"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.siteSettingsService = void 0; const database_1 = require("../../config/database"); const crypto_1 = require("../../utils/crypto"); // Fields to strip from public responses const SENSITIVE_FIELDS = ['smtpHost', 'smtpPort', 'smtpUser', 'smtpPass', 'smtpFromAddress', 'testEmailRecipient']; // Fields that are encrypted at rest in the database const ENCRYPTED_FIELDS = ['smtpPass']; /** Decrypt encrypted fields on a settings object (mutates in place) */ function decryptSettings(settings) { for (const field of ENCRYPTED_FIELDS) { const value = settings[field]; if (typeof value === 'string' && value) { settings[field] = (0, crypto_1.decrypt)(value); } } return settings; } exports.siteSettingsService = { /** Full settings with encrypted fields decrypted (admin use) */ async get() { let settings = await database_1.prisma.siteSettings.findFirst(); if (!settings) { settings = await database_1.prisma.siteSettings.create({ data: {} }); } return decryptSettings(settings); }, /** Public-safe settings (strips SMTP credentials) */ async getPublic() { const settings = await this.get(); const result = { ...settings }; for (const field of SENSITIVE_FIELDS) { delete result[field]; } return result; }, async update(data) { // Encrypt sensitive fields before writing to DB const toWrite = { ...data }; for (const field of ENCRYPTED_FIELDS) { if (field in toWrite && typeof toWrite[field] === 'string' && toWrite[field]) { toWrite[field] = (0, crypto_1.encrypt)(toWrite[field]); } } const existing = await database_1.prisma.siteSettings.findFirst(); let settings; if (existing) { settings = await database_1.prisma.siteSettings.update({ where: { id: existing.id }, data: toWrite, }); } else { settings = await database_1.prisma.siteSettings.create({ data: toWrite }); } return decryptSettings(settings); }, }; //# sourceMappingURL=settings.service.js.map