fa-mcp-sdk 0.2.146 → 0.2.174

package/{cli-template/config → config}/_local.yaml

@@ -1,15 +1,15 @@
 # Copy this file to local.yaml and update with your database credentials
 # local.yaml is gitignored and won't be committed
 ---
-#ad:
-#  domains:
-#    MYDOMAIN:
-#      default: true
-#      controllers:
-#        - 'ldap://c1.corp.com'
-#        - 'ldap://c2.corp.com'
-#      username: '***'
-#      password: '***'
+ad:
+  domains:
+    MYDOMAIN:
+      default: true
+      controllers:
+        - 'ldap://c1.corp.com'
+        - 'ldap://c2.corp.com'
+      username: '***'
+      password: '***'
 
 # --------------------------------------------------
 # CACHING Reduces API calls by caching responses
@@ -30,7 +30,7 @@ consul:
       # Token for obtaining information about PROD services
       token: '{{consul.agent.prd.token}}'
     reg:
-      # host: '***' # The host of the consul agent where the service will be registered. If not specified, the server on which the service is running is used
+      host: '{{consul.agent.reg.host}}' # The host of the consul agent where the service will be registered. If not specified, the server on which the service is running is used
       # Token for registering the service in the consul agent
       token: '{{consul.agent.reg.token}}'
   service:
@@ -67,14 +67,14 @@ mcp:
     windowMs: 60000  # 1 minute
 
 swagger:
-  servers:  # An array of servers that will be added to swagger docs
+  servers: # An array of servers that will be added to swagger docs
     - url: http://localhost:{{port}}
       description: "Local server"
 
 webServer:
   port: {{port}}
   # array of hosts that CORS skips
-  originHosts: ['localhost', '0.0.0.0']
+  originHosts: [ 'localhost', '0.0.0.0' ]
   # Authentication is configured here only when accessing the MCP server
   # Authentication in services that enable tools, resources, and prompts
   # is implemented more deeply. To do this, you need to use the information passed in HTTP headers
@@ -89,7 +89,8 @@ webServer:
     # To enable this authentication, you need to set auth.enabled = true
     # and set one token of at least 20 characters in length
     # ========================================================================
-    permanentServerTokens: []
+    permanentServerTokens: [ ] # Add your server tokens here: ['token1', 'token2']
+
     # ========================================================================
     # JWT TOKEN WITH SYMMETRIC ENCRYPTION
     # Custom JWT tokens with AES-256 encryption
@@ -99,10 +100,11 @@ webServer:
     # encryptKey to at least 20 characters
     # ========================================================================
     jwtToken:
-      # Symmetric encryption key to generate a token for this MCP
+      # Symmetric encryption key to generate a token for this MCP (minimum 8 chars)
       encryptKey: '{{webServer.auth.token.encryptKey}}'
       # If webServer.auth.enabled and the parameter true, the service name and the service specified in the token will be checked
       checkMCPName: {{webServer.auth.token.checkMCPName}}
+
     # ========================================================================
     # Basic Authentication - Base64 encoded username:password
     # CPU cost: Medium - Base64 decoding + string comparison
@@ -112,3 +114,15 @@ webServer:
     basic:
       username: ''
       password: '***'
+
+  # ========================================================================
+  # ADMIN PANEL AUTHENTICATION
+  # Token generation page available at /admin endpoint
+  # Supports 4 authentication methods: permanentServerTokens, basic, jwtToken, ntlm
+  # ========================================================================
+  adminAuth:
+    enabled: false  # Enable/disable admin panel
+    # Authentication type for admin panel: 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm'
+    # For permanentServerTokens, basic, jwtToken - uses credentials from webServer.auth section
+    # For ntlm - uses AD configuration from ad.domains section (no additional credentials needed)
+    type: 'basic'

package/{cli-template/config → config}/custom-environment-variables.yaml

@@ -40,3 +40,6 @@ webServer:
     basic:
       username: WS_AUTH_BASIC_USERNAME
       password: WS_AUTH_BASIC_PASSWORD
+  adminAuth:
+    enabled: WS_ADMIN_AUTH_ENABLED
+    type: WS_ADMIN_AUTH_TYPE  # permanentServerTokens | basic | jwtToken | ntlm

package/{cli-template/config → config}/default.yaml

@@ -9,6 +9,31 @@
 #    noConsul: true # Use if the service developers do not provide registration in consul
 #    consulServiceName: <consulServiceName>
 
+ad:
+  # Active Directory / LDAP settings.
+  # Used for authentication/authorization (e.g., NTLM in admin panel) and checking user membership in AD groups.
+  domains:
+    # Map of domains. Key is a domain name
+    MYDOMAIN:
+      # Marks this domain as default one
+      default: true
+      # List of LDAP controllers (can be multiple for failover).
+      # Use ldap:// for plain LDAP or ldaps:// for LDAP over TLS.
+      controllers:
+        - 'ldap://c1.corp.com'
+        - 'ldap://c2.corp.com'
+      # Service account (bind DN or username) used to connect to LDAP.
+      username: '***'
+      # Service account password.
+      password: '***'
+      # Base DN for LDAP searches. Auto-derived from controller URL if not set.
+      # baseDn: 'DC=corp,DC=com'
+  # Cache TTL for group membership checks (default: 600000 = 10 min)
+  # groupCacheTtlMs: 600000
+  # Cache TTL for user/group DN lookups (default: 86400000 = 24 hours)
+  # dnCacheTtlMs: 86400000
+
+# ... existing code ...
 # --------------------------------------------------
 # CACHING Reduces API calls by caching responses
 # --------------------------------------------------
@@ -17,6 +42,9 @@ cache:
   ttlSeconds: 300
   # Default maximum number of cached items
   maxItems: 1000
+  # time in seconds to check all data and delete expired keys
+  checkPeriod: 1200
+
 
 consul:
   check:
@@ -54,13 +82,13 @@ consul:
     instance: '{{SERVICE_INSTANCE}}' # This value will be specified as a suffix in the id of the service
     version: <version> # <version> will be replaced by <package.json>.version at initialization
     description: <description> # <description> will be replaced by <package.json>.description at initialization
-    tags: [] # If null or empty array - Will be pulled up from package.keywords at initialization
+    tags: [ ] # If null or empty array - Will be pulled up from package.keywords at initialization
     meta:
-      # "About" page link template
+      # "Home" page link template
       who: 'http://{address}:{port}/'
   envCode: # Used to generate the service ID
-    prod: {{consul.envCode.prod}} # Production environment code
-    dev: {{consul.envCode.dev}} # Development environment code
+    prod: '{{consul.envCode.prod}}' # Production environment code
+    dev: '{{consul.envCode.dev}}' # Development environment code
 
 db:
   postgres:
@@ -72,7 +100,7 @@ db:
         database: <database>
         user: <user>
         password: <password>
-        usedExtensions: []
+        usedExtensions: [ ]
 
 logger:
   level: info
@@ -91,10 +119,10 @@ mcp:
     windowMs: 60000  # 1 minute
 
 swagger:
-  servers:  # An array of servers that will be added to swagger docs
-    # - url: http://localhost:9020
+  servers: # An array of servers that will be added to swagger docs
+    # - url: http://localhost:{{port}}
     #   description: "Development server (localhost)"
-    # - url: http://0.0.0.0:9020
+    # - url: http://0.0.0.0:{{port}}
     #   description: "Development server (all interfaces)"
     # - url: http://<prod_server_host_or_ip>:{{port}}
     #   description: "PROD server"
@@ -102,14 +130,14 @@ swagger:
       description: "PROD server"
 
 uiColor:
-  # Font color of the header and a number of interface elements on the ABOUT page
+  # Font color of the header and a number of interface elements on the HOME page
   primary: '#0f65dc'
 
 webServer:
   host: '0.0.0.0'
   port: {{port}}
   # array of hosts that CORS skips
-  originHosts: ['localhost', '0.0.0.0']
+  originHosts: [ 'localhost', '0.0.0.0' ]
   # Authentication is configured here only when accessing the MCP server
   # Authentication in services that enable tools, resources, and prompts
   # is implemented more deeply. To do this, you need to use the information passed in HTTP headers
@@ -149,3 +177,15 @@ webServer:
     basic:
       username: ''
       password: '***'
+
+  # ========================================================================
+  # ADMIN PANEL AUTHENTICATION
+  # Token generation page available at /admin endpoint
+  # Supports 4 authentication methods: permanentServerTokens, basic, jwtToken, ntlm
+  # ========================================================================
+  adminAuth:
+    enabled: false  # Enable/disable admin panel
+    # Authentication type for admin panel: 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm'
+    # For permanentServerTokens, basic, jwtToken - uses credentials from webServer.auth section
+    # For ntlm - uses AD configuration from ad.domains section (no additional credentials needed)
+    type: 'basic'

package/{cli-template/config → config}/development.yaml

@@ -1,4 +1,4 @@
----
-
-
-
+---
+
+
+

package/config/local.yaml

@@ -0,0 +1,81 @@
+ad:
+  domains:
+    OFFICE:
+      controllers:
+        - 'ldap://prdc1.office.finam.ru'
+        - 'ldap://prdc2.office.finam.ru'
+      default: true
+      password: International2025%
+      username: aite01-ldap-s
+    WTE:
+      controllers:
+        - 'ldap://prdc1.corp.whotrades.eu'
+        - 'ldap://prdc2.corp.whotrades.eu'
+      password: International2025%
+      username: aite01-ldap-s
+
+consul:
+  agent:
+    dev:
+      dc: 'dc-dev'
+      host: 'consul.entapp.work'
+      token: db56c39b-4b3f-f995-f2e6-6b7c5ab76fa8
+    prd:
+      dc: 'dc-prd'
+      host: 'consul.entapp.work'
+      token: 4701c873-9af3-e9a5-cd81-3a0184a5d898
+    reg:
+      host: MSK-AITE01-AP01.office.finam.ru
+      # host: MSK-AITR01-AP01.office.finam.ru
+      token: db56c39b-4b3f-f995-f2e6-6b7c5ab76fa8
+  service:
+    enable: true
+    instance: ws1170
+  envCode: # Used to generate the service ID
+    prod: aitr01
+    dev: aite01
+
+db:
+  postgres:
+    dbs:
+      main:
+        database: slava
+        host: msk-aite01-ap01
+        port: 5432
+        user: csbot
+        password: yxxfdZwTAkpz
+        usedExtensions:
+          - pgvector
+
+logger:
+  level: info
+  useFileLogger: false # To use or not to use logging to a file
+  dir: ''
+
+mcp:
+  transportType: http # 'stdio' or 'http'
+  toolAnswerAs: text # text | structuredContent
+
+swagger:
+  servers:  # An array of servers that will be added to swagger docs
+    - url: http://localhost:9876
+      description: "Local server"
+
+webServer:
+  port: 9876
+  auth:
+    enabled: true
+    # An array of fixed tokens that pass to the MCP (use only for MCPs with green data or for development)
+    # permanentServerTokens: ['test-perm-token']
+    jwtToken:
+      # Symmetric encryption key to generate a token for this MCP
+      encryptKey: '66666666-7777-8888-9999-000000000000'
+      # If webServer.auth.enabled and the parameter true, the service name and the service specified in the token will be checked
+      checkMCPName: true
+    basic:
+      username: vpupkin
+      password: '1'
+
+  adminAuth:
+    enabled: true
+    type: 'ntlm'

package/{cli-template/config → config}/production.yaml

@@ -1,4 +1,4 @@
----
-
-
-
+---
+
+
+

package/dist/core/_types_/active-directory-config.d.ts

@@ -7,6 +7,7 @@ export interface IDcConfig {
     controllers: string[];
     username: string;
     password: string;
+    baseDn?: string;
     default?: boolean;
     name?: string;
     hostReSource?: string;
@@ -19,6 +20,8 @@ export interface IADConfig {
         };
         tlsOptions?: ConnectionOptions;
         strategy?: EAuthStrategy;
+        groupCacheTtlMs?: number;
+        dnCacheTtlMs?: number;
     };
 }
 //# sourceMappingURL=active-directory-config.d.ts.map

package/dist/core/_types_/active-directory-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"active-directory-config.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/active-directory-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,WAAW,SAAS;IAExB;;OAEG;IACH,WAAW,EAAE,MAAM,EAAE,CAAC;IAEtB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAKlB,IAAI,CAAC,EAAE,MAAM,CAAC;IAId,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE;QACF,OAAO,EAAE;YAEP,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;SACjC,CAAA;QACD,UAAU,CAAC,EAAE,iBAAiB,CAAC;QAC/B,QAAQ,CAAC,EAAE,aAAa,CAAC;KAC1B,CAAA;CACF"}
+{"version":3,"file":"active-directory-config.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/active-directory-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,WAAW,SAAS;IAExB;;OAEG;IACH,WAAW,EAAE,MAAM,EAAE,CAAC;IAEtB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IAEjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAKlB,IAAI,CAAC,EAAE,MAAM,CAAC;IAId,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE;QACF,OAAO,EAAE;YAEP,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;SACjC,CAAA;QACD,UAAU,CAAC,EAAE,iBAAiB,CAAC;QAC/B,QAAQ,CAAC,EAAE,aAAa,CAAC;QAEzB,eAAe,CAAC,EAAE,MAAM,CAAC;QAEzB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAA;CACF"}

package/dist/core/_types_/config.d.ts

@@ -1,6 +1,6 @@
 import { TFileLogLevel } from 'af-logger-ts';
 import { IAFDatabasesConfig } from 'af-db-ts';
-import { IAFConsulConfig, IAccessPoints } from 'af-consul-ts';
+import { IAFConsulConfig, IAccessPoints } from 'fa-consul';
 import { IADConfig } from './active-directory-config.js';
 interface IWebServerConfig {
     webServer: {
@@ -19,6 +19,10 @@ interface IWebServerConfig {
             };
             permanentServerTokens: string[];
         };
+        adminAuth: {
+            enabled: boolean;
+            type: 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm';
+        };
     };
 }
 interface ILoggerConfig {

package/dist/core/_types_/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAGzD,UAAU,gBAAgB;IACxB,SAAS,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,IAAI,EAAE;YACJ,OAAO,EAAE,OAAO,CAAC;YACjB,KAAK,CAAC,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC;gBACjB,QAAQ,EAAE,MAAM,CAAC;aAClB,CAAC;YACF,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC;gBACnB,YAAY,EAAE,OAAO,CAAC;aACvB,CAAA;YACD,qBAAqB,EAAE,MAAM,EAAE,CAAC;SACjC,CAAC;KACH,CAAA;CACF;AAGD,UAAU,aAAa;IACrB,MAAM,EAAE;QACN,KAAK,EAAE,aAAa,CAAC;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAA;CACF;AAED,UAAU,UAAU;IAClB,GAAG,EAAE;QACH,SAAS,EAAE;YACT,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,YAAY,EAAE,MAAM,GAAG,mBAAmB,CAAA;QAC1C,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;KACjC,CAAA;CACF;AAED,UAAU,cAAc;IACtB,OAAO,EAAE;QACP,OAAO,CAAC,EAAE;YACR,GAAG,EAAE,MAAM,CAAC;YACZ,WAAW,EAAE,MAAM,CAAC;SACrB,EAAE,CAAC;KACL,CAAA;CACF;AAED,UAAU,YAAY;IACpB,KAAK,EAAE;QACL,UAAU,EAAE,GAAG,CAAC;QAChB,QAAQ,EAAE,IAAI,CAAC;KAChB,CAAA;CACF;AAED,MAAM,WAAW,SAAU,SAAQ,SAAS,EAC1C,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,EACV,cAAc;IAEd,YAAY,EAAE,OAAO,CAAC;IAEtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IAEpB,YAAY,EAAE,aAAa,CAAC;IAC5B,MAAM,EAAE,eAAe,GAAG;QACxB,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAC;YACb,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAA;CACF"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAGzD,UAAU,gBAAgB;IACxB,SAAS,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,IAAI,EAAE;YACJ,OAAO,EAAE,OAAO,CAAC;YACjB,KAAK,CAAC,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC;gBACjB,QAAQ,EAAE,MAAM,CAAC;aAClB,CAAC;YACF,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC;gBACnB,YAAY,EAAE,OAAO,CAAC;aACvB,CAAA;YACD,qBAAqB,EAAE,MAAM,EAAE,CAAC;SACjC,CAAC;QACF,SAAS,EAAE;YACT,OAAO,EAAE,OAAO,CAAC;YACjB,IAAI,EAAE,uBAAuB,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;SAC/D,CAAC;KACH,CAAA;CACF;AAGD,UAAU,aAAa;IACrB,MAAM,EAAE;QACN,KAAK,EAAE,aAAa,CAAC;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAA;CACF;AAED,UAAU,UAAU;IAClB,GAAG,EAAE;QACH,SAAS,EAAE;YACT,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,YAAY,EAAE,MAAM,GAAG,mBAAmB,CAAA;QAC1C,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;KACjC,CAAA;CACF;AAED,UAAU,cAAc;IACtB,OAAO,EAAE;QACP,OAAO,CAAC,EAAE;YACR,GAAG,EAAE,MAAM,CAAC;YACZ,WAAW,EAAE,MAAM,CAAC;SACrB,EAAE,CAAC;KACL,CAAA;CACF;AAED,UAAU,YAAY;IACpB,KAAK,EAAE;QACL,UAAU,EAAE,GAAG,CAAC;QAChB,QAAQ,EAAE,IAAI,CAAC;KAChB,CAAA;CACF;AAED,MAAM,WAAW,SAAU,SAAQ,SAAS,EAC1C,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,EACV,cAAc;IAEd,YAAY,EAAE,OAAO,CAAC;IAEtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IAEpB,YAAY,EAAE,aAAa,CAAC;IAC5B,MAAM,EAAE,eAAe,GAAG;QACxB,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAC;YACb,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAA;CACF"}

package/dist/core/_types_/types.d.ts

@@ -55,6 +55,10 @@ export interface McpServerData {
         name: string;
         arguments?: any;
         headers?: Record<string, string>;
+        payload?: {
+            user: string;
+            [key: string]: any;
+        } | undefined;
     }) => Promise<any>;
     agentBrief: string;
     agentPrompt: string;
@@ -68,7 +72,7 @@ export interface McpServerData {
         swagger?: ISwaggerData | null;
     };
     assets?: {
-        favicon?: string;
+        logoSvg?: string;
         maintainerHtml?: string;
     };
     getConsulUIAddress?: (serviceId: string) => string;

package/dist/core/_types_/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,EAAE,CAAC;IACd,OAAO,EAAE,cAAc,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,aAAc,SAAQ,aAAa;IAClD,OAAO,EAAE,gBAAgB,CAAC;CAC3B;AAED,MAAM,MAAM,wBAAwB,GAAG,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;AACjF,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,MAAM,GAAG,wBAAwB,CAAC;AAE1E,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE;QACR;YACE,GAAG,EAAE,MAAM,CAAC;YACZ,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;SACvB;KACF,CAAC;CACH;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAA;AAE/D,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,GAAG,CAAC;IAClB,SAAS,EAAE,GAAG,CAAC;CAChB;AAED;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,UAAU,CAAC,GAAG,UAAU,CAAC;AAEjF;;GAEG;AACH,MAAM,WAAW,aAAa;IAE5B,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,WAAW,EAAE,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,GAAG,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;IAG3G,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,WAAW,EAAE,CAAC;IAG9B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,GAAG,IAAI,CAAC;IACnD,eAAe,CAAC,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;IAGzC,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAE1C,cAAc,CAAC,EAAE;QACf,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,cAAc,CAAC,EAAE,eAAe,CAAC;QACjC,OAAO,CAAC,EAAE,YAAY,GAAG,IAAI,CAAC;KAC/B,CAAC;IAEF,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QAEjB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;IAGF,kBAAkB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,MAAM,CAAC;CACpD;AAGD,MAAM,WAAW,iBAAiB;IAChC,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,MAAM,EAAE,aAAa,GAAG,iBAAiB,CAAC;IAC1C,MAAM,EAAE,gBAAgB,CAAC;CAC1B;AAED,MAAM,MAAM,sBAAsB,GAAG,CAAC,OAAO,EAAE,iBAAiB,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;AAC7F,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,sBAAsB,CAAC;AAE7D,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,gBAAgB,CAAC;IACzB,MAAM,EAAE;QACN,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,CAAC,CAAC,EAAE,MAAM,GAAG;QACX,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,CAAC,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;KAClB,CAAC;CACH;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,QAAQ,CAAC;IACf,UAAU,CAAC,EAAE,eAAe,GAAG,SAAS,CAAC;IACzC,QAAQ,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAEhC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,EAAE,CAAC;IACd,OAAO,EAAE,cAAc,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,aAAc,SAAQ,aAAa;IAClD,OAAO,EAAE,gBAAgB,CAAC;CAC3B;AAED,MAAM,MAAM,wBAAwB,GAAG,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;AACjF,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,MAAM,GAAG,wBAAwB,CAAC;AAE1E,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE;QACR;YACE,GAAG,EAAE,MAAM,CAAC;YACZ,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;SACvB;KACF,CAAC;CACH;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAA;AAE/D,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,GAAG,CAAC;IAClB,SAAS,EAAE,GAAG,CAAC;CAChB;AAED;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,UAAU,CAAC,GAAG,UAAU,CAAC;AAEjF;;GAEG;AACH,MAAM,WAAW,aAAa;IAE5B,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,WAAW,EAAE,CAAC,MAAM,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,CAAC,EAAE,GAAG,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,OAAO,CAAC,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;SAAE,GAAG,SAAS,CAAA;KAC3D,KACV,OAAO,CAAC,GAAG,CAAC,CAAC;IAGlB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,WAAW,EAAE,CAAC;IAG9B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,GAAG,IAAI,CAAC;IACnD,eAAe,CAAC,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;IAGzC,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAE1C,cAAc,CAAC,EAAE;QACf,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,cAAc,CAAC,EAAE,eAAe,CAAC;QACjC,OAAO,CAAC,EAAE,YAAY,GAAG,IAAI,CAAC;KAC/B,CAAC;IAEF,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QAEjB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;IAGF,kBAAkB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,MAAM,CAAC;CACpD;AAGD,MAAM,WAAW,iBAAiB;IAChC,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,MAAM,EAAE,aAAa,GAAG,iBAAiB,CAAC;IAC1C,MAAM,EAAE,gBAAgB,CAAC;CAC1B;AAED,MAAM,MAAM,sBAAsB,GAAG,CAAC,OAAO,EAAE,iBAAiB,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;AAC7F,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,sBAAsB,CAAC;AAE7D,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,gBAAgB,CAAC;IACzB,MAAM,EAAE;QACN,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,CAAC,CAAC,EAAE,MAAM,GAAG;QACX,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,CAAC,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;KAClB,CAAC;CACH;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,QAAQ,CAAC;IACf,UAAU,CAAC,EAAE,eAAe,GAAG,SAAS,CAAC;IACzC,QAAQ,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAEhC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB"}

package/dist/core/ad/group-checker.d.ts

@@ -0,0 +1,13 @@
+import { GroupChecker } from 'af-ad-ts';
+export interface IGroupCheckerInitResult {
+    isUserInGroup: (userSam: string, groupSam: string) => Promise<boolean>;
+    groupChecker: GroupChecker;
+    domainName: string;
+}
+/**
+ * Initializes AD Group Checker for checking user membership in AD groups.
+ * @param domainName - Optional domain name. Uses default domain if not specified.
+ * @throws Error if AD configuration is missing or incomplete
+ */
+export declare function initADGroupChecker(domainName?: string): IGroupCheckerInitResult;
+//# sourceMappingURL=group-checker.d.ts.map

package/dist/core/ad/group-checker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"group-checker.d.ts","sourceRoot":"","sources":["../../../src/core/ad/group-checker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAuB,MAAM,UAAU,CAAC;AAK7D,MAAM,WAAW,uBAAuB;IACtC,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACvE,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;CACpB;AAkCD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAE,UAAU,CAAC,EAAE,MAAM,GAAG,uBAAuB,CA6ChF"}

package/dist/core/ad/group-checker.js

@@ -0,0 +1,86 @@
+import { GroupChecker } from 'af-ad-ts';
+import { appConfig } from '../bootstrap/init-config.js';
+import { logger } from '../logger.js';
+/**
+ * Derives baseDn from LDAP controller URL.
+ * Example: 'ldap://dc1.corp.company.com' -> 'DC=corp,DC=company,DC=com'
+ */
+function deriveBaseDnFromController(controllerUrl) {
+    const url = controllerUrl.replace(/^ldaps?:\/\//, '');
+    const parts = url.split('.').reverse().slice(0, 3).reverse();
+    return parts.map((v) => `DC=${v}`).join(',');
+}
+function getDefaultDomain() {
+    const domains = appConfig.ad?.domains;
+    if (!domains) {
+        return undefined;
+    }
+    for (const [name, config] of Object.entries(domains)) {
+        if (config.default) {
+            return { name, config };
+        }
+    }
+    const names = Object.keys(domains);
+    return names.length > 0 ? { name: names[0], config: domains[names[0]] } : undefined;
+}
+function validateConfig(config, domain) {
+    const missing = [];
+    if (!config.controllers?.length) {
+        missing.push(`ad.domains.${domain}.controllers`);
+    }
+    if (!config.username) {
+        missing.push(`ad.domains.${domain}.username`);
+    }
+    if (!config.password) {
+        missing.push(`ad.domains.${domain}.password`);
+    }
+    return missing;
+}
+let cachedDefaultDomain;
+/**
+ * Initializes AD Group Checker for checking user membership in AD groups.
+ * @param domainName - Optional domain name. Uses default domain if not specified.
+ * @throws Error if AD configuration is missing or incomplete
+ */
+export function initADGroupChecker(domainName) {
+    let domainConfig;
+    let resolvedDomainName;
+    if (domainName) {
+        domainConfig = appConfig.ad?.domains?.[domainName];
+        resolvedDomainName = domainName;
+        if (!domainConfig) {
+            const available = Object.keys(appConfig.ad?.domains || {}).join(', ') || 'none';
+            throw new Error(`AD domain "${domainName}" not found. Available: ${available}`);
+        }
+    }
+    else {
+        cachedDefaultDomain = cachedDefaultDomain || getDefaultDomain();
+        if (!cachedDefaultDomain) {
+            throw new Error('No AD domains configured in ad.domains');
+        }
+        domainConfig = cachedDefaultDomain.config;
+        resolvedDomainName = cachedDefaultDomain.name;
+    }
+    const missing = validateConfig(domainConfig, resolvedDomainName);
+    if (missing.length > 0) {
+        throw new Error(`Incomplete AD config for "${resolvedDomainName}". Missing: ${missing.join(', ')}`);
+    }
+    const controllerUrl = domainConfig.controllers[0];
+    const baseDn = domainConfig.baseDn || deriveBaseDnFromController(controllerUrl);
+    const groupCheckerConfig = {
+        url: controllerUrl,
+        bindDN: domainConfig.username,
+        bindPassword: domainConfig.password,
+        baseDn,
+        ...(appConfig.ad.groupCacheTtlMs !== undefined && { cacheTtlMs: appConfig.ad.groupCacheTtlMs }),
+        ...(appConfig.ad.dnCacheTtlMs !== undefined && { dnCacheTtlMs: appConfig.ad.dnCacheTtlMs }),
+    };
+    const groupChecker = new GroupChecker(groupCheckerConfig);
+    logger.info(`AD Group Checker initialized for "${resolvedDomainName}" (${controllerUrl}, baseDn: ${baseDn})`);
+    return {
+        isUserInGroup: (userSam, groupSam) => groupChecker.isUserInGroup(userSam, groupSam),
+        groupChecker,
+        domainName: resolvedDomainName,
+    };
+}
+//# sourceMappingURL=group-checker.js.map

package/dist/core/ad/group-checker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"group-checker.js","sourceRoot":"","sources":["../../../src/core/ad/group-checker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAuB,MAAM,UAAU,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAExD,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAQtC;;;GAGG;AACH,SAAS,0BAA0B,CAAE,aAAqB;IACxD,MAAM,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IAC7D,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,gBAAgB;IACvB,MAAM,OAAO,GAAG,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC;IACtC,IAAI,CAAC,OAAO,EAAE,CAAC;QAAA,OAAO,SAAS,CAAC;IAAA,CAAC;IAEjC,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACrD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAAA,CAAC;IAChD,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAE,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAE,CAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACzF,CAAC;AAED,SAAS,cAAc,CAAE,MAAiB,EAAE,MAAc;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;QAAA,OAAO,CAAC,IAAI,CAAC,cAAc,MAAM,cAAc,CAAC,CAAC;IAAA,CAAC;IACpF,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QAAA,OAAO,CAAC,IAAI,CAAC,cAAc,MAAM,WAAW,CAAC,CAAC;IAAA,CAAC;IACtE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QAAA,OAAO,CAAC,IAAI,CAAC,cAAc,MAAM,WAAW,CAAC,CAAC;IAAA,CAAC;IACtE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,IAAI,mBAAoE,CAAC;AAEzE;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAE,UAAmB;IACrD,IAAI,YAAmC,CAAC;IACxC,IAAI,kBAA0B,CAAC;IAE/B,IAAI,UAAU,EAAE,CAAC;QACf,YAAY,GAAG,SAAS,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,UAAU,CAAC,CAAC;QACnD,kBAAkB,GAAG,UAAU,CAAC;QAChC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC;YAChF,MAAM,IAAI,KAAK,CAAC,cAAc,UAAU,2BAA2B,SAAS,EAAE,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;SAAM,CAAC;QACN,mBAAmB,GAAG,mBAAmB,IAAI,gBAAgB,EAAE,CAAC;QAChE,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QACD,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC;QAC1C,kBAAkB,GAAG,mBAAmB,CAAC,IAAI,CAAC;IAChD,CAAC;IAED,MAAM,OAAO,GAAG,cAAc,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;IACjE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,6BAA6B,kBAAkB,eAAe,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtG,CAAC;IAED,MAAM,aAAa,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC;IACnD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,IAAI,0BAA0B,CAAC,aAAa,CAAC,CAAC;IAEhF,MAAM,kBAAkB,GAAwB;QAC9C,GAAG,EAAE,aAAa;QAClB,MAAM,EAAE,YAAY,CAAC,QAAQ;QAC7B,YAAY,EAAE,YAAY,CAAC,QAAQ;QACnC,MAAM;QACN,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,eAAe,KAAK,SAAS,IAAI,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,CAAC,eAAe,EAAE,CAAC;QAC/F,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,YAAY,KAAK,SAAS,IAAI,EAAE,YAAY,EAAE,SAAS,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC;KAC5F,CAAC;IAEF,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,kBAAkB,CAAC,CAAC;IAC1D,MAAM,CAAC,IAAI,CAAC,qCAAqC,kBAAkB,MAAM,aAAa,aAAa,MAAM,GAAG,CAAC,CAAC;IAE9G,OAAO;QACL,aAAa,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC;QACnF,YAAY;QACZ,UAAU,EAAE,kBAAkB;KAC/B,CAAC;AACJ,CAAC"}

package/dist/core/auth/admin-auth.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Admin panel authentication middleware
+ * Supports 4 authentication types: permanentServerTokens, basic, jwtToken, ntlm
+ */
+import { RequestHandler } from 'express';
+export type AdminAuthType = 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm';
+/**
+ * Validates admin auth configuration
+ * Returns error message if configuration is invalid, null if valid
+ */
+export declare function validateAdminAuthConfig(): string | null;
+/**
+ * Creates admin authentication middleware based on adminAuth.type config
+ */
+export declare function createAdminAuthMW(): RequestHandler[];
+//# sourceMappingURL=admin-auth.d.ts.map

package/dist/core/auth/admin-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/admin-auth.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAa1E,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;AAGpF;;;GAGG;AACH,wBAAgB,uBAAuB,IAAK,MAAM,GAAG,IAAI,CA8CxD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAK,cAAc,EAAE,CA0FrD"}