Global

Members

(constant) DATA_BUCKET

Bucket for org data/manifest assets (PWA icons, manifests, etc.)
Source:

(constant) DRY_RUN

Set to false to actually write changes
Source:

(constant) DRY_RUN

Set to false to actually write changes
Source:

(constant) EXTERNAL_RE

external domain: at least two labels, valid TLD
Source:

(constant) ICON_EXT

MIME type → file extension map for accepted icon formats
Source:

(constant) INTERNAL_RE

internal domain: lowercase alphanum + hyphens, no leading/trailing hyphen
Source:

(constant) MIGRATION_API

API passed into each migration's migrate() function. Migrations can use SQL queries, transactions, or pure JS logic.
Source:

(constant) PUBLIC_BUCKET

Bucket for publicly readable assets (app icons, etc.)
Source:

(constant) PWA_ICON_SIZES

Standard PWA icon variants written to the data bucket under manifests path
Source:

(constant) RESERVED_PREFIXES

Subdomain prefixes blocked for organisation use
Source:

(constant) SENSITIVE_PATTERNS

Regex patterns for detecting sensitive information in strings
Source:

(constant) addFamilyAction

Handles the `family` and `familyB` add actions. Fired when a family member is added to a family and the organisation uses family-based fees. Recalculates membership fees and updates family indices for the target family.
Source:

(constant) addFamilySyncAction

Handles the `familySync` add action. Syncs addresses, phone numbers, email addresses, and accounts between family members when a family-shared contact detail is created or modified.
Source:

(constant) addFamilyUpdate

Adds family updates to a new member when they join a family Synchronizes family data (address, email, phone, accounts) from existing family members to the newly added family member.
Source:

(constant) addFilter

Add a filter to a list
Source:

(constant) addFilter

Adds a filter to a target and executes the filtering logic
Source:

(constant) addFilterAction

Handles filter-type add actions: visible, changeable, include, exclude, intersect. A filter object (`action.UIDObjectID`) is attached to a source (`action.UIDBelongsTo`). The filter targets either a dlist (include/exclude/intersect) or a user (visible/changeable). After applying the filter, the target list is flagged for WebSocket update.
Source:

(constant) addFunctionAction

Handles the `function` add action. Fired when a function template is created or modified with respect to its qualification requirements. Re-qualifies all jobs based on this template.
Source:

(constant) addFunctionVAction

Handles the `functionV` add action. Fired when a function template is modified with respect to its visibility or changeability requirements. Deletes and rebuilds all visibility/changeability filter entries for every job linked to this function template, then refreshes the holding person's access.
Source:

(constant) addGroupGuest

Erstellt eine Gastgruppe für eine Zielgruppe und übernimmt Mitglieder/Jobs als Gäste.
Source:

(constant) addGroupToEventController

Add group to event controller Handles PUT /:UIDevent
Source:

(constant) addGroupVisibility

Add group visibility to an event
Source:

(constant) addGroupVisibility

Add group visibility to an event
Source:

(constant) addGuests

Fügt mehrere Gäste oder Gastgruppen zu einer Gruppe hinzu.
Source:

(constant) addListAbo

Adds a list UID to the monitoring set of a connected client. The UID is authorisation-checked via isObjectVisible before being added. An unauthorised UID is silently skipped. Passing `'quit'` or `null` clears the entire `updateAbo` Set, which is the same effect as the frontend sending `monitor { UID: null }` during a subscription re-sync. Once registered, the backend will push `{ update: true, UID, timestamp }` messages via addUpdateList / broadcastUpdate whenever the list changes.
Source:

(constant) addListEntryAction

Handles the `list` add action. Fired when an entry is added to a list. Matches the entry object against every filter defined on the list and adds it to the corresponding dlists.
Source:

(constant) addListMemberAction

Handles the `listMember` add action. Evaluates to which dlists an object should belong and which users can see/modify it when the object is newly created or its list membership changes. Checks all filters and updates visibility/changeability for the relevant users.
Source:

(constant) addListVisibilityAction

Handles the `listVisibility` add action. Fired when a visibility or changeability filter defining access for a list/dlist/email/event/eventT has been modified or added. Rebuilds the full access table for the affected list.
Source:

(constant) addMemberAction

Handles tree-structural add actions: adding an object to a group hierarchy. Supported types: `group`, `person`, `extern`, `job`, `guest`, `ggroup`, `eventJob`. The function: 1. Resolves the transitive group memberships of the target group (delta). 2. Applies type-specific logic (guest deduplication, group cascade, person guest-group handling, job visibility filter creation). 3. Inserts missing `member` Links for non-person types. 4. Adds the object to any guest groups (ggroups) defined on the target. 5. Fires WebSocket and event-bus notifications.
Source:

(constant) addObjectAbo

Adds one or more object UIDs to the monitoring set of a connected client. Each UID is authorisation-checked via isObjectVisible before being added. Unauthorised UIDs are silently skipped. Passing `'quit'` or `null` clears the entire `objectAbo` Set, which is the same effect as the frontend sending `monitorObject { UID: null }` during a subscription re-sync. Once registered, the backend will push `{ object: true, value }` messages via addUpdateEntry whenever the object changes.
Source:

(constant) addPersonFilterAction

Handles the `personFilter` action type: re-evaluates dynamic list memberships and filter entries for a person/extern whose data-relevant fields changed. Unlike `addMemberAction` for `person`/`extern`, this does NOT insert new member Links and does NOT publish `/add/group/…` events — the person is already in the tree; only their list/filter placement needs to be refreshed.
Source:

(constant) addPersons

Helper function to add persons to an email
Source:

(constant) addPersonsToEmail

Add persons to email
Source:

(constant) addSingleGuest

Adds a single person as guest to a group
Source:

(constant) addUpdateEntry

Pushes an object-change payload to all clients that have registered the object via `monitorObject` / addObjectAbo. Iterates `clientData.objectAbo` (a `Set`) for each connected client and emits `{ object: true, value }` to matching sockets. Called by API routes whenever an object's data changes (e.g. after a PATCH).
Source:

(constant) addUpdateEntry

Sends an update message with the data to be updated to all clients monitoring an object with the specified UID.
Source:

(constant) addUpdateList

Notifies clients that one or more lists have changed, with leading-edge debouncing to prevent update storms. **Debounce strategy (per list UID):** - First change: sends `{ update: true, UID, timestamp }` immediately to all subscribed clients and records the UID in `delayedUpdateTimestamps`. - Subsequent changes within the debounce window: refreshes the timestamp but does NOT send again immediately. - monitorDelayedUpdates (called by a periodic interval) flushes any entry that has been quiet for the configured debounce period. Clients subscribed via `monitor` / addListAbo have the matching UID in their `updateAbo` Set and receive the notification.
Source:

(constant) addUpdateList

Sends the UUID's of a List, which needs to be updated in the client
Source:

(constant) addVisibility

Add visibility filters for a location
Source:

(constant) addVisibilityFilter

Add visibility filters for event template
Source:

(constant) adminDlistCheck

Controller for GET /dlist/admin/:UID
Source:

(constant) adminListCheck

Controller for GET /list/admin/:UID
Source:

(constant) ageUpdate

Updates the age (`dindex` field) of persons associated with a given root UID
Source:

(constant) ageUpdatePersons

Recalculate `dindex` (numeric age) for every person in the organisation whose stored age differs from today's computed value.
Source:

(constant) alternativeRoot

Alternative root finding logic when no specific organization is provided
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Router

Type:
  • express.Router
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) api :express.Express

Type:
  • express.Express
Source:

(constant) applyFilterToEmail

Apply filter to email
Source:

(constant) applyVisibilityAndMatching

Applies visibility records and object-list matching for supported types.
Source:

(async, constant) authorizeUser

The function retrieves all jobs associated with the user from the database, applies the provided filter to these jobs, and determines if the user has the necessary permissions to manage achievements for a person. This is used to control who can add, modify, or delete achievement records based on their job roles and permissions.
Source:

(constant) broadcastUpdate

Immediately emits a list-update notification to all clients monitoring `UID`, bypassing the debounce logic of addUpdateList. Use this when the update must arrive without delay (e.g. after a server-side transaction completes and the client needs to refresh right away). Emits `{ update: true, UID, timestamp }` via the `update` event.
Source:

(constant) buildDeltaVisual

Merges `delta` and `secondLevel` into a deduplicated `deltaVisual` array.
Source:

(constant) buildTranslateObject

Recursively builds a translation object by extracting translatable properties (content, label, placeholder, html) from a serialized input object and its nested children. Ensures that existing entries in the translation object are not overridden.
Source:
Example
const serialized = {
  component1: {
    paras: { content: "Hello", label: "Greeting", html: "<p>Welcome</p>" },
    children: [
      { component2: { paras: { content: "World", label: "Planet" } } }
    ]
  }
};
const translateObject = {};
buildTranslateObject(serialized, translateObject);
console.log(translateObject); 
// { Hello: "Hello", Greeting: "Greeting", "<p>Welcome</p>": "<p>Welcome</p>", World: "World", Planet: "Planet" }

(constant) bulkAddGuests

Bulk add guests to a group
Source:

(constant) checkEmailAdmin

Check if user is email admin
Source:

(constant) checkExpire

Middleware to check file expiration parameters
Source:

(constant) checkFamilies

Checks family consistency
Source:

(constant) checkFileVisible

Middleware to check file visibility permissions
Source:

(constant) checkGroupAdmin

GET /admin/:UID — check whether the current user has admin rights for a group.
Source:

(constant) checkGroupAdminStatus

Checks whether the current user has admin rights for the specified group.
Source:

(constant) checkIsAdmin

Check if user is admin
Source:

(constant) checkIsMember

Check whether a specific person is a (current) member of a group.
Source:

(constant) checkIsMemberController

Check whether a person is currently a member of a group.
Source:

(constant) checkRoot

Check and set the organization root for the current request Uses Keycloak organization as single source of truth
Source:

(constant) cleanFilters

Cleans unused filters
Source:

(constant) cleanupSocketData

Clears all in-memory state managed by this module. Empties both clientDataStore and delayedUpdateTimestamps. Intended for use during a graceful server shutdown or in test teardown to prevent state leaking between test cases. Does NOT close existing socket connections — call `io.close()` separately if a full shutdown is required.
Source:

(constant) clientDataStore :Map.<string, any>

Type:
  • Map.<string, any>
Source:

(constant) configLoggers

Initialize all rotating file streams using env configuration.
Source:

(constant) createAction

Create or update an action from a template and trigger
Source:

(constant) createBirthdayFilter

re-assesses birthday filter
Source:

(constant) createDB

Create a new database Endpoint to initialize a new database schema. Protected by employee rights.
Source:

(constant) createEventController

Create event controller Handles PUT /:group/:template
Source:

(constant) createFreeJobController

Create free job without template Handles PUT /:member/:event
Source:

(constant) createGuestGroup

Create guest group from existing group
Source:

(constant) createJobWithTemplateController

Create job with template Handles PUT /:member/:event/:function
Source:

(constant) createNewExtern

Insert a brand-new extern member into ObjectBase, Member, Links, and Visible. Fires tree queue and starts a non-blocking AI-embedding job.
Source:

(constant) createNewPerson

Insert a brand-new person into ObjectBase, Member, Links, Visible, create the initial family record, and publish the join event. Note: session values are passed explicitly so this function has no HTTP dependency.
Source:

(constant) createOrChangeFamily

Create or change family membership (PUT /:famMember/:member) Handles the creation or assignment of a family for a member. Can create new families or assign members to existing families. Supports rebate mode for family fee calculations.
Source:

(constant) createOrUpdateAchievementTemplate

Creates or updates an achievement template
Source:

(constant) createOrUpdateEmail

Create or update an email
Source:

(constant) createOrUpdateEventTemplate

Create or update an event template
Source:

(constant) createOrUpdateEventTemplateController

Controller for creating or updating an event template (PUT)
Source:

(constant) createOrUpdateExtern

PUT /:group — Create or update an extern in a group.
Source:

(constant) createOrUpdateFilter

Create or update filter (PUT /:source/:target/:type) * @param {ExpressRequestAuthorized} req - Express request object * @param {ExpressResponse} res - Express response object
Source:

(constant) createOrUpdateGroup

Creates a new group under a parent, or updates an existing group by UID. When the group UID from the request body does not yet exist in the DB a new group is inserted as a child of UIDparent. When it already exists (update path) its Member data is refreshed and sister-group links are re-evaluated.
Source:

(constant) createOrUpdateJobTemplateController

Create or update job template Handles PUT /:UIDeventTemplate
Source:

(constant) createOrUpdateLocation

Create or update a location
Source:

(constant) createOrUpdateLocationController

Controller for creating or updating a location
Source:

(constant) createOrUpdatePerson

Creates or updates a person entry in the database
Source:

(constant) dbErrorLogger

Logs database errors using the DB logger stream.
Source:

(constant) dbLogger

Custom database logger
Source:

(constant) debounceDelay :number

Type:
  • number
Source:

(constant) delayedUpdateTimestamps :Map.<string, number>

Type:
  • Map.<string, number>
Source:

(constant) deleteAchievement

This function deletes an achievement from the database. It performs the following steps: 1. Retrieves the achievement data using the provided UID 2. Checks if the user is authorized to delete the achievement 3. Deletes the achievement and related links from the database 4. Updates the achievement queue and list membership 5. Updates the client with the changes Authorization is based on either template-defined filters or admin status.
Source:

(constant) deleteAchievement

Deletes an achievement from the database
Source:

(constant) deleteAchievementTemplate

Deletes an achievement template
Source:

(constant) deleteAction

Delete an action
Source:

(constant) deleteActionTemplate

Delete action template (DELETE /:UID)
Source:

(constant) deleteActionTemplatesForBotNotInOrgs

Delete all action Templates for a specific bot, where the organizations are not in the provided list (DELETE /bot/:botUID)
Source:

(constant) deleteDirectory

Delete directory (DELETE /dir/:UID/:prefix)
Source:

(constant) deleteDlistUID

Controller for DELETE /dlist/:UID
Source:

(constant) deleteEmail

Delete an email
Source:

(constant) deleteEmailShare

Delete email share (delegate to list share function)
Source:

(constant) deleteEntries

Delete entries function
Source:

(constant) deleteEntry

Remove one or more persons from a static list
Source:

(constant) deleteEntryController

Handle DELETE /list/person/:UIDlist — remove persons from a static list
Source:

(constant) deleteEventController

Delete event controller Handles DELETE /:UID
Source:

(constant) deleteEventTemplate

Delete an event template
Source:

(constant) deleteEventTemplateController

Controller for deleting an event template
Source:

(constant) deleteEvents

Deletes all events
Source:

(constant) deleteExtern

DELETE /:UID — Delete an extern and all associated data.
Source:

(constant) deleteExternById

Delete an extern and all its child objects (guest, job, entry) plus associated links.
Source:

(constant) deleteFilter

Delete filters by source, target and type
Source:

(constant) deleteFiltersByType

Delete filters by source, target and type (DELETE /:source/:target/:type)
Source:

(constant) deleteGroup

DELETE /:UID — delete a group if it has no remaining members.
Source:

(constant) deleteGroupById

Deletes a group if it has no remaining members. Responds with the list of remaining members if deletion is blocked.
Source:

(constant) deleteGroupFromEventController

Delete group from event controller Handles DELETE /:UIDevent/:UIDgroup
Source:

(constant) deleteGuest

Delete a guest or guest group
Source:

(constant) deleteJob

Deletes a job from the database.
Source:

(constant) deleteJobController

Delete job Handles DELETE /:UID
Source:

(constant) deleteJobTemplateController

Delete job template Handles DELETE /:UID
Source:

(constant) deleteLanguageFileController

Delete a language file from the object store. Handles DELETE /:app/:filename
Source:

(constant) deleteLeaderJobsController

Delete all jobs for person in event Handles DELETE /leader/:UIDevent/:UIDperson
Source:
Delete links for filters
Source:

(constant) deleteList

Delete a list/dlist
Source:

(constant) deleteListUID

Controller for DELETE /list/:UID
Source:

(constant) deleteLocation

Delete a location
Source:

(constant) deleteLocationController

Controller for deleting a location
Source:

(constant) deleteMultipleFiles

Delete multiple files (DELETE /:UID)
Source:

(constant) deletePortalPending

Delete pending portal link and token payload.
Source:

(constant) deletePortalPendingController

Source:

(constant) deletePrivateRailFiles

Delete private rail files (DELETE /rail/:UID/:prefix/:filename)
Source:

(constant) deletePublicFiles

Delete public files (DELETE /public/:expire/:prefix/:filename)
Source:

(constant) deletePublicRailFiles

Delete public rail files (DELETE /rail/:app/:prefix/:filename)
Source:

(constant) deleteSpecificFilter

Delete specific filter by UID (DELETE /:UID)
Source:

(constant) deleteUserByPerson

Remove identifyer link for one person.
Source:

(constant) deleteUserController

Source:

(constant) deleteUsers

Remove identifyer links for selected users.
Source:

(constant) deleteUsersController

Source:

(constant) deleteVisibilityFilter

Delete visibility filters for event template
Source:

(constant) disabled

Set to false (or delete this line) when ready to apply
Source:

(constant) disabled

Set to false (or delete this line) when ready to apply
Source:

(constant) doCheckVisible

Checks the visibility of a person and retrieves related job and member data
Source:

(constant) errorLogger

Logs generic application errors.
Source:

(constant) errorLoggerRead

Logs read-specific errors (legacy entry point).
Source:

(constant) errorLoggerUpdate

Logs update-specific errors (legacy entry point).
Source:

(constant) eventList :express.Express

Type:
  • express.Express
Source:

(constant) execDListFilter

Executes a dynamic list filter (include/exclude/intersect) on a target list
Source:

(async, constant) expireAchievements

Expires achievements based on their renewal period This function checks all achievements linked to a membership organization (root entity) and expires those whose renewal period has elapsed. For each expired achievement, it updates the dindex to mark it as expired and then updates the achievement lists for affected persons.
Source:

(constant) extractUIDefaults

Recursively extract defaultValue entries from UIaction form field definitions. Returns a flat object mapping field name → defaultValue.
Source:

(constant) familyAddress

Synchronizes family-shared data (address, email, phone, accounts) across all family members When a person/extern/family object is updated with family data, this function propagates those changes to all other members of the same family. Handles: - Family addresses - Family email addresses - Family phone numbers - Family accounts (including familyFees accounts)
Source:

(constant) fetchGroup

Fetch a group record (ObjectBase + Member) by its binary UID. Shared entry point for person and extern create/update flows.
Source:

(constant) fetchLatestObjectValidFrom

Return the UNIX timestamp (seconds) of the most recent ObjectBase row for a UID across all system-time history. Used to prevent backdated type-change operations (extern → person or person → extern) from landing before existing history rows, which would create impossible temporal ordering in the versioned table.
Source:

(constant) fetchMemberExists

Check whether a person or extern record already exists for the given binary UID. Shared by both person and extern create/update flows.
Source:

(constant) filterGuestDelta

Filters out delta groups where the person/guest is already a member. Used for `guest` and `ggroup` action types.
Source:

(constant) generateMultipleUIDs

Generate multiple unique identifiers (UIDs)
Source:

(constant) generateUID

Generate a single unique identifier (UID)
Source:

(constant) getAchievement

Retrieves a specific achievement by UID
Source:

(constant) getAchievementTemplates

Gets all achievement templates for the organization
Source:

(constant) getAchievements

Gets achievements for the organization
Source:

(constant) getAchievementsDuplicates

Gets duplicate achievements
Source:

(constant) getAchievementsTree

Gets achievements tree structure
Source:

(constant) getAction

Get a specific action by UID
Source:

(constant) getActionTemplate

Get specific action template (GET /:UID)
Source:

(constant) getActionTemplates

Get all action templates for organization (GET /)
Source:

(constant) getActionTemplatesForBot

Get all action templates for a specific bot (GET /bot/:botUID)
Source:

(constant) getActionsByTemplate

Get actions by template
Source:

(constant) getActionsByTrigger

Get actions by trigger
Source:

(constant) getAddedPersons

Return persons that were **added** to a group after `timestamp`.
Source:

(constant) getAddedPersonsController

Return persons added to a group after the given timestamp.
Source:

(constant) getAdminEventTemplates

Get all templates the user can administer
Source:

(constant) getAdminEventTemplatesController

Controller for getting administrable event templates
Source:

(constant) getAllEmailShares

Get all email shares (delegate to list share function)
Source:

(constant) getAllEventTemplates

Get all templates for the organization
Source:

(constant) getAllEventTemplatesController

Controller for getting all event templates
Source:

(constant) getAllEventTemplatesWithData

Get all templates with data for the organization
Source:

(constant) getAllEventTemplatesWithDataController

Controller for getting all event templates with data
Source:

(constant) getAllFamilies

Get all families (GET /) Administrative endpoint to retrieve all families. Requires admin privileges.
Source:

(constant) getAllFilters

Get all filters (GET /)
Source:

(constant) getAllIdentifyers

Get all identifyer links for the current organisation.
Source:

(constant) getAllIdentifyersController

Source:

(constant) getAppsController

GET /kpe20/orgaSettings/apps Returns the app registry for the current organisation.
Source:

(constant) getBulkFamilies

Bulk family retrieval (POST /families) Retrieves family information for multiple UIDs at once. Supports both current and historical data retrieval.
Source:

(constant) getCachedUserData

Get user data from cache or members API
Source:

(constant) getCollectionCounts

Get membership counts for collections.
Source:

(constant) getCollectionsController

Controller for GET /
Source:

(constant) getCollectionsListing

Get collections listing based on filter/query input.
Source:

(constant) getCollectionsUIDController

Controller for GET /:UID
Source:

(constant) getDlistPersonsController

Handle GET /dlist/persons/:UID — retrieve all persons in a dynamic list
Source:

(constant) getDlistPersonsPaginatedController

Handle GET /dlist/persons/:UID (paginated) — pass through to next if no __page param
Source:

(constant) getDlistUID

Controller for GET /dlist/:UID
Source:

(constant) getDomainsController

GET /kpe20/orgaSettings/domains Returns the domain settings for the current organisation.
Source:

(constant) getEmail

Get a specific email
Source:

(constant) getEmailPersons

Get persons in email (with pagination support)
Source:

(constant) getEmailShare

Get email share details (delegate to list share function)
Source:

(constant) getEmailShares

Get email shares for specific list (delegate to list share function)
Source:

(constant) getEmailsForPerson

Get emails for a person
Source:

(constant) getEnteredPersons

Return persons who **entered** a group (became member from extern) after `timestamp`.
Source:

(constant) getEnteredPersonsController

Return persons who transitioned from extern to person (entered) after the timestamp.
Source:

(constant) getEventController

Get event controller Handles GET /:UID
Source:

(constant) getEventForList

Get the event that a list belongs to
Source:

(constant) getEventJobsController

Get all jobs for a function template Handles GET /eventJobs/:UID
Source:

(constant) getEventLists

Get all lists for an event with participants
Source:

(constant) getEventListsController

Controller for getting event lists with participants
Source:

(constant) getEventLog

Gets event logs
Source:

(constant) getEventParticipantLists

Manages event participant lists
Source:

(constant) getEventTemplateByEventUID

Get the template for an event with that UID
Source:

(constant) getEventTemplateByEventUIDController

Controller for getting the template for an event
Source:

(constant) getEventTemplateByUID

Get a specific event template by UID
Source:

(constant) getEventTemplateByUIDController

Controller for getting a specific event template by UID
Source:

(constant) getEventVisibility

Rebuilds event visibility
Source:

(constant) getExcludeObjects

Gets objects that match exclude/intersect filter criteria
Source:

(constant) getExitedPersons

Return persons who **exited** (changed from person to extern) after `timestamp`.
Source:

(constant) getExitedPersonsController

Return persons who transitioned from person to extern (exited) after the timestamp.
Source:

(constant) getExtern

GET /:UID — Delegates to person controller (same data structure)
Source:

(constant) getExternAdmin

GET /admin/:UID — Delegates to person controller (same admin check)
Source:

(constant) getExternDuplicates

GET /duplicates/:firstName/:lastName — Delegates to person controller
Source:

(constant) getExternHistory

GET /history/:UID — Delegates to person controller (same history logic)
Source:

(constant) getFakeUser

Get fake user data for impersonation (admin only) Uses Redis caching to avoid database queries on every API call
Source:

(constant) getFamily

Get family information (GET /:UID) Retrieves family data including current information or historical data for a specific year. Supports fee calculation and historical data retrieval.
Source:

(constant) getFamilyData

Gets family data or processes family corrections
Source:

(constant) getFamilyListForGroup

Get family listing for a group (GET /list/:group) Retrieves families associated with a specific group. Supports pagination and various filtering options.
Source:

(constant) getFamilyListing

Helper function to get family listing Core function that builds family listings with various filtering and data options. Supports historical data, person data inclusion, fee information, and visibility filtering.
Source:

(constant) getFileWithPrefix

Get files with prefix (GET /:UID/:prefix/:filename)
Source:

(constant) getFilter

Get specific filter by UID (GET /:UID)
Source:

(constant) getFilterData

Gets filter data and source information for a filter
Source:

(constant) getFilters

Retrieves all filters for the supplied sources
Source:

(constant) getGroup

GET /:UID — fetch group details, optionally with parent and/or sibling data.
Source:

(constant) getGroupById

Retrieves a group by UID with optional parent and sibling data.
Source:

(constant) getGroupGuests

Get all guests from a group
Source:

(constant) getGroupTreeGraph

Gets a Kroki graph representation of groups connected via memberA/memberS links.
Source:

(constant) getIncludeObjects

Gets objects that match include filter criteria
Source:

(constant) getJobController

Get single job Handles GET /:UID
Source:

(constant) getJobTemplatesController

Get all function template names and UIDs Handles GET /:UID
Source:

(constant) getJobTemplatesWithDataController

Get all function templates with full data Handles GET /Data/:UID
Source:

(constant) getLanguageFileController

Stream a language file to the client. Handles GET /:app/:filename
Source:

(constant) getList

Get list/dlist details
Source:

(constant) getListEntry

Get entry data for a specific person in a list
Source:

(constant) getListEntryController

Handle GET /list/entry/:UIDlist/:UIDperson — get entry data for a specific person in a list
Source:

(constant) getListPersonsByUIDsController

Handle POST /list/persons/:UID — retrieve specific persons in a list by UID list
Source:

(constant) getListPersonsController

Handle GET /list/persons/:UID — retrieve all persons in a static list
Source:

(constant) getListPersonsPaginatedController

Handle GET /list/persons/:UID (paginated) — pass through to next if no __page param
Source:

(constant) getListUID

Controller for GET /list/:UID
Source:

(constant) getListVisibleSql

Build the SQL snippet that restricts the `Visible` table join to the correct user / admin context. - Super-admins: restricted to the super-admin visible user - Org-admins: `changeable` visibility only for non-group targets - Normal users: full visibility of their own objects
Source:

(constant) getListVisibleSql

Get SQL for visible list filtering
Source:

(constant) getListing

Get email listing (persons in email)
Source:

(constant) getListing

Get all persons in a list with optional field selection, filtering, and temporal queries
Source:

(constant) getListing

Retrieve members/objects belonging to a group or object identified by `UID`. Supports siblings query, temporal snapshots (`timestamp`, `since`), data field projections, optional grouping and filtering.
Source:

(constant) getListing

Get listing of locations with optional filters
Source:

(constant) getListingByUIDs

Get specific persons (by UID) from a list with optional field selection and temporal queries Behaves like getListing but additionally filters the result to only those entries whose person UID (`UIDBelongsTo`) or entry UID (`ObjectBase.UID`) appears in the array of UUIDs supplied in `req.body`.
Source:

(constant) getListingController

Return the full list of persons belonging to a group / object.
Source:

(constant) getListingPaginatedController

Return a paginated list of persons belonging to a group. Only invoked when `__page` query parameter is present.
Source:

(constant) getLocation

Get a single location by UID
Source:

(constant) getLocationController

Controller for getting a single location
Source:

(constant) getLocationListingController

Controller for getting location listing (with pagination support)
Source:

(constant) getLocationTemplates

Get location criteria templates
Source:

(constant) getLocationTemplatesController

Controller for getting location templates
Source:

(constant) getLogFiles

Get log files (GET /:api/logs)
Source:

(constant) getMailController

GET /kpe20/orgaSettings/mail Returns the SMTP settings for the current organisation (password masked).
Source:

(constant) getMissedEventsByKey

Get missed events by key and timestamp
Source:

(constant) getMissedEventsByKeys

Get missed events by multiple keys and timestamp
Source:

(constant) getMissedEventsByPattern

Get missed events by pattern and timestamp
Source:

(constant) getMissedEventsByTemplate

Get missed events by template and timestamp
Source:

(constant) getMultipleActions

Get multiple actions by UIDs
Source:

(async, constant) getObjects

Retrieves objects based on the provided ObjectUID(s). This function queries the database to fetch objects and their associated data. It supports both single ObjectUID and an array of ObjectUIDs. The returned data includes details such as UID, type, associated member data, extra data, main base data, title, and validity timestamps.
Source:

(constant) getOrganizationForGroup

Get the organization UID for a given group UID
Deprecated:
  • Use getOrganizationForObject instead (works for all object types due to link propagation)
Source:

(constant) getOrganizationForList

Get the organization UID for a given list UID Lists are NOT propagated, so we need: List → memberA → Group → member → Organization Uses simplified organization detection with Data.root=true
Source:

(constant) getOrganizationForObject

Get the organization UID for any PROPAGATED object UID (group, person, extern, job, guest) Works because these object links are propagated to their organization via member links. Link Propagation Flow: Propagated Object → member link → ... → Organization (Data.root=true) NOTE: Does NOT work for lists - use getOrganizationForList() instead
Source:

(constant) getPaginatedFamilyList

Get paginated family listing (GET /list/:group with __page parameter) Returns paginated family data for a group.
Source:

(constant) getPendingEmails

Get pending emails (admin only)
Source:

(constant) getPerson

Retrieves detailed information about a person, job, guest, or extern object
Source:

(constant) getPersonIdentifyer

Get identifyer UID for a person.
Source:

(constant) getPersonIdentifyerController

Source:

(constant) getPersonLists

Get all lists containing a specific person
Source:

(constant) getPersonListsController

Handle GET /list/lists/:UIDperson — get all lists containing a specific person
Source:

(constant) getPersonMinBackdate

Return the minimum allowed backdate timestamp (seconds) for adding a person/extern to a target group. addToTree inserts Links rows from the person to the target group AND all its ancestor groups (discovered via the group's own member/memberA links). If the person was previously a member in any of those same groups, historical link rows already exist in the system-versioned Links table. Backdating a new insertion before the latest existing validFrom of those overlapping links would create an impossible temporal ordering. The floor is therefore MAX(validFrom) across all historical Links rows where UID = personUID AND UIDTarget IN (targetGroup + all its ancestor groups).
Source:

(constant) getPersonsByGroups

Fetch persons belonging to one or more groups supplied in `req.body` as UUID array.
Source:

(constant) getPersonsByGroupsController

Return persons belonging to one or more groups supplied as UUID array in body.
Source:

(constant) getPersonsByUIDs

Fetch multiple person objects by an array of UIDs supplied in `req.body`. Used when the caller already knows specific UIDs instead of querying by group.
Source:

(constant) getPersonsByUIDsController

Return persons matching an array of UIDs supplied in the request body.
Source:

(constant) getPortalPendingByKcUID

Get pending portal link details by KC UID and root orga.
Source:

(constant) getPortalPendingByKcUIDController

Source:

(constant) getPrivateRailFiles

Get private rail files (GET /rail/:UID/:side/:filename)
Source:

(constant) getPublicFiles

Get public files with expiration (GET /public/:expire/:UID/:filename)
Source:

(constant) getPublicLanguageFiles

Get public language/config files (GET /:api/prefix1:(languages|config)/:filename/)
Source:

(constant) getPublicRailFiles

Get public rail files (GET /rail/:app/:side/:filename)
Source:

(constant) getQueueCount

Get the count of pending items in the processing queue
Source:

(constant) getRemovedPersons

Return persons that were **removed** from a group after `timestamp`.
Source:

(constant) getRemovedPersonsController

Return persons removed from a group after the given timestamp.
Source:

(constant) getSearchData

Search users for UI selector.
Source:

(constant) getSearchDataController

Source:

(constant) getSharedEmailData

Get shared email data (delegate to list shared function)
Source:

(constant) getSingleFile

Get single file (GET /:UID/:filename)
Source:

(constant) getTimestamp

Get current server timestamp
Source:

(constant) getTree

Rebuilds the membership tree for the given type. Delegates to rebuildMembershipTree() for the core logic (virtual transaction diff).
Source:

(constant) getType

Parse and validate the `type` query parameter. Falls back to `['person']` when the parameter is absent or invalid. Only allowed types are returned to prevent injection via illegal type values.
Source:

(constant) getTypes

Determines what types of objects to select based on source type and filter
Source:

(constant) getUser

Get user object for the logged-in user for their organizations Uses Redis caching to avoid database queries on every API call with Bearer auth
Source:

(constant) getUserByUID

Get user object by identifyer UID in current orga.
Source:

(constant) getUserByUIDController

Source:

(constant) getUsersWithVisibility

Get users who have specific visibility permissions for an entity
Source:

(constant) getUsersWithVisibilityData

Get users and their data who have specific visibility permissions for an entity
Source:

(constant) getVisibility

Rebuilds visibility settings for objects
Source:

(constant) handleGroupMembershipMigration

Handles group membership migration for both person and extern types
Source:

(constant) handleGroupType

Handles the `group` type cascade: queues member actions for all current members of the added group, and pre-inserts delta member Links for persons/externs.
Source:

(constant) handleJobType

Handles the `job` type: creates `visible` and `changeable` filter objects based on the function template attached to the job.
Source:

(constant) handlePersonType

Handles the `person` type: removes duplicate guest memberships and creates guests for `memberGA` groups within a transaction.
Source:

(constant) id

Stable unique identifier — never change this after the migration has been applied
Source:

(constant) id

Migration: Convert TreeQueue.Type from ENUM to VARCHAR(64) The ENUM constraint required a schema change every time a new queue type was added. Converting to VARCHAR(64) removes that friction and allows new action types (e.g. 'personFilter') to be introduced in application code alone. Existing values are preserved; the column is made NOT NULL with no default, matching the previous ENUM behaviour.
Source:

(constant) id

Migration: avatar → array Converts Member.Data.avatar from a single file URL string to an array containing just the filename. If the stored URL already contains a `?` query string that part is kept; otherwise `?date=` is appended using the current wall-clock time so clients can bust their caches. Before: "avatar.jpg" or "https://…/UID/avatar/avatar.jpg" After: ["avatar.jpg?date=2026-03-29"] (filename only, array) Remove `export const disabled = true` to enable this migration.
Source:

(constant) id

Migration: avatar → array Converts Member.Data.avatar from a single file URL string to an array containing just the filename. If the stored URL already contains a `?` query string that part is kept; otherwise `?date=` is appended using the current wall-clock time so clients can bust their caches. Before: "avatar.jpg" or "https://…/UID/avatar/avatar.jpg" After: ["avatar.jpg?date=2026-03-29"] (filename only, array) Remove `export const disabled = true` to enable this migration.
Source:

(constant) id

Migration: ObjectBase.Data — fix NULLs and enforce NOT NULL DEFAULT '{}' Root cause of the ER_NET_PACKET_TOO_LARGE corruption incident (2026-04-12): When ObjectBase.Data was NULL the persons endpoint returned it as the literal string "null". The frontend echoed that string back in a subsequent PUT, where it was spread into the request body and then JSON.stringify()ed on every save, producing geometrically growing escaped backslash sequences. This migration: 1. Replaces all NULL and literal 'null' values with '{}' in the current rows. 2. Alters the column to NOT NULL DEFAULT '{}' so the DB rejects future NULLs. Note: system-versioned history rows are not writable; the ALTER TABLE will handle them implicitly by coercing any remaining NULLs in history to the column default during the table rebuild.
Source:

(constant) includeChangeability

Include changeability filter
Source:

(constant) includeVisibility

Include visibility filter
Source:

(constant) initPublicBucket

Ensure the public bucket exists and is publicly readable. TODO (S3 migration): replace with @aws-sdk/client-s3 CreateBucket + PutBucketPolicy.
Source:

(constant) insertList

Insert a new list or dlist
Source:
Inserts `member` Links for delta groups, skipping person/extern/guest types (which handle their own link creation).
Source:

(constant) insertOrUpdateAchievement

Handles the insertion or update of an achievement for a member
Source:

(constant) invalidateCacheController

Source:

(constant) invalidateUserCache

Invalidate user cache for a specific user (call when user data changes)
Source:

(constant) invalidateUserCacheService

Invalidate user cache for one/multiple/all users.
Source:

ioInstance :SocketIOServer|null

Type:
Source:

(constant) isAdmin

Check if user is admin for current organization MIGRATION: Checks Keycloak orgRoles first, then falls back to database
Source:

(constant) isAdminOrga

Check if user is admin for an organization MIGRATION: Checks both Keycloak orgRoles (new) AND database admin list (legacy) Once bot sync is complete, database check can be removed
Source:

(constant) isBaseAdmin

Check if the base user (real user, not impersonated) has admin rights MIGRATION: Checks Keycloak orgRoles first, then falls back to database
Source:

isInitialized :boolean

Type:
  • boolean
Source:

(constant) isUserDataCached

Check if user data exists in cache
Source:

(constant) isValidUID

Checks if the given UID is a valid UUID string with a specific prefix. The UID must be a string that matches the following pattern: - Starts with "UUID-" - Follows the UUID version 1-5 format
Source:

(constant) jobQualified

Checks if a person is qualified for a job based on their achievements.
Source:

(constant) listAchievementsPerson

Lists all achievements for a specific person
Source:

(constant) listEventGroupsController

List event groups controller with pagination support Handles GET /:UID
Source:

(constant) listEventsController

List events controller with pagination support Handles GET /
Source:

(constant) listFiles

List files in directory (GET /:UID)
Source:

(constant) listJobsController

List jobs for event with pagination support Handles GET /jobs/:UID
Source:

(constant) listLanguageFilesByAppController

List language files for a specific application. Handles GET /:app
Source:

(constant) listLanguageFilesController

List all available language files. Handles GET /
Source:

(constant) listRootGet

Controller for GET /list/
Source:

logStreamDb

Source:

logStreamError

Source:

logStreamLogin

Source:

logStreamRead

Source:

logStreamUpdateDb

Source:

(constant) loginLogger

Logs login events.
Source:

(constant) matchExcludersList

Matches objects against excluder lists and handles membership updates
Source:

(constant) matchObjectsLists

Matches objects against list filters and updates dynamic lists accordingly
Source:

(constant) mergeTemplateData

Merges existing template data with new data, preserving customizations
Source:

(constant) migrate

Source:

(constant) migrate

Source:

(constant) migrate

Source:

(constant) migrateDB

Migrates the database by running all pending migration modules. Migrations are JS files in src/config/migrations/ and support both SQL schema changes and JSON data transformations. Applied migrations are tracked in the dbVersion table.
Source:

(constant) migrateFamilyAction

Handles `family` and `familyB` migration actions. Moves a person's family or familyFees link from the old family object to the new one. If the old family object has no remaining members the orphaned Member row is deleted; otherwise family fees are recalculated for it. Either way, fees are recalculated for the new family object.
Source:

(constant) migratePersonAction

Handles `person` and `extern` migration actions. Computes the symmetric difference between the old and new group memberships, then: - Rebuilds visibility for the groups gained by the move. - Re-evaluates list membership for the person in all new groups. - Re-checks list entries for the person. - Fires `/add/group/…` events for gained groups and `/remove/group/…` for lost ones.
Source:

(constant) minTimestamp

GET /minTimestamp/:group/:UID — return the minimum allowed backdate timestamp (ms) for adding a person/extern to a specific target group.
Source:

(constant) monitorDelayedUpdates

Processes the `delayedUpdateTimestamps` map and flushes any entries that have been quiet for longer than the debounce threshold (2.5 s). Should be invoked on a periodic interval (e.g. `setInterval`) by the server startup code. For each overdue entry it: 1. Finds all clients with a matching UID in their `updateAbo` Set. 2. Emits `{ update: true, UID, timestamp }` to those clients. 3. Removes the entry from `delayedUpdateTimestamps`. This is the trailing-edge part of the two-phase debounce implemented together with addUpdateList.
Source:

(constant) name

Human-readable description shown in progress output
Source:

(constant) nameReplace

Helper function to replace special characters with underscores
Source:

(constant) optimizeDatabase

Optimizes database tables
Source:

(constant) optimizeTables

Utility function to optimize and analyze all tables in the database
Source:

(constant) paginateCollectionsUIDController

Pagination pre-handler for GET /:UID.
Source:

(constant) parseTimestamp

Parses the timestamp from a tree action and produces the SQL `FOR SYSTEM_TIME AS OF` clause string.
Source:

(constant) parseTimestamp

Normalises a raw action timestamp into a numeric value and the corresponding `FOR SYSTEM_TIME AS OF …` SQL clause.
Source:

(constant) personAdmin

Checks if the logged-in user has admin rights for a given person UID
Source:

(constant) personDuplicates

Finds potential duplicate person records based on phonetic similarity
Source:

(constant) personHistorie

Retrieves the historical group membership information for a person
Source:

(constant) postCollectionsController

Controller for POST /
Source:

(constant) postCountsController

Controller for POST /counts
Source:

(constant) postDlistEntryController

Handle POST /dlist/params/:UIDlist/:UIDperson — update entry params for a dynamic list
Source:

(constant) postDlistUID

Controller for POST /dlist/:UID
Source:

(constant) postEntry

Update extra parameters for a person's entry in a list
Source:

(constant) postListEntryController

Handle POST /list/params/:UIDlist/:UIDperson — update entry params for a static list
Source:

(constant) postListUID

Controller for POST /list/:UID
Source:

(constant) preWarmUserCache

Pre-warm cache with commonly accessed users
Source:

(constant) processExclude

Processes exclude filter operations
Source:

(constant) processGgroupMemberships

Handles guest-group (ggroup) membership for the object being added. Creates guest records or cascades group guests as appropriate.
Source:

(constant) processInclude

Processes include filter operations
Source:

(constant) processIncludeFilter

Processes include filter and creates new entries based on filter criteria
Source:

(constant) processLastschrift

Processes SEPA mandate data for family fees
Source:

pubClient :redis.RedisClientType|null

Type:
  • redis.RedisClientType | null
Source:

(constant) publicObjectUrl

Build the direct public URL for an object in the public bucket. Override with S3publicBaseUrl when migrating away from MinIO (e.g. CloudFront, S3 virtual-host, custom CDN). TODO (S3 migration): set S3publicBaseUrl in env instead of removing this helper.
Source:

(constant) publishChangeEvent

Publishes change events for person modifications. Notifies related entities (groups, organizations) about changes to a person.
Source:

(constant) publishEvent

Publishes an event to Redis with multi-tenant organization scoping
Source:

(constant) publishGroupEvent

Publishes an event for a person joining or leaving an organization. Notifies the group and its parent groups about the person's status change.
Source:

(constant) publishGroupEvents

Publishes `/add/group/…` or `/remove/group/…` events for each group in the provided list.
Source:

(constant) publishMembershipEvents

Publishes membership-change events for all groups in `deltaPlus`.
Source:

(constant) putDlistOwner

Controller for PUT /dlist/:owner
Source:

(constant) putEntry

Add one or more persons as entries to a static list
Source:

(constant) putEntryController

Handle PUT /list/person/:UIDlist — add persons to a static list
Source:

(constant) putGroup

PUT /:UIDparent — create or update a group under the given parent.
Source:

(constant) putListOwner

Controller for PUT /list/:owner
Source:

(constant) putUser

Ensure identifyer link and self-visibility are in sync for one person.
Source:

(constant) putUserController

Source:

(constant) queryAllGroupsOf

Returns every group `UIDTarget` is currently a member of.
Source:

(constant) queryGainedGroups

Returns the groups that belong to `UIDnewTarget` but are **not** exclusively shared with `UIDoldTarget`, together with the derived delta arrays.
Source:

(constant) queryLostGroups

Returns the groups that belong to `UIDoldTarget` but **not** to `UIDnewTarget`, together with the derived delta arrays.
Source:

(constant) queueRunning :Record.<string, boolean>

Type:
  • Record.<string, boolean>
Source:

(constant) readLogger

Logs read/GET requests.
Source:

(constant) rebuildEventAccess

Rebuild event access completely Deletes all visibility filters and visibilities, then rebuilds them
Source:

(constant) rebuildEventAccess

Rebuild event access completely Deletes all visibility filters and visibilities, then rebuilds them
Source:

(constant) rebuildEventVisibility

Rebuild event visibility from scratch
Source:

(constant) rebuildEventVisibility

Rebuild event visibility from scratch
Source:

(constant) rebuildExternAccess

POST /rebuildAccess/:UID — Rebuild visibility and list access for an extern.
Source:

(constant) rebuildExternAccess

Rebuild visibility and list access for an extern and all its job objects. Delegates to the shared helper in personHelpers.
Source:

(async, constant) rebuildFeesGroup

Rebuilds the fees for all families that have a member in the specified group. This has to be called, if the fees of a group have changed, so that all families with members in this group will have their fees recalculated according to the new group fee rules.
Source:

(constant) rebuildListEntries

Rebuilds list entries
Source:

(constant) rebuildPersonAccess

POST /rebuildAccess/:UID — Rebuild visibility and list access for a person.
Source:

(constant) recreateAllJobsController

Recreate all jobs for organization Handles GET /recreate
Source:

(constant) recreateJobsFunction

Recreates jobs based on a specified function template. This function retrieves all jobs associated with a given function template and recreates them based on the template using the recreateJobs function. it should be called, when a function template is updated without changed to the achievement rules.
Source:

(constant) recreateJobsGroup

Recreates all jobs within a specified group using templates. This function fetches all job objects associated with a given group, optionally at a specific point in time (using system versioning), and recreates them based on their templates using the recreateJobs function. this function should be called, when a group is updated.
Source:

(constant) recreateJobsOrga

Recreates all jobs for an organization based on templates. This function queries the database for all job objects belonging to the organization, optionally as of a specific timestamp, and then recreates them. It retrieves related data such as person, function, group, and member information needed for job recreation.
Source:

(constant) recreateObjects

Recreates all objects of the organization of the given type via the template
Source:

(constant) recreatePersonJobsController

Recreate jobs for a person Handles GET /recreate/:UIDperson
Source:

redisUrl :string

Type:
  • string
Source:

(constant) reduceFiltered

Reduces filtered results to unique entries by UIDBelongsTo
Source:

(constant) reduceObjects

Reduces duplicate objects to unique entries based on UIDBelongsTo comparison
Source:

(constant) regenerateEmbeddings

Regenerate AI embeddings for all objects of a specific type Endpoint to regenerate embeddings for person, extern, guest, or job types. Processes objects in batches with single API call per batch for cost efficiency.
Source:

(constant) registerBotActionTemplates

Register bot action templates (POST /register)
Source:

(constant) removeDlistFilterAction

Handles removal of dlist filter actions: include, exclude, intersect. Removes all entries produced by the filter, deletes the filter's Links and ObjectBase row, then flags the target list for WebSocket update.
Source:

(constant) removeFamilyAction

Handles the `family` remove action. Deletes the `family` / `familyFees` link from the family object. If that was the last member the orphaned Member row is cleaned up; otherwise membership fees are recalculated for the affected family.
Source:

(constant) removeFilter

Removes a filter from a target and cleans up associated entries
Source:

(constant) removeListEntryAction

Handles the `list` remove action. Fired when a list entry is deleted. Cleans up any `member`, `member0`, and `dynamic` Links that dlists created for this entry, and notifies subscribers via event-bus and WebSocket. The entry itself has already been deleted by the time this action runs; only the downstream dlist bookkeeping remains.
Source:

(constant) removeMemberAction

Handles tree-structural remove actions for objects leaving a group hierarchy. Supported types: `job`, `guest`, `groupGuest`, `group`, `person`, `extern`, `achievement` (stub), `event`, `eventJob`. Steps: 1. Resolve current memberships of the removed object. 2. Delete `member` links for `job` and `guest`. 3. Job-specific: delete visibility filters and rebuild the holding person's access. 4. groupGuest: queue removal for all guest children; clean up memberG/memberGA links. 5. guest: delete the guest ObjectBase row. 6. group: cascade-delete member links; queue filter removals; re-check list entries. 7. person/guest/extern/job: re-check list entries via `checkEntries`. 8. event: rebuild object visibility. 9. Publish removal events and trigger WebSocket updates.
Source:

(constant) removeMemberFromFamily

Remove member from family (DELETE /:UIDmember) Removes a member from their current family and creates a new family for them. Supports rebate mode for fee calculations.
Source:

(constant) removePersonsFromEmail

Remove persons from email
Source:

(constant) removeVisibilityFilterAction

Handles removal of visibility filter actions: visible, changeable. Removes the filter's `list` Link, deletes the filter object itself, then rebuilds the access table for the affected list/dlist/email and flags it for WebSocket update.
Source:

(constant) renewalMaintenance

Maintenance endpoint to check renewal of achievements
Source:

(async, constant) requalify

Requalifies all jobs based on the given function template. This function fetches all jobs related to the specified function template and updates their qualification status. It also recreates the jobs with the updated qualification status. This function should be called, when a function template including its achievement rules is updated.
Source:

(constant) requalifyPersons

Requalifies all jobs based on function templates
Source:

(constant) requestUpdateLogger

Logs write/update requests.
Source:

(constant) resolveGroupDelta

Queries the transitive group memberships (delta) for the given target group.
Source:

(constant) resolveSecondLevelGroups

Queries the second-level parent groups needed for visual display updates.
Source:

(constant) restartActionTemplate

Restart action template (POST /restart/:UID)
Source:

(constant) restorePerson

Restores a person from historical data
Source:

(constant) revertList

Revert all entries in a list to their state at a given timestamp
Source:

(constant) revertListController

Handle POST /list/revert/:UID/:timestamp — revert list entries to a previous state
Source:

(constant) runMigrations

Discovers and runs all pending migration modules from this directory. Each migration file must export: - `id` {string} — stable unique identifier used to track applied state - `name` {string} — human-readable description shown in progress - `migrate` {async fn} — receives the migration API and performs the change Migrations support any logic: SQL schema changes, JSON data transformations, backfills, or any combination. Files are executed in alphabetical filename order.
Source:

(constant) saveAppsController

PUT /kpe20/orgaSettings/apps Saves the app registry for the current organisation. Request body: { [appId]: { domain, roles, title, description?, port? } }
Source:

(constant) saveDomainsController

PUT /kpe20/orgaSettings/domains Validates and saves the domain settings for the current organisation. Request body: { [domain: string]: "internal" | "external" }
Source:

(constant) sendMessageBuffered

Sends a message to a client, buffering update messages when the socket is temporarily disconnected. **Behaviour:** - If `message.update` is truthy, the message is treated as a list-update notification. Only the latest such notification per client is kept (`clientData.updateBuffer`). If the socket is connected it is sent immediately and the buffer is cleared; otherwise it waits. - Any other message payload is forwarded directly via `socket.emit` (Socket.IO itself buffers these internally when disconnected). - When called with `message = null` the function flushes any buffered update notification. This is triggered automatically after a successful `setRoot` event.
Source:

(constant) sendMessageBuffered

The function handles two types of messages: 1. Regular messages - Added to messageBuffer array 2. Update messages - Stored in updateBuffer, replacing any existing update When connection is alive (ws.notAlive === 0): - Sends current message if exists - Sends any buffered update message - Sends all buffered regular messages
Source:

(constant) sendProgressStatus

Broadcasts a long-running operation's progress status to all clients of an organisation. This is an organisation-wide broadcast — every connected client whose `UIDroot` matches `root` receives `{ progressStatus: status }`. The frontend forwards the payload to any registered `cbProgressData` callbacks. Typical callers: import jobs, bulk operations, async queue workers.
Source:

(constant) sendProgressStatus

Sends maintenance status to WebSocket clients with matching root organisation. Used to update status of maintenance operations. in the admin app
Source:

(constant) sendTransaction

Sends a transaction-completion message to a single specific client. Unlike the organisation-wide broadcast functions, this targets exactly one socket by its `socketID` room. Emits a `transactionComplete` event with the provided data payload. Called after a bulk database transaction finishes, so the initiating client can refresh its state.
Source:

(constant) sendWebSocketUpdates

Sends WebSocket update notifications for all affected groups. Person and extern updates are skipped (handled by migratePerson storage).
Source:

(constant) setOrgaRoot

Set the organization root for the current session
Source:

(constant) setResponsibleController

Set responsible person Handles POST /responsible/:event
Source:

(constant) setupSocketHandlers

Registers all Socket.IO connection and event handlers. Called once at server startup with the Socket.IO `io` instance. Stores `io` in the module-level `ioInstance` so that other exported functions (e.g. `broadcastUpdate`) can reach connected sockets. **Connection lifecycle:** 1. Validates JWT-authenticated `socket.data.user` (set upstream by auth middleware). 2. Requires a `?id=` query parameter to derive a stable `socketID`. 3. Requires organisation context from `x-organization` header or token claims. 4. Creates an entry in clientDataStore keyed by `socketID`. 5. Joins the socket to a private room named `socketID` for targeted emits. 6. Registers per-socket event handlers (see below). 7. Removes the `clientDataStore` entry on disconnect. **Socket events handled per connection:** | Event | Payload | Effect | |-----------------|-------------------------------|--------| | `transaction` | `{ start: boolean }` | Marks bulk-transaction mode on `socket.data.transaction` | | `monitor` | `{ UID: string\|null }` | Adds list UID to `updateAbo` Set; `null` clears the Set | | `monitorObject` | `{ UID: string\|null }` | Adds object UID to `objectAbo` Set; `null` clears the Set | | `setRoot` | `{ UIDroot: string }` | Updates active organisation for the connection | | `disconnect` | reason string | Removes entry from `clientDataStore` | | `error` | Error | Logs the socket error |
Source:

(constant) shareEmail

Share email (delegate to list share function)
Source:

(constant) suggestFamiliesByLastName

Suggest families by last name (GET /suggest/:lastName) Provides family suggestions based on phonetic matching of last names. Uses double metaphone algorithm for fuzzy matching and scoring.
Source:

(constant) syncBySourceController

Source:

(constant) syncUsers

Sync identifyer links for selected persons.
Source:

(constant) syncUsersBySource

Sync identifyer links and add self-visibility for all persons in one orga.
Source:

(constant) syncUsersController

Source:

(constant) triggerMaintenance

Triggers the organisations tree queue
Source:

(async, constant) updateAchievements

Consolidates all achievement UIDs for a person into their Data object. This function fetches all achievements linked to a specific person, encodes their UIDs in base64 format, and stores this consolidated array in the person's Data object. This approach enables faster filtering and querying of persons based on their achievements without needing to perform complex joins each time. The function only updates the person's record if the achievements data has actually changed, minimizing unnecessary database operations.
Source:

(constant) updateAction

Update an existing action
Source:

(constant) updateActionTemplate

Update action template (PUT / and POST /) Handles single template update for the current organization only. For multi-org bot registration and creation, use POST /register endpoint instead.
Source:

(constant) updateConfig

Notifies all clients of an organisation that the app configuration has changed. This is an organisation-wide broadcast — every connected client whose `UIDroot` matches `root` receives `{ updateConfig: , app }`. The frontend re-fetches config for the specified app.
Source:

(constant) updateConfig

Updates configuration for WebSocket clients with matching root organisation and matching app type Is triggered when for this organisation the yaml configuration file is update
Source:

(constant) updateEmail

Update email data
Source:

(constant) updateEventController

Update event controller Handles POST /:UID
Source:

(constant) updateEventList

Update a list for an event
Source:

(constant) updateEventListController

Controller for updating an event list
Source:

(constant) updateEventTemplate

Update an existing event template
Source:

(constant) updateEventTemplateController

Controller for updating an existing event template (POST)
Source:

(constant) updateExistingExtern

Update an existing extern record, or migrate a person record to type 'extern'. Delegates shared update logic to personHelpers. Note: `req` is forwarded because updatePersonData / handleGroupMembershipMigration internally require session information from it.
Source:

(constant) updateExistingPerson

Update an existing person record, or migrate an extern record to type 'person'. Note: `req` is still forwarded because the shared personHelpers functions that handle DB updates (`updatePersonData`, `handleGroupMembershipMigration`) require session information from it internally.
Source:

(constant) updateExtern

POST /:UID — Partial update; delegates to person controller (same structure)
Source:

(constant) updateFamily

Update family data (POST /:UID) Updates family information including address, contact details, accounts, and fee address. Handles both family-level updates and member-specific updates.
Source:

(constant) updateGroup

POST /:UID — partial update of an existing group.
Source:

(constant) updateGroupData

Updates an existing group's display data, sister-group link, banner, and fees. Unlike createOrUpdateGroup, this merges the request body over existing data rather than replacing it, and rejects changes to immutable fields.
Source:

(constant) updateGroupMembership

POST /:group/:UID — Update group membership for an extern.
Source:

(constant) updateGroupMembership

Updates group membership for a person
Source:

(constant) updateGroupMembershipShared

Shared function to update group membership for person or extern
Source:

(constant) updateJobController

Update job template Handles POST /:UID
Source:

(constant) updateList

Update existing list/dlist
Source:

(constant) updatePerson

Updates a person's data in the database (partial update endpoint) This endpoint (POST /:UID) performs partial data updates by merging the request body with existing data. It only updates the Member table, not ObjectBase fields. Used by both person and extern endpoints via delegation.
Source:

(constant) updatePersonData

Updates person data in both ObjectBase and Member tables (full object update) This function is used during create/update operations (PUT /:group) where a complete object with all rendered fields is provided. It updates both database tables, handles event publishing, family address updates, and WebSocket notifications. Difference from updatePersonPartial: - Updates BOTH ObjectBase and Member tables (vs. Member only) - Expects a fully rendered object with Title, Display, SortBase, etc. (vs. partial data) - Used for PUT operations during create/update flows (vs. POST for partial updates) - Uses publishChangeEvent for group hierarchy (vs. direct publishEvent)
Source:

(constant) updatePersonIdentifyer

Update a person's UIDuser and rebuild identifyer link.
Source:

(constant) updatePersonIdentifyerController

Source:

(constant) updatePersonPartial

Updates person/extern data with partial merge (used by POST /:UID endpoint) This function performs partial data updates by merging the provided data with existing Member data. It only updates the Member table, not ObjectBase fields. Used by both person and extern POST endpoints for partial updates without changing group membership. Difference from updatePersonData: - Updates ONLY Member table (vs. both ObjectBase and Member) - Performs partial merge with existing data (vs. full object replacement) - Uses direct publishEvent (vs. publishChangeEvent through group hierarchy) - No group membership handling (vs. full create/update flow)
Source:

(constant) updatePersonStatus

Update person status in email
Source:

(constant) updateQueueStatus

Broadcasts the current job-queue status to all clients of an organisation. This is an organisation-wide broadcast — every connected client whose `UIDroot` matches `root` receives the message, regardless of individual subscriptions. The status is also cached in `clientData.queueStatus` for reference. The frontend receives `{ root, queueStatus }` and calls any registered `setQueueStatus` callbacks across all active subscriptions.
Source:

(constant) updateQueueStatus

Updates the queue status (no of opentasks in the queue loop) for WebSocket clients with matching root.
Source:

(constant) updateTemplate

Notifies all clients of an organisation that their UI template has changed. This is an organisation-wide broadcast — every connected client whose `UIDroot` matches `root` receives `{ root, updateTemplate: }`. The frontend reacts by re-fetching the template configuration.
Source:

(constant) updateTemplate

Iterates through all WebSocket clients and sends an update template message to those whose root organisation matches the provided root parameter (the organisation for which a template changes). The message includes the root and current timestamp.
Source:

(constant) updateTemplateEvent

Like updateTemplate but for the event application specifically. Emits `{ root, updateTemplateEvent: }` to all matching clients.
Source:

(constant) updateTemplateEvent

Signals template change for the event app for connected WebSocket clients with matching root organisation. Sends a buffered message containing the root and current timestamp to each matching client.
Source:

(constant) updateUserSettings

Notifies all sockets of a specific user that their own settings have changed. Only targets sockets belonging to the given Keycloak userUID, so other users in the same organisation are not affected.
Source:

(constant) uploadAppIconController

POST /kpe20/orgaSettings/apps/:appId/icon Upload an icon image for a specific app to the public bucket. Stores the resulting public URL in Vault under apps[appId].icon.
Source:

(constant) uploadAvatarFiles

Upload avatar images (POST /avatar/:UID)
Source:

(constant) uploadBannerFiles

Upload banner images (POST /banner/:UID)
Source:

(constant) uploadEditorFiles

Upload editor files (POST /editor/:expire/:UID)
Source:

(constant) uploadImagePdfFiles

Upload image and PDF files (POST /imagePdf/:UID)
Source:

(constant) uploadLanguageFileController

Upload a language file. Handles POST /:api
Source:

(constant) uploadLanguageOrChangelog

Upload language or changelog files (POST /:type(language|changelog)/:api)
Source:

(constant) uploadPrivateFiles

Upload private files (POST /:UID)
Source:

(constant) uploadPrivateRailFiles

Upload private rail files (POST /rail/:UID)
Source:

(constant) uploadPublicFiles

Upload public files with expiration (POST /public/:expire/:UID)
Source:

(constant) uploadPublicRailFiles

Upload public rail files for apps (POST /rail/:app/)
Source:

(constant) upsertPortalPendingController

Source:

(constant) usertPortalPending

Create or refresh a portal pending link and token payload.
Source:

(constant) validateBodyUUID

Validator for request body UIDs Some endpoints receive UIDs in the request body
Source:
Example
api.put('/', validateBodyUUID(['UID', 'UIDparent'], false), controller.create);

(constant) validateMultipleUIDs

Convenience middleware for validating multiple common UUID parameters Useful for endpoints that accept multiple UIDs
Source:
Example
api.put('/:member/:group/:function', validateMultipleUIDs, controller.create);

(constant) validateQueryUUID

Validator for query parameters (not route params) Some endpoints receive UIDs in query strings
Source:
Example
api.get('/search', validateQueryUUID(['user', 'loginUser']), controller.search);

(constant) validateRegisterInput

Validates input for register endpoint
Source:

(constant) validateSingleUID

Convenience middleware for validating a single UID parameter Most common use case for DELETE, GET, POST endpoints
Source:
Example
api.delete('/:UID', validateSingleUID, controller.delete);

(constant) validateUUID

Validates UUID parameters in the request
Source:
Examples
// Validate single parameter
api.delete('/:UID', validateUUID(['UID']), controller.delete);
// Validate multiple parameters
api.put('/:member/:group', validateUUID(['member', 'group']), controller.update);

(constant) validateUUIDParam

Express param middleware for automatic validation Apply this to automatically validate any route parameter
Source:
Example
// Automatically validate all :UID parameters in this router
api.param('UID', validateUUIDParam('UID'));

// Now all routes with :UID are automatically protected
api.delete('/:UID', controller.delete);
api.get('/:UID', controller.get);

(constant) validateUser

Validate user access for an organization and populate cache
Source:

(constant) validateUserForOrganization

Validate user access to organization with caching
Source:

(constant) visibilityFilter

Visibility filter function
Source:

(constant) visibilityList

Visibility list filter
Source:

(constant) wsFakeUser

Pushes a fake-login (impersonation) state update to all sockets of a user. When an admin impersonates another user the session's `fakeLogin` flag changes. This broadcasts `{ baseUser, user, fakeLogin }` to every socket belonging to that user so the frontend can update the displayed identity without a page reload.
Source:

(async, constant) wsFakeUser

Sends fake user data to WebSocket clients associated with a specific user session Is triggered when an administraor faking a login -simulating for himself being logged in as another user-
Source:

Methods

(async) accountsReadOnly(req) → {Promise.<boolean>}

Checks if the current user has read-only access to group accounts. Returns true if accounts should be protected from writes for this user.
Parameters:
Name Type Description
req ExpressRequestAuthorized
Source:
Returns:
Type
Promise.<boolean>

(async) addAction(action)

Handles various actions related to adding objects to a tree structure, such as filters, memberships, visibility, and other hierarchical updates. This function processes different types of actions and performs corresponding database operations and updates.
Parameters:
Name Type Description
action treeAction The action object containing details about the operation to be performed.
Source:
Throws:
Throws an error if any database operation or action processing fails.
Type
Error

(async) addAction()

Source:

(async) adjustMemberData(member, object, organization) → {Promise.<(Object|undefined)>}

Adjusts member data with family-shared information (address, email, phone, accounts)
Parameters:
Name Type Description
member FamilyMemberObject The family member to update
object FamilyMemberObject The source object containing family data
organization string Organization UID for event publishing
Source:
Returns:
Updated member data or undefined
Type
Promise.<(Object|undefined)>

app2serverURL(baseDir) → {object}

Combine OpenAPI documents by resolving $ref references
Parameters:
Name Type Description
baseDir string Base directory for resolving references
Source:
Returns:
- Combined OpenAPI document
Type
object

appendOutOfHierarchyLevels()

Assigns extra levels for out-of-hierarchy nodes when explicitly requested.
Parameters:
Type Description
Source:

avatarUrlGen()

URL generator for avatar file uploads
Source:

bannerUrlGen()

URL generator for banner file uploads
Source:

bufferToEmbedding(buffer) → {Float32Array}

Convert Buffer from database to Float32Array
Parameters:
Name Type Description
buffer Buffer Binary buffer from DB
Source:
Returns:
- Embedding vector
Type
Float32Array

buildCompactNodeLabel(node, fallback) → {string}

Builds a compact node label for tree rendering.
Parameters:
Name Type Description
node any
fallback string
Source:
Returns:
Type
string

buildDataFields(req, groupBannerTableopt) → {string}

Build extra SELECT column fragment from `Data` / `ExtraData` / `dataFilter` / `groupBanner` query parameters.
Parameters:
Name Type Attributes Default Description
req ExpressRequestAuthorized
groupBannerTable string <optional>
 'pmember' Table alias that holds banner data
Source:
Returns:
Type
string

buildNodeAdjacency()

Builds adjacency maps for fast traversal. - memberA is directed: parent -> child - memberS is undirected: sibling <-> sibling
Parameters:
Type Description
Source:

calculateContentHash(text) → {Buffer}

Calculate content hash for change detection
Parameters:
Name Type Description
text string Text to hash
Source:
Returns:
- SHA256 hash
Type
Buffer

changelogUrlGen()

URL generator for changelog file uploads
Source:

(async) checkEntries(ObjectUID, UIDOrga) → {Promise.<void>}

Checks all entries for the given objects against their filters and performs necessary cleanup. This function processes multiple objects, retrieves their filters, and checks each entry to ensure they still match the current filter criteria, removing entries that no longer qualify.
Parameters:
Name Type Description
ObjectUID Buffer | Array.<Buffer> Single object UID or array of object UIDs to check
UIDOrga string The organization UUID for multi-tenant scoping (must be string)
Source:
Throws:
Will log an error if any operation fails during execution.
Returns:
Type
Promise.<void>

(async) checkEntry(entry, UIDOrga)

Checks a single entry against its filters and performs necessary add/remove operations. This function evaluates whether an entry should be included or excluded from a list based on the current filter state and publishes appropriate events for membership changes.
Parameters:
Name Type Description
entry any Entry object with filter information and membership data
UIDOrga string The unique identifier of the organization (required)
Source:
Throws:
Will log an error if any operation fails during execution.

(async) checkPersonListMember(UID, UIDOrga) → {Promise.<void>}

Asynchronously checks if a person is a member of specific lists/dynamic lists dlist) and performs related operations. This is clled, when an objet has been updated or created, to check if any dynamic list has to be updated This function retrieves all groups (sources) that the object identified by the given UID is a member of, matches the object against those lists, by checking all object filters attached to the sources/groups, if they pass the filters and performs necessary updates to the entries of the dynamic lists attached to these filters In a second step it checks, if therre are entries which do not match the filters anymore and removes them from the dlist
Parameters:
Name Type Description
UID string | Buffer The unique identifier of the object to check membership for.
UIDOrga string The unique identifier of the organization.
Source:
Throws:
Will log an error if any operation fails during execution.
Returns:
Resolves when the operations are completed.
Type
Promise.<void>

(async) cleanEventLog(timestampopt) → {Promise.<void>}

- Deletes events from the `eventLog` table where the `Timestamp` is older than the specified timestamp. - If `timestamp` is `null`, the default value is calculated as the UNIX timestamp of the first day of the previous month. - After deletion, the `eventLog` table is optimized to reclaim storage and improve performance. - The database transaction is executed with a query timeout of 100 seconds.
Parameters:
Name Type Attributes Default Description
timestamp number | null <optional>
 null The UNIX timestamp (in seconds) to use as the cutoff for deletion. Defaults to the first day of the previous month if not provided.
Source:
Throws:
Logs any errors encountered during the operation.
Type
Error
Returns:
Resolves when the cleanup operation is complete.
Type
Promise.<void>

compareDOWN(filterA, filterB) → {number}

Comparator function for sorting filters in descending order during filter removal. Sorts by filter type priority: include > exclude > intersect (reverse order)
Parameters:
Name Type Description
filterA Object First filter object with Type property
filterB Object Second filter object with Type property
Source:
Returns:
-1 if filterA < filterB, 0 if equal, 1 if filterA > filterB
Type
number

compareUP(filterA, filterB) → {number}

Comparator function for sorting filters in ascending order during filter rebuilding. Sorts by filter type priority: include > exclude > intersect
Parameters:
Name Type Description
filterA Object First filter object with Type property
filterB Object Second filter object with Type property
Source:
Returns:
-1 if filterA < filterB, 0 if equal, 1 if filterA > filterB
Type
number

computeNodeLevels()

Computes rank levels for nodes by traversing memberS bands and memberA jumps.
Parameters:
Type Description
Source:

cosineSimilarity(a, b) → {number}

Calculate cosine similarity between two embeddings
Parameters:
Name Type Description
a Float32Array First embedding
b Float32Array Second embedding
Source:
Returns:
- Similarity score (0-1)
Type
number

createNodeHierarchyLookup(nodeMap)

Creates a hierarchy lookup function for nodes.
Parameters:
Name Type Description
nodeMap Map.<string, any>
Source:
Returns:

decrypt(encryptedData, passphrase) → {string}

Decrypts an AES-128 encrypted Base64 string using a passphrase.
Parameters:
Name Type Description
encryptedData string The encrypted string (Salt and encrypted text in Base64, separated by colons). Supports both old format (salt:iv:encrypted) and new format (salt:encrypted).
passphrase string The passphrase used to derive the decryption key and IV.
Source:
Returns:
- The decrypted Base64 string.
Type
string

(async) deleteDir()

Helper function to delete directories recursively
Source:

(async) deleteFunctionTemplate(req, res) → {Promise.<void>}

Deletes a function template if there are no jobs linked to it. This function checks if any jobs are associated with the specified function template. If jobs are found, deletion is denied and a message is returned listing the members with jobs. If no jobs are linked, the function template and all related achievement links are deleted. The template update function is called after successful deletion.
Parameters:
Name Type Description
req Object Express request object, expects `params.UID` for the template UID and `session.root` for the root user UID.
res Object Express response object used to send JSON responses.
Source:
Returns:
Sends a JSON response indicating success or failure.
Type
Promise.<void>

deriveKeyAndIv(passphrase) → {Object}

Derives a key and IV from a passphrase.
Parameters:
Name Type Description
passphrase string The passphrase to derive key and IV from.
Source:
Returns:
- The derived key, IV, and salt in base64 format.
Type
Object

detectOutOfHierarchyNodes()

Detects nodes that violate the expected memberA hierarchy step (+1).
Parameters:
Type Description
Source:

detectVisibleNodes()

Detects visible nodes from computed levels and hierarchy flags.
Parameters:
Type Description
Source:

embeddingToBuffer(embedding) → {Buffer}

Convert Float32Array to Buffer for database storage
Parameters:
Name Type Description
embedding Float32Array Embedding vector
Source:
Returns:
- Binary buffer
Type
Buffer

encodeKrokiGraph(diagramSource) → {string}

Encodes Graphviz text for Kroki using deflate + base64url.
Parameters:
Name Type Description
diagramSource string
Source:
Returns:
Type
string

encrypt(base64String, passphrase) → {string}

Encrypts a Base64-encoded string with AES-128 using a passphrase.
Parameters:
Name Type Description
base64String string The Base64-encoded string to encrypt.
passphrase string The passphrase used to derive the encryption key and IV.
Source:
Returns:
- The encrypted string in Base64 format.
Type
string

(async) ensureVersionTable()

Ensures the dbVersion tracking table exists. Safe to call on both fresh and existing databases.
Source:

escapeHtml(value)

Parameters:
Name Type Description
value string
Source:

(async) exclude(entry, UIDOrga)

Creates an exclusion link for an entry and publishes remove events to notify about the exclusion. This function is called when an entry should be excluded from a list due to filter matching.
Parameters:
Name Type Description
entry any Entry object containing UIDEntry, UIDList, UIDBelongsTo
UIDOrga string The unique identifier of the organization (required)
Source:
Throws:
Will log an error if any operation fails during execution.

expandMemberSBand(roots)

Expands one memberS-connected band and computes local ranks from roots.
Parameters:
Name Type Description
roots Map.<string, number>
Source:

extractAchievements(filter) → {Array.<string>}

Extracts all achievement qualifiers (as strings) from a potentially nested filter object or array. The function traverses the filter structure recursively, collecting all string values found at any depth. The filter can be a string, an object with a single key whose value is another filter or array of filters, or an array of such filters.
Parameters:
Name Type Description
filter Object | Array | string The filter structure to extract achievement qualifiers from.
Source:
Returns:
An array of extracted achievement qualifier strings.
Type
Array.<string>

(async) fetchUserFromMembersAPI(userUID, orgaUID, authToken) → {Object}

Fetch user data from members API to populate cache
Parameters:
Name Type Description
userUID string User UUID
orgaUID string Organization UUID
authToken string Auth token for API call
Source:
Returns:
- User data or null
Type
Object

filterImage()

Helper function to filter image file types
Source:

filterImagePdf()

Helper function to filter image and PDF file types
Source:

filterJSON()

Helper function to filter JSON file types
Source:

filterVisibleEdges()

Filters edges to only those that should be rendered.
Parameters:
Type Description
Source:

findConflict()

Detect conflicts between a new domain and all existing domains across other orgs. Conflict rules: - Same type + same value → direct conflict - internal "foo" vs external "foo.com" → prefix conflict
Source:

findSimilarEntities(referenceUID, options) → {Promise.<Array>}

Find entities similar to a reference entity
Parameters:
Name Type Description
referenceUID Buffer | string UID of the reference entity (Buffer or hex string)
options Object Search options (same as searchSimilarEntities)
Source:
Returns:
- Array of similar entities
Type
Promise.<Array>

generateEmbedding(text, options) → {Promise.<Float32Array>}

Generate single embedding from text
Parameters:
Name Type Description
text string Text to embed
options Object Generation options (see generateEmbeddings)
Source:
Returns:
- Embedding vector
Type
Promise.<Float32Array>

generateEmbeddings(texts, options) → {Promise.<Array.<Float32Array>>}

Generate embeddings from text using configured backend
Parameters:
Name Type Description
texts string | Array.<string> Text(s) to embed
options Object Generation options
Properties
Name Type Attributes Default Description
sanitize boolean <optional>
 true Sanitize sensitive PII before embedding
sanitizeOptions Object <optional>
 Options passed to sanitizeTextForEmbedding
Source:
Returns:
- Array of embedding vectors
Type
Promise.<Array.<Float32Array>>

(async) generateEmbeddingsOllama()

Generate embeddings using Ollama
Source:

(async) generateEmbeddingsOpenAI()

Generate embeddings using OpenAI
Source:

(async) generateEmbeddingsTEI()

Generate embeddings using TEI (HuggingFace Text Embeddings Inference)
Source:

(async) getAchievement(req, res) → {Promise.<void>}

Retrieves an achievement by UID, checking user permissions. If timestamp is provided, retrieves the achievement as it was at that time. Returns achievement details including template data and authorization status.
Parameters:
Name Type Description
req Object Express request object
Properties
Name Type Description
params Object Request parameters
Properties
Name Type Description
UID string UID of the achievement to retrieve
query Object Query parameters
Properties
Name Type Attributes Description
timestamp string <optional>
 Optional timestamp for point-in-time queries
session Object Session information
Properties
Name Type Description
user string Current user's UID
res Object Express response object
Source:
Returns:
- Sends JSON response with achievement data or error message
Type
Promise.<void>

(async) getAllFilters(UID) → {Promise.<Array>}

Retrieves all filters (include, exclude, intersect) associated with a specific dynamic list.
Parameters:
Name Type Description
UID string The unique identifier of the dynamic list
Source:
Returns:
Array of filter objects with UID, Type, Data, Title, Display, UIDBelongsTo, and SourceType
Type
Promise.<Array>

getAllOrgDomains() → {Promise.<Record.<string, Record.<string, string>>>}

Load all domain maps for every organisation (for conflict checking).
Source:
Returns:
Type
Promise.<Record.<string, Record.<string, string>>>

getApps(orgId) → {Promise.<Record.<string, AppEntry>>}

Load the app registry for one organisation.
Parameters:
Name Type Description
orgId string
Source:
Returns:
Type
Promise.<Record.<string, AppEntry>>

getDomains(orgId) → {Promise.<Record.<string, string>>}

Load domain settings for one organisation.
Parameters:
Name Type Description
orgId string
Source:
Returns:
Type
Promise.<Record.<string, string>>

getEmbeddingServerInfo() → {Promise.<Object>}

Get embedding server info
Source:
Returns:
Type
Promise.<Object>

(async) getFunctionTemplates(req, res) → {Promise.<void>}

Retrieves all function template names and UIDs for the organization.
Parameters:
Name Type Description
req Object Express request object, expects `session.root` for the root user UID.
res Object Express response object used to send JSON responses.
Source:
Returns:
Sends a JSON response with the function templates list.
Type
Promise.<void>

getHierarchyBorderColor(hierarchie, hierarchyColors) → {string}

Returns border color for a group hierarchy from config/palette.
Parameters:
Name Type Description
hierarchie number | string | null | undefined
hierarchyColors Array.<any> | Object | null
Source:
Returns:
Type
string

getHierarchyColorConfig(config) → {Array.<any>|Object|null}

Resolves hierarchy colors from merged config.
Parameters:
Name Type Description
config any
Source:
Returns:
Type
Array.<any> | Object | null

(async) getJobsByFunctionTemplate(req, res) → {Promise.<void>}

Retrieves jobs associated with a specific function template.
Parameters:
Name Type Description
req Object Express request object, expects `params.UID` for the template UID and optional query parameters.
res Object Express response object used to send JSON responses.
Source:
Returns:
Sends a JSON response with the jobs data.
Type
Promise.<void>

getMailSettings(orgId) → {Promise.<(object|null)>}

Load mail/SMTP settings for one organisation. The password is masked before being returned.
Parameters:
Name Type Description
orgId string
Source:
Returns:
Type
Promise.<(object|null)>

getMemberAStep(parentHex, childHex) → {number|null}

Returns memberA rank increment from parent to child. Invalid hierarchy transitions return null and are omitted.
Parameters:
Name Type Description
parentHex string
childHex string
Source:
Returns:
Type
number | null

(async) getObjectFilters(ObjectUID) → {Promise.<(Array.<any>|undefined)>}

Retrieves all filters and related data for objects that need to be checked for dynamic list membership. This function queries the database to get filter information for objects and their associated lists.
Parameters:
Name Type Description
ObjectUID Buffer | Array.<Buffer> Single object UID or array of object UIDs to get filters for
Source:
Returns:
Array of filter objects with complete filter and object information
Type
Promise.<(Array.<any>|undefined)>

(async) getOrgSection(orgId, section) → {Promise.<(object|null)>}

Load a named section for one organisation from Vault. Returns `null` on missing key or error.
Parameters:
Name Type Description
orgId string
section string e.g. 'domains', 'apps', 'mail'
Source:
Returns:
Type
Promise.<(object|null)>

getRequiredDbRoles() → {Array.<string>}

Get the required database roles based on NODE_ENV Production: db-user, db-admin Development: db-dev, db-admin Demonstration: db-demo, db-admin
Source:
Returns:
Array of valid roles for current environment
Type
Array.<string>

getStageColorConfig(config) → {Array.<any>|Object|null}

Resolves stage colors from merged config.
Parameters:
Name Type Description
config any
Source:
Returns:
Type
Array.<any> | Object | null

getStageDotColor(stage, stageColors) → {string}

Parameters:
Name Type Description
stage number | string | null | undefined
stageColors Array.<any> | Object | null
Source:
Returns:
Type
string

(async) groupEntriesFilter(myObjectFilters) → {Promise.<(Record.<string, any>|undefined)>}

Groups filter data by entry UID and organizes filters into include/exclude/intersect categories. This function processes raw filter data from the database and structures it for efficient filtering operations, creating an object keyed by entry UIDs with complete filter information.
Parameters:
Name Type Description
myObjectFilters Array.<any> Array of raw filter objects from the database query
Source:
Throws:
Will log an error if any operation fails during execution.
Returns:
Object keyed by entry UIDs containing organized filter data
Type
Promise.<(Record.<string, any>|undefined)>
Manages the sister-group link for a group. If belongsTo changes, removes old memberS link, inserts new one, and syncs members.
Parameters:
Name Type Description
req ExpressRequestAuthorized
UID Buffer Group UID (hex Buffer)
Source:
Returns:
The new sister-group object, or null if unchanged/removed
Type
Promise.<(object|null)>

hashSensitiveValue(value, type) → {string}

Create deterministic hash for sensitive string data Same input always produces same hash (preserves uniqueness in embeddings)
Parameters:
Name Type Description
value string Value to hash
type string Type of value (email, phone, etc.)
Source:
Returns:
- Hashed placeholder
Type
string

(async) initializeRedis() → {Promise.<boolean>}

Initialize the Redis connection after secrets are loaded
Source:
Returns:
Returns true if initialized successfully, false otherwise
Type
Promise.<boolean>

(async) insertAchievement(object, achievementUID, templateUID, session, memberUID, connection) → {Promise.<void>}

import { parseTimestampToSeconds } from '../../utils/parseTimestamp.js' Inserts a new achievement into the database.
Parameters:
Name Type Description
object Object Achievement object to insert
achievementUID string | Buffer UUID (hex string or Buffer) of the achievement
templateUID string | Buffer UUID (hex string or Buffer) of the template
session Object User session data
memberUID string | Buffer UUID (hex string or Buffer) of the member
connection Object Database connection for transaction
Source:
Returns:
Type
Promise.<void>

(async) insertFunction() → {Promise.<void>}

Inserts or updates a function template in the database, manages related links and triggers updates. - Renders a function object from a template and request body. - Cleans up and compresses access filters to avoid unnecessary filter creation. - Inserts or updates the function in the ObjectBase table. - Handles achievement links and triggers requalification or visibility adjustments if needed. - If the function template changes, rebuilds all jobs based on this template and updates their data.
Parameters:
Type Description
Source:
Returns:
Type
Promise.<void>

(async) insertOrUpdateAchievement(req, res) → {Promise.<void>}

Handles the insertion or update of an achievement for a member. This function processes achievement data from the request, checks user authorization, validates the member and template, and either creates a new achievement or updates an existing one. It also handles achievement renewal logic and queues necessary updates.
Parameters:
Name Type Description
req Object The request object
Properties
Name Type Description
params Object URL parameters
Properties
Name Type Description
member string UUID of the member
template string UUID of the achievement template
body Object Request body
Properties
Name Type Attributes Description
UID string Achievement UUID
date number <optional>
 Date of the achievement (timestamp)
userAdded string <optional>
 User who added the achievement
session Object User session data
Properties
Name Type Description
user string Current user's UUID
root string Root UUID
res Object The response object
Source:
Throws:
- Logs errors with errorLoggerUpdate
Type
Error
Returns:
- Sends JSON response with success status and result
Type
Promise.<void>

(async) insertOrUpdateJob(req, res) → {Promise.<void>}

Inserts or updates a job in the system. This function handles the creation of a job for a member in a specific group with a specified function. It performs several authorization checks and validations before proceeding with the insertion.
Parameters:
Name Type Description
req Object The HTTP request object
Properties
Name Type Description
query Object Query parameters
Properties
Name Type Attributes Description
timestamp number <optional>
 Optional timestamp for the job
params Object URL parameters
Properties
Name Type Description
group string UUID of the group
member string UUID of the member
function string UUID of the function
body Object Request body
Properties
Name Type Description
UID string UUID of the job to be created
session Object Session information
Properties
Name Type Description
user string Current user's UUID
root string Root UUID
res Object The HTTP response object
Source:
Throws:
- Logs errors through errorLoggerUpdate
Type
Error
Returns:
- Sends a JSON response with success status and result or error message
Type
Promise.<void>

isEmbeddingServerHealthy() → {Promise.<boolean>}

Check if embedding server is healthy
Source:
Returns:
Type
Promise.<boolean>

isValidLogInterval(interval) → {boolean}

Validates log interval format
Parameters:
Name Type Description
interval string Interval string to validate (e.g., '1d', '1h')
Source:
Returns:
Type
boolean

isValidLogSize(size) → {boolean}

Validates log size format
Parameters:
Name Type Description
size string Size string to validate (e.g., '20M', '1G')
Source:
Returns:
Type
boolean

keyComponents()

Helper function to generate key components for file paths
Source:

languageUrlGen()

URL generator for language file uploads
Source:

(async) linkExcludeIntersect(UIDFilter, filtered, target, connection) → {Promise.<void>}

Creates database links for excluded/intersected objects
Parameters:
Name Type Description
UIDFilter Buffer Filter UID
filtered Array.<any> Filtered objects to exclude/intersect
target Buffer Target list UID
connection any Database connection
Source:
Returns:
Type
Promise.<void>

(async) linkIncludes(sourceType, UIDFilter, filtered, target, execConnection) → {Promise.<void>}

Creates database links for included objects
Parameters:
Name Type Description
sourceType string Source type ('group' or 'list')
UIDFilter Buffer Filter UID
filtered Array.<any> Filtered objects to link
target Buffer Target list UID
execConnection any Database connection
Source:
Returns:
Type
Promise.<void>

(async) listAchievementsPerson(req, res) → {Promise.<void>}

Fetches achievements associated with a person, joining with template data. Can return achievements as of a specific point in time. Can filter to return only unique (latest) achievements.
Parameters:
Name Type Description
req Object Express request object.
Properties
Name Type Description
query Object Request query parameters.
Properties
Name Type Attributes Description
timestamp number <optional>
 Optional timestamp for point-in-time query.
unique boolean <optional>
 If true, returns only the latest version of each achievement.
params Object Request path parameters.
Properties
Name Type Description
UID string UID of the person whose achievements to list.
session Object User session object.
Properties
Name Type Description
user string UID of the current user.
res Object Express response object.
Source:
Throws:
- Logs any errors encountered during database operations.
Type
Error
Returns:
- Returns a JSON response with success status and result array.
Type
Promise.<void>

listShares()

Parameters:
Type Description
Source:

mergeCustomizer()

Lodash merge customizer - do not merge arrays
Source:

(async) migrateAchievementDates() → {Promise.<void>}

Migrates achievements from 05.01.2023 to 01.01.1900 Uses delete and re-insert to handle system versioned table
Source:
Returns:
Type
Promise.<void>

(async) migrateAction(action) → {Promise.<void>}

Handles migration actions for moving objects between different groups or targets. Delegates to type-specific submodules.
Parameters:
Name Type Description
action treeAction The migration action object containing source and target information
Source:
Throws:
Throws an error if migration is attempted for unsupported object types
Type
Error
Returns:
Type
Promise.<void>

(async) migrateAction()

Source:

minioput()

Put a Buffer into MinIO
Source:

nameReplace(str) → {string}

Replace special characters in a string with underscores Used to create valid property names from parameter names
Parameters:
Name Type Description
str string
Source:
Returns:
Type
string

newAvatar(api)

Parameters:
Name Type Description
api Object
Source:

newAvatar(api)

Parameters:
Name Type Description
api Object
Source:

normalizeValue(value, type) → {string}

Normalize sensitive values before hashing for consistency Same value in different formats produces same hash
Parameters:
Name Type Description
value string Raw value to normalize
type string Type of value (email, phone, iban, etc.)
Source:
Returns:
- Normalized value
Type
string

openAPIMiddleware(baseDir)

Middleware to serve combined OpenAPI documentation
Parameters:
Name Type Description
baseDir string Base directory for resolving references
Source:

parseTimestampToSeconds(val) → {number|null}

Parse an incoming query timestamp parameter. Accepts a number or string (in milliseconds) and returns seconds (number) or null. Returns null for undefined, null, NaN, or empty string.
Parameters:
Name Type Description
val string | number | undefined | null
Source:
Returns:
Type
number | null

parseTimestampToSecondsOrDefault(val, fallback) → {number}

Parse an incoming timestamp value (milliseconds) and return a seconds value or fallback number.
Parameters:
Name Type Description
val string | number | undefined | null
fallback number fallback seconds value when val is not present
Source:
Returns:
Type
number

privateUrlGen()

URL generator for private file uploads
Source:

(async) processGroupEntry(ObjectFilter, of)

Processes a single filter entry and groups it under the appropriate entry key in the ObjectFilter. This function organizes filter data by entry UID, creating or updating filter collections for include, exclude, and intersect filters, along with membership information.
Parameters:
Name Type Description
ObjectFilter Record.<string, any> The object to store grouped filter data, keyed by entry UID
of any Filter object containing entry data, filter information, and list details
Source:
Throws:
Will log an error if any operation fails during execution.

(async) processIncludeFilter(include, myObjects) → {Promise.<void>}

Processes the inclusion filter and updates the database with the filtered objects. This function handles the creation of new entries, linking entries to filters, and processing exclude and intersect filters for newly created entries.
Parameters:
Name Type Description
include Object The inclusion filter object containing filter data and source type.
myObjects Array.<Object> Array of objects to be filtered and processed.
Source:
Throws:
Logs and throws an error if any issue occurs during processing.
Type
Error
Returns:
Resolves when the processing is complete.
Type
Promise.<void>
Example
const include = {
  Data: {  filter criteria here },
  SourceType: 'group',
  listUID: 'someUID',
  UID: 'filterUID'
};
const myObjects = [/ array of objects as retrieved by getObjects/];
await processIncludeFilter(include, myObjects);

processTraversalLayer() → {Array.<Buffer>}

Applies one traversal layer and computes the next frontier.
Parameters:
Type Description
Source:
Returns:
Type
Array.<Buffer>

publicUrlGen()

URL generator for public file uploads
Source:

(async) queryGroupLinksForFrontier(userUID, frontier)

Loads one traversal layer for the current frontier.
Parameters:
Name Type Description
userUID Buffer
frontier Array.<Buffer>
Source:

(async) queueAdd(root, user, type, UID, UIDBelongsTo, oldTarget, newTarget, timestampopt) → {Promise.<void>}

Adds a single action to the tree queue and triggers queue processing.
Parameters:
Name Type Attributes Default Description
root Buffer | string The UID of the root organization (Buffer or hex string)
user Buffer | string The UID of the user requesting the action
type string The type of action to be performed
UID Buffer | string The UID of the object being acted upon
UIDBelongsTo Buffer | string The UID of the parent object
oldTarget Buffer | string | null The UID of the old target object (for migrations/removals)
newTarget Buffer | string | null The UID of the new target object (for additions/migrations)
timestamp number | null <optional>
 null Optional timestamp for the action
Source:
Returns:
Type
Promise.<void>

(async) queueAddArray(req) → {Promise.<void>}

Adds multiple actions to the tree queue in batch and triggers queue processing.
Parameters:
Name Type Description
req Object Express request object with session data
Properties
Name Type Description
session Object Session object
Properties
Name Type Description
root string The root organization UUID
user string The user UUID
Source:
Returns:
Type
Promise.<void>

quoteGraphviz(value) → {string}

Builds a Graphviz-compatible, quoted label.
Parameters:
Name Type Description
value string
Source:
Returns:
Type
string

(async) rateLimitedRequest(requestFn) → {Promise}

Rate limiter that ensures we don't exceed LocationIQ free tier limits
Parameters:
Name Type Description
requestFn function The async function to execute
Source:
Returns:
- Result of the request function
Type
Promise

(async) rebuildFees(UIDfamily, organization) → {Promise.<boolean>}

Rebuilds the fee structure for a given family by UID. This function fetches all family members, recalculates their fee indices, updates the fee address if necessary, and persists any changes to the database. It also publishes relevant events if the fee structure has changed. This has to be called if a family cahnged, e.g. a new member was added or removed,
Parameters:
Name Type Description
UIDfamily Buffer The UID of the family whose fees are to be rebuilt.
organization string The organization UID for multi-tenant context.
Source:
Throws:
Will log and handle errors internally if any database or processing error occurs.
Returns:
Returns true if the operation was successful, false otherwise.
Type
Promise.<boolean>

(async) rebuildFiltersDlist(rebuildFilters, UIDOrga) → {Promise.<Object>}

Rebuilds dynamic list filters and publishes appropriate events for membership changes. This function removes and re-adds filters within a transaction, then compares the before/after state to publish add/remove events for affected list members.
Parameters:
Name Type Description
rebuildFilters Array Array of filter objects to rebuild, each containing UIDFilter, UIDList, and Type
UIDOrga string | Buffer The unique identifier of the organization (required)
Source:
Throws:
Will log an error if any operation fails during execution.
Returns:
Result object containing beAdded and removed arrays
Type
Promise.<Object>

rebuildFullTree(identifyer, options) → {Promise.<{deleted: Array, added: Array}>}

High-level rebuild that ensures groups are rebuilt first (sorted by hierarchie ASC), so that group-to-group member links are correct before rebuilding persons/jobs/externs whose member links depend on the group tree.
Parameters:
Name Type Description
identifyer string Object type ('person','group','extern','event','job') or a UUID string
options
Source:
Returns:
Type
Promise.<{deleted: Array, added: Array}>

rebuildMembershipTree(UIDs, options) → {Promise.<{deleted: Array.<{UID: Buffer, UIDTarget: Buffer, DisplayMain: string, Display: string}>, added: Array.<{UID: Buffer, UIDTarget: Buffer, DisplayMain: string, Display: string, success: boolean}>}>}

Rebuilds the membership tree for a set of UIDs. Uses a virtual transaction to compute the desired link state without committing, then diffs against the current state and applies only the necessary inserts/deletes. This avoids touching existing rows in the system-versioned Links table (updates would create unnecessary history entries).
Parameters:
Name Type Description
UIDs Array.<Buffer> hex Buffer UIDs of the objects to rebuild
options
Source:
Returns:
Type
Promise.<{deleted: Array.<{UID: Buffer, UIDTarget: Buffer, DisplayMain: string, Display: string}>, added: Array.<{UID: Buffer, UIDTarget: Buffer, DisplayMain: string, Display: string, success: boolean}>}>

(async) recreateBanner(UID, banner, bannerRules, req)

Recursively propagates a banner update to child groups, jobs, and persons.
Parameters:
Name Type Description
UID Buffer Group UID
banner string Banner URL/path
bannerRules object Banner inheritance rules
req ExpressRequestAuthorized
Source:

(async) recreateJobs(req, jobs, timestamp, requalifyopt)

This function iterates through a list of jobs and updates their corresponding entries in the ObjectBase database table. It processes job qualification status, renders objects from templates, and updates various fields including Title, qualification index, hierarchie, stage, gender
Parameters:
Name Type Attributes Default Description
req Object The request object containing session information.
jobs Array Array of job objects to be recreated.
timestamp number The timestamp to use for updating objects.
requalify boolean <optional>
 false Whether to requalify the jobs.
Source:
Throws:
Logs error if job recreation fails.
Type
Error

(async) recreateJobsPerson(req, res, requalifyopt) → {Promise.<void>}

Retrieves job data for a person at a specific point in time (if timestamp provided), then recreates the jobs using the recreateJobs function. When requalify is true, it recalculates job qualification status based on achievements if requalify is true (default). then recreates the jobs using the recreateJobs function.
Parameters:
Name Type Attributes Default Description
req Object Express request object
Properties
Name Type Description
params Object Request parameters
Properties
Name Type Description
UIDperson string UID of the person
query Object Request query parameters
Properties
Name Type Attributes Description
timestamp number <optional>
 Optional timestamp for point-in-time query
res Object Express response object
requalify boolean <optional>
 true Whether to recalculate job qualification status based on achievements
Source:
Throws:
- Logs error to error logger if query fails
Type
Error
Returns:
- Sends JSON response indicating success or handles error
Type
Promise.<void>

(async) recreateJobsPerson(req, UIDperson, requalifyopt) → {Promise.<Object>}

Recreates jobs for a specific person based on their UID. This function fetches job data from the database for a person, potentially as of a specific timestamp, and then recreates these jobs. It can also requalify the jobs as part of the process.
Parameters:
Name Type Attributes Default Description
req Object The request object containing query parameters.
UIDperson string | Buffer The UID (hex string or Buffer) of the person whose jobs need to be recreated.
requalify boolean <optional>
 true Whether to requalify the jobs during recreation.
Source:
Throws:
- Any errors that occur during the job recreation process are logged.
Type
Error
Returns:
- A promise that resolves when the jobs have been recreated.
Type
Promise.<Object>

(async) removeAction(action) → {Promise.<void>}

Handles various removal actions in the tree structure. Delegates to type-specific submodules. Note on dispatch order: the filter-type guards (include/exclude/intersect and visible/changeable) use plain `if` blocks and are not mutually exclusive with the final `else` branch of the listMember/list/family chain. This matches the original logic exactly.
Parameters:
Name Type Description
action treeAction
Source:
Returns:
Type
Promise.<void>

(async) removeAction()

Source:

(async) removeFilter(req) → {Promise.<Object>}

Remove a specific filter by UID
Parameters:
Name Type Description
req ExpressRequestAuthorized Express request object
Source:
Returns:
Result object with success status
Type
Promise.<Object>

(async) removeObjects(myDEObjects, exclude, listUID) → {Promise.<(Array.<any>|undefined)>}

Removes objects based on exclude filter criteria
Parameters:
Name Type Description
myDEObjects Array.<any> Array of objects to potentially remove
exclude any Exclude filter object
listUID any List identifier
Source:
Returns:
- Array of removed objects
Type
Promise.<(Array.<any>|undefined)>

resolveTreeUIDs(identifyer) → {Promise.<{UIDs: Array.<Buffer>, isType: boolean}>}

Resolves the UIDs to rebuild based on the identifier. If the identifier is a known object type, fetches all UIDs of that type ordered by hierarchy. If it's a UUID, converts it to hex. Returns an empty array if invalid.
Parameters:
Name Type Description
identifyer string Object type ('person','group','extern','event','job') or a UUID string
Source:
Returns:
Type
Promise.<{UIDs: Array.<Buffer>, isType: boolean}>

sanitizeGraphvizColor(color) → {string|null}

Validates a Graphviz color value.
Parameters:
Name Type Description
color any
Source:
Returns:
Type
string | null

sanitizeTextForEmbedding(text, options) → {string}

Sanitize text by replacing sensitive information with hashed placeholders Preserves semantic structure while protecting PII
Parameters:
Name Type Description
text string Text to sanitize
options Object Sanitization options
Properties
Name Type Attributes Default Description
sanitizeEmail boolean <optional>
 true Hash email addresses
sanitizePhone boolean <optional>
 true Hash phone numbers
sanitizeIban boolean <optional>
 true Hash IBAN numbers
sanitizeAddress boolean <optional>
 true Hash street addresses
sanitizeCreditCard boolean <optional>
 true Hash credit card numbers
sanitizeSSN boolean <optional>
 true Hash SSN/tax IDs
Source:
Returns:
- Sanitized text with hashed placeholders
Type
string

saveApps(orgId, apps)

Persist the app registry for one organisation.
Parameters:
Name Type Description
orgId string
apps Record.<string, AppEntry>
Source:

saveDomains(orgId, domains)

Persist domain settings for one organisation.
Parameters:
Name Type Description
orgId string
domains Record.<string, string>
Source:

saveMailSettings(orgId, settings)

Persist mail/SMTP settings for one organisation. If the password is the mask sentinel, the existing password is preserved.
Parameters:
Name Type Description
orgId string
settings object
Source:

(async) saveOrgSection(orgId, section, data)

Persist a named section for one organisation in Vault.
Parameters:
Name Type Description
orgId string
section string
data object
Source:

saveSecretsToVault(secretPath, data) → {Promise.<void>}

Write (or update) a secret in Vault KV v2. Merges the new data on top of any existing secret (patch semantics via POST).
Parameters:
Name Type Description
secretPath string Vault KV v2 path including the "data" segment, e.g. "orgas/data/UUID-xxxx/domains"
data Record.<string, unknown> Key/value data to store
Source:
Returns:
Type
Promise.<void>

searchSimilarEntities(searchText, options) → {Promise.<Array>}

Search for similar entities using vector similarity
Parameters:
Name Type Description
searchText string Text to search for
options Object Search options
Properties
Name Type Attributes Default Description
entityType string <optional>
 Filter by entity type
organizationUID Buffer | string <optional>
 Filter by organization (Buffer or hex string)
limit number <optional>
 10 Maximum number of results
threshold number <optional>
 0.7 Minimum similarity threshold (0-1)
distanceMetric string <optional>
 'cosine' Distance metric: 'cosine' or 'euclidean'
sanitize boolean <optional>
 true Sanitize sensitive PII in search text
sanitizeOptions Object <optional>
 Options passed to sanitizeTextForEmbedding
Source:
Returns:
- Array of matching entities with similarity scores
Type
Promise.<Array>

setPublicReadPolicy()

Set an anonymous read policy on a bucket (MinIO / S3).
Source:

testSanitization()

Test sanitization with sample data (for debugging)
Source:

toListingInput(req)

Parameters:
Name Type Description
req ExpressRequestAuthorized
Source:

toStringUuid(uuid) → {string}

Helper function to ensure UUIDs are converted to strings
Parameters:
Name Type Description
uuid string | Buffer UUID that might be Buffer or string
Source:
Returns:
- UUID as string
Type
string

(async) traverseGroupGraphRecursive()

Recursively traverses group links level-by-level. Keeps route logic readable while preserving the existing batched SQL behavior.
Parameters:
Type Description
Source:

(async) triggerQueue(rootGroup) → {Promise.<void>}

Triggers the processing of the tree queue for a specific root organization. Processes all queued actions in order and updates the queue status.
Parameters:
Name Type Description
rootGroup Buffer | string The UID of the root organization group (Buffer or hex string)
Source:
Returns:
Type
Promise.<void>

(async) triggerQueues() → {Promise.<void>}

Initializes action handlers and triggers queue processing for all organizations. This function imports the action modules and starts queue processing for all root organizations.
Source:
Returns:
Type
Promise.<void>

(async) unExclude(entry, UIDOrga)

Removes the exclusion link for an entry and publishes add events to notify about the re-inclusion. This function is called when an entry that was previously excluded from a list should now be included.
Parameters:
Name Type Description
entry any Entry object containing UIDEntry, UIDList, UIDBelongsTo
UIDOrga string The unique identifier of the organization (required)
Source:
Throws:
Will log an error if any operation fails during execution.

(async) updateAchievement(object, achievementUID, templateUID, session, connection) → {Promise.<void>}

Updates an existing achievement in the database.
Parameters:
Name Type Description
object Object Achievement object with updated data
achievementUID string | Buffer UUID (hex string or Buffer) of the achievement
templateUID string | Buffer UUID (hex string or Buffer) of the template
session Object User session data
connection Object Database connection for transaction
Source:
Returns:
Type
Promise.<void>

updateEntityEmbedding(entityUID, data, entityType, organizationUID, optionsopt) → {Promise.<void>}

Updates or creates AI embeddings for any entity type asynchronously
Parameters:
Name Type Attributes Description
entityUID Buffer Entity UID as buffer
data Object | string Entity data object or pre-prepared text
entityType string Entity type ('person', 'extern', 'group', etc.)
organizationUID Buffer Organization UID as buffer
options Object <optional>
 Optional configuration
Properties
Name Type Attributes Default Description
sanitize boolean <optional>
 false Sanitize PII for person/extern data
textBuilder function <optional>
 Custom function to build embedding text from data
Source:
Returns:
Type
Promise.<void>

(async) updateJob(req, res) → {Promise.<void>}

Updates a job after validating user permissions. The function performs these steps: 1. Converts the job UID parameter to hexadecimal format 2. Checks if the user has admin permissions for the job 3. Validates the job UID exists 4. Retrieves the existing job data from the database 5. Merges the existing job data with the provided updated data 6. Updates the job record in the database 7. Adds the job to an update list for processing
Parameters:
Name Type Description
req Object Express request object
Properties
Name Type Description
params Object Request parameters
Properties
Name Type Description
UID string Unique identifier of the job to update
body Object Data to update the job with
res Object Express response object
Source:
Throws:
- Logs error through errorLoggerUpdate if operation fails
Type
Error
Returns:
- Sends JSON response with operation success status
Type
Promise.<void>

updatePersonEmbedding(UID, data, Type, UIDOrganization, UIDuser) → {Promise.<void>}

Updates or creates AI embeddings for a person/extern asynchronously Wrapper around updateEntityEmbedding with sanitize option enabled
Parameters:
Name Type Description
UID Buffer Entity UID as buffer
data Object Entity data object
Type string Object type ('person', 'extern', 'group', etc.)
UIDOrganization Buffer Organization UID as buffer
UIDuser Buffer User UID as buffer
Source:
Returns:
Type
Promise.<void>

uploadAppIcon(orgId, appId, fileStream, mimeType) → {Promise.<string>}

Upload an app icon: 1. Stores the original in the public bucket (URL saved in Vault apps[appId].icon). 2. Uses sharp to generate all standard PWA sizes and writes them to the data bucket at `{orgId}/manifests/{appId}/{iconName}` — the exact paths the static server looks up, so no redirect is needed after this.
Parameters:
Name Type Description
orgId string
appId string
fileStream
mimeType string
Source:
Returns:
The public icon URL
Type
Promise.<string>

validateDomains(newDomains, currentOrgId)

Validate a proposed domains object.
Parameters:
Name Type Description
newDomains Record.<string, string>
currentOrgId string
Source:
Returns:

validateLoggerConfig()

Validates logger configuration
Source:
Throws:
If configuration is invalid
Type
Error

wrapLabel(value, maxLineLength) → {string}

Wraps text into short lines to keep Graphviz labels compact.
Parameters:
Name Type Default Description
value string
maxLineLength number 16
Source:
Returns:
Type
string

Type Definitions

AccountItem

Type:
  • Object
Properties:
Name Type Attributes Description
type string Account type (e.g., 'family', 'familyFees', 'personal')
IBAN string <optional>
 Bank account IBAN
Source:

AddressItem

Type:
  • Object
Properties:
Name Type Attributes Description
type string Address type (e.g., 'family', 'personal', 'secondary')
road string <optional>
 Street name
houseNumber string <optional>
 House number
postcode string <optional>
 Postal code
countryCode string <optional>
 Country code
Source:

AppEntry

Type:
  • Object
Properties:
Name Type Attributes Description
domain string The app's URL or hostname
roles Array.<string> Keycloak roles that grant access
title string Human-readable app name
description string <optional>
port number <optional>
Source:

ClientData

Per-connection state stored in clientDataStore.
Type:
  • Object
Properties:
Name Type Attributes Description
updateBuffer Object | null Pending list-update message to flush on reconnect
updateAbo Set.<Buffer> Set of hex-encoded list UIDs this client monitors (via `monitor` events)
objectAbo Set.<Buffer> Set of hex-encoded object UIDs this client monitors (via `monitorObject` events)
messageBuffer Array General message buffer (reserved for future use)
UIDuser string userUID of the connected user
UIDroot string Organisation UID active for this connection
orgSource string How orgUID was determined: 'header' | 'session' | 'user-default' | 'dynamic'
connectedAt number Unix ms timestamp of initial connect
queueStatus any <optional>
 Last known queue status (cached for reference)
Source:

CollectionsListingInput

Type:
  • Object
Properties:
Name Type Description
session any
query Record.<string, any>
body any
params Record.<string, any>
Source:

ControllerFunction()

Source:

DataFieldSpec

Type:
  • Object
Properties:
Name Type Attributes Description
path string JSON path expression
alias string Column alias name
query boolean <optional>
 Use JSON_QUERY instead of JSON_VALUE
Source:

DatabaseObject

Type:
  • Object
Properties:
Name Type Attributes Description
UID Buffer The unique identifier as a Buffer
UIDBelongsTo Buffer The parent object identifier as a Buffer
Type string The object type
Title string <optional>
 Optional title for the object
Source:

DatabaseQueryOptions

Type:
  • Object
Properties:
Name Type Attributes Description
log boolean <optional>
 Whether to log the query
cast Array.<string> <optional>
 Fields to cast to JSON
batch boolean <optional>
 Whether this is a batch operation
group function <optional>
 Grouping function for results
Source:

EmailItem

Type:
  • Object
Properties:
Name Type Attributes Description
type string Email type (e.g., 'family', 'personal', 'secondary')
email string <optional>
 Email address
Source:

EntryObject

Type:
  • Object
Properties:
Name Type Description
UID Buffer Entry unique identifier
UIDBelongsTo Buffer Parent object identifier
UIDList Buffer List identifier
UIDEntry Buffer Entry identifier
Type string Object type
Data Object Entry data
Source:

ExpressRequest

Type:
  • Object
Properties:
Name Type Attributes Description
params any <optional>
 Route parameters
query any <optional>
 Query string parameters
body any <optional>
 Request body
method string <optional>
 HTTP method
url string <optional>
 Request URL
headers any <optional>
 Request headers
user any <optional>
 Authenticated user object
session SessionData <optional>
 Session data
Source:

ExpressRequestAuthorized

Type:
  • Object
Properties:
Name Type Attributes Description
params any <optional>
 Route parameters
query any <optional>
 Query string parameters
body any <optional>
 Request body
method string <optional>
 HTTP method
url string <optional>
 Request URL
headers any <optional>
 Request headers
user Object <optional>
 Authenticated user object
session Object Session data (guaranteed to exist for authorized requests)
Properties
Name Type Attributes Description
root string The root organization UUID
user string The database member UUID
baseUser string <optional>
 The base user UUID
loginOrga string <optional>
 The login organization UUID from token
authUser any <optional>
 Authenticated user from bearer token
sysUser string <optional>
 System user UID (often used as organization/system admin)
save function Save session data
destroy function Destroy session
Source:

ExpressResponse

Type:
  • Object
Properties:
Name Type Description
status function Set status code
json function Send JSON response
send function Send response
set function Set header
end function End response
Source:

FamilyMemberObject

Type:
  • Object
Properties:
Name Type Description
UID Buffer Member unique identifier
Type 'person' | 'extern' | 'family' Object type (required)
Data Object Member data object (required)
Properties
Name Type Attributes Description
address Array.<AddressItem> <optional>
 Address array
email Array.<EmailItem> <optional>
 Email array
phone Array.<PhoneItem> <optional>
 Phone array
accounts Array.<AccountItem> <optional>
 Account array
Source:

FilterAction

Type:
  • 'visible' | 'changeable' | 'include' | 'exclude' | 'intersect'
Source:

FilterData

Type:
  • Object
Properties:
Name Type Attributes Description
UID string Filter unique identifier
Type string Filter type (include, exclude, intersect)
Data any Filter configuration
SourceType string <optional>
 Source type (group, list, etc.)
listUID string <optional>
 Associated list UID
Source:

FilterObject

Type:
  • Object
Properties:
Name Type Description
UID Buffer The filter unique identifier
Type string Filter type ('include', 'exclude', 'intersect')
Data Object Filter configuration data
Source:

FilterOptions

Type:
  • Object
Properties:
Name Type Attributes Default Description
virtual boolean <optional>
 false Whether this is a virtual operation (no permanent changes)
connection any <optional>
 null Database connection for transactions
Source:

LoggerOptions

Type:
  • Object
Properties:
Name Type Attributes Description
maxSize string <optional>
 Maximum size per log file (e.g., '20M')
interval string <optional>
 Time interval for rotation (e.g., '1d', '1h')
path string <optional>
 Directory path for logs
maxFiles number <optional>
 Number of files to retain
Source:

MemberData

Type:
  • Object
Properties:
Name Type Attributes Description
UID Buffer | string Member unique identifier
UIDBelongsTo Buffer | string Parent object identifier
Type string Object type
Data any Member data
Title string <optional>
 Optional title
new boolean <optional>
 Whether this is a new entry
Source:

OrganizationData

Type:
  • Object
Properties:
Name Type Attributes Description
UID string Organization unique identifier
name string Organization name
data any <optional>
 Additional organization data
Source:

PersonListItem

Type:
  • Object
Properties:
Name Type Attributes Description
UID string Object UID (UUID string)
Type PersonType Object type
UIDBelongsTo string Parent person UID
Title string | null Title / role label
Display string Member display name
SortName string Sort key
UIDgroup string | null Primary group UID
pGroup string | null Primary group display label
hierarchie number | null Hierarchy level
stage number | null Stage / level
gender string | null Gender
dindex number | null Display index
visibility 'visible' | 'changeable' <optional>
 Visibility type
Source:

PersonType

Type:
  • 'person' | 'guest' | 'extern' | 'family' | 'job' | 'entry' | 'eventJob'
Source:

PhoneItem

Type:
  • Object
Properties:
Name Type Attributes Description
type string Phone type (e.g., 'family', 'personal', 'secondary')
number string <optional>
 Phone number
Source:

PublishEventOptions

Type:
  • Object
Properties:
Name Type Attributes Description
organization string The organization UUID for multi-tenant scoping
data Array.<any> | any The event data payload
backDate number <optional>
 Unix timestamp for backdated events
Source:

ServiceResult

Type:
  • Object
Properties:
Name Type Attributes Description
success boolean
result any <optional>
message string <optional>
status number <optional>
 HTTP status to respond with (default 200)
Source:

ServiceResult

Type:
  • Object
Properties:
Name Type Attributes Description
success boolean Whether the operation was successful
result any <optional>
 Result data if successful
error any <optional>
 Error message if unsuccessful
UIDaction string <optional>
 Action UID for some operations
Source:

SessionData

Type:
  • Object
Properties:
Name Type Attributes Description
root string <optional>
 The root organization UUID
user string <optional>
 The database member UUID
baseUser string <optional>
 The base user UUID
loginOrga string <optional>
 The login organization UUID from token
sysUser string <optional>
 System user UID (often used as organization/system admin)
authUser any <optional>
 Authenticated user from bearer token (groups, orgRoles, etc.)
save function Save session data
destroy function Destroy session
regenerate function Regenerate session ID
reload function Reload session data
Source:

SocketIOServer

Socket.IO server instance used to register connection handlers and emit to rooms.
Type:
  • Object
Source:

SocketIOSocket

Represents a single connected Socket.IO client.
Type:
  • Object
Properties:
Name Type Description
request Object Underlying HTTP upgrade request (contains session, headers)
data Object Per-socket mutable storage set by connection handler
Properties
Name Type Description
connectID string Base64-encoded socketID used as key in clientDataStore
user string userUID of the authenticated user
userInfo Object Full decoded token payload
root string Current organisation UID (may be updated via setRoot)
rootHex Buffer Hex-encoded root for fast comparisons
transaction boolean Whether a bulk-transaction is in progress
id string Internal Socket.IO connection ID
connected boolean Whether the socket is currently connected
emit function Emit an event to this client
join function Join a Socket.IO room
disconnect function Forcefully close the connection
handshake Object Handshake information (headers, query, auth)
Source:

treeAction

The action object containing details about the operation to be performed.
Type:
  • Object
Source: