@lastbrain/module-auth 2.0.19 → 2.0.31

package/README.md

@@ -1,6 +1,6 @@
 # 📦 Module auth
 
-> @lastbrain/module-auth
+> Module @lastbrain/module-auth
 
 ## 📋 Informations
 
@@ -15,10 +15,11 @@
 - **GET** `/signin` - SignInPage
 - **GET** `/signup` - SignUpPage
 - **GET** `/reset-password` - ResetPassword
+- **GET** `/confirm` - ConfirmPage
+- **GET** `/auth-code-error` - AuthCodeErrorPage
 
 ### Pages Protégées (Auth)
 
-- **GET** `/dashboard` - DashboardPage
 - **GET** `/folder` - FolderPage
 - **GET** `/reglage` - ReglagePage
 - **GET** `/profile` - ProfilePage
@@ -31,23 +32,47 @@
 
 ### `/api/auth/signin`
 
-**Méthodes supportées**: GET, POST, PUT, DELETE
+**Méthodes supportées**: POST
 
 ### `/api/auth/signup`
 
-**Méthodes supportées**: GET, POST, PUT, DELETE
+**Méthodes supportées**: POST
+
+### `/api/public/set-session`
+
+**Méthodes supportées**: POST
+
+### `/api/public/add-welcome-bonus`
+
+**Méthodes supportées**: POST
+
+### `/api/public/reset-password`
+
+**Méthodes supportées**: POST
+
+### `/api/public/callback`
+
+**Méthodes supportées**: GET
 
 ### `/api/auth/profile`
 
-**Méthodes supportées**: GET, POST, PUT, DELETE
+**Méthodes supportées**: GET, PUT, PATCH
 
 ### `/api/auth/me`
 
-**Méthodes supportées**: GET, POST, PUT, DELETE
+**Méthodes supportées**: GET
+
+### `/api/auth/account/email-change`
+
+**Méthodes supportées**: POST
+
+### `/api/auth/account/reset-password`
+
+**Méthodes supportées**: POST
 
 ### `/api/admin/users`
 
-**Méthodes supportées**: GET, POST, PUT, DELETE
+**Méthodes supportées**: GET
 
 ## 🗄️ Base de Données
 
@@ -83,6 +108,26 @@
 />
 ```
 
+#### `global_addons`
+
+```tsx
+<TableStructure
+  tableName="global_addons"
+  title="global_addons"
+  description="Table global_addons du module auth"
+/>
+```
+
+#### `user_global_addons`
+
+```tsx
+<TableStructure
+  tableName="user_global_addons"
+  title="user_global_addons"
+  description="Table user_global_addons du module auth"
+/>
+```
+
 ### Migrations
 
 - `20251112000000_user_init.sql`
@@ -90,6 +135,9 @@
 - `20251112000002_sync_avatars.sql`
 - `20251124000001_add_get_admin_user_details.sql`
 - `20251127100000_rename_body_to_message.sql`
+- `20260120150001_add_user_storage.sql`
+- `20260122131200_add_global_addons_system.sql`
+- `20260123100000_enable_vector_extension.sql`
 
 ## 📦 Installation
 

package/dist/api/admin/signup-stats.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signup-stats.d.ts","sourceRoot":"","sources":["../../../src/api/admin/signup-stats.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAExD,UAAU,WAAW;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE;QACR,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,MAAM,EAAE,KAAK,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;KACf,CAAC,CAAC;CACJ;AAED,wBAAsB,GAAG,CAAC,QAAQ,EAAE,WAAW;;;;IAuC9C"}
+{"version":3,"file":"signup-stats.d.ts","sourceRoot":"","sources":["../../../src/api/admin/signup-stats.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAExD,UAAU,WAAW;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE;QACR,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,MAAM,EAAE,KAAK,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;KACf,CAAC,CAAC;CACJ;AAED,wBAAsB,GAAG,CAAC,QAAQ,EAAE,WAAW;;;;IAuC9C"}

package/dist/api/admin/signup-stats.js

@@ -1,3 +1,4 @@
+import { logger } from "@lastbrain/core";
 import { getSupabaseServiceClient } from "@lastbrain/core/server";
 import { NextResponse } from "next/server";
 export async function GET(_request) {
@@ -27,7 +28,7 @@ export async function GET(_request) {
         return NextResponse.json({ data: stats }, { status: 200 });
     }
     catch (error) {
-        console.error("Error fetching signup stats:", error);
+        logger.error("Error fetching signup stats:", error);
         return NextResponse.json({ error: "Erreur interne du serveur" }, { status: 500 });
     }
 }

package/dist/api/admin/storage/usage.d.ts

@@ -0,0 +1,18 @@
+import { NextRequest, NextResponse } from "next/server";
+import { StorageUsageData } from "@lastbrain/core";
+/**
+ * GET /api/admin/storage/usage
+ * Admin route: superadmin can query any user's storage usage
+ * Query params:
+ * - ownerId: required, user ID to check
+ * - forceRefresh: optional, bypass cache
+ */
+export declare function GET(request: NextRequest): Promise<NextResponse<{
+    success: boolean;
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+    data: StorageUsageData;
+    fromCache: boolean;
+}>>;
+//# sourceMappingURL=usage.d.ts.map

package/dist/api/admin/storage/usage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"usage.d.ts","sourceRoot":"","sources":["../../../../src/api/admin/storage/usage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,EAAmB,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAmBpE;;;;;;GAMG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;;IAgH7C"}

package/dist/api/admin/storage/usage.js

@@ -0,0 +1,100 @@
+import { NextResponse } from "next/server";
+import { getSupabaseServerClient } from "@lastbrain/core/server";
+import { getStorageUsage } from "@lastbrain/core";
+// Cache simple pour éviter de recalculer trop souvent
+const storageCache = new Map();
+const CACHE_TTL = 30 * 1000; // 30 secondes
+// Nettoyer les entrées expirées du cache
+function cleanExpiredCache() {
+    const now = Date.now();
+    for (const [key, value] of storageCache.entries()) {
+        if (now - value.timestamp > CACHE_TTL) {
+            storageCache.delete(key);
+        }
+    }
+}
+/**
+ * GET /api/admin/storage/usage
+ * Admin route: superadmin can query any user's storage usage
+ * Query params:
+ * - ownerId: required, user ID to check
+ * - forceRefresh: optional, bypass cache
+ */
+export async function GET(request) {
+    try {
+        const supabase = await getSupabaseServerClient();
+        // Vérifier l'authentification
+        const { data: { user }, error: authError, } = await supabase.auth.getUser();
+        if (authError || !user) {
+            return NextResponse.json({ success: false, error: "Non authentifié" }, { status: 401 });
+        }
+        // Vérifier si l'utilisateur est superadmin
+        const { data: isSuperAdmin, error: adminCheckError } = await supabase.rpc("is_superadmin", { user_id: user.id });
+        if (adminCheckError || !isSuperAdmin) {
+            return NextResponse.json({
+                success: false,
+                error: "Accès non autorisé - réservé aux superadmins",
+            }, { status: 403 });
+        }
+        // Récupérer l'ownerId depuis les paramètres (requis pour la route admin)
+        const { searchParams } = new URL(request.url);
+        const ownerId = searchParams.get("ownerId");
+        const forceRefresh = searchParams.get("forceRefresh") === "true";
+        if (!ownerId) {
+            return NextResponse.json({ success: false, error: "ownerId est requis" }, { status: 400 });
+        }
+        // Nettoyer le cache avant utilisation
+        cleanExpiredCache();
+        // Vérifier si on a des données en cache (sauf si forceRefresh)
+        const cacheKey = `storage-${ownerId}`;
+        let shouldUseCache = false;
+        if (!forceRefresh) {
+            const cachedEntry = storageCache.get(cacheKey);
+            const now = Date.now();
+            if (cachedEntry && now - cachedEntry.timestamp < CACHE_TTL) {
+                // Vérifier d'abord si l'allocation de stockage a changé
+                const { data: userProfile } = await supabase
+                    .from("user_profil")
+                    .select("stockage")
+                    .eq("owner_id", ownerId)
+                    .single();
+                if (userProfile &&
+                    userProfile.stockage === cachedEntry.data.allocatedGb) {
+                    shouldUseCache = true;
+                }
+            }
+        }
+        // Utiliser le cache si valide
+        if (shouldUseCache) {
+            const cached = storageCache.get(cacheKey);
+            if (cached) {
+                return NextResponse.json({
+                    success: true,
+                    data: cached.data,
+                    fromCache: true,
+                });
+            }
+        }
+        // Calculer les données de stockage
+        const storageData = await getStorageUsage(supabase, ownerId);
+        // Mettre en cache
+        storageCache.set(cacheKey, {
+            data: storageData,
+            timestamp: Date.now(),
+        });
+        return NextResponse.json({
+            success: true,
+            data: storageData,
+            fromCache: false,
+        });
+    }
+    catch (error) {
+        console.error("[Admin Storage Usage] Error:", error);
+        return NextResponse.json({
+            success: false,
+            error: error instanceof Error
+                ? error.message
+                : "Erreur lors du calcul du stockage",
+        }, { status: 500 });
+    }
+}

package/dist/api/admin/users/[id]/notifications.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"notifications.d.ts","sourceRoot":"","sources":["../../../../../src/api/admin/users/[id]/notifications.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD;;;GAGG;AACH,wBAAsB,IAAI,CACxB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE;;;;;IA0D7C"}
+{"version":3,"file":"notifications.d.ts","sourceRoot":"","sources":["../../../../../src/api/admin/users/[id]/notifications.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAIxD;;;GAGG;AACH,wBAAsB,IAAI,CACxB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE;;;;;IA0D7C"}

package/dist/api/admin/users/[id]/notifications.js

@@ -1,5 +1,6 @@
 import { NextResponse } from "next/server";
 import { getSupabaseServerClient } from "@lastbrain/core/server";
+import { logger } from "@lastbrain/core";
 /**
  * POST /api/admin/users/[id]/notifications
  * Send a notification to a specific user (superadmin only)
@@ -29,7 +30,7 @@ export async function POST(request, context) {
             .select()
             .single();
         if (error) {
-            console.error("Error creating notification:", error);
+            logger.error("Error creating notification:", error);
             return NextResponse.json({ error: "Database Error", message: error.message }, { status: 500 });
         }
         return NextResponse.json({
@@ -38,7 +39,7 @@ export async function POST(request, context) {
         });
     }
     catch (error) {
-        console.error("Error in send notification endpoint:", error);
+        logger.error("Error in send notification endpoint:", error);
         return NextResponse.json({
             error: "Internal Server Error",
             message: "Failed to send notification",

package/dist/api/admin/users/[id].d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"[id].d.ts","sourceRoot":"","sources":["../../../../src/api/admin/users/[id].ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD;;;GAGG;AACH,wBAAsB,GAAG,CACvB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE,8BA0C7C"}
+{"version":3,"file":"[id].d.ts","sourceRoot":"","sources":["../../../../src/api/admin/users/[id].ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAIxD;;;GAGG;AACH,wBAAsB,GAAG,CACvB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE,8BA0C7C"}

package/dist/api/admin/users/[id].js

@@ -1,5 +1,6 @@
 import { NextResponse } from "next/server";
 import { getSupabaseServerClient } from "@lastbrain/core/server";
+import { logger } from "@lastbrain/core";
 /**
  * GET /api/admin/users/[id]
  * Returns user details by ID (superadmin only)
@@ -14,7 +15,7 @@ export async function GET(request, context) {
         // Utiliser la fonction RPC pour récupérer les détails de l'utilisateur
         const { data: userDetails, error: userError } = await supabase.rpc("get_admin_user_details", { user_id: userId });
         if (userError) {
-            console.error("Error fetching user details:", userError);
+            logger.error("Error fetching user details:", userError);
             return NextResponse.json({ error: "Database Error", message: userError.message }, { status: 500 });
         }
         if (!userDetails) {
@@ -23,7 +24,7 @@ export async function GET(request, context) {
         return NextResponse.json(userDetails);
     }
     catch (error) {
-        console.error("Error in admin user details endpoint:", error);
+        logger.error("Error in admin user details endpoint:", error);
         return NextResponse.json({
             error: "Internal Server Error",
             message: "Failed to fetch user details",

package/dist/api/admin/users/reactivate/[id].d.ts

@@ -0,0 +1,16 @@
+import { NextRequest, NextResponse } from "next/server";
+/**
+ * POST /api/admin/users/reactivate/[id]
+ * Attempt to reactivate a user by clearing the suspended flag in app metadata (service role required)
+ */
+export declare function POST(request: NextRequest, context: {
+    params: Promise<{
+        id: string;
+    }>;
+}): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+    user: any;
+}>>;
+//# sourceMappingURL=%5Bid%5D.d.ts.map

package/dist/api/admin/users/reactivate/[id].d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"[id].d.ts","sourceRoot":"","sources":["../../../../../src/api/admin/users/reactivate/[id].ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAIxD;;;GAGG;AACH,wBAAsB,IAAI,CACxB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE;;;;;IA6E7C"}

package/dist/api/admin/users/reactivate/[id].js

@@ -0,0 +1,59 @@
+import { NextResponse } from "next/server";
+import { getSupabaseServiceClient } from "@lastbrain/core/server";
+import { logger } from "@lastbrain/core";
+/**
+ * POST /api/admin/users/reactivate/[id]
+ * Attempt to reactivate a user by clearing the suspended flag in app metadata (service role required)
+ */
+export async function POST(request, context) {
+    try {
+        const supabase = await getSupabaseServiceClient();
+        const { id: userId } = await context.params;
+        if (!userId) {
+            return NextResponse.json({ error: "User ID is required" }, { status: 400 });
+        }
+        // Try using the Admin auth API if available
+        try {
+            // @ts-expect-error - supabase-js may expose auth.admin.updateUserById
+            if (supabase.auth?.admin?.updateUserById) {
+                // set app_metadata.suspended = false
+                const { data, error } = await supabase.auth.admin.updateUserById(userId, {
+                    app_metadata: { suspended: false },
+                });
+                if (error) {
+                    logger.error("Error reactivating user (admin.updateUserById):", error);
+                    return NextResponse.json({ error: "Database Error", message: error.message }, { status: 500 });
+                }
+                return NextResponse.json({ success: true, user: data });
+            }
+        }
+        catch (err) {
+            logger.debug("auth.admin.updateUserById not available or failed:", err);
+        }
+        // Fallback: try to update auth.users via SQL (may require service role privileges)
+        try {
+            const update = {
+                raw_app_meta_data: { suspended: false },
+            };
+            const { data, error } = await supabase
+                .from("users")
+                .update(update)
+                .eq("id", userId)
+                .select()
+                .single();
+            if (error) {
+                logger.error("Fallback reactivate user failed:", error);
+                return NextResponse.json({ error: "Database Error", message: error.message }, { status: 500 });
+            }
+            return NextResponse.json({ success: true, user: data });
+        }
+        catch (err) {
+            logger.error("Final reactivate fallback error:", err);
+            return NextResponse.json({ error: "Internal Server Error", message: String(err) }, { status: 500 });
+        }
+    }
+    catch (error) {
+        logger.error("Error in reactivate user endpoint:", error);
+        return NextResponse.json({ error: "Internal Server Error", message: "Failed to reactivate user" }, { status: 500 });
+    }
+}

package/dist/api/admin/users/suspend/[id].d.ts

@@ -0,0 +1,16 @@
+import { NextRequest, NextResponse } from "next/server";
+/**
+ * POST /api/admin/users/suspend/[id]
+ * Attempt to suspend a user by setting a suspended flag in app metadata (service role required)
+ */
+export declare function POST(request: NextRequest, context: {
+    params: Promise<{
+        id: string;
+    }>;
+}): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+    user: any;
+}>>;
+//# sourceMappingURL=%5Bid%5D.d.ts.map

package/dist/api/admin/users/suspend/[id].d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"[id].d.ts","sourceRoot":"","sources":["../../../../../src/api/admin/users/suspend/[id].ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAIxD;;;GAGG;AACH,wBAAsB,IAAI,CACxB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE;;;;;IA0E7C"}

package/dist/api/admin/users/suspend/[id].js

@@ -0,0 +1,59 @@
+import { NextResponse } from "next/server";
+import { getSupabaseServiceClient } from "@lastbrain/core/server";
+import { logger } from "@lastbrain/core";
+/**
+ * POST /api/admin/users/suspend/[id]
+ * Attempt to suspend a user by setting a suspended flag in app metadata (service role required)
+ */
+export async function POST(request, context) {
+    try {
+        const supabase = await getSupabaseServiceClient();
+        const { id: userId } = await context.params;
+        if (!userId) {
+            return NextResponse.json({ error: "User ID is required" }, { status: 400 });
+        }
+        // Try using the Admin auth API if available
+        try {
+            // @ts-expect-error - supabase-js may expose auth.admin.updateUserById
+            if (supabase.auth?.admin?.updateUserById) {
+                // set app_metadata.suspended = true
+                const { data, error } = await supabase.auth.admin.updateUserById(userId, {
+                    app_metadata: { suspended: true },
+                });
+                if (error) {
+                    logger.error("Error suspending user (admin.updateUserById):", error);
+                    return NextResponse.json({ error: "Database Error", message: error.message }, { status: 500 });
+                }
+                return NextResponse.json({ success: true, user: data });
+            }
+        }
+        catch (err) {
+            logger.debug("auth.admin.updateUserById not available or failed:", err);
+        }
+        // Fallback: try to update auth.users via SQL (may require service role privileges)
+        try {
+            const update = {
+                raw_app_meta_data: { suspended: true },
+            };
+            const { data, error } = await supabase
+                .from("users")
+                .update(update)
+                .eq("id", userId)
+                .select()
+                .single();
+            if (error) {
+                logger.error("Fallback suspend user failed:", error);
+                return NextResponse.json({ error: "Database Error", message: error.message }, { status: 500 });
+            }
+            return NextResponse.json({ success: true, user: data });
+        }
+        catch (err) {
+            logger.error("Final suspend fallback error:", err);
+            return NextResponse.json({ error: "Internal Server Error", message: String(err) }, { status: 500 });
+        }
+    }
+    catch (error) {
+        logger.error("Error in suspend user endpoint:", error);
+        return NextResponse.json({ error: "Internal Server Error", message: "Failed to suspend user" }, { status: 500 });
+    }
+}

package/dist/api/admin/users-by-source.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"users-by-source.d.ts","sourceRoot":"","sources":["../../../src/api/admin/users-by-source.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAExD,UAAU,cAAc;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;;;;;IA0E7C"}
+{"version":3,"file":"users-by-source.d.ts","sourceRoot":"","sources":["../../../src/api/admin/users-by-source.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAExD,UAAU,cAAc;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;;;;;IA0E7C"}

package/dist/api/admin/users-by-source.js

@@ -1,3 +1,4 @@
+import { logger } from "@lastbrain/core";
 import { getSupabaseServiceClient } from "@lastbrain/core/server";
 import { NextResponse } from "next/server";
 export async function GET(request) {
@@ -50,7 +51,7 @@ export async function GET(request) {
         }, { status: 200 });
     }
     catch (error) {
-        console.error("Error fetching users by signup source:", error);
+        logger.error("Error fetching users by signup source:", error);
         return NextResponse.json({ error: "Erreur interne du serveur" }, { status: 500 });
     }
 }

package/dist/api/admin/users.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../../src/api/admin/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD;;;;;GAKG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW,8BA8C7C"}
+{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../../src/api/admin/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAIxD;;;;;GAKG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW,8BAsG7C"}

package/dist/api/admin/users.js

@@ -1,5 +1,6 @@
 import { NextResponse } from "next/server";
 import { getSupabaseServerClient } from "@lastbrain/core/server";
+import { logger } from "@lastbrain/core";
 /**
  * GET /api/admin/users
  * Returns all users (superadmin only)
@@ -22,17 +23,67 @@ export async function GET(request) {
             search_term: search,
         });
         if (usersError) {
-            console.error("Error fetching users:", usersError);
+            logger.error("Error fetching users:", usersError);
             return NextResponse.json({ error: "Database Error", message: usersError.message }, { status: 500 });
         }
         // The RPC function returns the complete response with data and pagination
+        // Ensure each user has a normalized `app_metadata` field derived from
+        // `raw_app_meta_data` (RPCs may differ in the exact shape returned).
+        if (result && Array.isArray(result.data)) {
+            try {
+                const mapped = result.data.map((u) => {
+                    const out = { ...u };
+                    // Try multiple possible locations for app metadata returned by different RPCs
+                    const rawCandidate = out.raw_app_meta_data ??
+                        out.metadata ??
+                        out.raw_user_meta_data ??
+                        out.app_metadata ??
+                        null;
+                    // rawCandidate can be an object or a JSON string
+                    let parsedRaw = rawCandidate;
+                    if (typeof rawCandidate === "string") {
+                        try {
+                            parsedRaw = JSON.parse(rawCandidate);
+                        }
+                        catch (e) {
+                            parsedRaw = rawCandidate;
+                        }
+                    }
+                    // If parsedRaw contains an `app_metadata` object, prefer it.
+                    // Otherwise, if parsedRaw itself looks like metadata (contains suspended or provider keys), use it.
+                    let derived = null;
+                    if (parsedRaw && typeof parsedRaw === "object") {
+                        if (parsedRaw.app_metadata &&
+                            typeof parsedRaw.app_metadata === "object") {
+                            derived = parsedRaw.app_metadata;
+                        }
+                        else {
+                            // parsedRaw may already be the app metadata
+                            derived = parsedRaw;
+                        }
+                    }
+                    // Ensure out.app_metadata is an object when possible
+                    if (derived && typeof derived === "object") {
+                        out.app_metadata = { ...(out.app_metadata || {}), ...derived };
+                    }
+                    else if (out.app_metadata == null) {
+                        out.app_metadata = null;
+                    }
+                    return out;
+                });
+                result.data = mapped;
+            }
+            catch (e) {
+                logger.debug("Failed to normalize app_metadata for users list:", e);
+            }
+        }
         return NextResponse.json(result || {
             data: [],
             pagination: { page, per_page: perPage, total: 0, total_pages: 0 },
         });
     }
     catch (error) {
-        console.error("Error in admin users endpoint:", error);
+        logger.error("Error in admin users endpoint:", error);
         return NextResponse.json({
             error: "Internal Server Error",
             message: "Failed to fetch users",

package/dist/api/auth/account/email-change.d.ts

@@ -0,0 +1,7 @@
+import { NextRequest, NextResponse } from "next/server";
+export declare function POST(request: NextRequest): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    message: string;
+}>>;
+//# sourceMappingURL=email-change.d.ts.map

package/dist/api/auth/account/email-change.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-change.d.ts","sourceRoot":"","sources":["../../../../src/api/auth/account/email-change.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAaxD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;IAwC9C"}

package/dist/api/auth/account/email-change.js

@@ -0,0 +1,39 @@
+import { NextResponse } from "next/server";
+import { getSupabaseServerClient } from "@lastbrain/core/server";
+import { sendEmailChangeConfirmation } from "../../../lib/auth-email-service";
+import { logger } from "@lastbrain/core";
+function extractLocale(request) {
+    const lang = request.headers
+        .get("accept-language")
+        ?.split(",")?.[0]
+        ?.split("-")?.[0];
+    return lang === "fr" || lang === "en" ? lang : undefined;
+}
+export async function POST(request) {
+    try {
+        const locale = extractLocale(request);
+        const supabase = await getSupabaseServerClient();
+        const { data: { user }, error: authError, } = await supabase.auth.getUser();
+        if (authError || !user) {
+            return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+        }
+        const body = await request.json();
+        const newEmail = body?.newEmail;
+        if (!newEmail) {
+            return NextResponse.json({ error: "Nouvel email requis" }, { status: 400 });
+        }
+        await sendEmailChangeConfirmation({
+            email: user.email || "",
+            newEmail,
+            displayName: user.user_metadata?.full_name,
+            locale,
+            ownerId: user.id,
+            redirectTo: `${request.nextUrl.origin}/api/public/callback?next=/confirm`,
+        });
+        return NextResponse.json({ message: "Lien de confirmation envoyé" });
+    }
+    catch (error) {
+        logger.error("email-change error:", error);
+        return NextResponse.json({ error: "Impossible d'envoyer le lien de confirmation" }, { status: 500 });
+    }
+}

package/dist/api/auth/account/reset-password.d.ts

@@ -0,0 +1,7 @@
+import { NextRequest, NextResponse } from "next/server";
+export declare function POST(request: NextRequest): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    message: string;
+}>>;
+//# sourceMappingURL=reset-password.d.ts.map

package/dist/api/auth/account/reset-password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reset-password.d.ts","sourceRoot":"","sources":["../../../../src/api/auth/account/reset-password.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAgBxD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;IA8B9C"}