\n  return Math.floor((date ? date : new Date()).getTime() / (ms ? 1 : 1000))\n}\n\nexport function currentDate(value?: string): Date {\n  return new Date((value ? value : new Date().toISOString()).split('T')[0])\n}\n\nexport function createSlug(input: string, replaceCount = false): string {\n  const r = input\n    .toLowerCase()\n    .trim()\n    .replace(/[\\s_-]+/g, '-')\n    .replace(/^-+|-+$/g, '')\n    .normalize('NFD')\n    .replace(/[\\u0300-\\u036f]/g, '')\n  if (replaceCount) return r.replace(regExpNumberSuffix, '')\n  return r\n}\n\nexport function createLightSlug(input: string) {\n  return input\n    .toLowerCase()\n    .trim()\n    .normalize('NFD')\n    .replace(/[\\u0300-\\u036f]/g, '')\n}\n\nexport function genPassword(length = 12) {\n  const chars = '0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()ABCDEFGHIJKLMNOPQRSTUVWXYZ'\n  let password = ''\n  for (let i = 0; i <= length; i++) {\n    const randomNumber = Math.floor(Math.random() * chars.length)\n    password += chars.substring(randomNumber, randomNumber + 1)\n  }\n  return password\n}\n\nexport function popFromObject(key: string, object: any): any {\n  const item = object[key]\n  delete object[key]\n  return item\n}\n\nexport function encodeUrl(url: string): string {\n  return url\n    .split('/')\n    .map((e) => encodeURIComponent(e))\n    .join('/')\n}\n\nexport function decodeUrl(url: string): string {\n  return url\n    .split('/')\n    .map((e) => decodeURIComponent(e))\n    .join('/')\n}\n\nexport function objectPropertyFromString(obj: any, property: string): any {\n  const a = property.split('.')\n  let o = obj\n  for (let i = 0, n = a.length; i < n; i++) {\n    const k = a[i]\n    if (k in o) {\n      o = o[k]\n    } else {\n      return null\n    }\n  }\n  return o\n}\n\nexport function capitalizeString(value: string): string {\n  return value.charAt(0).toUpperCase() + value.slice(1)\n}\n\nexport function intersectPermissions(aPermissions: string, bPermissions: string, permissionsSeparator: string = SPACE_PERMS_SEP): string {\n  const aPerms = aPermissions.split(permissionsSeparator)\n  const bPerms = bPermissions.split(permissionsSeparator)\n  return aPerms\n    .filter((p: string) => p !== '' && p !== 'null' && bPerms.indexOf(p) > -1)\n    .sort()\n    .join(permissionsSeparator)\n}\n"],"names":["APP_URL","SERVER_NAME","capitalizeString","createLightSlug","createSlug","currentDate","currentTimeStamp","decodeUrl","encodeUrl","forbiddenChars","genPassword","intersectPermissions","isValidFileName","objectPropertyFromString","popFromObject","regExpInvalidFileName","regExpNumberSuffix","regExpPreventPathTraversal","WEBSITE","RELEASES","SERVER_VERSION_MANIFEST","fileName","test","Error","date","ms","Math","floor","Date","getTime","value","toISOString","split","input","replaceCount","r","toLowerCase","trim","replace","normalize","length","chars","password","i","randomNumber","random","substring","key","object","item","url","map","e","encodeURIComponent","join","decodeURIComponent","obj","property","a","o","n","k","charAt","toUpperCase","slice","aPermissions","bPermissions","permissionsSeparator","SPACE_PERMS_SEP","aPerms","bPerms","filter","p","indexOf","sort"],"mappings":"AAAA;;;;CAIC,GAED,iDAAiD;;;;;;;;;;;QAMpCA;eAAAA;;QAFAC;eAAAA;;QA4FGC;eAAAA;;QApDAC;eAAAA;;QAZAC;eAAAA;;QAJAC;eAAAA;;QAJAC;eAAAA;;QAmDAC;eAAAA;;QAPAC;eAAAA;;QApDHC;eAAAA;;QAoCGC;eAAAA;;QAgDAC;eAAAA;;QAlFAC;eAAAA;;QAgEAC;eAAAA;;QApBAC;eAAAA;;QAjDHC;eAAAA;;QAEAC;eAAAA;;QADAC;eAAAA;;;wBAZmB;AAEzB,MAAMhB,cAAc;AAEpB,MAAMD,UAAU;IACrBkB,SAAS;IACTC,UAAU;IACVC,yBAAyB;AAC3B;AAGO,MAAML,wBAAwB;AAC9B,MAAME,6BAA6B;AACnC,MAAMD,qBAAqB;AAC3B,MAAMP,iBAAiB;AAEvB,SAASG,gBAAgBS,QAAgB;IAC9C,IAAIN,sBAAsBO,IAAI,CAACD,WAAW;QACxC,MAAM,IAAIE,MAAM;IAClB;AACF;AAEO,SAASjB,iBAAiBkB,IAAW,EAAEC,KAAK,KAAK;IACtD,OAAOC,KAAKC,KAAK,CAAC,AAACH,CAAAA,OAAOA,OAAO,IAAII,MAAK,EAAGC,OAAO,KAAMJ,CAAAA,KAAK,IAAI,IAAG;AACxE;AAEO,SAASpB,YAAYyB,KAAc;IACxC,OAAO,IAAIF,KAAK,AAACE,CAAAA,QAAQA,QAAQ,IAAIF,OAAOG,WAAW,EAAC,EAAGC,KAAK,CAAC,IAAI,CAAC,EAAE;AAC1E;AAEO,SAAS5B,WAAW6B,KAAa,EAAEC,eAAe,KAAK;IAC5D,MAAMC,IAAIF,MACPG,WAAW,GACXC,IAAI,GACJC,OAAO,CAAC,YAAY,KACpBA,OAAO,CAAC,YAAY,IACpBC,SAAS,CAAC,OACVD,OAAO,CAAC,oBAAoB;IAC/B,IAAIJ,cAAc,OAAOC,EAAEG,OAAO,CAACtB,oBAAoB;IACvD,OAAOmB;AACT;AAEO,SAAShC,gBAAgB8B,KAAa;IAC3C,OAAOA,MACJG,WAAW,GACXC,IAAI,GACJE,SAAS,CAAC,OACVD,OAAO,CAAC,oBAAoB;AACjC;AAEO,SAAS5B,YAAY8B,SAAS,EAAE;IACrC,MAAMC,QAAQ;IACd,IAAIC,WAAW;IACf,IAAK,IAAIC,IAAI,GAAGA,KAAKH,QAAQG,IAAK;QAChC,MAAMC,eAAelB,KAAKC,KAAK,CAACD,KAAKmB,MAAM,KAAKJ,MAAMD,MAAM;QAC5DE,YAAYD,MAAMK,SAAS,CAACF,cAAcA,eAAe;IAC3D;IACA,OAAOF;AACT;AAEO,SAAS5B,cAAciC,GAAW,EAAEC,MAAW;IACpD,MAAMC,OAAOD,MAAM,CAACD,IAAI;IACxB,OAAOC,MAAM,CAACD,IAAI;IAClB,OAAOE;AACT;AAEO,SAASzC,UAAU0C,GAAW;IACnC,OAAOA,IACJlB,KAAK,CAAC,KACNmB,GAAG,CAAC,CAACC,IAAMC,mBAAmBD,IAC9BE,IAAI,CAAC;AACV;AAEO,SAAS/C,UAAU2C,GAAW;IACnC,OAAOA,IACJlB,KAAK,CAAC,KACNmB,GAAG,CAAC,CAACC,IAAMG,mBAAmBH,IAC9BE,IAAI,CAAC;AACV;AAEO,SAASzC,yBAAyB2C,GAAQ,EAAEC,QAAgB;IACjE,MAAMC,IAAID,SAASzB,KAAK,CAAC;IACzB,IAAI2B,IAAIH;IACR,IAAK,IAAIb,IAAI,GAAGiB,IAAIF,EAAElB,MAAM,EAAEG,IAAIiB,GAAGjB,IAAK;QACxC,MAAMkB,IAAIH,CAAC,CAACf,EAAE;QACd,IAAIkB,KAAKF,GAAG;YACVA,IAAIA,CAAC,CAACE,EAAE;QACV,OAAO;YACL,OAAO;QACT;IACF;IACA,OAAOF;AACT;AAEO,SAASzD,iBAAiB4B,KAAa;IAC5C,OAAOA,MAAMgC,MAAM,CAAC,GAAGC,WAAW,KAAKjC,MAAMkC,KAAK,CAAC;AACrD;AAEO,SAASrD,qBAAqBsD,YAAoB,EAAEC,YAAoB,EAAEC,uBAA+BC,uBAAe;IAC7H,MAAMC,SAASJ,aAAajC,KAAK,CAACmC;IAClC,MAAMG,SAASJ,aAAalC,KAAK,CAACmC;IAClC,OAAOE,OACJE,MAAM,CAAC,CAACC,IAAcA,MAAM,MAAMA,MAAM,UAAUF,OAAOG,OAAO,CAACD,KAAK,CAAC,GACvEE,IAAI,GACJpB,IAAI,CAACa;AACV"}

package/server/infrastructure/context/services/context-manager.service.js

@@ -24,6 +24,9 @@ function _ts_metadata(k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 }
 let ContextManager = class ContextManager {
+    headerOriginUrl() {
+        return this.storage.getStore() ? this.storage.getStore().headerOriginUrl : undefined;
+    }
     get(key) {
         return this.storage.getStore() ? this.storage.getStore()[key] : undefined;
     }

package/server/infrastructure/context/services/context-manager.service.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../../backend/src/infrastructure/context/services/context-manager.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { AsyncLocalStorage } from 'node:async_hooks'\nimport type { Observable } from 'rxjs'\nimport { ContextStore } from '../interfaces/context-store.interface'\n\n@Injectable()\nexport class ContextManager {\n  private readonly storage: AsyncLocalStorage<ContextStore>\n\n  constructor() {\n    this.storage = new AsyncLocalStorage<ContextStore>()\n  }\n\n  get(key: keyof ContextStore): any {\n    return this.storage.getStore() ? this.storage.getStore()[key] : undefined\n  }\n\n  run(context: ContextStore, cb: () => unknown): Observable<unknown> {\n    return this.storage.run(context, cb) as Observable<unknown>\n  }\n}\n"],"names":["ContextManager","get","key","storage","getStore","undefined","run","context","cb","AsyncLocalStorage"],"mappings":"AAAA;;;;CAIC;;;;+BAQYA;;;eAAAA;;;wBANc;iCACO;;;;;;;;;;AAK3B,IAAA,AAAMA,iBAAN,MAAMA;IAOXC,IAAIC,GAAuB,EAAO;QAChC,OAAO,IAAI,CAACC,OAAO,CAACC,QAAQ,KAAK,IAAI,CAACD,OAAO,CAACC,QAAQ,EAAE,CAACF,IAAI,GAAGG;IAClE;IAEAC,IAAIC,OAAqB,EAAEC,EAAiB,EAAuB;QACjE,OAAO,IAAI,CAACL,OAAO,CAACG,GAAG,CAACC,SAASC;IACnC;IAVA,aAAc;QACZ,IAAI,CAACL,OAAO,GAAG,IAAIM,kCAAiB;IACtC;AASF"}
+{"version":3,"sources":["../../../../../backend/src/infrastructure/context/services/context-manager.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { AsyncLocalStorage } from 'node:async_hooks'\nimport type { Observable } from 'rxjs'\nimport { ContextStore } from '../interfaces/context-store.interface'\n\n@Injectable()\nexport class ContextManager {\n  private readonly storage: AsyncLocalStorage<ContextStore>\n\n  constructor() {\n    this.storage = new AsyncLocalStorage<ContextStore>()\n  }\n\n  headerOriginUrl(): string {\n    return this.storage.getStore() ? this.storage.getStore().headerOriginUrl : undefined\n  }\n\n  get(key: keyof ContextStore): any {\n    return this.storage.getStore() ? this.storage.getStore()[key] : undefined\n  }\n\n  run(context: ContextStore, cb: () => unknown): Observable<unknown> {\n    return this.storage.run(context, cb) as Observable<unknown>\n  }\n}\n"],"names":["ContextManager","headerOriginUrl","storage","getStore","undefined","get","key","run","context","cb","AsyncLocalStorage"],"mappings":"AAAA;;;;CAIC;;;;+BAQYA;;;eAAAA;;;wBANc;iCACO;;;;;;;;;;AAK3B,IAAA,AAAMA,iBAAN,MAAMA;IAOXC,kBAA0B;QACxB,OAAO,IAAI,CAACC,OAAO,CAACC,QAAQ,KAAK,IAAI,CAACD,OAAO,CAACC,QAAQ,GAAGF,eAAe,GAAGG;IAC7E;IAEAC,IAAIC,GAAuB,EAAO;QAChC,OAAO,IAAI,CAACJ,OAAO,CAACC,QAAQ,KAAK,IAAI,CAACD,OAAO,CAACC,QAAQ,EAAE,CAACG,IAAI,GAAGF;IAClE;IAEAG,IAAIC,OAAqB,EAAEC,EAAiB,EAAuB;QACjE,OAAO,IAAI,CAACP,OAAO,CAACK,GAAG,CAACC,SAASC;IACnC;IAdA,aAAc;QACZ,IAAI,CAACP,OAAO,GAAG,IAAIQ,kCAAiB;IACtC;AAaF"}

package/server/infrastructure/websocket/adapters/cluster.adapter.js

@@ -24,12 +24,12 @@ function _ts_decorate(decorators, target, key, desc) {
 let ClusterAdapter = class ClusterAdapter extends _platformsocketio.IoAdapter {
     createIOServer(port, options) {
         const server = super.createIOServer(port, options);
-        server.adapter(this.clusterAdapter);
+        // Prevent the connection from closing too early when NestJS shutdown hooks are enabled, which can cause errors on exit
+        server.close = ()=>void 0;
+        const adapter = (0, _clusteradapter.createAdapter)();
+        server.adapter(adapter);
         return server;
     }
-    constructor(...args){
-        super(...args), this.clusterAdapter = (0, _clusteradapter.createAdapter)();
-    }
 };
 ClusterAdapter = _ts_decorate([
     (0, _common.Injectable)()

package/server/infrastructure/websocket/adapters/cluster.adapter.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../../backend/src/infrastructure/websocket/adapters/cluster.adapter.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { IoAdapter } from '@nestjs/platform-socket.io'\nimport { createAdapter } from '@socket.io/cluster-adapter'\nimport { ServerOptions } from 'socket.io'\n\n@Injectable()\nexport class ClusterAdapter extends IoAdapter {\n  private readonly clusterAdapter = createAdapter()\n\n  createIOServer(port: number, options?: ServerOptions): any {\n    const server = super.createIOServer(port, options)\n    server.adapter(this.clusterAdapter)\n    return server\n  }\n}\n"],"names":["ClusterAdapter","IoAdapter","createIOServer","port","options","server","adapter","clusterAdapter","createAdapter"],"mappings":"AAAA;;;;CAIC;;;;+BAQYA;;;eAAAA;;;wBANc;kCACD;gCACI;;;;;;;AAIvB,IAAA,AAAMA,iBAAN,MAAMA,uBAAuBC,2BAAS;IAG3CC,eAAeC,IAAY,EAAEC,OAAuB,EAAO;QACzD,MAAMC,SAAS,KAAK,CAACH,eAAeC,MAAMC;QAC1CC,OAAOC,OAAO,CAAC,IAAI,CAACC,cAAc;QAClC,OAAOF;IACT;;QAPK,qBACYE,iBAAiBC,IAAAA,6BAAa;;AAOjD"}
+{"version":3,"sources":["../../../../../backend/src/infrastructure/websocket/adapters/cluster.adapter.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { IoAdapter } from '@nestjs/platform-socket.io'\nimport { createAdapter } from '@socket.io/cluster-adapter'\nimport { ServerOptions } from 'socket.io'\n\n@Injectable()\nexport class ClusterAdapter extends IoAdapter {\n  createIOServer(port: number, options?: ServerOptions): any {\n    const server = super.createIOServer(port, options)\n    // Prevent the connection from closing too early when NestJS shutdown hooks are enabled, which can cause errors on exit\n    server.close = () => void 0\n    const adapter: ReturnType<typeof createAdapter> = createAdapter()\n    server.adapter(adapter)\n    return server\n  }\n}\n"],"names":["ClusterAdapter","IoAdapter","createIOServer","port","options","server","close","adapter","createAdapter"],"mappings":"AAAA;;;;CAIC;;;;+BAQYA;;;eAAAA;;;wBANc;kCACD;gCACI;;;;;;;AAIvB,IAAA,AAAMA,iBAAN,MAAMA,uBAAuBC,2BAAS;IAC3CC,eAAeC,IAAY,EAAEC,OAAuB,EAAO;QACzD,MAAMC,SAAS,KAAK,CAACH,eAAeC,MAAMC;QAC1C,uHAAuH;QACvHC,OAAOC,KAAK,GAAG,IAAM,KAAK;QAC1B,MAAMC,UAA4CC,IAAAA,6BAAa;QAC/DH,OAAOE,OAAO,CAACA;QACf,OAAOF;IACT;AACF"}