npm - claude-flow-novice - Versions diffs - 2.15.11 → 2.16.0 - Mend

claude-flow-novice 2.15.11 → 2.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (636) hide show

package/dist/services/authentication.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/services/authentication.ts"],"sourcesContent":["/**\r\n * Authentication Service\r\n * \r\n * Comprehensive authentication service with JWT tokens, refresh tokens,\r\n * session management, and security features.\r\n */\r\n\r\nimport * as bcrypt from 'bcrypt';\r\nimport * as jwt from 'jsonwebtoken';\r\nimport { Redis } from 'ioredis';\r\nimport { Database } from 'better-sqlite3';\r\nimport { createLogger } from '../lib/logging.js';\r\nimport { StandardError, ErrorCode } from '../lib/errors.js';\r\nimport { AuthMiddleware } from '../middleware/auth-middleware.js';\r\n\r\nconst logger = createLogger('authentication-service');\r\n\r\nexport interface AuthUser {\r\n id: string;\r\n username: string;\r\n email: string;\r\n role: string;\r\n isActive?: boolean;\r\n}\r\n\r\nexport interface UserRegistrationRequest {\r\n username: string;\r\n email: string;\r\n password: string;\r\n role?: string;\r\n}\r\n\r\nexport interface LoginRequest {\r\n email: string;\r\n password: string;\r\n}\r\n\r\nexport interface TokenPair {\r\n accessToken: string;\r\n refreshToken: string;\r\n expiresIn: number;\r\n tokenType: string;\r\n}\r\n\r\nexport interface AuthConfig {\r\n redis: Redis;\r\n database: Database;\r\n jwtSecret: string;\r\n jwtExpiration?: string;\r\n refreshExpiration?: string;\r\n maxSessionsPerUser?: number;\r\n maxLoginAttempts?: number;\r\n lockoutDuration?: number;\r\n}\r\n\r\nexport interface UserProfile {\r\n id: string;\r\n username: string;\r\n email: string;\r\n role: string;\r\n createdAt: Date;\r\n lastLogin?: Date;\r\n}\r\n\r\nexport class AuthenticationService {\r\n private redis: Redis;\r\n private database: Database;\r\n private authMiddleware: AuthMiddleware;\r\n private config: Required<Omit<AuthConfig, 'redis' | 'database' | 'authMiddleware'>>;\r\n\r\n constructor(config: AuthConfig) {\r\n this.redis = config.redis;\r\n this.database = config.database;\r\n this.authMiddleware = new AuthMiddleware(config.jwtSecret);\r\n \r\n this.config = {\r\n jwtExpiration: config.jwtExpiration || '15m',\r\n refreshExpiration: config.refreshExpiration || '7d',\r\n maxSessionsPerUser: config.maxSessionsPerUser || 3,\r\n maxLoginAttempts: config.maxLoginAttempts || 5,\r\n lockoutDuration: config.lockoutDuration || 15 * 60 * 1000, // 15 minutes\r\n };\r\n\r\n this.initializeDatabase();\r\n }\r\n\r\n /**\r\n * Initialize database tables for user management\r\n */\r\n private initializeDatabase(): void {\r\n try {\r\n this.database.exec(`\r\n CREATE TABLE IF NOT EXISTS users (\r\n id TEXT PRIMARY KEY,\r\n username TEXT NOT NULL UNIQUE,\r\n email TEXT NOT NULL UNIQUE,\r\n password_hash TEXT NOT NULL,\r\n role TEXT NOT NULL DEFAULT 'developer',\r\n is_active BOOLEAN DEFAULT true,\r\n failed_login_attempts INTEGER DEFAULT 0,\r\n locked_until TIMESTAMP,\r\n created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,\r\n updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,\r\n last_login TIMESTAMP\r\n );\r\n\r\n CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);\r\n CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);\r\n CREATE INDEX IF NOT EXISTS idx_users_active ON users(is_active);\r\n `);\r\n\r\n logger.info('Database tables initialized for authentication service');\r\n } catch (error) {\r\n logger.error('Failed to initialize database tables:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Failed to initialize authentication service',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Register a new user\r\n */\r\n async registerUser(userData: UserRegistrationRequest): Promise<{ user: UserProfile; tokens: TokenPair }> {\r\n try {\r\n // Validate input\r\n this.validateRegistrationData(userData);\r\n\r\n // Check if user already exists\r\n const existingUser = this.database.prepare(`\r\n SELECT id FROM users WHERE email = ? OR username = ?\r\n `).get(userData.email, userData.username);\r\n\r\n if (existingUser) {\r\n throw new StandardError(\r\n ErrorCode.CONFLICT,\r\n 'User with this email or username already exists',\r\n { field: existingUser.id ? 'email' : 'username' }\r\n );\r\n }\r\n\r\n // Hash password\r\n const passwordHash = await bcrypt.hash(userData.password, 12);\r\n\r\n // Create user\r\n const userId = this.generateId();\r\n const now = new Date().toISOString();\r\n\r\n this.database.prepare(`\r\n INSERT INTO users (id, username, email, password_hash, role, created_at, updated_at)\r\n VALUES (?, ?, ?, ?, ?, ?, ?)\r\n `).run(\r\n userId,\r\n userData.username,\r\n userData.email,\r\n passwordHash,\r\n userData.role || 'developer',\r\n now,\r\n now\r\n );\r\n\r\n const user: UserProfile = {\r\n id: userId,\r\n username: userData.username,\r\n email: userData.email,\r\n role: userData.role || 'developer',\r\n createdAt: new Date(now),\r\n };\r\n\r\n // Generate tokens\r\n const tokens = await this.generateTokenPair(user);\r\n\r\n logger.info('User registered successfully', { userId, email: userData.email });\r\n\r\n return { user, tokens };\r\n } catch (error) {\r\n if (error instanceof StandardError) {\r\n throw error;\r\n }\r\n logger.error('User registration failed:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Registration failed',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Authenticate user and generate tokens\r\n */\r\n async loginUser(loginData: LoginRequest, ipAddress?: string, userAgent?: string): Promise<{ user: UserProfile; tokens: TokenPair }> {\r\n try {\r\n // Get user by email\r\n const user = this.database.prepare(`\r\n SELECT id, username, email, password_hash, role, is_active, failed_login_attempts, locked_until\r\n FROM users WHERE email = ?\r\n `).get(loginData.email) as any;\r\n\r\n if (!user) {\r\n await this.recordFailedLogin(loginData.email, ipAddress);\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Invalid email or password',\r\n { code: 'INVALID_CREDENTIALS' }\r\n );\r\n }\r\n\r\n // Check if account is locked\r\n if (user.locked_until && new Date(user.locked_until) > new Date()) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Account temporarily locked due to too many failed login attempts',\r\n { \r\n code: 'ACCOUNT_LOCKED',\r\n lockedUntil: user.locked_until\r\n }\r\n );\r\n }\r\n\r\n // Check if account is active\r\n if (!user.is_active) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Account is deactivated',\r\n { code: 'ACCOUNT_DEACTIVATED' }\r\n );\r\n }\r\n\r\n // Verify password\r\n const isPasswordValid = await bcrypt.compare(loginData.password, user.password_hash);\r\n if (!isPasswordValid) {\r\n await this.recordFailedLogin(loginData.email, ipAddress);\r\n await this.incrementFailedAttempts(user.id);\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Invalid email or password',\r\n { code: 'INVALID_CREDENTIALS' }\r\n );\r\n }\r\n\r\n // Reset failed attempts on successful login\r\n await this.resetFailedAttempts(user.id);\r\n\r\n // Update last login\r\n this.database.prepare(`\r\n UPDATE users SET last_login = ?, updated_at = ? WHERE id = ?\r\n `).run(new Date().toISOString(), new Date().toISOString(), user.id);\r\n\r\n const userProfile: UserProfile = {\r\n id: user.id,\r\n username: user.username,\r\n email: user.email,\r\n role: user.role,\r\n createdAt: new Date(user.created_at),\r\n lastLogin: new Date(),\r\n };\r\n\r\n // Manage concurrent sessions\r\n await this.manageConcurrentSessions(user.id);\r\n\r\n // Generate tokens\r\n const tokens = await this.generateTokenPair(userProfile, ipAddress, userAgent);\r\n\r\n logger.info('User logged in successfully', { \r\n userId: user.id, \r\n email: user.email,\r\n ipAddress \r\n });\r\n\r\n return { user: userProfile, tokens };\r\n } catch (error) {\r\n if (error instanceof StandardError) {\r\n throw error;\r\n }\r\n logger.error('Login failed:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Login failed',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Refresh access token using refresh token\r\n */\r\n async refreshToken(refreshToken: string): Promise<TokenPair> {\r\n try {\r\n // Validate refresh token\r\n const tokenData = await this.validateRefreshToken(refreshToken);\r\n \r\n // Get current user data\r\n const user = this.database.prepare(`\r\n SELECT id, username, email, role, is_active\r\n FROM users WHERE id = ? AND is_active = true\r\n `).get(tokenData.userId) as any;\r\n\r\n if (!user) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'User not found or inactive',\r\n { code: 'USER_INACTIVE' }\r\n );\r\n }\r\n\r\n const userProfile: UserProfile = {\r\n id: user.id,\r\n username: user.username,\r\n email: user.email,\r\n role: user.role,\r\n createdAt: new Date(),\r\n };\r\n\r\n // Generate new token pair (refresh token rotation)\r\n const tokens = await this.generateTokenPair(userProfile);\r\n\r\n // Invalidate old refresh token (rotation)\r\n await this.invalidateRefreshToken(refreshToken);\r\n\r\n logger.info('Token refreshed successfully', { userId: user.id });\r\n\r\n return tokens;\r\n } catch (error) {\r\n if (error instanceof StandardError) {\r\n throw error;\r\n }\r\n logger.error('Token refresh failed:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Token refresh failed',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Logout user and invalidate tokens\r\n */\r\n async logout(userId: string, accessToken: string, refreshToken?: string): Promise<void> {\r\n try {\r\n const tokenPayload = this.authMiddleware.validateToken(accessToken);\r\n \r\n // Invalidate access token (add to blacklist)\r\n await this.addToBlacklist(accessToken, tokenPayload.exp);\r\n\r\n // Invalidate refresh token if provided\r\n if (refreshToken) {\r\n await this.invalidateRefreshToken(refreshToken);\r\n }\r\n\r\n // Remove session\r\n await this.removeSession(userId, tokenPayload.jti);\r\n\r\n logger.info('User logged out successfully', { userId });\r\n } catch (error) {\r\n logger.error('Logout failed:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Logout failed',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Logout from all sessions\r\n */\r\n async logoutAllSessions(userId: string, accessToken: string): Promise<void> {\r\n try {\r\n // Get all user sessions\r\n const sessionKey = `sessions:${userId}`;\r\n const sessionIds = await this.redis.smembers(sessionKey);\r\n\r\n // Remove all sessions\r\n for (const sessionId of sessionIds) {\r\n await this.redis.del(`session:${sessionId}`);\r\n }\r\n\r\n // Clear session set\r\n await this.redis.del(sessionKey);\r\n\r\n // Blacklist current access token\r\n const tokenPayload = this.authMiddleware.validateToken(accessToken);\r\n await this.addToBlacklist(accessToken, tokenPayload.exp);\r\n\r\n logger.info('All sessions terminated', { userId, sessionCount: sessionIds.length });\r\n } catch (error) {\r\n logger.error('Logout all sessions failed:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Failed to terminate all sessions',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Get user profile\r\n */\r\n async getUserProfile(userId: string): Promise<UserProfile> {\r\n try {\r\n const user = this.database.prepare(`\r\n SELECT id, username, email, role, created_at, last_login\r\n FROM users WHERE id = ? AND is_active = true\r\n `).get(userId) as any;\r\n\r\n if (!user) {\r\n throw new StandardError(\r\n ErrorCode.NOT_FOUND,\r\n 'User not found',\r\n { code: 'USER_NOT_FOUND' }\r\n );\r\n }\r\n\r\n return {\r\n id: user.id,\r\n username: user.username,\r\n email: user.email,\r\n role: user.role,\r\n createdAt: new Date(user.created_at),\r\n lastLogin: user.last_login ? new Date(user.last_login) : undefined,\r\n };\r\n } catch (error) {\r\n if (error instanceof StandardError) {\r\n throw error;\r\n }\r\n logger.error('Get user profile failed:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Failed to get user profile',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Update user profile\r\n */\r\n async updateUserProfile(userId: string, updates: Partial<{ username: string; email: string }>): Promise<UserProfile> {\r\n try {\r\n // Validate updates\r\n if (updates.username) {\r\n this.validateUsername(updates.username);\r\n \r\n // Check if username is already taken\r\n const existingUser = this.database.prepare(`\r\n SELECT id FROM users WHERE username = ? AND id != ?\r\n `).get(updates.username, userId);\r\n\r\n if (existingUser) {\r\n throw new StandardError(\r\n ErrorCode.CONFLICT,\r\n 'Username already taken',\r\n { field: 'username' }\r\n );\r\n }\r\n }\r\n\r\n if (updates.email) {\r\n this.validateEmail(updates.email);\r\n \r\n // Check if email is already taken\r\n const existingUser = this.database.prepare(`\r\n SELECT id FROM users WHERE email = ? AND id != ?\r\n `).get(updates.email, userId);\r\n\r\n if (existingUser) {\r\n throw new StandardError(\r\n ErrorCode.CONFLICT,\r\n 'Email already taken',\r\n { field: 'email' }\r\n );\r\n }\r\n }\r\n\r\n // Build update query\r\n const fields = [];\r\n const values = [];\r\n \r\n if (updates.username) {\r\n fields.push('username = ?');\r\n values.push(updates.username);\r\n }\r\n \r\n if (updates.email) {\r\n fields.push('email = ?');\r\n values.push(updates.email);\r\n }\r\n \r\n fields.push('updated_at = ?');\r\n values.push(new Date().toISOString());\r\n values.push(userId);\r\n\r\n // Update user\r\n if (fields.length > 1) {\r\n this.database.prepare(`\r\n UPDATE users SET ${fields.join(', ')} WHERE id = ?\r\n `).run(...values);\r\n }\r\n\r\n // Return updated profile\r\n return await this.getUserProfile(userId);\r\n } catch (error) {\r\n if (error instanceof StandardError) {\r\n throw error;\r\n }\r\n logger.error('Update user profile failed:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Failed to update profile',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Change user password\r\n */\r\n async changePassword(userId: string, currentPassword: string, newPassword: string): Promise<void> {\r\n try {\r\n // Validate new password\r\n this.validatePasswordStrength(newPassword);\r\n\r\n // Get current user\r\n const user = this.database.prepare(`\r\n SELECT id, password_hash\r\n FROM users WHERE id = ? AND is_active = true\r\n `).get(userId) as any;\r\n\r\n if (!user) {\r\n throw new StandardError(\r\n ErrorCode.NOT_FOUND,\r\n 'User not found',\r\n { code: 'USER_NOT_FOUND' }\r\n );\r\n }\r\n\r\n // Verify current password\r\n const isCurrentPasswordValid = await bcrypt.compare(currentPassword, user.password_hash);\r\n if (!isCurrentPasswordValid) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Current password is incorrect',\r\n { code: 'INVALID_CURRENT_PASSWORD' }\r\n );\r\n }\r\n\r\n // Hash new password\r\n const newPasswordHash = await bcrypt.hash(newPassword, 12);\r\n\r\n // Update password\r\n this.database.prepare(`\r\n UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?\r\n `).run(newPasswordHash, new Date().toISOString(), userId);\r\n\r\n // Invalidate all sessions (force re-login)\r\n await this.logoutAllSessions(userId, '');\r\n\r\n logger.info('Password changed successfully', { userId });\r\n } catch (error) {\r\n if (error instanceof StandardError) {\r\n throw error;\r\n }\r\n logger.error('Change password failed:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Failed to change password',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Generate token pair for user\r\n */\r\n private async generateTokenPair(\r\n user: UserProfile, \r\n ipAddress?: string, \r\n userAgent?: string\r\n ): Promise<TokenPair> {\r\n try {\r\n // Generate access token\r\n const accessToken = this.authMiddleware.generateToken(\r\n user.id,\r\n user.username,\r\n user.role as any,\r\n user.email\r\n );\r\n\r\n // Generate refresh token\r\n const refreshToken = jwt.sign(\r\n { \r\n userId: user.id,\r\n type: 'refresh',\r\n sessionId: this.generateId(),\r\n },\r\n process.env.JWT_SECRET || 'default-secret',\r\n { expiresIn: this.config.refreshExpiration }\r\n );\r\n\r\n // Store refresh token in Redis\r\n const refreshKey = `refresh:${refreshToken}`;\r\n const refreshData = {\r\n userId: user.id,\r\n type: 'refresh',\r\n ipAddress,\r\n userAgent,\r\n createdAt: new Date().toISOString(),\r\n };\r\n\r\n await this.redis.setex(\r\n refreshKey,\r\n this.parseExpiration(this.config.refreshExpiration),\r\n JSON.stringify(refreshData)\r\n );\r\n\r\n // Store session\r\n const sessionId = this.generateId();\r\n const sessionKey = `session:${sessionId}`;\r\n const sessionData = {\r\n userId: user.id,\r\n username: user.username,\r\n email: user.email,\r\n role: user.role,\r\n ipAddress,\r\n userAgent,\r\n createdAt: new Date().toISOString(),\r\n };\r\n\r\n await this.redis.setex(\r\n sessionKey,\r\n this.parseExpiration(this.config.jwtExpiration),\r\n JSON.stringify(sessionData)\r\n );\r\n\r\n // Add session to user's session set\r\n await this.redis.sadd(`sessions:${user.id}`, sessionId);\r\n await this.redis.expire(`sessions:${user.id}`, this.parseExpiration(this.config.refreshExpiration));\r\n\r\n return {\r\n accessToken,\r\n refreshToken,\r\n expiresIn: this.parseExpiration(this.config.jwtExpiration),\r\n tokenType: 'Bearer',\r\n };\r\n } catch (error) {\r\n logger.error('Token generation failed:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Failed to generate tokens',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Validate refresh token\r\n */\r\n private async validateRefreshToken(refreshToken: string): Promise<any> {\r\n try {\r\n // Check if refresh token exists in Redis\r\n const refreshKey = `refresh:${refreshToken}`;\r\n const tokenData = await this.redis.get(refreshKey);\r\n\r\n if (!tokenData) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Invalid or expired refresh token',\r\n { code: 'INVALID_REFRESH_TOKEN' }\r\n );\r\n }\r\n\r\n // Verify JWT token\r\n const decoded = jwt.verify(refreshToken, process.env.JWT_SECRET || 'default-secret') as any;\r\n \r\n if (decoded.type !== 'refresh') {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Invalid token type',\r\n { code: 'INVALID_TOKEN_TYPE' }\r\n );\r\n }\r\n\r\n return decoded;\r\n } catch (error) {\r\n if (error instanceof StandardError) {\r\n throw error;\r\n }\r\n if (error instanceof jwt.TokenExpiredError) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Refresh token has expired',\r\n { code: 'REFRESH_TOKEN_EXPIRED' }\r\n );\r\n }\r\n if (error instanceof jwt.JsonWebTokenError) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Invalid refresh token',\r\n { code: 'INVALID_REFRESH_TOKEN' }\r\n );\r\n }\r\n throw error;\r\n }\r\n }\r\n\r\n /**\r\n * Invalidate refresh token\r\n */\r\n private async invalidateRefreshToken(refreshToken: string): Promise<void> {\r\n try {\r\n const refreshKey = `refresh:${refreshToken}`;\r\n await this.redis.del(refreshKey);\r\n } catch (error) {\r\n logger.error('Failed to invalidate refresh token:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Add token to blacklist\r\n */\r\n private async addToBlacklist(token: string, expirationTime: number): Promise<void> {\r\n try {\r\n const blacklistKey = `blacklist:${this.hashToken(token)}`;\r\n const ttl = expirationTime - Math.floor(Date.now() / 1000);\r\n \r\n if (ttl > 0) {\r\n await this.redis.setex(blacklistKey, ttl, '1');\r\n }\r\n } catch (error) {\r\n logger.error('Failed to add token to blacklist:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Remove session\r\n */\r\n private async removeSession(userId: string, sessionId: string): Promise<void> {\r\n try {\r\n await this.redis.del(`session:${sessionId}`);\r\n await this.redis.srem(`sessions:${userId}`, sessionId);\r\n } catch (error) {\r\n logger.error('Failed to remove session:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Manage concurrent sessions\r\n */\r\n private async manageConcurrentSessions(userId: string): Promise<void> {\r\n try {\r\n const sessionKey = `sessions:${userId}`;\r\n const sessionIds = await this.redis.smembers(sessionKey);\r\n\r\n if (sessionIds.length >= this.config.maxSessionsPerUser) {\r\n // Remove oldest session\r\n const oldestSessionId = sessionIds[0];\r\n await this.removeSession(userId, oldestSessionId);\r\n }\r\n } catch (error) {\r\n logger.error('Failed to manage concurrent sessions:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Record failed login attempt\r\n */\r\n private async recordFailedLogin(email: string, ipAddress?: string): Promise<void> {\r\n try {\r\n const key = `failed_login:${email}:${ipAddress || 'unknown'}`;\r\n await this.redis.incr(key);\r\n await this.redis.expire(key, this.config.lockoutDuration / 1000);\r\n } catch (error) {\r\n logger.error('Failed to record failed login:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Increment failed login attempts for user\r\n */\r\n private async incrementFailedAttempts(userId: string): Promise<void> {\r\n try {\r\n const user = this.database.prepare(`\r\n SELECT failed_login_attempts FROM users WHERE id = ?\r\n `).get(userId) as any;\r\n\r\n if (user) {\r\n const newAttempts = user.failed_login_attempts + 1;\r\n const lockedUntil = newAttempts >= this.config.maxLoginAttempts \r\n ? new Date(Date.now() + this.config.lockoutDuration).toISOString()\r\n : null;\r\n\r\n this.database.prepare(`\r\n UPDATE users SET failed_login_attempts = ?, locked_until = ?, updated_at = ?\r\n WHERE id = ?\r\n `).run(newAttempts, lockedUntil, new Date().toISOString(), userId);\r\n }\r\n } catch (error) {\r\n logger.error('Failed to increment failed attempts:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Reset failed login attempts for user\r\n */\r\n private async resetFailedAttempts(userId: string): Promise<void> {\r\n try {\r\n this.database.prepare(`\r\n UPDATE users SET failed_login_attempts = 0, locked_until = null, updated_at = ?\r\n WHERE id = ?\r\n `).run(new Date().toISOString(), userId);\r\n } catch (error) {\r\n logger.error('Failed to reset failed attempts:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Validation methods\r\n */\r\n private validateRegistrationData(data: UserRegistrationRequest): void {\r\n if (!data.username || data.username.trim().length < 3) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Username must be at least 3 characters long',\r\n { field: 'username' }\r\n );\r\n }\r\n\r\n this.validateUsername(data.username);\r\n this.validateEmail(data.email);\r\n this.validatePasswordStrength(data.password);\r\n\r\n if (data.role && !['admin', 'developer', 'readonly'].includes(data.role)) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Invalid role specified',\r\n { field: 'role' }\r\n );\r\n }\r\n }\r\n\r\n private validateUsername(username: string): void {\r\n if (!/^[a-zA-Z0-9_-]+$/.test(username)) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Username can only contain letters, numbers, underscores, and hyphens',\r\n { field: 'username' }\r\n );\r\n }\r\n }\r\n\r\n private validateEmail(email: string): void {\r\n const emailRegex = /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/;\r\n if (!emailRegex.test(email)) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Invalid email format',\r\n { field: 'email' }\r\n );\r\n }\r\n }\r\n\r\n private validatePasswordStrength(password: string): void {\r\n if (password.length < 8) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Password must be at least 8 characters long',\r\n { field: 'password' }\r\n );\r\n }\r\n\r\n if (!/[A-Z]/.test(password)) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Password must contain at least one uppercase letter',\r\n { field: 'password' }\r\n );\r\n }\r\n\r\n if (!/[a-z]/.test(password)) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Password must contain at least one lowercase letter',\r\n { field: 'password' }\r\n );\r\n }\r\n\r\n if (!/\\d/.test(password)) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Password must contain at least one number',\r\n { field: 'password' }\r\n );\r\n }\r\n\r\n if (!/[!@#$%^&*(),.?\":{}|<>]/.test(password)) {\r\n throw new StandardError(\r\n ErrorCode.VALIDATION_FAILED,\r\n 'Password must contain at least one special character',\r\n { field: 'password' }\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Utility methods\r\n */\r\n private generateId(): string {\r\n return Math.random().toString(36).substring(2, 15) + \r\n Math.random().toString(36).substring(2, 15);\r\n }\r\n\r\n private parseExpiration(expiration: string): number {\r\n const match = expiration.match(/^(\\d+)([smhd])$/);\r\n if (!match) {\r\n return 3600; // Default to 1 hour\r\n }\r\n\r\n const value = parseInt(match[1], 10);\r\n const unit = match[2];\r\n\r\n switch (unit) {\r\n case 's': return value;\r\n case 'm': return value * 60;\r\n case 'h': return value * 3600;\r\n case 'd': return value * 86400;\r\n default: return 3600;\r\n }\r\n }\r\n\r\n private hashToken(token: string): string {\r\n return token.split('').reduce((acc, char) => {\r\n acc = ((acc << 5) - acc) + char.charCodeAt(0);\r\n return acc & acc;\r\n }, 0).toString(36);\r\n }\r\n}"],"names":["bcrypt","jwt","createLogger","StandardError","ErrorCode","AuthMiddleware","logger","AuthenticationService","redis","database","authMiddleware","config","jwtSecret","jwtExpiration","refreshExpiration","maxSessionsPerUser","maxLoginAttempts","lockoutDuration","initializeDatabase","exec","info","error","INTERNAL_ERROR","registerUser","userData","validateRegistrationData","existingUser","prepare","get","email","username","CONFLICT","field","id","passwordHash","hash","password","userId","generateId","now","Date","toISOString","run","role","user","createdAt","tokens","generateTokenPair","loginUser","loginData","ipAddress","userAgent","recordFailedLogin","VALIDATION_FAILED","code","locked_until","lockedUntil","is_active","isPasswordValid","compare","password_hash","incrementFailedAttempts","resetFailedAttempts","userProfile","created_at","lastLogin","manageConcurrentSessions","refreshToken","tokenData","validateRefreshToken","invalidateRefreshToken","logout","accessToken","tokenPayload","validateToken","addToBlacklist","exp","removeSession","jti","logoutAllSessions","sessionKey","sessionIds","smembers","sessionId","del","sessionCount","length","getUserProfile","NOT_FOUND","last_login","undefined","updateUserProfile","updates","validateUsername","validateEmail","fields","values","push","join","changePassword","currentPassword","newPassword","validatePasswordStrength","isCurrentPasswordValid","newPasswordHash","generateToken","sign","type","process","env","JWT_SECRET","expiresIn","refreshKey","refreshData","setex","parseExpiration","JSON","stringify","sessionData","sadd","expire","tokenType","decoded","verify","TokenExpiredError","JsonWebTokenError","token","expirationTime","blacklistKey","hashToken","ttl","Math","floor","srem","oldestSessionId","key","incr","newAttempts","failed_login_attempts","data","trim","includes","test","emailRegex","random","toString","substring","expiration","match","value","parseInt","unit","split","reduce","acc","char","charCodeAt"],"mappings":"AAAA;;;;;CAKC,GAED,YAAYA,YAAY,SAAS;AACjC,YAAYC,SAAS,eAAe;AAGpC,SAASC,YAAY,QAAQ,oBAAoB;AACjD,SAASC,aAAa,EAAEC,SAAS,QAAQ,mBAAmB;AAC5D,SAASC,cAAc,QAAQ,mCAAmC;AAElE,MAAMC,SAASJ,aAAa;AAiD5B,OAAO,MAAMK;IACHC,MAAa;IACbC,SAAmB;IACnBC,eAA+B;IAC/BC,OAA4E;IAEpF,YAAYA,MAAkB,CAAE;QAC9B,IAAI,CAACH,KAAK,GAAGG,OAAOH,KAAK;QACzB,IAAI,CAACC,QAAQ,GAAGE,OAAOF,QAAQ;QAC/B,IAAI,CAACC,cAAc,GAAG,IAAIL,eAAeM,OAAOC,SAAS;QAEzD,IAAI,CAACD,MAAM,GAAG;YACZE,eAAeF,OAAOE,aAAa,IAAI;YACvCC,mBAAmBH,OAAOG,iBAAiB,IAAI;YAC/CC,oBAAoBJ,OAAOI,kBAAkB,IAAI;YACjDC,kBAAkBL,OAAOK,gBAAgB,IAAI;YAC7CC,iBAAiBN,OAAOM,eAAe,IAAI,KAAK,KAAK;QACvD;QAEA,IAAI,CAACC,kBAAkB;IACzB;IAEA;;GAEC,GACD,AAAQA,qBAA2B;QACjC,IAAI;YACF,IAAI,CAACT,QAAQ,CAACU,IAAI,CAAC,CAAC;;;;;;;;;;;;;;;;;;MAkBpB,CAAC;YAEDb,OAAOc,IAAI,CAAC;QACd,EAAE,OAAOC,OAAO;YACdf,OAAOe,KAAK,CAAC,yCAAyCA;YACtD,MAAM,IAAIlB,cACRC,UAAUkB,cAAc,EACxB,+CACA,CAAC,GACDD;QAEJ;IACF;IAEA;;GAEC,GACD,MAAME,aAAaC,QAAiC,EAAqD;QACvG,IAAI;YACF,iBAAiB;YACjB,IAAI,CAACC,wBAAwB,CAACD;YAE9B,+BAA+B;YAC/B,MAAME,eAAe,IAAI,CAACjB,QAAQ,CAACkB,OAAO,CAAC,CAAC;;MAE5C,CAAC,EAAEC,GAAG,CAACJ,SAASK,KAAK,EAAEL,SAASM,QAAQ;YAExC,IAAIJ,cAAc;gBAChB,MAAM,IAAIvB,cACRC,UAAU2B,QAAQ,EAClB,mDACA;oBAAEC,OAAON,aAAaO,EAAE,GAAG,UAAU;gBAAW;YAEpD;YAEA,gBAAgB;YAChB,MAAMC,eAAe,MAAMlC,OAAOmC,IAAI,CAACX,SAASY,QAAQ,EAAE;YAE1D,cAAc;YACd,MAAMC,SAAS,IAAI,CAACC,UAAU;YAC9B,MAAMC,MAAM,IAAIC,OAAOC,WAAW;YAElC,IAAI,CAAChC,QAAQ,CAACkB,OAAO,CAAC,CAAC;;;MAGvB,CAAC,EAAEe,GAAG,CACJL,QACAb,SAASM,QAAQ,EACjBN,SAASK,KAAK,EACdK,cACAV,SAASmB,IAAI,IAAI,aACjBJ,KACAA;YAGF,MAAMK,OAAoB;gBACxBX,IAAII;gBACJP,UAAUN,SAASM,QAAQ;gBAC3BD,OAAOL,SAASK,KAAK;gBACrBc,MAAMnB,SAASmB,IAAI,IAAI;gBACvBE,WAAW,IAAIL,KAAKD;YACtB;YAEA,kBAAkB;YAClB,MAAMO,SAAS,MAAM,IAAI,CAACC,iBAAiB,CAACH;YAE5CtC,OAAOc,IAAI,CAAC,gCAAgC;gBAAEiB;gBAAQR,OAAOL,SAASK,KAAK;YAAC;YAE5E,OAAO;gBAAEe;gBAAME;YAAO;QACxB,EAAE,OAAOzB,OAAO;YACd,IAAIA,iBAAiBlB,eAAe;gBAClC,MAAMkB;YACR;YACAf,OAAOe,KAAK,CAAC,6BAA6BA;YAC1C,MAAM,IAAIlB,cACRC,UAAUkB,cAAc,EACxB,uBACA,CAAC,GACDD;QAEJ;IACF;IAEA;;GAEC,GACD,MAAM2B,UAAUC,SAAuB,EAAEC,SAAkB,EAAEC,SAAkB,EAAqD;QAClI,IAAI;YACF,oBAAoB;YACpB,MAAMP,OAAO,IAAI,CAACnC,QAAQ,CAACkB,OAAO,CAAC,CAAC;;;MAGpC,CAAC,EAAEC,GAAG,CAACqB,UAAUpB,KAAK;YAEtB,IAAI,CAACe,MAAM;gBACT,MAAM,IAAI,CAACQ,iBAAiB,CAACH,UAAUpB,KAAK,EAAEqB;gBAC9C,MAAM,IAAI/C,cACRC,UAAUiD,iBAAiB,EAC3B,6BACA;oBAAEC,MAAM;gBAAsB;YAElC;YAEA,6BAA6B;YAC7B,IAAIV,KAAKW,YAAY,IAAI,IAAIf,KAAKI,KAAKW,YAAY,IAAI,IAAIf,QAAQ;gBACjE,MAAM,IAAIrC,cACRC,UAAUiD,iBAAiB,EAC3B,oEACA;oBACEC,MAAM;oBACNE,aAAaZ,KAAKW,YAAY;gBAChC;YAEJ;YAEA,6BAA6B;YAC7B,IAAI,CAACX,KAAKa,SAAS,EAAE;gBACnB,MAAM,IAAItD,cACRC,UAAUiD,iBAAiB,EAC3B,0BACA;oBAAEC,MAAM;gBAAsB;YAElC;YAEA,kBAAkB;YAClB,MAAMI,kBAAkB,MAAM1D,OAAO2D,OAAO,CAACV,UAAUb,QAAQ,EAAEQ,KAAKgB,aAAa;YACnF,IAAI,CAACF,iBAAiB;gBACpB,MAAM,IAAI,CAACN,iBAAiB,CAACH,UAAUpB,KAAK,EAAEqB;gBAC9C,MAAM,IAAI,CAACW,uBAAuB,CAACjB,KAAKX,EAAE;gBAC1C,MAAM,IAAI9B,cACRC,UAAUiD,iBAAiB,EAC3B,6BACA;oBAAEC,MAAM;gBAAsB;YAElC;YAEA,4CAA4C;YAC5C,MAAM,IAAI,CAACQ,mBAAmB,CAAClB,KAAKX,EAAE;YAEtC,oBAAoB;YACpB,IAAI,CAACxB,QAAQ,CAACkB,OAAO,CAAC,CAAC;;MAEvB,CAAC,EAAEe,GAAG,CAAC,IAAIF,OAAOC,WAAW,IAAI,IAAID,OAAOC,WAAW,IAAIG,KAAKX,EAAE;YAElE,MAAM8B,cAA2B;gBAC/B9B,IAAIW,KAAKX,EAAE;gBACXH,UAAUc,KAAKd,QAAQ;gBACvBD,OAAOe,KAAKf,KAAK;gBACjBc,MAAMC,KAAKD,IAAI;gBACfE,WAAW,IAAIL,KAAKI,KAAKoB,UAAU;gBACnCC,WAAW,IAAIzB;YACjB;YAEA,6BAA6B;YAC7B,MAAM,IAAI,CAAC0B,wBAAwB,CAACtB,KAAKX,EAAE;YAE3C,kBAAkB;YAClB,MAAMa,SAAS,MAAM,IAAI,CAACC,iBAAiB,CAACgB,aAAab,WAAWC;YAEpE7C,OAAOc,IAAI,CAAC,+BAA+B;gBACzCiB,QAAQO,KAAKX,EAAE;gBACfJ,OAAOe,KAAKf,KAAK;gBACjBqB;YACF;YAEA,OAAO;gBAAEN,MAAMmB;gBAAajB;YAAO;QACrC,EAAE,OAAOzB,OAAO;YACd,IAAIA,iBAAiBlB,eAAe;gBAClC,MAAMkB;YACR;YACAf,OAAOe,KAAK,CAAC,iBAAiBA;YAC9B,MAAM,IAAIlB,cACRC,UAAUkB,cAAc,EACxB,gBACA,CAAC,GACDD;QAEJ;IACF;IAEA;;GAEC,GACD,MAAM8C,aAAaA,YAAoB,EAAsB;QAC3D,IAAI;YACF,yBAAyB;YACzB,MAAMC,YAAY,MAAM,IAAI,CAACC,oBAAoB,CAACF;YAElD,wBAAwB;YACxB,MAAMvB,OAAO,IAAI,CAACnC,QAAQ,CAACkB,OAAO,CAAC,CAAC;;;MAGpC,CAAC,EAAEC,GAAG,CAACwC,UAAU/B,MAAM;YAEvB,IAAI,CAACO,MAAM;gBACT,MAAM,IAAIzC,cACRC,UAAUiD,iBAAiB,EAC3B,8BACA;oBAAEC,MAAM;gBAAgB;YAE5B;YAEA,MAAMS,cAA2B;gBAC/B9B,IAAIW,KAAKX,EAAE;gBACXH,UAAUc,KAAKd,QAAQ;gBACvBD,OAAOe,KAAKf,KAAK;gBACjBc,MAAMC,KAAKD,IAAI;gBACfE,WAAW,IAAIL;YACjB;YAEA,mDAAmD;YACnD,MAAMM,SAAS,MAAM,IAAI,CAACC,iBAAiB,CAACgB;YAE5C,0CAA0C;YAC1C,MAAM,IAAI,CAACO,sBAAsB,CAACH;YAElC7D,OAAOc,IAAI,CAAC,gCAAgC;gBAAEiB,QAAQO,KAAKX,EAAE;YAAC;YAE9D,OAAOa;QACT,EAAE,OAAOzB,OAAO;YACd,IAAIA,iBAAiBlB,eAAe;gBAClC,MAAMkB;YACR;YACAf,OAAOe,KAAK,CAAC,yBAAyBA;YACtC,MAAM,IAAIlB,cACRC,UAAUkB,cAAc,EACxB,wBACA,CAAC,GACDD;QAEJ;IACF;IAEA;;GAEC,GACD,MAAMkD,OAAOlC,MAAc,EAAEmC,WAAmB,EAAEL,YAAqB,EAAiB;QACtF,IAAI;YACF,MAAMM,eAAe,IAAI,CAAC/D,cAAc,CAACgE,aAAa,CAACF;YAEvD,6CAA6C;YAC7C,MAAM,IAAI,CAACG,cAAc,CAACH,aAAaC,aAAaG,GAAG;YAEvD,uCAAuC;YACvC,IAAIT,cAAc;gBAChB,MAAM,IAAI,CAACG,sBAAsB,CAACH;YACpC;YAEA,iBAAiB;YACjB,MAAM,IAAI,CAACU,aAAa,CAACxC,QAAQoC,aAAaK,GAAG;YAEjDxE,OAAOc,IAAI,CAAC,gCAAgC;gBAAEiB;YAAO;QACvD,EAAE,OAAOhB,OAAO;YACdf,OAAOe,KAAK,CAAC,kBAAkBA;YAC/B,MAAM,IAAIlB,cACRC,UAAUkB,cAAc,EACxB,iBACA,CAAC,GACDD;QAEJ;IACF;IAEA;;GAEC,GACD,MAAM0D,kBAAkB1C,MAAc,EAAEmC,WAAmB,EAAiB;QAC1E,IAAI;YACF,wBAAwB;YACxB,MAAMQ,aAAa,CAAC,SAAS,EAAE3C,QAAQ;YACvC,MAAM4C,aAAa,MAAM,IAAI,CAACzE,KAAK,CAAC0E,QAAQ,CAACF;YAE7C,sBAAsB;YACtB,KAAK,MAAMG,aAAaF,WAAY;gBAClC,MAAM,IAAI,CAACzE,KAAK,CAAC4E,GAAG,CAAC,CAAC,QAAQ,EAAED,WAAW;YAC7C;YAEA,oBAAoB;YACpB,MAAM,IAAI,CAAC3E,KAAK,CAAC4E,GAAG,CAACJ;YAErB,iCAAiC;YACjC,MAAMP,eAAe,IAAI,CAAC/D,cAAc,CAACgE,aAAa,CAACF;YACvD,MAAM,IAAI,CAACG,cAAc,CAACH,aAAaC,aAAaG,GAAG;YAEvDtE,OAAOc,IAAI,CAAC,2BAA2B;gBAAEiB;gBAAQgD,cAAcJ,WAAWK,MAAM;YAAC;QACnF,EAAE,OAAOjE,OAAO;YACdf,OAAOe,KAAK,CAAC,+BAA+BA;YAC5C,MAAM,IAAIlB,cACRC,UAAUkB,cAAc,EACxB,oCACA,CAAC,GACDD;QAEJ;IACF;IAEA;;GAEC,GACD,MAAMkE,eAAelD,MAAc,EAAwB;QACzD,IAAI;YACF,MAAMO,OAAO,IAAI,CAACnC,QAAQ,CAACkB,OAAO,CAAC,CAAC;;;MAGpC,CAAC,EAAEC,GAAG,CAACS;YAEP,IAAI,CAACO,MAAM;gBACT,MAAM,IAAIzC,cACRC,UAAUoF,SAAS,EACnB,kBACA;oBAAElC,MAAM;gBAAiB;YAE7B;YAEA,OAAO;gBACLrB,IAAIW,KAAKX,EAAE;gBACXH,UAAUc,KAAKd,QAAQ;gBACvBD,OAAOe,KAAKf,KAAK;gBACjBc,MAAMC,KAAKD,IAAI;gBACfE,WAAW,IAAIL,KAAKI,KAAKoB,UAAU;gBACnCC,WAAWrB,KAAK6C,UAAU,GAAG,IAAIjD,KAAKI,KAAK6C,UAAU,IAAIC;YAC3D;QACF,EAAE,OAAOrE,OAAO;YACd,IAAIA,iBAAiBlB,eAAe;gBAClC,MAAMkB;YACR;YACAf,OAAOe,KAAK,CAAC,4BAA4BA;YACzC,MAAM,IAAIlB,cACRC,UAAUkB,cAAc,EACxB,8BACA,CAAC,GACDD;QAEJ;IACF;IAEA;;GAEC,GACD,MAAMsE,kBAAkBtD,MAAc,EAAEuD,OAAqD,EAAwB;QACnH,IAAI;YACF,mBAAmB;YACnB,IAAIA,QAAQ9D,QAAQ,EAAE;gBACpB,IAAI,CAAC+D,gBAAgB,CAACD,QAAQ9D,QAAQ;gBAEtC,qCAAqC;gBACrC,MAAMJ,eAAe,IAAI,CAACjB,QAAQ,CAACkB,OAAO,CAAC,CAAC;;QAE5C,CAAC,EAAEC,GAAG,CAACgE,QAAQ9D,QAAQ,EAAEO;gBAEzB,IAAIX,cAAc;oBAChB,MAAM,IAAIvB,cACRC,UAAU2B,QAAQ,EAClB,0BACA;wBAAEC,OAAO;oBAAW;gBAExB;YACF;YAEA,IAAI4D,QAAQ/D,KAAK,EAAE;gBACjB,IAAI,CAACiE,aAAa,CAACF,QAAQ/D,KAAK;gBAEhC,kCAAkC;gBAClC,MAAMH,eAAe,IAAI,CAACjB,QAAQ,CAACkB,OAAO,CAAC,CAAC;;QAE5C,CAAC,EAAEC,GAAG,CAACgE,QAAQ/D,KAAK,EAAEQ;gBAEtB,IAAIX,cAAc;oBAChB,MAAM,IAAIvB,cACRC,UAAU2B,QAAQ,EAClB,uBACA;wBAAEC,OAAO;oBAAQ;gBAErB;YACF;YAEA,qBAAqB;YACrB,MAAM+D,SAAS,EAAE;YACjB,MAAMC,SAAS,EAAE;YAEjB,IAAIJ,QAAQ9D,QAAQ,EAAE;gBACpBiE,OAAOE,IAAI,CAAC;gBACZD,OAAOC,IAAI,CAACL,QAAQ9D,QAAQ;YAC9B;YAEA,IAAI8D,QAAQ/D,KAAK,EAAE;gBACjBkE,OAAOE,IAAI,CAAC;gBACZD,OAAOC,IAAI,CAACL,QAAQ/D,KAAK;YAC3B;YAEAkE,OAAOE,IAAI,CAAC;YACZD,OAAOC,IAAI,CAAC,IAAIzD,OAAOC,WAAW;YAClCuD,OAAOC,IAAI,CAAC5D;YAEZ,cAAc;YACd,IAAI0D,OAAOT,MAAM,GAAG,GAAG;gBACrB,IAAI,CAAC7E,QAAQ,CAACkB,OAAO,CAAC,CAAC;2BACJ,EAAEoE,OAAOG,IAAI,CAAC,MAAM;QACvC,CAAC,EAAExD,GAAG,IAAIsD;YACZ;YAEA,yBAAyB;YACzB,OAAO,MAAM,IAAI,CAACT,cAAc,CAAClD;QACnC,EAAE,OAAOhB,OAAO;YACd,IAAIA,iBAAiBlB,eAAe;gBAClC,MAAMkB;YACR;YACAf,OAAOe,KAAK,CAAC,+BAA+BA;YAC5C,MAAM,IAAIlB,cACRC,UAAUkB,cAAc,EACxB,4BACA,CAAC,GACDD;QAEJ;IACF;IAEA;;GAEC,GACD,MAAM8E,eAAe9D,MAAc,EAAE+D,eAAuB,EAAEC,WAAmB,EAAiB;QAChG,IAAI;YACF,wBAAwB;YACxB,IAAI,CAACC,wBAAwB,CAACD;YAE9B,mBAAmB;YACnB,MAAMzD,OAAO,IAAI,CAACnC,QAAQ,CAACkB,OAAO,CAAC,CAAC;;;MAGpC,CAAC,EAAEC,GAAG,CAACS;YAEP,IAAI,CAACO,MAAM;gBACT,MAAM,IAAIzC,cACRC,UAAUoF,SAAS,EACnB,kBACA;oBAAElC,MAAM;gBAAiB;YAE7B;YAEA,0BAA0B;YAC1B,MAAMiD,yBAAyB,MAAMvG,OAAO2D,OAAO,CAACyC,iBAAiBxD,KAAKgB,aAAa;YACvF,IAAI,CAAC2C,wBAAwB;gBAC3B,MAAM,IAAIpG,cACRC,UAAUiD,iBAAiB,EAC3B,iCACA;oBAAEC,MAAM;gBAA2B;YAEvC;YAEA,oBAAoB;YACpB,MAAMkD,kBAAkB,MAAMxG,OAAOmC,IAAI,CAACkE,aAAa;YAEvD,kBAAkB;YAClB,IAAI,CAAC5F,QAAQ,CAACkB,OAAO,CAAC,CAAC;;MAEvB,CAAC,EAAEe,GAAG,CAAC8D,iBAAiB,IAAIhE,OAAOC,WAAW,IAAIJ;YAElD,2CAA2C;YAC3C,MAAM,IAAI,CAAC0C,iBAAiB,CAAC1C,QAAQ;YAErC/B,OAAOc,IAAI,CAAC,iCAAiC;gBAAEiB;YAAO;QACxD,EAAE,OAAOhB,OAAO;YACd,IAAIA,iBAAiBlB,eAAe;gBAClC,MAAMkB;YACR;YACAf,OAAOe,KAAK,CAAC,2BAA2BA;YACxC,MAAM,IAAIlB,cACRC,UAAUkB,cAAc,EACxB,6BACA,CAAC,GACDD;QAEJ;IACF;IAEA;;GAEC,GACD,MAAc0B,kBACZH,IAAiB,EACjBM,SAAkB,EAClBC,SAAkB,EACE;QACpB,IAAI;YACF,wBAAwB;YACxB,MAAMqB,cAAc,IAAI,CAAC9D,cAAc,CAAC+F,aAAa,CACnD7D,KAAKX,EAAE,EACPW,KAAKd,QAAQ,EACbc,KAAKD,IAAI,EACTC,KAAKf,KAAK;YAGZ,yBAAyB;YACzB,MAAMsC,eAAelE,IAAIyG,IAAI,CAC3B;gBACErE,QAAQO,KAAKX,EAAE;gBACf0E,MAAM;gBACNxB,WAAW,IAAI,CAAC7C,UAAU;YAC5B,GACAsE,QAAQC,GAAG,CAACC,UAAU,IAAI,kBAC1B;gBAAEC,WAAW,IAAI,CAACpG,MAAM,CAACG,iBAAiB;YAAC;YAG7C,+BAA+B;YAC/B,MAAMkG,aAAa,CAAC,QAAQ,EAAE7C,cAAc;YAC5C,MAAM8C,cAAc;gBAClB5E,QAAQO,KAAKX,EAAE;gBACf0E,MAAM;gBACNzD;gBACAC;gBACAN,WAAW,IAAIL,OAAOC,WAAW;YACnC;YAEA,MAAM,IAAI,CAACjC,KAAK,CAAC0G,KAAK,CACpBF,YACA,IAAI,CAACG,eAAe,CAAC,IAAI,CAACxG,MAAM,CAACG,iBAAiB,GAClDsG,KAAKC,SAAS,CAACJ;YAGjB,gBAAgB;YAChB,MAAM9B,YAAY,IAAI,CAAC7C,UAAU;YACjC,MAAM0C,aAAa,CAAC,QAAQ,EAAEG,WAAW;YACzC,MAAMmC,cAAc;gBAClBjF,QAAQO,KAAKX,EAAE;gBACfH,UAAUc,KAAKd,QAAQ;gBACvBD,OAAOe,KAAKf,KAAK;gBACjBc,MAAMC,KAAKD,IAAI;gBACfO;gBACAC;gBACAN,WAAW,IAAIL,OAAOC,WAAW;YACnC;YAEA,MAAM,IAAI,CAACjC,KAAK,CAAC0G,KAAK,CACpBlC,YACA,IAAI,CAACmC,eAAe,CAAC,IAAI,CAACxG,MAAM,CAACE,aAAa,GAC9CuG,KAAKC,SAAS,CAACC;YAGjB,oCAAoC;YACpC,MAAM,IAAI,CAAC9G,KAAK,CAAC+G,IAAI,CAAC,CAAC,SAAS,EAAE3E,KAAKX,EAAE,EAAE,EAAEkD;YAC7C,MAAM,IAAI,CAAC3E,KAAK,CAACgH,MAAM,CAAC,CAAC,SAAS,EAAE5E,KAAKX,EAAE,EAAE,EAAE,IAAI,CAACkF,eAAe,CAAC,IAAI,CAACxG,MAAM,CAACG,iBAAiB;YAEjG,OAAO;gBACL0D;gBACAL;gBACA4C,WAAW,IAAI,CAACI,eAAe,CAAC,IAAI,CAACxG,MAAM,CAACE,aAAa;gBACzD4G,WAAW;YACb;QACF,EAAE,OAAOpG,OAAO;YACdf,OAAOe,KAAK,CAAC,4BAA4BA;YACzC,MAAM,IAAIlB,cACRC,UAAUkB,cAAc,EACxB,6BACA,CAAC,GACDD;QAEJ;IACF;IAEA;;GAEC,GACD,MAAcgD,qBAAqBF,YAAoB,EAAgB;QACrE,IAAI;YACF,yCAAyC;YACzC,MAAM6C,aAAa,CAAC,QAAQ,EAAE7C,cAAc;YAC5C,MAAMC,YAAY,MAAM,IAAI,CAAC5D,KAAK,CAACoB,GAAG,CAACoF;YAEvC,IAAI,CAAC5C,WAAW;gBACd,MAAM,IAAIjE,cACRC,UAAUiD,iBAAiB,EAC3B,oCACA;oBAAEC,MAAM;gBAAwB;YAEpC;YAEA,mBAAmB;YACnB,MAAMoE,UAAUzH,IAAI0H,MAAM,CAACxD,cAAcyC,QAAQC,GAAG,CAACC,UAAU,IAAI;YAEnE,IAAIY,QAAQf,IAAI,KAAK,WAAW;gBAC9B,MAAM,IAAIxG,cACRC,UAAUiD,iBAAiB,EAC3B,sBACA;oBAAEC,MAAM;gBAAqB;YAEjC;YAEA,OAAOoE;QACT,EAAE,OAAOrG,OAAO;YACd,IAAIA,iBAAiBlB,eAAe;gBAClC,MAAMkB;YACR;YACA,IAAIA,iBAAiBpB,IAAI2H,iBAAiB,EAAE;gBAC1C,MAAM,IAAIzH,cACRC,UAAUiD,iBAAiB,EAC3B,6BACA;oBAAEC,MAAM;gBAAwB;YAEpC;YACA,IAAIjC,iBAAiBpB,IAAI4H,iBAAiB,EAAE;gBAC1C,MAAM,IAAI1H,cACRC,UAAUiD,iBAAiB,EAC3B,yBACA;oBAAEC,MAAM;gBAAwB;YAEpC;YACA,MAAMjC;QACR;IACF;IAEA;;GAEC,GACD,MAAciD,uBAAuBH,YAAoB,EAAiB;QACxE,IAAI;YACF,MAAM6C,aAAa,CAAC,QAAQ,EAAE7C,cAAc;YAC5C,MAAM,IAAI,CAAC3D,KAAK,CAAC4E,GAAG,CAAC4B;QACvB,EAAE,OAAO3F,OAAO;YACdf,OAAOe,KAAK,CAAC,uCAAuCA;QACtD;IACF;IAEA;;GAEC,GACD,MAAcsD,eAAemD,KAAa,EAAEC,cAAsB,EAAiB;QACjF,IAAI;YACF,MAAMC,eAAe,CAAC,UAAU,EAAE,IAAI,CAACC,SAAS,CAACH,QAAQ;YACzD,MAAMI,MAAMH,iBAAiBI,KAAKC,KAAK,CAAC5F,KAAKD,GAAG,KAAK;YAErD,IAAI2F,MAAM,GAAG;gBACX,MAAM,IAAI,CAAC1H,KAAK,CAAC0G,KAAK,CAACc,cAAcE,KAAK;YAC5C;QACF,EAAE,OAAO7G,OAAO;YACdf,OAAOe,KAAK,CAAC,qCAAqCA;QACpD;IACF;IAEA;;GAEC,GACD,MAAcwD,cAAcxC,MAAc,EAAE8C,SAAiB,EAAiB;QAC5E,IAAI;YACF,MAAM,IAAI,CAAC3E,KAAK,CAAC4E,GAAG,CAAC,CAAC,QAAQ,EAAED,WAAW;YAC3C,MAAM,IAAI,CAAC3E,KAAK,CAAC6H,IAAI,CAAC,CAAC,SAAS,EAAEhG,QAAQ,EAAE8C;QAC9C,EAAE,OAAO9D,OAAO;YACdf,OAAOe,KAAK,CAAC,6BAA6BA;QAC5C;IACF;IAEA;;GAEC,GACD,MAAc6C,yBAAyB7B,MAAc,EAAiB;QACpE,IAAI;YACF,MAAM2C,aAAa,CAAC,SAAS,EAAE3C,QAAQ;YACvC,MAAM4C,aAAa,MAAM,IAAI,CAACzE,KAAK,CAAC0E,QAAQ,CAACF;YAE7C,IAAIC,WAAWK,MAAM,IAAI,IAAI,CAAC3E,MAAM,CAACI,kBAAkB,EAAE;gBACvD,wBAAwB;gBACxB,MAAMuH,kBAAkBrD,UAAU,CAAC,EAAE;gBACrC,MAAM,IAAI,CAACJ,aAAa,CAACxC,QAAQiG;YACnC;QACF,EAAE,OAAOjH,OAAO;YACdf,OAAOe,KAAK,CAAC,yCAAyCA;QACxD;IACF;IAEA;;GAEC,GACD,MAAc+B,kBAAkBvB,KAAa,EAAEqB,SAAkB,EAAiB;QAChF,IAAI;YACF,MAAMqF,MAAM,CAAC,aAAa,EAAE1G,MAAM,CAAC,EAAEqB,aAAa,WAAW;YAC7D,MAAM,IAAI,CAAC1C,KAAK,CAACgI,IAAI,CAACD;YACtB,MAAM,IAAI,CAAC/H,KAAK,CAACgH,MAAM,CAACe,KAAK,IAAI,CAAC5H,MAAM,CAACM,eAAe,GAAG;QAC7D,EAAE,OAAOI,OAAO;YACdf,OAAOe,KAAK,CAAC,kCAAkCA;QACjD;IACF;IAEA;;GAEC,GACD,MAAcwC,wBAAwBxB,MAAc,EAAiB;QACnE,IAAI;YACF,MAAMO,OAAO,IAAI,CAACnC,QAAQ,CAACkB,OAAO,CAAC,CAAC;;MAEpC,CAAC,EAAEC,GAAG,CAACS;YAEP,IAAIO,MAAM;gBACR,MAAM6F,cAAc7F,KAAK8F,qBAAqB,GAAG;gBACjD,MAAMlF,cAAciF,eAAe,IAAI,CAAC9H,MAAM,CAACK,gBAAgB,GAC3D,IAAIwB,KAAKA,KAAKD,GAAG,KAAK,IAAI,CAAC5B,MAAM,CAACM,eAAe,EAAEwB,WAAW,KAC9D;gBAEJ,IAAI,CAAChC,QAAQ,CAACkB,OAAO,CAAC,CAAC;;;QAGvB,CAAC,EAAEe,GAAG,CAAC+F,aAAajF,aAAa,IAAIhB,OAAOC,WAAW,IAAIJ;YAC7D;QACF,EAAE,OAAOhB,OAAO;YACdf,OAAOe,KAAK,CAAC,wCAAwCA;QACvD;IACF;IAEA;;GAEC,GACD,MAAcyC,oBAAoBzB,MAAc,EAAiB;QAC/D,IAAI;YACF,IAAI,CAAC5B,QAAQ,CAACkB,OAAO,CAAC,CAAC;;;MAGvB,CAAC,EAAEe,GAAG,CAAC,IAAIF,OAAOC,WAAW,IAAIJ;QACnC,EAAE,OAAOhB,OAAO;YACdf,OAAOe,KAAK,CAAC,oCAAoCA;QACnD;IACF;IAEA;;GAEC,GACD,AAAQI,yBAAyBkH,IAA6B,EAAQ;QACpE,IAAI,CAACA,KAAK7G,QAAQ,IAAI6G,KAAK7G,QAAQ,CAAC8G,IAAI,GAAGtD,MAAM,GAAG,GAAG;YACrD,MAAM,IAAInF,cACRC,UAAUiD,iBAAiB,EAC3B,+CACA;gBAAErB,OAAO;YAAW;QAExB;QAEA,IAAI,CAAC6D,gBAAgB,CAAC8C,KAAK7G,QAAQ;QACnC,IAAI,CAACgE,aAAa,CAAC6C,KAAK9G,KAAK;QAC7B,IAAI,CAACyE,wBAAwB,CAACqC,KAAKvG,QAAQ;QAE3C,IAAIuG,KAAKhG,IAAI,IAAI,CAAC;YAAC;YAAS;YAAa;SAAW,CAACkG,QAAQ,CAACF,KAAKhG,IAAI,GAAG;YACxE,MAAM,IAAIxC,cACRC,UAAUiD,iBAAiB,EAC3B,0BACA;gBAAErB,OAAO;YAAO;QAEpB;IACF;IAEQ6D,iBAAiB/D,QAAgB,EAAQ;QAC/C,IAAI,CAAC,mBAAmBgH,IAAI,CAAChH,WAAW;YACtC,MAAM,IAAI3B,cACRC,UAAUiD,iBAAiB,EAC3B,wEACA;gBAAErB,OAAO;YAAW;QAExB;IACF;IAEQ8D,cAAcjE,KAAa,EAAQ;QACzC,MAAMkH,aAAa;QACnB,IAAI,CAACA,WAAWD,IAAI,CAACjH,QAAQ;YAC3B,MAAM,IAAI1B,cACRC,UAAUiD,iBAAiB,EAC3B,wBACA;gBAAErB,OAAO;YAAQ;QAErB;IACF;IAEQsE,yBAAyBlE,QAAgB,EAAQ;QACvD,IAAIA,SAASkD,MAAM,GAAG,GAAG;YACvB,MAAM,IAAInF,cACRC,UAAUiD,iBAAiB,EAC3B,+CACA;gBAAErB,OAAO;YAAW;QAExB;QAEA,IAAI,CAAC,QAAQ8G,IAAI,CAAC1G,WAAW;YAC3B,MAAM,IAAIjC,cACRC,UAAUiD,iBAAiB,EAC3B,uDACA;gBAAErB,OAAO;YAAW;QAExB;QAEA,IAAI,CAAC,QAAQ8G,IAAI,CAAC1G,WAAW;YAC3B,MAAM,IAAIjC,cACRC,UAAUiD,iBAAiB,EAC3B,uDACA;gBAAErB,OAAO;YAAW;QAExB;QAEA,IAAI,CAAC,KAAK8G,IAAI,CAAC1G,WAAW;YACxB,MAAM,IAAIjC,cACRC,UAAUiD,iBAAiB,EAC3B,6CACA;gBAAErB,OAAO;YAAW;QAExB;QAEA,IAAI,CAAC,yBAAyB8G,IAAI,CAAC1G,WAAW;YAC5C,MAAM,IAAIjC,cACRC,UAAUiD,iBAAiB,EAC3B,wDACA;gBAAErB,OAAO;YAAW;QAExB;IACF;IAEA;;GAEC,GACD,AAAQM,aAAqB;QAC3B,OAAO6F,KAAKa,MAAM,GAAGC,QAAQ,CAAC,IAAIC,SAAS,CAAC,GAAG,MACxCf,KAAKa,MAAM,GAAGC,QAAQ,CAAC,IAAIC,SAAS,CAAC,GAAG;IACjD;IAEQ/B,gBAAgBgC,UAAkB,EAAU;QAClD,MAAMC,QAAQD,WAAWC,KAAK,CAAC;QAC/B,IAAI,CAACA,OAAO;YACV,OAAO,MAAM,oBAAoB;QACnC;QAEA,MAAMC,QAAQC,SAASF,KAAK,CAAC,EAAE,EAAE;QACjC,MAAMG,OAAOH,KAAK,CAAC,EAAE;QAErB,OAAQG;YACN,KAAK;gBAAK,OAAOF;YACjB,KAAK;gBAAK,OAAOA,QAAQ;YACzB,KAAK;gBAAK,OAAOA,QAAQ;YACzB,KAAK;gBAAK,OAAOA,QAAQ;YACzB;gBAAS,OAAO;QAClB;IACF;IAEQpB,UAAUH,KAAa,EAAU;QACvC,OAAOA,MAAM0B,KAAK,CAAC,IAAIC,MAAM,CAAC,CAACC,KAAKC;YAClCD,MAAM,AAAEA,CAAAA,OAAO,CAAA,IAAKA,MAAOC,KAAKC,UAAU,CAAC;YAC3C,OAAOF,MAAMA;QACf,GAAG,GAAGT,QAAQ,CAAC;IACjB;AACF"}

package/dist/services/session-management.js ADDED Viewed

@@ -0,0 +1,436 @@
+/**
+ * Session Management Service
+ *
+ * Advanced session management with concurrent session limits,
+ * session monitoring, and security features.
+ */ import { createLogger } from '../lib/logging.js';
+import { StandardError, ErrorCode } from '../lib/errors.js';
+const logger = createLogger('session-management');
+export class SessionManagementService {
+    redis;
+    config;
+    cleanupInterval;
+    constructor(redis, config = {}){
+        this.redis = redis;
+        this.config = {
+            maxSessionsPerUser: config.maxSessionsPerUser || 3,
+            sessionTimeoutMs: config.sessionTimeoutMs || 24 * 60 * 60 * 1000,
+            cleanupIntervalMs: config.cleanupIntervalMs || 60 * 60 * 1000,
+            enableSessionMonitoring: config.enableSessionMonitoring ?? true,
+            enableGeolocation: config.enableGeolocation ?? false
+        };
+        if (this.config.enableSessionMonitoring) {
+            this.startSessionCleanup();
+        }
+    }
+    /**
+   * Start automatic session cleanup
+   */ startSessionCleanup() {
+        this.cleanupInterval = setInterval(async ()=>{
+            try {
+                await this.cleanupExpiredSessions();
+            } catch (error) {
+                logger.error('Session cleanup failed:', error);
+            }
+        }, this.config.cleanupIntervalMs);
+        logger.info('Session cleanup started', {
+            interval: this.config.cleanupIntervalMs
+        });
+    }
+    /**
+   * Stop session cleanup
+   */ stopSessionCleanup() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+            this.cleanupInterval = undefined;
+            logger.info('Session cleanup stopped');
+        }
+    }
+    /**
+   * Create a new session
+   */ async createSession(sessionId, userId, sessionData) {
+        try {
+            const sessionInfo = {
+                ...sessionData,
+                sessionId,
+                lastActivity: new Date(),
+                isActive: true
+            };
+            // Check concurrent session limit
+            await this.enforceSessionLimit(userId);
+            // Store session data
+            const sessionKey = `session:${sessionId}`;
+            await this.redis.setex(sessionKey, Math.ceil(this.config.sessionTimeoutMs / 1000), JSON.stringify(sessionInfo));
+            // Add to user's session set
+            const userSessionsKey = `sessions:${userId}`;
+            await this.redis.sadd(userSessionsKey, sessionId);
+            await this.redis.expire(userSessionsKey, Math.ceil(this.config.sessionTimeoutMs / 1000));
+            // Track session statistics
+            if (this.config.enableSessionMonitoring) {
+                await this.trackSessionStats(sessionInfo);
+            }
+            logger.debug('Session created', {
+                sessionId,
+                userId
+            });
+        } catch (error) {
+            logger.error('Failed to create session:', error);
+            throw new StandardError(ErrorCode.INTERNAL_ERROR, 'Failed to create session', {}, error);
+        }
+    }
+    /**
+   * Get session information
+   */ async getSession(sessionId) {
+        try {
+            const sessionKey = `session:${sessionId}`;
+            const sessionData = await this.redis.get(sessionKey);
+            if (!sessionData) {
+                return null;
+            }
+            const sessionInfo = JSON.parse(sessionData);
+            sessionInfo.createdAt = new Date(sessionInfo.createdAt);
+            sessionInfo.lastActivity = new Date(sessionInfo.lastActivity);
+            // Update last activity
+            sessionInfo.lastActivity = new Date();
+            await this.updateSessionActivity(sessionId, sessionInfo);
+            return sessionInfo;
+        } catch (error) {
+            logger.error('Failed to get session:', error);
+            return null;
+        }
+    }
+    /**
+   * Update session activity
+   */ async updateSessionActivity(sessionId, sessionInfo) {
+        try {
+            const sessionKey = `session:${sessionId}`;
+            sessionInfo.lastActivity = new Date();
+            await this.redis.setex(sessionKey, Math.ceil(this.config.sessionTimeoutMs / 1000), JSON.stringify(sessionInfo));
+        } catch (error) {
+            logger.error('Failed to update session activity:', error);
+        }
+    }
+    /**
+   * Remove a session
+   */ async removeSession(sessionId, userId) {
+        try {
+            // Get session info before deletion for logging
+            const sessionInfo = await this.getSession(sessionId);
+            // Delete session data
+            const sessionKey = `session:${sessionId}`;
+            await this.redis.del(sessionKey);
+            // Remove from user's session set
+            if (userId || sessionInfo?.userId) {
+                const userSessionsKey = `sessions:${userId || sessionInfo.userId}`;
+                await this.redis.srem(userSessionsKey, sessionId);
+            }
+            logger.debug('Session removed', {
+                sessionId,
+                userId: userId || sessionInfo?.userId
+            });
+        } catch (error) {
+            logger.error('Failed to remove session:', error);
+        }
+    }
+    /**
+   * Remove all sessions for a user
+   */ async removeAllUserSessions(userId) {
+        try {
+            const userSessionsKey = `sessions:${userId}`;
+            const sessionIds = await this.redis.smembers(userSessionsKey);
+            // Remove all sessions
+            const removePromises = sessionIds.map((sessionId)=>this.removeSession(sessionId, userId));
+            await Promise.all(removePromises);
+            // Clear session set
+            await this.redis.del(userSessionsKey);
+            logger.info('All user sessions removed', {
+                userId,
+                sessionCount: sessionIds.length
+            });
+            return sessionIds;
+        } catch (error) {
+            logger.error('Failed to remove all user sessions:', error);
+            throw new StandardError(ErrorCode.INTERNAL_ERROR, 'Failed to remove all sessions', {}, error);
+        }
+    }
+    /**
+   * Get all active sessions for a user
+   */ async getUserSessions(userId) {
+        try {
+            const userSessionsKey = `sessions:${userId}`;
+            const sessionIds = await this.redis.smembers(userSessionsKey);
+            if (sessionIds.length === 0) {
+                return [];
+            }
+            // Get session data for all sessions
+            const sessionPromises = sessionIds.map(async (sessionId)=>{
+                const sessionKey = `session:${sessionId}`;
+                const sessionData = await this.redis.get(sessionKey);
+                if (sessionData) {
+                    const sessionInfo = JSON.parse(sessionData);
+                    sessionInfo.createdAt = new Date(sessionInfo.createdAt);
+                    sessionInfo.lastActivity = new Date(sessionInfo.lastActivity);
+                    return sessionInfo;
+                }
+                return null;
+            });
+            const sessions = (await Promise.all(sessionPromises)).filter((session)=>session !== null);
+            // Clean up any stale session IDs
+            const validSessionIds = sessions.map((s)=>s.sessionId);
+            const staleSessionIds = sessionIds.filter((id)=>!validSessionIds.includes(id));
+            if (staleSessionIds.length > 0) {
+                for (const staleId of staleSessionIds){
+                    await this.redis.srem(userSessionsKey, staleId);
+                }
+            }
+            return sessions.sort((a, b)=>b.lastActivity.getTime() - a.lastActivity.getTime());
+        } catch (error) {
+            logger.error('Failed to get user sessions:', error);
+            return [];
+        }
+    }
+    /**
+   * Enforce concurrent session limit
+   */ async enforceSessionLimit(userId) {
+        try {
+            const sessions = await this.getUserSessions(userId);
+            if (sessions.length >= this.config.maxSessionsPerUser) {
+                // Remove oldest session(s) to make room
+                const sessionsToRemove = sessions.sort((a, b)=>a.lastActivity.getTime() - b.lastActivity.getTime()).slice(0, sessions.length - this.config.maxSessionsPerUser + 1);
+                for (const session of sessionsToRemove){
+                    await this.removeSession(session.sessionId, userId);
+                    logger.info('Session removed due to limit enforcement', {
+                        sessionId: session.sessionId,
+                        userId,
+                        lastActivity: session.lastActivity
+                    });
+                }
+            }
+        } catch (error) {
+            logger.error('Failed to enforce session limit:', error);
+        }
+    }
+    /**
+   * Clean up expired sessions
+   */ async cleanupExpiredSessions() {
+        try {
+            // Get all session keys
+            const sessionKeys = await this.redis.keys('session:*');
+            let cleanedCount = 0;
+            for (const sessionKey of sessionKeys){
+                const sessionData = await this.redis.get(sessionKey);
+                if (sessionData) {
+                    try {
+                        const sessionInfo = JSON.parse(sessionData);
+                        const lastActivity = new Date(sessionInfo.lastActivity);
+                        const now = new Date();
+                        // Check if session has expired
+                        if (now.getTime() - lastActivity.getTime() > this.config.sessionTimeoutMs) {
+                            const sessionId = sessionKey.replace('session:', '');
+                            await this.removeSession(sessionId, sessionInfo.userId);
+                            cleanedCount++;
+                        }
+                    } catch (parseError) {
+                        // Remove corrupted session data
+                        await this.redis.del(sessionKey);
+                        cleanedCount++;
+                    }
+                } else {
+                    // Remove expired key
+                    await this.redis.del(sessionKey);
+                    cleanedCount++;
+                }
+            }
+            if (cleanedCount > 0) {
+                logger.info('Session cleanup completed', {
+                    cleanedCount,
+                    totalKeys: sessionKeys.length
+                });
+            }
+        } catch (error) {
+            logger.error('Session cleanup failed:', error);
+        }
+    }
+    /**
+   * Track session statistics
+   */ async trackSessionStats(sessionInfo) {
+        try {
+            const today = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
+            // Track daily session count
+            await this.redis.incr(`stats:sessions:daily:${today}`);
+            await this.redis.expire(`stats:sessions:daily:${today}`, 7 * 24 * 60 * 60); // Keep for 7 days
+            // Track sessions by device type (simple user agent parsing)
+            const deviceType = this.parseDeviceType(sessionInfo.userAgent || '');
+            await this.redis.incr(`stats:sessions:device:${deviceType}`);
+            await this.redis.expire(`stats:sessions:device:${deviceType}`, 30 * 24 * 60 * 60); // Keep for 30 days
+            // Track sessions by location (if geolocation is enabled)
+            if (this.config.enableGeolocation && sessionInfo.location) {
+                const country = sessionInfo.location.split(',')[0] || 'unknown';
+                await this.redis.incr(`stats:sessions:location:${country}`);
+                await this.redis.expire(`stats:sessions:location:${country}`, 30 * 24 * 60 * 60);
+            }
+        } catch (error) {
+            logger.error('Failed to track session stats:', error);
+        }
+    }
+    /**
+   * Get session statistics
+   */ async getSessionStats() {
+        try {
+            const today = new Date().toISOString().split('T')[0];
+            // Get total active sessions
+            const sessionKeys = await this.redis.keys('session:*');
+            const totalSessions = sessionKeys.length;
+            // Get active sessions (non-expired)
+            let activeSessions = 0;
+            const sessionsByDevice = {};
+            const sessionsByLocation = {};
+            let oldestSession;
+            let newestSession;
+            for (const sessionKey of sessionKeys){
+                const sessionData = await this.redis.get(sessionKey);
+                if (sessionData) {
+                    try {
+                        const sessionInfo = JSON.parse(sessionData);
+                        activeSessions++;
+                        const createdAt = new Date(sessionInfo.createdAt);
+                        if (!oldestSession || createdAt < oldestSession) {
+                            oldestSession = createdAt;
+                        }
+                        if (!newestSession || createdAt > newestSession) {
+                            newestSession = createdAt;
+                        }
+                        // Count by device type
+                        const deviceType = this.parseDeviceType(sessionInfo.userAgent || '');
+                        sessionsByDevice[deviceType] = (sessionsByDevice[deviceType] || 0) + 1;
+                        // Count by location
+                        if (sessionInfo.location) {
+                            const country = sessionInfo.location.split(',')[0] || 'unknown';
+                            sessionsByLocation[country] = (sessionsByLocation[country] || 0) + 1;
+                        }
+                    } catch (parseError) {
+                    // Skip corrupted data
+                    }
+                }
+            }
+            // Get average session duration (approximate)
+            const averageSessionDuration = 0; // Would need additional tracking
+            return {
+                totalSessions,
+                activeSessions,
+                sessionsByDevice,
+                sessionsByLocation,
+                averageSessionDuration,
+                oldestSession,
+                newestSession
+            };
+        } catch (error) {
+            logger.error('Failed to get session stats:', error);
+            return {
+                totalSessions: 0,
+                activeSessions: 0,
+                sessionsByDevice: {},
+                sessionsByLocation: {},
+                averageSessionDuration: 0
+            };
+        }
+    }
+    /**
+   * Parse device type from user agent
+   */ parseDeviceType(userAgent) {
+        const ua = userAgent.toLowerCase();
+        if (ua.includes('mobile') || ua.includes('android') || ua.includes('iphone')) {
+            return 'mobile';
+        } else if (ua.includes('tablet') || ua.includes('ipad')) {
+            return 'tablet';
+        } else if (ua.includes('bot') || ua.includes('crawler') || ua.includes('spider')) {
+            return 'bot';
+        } else {
+            return 'desktop';
+        }
+    }
+    /**
+   * Terminate suspicious sessions
+   */ async terminateSuspiciousSessions(userId, criteria) {
+        try {
+            const sessions = await this.getUserSessions(userId);
+            const terminatedSessions = [];
+            const now = new Date();
+            for (const session of sessions){
+                let shouldTerminate = false;
+                // Check age
+                if (criteria.maxAgeHours) {
+                    const ageHours = (now.getTime() - session.createdAt.getTime()) / (1000 * 60 * 60);
+                    if (ageHours > criteria.maxAgeHours) {
+                        shouldTerminate = true;
+                    }
+                }
+                // Check IP
+                if (criteria.suspiciousIPs?.includes(session.ipAddress || '')) {
+                    shouldTerminate = true;
+                }
+                // Check user agent
+                if (criteria.suspiciousUserAgents?.some((ua)=>session.userAgent?.toLowerCase().includes(ua.toLowerCase()))) {
+                    shouldTerminate = true;
+                }
+                if (shouldTerminate) {
+                    await this.removeSession(session.sessionId, userId);
+                    terminatedSessions.push(session.sessionId);
+                    logger.warn('Suspicious session terminated', {
+                        sessionId: session.sessionId,
+                        userId,
+                        ipAddress: session.ipAddress,
+                        userAgent: session.userAgent
+                    });
+                }
+            }
+            return terminatedSessions;
+        } catch (error) {
+            logger.error('Failed to terminate suspicious sessions:', error);
+            throw new StandardError(ErrorCode.INTERNAL_ERROR, 'Failed to terminate suspicious sessions', {}, error);
+        }
+    }
+    /**
+   * Get session activity timeline
+   */ async getSessionActivityTimeline(userId, hours = 24) {
+        try {
+            const sessions = await this.getUserSessions(userId);
+            const timeline = [];
+            for (const session of sessions){
+                timeline.push({
+                    timestamp: session.createdAt,
+                    action: 'session_created',
+                    details: {
+                        sessionId: session.sessionId,
+                        ipAddress: session.ipAddress,
+                        userAgent: session.userAgent
+                    }
+                });
+                timeline.push({
+                    timestamp: session.lastActivity,
+                    action: 'last_activity',
+                    details: {
+                        sessionId: session.sessionId,
+                        duration: session.lastActivity.getTime() - session.createdAt.getTime()
+                    }
+                });
+            }
+            // Sort by timestamp
+            timeline.sort((a, b)=>b.timestamp.getTime() - a.timestamp.getTime());
+            // Filter by time range
+            const cutoff = new Date(Date.now() - hours * 60 * 60 * 1000);
+            return timeline.filter((entry)=>entry.timestamp > cutoff);
+        } catch (error) {
+            logger.error('Failed to get session activity timeline:', error);
+            return [];
+        }
+    }
+    /**
+   * Cleanup resources
+   */ cleanup() {
+        this.stopSessionCleanup();
+        logger.info('Session management service cleaned up');
+    }
+}
+//# sourceMappingURL=session-management.js.map

package/dist/services/session-management.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/services/session-management.ts"],"sourcesContent":["/**\r\n * Session Management Service\r\n * \r\n * Advanced session management with concurrent session limits,\r\n * session monitoring, and security features.\r\n */\r\n\r\nimport { Redis } from 'ioredis';\r\nimport { createLogger } from '../lib/logging.js';\r\nimport { StandardError, ErrorCode } from '../lib/errors.js';\r\n\r\nconst logger = createLogger('session-management');\r\n\r\nexport interface SessionInfo {\r\n sessionId: string;\r\n userId: string;\r\n username: string;\r\n email: string;\r\n role: string;\r\n ipAddress?: string;\r\n userAgent?: string;\r\n createdAt: Date;\r\n lastActivity: Date;\r\n isActive: boolean;\r\n deviceInfo?: string;\r\n location?: string;\r\n}\r\n\r\nexport interface SessionStats {\r\n totalSessions: number;\r\n activeSessions: number;\r\n sessionsByDevice: Record<string, number>;\r\n sessionsByLocation: Record<string, number>;\r\n averageSessionDuration: number;\r\n oldestSession?: Date;\r\n newestSession?: Date;\r\n}\r\n\r\nexport interface SessionConfig {\r\n maxSessionsPerUser: number;\r\n sessionTimeoutMs: number;\r\n cleanupIntervalMs: number;\r\n enableSessionMonitoring: boolean;\r\n enableGeolocation: boolean;\r\n}\r\n\r\nexport class SessionManagementService {\r\n private redis: Redis;\r\n private config: SessionConfig;\r\n private cleanupInterval?: NodeJS.Timeout;\r\n\r\n constructor(redis: Redis, config: Partial<SessionConfig> = {}) {\r\n this.redis = redis;\r\n this.config = {\r\n maxSessionsPerUser: config.maxSessionsPerUser || 3,\r\n sessionTimeoutMs: config.sessionTimeoutMs || 24 * 60 * 60 * 1000, // 24 hours\r\n cleanupIntervalMs: config.cleanupIntervalMs || 60 * 60 * 1000, // 1 hour\r\n enableSessionMonitoring: config.enableSessionMonitoring ?? true,\r\n enableGeolocation: config.enableGeolocation ?? false,\r\n };\r\n\r\n if (this.config.enableSessionMonitoring) {\r\n this.startSessionCleanup();\r\n }\r\n }\r\n\r\n /**\r\n * Start automatic session cleanup\r\n */\r\n private startSessionCleanup(): void {\r\n this.cleanupInterval = setInterval(async () => {\r\n try {\r\n await this.cleanupExpiredSessions();\r\n } catch (error) {\r\n logger.error('Session cleanup failed:', error);\r\n }\r\n }, this.config.cleanupIntervalMs);\r\n\r\n logger.info('Session cleanup started', { interval: this.config.cleanupIntervalMs });\r\n }\r\n\r\n /**\r\n * Stop session cleanup\r\n */\r\n public stopSessionCleanup(): void {\r\n if (this.cleanupInterval) {\r\n clearInterval(this.cleanupInterval);\r\n this.cleanupInterval = undefined;\r\n logger.info('Session cleanup stopped');\r\n }\r\n }\r\n\r\n /**\r\n * Create a new session\r\n */\r\n async createSession(\r\n sessionId: string,\r\n userId: string,\r\n sessionData: Omit<SessionInfo, 'sessionId' | 'lastActivity' | 'isActive'>\r\n ): Promise<void> {\r\n try {\r\n const sessionInfo: SessionInfo = {\r\n ...sessionData,\r\n sessionId,\r\n lastActivity: new Date(),\r\n isActive: true,\r\n };\r\n\r\n // Check concurrent session limit\r\n await this.enforceSessionLimit(userId);\r\n\r\n // Store session data\r\n const sessionKey = `session:${sessionId}`;\r\n await this.redis.setex(\r\n sessionKey,\r\n Math.ceil(this.config.sessionTimeoutMs / 1000),\r\n JSON.stringify(sessionInfo)\r\n );\r\n\r\n // Add to user's session set\r\n const userSessionsKey = `sessions:${userId}`;\r\n await this.redis.sadd(userSessionsKey, sessionId);\r\n await this.redis.expire(userSessionsKey, Math.ceil(this.config.sessionTimeoutMs / 1000));\r\n\r\n // Track session statistics\r\n if (this.config.enableSessionMonitoring) {\r\n await this.trackSessionStats(sessionInfo);\r\n }\r\n\r\n logger.debug('Session created', { sessionId, userId });\r\n } catch (error) {\r\n logger.error('Failed to create session:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Failed to create session',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Get session information\r\n */\r\n async getSession(sessionId: string): Promise<SessionInfo | null> {\r\n try {\r\n const sessionKey = `session:${sessionId}`;\r\n const sessionData = await this.redis.get(sessionKey);\r\n\r\n if (!sessionData) {\r\n return null;\r\n }\r\n\r\n const sessionInfo: SessionInfo = JSON.parse(sessionData);\r\n sessionInfo.createdAt = new Date(sessionInfo.createdAt);\r\n sessionInfo.lastActivity = new Date(sessionInfo.lastActivity);\r\n\r\n // Update last activity\r\n sessionInfo.lastActivity = new Date();\r\n await this.updateSessionActivity(sessionId, sessionInfo);\r\n\r\n return sessionInfo;\r\n } catch (error) {\r\n logger.error('Failed to get session:', error);\r\n return null;\r\n }\r\n }\r\n\r\n /**\r\n * Update session activity\r\n */\r\n async updateSessionActivity(sessionId: string, sessionInfo: SessionInfo): Promise<void> {\r\n try {\r\n const sessionKey = `session:${sessionId}`;\r\n sessionInfo.lastActivity = new Date();\r\n\r\n await this.redis.setex(\r\n sessionKey,\r\n Math.ceil(this.config.sessionTimeoutMs / 1000),\r\n JSON.stringify(sessionInfo)\r\n );\r\n } catch (error) {\r\n logger.error('Failed to update session activity:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Remove a session\r\n */\r\n async removeSession(sessionId: string, userId?: string): Promise<void> {\r\n try {\r\n // Get session info before deletion for logging\r\n const sessionInfo = await this.getSession(sessionId);\r\n\r\n // Delete session data\r\n const sessionKey = `session:${sessionId}`;\r\n await this.redis.del(sessionKey);\r\n\r\n // Remove from user's session set\r\n if (userId || sessionInfo?.userId) {\r\n const userSessionsKey = `sessions:${userId || sessionInfo!.userId}`;\r\n await this.redis.srem(userSessionsKey, sessionId);\r\n }\r\n\r\n logger.debug('Session removed', { sessionId, userId: userId || sessionInfo?.userId });\r\n } catch (error) {\r\n logger.error('Failed to remove session:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Remove all sessions for a user\r\n */\r\n async removeAllUserSessions(userId: string): Promise<string[]> {\r\n try {\r\n const userSessionsKey = `sessions:${userId}`;\r\n const sessionIds = await this.redis.smembers(userSessionsKey);\r\n\r\n // Remove all sessions\r\n const removePromises = sessionIds.map(sessionId => \r\n this.removeSession(sessionId, userId)\r\n );\r\n await Promise.all(removePromises);\r\n\r\n // Clear session set\r\n await this.redis.del(userSessionsKey);\r\n\r\n logger.info('All user sessions removed', { userId, sessionCount: sessionIds.length });\r\n return sessionIds;\r\n } catch (error) {\r\n logger.error('Failed to remove all user sessions:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Failed to remove all sessions',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Get all active sessions for a user\r\n */\r\n async getUserSessions(userId: string): Promise<SessionInfo[]> {\r\n try {\r\n const userSessionsKey = `sessions:${userId}`;\r\n const sessionIds = await this.redis.smembers(userSessionsKey);\r\n\r\n if (sessionIds.length === 0) {\r\n return [];\r\n }\r\n\r\n // Get session data for all sessions\r\n const sessionPromises = sessionIds.map(async (sessionId) => {\r\n const sessionKey = `session:${sessionId}`;\r\n const sessionData = await this.redis.get(sessionKey);\r\n \r\n if (sessionData) {\r\n const sessionInfo: SessionInfo = JSON.parse(sessionData);\r\n sessionInfo.createdAt = new Date(sessionInfo.createdAt);\r\n sessionInfo.lastActivity = new Date(sessionInfo.lastActivity);\r\n return sessionInfo;\r\n }\r\n \r\n return null;\r\n });\r\n\r\n const sessions = (await Promise.all(sessionPromises)).filter(\r\n (session): session is SessionInfo => session !== null\r\n );\r\n\r\n // Clean up any stale session IDs\r\n const validSessionIds = sessions.map(s => s.sessionId);\r\n const staleSessionIds = sessionIds.filter(id => !validSessionIds.includes(id));\r\n \r\n if (staleSessionIds.length > 0) {\r\n for (const staleId of staleSessionIds) {\r\n await this.redis.srem(userSessionsKey, staleId);\r\n }\r\n }\r\n\r\n return sessions.sort((a, b) => b.lastActivity.getTime() - a.lastActivity.getTime());\r\n } catch (error) {\r\n logger.error('Failed to get user sessions:', error);\r\n return [];\r\n }\r\n }\r\n\r\n /**\r\n * Enforce concurrent session limit\r\n */\r\n private async enforceSessionLimit(userId: string): Promise<void> {\r\n try {\r\n const sessions = await this.getUserSessions(userId);\r\n \r\n if (sessions.length >= this.config.maxSessionsPerUser) {\r\n // Remove oldest session(s) to make room\r\n const sessionsToRemove = sessions\r\n .sort((a, b) => a.lastActivity.getTime() - b.lastActivity.getTime())\r\n .slice(0, sessions.length - this.config.maxSessionsPerUser + 1);\r\n\r\n for (const session of sessionsToRemove) {\r\n await this.removeSession(session.sessionId, userId);\r\n logger.info('Session removed due to limit enforcement', {\r\n sessionId: session.sessionId,\r\n userId,\r\n lastActivity: session.lastActivity,\r\n });\r\n }\r\n }\r\n } catch (error) {\r\n logger.error('Failed to enforce session limit:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Clean up expired sessions\r\n */\r\n private async cleanupExpiredSessions(): Promise<void> {\r\n try {\r\n // Get all session keys\r\n const sessionKeys = await this.redis.keys('session:*');\r\n let cleanedCount = 0;\r\n\r\n for (const sessionKey of sessionKeys) {\r\n const sessionData = await this.redis.get(sessionKey);\r\n \r\n if (sessionData) {\r\n try {\r\n const sessionInfo: SessionInfo = JSON.parse(sessionData);\r\n const lastActivity = new Date(sessionInfo.lastActivity);\r\n const now = new Date();\r\n \r\n // Check if session has expired\r\n if (now.getTime() - lastActivity.getTime() > this.config.sessionTimeoutMs) {\r\n const sessionId = sessionKey.replace('session:', '');\r\n await this.removeSession(sessionId, sessionInfo.userId);\r\n cleanedCount++;\r\n }\r\n } catch (parseError) {\r\n // Remove corrupted session data\r\n await this.redis.del(sessionKey);\r\n cleanedCount++;\r\n }\r\n } else {\r\n // Remove expired key\r\n await this.redis.del(sessionKey);\r\n cleanedCount++;\r\n }\r\n }\r\n\r\n if (cleanedCount > 0) {\r\n logger.info('Session cleanup completed', { cleanedCount, totalKeys: sessionKeys.length });\r\n }\r\n } catch (error) {\r\n logger.error('Session cleanup failed:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Track session statistics\r\n */\r\n private async trackSessionStats(sessionInfo: SessionInfo): Promise<void> {\r\n try {\r\n const today = new Date().toISOString().split('T')[0]; // YYYY-MM-DD\r\n \r\n // Track daily session count\r\n await this.redis.incr(`stats:sessions:daily:${today}`);\r\n await this.redis.expire(`stats:sessions:daily:${today}`, 7 * 24 * 60 * 60); // Keep for 7 days\r\n\r\n // Track sessions by device type (simple user agent parsing)\r\n const deviceType = this.parseDeviceType(sessionInfo.userAgent || '');\r\n await this.redis.incr(`stats:sessions:device:${deviceType}`);\r\n await this.redis.expire(`stats:sessions:device:${deviceType}`, 30 * 24 * 60 * 60); // Keep for 30 days\r\n\r\n // Track sessions by location (if geolocation is enabled)\r\n if (this.config.enableGeolocation && sessionInfo.location) {\r\n const country = sessionInfo.location.split(',')[0] || 'unknown';\r\n await this.redis.incr(`stats:sessions:location:${country}`);\r\n await this.redis.expire(`stats:sessions:location:${country}`, 30 * 24 * 60 * 60);\r\n }\r\n } catch (error) {\r\n logger.error('Failed to track session stats:', error);\r\n }\r\n }\r\n\r\n /**\r\n * Get session statistics\r\n */\r\n async getSessionStats(): Promise<SessionStats> {\r\n try {\r\n const today = new Date().toISOString().split('T')[0];\r\n \r\n // Get total active sessions\r\n const sessionKeys = await this.redis.keys('session:*');\r\n const totalSessions = sessionKeys.length;\r\n\r\n // Get active sessions (non-expired)\r\n let activeSessions = 0;\r\n const sessionsByDevice: Record<string, number> = {};\r\n const sessionsByLocation: Record<string, number> = {};\r\n let oldestSession: Date | undefined;\r\n let newestSession: Date | undefined;\r\n\r\n for (const sessionKey of sessionKeys) {\r\n const sessionData = await this.redis.get(sessionKey);\r\n \r\n if (sessionData) {\r\n try {\r\n const sessionInfo: SessionInfo = JSON.parse(sessionData);\r\n activeSessions++;\r\n\r\n const createdAt = new Date(sessionInfo.createdAt);\r\n if (!oldestSession || createdAt < oldestSession) {\r\n oldestSession = createdAt;\r\n }\r\n if (!newestSession || createdAt > newestSession) {\r\n newestSession = createdAt;\r\n }\r\n\r\n // Count by device type\r\n const deviceType = this.parseDeviceType(sessionInfo.userAgent || '');\r\n sessionsByDevice[deviceType] = (sessionsByDevice[deviceType] || 0) + 1;\r\n\r\n // Count by location\r\n if (sessionInfo.location) {\r\n const country = sessionInfo.location.split(',')[0] || 'unknown';\r\n sessionsByLocation[country] = (sessionsByLocation[country] || 0) + 1;\r\n }\r\n } catch (parseError) {\r\n // Skip corrupted data\r\n }\r\n }\r\n }\r\n\r\n // Get average session duration (approximate)\r\n const averageSessionDuration = 0; // Would need additional tracking\r\n\r\n return {\r\n totalSessions,\r\n activeSessions,\r\n sessionsByDevice,\r\n sessionsByLocation,\r\n averageSessionDuration,\r\n oldestSession,\r\n newestSession,\r\n };\r\n } catch (error) {\r\n logger.error('Failed to get session stats:', error);\r\n return {\r\n totalSessions: 0,\r\n activeSessions: 0,\r\n sessionsByDevice: {},\r\n sessionsByLocation: {},\r\n averageSessionDuration: 0,\r\n };\r\n }\r\n }\r\n\r\n /**\r\n * Parse device type from user agent\r\n */\r\n private parseDeviceType(userAgent: string): string {\r\n const ua = userAgent.toLowerCase();\r\n \r\n if (ua.includes('mobile') || ua.includes('android') || ua.includes('iphone')) {\r\n return 'mobile';\r\n } else if (ua.includes('tablet') || ua.includes('ipad')) {\r\n return 'tablet';\r\n } else if (ua.includes('bot') || ua.includes('crawler') || ua.includes('spider')) {\r\n return 'bot';\r\n } else {\r\n return 'desktop';\r\n }\r\n }\r\n\r\n /**\r\n * Terminate suspicious sessions\r\n */\r\n async terminateSuspiciousSessions(userId: string, criteria: {\r\n maxAgeHours?: number;\r\n suspiciousIPs?: string[];\r\n suspiciousUserAgents?: string[];\r\n }): Promise<string[]> {\r\n try {\r\n const sessions = await this.getUserSessions(userId);\r\n const terminatedSessions: string[] = [];\r\n const now = new Date();\r\n\r\n for (const session of sessions) {\r\n let shouldTerminate = false;\r\n\r\n // Check age\r\n if (criteria.maxAgeHours) {\r\n const ageHours = (now.getTime() - session.createdAt.getTime()) / (1000 * 60 * 60);\r\n if (ageHours > criteria.maxAgeHours) {\r\n shouldTerminate = true;\r\n }\r\n }\r\n\r\n // Check IP\r\n if (criteria.suspiciousIPs?.includes(session.ipAddress || '')) {\r\n shouldTerminate = true;\r\n }\r\n\r\n // Check user agent\r\n if (criteria.suspiciousUserAgents?.some(ua => \r\n session.userAgent?.toLowerCase().includes(ua.toLowerCase())\r\n )) {\r\n shouldTerminate = true;\r\n }\r\n\r\n if (shouldTerminate) {\r\n await this.removeSession(session.sessionId, userId);\r\n terminatedSessions.push(session.sessionId);\r\n \r\n logger.warn('Suspicious session terminated', {\r\n sessionId: session.sessionId,\r\n userId,\r\n ipAddress: session.ipAddress,\r\n userAgent: session.userAgent,\r\n });\r\n }\r\n }\r\n\r\n return terminatedSessions;\r\n } catch (error) {\r\n logger.error('Failed to terminate suspicious sessions:', error);\r\n throw new StandardError(\r\n ErrorCode.INTERNAL_ERROR,\r\n 'Failed to terminate suspicious sessions',\r\n {},\r\n error as Error\r\n );\r\n }\r\n }\r\n\r\n /**\r\n * Get session activity timeline\r\n */\r\n async getSessionActivityTimeline(userId: string, hours: number = 24): Promise<Array<{\r\n timestamp: Date;\r\n action: string;\r\n details: any;\r\n }>> {\r\n try {\r\n const sessions = await this.getUserSessions(userId);\r\n const timeline: Array<{ timestamp: Date; action: string; details: any }> = [];\r\n\r\n for (const session of sessions) {\r\n timeline.push({\r\n timestamp: session.createdAt,\r\n action: 'session_created',\r\n details: {\r\n sessionId: session.sessionId,\r\n ipAddress: session.ipAddress,\r\n userAgent: session.userAgent,\r\n },\r\n });\r\n\r\n timeline.push({\r\n timestamp: session.lastActivity,\r\n action: 'last_activity',\r\n details: {\r\n sessionId: session.sessionId,\r\n duration: session.lastActivity.getTime() - session.createdAt.getTime(),\r\n },\r\n });\r\n }\r\n\r\n // Sort by timestamp\r\n timeline.sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime());\r\n\r\n // Filter by time range\r\n const cutoff = new Date(Date.now() - hours * 60 * 60 * 1000);\r\n return timeline.filter(entry => entry.timestamp > cutoff);\r\n } catch (error) {\r\n logger.error('Failed to get session activity timeline:', error);\r\n return [];\r\n }\r\n }\r\n\r\n /**\r\n * Cleanup resources\r\n */\r\n public cleanup(): void {\r\n this.stopSessionCleanup();\r\n logger.info('Session management service cleaned up');\r\n }\r\n}"],"names":["createLogger","StandardError","ErrorCode","logger","SessionManagementService","redis","config","cleanupInterval","maxSessionsPerUser","sessionTimeoutMs","cleanupIntervalMs","enableSessionMonitoring","enableGeolocation","startSessionCleanup","setInterval","cleanupExpiredSessions","error","info","interval","stopSessionCleanup","clearInterval","undefined","createSession","sessionId","userId","sessionData","sessionInfo","lastActivity","Date","isActive","enforceSessionLimit","sessionKey","setex","Math","ceil","JSON","stringify","userSessionsKey","sadd","expire","trackSessionStats","debug","INTERNAL_ERROR","getSession","get","parse","createdAt","updateSessionActivity","removeSession","del","srem","removeAllUserSessions","sessionIds","smembers","removePromises","map","Promise","all","sessionCount","length","getUserSessions","sessionPromises","sessions","filter","session","validSessionIds","s","staleSessionIds","id","includes","staleId","sort","a","b","getTime","sessionsToRemove","slice","sessionKeys","keys","cleanedCount","now","replace","parseError","totalKeys","today","toISOString","split","incr","deviceType","parseDeviceType","userAgent","location","country","getSessionStats","totalSessions","activeSessions","sessionsByDevice","sessionsByLocation","oldestSession","newestSession","averageSessionDuration","ua","toLowerCase","terminateSuspiciousSessions","criteria","terminatedSessions","shouldTerminate","maxAgeHours","ageHours","suspiciousIPs","ipAddress","suspiciousUserAgents","some","push","warn","getSessionActivityTimeline","hours","timeline","timestamp","action","details","duration","cutoff","entry","cleanup"],"mappings":"AAAA;;;;;CAKC,GAGD,SAASA,YAAY,QAAQ,oBAAoB;AACjD,SAASC,aAAa,EAAEC,SAAS,QAAQ,mBAAmB;AAE5D,MAAMC,SAASH,aAAa;AAmC5B,OAAO,MAAMI;IACHC,MAAa;IACbC,OAAsB;IACtBC,gBAAiC;IAEzC,YAAYF,KAAY,EAAEC,SAAiC,CAAC,CAAC,CAAE;QAC7D,IAAI,CAACD,KAAK,GAAGA;QACb,IAAI,CAACC,MAAM,GAAG;YACZE,oBAAoBF,OAAOE,kBAAkB,IAAI;YACjDC,kBAAkBH,OAAOG,gBAAgB,IAAI,KAAK,KAAK,KAAK;YAC5DC,mBAAmBJ,OAAOI,iBAAiB,IAAI,KAAK,KAAK;YACzDC,yBAAyBL,OAAOK,uBAAuB,IAAI;YAC3DC,mBAAmBN,OAAOM,iBAAiB,IAAI;QACjD;QAEA,IAAI,IAAI,CAACN,MAAM,CAACK,uBAAuB,EAAE;YACvC,IAAI,CAACE,mBAAmB;QAC1B;IACF;IAEA;;GAEC,GACD,AAAQA,sBAA4B;QAClC,IAAI,CAACN,eAAe,GAAGO,YAAY;YACjC,IAAI;gBACF,MAAM,IAAI,CAACC,sBAAsB;YACnC,EAAE,OAAOC,OAAO;gBACdb,OAAOa,KAAK,CAAC,2BAA2BA;YAC1C;QACF,GAAG,IAAI,CAACV,MAAM,CAACI,iBAAiB;QAEhCP,OAAOc,IAAI,CAAC,2BAA2B;YAAEC,UAAU,IAAI,CAACZ,MAAM,CAACI,iBAAiB;QAAC;IACnF;IAEA;;GAEC,GACD,AAAOS,qBAA2B;QAChC,IAAI,IAAI,CAACZ,eAAe,EAAE;YACxBa,cAAc,IAAI,CAACb,eAAe;YAClC,IAAI,CAACA,eAAe,GAAGc;YACvBlB,OAAOc,IAAI,CAAC;QACd;IACF;IAEA;;GAEC,GACD,MAAMK,cACJC,SAAiB,EACjBC,MAAc,EACdC,WAAyE,EAC1D;QACf,IAAI;YACF,MAAMC,cAA2B;gBAC/B,GAAGD,WAAW;gBACdF;gBACAI,cAAc,IAAIC;gBAClBC,UAAU;YACZ;YAEA,iCAAiC;YACjC,MAAM,IAAI,CAACC,mBAAmB,CAACN;YAE/B,qBAAqB;YACrB,MAAMO,aAAa,CAAC,QAAQ,EAAER,WAAW;YACzC,MAAM,IAAI,CAAClB,KAAK,CAAC2B,KAAK,CACpBD,YACAE,KAAKC,IAAI,CAAC,IAAI,CAAC5B,MAAM,CAACG,gBAAgB,GAAG,OACzC0B,KAAKC,SAAS,CAACV;YAGjB,4BAA4B;YAC5B,MAAMW,kBAAkB,CAAC,SAAS,EAAEb,QAAQ;YAC5C,MAAM,IAAI,CAACnB,KAAK,CAACiC,IAAI,CAACD,iBAAiBd;YACvC,MAAM,IAAI,CAAClB,KAAK,CAACkC,MAAM,CAACF,iBAAiBJ,KAAKC,IAAI,CAAC,IAAI,CAAC5B,MAAM,CAACG,gBAAgB,GAAG;YAElF,2BAA2B;YAC3B,IAAI,IAAI,CAACH,MAAM,CAACK,uBAAuB,EAAE;gBACvC,MAAM,IAAI,CAAC6B,iBAAiB,CAACd;YAC/B;YAEAvB,OAAOsC,KAAK,CAAC,mBAAmB;gBAAElB;gBAAWC;YAAO;QACtD,EAAE,OAAOR,OAAO;YACdb,OAAOa,KAAK,CAAC,6BAA6BA;YAC1C,MAAM,IAAIf,cACRC,UAAUwC,cAAc,EACxB,4BACA,CAAC,GACD1B;QAEJ;IACF;IAEA;;GAEC,GACD,MAAM2B,WAAWpB,SAAiB,EAA+B;QAC/D,IAAI;YACF,MAAMQ,aAAa,CAAC,QAAQ,EAAER,WAAW;YACzC,MAAME,cAAc,MAAM,IAAI,CAACpB,KAAK,CAACuC,GAAG,CAACb;YAEzC,IAAI,CAACN,aAAa;gBAChB,OAAO;YACT;YAEA,MAAMC,cAA2BS,KAAKU,KAAK,CAACpB;YAC5CC,YAAYoB,SAAS,GAAG,IAAIlB,KAAKF,YAAYoB,SAAS;YACtDpB,YAAYC,YAAY,GAAG,IAAIC,KAAKF,YAAYC,YAAY;YAE5D,uBAAuB;YACvBD,YAAYC,YAAY,GAAG,IAAIC;YAC/B,MAAM,IAAI,CAACmB,qBAAqB,CAACxB,WAAWG;YAE5C,OAAOA;QACT,EAAE,OAAOV,OAAO;YACdb,OAAOa,KAAK,CAAC,0BAA0BA;YACvC,OAAO;QACT;IACF;IAEA;;GAEC,GACD,MAAM+B,sBAAsBxB,SAAiB,EAAEG,WAAwB,EAAiB;QACtF,IAAI;YACF,MAAMK,aAAa,CAAC,QAAQ,EAAER,WAAW;YACzCG,YAAYC,YAAY,GAAG,IAAIC;YAE/B,MAAM,IAAI,CAACvB,KAAK,CAAC2B,KAAK,CACpBD,YACAE,KAAKC,IAAI,CAAC,IAAI,CAAC5B,MAAM,CAACG,gBAAgB,GAAG,OACzC0B,KAAKC,SAAS,CAACV;QAEnB,EAAE,OAAOV,OAAO;YACdb,OAAOa,KAAK,CAAC,sCAAsCA;QACrD;IACF;IAEA;;GAEC,GACD,MAAMgC,cAAczB,SAAiB,EAAEC,MAAe,EAAiB;QACrE,IAAI;YACF,+CAA+C;YAC/C,MAAME,cAAc,MAAM,IAAI,CAACiB,UAAU,CAACpB;YAE1C,sBAAsB;YACtB,MAAMQ,aAAa,CAAC,QAAQ,EAAER,WAAW;YACzC,MAAM,IAAI,CAAClB,KAAK,CAAC4C,GAAG,CAAClB;YAErB,iCAAiC;YACjC,IAAIP,UAAUE,aAAaF,QAAQ;gBACjC,MAAMa,kBAAkB,CAAC,SAAS,EAAEb,UAAUE,YAAaF,MAAM,EAAE;gBACnE,MAAM,IAAI,CAACnB,KAAK,CAAC6C,IAAI,CAACb,iBAAiBd;YACzC;YAEApB,OAAOsC,KAAK,CAAC,mBAAmB;gBAAElB;gBAAWC,QAAQA,UAAUE,aAAaF;YAAO;QACrF,EAAE,OAAOR,OAAO;YACdb,OAAOa,KAAK,CAAC,6BAA6BA;QAC5C;IACF;IAEA;;GAEC,GACD,MAAMmC,sBAAsB3B,MAAc,EAAqB;QAC7D,IAAI;YACF,MAAMa,kBAAkB,CAAC,SAAS,EAAEb,QAAQ;YAC5C,MAAM4B,aAAa,MAAM,IAAI,CAAC/C,KAAK,CAACgD,QAAQ,CAAChB;YAE7C,sBAAsB;YACtB,MAAMiB,iBAAiBF,WAAWG,GAAG,CAAChC,CAAAA,YACpC,IAAI,CAACyB,aAAa,CAACzB,WAAWC;YAEhC,MAAMgC,QAAQC,GAAG,CAACH;YAElB,oBAAoB;YACpB,MAAM,IAAI,CAACjD,KAAK,CAAC4C,GAAG,CAACZ;YAErBlC,OAAOc,IAAI,CAAC,6BAA6B;gBAAEO;gBAAQkC,cAAcN,WAAWO,MAAM;YAAC;YACnF,OAAOP;QACT,EAAE,OAAOpC,OAAO;YACdb,OAAOa,KAAK,CAAC,uCAAuCA;YACpD,MAAM,IAAIf,cACRC,UAAUwC,cAAc,EACxB,iCACA,CAAC,GACD1B;QAEJ;IACF;IAEA;;GAEC,GACD,MAAM4C,gBAAgBpC,MAAc,EAA0B;QAC5D,IAAI;YACF,MAAMa,kBAAkB,CAAC,SAAS,EAAEb,QAAQ;YAC5C,MAAM4B,aAAa,MAAM,IAAI,CAAC/C,KAAK,CAACgD,QAAQ,CAAChB;YAE7C,IAAIe,WAAWO,MAAM,KAAK,GAAG;gBAC3B,OAAO,EAAE;YACX;YAEA,oCAAoC;YACpC,MAAME,kBAAkBT,WAAWG,GAAG,CAAC,OAAOhC;gBAC5C,MAAMQ,aAAa,CAAC,QAAQ,EAAER,WAAW;gBACzC,MAAME,cAAc,MAAM,IAAI,CAACpB,KAAK,CAACuC,GAAG,CAACb;gBAEzC,IAAIN,aAAa;oBACf,MAAMC,cAA2BS,KAAKU,KAAK,CAACpB;oBAC5CC,YAAYoB,SAAS,GAAG,IAAIlB,KAAKF,YAAYoB,SAAS;oBACtDpB,YAAYC,YAAY,GAAG,IAAIC,KAAKF,YAAYC,YAAY;oBAC5D,OAAOD;gBACT;gBAEA,OAAO;YACT;YAEA,MAAMoC,WAAW,AAAC,CAAA,MAAMN,QAAQC,GAAG,CAACI,gBAAe,EAAGE,MAAM,CAC1D,CAACC,UAAoCA,YAAY;YAGnD,iCAAiC;YACjC,MAAMC,kBAAkBH,SAASP,GAAG,CAACW,CAAAA,IAAKA,EAAE3C,SAAS;YACrD,MAAM4C,kBAAkBf,WAAWW,MAAM,CAACK,CAAAA,KAAM,CAACH,gBAAgBI,QAAQ,CAACD;YAE1E,IAAID,gBAAgBR,MAAM,GAAG,GAAG;gBAC9B,KAAK,MAAMW,WAAWH,gBAAiB;oBACrC,MAAM,IAAI,CAAC9D,KAAK,CAAC6C,IAAI,CAACb,iBAAiBiC;gBACzC;YACF;YAEA,OAAOR,SAASS,IAAI,CAAC,CAACC,GAAGC,IAAMA,EAAE9C,YAAY,CAAC+C,OAAO,KAAKF,EAAE7C,YAAY,CAAC+C,OAAO;QAClF,EAAE,OAAO1D,OAAO;YACdb,OAAOa,KAAK,CAAC,gCAAgCA;YAC7C,OAAO,EAAE;QACX;IACF;IAEA;;GAEC,GACD,MAAcc,oBAAoBN,MAAc,EAAiB;QAC/D,IAAI;YACF,MAAMsC,WAAW,MAAM,IAAI,CAACF,eAAe,CAACpC;YAE5C,IAAIsC,SAASH,MAAM,IAAI,IAAI,CAACrD,MAAM,CAACE,kBAAkB,EAAE;gBACrD,wCAAwC;gBACxC,MAAMmE,mBAAmBb,SACtBS,IAAI,CAAC,CAACC,GAAGC,IAAMD,EAAE7C,YAAY,CAAC+C,OAAO,KAAKD,EAAE9C,YAAY,CAAC+C,OAAO,IAChEE,KAAK,CAAC,GAAGd,SAASH,MAAM,GAAG,IAAI,CAACrD,MAAM,CAACE,kBAAkB,GAAG;gBAE/D,KAAK,MAAMwD,WAAWW,iBAAkB;oBACtC,MAAM,IAAI,CAAC3B,aAAa,CAACgB,QAAQzC,SAAS,EAAEC;oBAC5CrB,OAAOc,IAAI,CAAC,4CAA4C;wBACtDM,WAAWyC,QAAQzC,SAAS;wBAC5BC;wBACAG,cAAcqC,QAAQrC,YAAY;oBACpC;gBACF;YACF;QACF,EAAE,OAAOX,OAAO;YACdb,OAAOa,KAAK,CAAC,oCAAoCA;QACnD;IACF;IAEA;;GAEC,GACD,MAAcD,yBAAwC;QACpD,IAAI;YACF,uBAAuB;YACvB,MAAM8D,cAAc,MAAM,IAAI,CAACxE,KAAK,CAACyE,IAAI,CAAC;YAC1C,IAAIC,eAAe;YAEnB,KAAK,MAAMhD,cAAc8C,YAAa;gBACpC,MAAMpD,cAAc,MAAM,IAAI,CAACpB,KAAK,CAACuC,GAAG,CAACb;gBAEzC,IAAIN,aAAa;oBACf,IAAI;wBACF,MAAMC,cAA2BS,KAAKU,KAAK,CAACpB;wBAC5C,MAAME,eAAe,IAAIC,KAAKF,YAAYC,YAAY;wBACtD,MAAMqD,MAAM,IAAIpD;wBAEhB,+BAA+B;wBAC/B,IAAIoD,IAAIN,OAAO,KAAK/C,aAAa+C,OAAO,KAAK,IAAI,CAACpE,MAAM,CAACG,gBAAgB,EAAE;4BACzE,MAAMc,YAAYQ,WAAWkD,OAAO,CAAC,YAAY;4BACjD,MAAM,IAAI,CAACjC,aAAa,CAACzB,WAAWG,YAAYF,MAAM;4BACtDuD;wBACF;oBACF,EAAE,OAAOG,YAAY;wBACnB,gCAAgC;wBAChC,MAAM,IAAI,CAAC7E,KAAK,CAAC4C,GAAG,CAAClB;wBACrBgD;oBACF;gBACF,OAAO;oBACL,qBAAqB;oBACrB,MAAM,IAAI,CAAC1E,KAAK,CAAC4C,GAAG,CAAClB;oBACrBgD;gBACF;YACF;YAEA,IAAIA,eAAe,GAAG;gBACpB5E,OAAOc,IAAI,CAAC,6BAA6B;oBAAE8D;oBAAcI,WAAWN,YAAYlB,MAAM;gBAAC;YACzF;QACF,EAAE,OAAO3C,OAAO;YACdb,OAAOa,KAAK,CAAC,2BAA2BA;QAC1C;IACF;IAEA;;GAEC,GACD,MAAcwB,kBAAkBd,WAAwB,EAAiB;QACvE,IAAI;YACF,MAAM0D,QAAQ,IAAIxD,OAAOyD,WAAW,GAAGC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,aAAa;YAEnE,4BAA4B;YAC5B,MAAM,IAAI,CAACjF,KAAK,CAACkF,IAAI,CAAC,CAAC,qBAAqB,EAAEH,OAAO;YACrD,MAAM,IAAI,CAAC/E,KAAK,CAACkC,MAAM,CAAC,CAAC,qBAAqB,EAAE6C,OAAO,EAAE,IAAI,KAAK,KAAK,KAAK,kBAAkB;YAE9F,4DAA4D;YAC5D,MAAMI,aAAa,IAAI,CAACC,eAAe,CAAC/D,YAAYgE,SAAS,IAAI;YACjE,MAAM,IAAI,CAACrF,KAAK,CAACkF,IAAI,CAAC,CAAC,sBAAsB,EAAEC,YAAY;YAC3D,MAAM,IAAI,CAACnF,KAAK,CAACkC,MAAM,CAAC,CAAC,sBAAsB,EAAEiD,YAAY,EAAE,KAAK,KAAK,KAAK,KAAK,mBAAmB;YAEtG,yDAAyD;YACzD,IAAI,IAAI,CAAClF,MAAM,CAACM,iBAAiB,IAAIc,YAAYiE,QAAQ,EAAE;gBACzD,MAAMC,UAAUlE,YAAYiE,QAAQ,CAACL,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI;gBACtD,MAAM,IAAI,CAACjF,KAAK,CAACkF,IAAI,CAAC,CAAC,wBAAwB,EAAEK,SAAS;gBAC1D,MAAM,IAAI,CAACvF,KAAK,CAACkC,MAAM,CAAC,CAAC,wBAAwB,EAAEqD,SAAS,EAAE,KAAK,KAAK,KAAK;YAC/E;QACF,EAAE,OAAO5E,OAAO;YACdb,OAAOa,KAAK,CAAC,kCAAkCA;QACjD;IACF;IAEA;;GAEC,GACD,MAAM6E,kBAAyC;QAC7C,IAAI;YACF,MAAMT,QAAQ,IAAIxD,OAAOyD,WAAW,GAAGC,KAAK,CAAC,IAAI,CAAC,EAAE;YAEpD,4BAA4B;YAC5B,MAAMT,cAAc,MAAM,IAAI,CAACxE,KAAK,CAACyE,IAAI,CAAC;YAC1C,MAAMgB,gBAAgBjB,YAAYlB,MAAM;YAExC,oCAAoC;YACpC,IAAIoC,iBAAiB;YACrB,MAAMC,mBAA2C,CAAC;YAClD,MAAMC,qBAA6C,CAAC;YACpD,IAAIC;YACJ,IAAIC;YAEJ,KAAK,MAAMpE,cAAc8C,YAAa;gBACpC,MAAMpD,cAAc,MAAM,IAAI,CAACpB,KAAK,CAACuC,GAAG,CAACb;gBAEzC,IAAIN,aAAa;oBACf,IAAI;wBACF,MAAMC,cAA2BS,KAAKU,KAAK,CAACpB;wBAC5CsE;wBAEA,MAAMjD,YAAY,IAAIlB,KAAKF,YAAYoB,SAAS;wBAChD,IAAI,CAACoD,iBAAiBpD,YAAYoD,eAAe;4BAC/CA,gBAAgBpD;wBAClB;wBACA,IAAI,CAACqD,iBAAiBrD,YAAYqD,eAAe;4BAC/CA,gBAAgBrD;wBAClB;wBAEA,uBAAuB;wBACvB,MAAM0C,aAAa,IAAI,CAACC,eAAe,CAAC/D,YAAYgE,SAAS,IAAI;wBACjEM,gBAAgB,CAACR,WAAW,GAAG,AAACQ,CAAAA,gBAAgB,CAACR,WAAW,IAAI,CAAA,IAAK;wBAErE,oBAAoB;wBACpB,IAAI9D,YAAYiE,QAAQ,EAAE;4BACxB,MAAMC,UAAUlE,YAAYiE,QAAQ,CAACL,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI;4BACtDW,kBAAkB,CAACL,QAAQ,GAAG,AAACK,CAAAA,kBAAkB,CAACL,QAAQ,IAAI,CAAA,IAAK;wBACrE;oBACF,EAAE,OAAOV,YAAY;oBACnB,sBAAsB;oBACxB;gBACF;YACF;YAEA,6CAA6C;YAC7C,MAAMkB,yBAAyB,GAAG,iCAAiC;YAEnE,OAAO;gBACLN;gBACAC;gBACAC;gBACAC;gBACAG;gBACAF;gBACAC;YACF;QACF,EAAE,OAAOnF,OAAO;YACdb,OAAOa,KAAK,CAAC,gCAAgCA;YAC7C,OAAO;gBACL8E,eAAe;gBACfC,gBAAgB;gBAChBC,kBAAkB,CAAC;gBACnBC,oBAAoB,CAAC;gBACrBG,wBAAwB;YAC1B;QACF;IACF;IAEA;;GAEC,GACD,AAAQX,gBAAgBC,SAAiB,EAAU;QACjD,MAAMW,KAAKX,UAAUY,WAAW;QAEhC,IAAID,GAAGhC,QAAQ,CAAC,aAAagC,GAAGhC,QAAQ,CAAC,cAAcgC,GAAGhC,QAAQ,CAAC,WAAW;YAC5E,OAAO;QACT,OAAO,IAAIgC,GAAGhC,QAAQ,CAAC,aAAagC,GAAGhC,QAAQ,CAAC,SAAS;YACvD,OAAO;QACT,OAAO,IAAIgC,GAAGhC,QAAQ,CAAC,UAAUgC,GAAGhC,QAAQ,CAAC,cAAcgC,GAAGhC,QAAQ,CAAC,WAAW;YAChF,OAAO;QACT,OAAO;YACL,OAAO;QACT;IACF;IAEA;;GAEC,GACD,MAAMkC,4BAA4B/E,MAAc,EAAEgF,QAIjD,EAAqB;QACpB,IAAI;YACF,MAAM1C,WAAW,MAAM,IAAI,CAACF,eAAe,CAACpC;YAC5C,MAAMiF,qBAA+B,EAAE;YACvC,MAAMzB,MAAM,IAAIpD;YAEhB,KAAK,MAAMoC,WAAWF,SAAU;gBAC9B,IAAI4C,kBAAkB;gBAEtB,YAAY;gBACZ,IAAIF,SAASG,WAAW,EAAE;oBACxB,MAAMC,WAAW,AAAC5B,CAAAA,IAAIN,OAAO,KAAKV,QAAQlB,SAAS,CAAC4B,OAAO,EAAC,IAAM,CAAA,OAAO,KAAK,EAAC;oBAC/E,IAAIkC,WAAWJ,SAASG,WAAW,EAAE;wBACnCD,kBAAkB;oBACpB;gBACF;gBAEA,WAAW;gBACX,IAAIF,SAASK,aAAa,EAAExC,SAASL,QAAQ8C,SAAS,IAAI,KAAK;oBAC7DJ,kBAAkB;gBACpB;gBAEA,mBAAmB;gBACnB,IAAIF,SAASO,oBAAoB,EAAEC,KAAKX,CAAAA,KACtCrC,QAAQ0B,SAAS,EAAEY,cAAcjC,SAASgC,GAAGC,WAAW,MACvD;oBACDI,kBAAkB;gBACpB;gBAEA,IAAIA,iBAAiB;oBACnB,MAAM,IAAI,CAAC1D,aAAa,CAACgB,QAAQzC,SAAS,EAAEC;oBAC5CiF,mBAAmBQ,IAAI,CAACjD,QAAQzC,SAAS;oBAEzCpB,OAAO+G,IAAI,CAAC,iCAAiC;wBAC3C3F,WAAWyC,QAAQzC,SAAS;wBAC5BC;wBACAsF,WAAW9C,QAAQ8C,SAAS;wBAC5BpB,WAAW1B,QAAQ0B,SAAS;oBAC9B;gBACF;YACF;YAEA,OAAOe;QACT,EAAE,OAAOzF,OAAO;YACdb,OAAOa,KAAK,CAAC,4CAA4CA;YACzD,MAAM,IAAIf,cACRC,UAAUwC,cAAc,EACxB,2CACA,CAAC,GACD1B;QAEJ;IACF;IAEA;;GAEC,GACD,MAAMmG,2BAA2B3F,MAAc,EAAE4F,QAAgB,EAAE,EAI/D;QACF,IAAI;YACF,MAAMtD,WAAW,MAAM,IAAI,CAACF,eAAe,CAACpC;YAC5C,MAAM6F,WAAqE,EAAE;YAE7E,KAAK,MAAMrD,WAAWF,SAAU;gBAC9BuD,SAASJ,IAAI,CAAC;oBACZK,WAAWtD,QAAQlB,SAAS;oBAC5ByE,QAAQ;oBACRC,SAAS;wBACPjG,WAAWyC,QAAQzC,SAAS;wBAC5BuF,WAAW9C,QAAQ8C,SAAS;wBAC5BpB,WAAW1B,QAAQ0B,SAAS;oBAC9B;gBACF;gBAEA2B,SAASJ,IAAI,CAAC;oBACZK,WAAWtD,QAAQrC,YAAY;oBAC/B4F,QAAQ;oBACRC,SAAS;wBACPjG,WAAWyC,QAAQzC,SAAS;wBAC5BkG,UAAUzD,QAAQrC,YAAY,CAAC+C,OAAO,KAAKV,QAAQlB,SAAS,CAAC4B,OAAO;oBACtE;gBACF;YACF;YAEA,oBAAoB;YACpB2C,SAAS9C,IAAI,CAAC,CAACC,GAAGC,IAAMA,EAAE6C,SAAS,CAAC5C,OAAO,KAAKF,EAAE8C,SAAS,CAAC5C,OAAO;YAEnE,uBAAuB;YACvB,MAAMgD,SAAS,IAAI9F,KAAKA,KAAKoD,GAAG,KAAKoC,QAAQ,KAAK,KAAK;YACvD,OAAOC,SAAStD,MAAM,CAAC4D,CAAAA,QAASA,MAAML,SAAS,GAAGI;QACpD,EAAE,OAAO1G,OAAO;YACdb,OAAOa,KAAK,CAAC,4CAA4CA;YACzD,OAAO,EAAE;QACX;IACF;IAEA;;GAEC,GACD,AAAO4G,UAAgB;QACrB,IAAI,CAACzG,kBAAkB;QACvBhB,OAAOc,IAAI,CAAC;IACd;AACF"}