changemaker.lite/api/dist/modules/settings/settings.service.js

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.siteSettingsService = void 0;
const database_1 = require("../../config/database");
const crypto_1 = require("../../utils/crypto");
// Fields to strip from public responses
const SENSITIVE_FIELDS = ['smtpHost', 'smtpPort', 'smtpUser', 'smtpPass', 'smtpFromAddress', 'testEmailRecipient'];
// Fields that are encrypted at rest in the database
const ENCRYPTED_FIELDS = ['smtpPass'];
/** Decrypt encrypted fields on a settings object (mutates in place) */
function decryptSettings(settings) {
    for (const field of ENCRYPTED_FIELDS) {
        const value = settings[field];
        if (typeof value === 'string' && value) {
            settings[field] = (0, crypto_1.decrypt)(value);
        }
    }
    return settings;
}
exports.siteSettingsService = {
    /** Full settings with encrypted fields decrypted (admin use) */
    async get() {
        let settings = await database_1.prisma.siteSettings.findFirst();
        if (!settings) {
            settings = await database_1.prisma.siteSettings.create({ data: {} });
        }
        return decryptSettings(settings);
    },
    /** Public-safe settings (strips SMTP credentials) */
    async getPublic() {
        const settings = await this.get();
        const result = { ...settings };
        for (const field of SENSITIVE_FIELDS) {
            delete result[field];
        }
        return result;
    },
    async update(data) {
        // Encrypt sensitive fields before writing to DB
        const toWrite = { ...data };
        for (const field of ENCRYPTED_FIELDS) {
            if (field in toWrite && typeof toWrite[field] === 'string' && toWrite[field]) {
                toWrite[field] = (0, crypto_1.encrypt)(toWrite[field]);
            }
        }
        const existing = await database_1.prisma.siteSettings.findFirst();
        let settings;
        if (existing) {
            settings = await database_1.prisma.siteSettings.update({
                where: { id: existing.id },
                data: toWrite,
            });
        }
        else {
            settings = await database_1.prisma.siteSettings.create({ data: toWrite });
        }
        return decryptSettings(settings);
    },
};
//# sourceMappingURL=settings.service.js.map