fa-mcp-sdk 0.2.38 → 0.2.78

package/dist/core/token/gen-token-app/ntlm-domain-config.js

@@ -0,0 +1,71 @@
+import { NTLMAuthError } from 'ya-express-ntlm';
+import { isObject } from 'af-tools-ts';
+import { appConfig } from '../../bootstrap/init-config.js';
+// Check if AD configuration is available
+export const isNTLMEnabled = () => {
+    return !!(appConfig.ad && isObject(appConfig.ad.domains) && Object.keys(appConfig.ad.domains).length);
+};
+// If AD config is null or undefined, NTLM authentication is disabled
+if (!isNTLMEnabled()) {
+    console.log('[TOKEN-GEN] NTLM authentication is DISABLED - no AD configuration found');
+}
+else {
+    const { domains } = appConfig.ad;
+    if (!isObject(domains) || !Object.keys(domains).length) {
+        throw new NTLMAuthError('None of the Domain Controllers are specified');
+    }
+}
+export const defaultTokenGenDomainConfig = { controllers: [], username: '', password: '' };
+export const tokenGenDomains = {};
+// Process and validate all domains (same logic as main NTLM example)
+if (isNTLMEnabled()) {
+    const { domains } = appConfig.ad;
+    Object.entries(domains).forEach(([domainName, item]) => {
+        const { controllers } = item;
+        if (!controllers?.length) {
+            throw new NTLMAuthError(`No domain controller was specified for "${domainName}"`);
+        }
+        if (!Array.isArray(controllers)) {
+            throw new NTLMAuthError(`Value of "${domainName}" must be an array`);
+        }
+        controllers.forEach((dc) => {
+            if (!dc.startsWith('ldap')) {
+                throw new NTLMAuthError(`Domain controller must be an AD and start with ldap:// | ldaps:// . Host: domain "${domainName}", DC: ${dc}`);
+            }
+        });
+        // Enrich domain config with name
+        item.name = domainName;
+        tokenGenDomains[domainName] = item;
+        // Set default domain configuration
+        if (item.default && !defaultTokenGenDomainConfig.name) {
+            Object.assign(defaultTokenGenDomainConfig, item);
+            defaultTokenGenDomainConfig.name = domainName;
+        }
+    });
+    if (!defaultTokenGenDomainConfig.name) {
+        throw new NTLMAuthError('No default domain controller specified for token generation');
+    }
+}
+// Export function to get domain config by name
+export const getDomainConfig = (domainName) => {
+    if (!domainName) {
+        return defaultTokenGenDomainConfig;
+    }
+    return tokenGenDomains[domainName] || defaultTokenGenDomainConfig;
+};
+export const tokenGenDomainConfig = {
+    defaultDomain: isNTLMEnabled() ? defaultTokenGenDomainConfig.name : undefined,
+    domains: isNTLMEnabled() ? tokenGenDomains : {},
+    strategy: isNTLMEnabled() ? (appConfig.ad.strategy || 'NTLM') : undefined, // from config or default NTLM
+    tlsOptions: isNTLMEnabled() ? appConfig.ad.tlsOptions : undefined, // from config if specified
+};
+// Debug info VVR
+if (isNTLMEnabled()) {
+    console.log(`[TOKEN-GEN] Configured domains: ${Object.keys(tokenGenDomains).join(', ')}`);
+    console.log(`[TOKEN-GEN] Default domain: ${tokenGenDomainConfig.defaultDomain}`);
+    console.log(`[TOKEN-GEN] Strategy: ${tokenGenDomainConfig.strategy}`);
+}
+else {
+    console.log('[TOKEN-GEN] NTLM authentication disabled - no domain configuration available');
+}
+//# sourceMappingURL=ntlm-domain-config.js.map

package/dist/core/token/gen-token-app/ntlm-domain-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ntlm-domain-config.js","sourceRoot":"","sources":["../../../../src/core/token/gen-token-app/ntlm-domain-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAG3D,yCAAyC;AACzC,MAAM,CAAC,MAAM,aAAa,GAAG,GAAY,EAAE;IACzC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;AACxG,CAAC,CAAC;AAEF,qEAAqE;AACrE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;IACrB,OAAO,CAAC,GAAG,CAAC,yEAAyE,CAAC,CAAC;AACzF,CAAC;KAAM,CAAC;IACN,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,EAAE,CAAC;IAEjC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;QACvD,MAAM,IAAI,aAAa,CAAC,8CAA8C,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,2BAA2B,GAAc,EAAE,WAAW,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;AACtG,MAAM,CAAC,MAAM,eAAe,GAAsC,EAAE,CAAC;AAErE,qEAAqE;AACrE,IAAI,aAAa,EAAE,EAAE,CAAC;IACpB,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,EAAE,CAAC;IAEjC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE;QACrD,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;QAC7B,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;YACzB,MAAM,IAAI,aAAa,CAAC,2CAA2C,UAAU,GAAG,CAAC,CAAC;QACpF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,aAAa,CAAC,aAAa,UAAU,oBAAoB,CAAC,CAAC;QACvE,CAAC;QAED,WAAW,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YACzB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,aAAa,CAAC,qFAAqF,UAAU,UAAU,EAAE,EAAE,CAAC,CAAC;YACzI,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,iCAAiC;QACjC,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;QACvB,eAAe,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;QAEnC,mCAAmC;QACnC,IAAI,IAAI,CAAC,OAAO,IAAI,CAAC,2BAA2B,CAAC,IAAI,EAAE,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;YACjD,2BAA2B,CAAC,IAAI,GAAG,UAAU,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,2BAA2B,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,IAAI,aAAa,CAAC,6DAA6D,CAAC,CAAC;IACzF,CAAC;AACH,CAAC;AAED,+CAA+C;AAC/C,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,UAAmB,EAAa,EAAE;IAChE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,2BAA2B,CAAC;IACrC,CAAC;IACD,OAAO,eAAe,CAAC,UAAU,CAAC,IAAI,2BAA2B,CAAC;AACpE,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;IAC7E,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE;IAC/C,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,QAAQ,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,8BAA8B;IACzG,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,EAAE,2BAA2B;CAC/F,CAAC;AAEF,iBAAiB;AACjB,IAAI,aAAa,EAAE,EAAE,CAAC;IACpB,OAAO,CAAC,GAAG,CAAC,mCAAmC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1F,OAAO,CAAC,GAAG,CAAC,+BAA+B,oBAAoB,CAAC,aAAa,EAAE,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,yBAAyB,oBAAoB,CAAC,QAAQ,EAAE,CAAC,CAAC;AACxE,CAAC;KAAM,CAAC;IACN,OAAO,CAAC,GAAG,CAAC,8EAA8E,CAAC,CAAC;AAC9F,CAAC"}

package/dist/core/token/gen-token-app/ntlm-integration.d.ts

@@ -0,0 +1,3 @@
+import { Request, Response, NextFunction } from 'express';
+export declare const setupNTLMAuthentication: () => ((req: Request, res: Response, next: NextFunction) => void)[];
+//# sourceMappingURL=ntlm-integration.d.ts.map

package/dist/core/token/gen-token-app/ntlm-integration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ntlm-integration.d.ts","sourceRoot":"","sources":["../../../../src/core/token/gen-token-app/ntlm-integration.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAU1D,eAAO,MAAM,uBAAuB,eAIlB,OAAO,OAAO,QAAQ,QAAQ,YAAY,YA8D3D,CAAC"}

package/dist/core/token/gen-token-app/ntlm-integration.js

@@ -0,0 +1,69 @@
+import { authNTLM } from 'ya-express-ntlm';
+import { tokenGenNtlmOptions } from './ntlm-auth-options.js';
+import { checkTokenGenSession, getSessionStats } from './ntlm-session-storage.js';
+import { getLoginPageHTML } from './ntlm-templates.js';
+import { isNTLMEnabled } from './ntlm-domain-config.js';
+// Create NTLM middleware instance (only if NTLM is enabled)
+const ntlmMiddleware = isNTLMEnabled() ? authNTLM(tokenGenNtlmOptions) : null;
+// Main NTLM authentication setup function
+export const setupNTLMAuthentication = () => {
+    if (!isNTLMEnabled()) {
+        console.log('[TOKEN-GEN] NTLM authentication is DISABLED - skipping middleware setup');
+        // Return middleware that just passes through
+        return [(req, res, next) => {
+                // Set dummy NTLM info for compatibility
+                req.ntlm = {
+                    isAuthenticated: false,
+                    username: 'Anonymous',
+                    domain: 'NoAuth'
+                };
+                next();
+            }];
+    }
+    return [
+        // First check for existing session
+        checkTokenGenSession(),
+        // Then run NTLM authentication if needed
+        (req, res, next) => {
+            // Handle login page request
+            if (req.path === '/login') {
+                return res.send(getLoginPageHTML(req.ntlm?.username || ''));
+            }
+            // Handle logout request
+            if (req.path === '/logout') {
+                console.log(`[TOKEN-GEN] Logout requested by: ${req.ntlm?.domain || 'Unknown'}\\${req.ntlm?.username || 'Unknown'}`);
+                // Clear session and send 401 to trigger browser auth prompt
+                res.setHeader('WWW-Authenticate', 'NTLM');
+                res.setHeader('Clear-Site-Data', '"cookies", "storage"');
+                console.log('[TOKEN-GEN] Sending 401 response to trigger browser authentication prompt');
+                return res.status(401).send('Authentication required - please login again');
+            }
+            // Add session debug endpoint (only in development)
+            if (req.path === '/debug/sessions' && process.env.NODE_ENV !== 'production') {
+                const stats = getSessionStats();
+                return res.json({
+                    message: 'Token Generation Server Session Statistics',
+                    timestamp: new Date().toISOString(),
+                    ...stats
+                });
+            }
+            // Skip authentication for health checks if needed
+            if (req.path === '/health') {
+                return res.json({
+                    status: 'ok',
+                    service: 'token-generation-server',
+                    timestamp: new Date().toISOString()
+                });
+            }
+            // If user is already authenticated (from session), continue
+            if (req.ntlm?.isAuthenticated) {
+                console.log(`[TOKEN-GEN] Request from authenticated user: ${req.ntlm.domain}\\${req.ntlm.username} -> ${req.method} ${req.path}`);
+                return next();
+            }
+            // Run NTLM authentication
+            console.log(`[TOKEN-GEN] Starting NTLM authentication for: ${req.method} ${req.path}`);
+            ntlmMiddleware(req, res, next);
+        }
+    ];
+};
+//# sourceMappingURL=ntlm-integration.js.map

package/dist/core/token/gen-token-app/ntlm-integration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ntlm-integration.js","sourceRoot":"","sources":["../../../../src/core/token/gen-token-app/ntlm-integration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAClF,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAExD,4DAA4D;AAC5D,MAAM,cAAc,GAAG,aAAa,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAE9E,0CAA0C;AAC1C,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAAG,EAAE;IAC1C,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,yEAAyE,CAAC,CAAC;QACvF,6CAA6C;QAC7C,OAAO,CAAC,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;gBAC1D,wCAAwC;gBACxC,GAAG,CAAC,IAAI,GAAG;oBACT,eAAe,EAAE,KAAK;oBACtB,QAAQ,EAAE,WAAW;oBACrB,MAAM,EAAE,QAAQ;iBACjB,CAAC;gBACF,IAAI,EAAE,CAAC;YACT,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,mCAAmC;QACnC,oBAAoB,EAAE;QAEtB,yCAAyC;QACzC,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAClD,4BAA4B;YAC5B,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC1B,OAAO,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAC;YAC9D,CAAC;YAED,wBAAwB;YACxB,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,oCAAoC,GAAG,CAAC,IAAI,EAAE,MAAM,IAAI,SAAS,KAAK,GAAG,CAAC,IAAI,EAAE,QAAQ,IAAI,SAAS,EAAE,CAAC,CAAC;gBACrH,4DAA4D;gBAC5D,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;gBAC1C,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,sBAAsB,CAAC,CAAC;gBACzD,OAAO,CAAC,GAAG,CAAC,2EAA2E,CAAC,CAAC;gBACzF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YAC9E,CAAC;YAED,mDAAmD;YACnD,IAAI,GAAG,CAAC,IAAI,KAAK,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;gBAC5E,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;gBAChC,OAAO,GAAG,CAAC,IAAI,CAAC;oBACd,OAAO,EAAE,4CAA4C;oBACrD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,GAAG,KAAK;iBACT,CAAC,CAAC;YACL,CAAC;YAED,kDAAkD;YAClD,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC3B,OAAO,GAAG,CAAC,IAAI,CAAC;oBACd,MAAM,EAAE,IAAI;oBACZ,OAAO,EAAE,yBAAyB;oBAClC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAC,CAAC;YACL,CAAC;YAED,4DAA4D;YAC5D,IAAI,GAAG,CAAC,IAAI,EAAE,eAAe,EAAE,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,gDAAgD,GAAG,CAAC,IAAI,CAAC,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,QAAQ,OAAO,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;gBAClI,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YAED,0BAA0B;YAC1B,OAAO,CAAC,GAAG,CAAC,iDAAiD,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YACvF,cAAe,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAClC,CAAC;KACF,CAAC;AACJ,CAAC,CAAC"}

package/dist/core/token/gen-token-app/ntlm-session-storage.d.ts

@@ -0,0 +1,16 @@
+import { Request, Response, NextFunction } from 'express';
+import { IUserData } from 'ya-express-ntlm';
+export declare const getTokenGenSessionData: (req: Request) => Partial<IUserData>;
+export declare const setTokenGenSessionData: (req: Request, userData: IUserData) => void;
+export declare const removeTokenGenSession: (req: Request) => void;
+export declare const checkTokenGenSession: () => (req: Request, res: Response, next: NextFunction) => void;
+export declare const getSessionStats: () => {
+    activeSessions: number;
+    sessions: {
+        id: string;
+        username: string;
+        domain: string;
+        lastAccess: string;
+    }[];
+};
+//# sourceMappingURL=ntlm-session-storage.d.ts.map

package/dist/core/token/gen-token-app/ntlm-session-storage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ntlm-session-storage.d.ts","sourceRoot":"","sources":["../../../../src/core/token/gen-token-app/ntlm-session-storage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AA6B5C,eAAO,MAAM,sBAAsB,GAAI,KAAK,OAAO,KAAG,OAAO,CAAC,SAAS,CAYtE,CAAC;AAGF,eAAO,MAAM,sBAAsB,GAAI,KAAK,OAAO,EAAE,UAAU,SAAS,KAAG,IAS1E,CAAC;AAGF,eAAO,MAAM,qBAAqB,GAAI,KAAK,OAAO,KAAG,IAIpD,CAAC;AAGF,eAAO,MAAM,oBAAoB,SACvB,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,SAWxD,CAAC;AAGF,eAAO,MAAM,eAAe;;;;;;;;CAW3B,CAAC"}

package/dist/core/token/gen-token-app/ntlm-session-storage.js

@@ -0,0 +1,74 @@
+// In-memory session storage (resets on server restart as required)
+const sessionStorage = new Map();
+const SESSION_TIMEOUT = 30 * 60 * 1000; // 30 minutes
+// Generate session ID from request
+const getSessionId = (req) => {
+    const ip = req.ip || req.connection.remoteAddress || req.socket.remoteAddress || 'unknown';
+    const userAgent = req.get('User-Agent') || 'unknown';
+    // Simple hash for session ID
+    return Buffer.from(`${ip}-${userAgent}`).toString('base64').substring(0, 32);
+};
+// Clean expired sessions
+const cleanExpiredSessions = () => {
+    const now = Date.now();
+    for (const [sessionId, session] of sessionStorage.entries()) {
+        if (now - session.lastAccess > SESSION_TIMEOUT) {
+            sessionStorage.delete(sessionId);
+        }
+    }
+};
+// Get session data
+export const getTokenGenSessionData = (req) => {
+    cleanExpiredSessions();
+    const sessionId = getSessionId(req);
+    const session = sessionStorage.get(sessionId);
+    if (session && session.isAuthenticated) {
+        session.lastAccess = Date.now();
+        sessionStorage.set(sessionId, session);
+        return session;
+    }
+    return {};
+};
+// Set session data
+export const setTokenGenSessionData = (req, userData) => {
+    const sessionId = getSessionId(req);
+    const sessionData = {
+        ...userData,
+        lastAccess: Date.now(),
+        isAuthenticated: true,
+    };
+    sessionStorage.set(sessionId, sessionData);
+    console.log(`[TOKEN-GEN] Session created for user: ${userData.username} from domain: ${userData.domain}`);
+};
+// Remove session
+export const removeTokenGenSession = (req) => {
+    const sessionId = getSessionId(req);
+    sessionStorage.delete(sessionId);
+    console.log(`[TOKEN-GEN] Session removed for ID: ${sessionId}`);
+};
+// Session middleware for checking authentication
+export const checkTokenGenSession = () => {
+    return (req, res, next) => {
+        const sessionData = getTokenGenSessionData(req);
+        if (sessionData.isAuthenticated) {
+            req.ntlm = sessionData;
+            return next();
+        }
+        // No valid session, proceed with NTLM authentication
+        next();
+    };
+};
+// Get session statistics (for debugging)
+export const getSessionStats = () => {
+    cleanExpiredSessions();
+    return {
+        activeSessions: sessionStorage.size,
+        sessions: Array.from(sessionStorage.entries()).map(([id, data]) => ({
+            id: id.substring(0, 8) + '...',
+            username: data.username,
+            domain: data.domain,
+            lastAccess: new Date(data.lastAccess).toISOString(),
+        }))
+    };
+};
+//# sourceMappingURL=ntlm-session-storage.js.map

package/dist/core/token/gen-token-app/ntlm-session-storage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ntlm-session-storage.js","sourceRoot":"","sources":["../../../../src/core/token/gen-token-app/ntlm-session-storage.ts"],"names":[],"mappings":"AAGA,mEAAmE;AACnE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAqB,CAAC;AACpD,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;AAMrD,mCAAmC;AACnC,MAAM,YAAY,GAAG,CAAC,GAAY,EAAU,EAAE;IAC5C,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,UAAU,CAAC,aAAa,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;IAC3F,MAAM,SAAS,GAAG,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC;IACrD,6BAA6B;IAC7B,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/E,CAAC,CAAC;AAEF,yBAAyB;AACzB,MAAM,oBAAoB,GAAG,GAAG,EAAE;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,cAAc,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5D,IAAI,GAAG,GAAI,OAAuB,CAAC,UAAU,GAAG,eAAe,EAAE,CAAC;YAChE,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AAEF,mBAAmB;AACnB,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,GAAY,EAAsB,EAAE;IACzE,oBAAoB,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAgB,CAAC;IAE7D,IAAI,OAAO,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QACvC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAChC,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACvC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC,CAAC;AAEF,mBAAmB;AACnB,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,GAAY,EAAE,QAAmB,EAAQ,EAAE;IAChF,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,WAAW,GAAgB;QAC/B,GAAG,QAAQ;QACX,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;QACtB,eAAe,EAAE,IAAI;KACtB,CAAC;IACF,cAAc,CAAC,GAAG,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,yCAAyC,QAAQ,CAAC,QAAQ,iBAAiB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5G,CAAC,CAAC;AAEF,iBAAiB;AACjB,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,GAAY,EAAQ,EAAE;IAC1D,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACpC,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;AAClE,CAAC,CAAC;AAEF,iDAAiD;AACjD,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAG,EAAE;IACvC,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QACzD,MAAM,WAAW,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;QAEhD,IAAI,WAAW,CAAC,eAAe,EAAE,CAAC;YAChC,GAAG,CAAC,IAAI,GAAG,WAAW,CAAC;YACvB,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,qDAAqD;QACrD,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC,CAAC;AAEF,yCAAyC;AACzC,MAAM,CAAC,MAAM,eAAe,GAAG,GAAG,EAAE;IAClC,oBAAoB,EAAE,CAAC;IACvB,OAAO;QACL,cAAc,EAAE,cAAc,CAAC,IAAI;QACnC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YAClE,EAAE,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;YAC9B,QAAQ,EAAG,IAAoB,CAAC,QAAQ;YACxC,MAAM,EAAG,IAAoB,CAAC,MAAM;YACpC,UAAU,EAAE,IAAI,IAAI,CAAE,IAAoB,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE;SACrE,CAAC,CAAC;KACJ,CAAC;AACJ,CAAC,CAAC"}

package/dist/core/token/gen-token-app/ntlm-templates.d.ts

@@ -0,0 +1,21 @@
+/**
+ * NTLM Authentication HTML Templates
+ * Converted from pug templates in src/core/_ntlm_example/ntlm/views/
+ */
+/**
+ * Basic login page template
+ */
+export declare const getLoginPageHTML: (username?: string) => string;
+/**
+ * Not authenticated page template (wrong login/password)
+ */
+export declare const getNotAuthenticatedPageHTML: (title?: string, protocol?: string, hostname?: string, username?: string) => string;
+/**
+ * Not authorized page template (user doesn't have access)
+ */
+export declare const getNotAuthorizedPageHTML: (title?: string, username?: string) => string;
+/**
+ * 404 page template
+ */
+export declare const get404PageHTML: () => string;
+//# sourceMappingURL=ntlm-templates.d.ts.map

package/dist/core/token/gen-token-app/ntlm-templates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ntlm-templates.d.ts","sourceRoot":"","sources":["../../../../src/core/token/gen-token-app/ntlm-templates.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAuFH;;GAEG;AACH,eAAO,MAAM,gBAAgB,GAAI,WAAU,MAAW,KAAG,MAuEjD,CAAC;AAET;;GAEG;AACH,eAAO,MAAM,2BAA2B,GAAI,QAAO,MAA4B,EAAE,WAAU,MAAW,EAAE,WAAU,MAAW,EAAE,WAAU,MAAW,KAAG,MAuC/I,CAAC;AAET;;GAEG;AACH,eAAO,MAAM,wBAAwB,GAAI,QAAO,MAAyB,EAAE,WAAU,MAAW,KAAG,MAgB3F,CAAC;AAET;;GAEG;AACH,eAAO,MAAM,cAAc,QAAO,MAgB1B,CAAC"}

package/dist/core/token/gen-token-app/ntlm-templates.js

@@ -0,0 +1,246 @@
+/**
+ * NTLM Authentication HTML Templates
+ * Converted from pug templates in src/core/_ntlm_example/ntlm/views/
+ */
+// CSS styles from src/core/_ntlm_example/style.css
+const ntlmStyles = `
+body, html {
+  height: 100%;
+  margin: 0;
+  font-family: "Roboto", "-apple-system", "Helvetica Neue", Helvetica, Arial, sans-serif;
+}
+
+.views-outer-container {
+  height: 100%;
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  font-size: 14px;
+}
+
+.views-auth-container {
+  text-align: center;
+  position: absolute;
+  top: calc(38vh - 130px);
+}
+
+.views-auth-container svg {
+  width: 70px;
+  fill: rgba(194, 57, 52, 0.58);
+}
+
+.views-auth-block {
+  border: 1px solid #d0d0d0;
+  padding: 20px;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+}
+
+.views-input-group {
+  display: flex;
+  align-items: center;
+  margin-bottom: 10px;
+}
+
+.views-input-group label {
+  width: 80px;
+  text-align: left;
+  margin-right: 10px;
+}
+
+.views-input-group input {
+  padding: 5px;
+  width: 200px;
+}
+
+.views-input-group input::placeholder {
+  color: #e5e5e5;
+}
+
+input {
+  outline: none;
+  border: 1px solid #b0b0b0;
+}
+
+input:focus {
+  border: 1px solid #ff5500;
+}
+
+.views-button-container {
+  display: flex;
+  width: 100%;
+  flex-direction: column;
+  align-items: end;
+}
+
+.views-button-container button {
+  padding: 3px;
+  width: 105px;
+}
+`;
+// SVG icon from src/core/_ntlm_example/block-visitor.svg
+const blockVisitorSvg = `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
+  <path fill="#c23934" d="M29.9 8.8V9v-.2z"/>
+  <path fill="#c23934"
+        d="M10.2 17.1c0-1.3.4-2.7 1-3.8.8-1.4 1.7-1.9 2.4-3 1.1-1.7 1.4-4.1.6-6-.7-1.9-2.5-3-4.5-2.9S6 2.7 5.4 4.6c-.8 2-.5 4.5 1.2 6.1.7.7 1.3 1.7 1 2.6-.4 1-1.5 1.4-2.2 1.7-1.8.8-4 1.9-4.4 4.1-.4 1.7.8 3.5 2.7 3.5h7.9c.4 0 .6-.4.4-.7-1.2-1.4-1.8-3.1-1.8-4.8zm11.3-3.9c-2.2-2.2-5.7-2.2-7.9 0s-2.2 5.6 0 7.8 5.7 2.2 7.9 0 2.1-5.7 0-7.8zm-6.6 1.2c1.3-1.2 3.1-1.4 4.5-.5l-5 5.1c-.9-1.5-.7-3.3.5-4.6zm5.3 5.3c-1.3 1.2-3.1 1.4-4.6.6l5.1-5.1c.9 1.4.7 3.3-.5 4.5z"/>
+</svg>`;
+/**
+ * Basic login page template
+ */
+export const getLoginPageHTML = (username = '') => `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Sign in</title>
+  <style>${ntlmStyles}</style>
+</head>
+<body>
+  <script>
+    const username = '${username}';
+    function authenticate() {
+      const wl = window.location;
+      const login = document.getElementById('login').value;
+      const password = document.getElementById('password').value;
+
+      // Special handling for NTLM authentication
+      // The @ symbol in passwords breaks URL construction, so we need proper URL encoding
+      try {
+        // Properly encode the credentials for URL
+        const encodedLogin = encodeURIComponent(login);
+        const encodedPassword = encodeURIComponent(password);
+
+        console.log('Attempting authentication with:', { login: encodedLogin, passwordLength: password.length });
+
+        // Navigate with properly encoded credentials
+        window.location.href = wl.protocol + '//' + encodedLogin + ':' + encodedPassword + '@' + wl.hostname + ':' + wl.port;
+      } catch (error) {
+        console.error('Authentication error:', error);
+        alert('Authentication failed: ' + error.message);
+      }
+    }
+
+    // For testing: add direct NTLM trigger function
+    function triggerNTLM() {
+      // This will trigger the browser's native NTLM authentication dialog
+      const wl = window.location;
+      window.location.href = wl.origin + '/';
+    }
+
+    // Add additional button for testing
+    document.addEventListener('DOMContentLoaded', function() {
+      const buttonContainer = document.querySelector('.views-button-container');
+      if (buttonContainer) {
+        const ntlmButton = document.createElement('button');
+        ntlmButton.type = 'button';
+        ntlmButton.textContent = 'Trigger NTLM Dialog';
+        ntlmButton.style.marginTop = '10px';
+        ntlmButton.onclick = triggerNTLM;
+        buttonContainer.appendChild(ntlmButton);
+      }
+    });
+  </script>
+  <div class="views-outer-container">
+    <div class="views-auth-container">
+      <div class="views-auth-block">
+        <div class="views-input-group">
+          <label for="login">Login:</label>
+          <input type="text" id="login" value="${username}">
+        </div>
+        <div class="views-input-group">
+          <label for="password">Password:</label>
+          <input type="password" id="password">
+        </div>
+        <div class="views-button-container">
+          <button type="button" onclick="authenticate()">Sign in</button>
+        </div>
+      </div>
+    </div>
+  </div>
+</body>
+</html>`;
+/**
+ * Not authenticated page template (wrong login/password)
+ */
+export const getNotAuthenticatedPageHTML = (title = 'NOT AUTHENTICATED', protocol = '', hostname = '', username = '') => `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>${title}</title>
+  <style>${ntlmStyles}</style>
+</head>
+<body>
+  <script>
+    const username = '${username}';
+    function authenticate() {
+      const protocol = '${protocol}';
+      const hostname = '${hostname}';
+      const login = document.getElementById('login').value;
+      const password = document.getElementById('password').value;
+      window.location.href = protocol + '://' + login + ':' + password + '@' + hostname;
+    }
+  </script>
+  <div class="views-outer-container">
+    <div class="views-auth-container">
+      ${blockVisitorSvg}
+      <p>Wrong login or password</p>
+      <div class="views-auth-block">
+        <div class="views-input-group">
+          <label for="login">Login:</label>
+          <input type="text" id="login" value="${username}">
+        </div>
+        <div class="views-input-group">
+          <label for="password">Password:</label>
+          <input type="password" id="password">
+        </div>
+        <div class="views-button-container">
+          <button type="button" onclick="authenticate()">Sign in</button>
+        </div>
+      </div>
+    </div>
+  </div>
+</body>
+</html>`;
+/**
+ * Not authorized page template (user doesn't have access)
+ */
+export const getNotAuthorizedPageHTML = (title = 'NOT AUTHORIZED', username = '') => `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>${title}</title>
+  <style>${ntlmStyles}</style>
+</head>
+<body>
+  <div class="views-outer-container">
+    <div class="views-auth-container">
+      ${blockVisitorSvg}
+      <p>No access for "${username}"</p>
+    </div>
+  </div>
+</body>
+</html>`;
+/**
+ * 404 page template
+ */
+export const get404PageHTML = () => `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>404 - Page Not Found</title>
+  <style>${ntlmStyles}</style>
+</head>
+<body>
+  <div class="views-outer-container">
+    <div class="views-auth-container">
+      ${blockVisitorSvg}
+      <p>404 - Page Not Found</p>
+    </div>
+  </div>
+</body>
+</html>`;
+//# sourceMappingURL=ntlm-templates.js.map

package/dist/core/token/gen-token-app/ntlm-templates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ntlm-templates.js","sourceRoot":"","sources":["../../../../src/core/token/gen-token-app/ntlm-templates.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,mDAAmD;AACnD,MAAM,UAAU,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2ElB,CAAC;AAEF,yDAAyD;AACzD,MAAM,eAAe,GAAG;;;;OAIjB,CAAC;AAER;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,WAAmB,EAAE,EAAU,EAAE,CAAC;;;;;;WAMxD,UAAU;;;;wBAIG,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iDAgDiB,QAAQ;;;;;;;;;;;;;QAajD,CAAC;AAET;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,QAAgB,mBAAmB,EAAE,WAAmB,EAAE,EAAE,WAAmB,EAAE,EAAE,WAAmB,EAAE,EAAU,EAAE,CAAC;;;;;WAKtJ,KAAK;WACL,UAAU;;;;wBAIG,QAAQ;;0BAEN,QAAQ;0BACR,QAAQ;;;;;;;;QAQ1B,eAAe;;;;;iDAK0B,QAAQ;;;;;;;;;;;;;QAajD,CAAC;AAET;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,QAAgB,gBAAgB,EAAE,WAAmB,EAAE,EAAU,EAAE,CAAC;;;;;WAKlG,KAAK;WACL,UAAU;;;;;QAKb,eAAe;0BACG,QAAQ;;;;QAI1B,CAAC;AAET;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,GAAW,EAAE,CAAC;;;;;;WAMjC,UAAU;;;;;QAKb,eAAe;;;;;QAKf,CAAC"}

package/dist/core/token/{token.d.ts → token-auth.d.ts}

@@ -14,4 +14,4 @@ export declare const getAuthByTokenError: (req: Request) => {
 } | undefined;
 export declare const authByToken: (req: Request, res: Response) => boolean;
 export declare const authTokenMW: (req: Request, res: Response, next: NextFunction) => void;
-//# sourceMappingURL=token.d.ts.map
+//# sourceMappingURL=token-auth.d.ts.map

package/dist/core/token/token-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-auth.d.ts","sourceRoot":"","sources":["../../../src/core/token/token-auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAc1D,eAAO,MAAM,SAAS,GAAI,KAAK,OAAO,EAAE,MAAM,MAAM,EAAE,SAAS,MAAM,KAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CActG,CAAC;AAGF;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,GAAI,KAAK,OAAO,KAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,SAatF,CAAC;AAEF,eAAO,MAAM,WAAW,GAAI,KAAK,OAAO,EAAE,KAAK,QAAQ,YAOtD,CAAC;AAEF,eAAO,MAAM,WAAW,GAAI,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,SAO1E,CAAC"}

package/dist/core/token/{token.js → token-auth.js}

@@ -4,9 +4,7 @@ import { debugTokenAuth } from '../debug.js';
 import { appConfig } from '../bootstrap/init-config.js';
 const { enabled } = appConfig.webServer.auth;
 const getTokenFromHttpHeader = (req) => {
-    const { authorization = '', user = '' } = req.headers;
-    const token = authorization.replace(/^Bearer */, '');
-    return { user: String(user).toLowerCase(), token };
+    return (req.headers.authorization || '').replace(/^Bearer */, '');
 };
 const SHOW_HEADERS_SET = new Set(['user', 'authorization', 'x-real-ip', 'x-mode', 'host']);
 export const debugAuth = (req, code, message) => {
@@ -33,11 +31,11 @@ export const getAuthByTokenError = (req) => {
     if (!enabled) {
         return undefined;
     }
-    const { token, user } = getTokenFromHttpHeader(req);
+    const token = getTokenFromHttpHeader(req);
     if (!token) {
         return debugAuth(req, 400, 'Missing authorization header');
     }
-    const checkResult = checkToken(token, user);
+    const checkResult = checkToken({ token });
     if (checkResult.errorReason) {
         return debugAuth(req, 401, checkResult.errorReason);
     }
@@ -59,4 +57,4 @@ export const authTokenMW = (req, res, next) => {
     }
     next();
 };
-//# sourceMappingURL=token.js.map
+//# sourceMappingURL=token-auth.js.map

package/dist/core/token/token-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-auth.js","sourceRoot":"","sources":["../../../src/core/token/token-auth.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAExD,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC;AAE7C,MAAM,sBAAsB,GAAG,CAAC,GAAY,EAAU,EAAE;IACtD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AACpE,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;AAE3F,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,GAAY,EAAE,IAAY,EAAE,OAAe,EAAqC,EAAE;IAC1G,IAAI,cAAc,CAAC,OAAO,EAAE,CAAC;QAC3B,IAAI,UAAU,GAAW,EAAE,CAAC;QAC5B,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE;gBACtD,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBAC1C,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,OAAO,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC;gBACvD,CAAC;gBACD,OAAO,SAAS,CAAC;YACnB,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QACD,cAAc,CAAC,GAAG,GAAG,gBAAgB,KAAK,GAAG,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,aAAa,UAAU,IAAI,GAAG,EAAE,CAAC,CAAC;IAC9G,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC3B,CAAC,CAAC;AAGF;;;;GAIG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,GAAY,EAAiD,EAAE;IACjG,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,8BAA8B,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,WAAW,GAAG,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1C,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC;QAC5B,OAAO,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,WAAW,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;IACzD,MAAM,SAAS,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC3C,IAAI,SAAS,EAAE,CAAC;QACd,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IAC7E,MAAM,SAAS,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC3C,IAAI,SAAS,EAAE,CAAC;QACd,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACnD,OAAO;IACT,CAAC;IACD,IAAI,EAAE,CAAC;AACT,CAAC,CAAC"}

package/dist/core/token/token-core.d.ts

@@ -20,5 +20,9 @@ export declare const generateToken: (user: string, liveTimeSec: number, payload?
  * - the obsolescence time must not be expired
  * - If a user is transferred, it must match
  */
-export declare const checkToken: (token: string, expectedUser?: string) => ICheckTokenResult;
+export declare const checkToken: (arg: {
+    token: string;
+    expectedUser?: string;
+    expectedService?: string;
+}) => ICheckTokenResult;
 //# sourceMappingURL=token-core.d.ts.map

package/dist/core/token/token-core.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token-core.d.ts","sourceRoot":"","sources":["../../../src/core/token/token-core.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,iBAAiB,EAAiB,MAAM,cAAc,CAAC;AAkBhE,eAAO,MAAM,OAAO,QAAmC,CAAC;AAExD;;GAEG;AACH,eAAO,MAAM,OAAO,GAAI,MAAM,MAAM,KAAG,MAStC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,GAAI,cAAc,MAAM,WAW3C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,aAAa,GAAI,MAAM,MAAM,EAAE,aAAa,MAAM,EAAE,UAAU,GAAG,KAAG,MAYhF,CAAC;AAGF;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GAAI,OAAO,MAAM,EAAE,eAAe,MAAM,KAAG,iBAiEjE,CAAC"}
+{"version":3,"file":"token-core.d.ts","sourceRoot":"","sources":["../../../src/core/token/token-core.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,iBAAiB,EAAiB,MAAM,cAAc,CAAC;AAkBhE,eAAO,MAAM,OAAO,QAAmC,CAAC;AAExD;;GAEG;AACH,eAAO,MAAM,OAAO,GAAI,MAAM,MAAM,KAAG,MAStC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,GAAI,cAAc,MAAM,WAW3C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,aAAa,GAAI,MAAM,MAAM,EAAE,aAAa,MAAM,EAAE,UAAU,GAAG,KAAG,MAYhF,CAAC;AAGF;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GAAI,KAAK;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,KAAG,iBA2EH,CAAC"}

package/dist/core/token/token-core.js

@@ -5,12 +5,12 @@ import { logger as lgr } from '../logger.js';
 import { isObject, trim } from '../utils/utils.js';
 import chalk from 'chalk';
 const logger = lgr.getSubLogger({ name: chalk.cyan('token-auth') });
-const { permanentServerTokens: pt, tokenEncryptKey } = appConfig.webServer.auth;
+const { permanentServerTokens: pt, token: tokenCfg } = appConfig.webServer.auth;
 const permanentServerTokensSet = new Set(Array.isArray(pt) ? pt : [pt]);
 const ALGORITHM = 'aes-256-ctr';
 const KEY = crypto
     .createHash('sha256')
-    .update(String(tokenEncryptKey))
+    .update(String(tokenCfg.encryptKey))
     .digest('base64')
     .substring(0, 32);
 export const tokenRE = /^(\d{13,})\.([\da-fA-F]{32,})$/;
@@ -66,7 +66,8 @@ export const generateToken = (user, liveTimeSec, payload) => {
  * - the obsolescence time must not be expired
  * - If a user is transferred, it must match
  */
-export const checkToken = (token, expectedUser) => {
+export const checkToken = (arg) => {
+    let { token, expectedUser, expectedService = appConfig.name } = arg;
     token = (token || '').trim();
     if (!token) {
         return {
@@ -114,6 +115,15 @@ export const checkToken = (token, expectedUser) => {
             errorReason: `JWT Token: user not match :: Expected  '${expectedUser}' / obtained from the token: '${payload.user}'`,
         };
     }
+    if (tokenCfg.checkMCPName) {
+        if (expectedService && payload.service !== expectedService) {
+            return {
+                isTokenDecrypted: true,
+                inTokenType: 'JWT',
+                errorReason: `JWT Token: service not match :: Expected  '${expectedService}' / obtained from the token: '${payload.service}'`,
+            };
+        }
+    }
     let expire = Number(expirePartStr) || 0;
     const expiredOn = Date.now() - expire;
     if (expiredOn > 0) {