npm - @lastbrain/module-auth - Versions diffs - 2.0.19 → 2.0.31 - Mend

@lastbrain/module-auth 2.0.19 → 2.0.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/README.md +55 -7
package/dist/api/admin/signup-stats.d.ts.map +1 -1
package/dist/api/admin/signup-stats.js +2 -1
package/dist/api/admin/storage/usage.d.ts +18 -0
package/dist/api/admin/storage/usage.d.ts.map +1 -0
package/dist/api/admin/storage/usage.js +100 -0
package/dist/api/admin/users/[id]/notifications.d.ts.map +1 -1
package/dist/api/admin/users/[id]/notifications.js +3 -2
package/dist/api/admin/users/[id].d.ts.map +1 -1
package/dist/api/admin/users/[id].js +3 -2
package/dist/api/admin/users/reactivate/[id].d.ts +16 -0
package/dist/api/admin/users/reactivate/[id].d.ts.map +1 -0
package/dist/api/admin/users/reactivate/[id].js +59 -0
package/dist/api/admin/users/suspend/[id].d.ts +16 -0
package/dist/api/admin/users/suspend/[id].d.ts.map +1 -0
package/dist/api/admin/users/suspend/[id].js +59 -0
package/dist/api/admin/users-by-source.d.ts.map +1 -1
package/dist/api/admin/users-by-source.js +2 -1
package/dist/api/admin/users.d.ts.map +1 -1
package/dist/api/admin/users.js +53 -2
package/dist/api/auth/account/email-change.d.ts +7 -0
package/dist/api/auth/account/email-change.d.ts.map +1 -0
package/dist/api/auth/account/email-change.js +39 -0
package/dist/api/auth/account/reset-password.d.ts +7 -0
package/dist/api/auth/account/reset-password.d.ts.map +1 -0
package/dist/api/auth/account/reset-password.js +36 -0
package/dist/api/auth/check-username.d.ts +9 -0
package/dist/api/auth/check-username.d.ts.map +1 -0
package/dist/api/auth/check-username.js +35 -0
package/dist/api/auth/establish-session.d.ts +2 -0
package/dist/api/auth/establish-session.d.ts.map +1 -0
package/dist/api/auth/establish-session.js +23 -0
package/dist/api/auth/me.d.ts +4 -4
package/dist/api/auth/me.d.ts.map +1 -1
package/dist/api/auth/me.js +28 -6
package/dist/api/auth/profile.d.ts.map +1 -1
package/dist/api/auth/profile.js +6 -3
package/dist/api/auth/storage/recalculate.d.ts +15 -0
package/dist/api/auth/storage/recalculate.d.ts.map +1 -0
package/dist/api/auth/storage/recalculate.js +68 -0
package/dist/api/auth/storage/usage.d.ts +10 -0
package/dist/api/auth/storage/usage.d.ts.map +1 -0
package/dist/api/auth/storage/usage.js +86 -0
package/dist/api/public/add-welcome-bonus.d.ts +16 -0
package/dist/api/public/add-welcome-bonus.d.ts.map +1 -0
package/dist/api/public/add-welcome-bonus.js +177 -0
package/dist/api/public/callback.d.ts +3 -0
package/dist/api/public/callback.d.ts.map +1 -0
package/dist/api/public/callback.js +197 -0
package/dist/api/public/reset-password.d.ts +3 -0
package/dist/api/public/reset-password.d.ts.map +1 -0
package/dist/api/public/reset-password.js +43 -0
package/dist/api/public/set-session.d.ts +7 -0
package/dist/api/public/set-session.d.ts.map +1 -0
package/dist/api/public/set-session.js +55 -0
package/dist/api/public/signin.d.ts.map +1 -1
package/dist/api/public/signin.js +31 -0
package/dist/api/public/signup.d.ts.map +1 -1
package/dist/api/public/signup.js +38 -27
package/dist/api/public/webhook/storage-addon.d.ts +9 -0
package/dist/api/public/webhook/storage-addon.d.ts.map +1 -0
package/dist/api/public/webhook/storage-addon.js +155 -0
package/dist/api/storage.js +2 -2
package/dist/auth.build.config.d.ts.map +1 -1
package/dist/auth.build.config.js +134 -14
package/dist/components/AccountButton.d.ts.map +1 -1
package/dist/components/AccountButton.js +54 -28
package/dist/components/Doc.d.ts.map +1 -1
package/dist/components/Doc.js +1 -1
package/dist/components/HasProfil.d.ts +4 -0
package/dist/components/HasProfil.d.ts.map +1 -0
package/dist/components/HasProfil.js +39 -0
package/dist/{web → components}/auth/dashboard.d.ts +1 -1
package/dist/components/auth/dashboard.d.ts.map +1 -0
package/dist/components/auth/dashboard.js +74 -0
package/dist/index.d.ts +3 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +3 -1
package/dist/lib/app-branding-data.d.ts +22 -0
package/dist/lib/app-branding-data.d.ts.map +1 -0
package/dist/lib/app-branding-data.js +49 -0
package/dist/lib/auth-email-service.d.ts +57 -0
package/dist/lib/auth-email-service.d.ts.map +1 -0
package/dist/lib/auth-email-service.js +382 -0
package/dist/lib/auth-email-templates.d.ts +2 -0
package/dist/lib/auth-email-templates.d.ts.map +1 -0
package/dist/lib/auth-email-templates.js +1 -0
package/dist/lib/site-url.d.ts +3 -0
package/dist/lib/site-url.d.ts.map +1 -0
package/dist/lib/site-url.js +11 -0
package/dist/sitemap/manifest.d.ts +9 -0
package/dist/sitemap/manifest.d.ts.map +1 -0
package/dist/sitemap/manifest.js +14 -0
package/dist/web/admin/signup-stats.js +3 -3
package/dist/web/admin/user-detail.d.ts.map +1 -1
package/dist/web/admin/user-detail.js +135 -14
package/dist/web/admin/users-by-signup-source.js +2 -2
package/dist/web/admin/users.d.ts.map +1 -1
package/dist/web/admin/users.js +26 -7
package/dist/web/auth/folder.d.ts.map +1 -1
package/dist/web/auth/folder.js +4 -3
package/dist/web/auth/profile.d.ts.map +1 -1
package/dist/web/auth/profile.js +132 -13
package/dist/web/auth/reglage.d.ts.map +1 -1
package/dist/web/auth/reglage.js +15 -8
package/dist/web/public/ResetPassword.d.ts.map +1 -1
package/dist/web/public/ResetPassword.js +172 -2
package/dist/web/public/SignInPage.d.ts.map +1 -1
package/dist/web/public/SignInPage.js +39 -3
package/dist/web/public/SignUpPage.d.ts.map +1 -1
package/dist/web/public/SignUpPage.js +7 -2
package/dist/web/public/auth-code-error.d.ts +2 -0
package/dist/web/public/auth-code-error.d.ts.map +1 -0
package/dist/web/public/auth-code-error.js +14 -0
package/dist/web/public/confirm.d.ts +2 -0
package/dist/web/public/confirm.d.ts.map +1 -0
package/dist/web/public/confirm.js +157 -0
package/package.json +10 -5
package/src/api/admin/signup-stats.ts +2 -1
package/src/api/admin/storage/usage.ts +141 -0
package/src/api/admin/users/[id]/notifications.ts +3 -2
package/src/api/admin/users/[id].ts +3 -2
package/src/api/admin/users/reactivate/[id].ts +88 -0
package/src/api/admin/users/suspend/[id].ts +85 -0
package/src/api/admin/users-by-source.ts +2 -1
package/src/api/admin/users.ts +59 -2
package/src/api/auth/account/email-change.ts +54 -0
package/src/api/auth/account/reset-password.ts +47 -0
package/src/api/auth/check-username.ts +52 -0
package/src/api/auth/establish-session.ts +32 -0
package/src/api/auth/me.ts +29 -7
package/src/api/auth/profile.ts +6 -2
package/src/api/auth/storage/recalculate.ts +108 -0
package/src/api/auth/storage/usage.ts +113 -0
package/src/api/public/add-welcome-bonus.ts +229 -0
package/src/api/public/callback.ts +307 -0
package/src/api/public/reset-password.ts +52 -0
package/src/api/public/set-session.ts +73 -0
package/src/api/public/signin.ts +36 -0
package/src/api/public/signup.ts +44 -37
package/src/api/public/webhook/storage-addon.ts +267 -0
package/src/api/storage.ts +2 -2
package/src/auth.build.config.ts +134 -14
package/src/components/AccountButton.tsx +114 -90
package/src/components/Doc.tsx +47 -9
package/src/components/HasProfil.tsx +63 -0
package/src/{web → components}/auth/dashboard.tsx +64 -20
package/src/i18n/en.json +78 -8
package/src/i18n/es.json +330 -0
package/src/i18n/fr.json +75 -8
package/src/index.ts +3 -1
package/src/lib/app-branding-data.ts +90 -0
package/src/lib/auth-email-service.ts +508 -0
package/src/lib/auth-email-templates.ts +5 -0
package/src/lib/site-url.ts +17 -0
package/src/sitemap/manifest.ts +26 -0
package/src/web/admin/signup-stats.tsx +3 -3
package/src/web/admin/user-detail.tsx +314 -15
package/src/web/admin/users-by-signup-source.tsx +2 -2
package/src/web/admin/users.tsx +50 -14
package/src/web/auth/folder.tsx +23 -5
package/src/web/auth/profile.tsx +227 -13
package/src/web/auth/reglage.tsx +55 -24
package/src/web/public/ResetPassword.tsx +301 -1
package/src/web/public/SignInPage.tsx +43 -3
package/src/web/public/SignUpPage.tsx +14 -5
package/src/web/public/auth-code-error.tsx +49 -0
package/src/web/public/confirm.tsx +195 -0
package/supabase/migrations/20251112000001_auto_profile_and_admin_view.sql +3 -1
package/supabase/migrations/20251127100000_rename_body_to_message.sql +8 -3
package/supabase/migrations/20260120150001_add_user_storage.sql +105 -0
package/supabase/migrations/20260122131200_add_global_addons_system.sql +305 -0
package/supabase/migrations/20260123100000_enable_vector_extension.sql +9 -0
package/supabase/migrations/20260123140000_module_auth_fix_get_user_limits_null.sql +93 -0
package/supabase/migrations/20260123145000_module_auth_fix_circular_storage_base.sql +89 -0
package/supabase/migrations/20260129400000_add_username_to_user_profil.sql +33 -0
package/dist/web/auth/dashboard.d.ts.map +0 -1
package/dist/web/auth/dashboard.js +0 -48

package/src/lib/app-branding-data.ts ADDED Viewed

@@ -0,0 +1,90 @@
+import * as fs from "fs";
+import * as path from "path";
+/**
+ * Branding configuration for emails
+ * Loaded dynamically from app i18n files (app.name, app.icon, etc.)
+ */
+export interface AppBrandingData {
+  appName: string;
+  logo?: string;
+  description?: string;
+  tagline?: string;
+  icon?: string;
+  twitterCreator?: string;
+  twitterSite?: string;
+  supportEmail?: string;
+  primaryColor?: string;
+  secondaryColor?: string;
+}
+/**
+ * Charge les traductions de l'app depuis les fichiers i18n agrégés
+ */
+function loadAppTranslations(lang: string): Record<string, string> {
+  try {
+    const possiblePaths = [
+      // Production (Vercel)
+      path.join("/app", "i18n", `${lang}.json`),
+      // Development - apps/lastbrain
+      path.join(process.cwd(), "i18n", `${lang}.json`),
+      // Development - depuis packages vers apps/lastbrain
+      path.join(
+        process.cwd(),
+        "..",
+        "..",
+        "apps",
+        "lastbrain",
+        "i18n",
+        `${lang}.json`
+      ),
+      // Development - apps/recipe
+      path.join(
+        process.cwd(),
+        "..",
+        "..",
+        "apps",
+        "recipe",
+        "i18n",
+        `${lang}.json`
+      ),
+    ];
+    for (const filePath of possiblePaths) {
+      if (fs.existsSync(filePath)) {
+        const content = fs.readFileSync(filePath, "utf-8");
+        return JSON.parse(content);
+      }
+    }
+  } catch (error) {
+    console.warn(
+      `[getAppBranding] Could not load translations for ${lang}:`,
+      error
+    );
+  }
+  return {};
+}
+/**
+ * Récupère le branding depuis les clés i18n de l'app
+ * Utilise les clés : app.name, app.icon, app.description, app.tagline, etc.
+ */
+export function getAppBranding(locale: string = "en"): AppBrandingData {
+  const loc = locale === "fr" ? "fr" : "en";
+  const translations = loadAppTranslations(loc);
+  return {
+    appName: translations["app.name"] || "LastBrain",
+    icon: translations["app.icon"] || "Brain",
+    logo: translations["app.icon"] || "Brain",
+    description: translations["app.description"] || "",
+    tagline: translations["app.tagline"] || "",
+    twitterCreator: translations["app.twitter_creator"] || "",
+    twitterSite: translations["app.twitter_site"] || "",
+    supportEmail: translations["app.email.contact"] || "support@lastbrain.io",
+    primaryColor: translations["app.email.color.primary"] || "#3b82f6",
+    secondaryColor: translations["app.email.color.secondary"] || "#8b5cf6",
+  };
+}

package/src/lib/auth-email-service.ts ADDED Viewed

@@ -0,0 +1,508 @@
+import {
+  getSupabaseServiceClient,
+  getSupabaseServerClient,
+} from "@lastbrain/core/server";
+import {
+  sendEmail,
+  type AuthEmailKind,
+  getAuthEmailSubject,
+  renderAuthEmailHtml,
+} from "@lastbrain-labs/module-contact-pro";
+import { getAppBranding } from "./app-branding-data";
+import { logger } from "@lastbrain/core";
+import { cookies } from "next/headers";
+const FALLBACK_SITE_URL =
+  process.env.NEXT_PUBLIC_SITE_URL ||
+  process.env.SITE_URL ||
+  "http://localhost:3000";
+const NORMALIZED_SITE_URL = FALLBACK_SITE_URL.replace(/\/$/, "");
+const DEFAULT_LOCALE = "fr";
+/**
+ * Récupère la langue depuis le cookie NEXT_LOCALE
+ */
+async function getLocaleFromCookie(): Promise<string | undefined> {
+  try {
+    const cookieStore = await cookies();
+    const localeCookie = cookieStore.get("NEXT_LOCALE");
+    if (localeCookie?.value && /^[a-z]{2}$/.test(localeCookie.value)) {
+      return localeCookie.value;
+    }
+  } catch (error) {
+    logger.debug("[getLocaleFromCookie] Could not read cookie:", error);
+  }
+  return undefined;
+}
+interface BaseEmailParams {
+  email: string;
+  displayName?: string;
+  ownerId?: string;
+  redirectTo?: string;
+}
+async function generateLink(
+  type:
+    | "signup"
+    | "invite"
+    | "magiclink"
+    | "recovery"
+    | "email_change"
+    | "reauthentication",
+  params: any
+) {
+  const supabase = await getSupabaseServiceClient();
+  return supabase.auth.admin.generateLink({ type, ...params });
+}
+async function sendAuthEmail(
+  kind: AuthEmailKind,
+  to: string,
+  actionLink: string,
+  options: { displayName?: string; ownerId?: string; locale?: string }
+) {
+  const branding = getAppBranding(options.locale);
+  logger.debug("📧 sendAuthEmail - branding:", {
+    locale: options.locale,
+    appName: branding.appName,
+    icon: branding.icon,
+  });
+  const html = renderAuthEmailHtml(kind, {
+    kind,
+    actionLink,
+    displayName: options.displayName,
+    locale: options.locale,
+    appName: branding.appName,
+    appIcon: branding.icon,
+    appTagline: branding.tagline,
+    supportEmail: branding.supportEmail,
+    primaryColor: branding.primaryColor,
+    secondaryColor: branding.secondaryColor,
+  });
+  try {
+    const result = await sendEmail({
+      to,
+      subject: getAuthEmailSubject(kind, options.locale),
+      html,
+      emailType: "transactional",
+      ownerId: options.ownerId,
+    });
+    logger.debug("📧 sendEmail result", { ok: true, result });
+    return result;
+  } catch (err) {
+    logger.error("📧 sendEmail error", err);
+    throw err;
+  }
+}
+export async function sendSignupConfirmationEmail(params: {
+  email: string;
+  password: string;
+  fullName?: string;
+  signupSource?: string;
+  redirectTo?: string;
+  next?: string;
+  locale?: string;
+}) {
+  // Récupérer la langue depuis le cookie si non fournie
+  const locale =
+    params.locale || (await getLocaleFromCookie()) || DEFAULT_LOCALE;
+  // Use magic link for signup so client receives tokens in URL fragment
+  // Inclure la locale dans l'URL si pas déjà présente
+  let redirectTo =
+    params.redirectTo || `${NORMALIZED_SITE_URL}/${locale}/confirm`;
+  // Si un redirectTo personnalisé est fourni sans locale, l'ajouter
+  if (params.redirectTo && !params.redirectTo.match(/\/(fr|en|es|de)\//)) {
+    const url = new URL(params.redirectTo, NORMALIZED_SITE_URL);
+    url.pathname = `/${locale}${url.pathname}`;
+    redirectTo = url.toString();
+  }
+  if (params.next) {
+    const sep = redirectTo.includes("?") ? "&" : "?";
+    redirectTo = `${redirectTo}${sep}next=${encodeURIComponent(params.next)}`;
+  }
+  const { data, error } = await generateLink("magiclink", {
+    email: params.email,
+    options: {
+      redirectTo,
+      data: {
+        full_name: params.fullName,
+        signup_source: params.signupSource,
+      },
+    },
+  });
+  if (error) throw error;
+  const actionLink =
+    (data as any)?.properties?.action_link || (data as any)?.action_link;
+  await sendAuthEmail("magic_link", params.email, actionLink, {
+    displayName: params.fullName,
+    ownerId: data.user?.id,
+    locale,
+  });
+  return data.user;
+}
+export async function sendPasswordResetEmail(
+  params: BaseEmailParams & { locale?: string; next?: string }
+) {
+  // Récupérer la langue depuis le cookie si non fournie
+  const cookieLocale = await getLocaleFromCookie();
+  logger.debug("[sendPasswordResetEmail] locale detection", {
+    providedLocale: params.locale,
+    cookieLocale,
+  });
+  // Attempt to infer locale from redirectTo path or use provided locale
+  const inferredLocale = (() => {
+    // Priority: 1. provided locale, 2. cookie, 3. redirectTo path
+    if (params.locale && (params.locale === "fr" || params.locale === "en")) {
+      return params.locale;
+    }
+    if (cookieLocale) {
+      return cookieLocale;
+    }
+    // Otherwise, try to infer from redirectTo URL path
+    const url = params.redirectTo || `${FALLBACK_SITE_URL}/api/auth/callback`;
+    try {
+      const u = new URL(url);
+      const seg = u.pathname.split("/").filter(Boolean)[0];
+      return seg === "fr" || seg === "en" ? seg : undefined;
+    } catch {
+      return undefined;
+    }
+  })();
+  // Default to the reset-password page so the client can handle tokens directly.
+  const targetLocale = inferredLocale || DEFAULT_LOCALE;
+  logger.debug("[sendPasswordResetEmail] final locale", {
+    inferredLocale,
+    targetLocale,
+  });
+  // Construire le redirectTo avec la locale
+  let redirectTo =
+    params.redirectTo ||
+    `${NORMALIZED_SITE_URL}/${targetLocale}/reset-password`;
+  // Si un redirectTo personnalisé est fourni sans locale, l'ajouter
+  if (params.redirectTo && !params.redirectTo.match(/\/(fr|en|es|de)\//)) {
+    const url = new URL(params.redirectTo, NORMALIZED_SITE_URL);
+    url.pathname = `/${targetLocale}${url.pathname}`;
+    redirectTo = url.toString();
+  }
+  if ((params as any).next) {
+    const next = (params as any).next as string;
+    const sep = redirectTo.includes("?") ? "&" : "?";
+    redirectTo = `${redirectTo}${sep}next=${encodeURIComponent(next)}`;
+  }
+  logger.debug(
+    "[sendPasswordResetEmail] calling generateLink with redirectTo",
+    {
+      redirectTo,
+      email: params.email,
+    }
+  );
+  const { data, error } = await generateLink("recovery", {
+    email: params.email,
+    options: { redirectTo },
+  });
+  logger.debug("[sendPasswordResetEmail] generateLink returned", {
+    action_link:
+      (data as any)?.properties?.action_link || (data as any)?.action_link,
+    supabaseData: data,
+    error,
+  });
+  if (error) throw error;
+  const actionLink =
+    (data as any)?.properties?.action_link || (data as any)?.action_link;
+  await sendAuthEmail("magic_link", params.email, actionLink, {
+    displayName: params.displayName,
+    ownerId: params.ownerId,
+    locale: targetLocale,
+  });
+  return data.user;
+}
+export async function sendMagicLinkEmail(
+  params: BaseEmailParams & { locale?: string }
+) {
+  // Récupérer la langue depuis le cookie si non fournie
+  const cookieLocale = await getLocaleFromCookie();
+  const inferredLocale = (() => {
+    if (params.locale && (params.locale === "fr" || params.locale === "en")) {
+      return params.locale;
+    }
+    if (cookieLocale) {
+      return cookieLocale;
+    }
+    const url = params.redirectTo || `${FALLBACK_SITE_URL}/api/auth/callback`;
+    try {
+      const u = new URL(url);
+      const seg = u.pathname.split("/").filter(Boolean)[0];
+      return seg === "fr" || seg === "en" ? seg : undefined;
+    } catch {
+      return undefined;
+    }
+  })();
+  const redirectTo =
+    params.redirectTo || `${NORMALIZED_SITE_URL}/api/public/callback`;
+  const { data, error } = await generateLink("magiclink", {
+    email: params.email,
+    options: { redirectTo },
+  });
+  if (error) throw error;
+  const actionLink =
+    (data as any)?.properties?.action_link || (data as any)?.action_link;
+  await sendAuthEmail("magic_link", params.email, actionLink, {
+    displayName: params.displayName,
+    ownerId: params.ownerId,
+    locale: inferredLocale,
+  });
+  return data.user;
+}
+export async function sendInviteEmail(
+  params: BaseEmailParams & { password?: string; locale?: string }
+) {
+  const inferredLocale = (() => {
+    if (params.locale && (params.locale === "fr" || params.locale === "en")) {
+      return params.locale;
+    }
+    const url = params.redirectTo || `${FALLBACK_SITE_URL}/api/auth/callback`;
+    try {
+      const u = new URL(url);
+      const seg = u.pathname.split("/").filter(Boolean)[0];
+      return seg === "fr" || seg === "en" ? seg : undefined;
+    } catch {
+      return undefined;
+    }
+  })();
+  const redirectTo =
+    params.redirectTo || `${NORMALIZED_SITE_URL}/api/public/callback`;
+  const { data, error } = await generateLink("invite", {
+    email: params.email,
+    password: params.password,
+    options: { redirectTo },
+  });
+  if (error) throw error;
+  const actionLink =
+    (data as any)?.properties?.action_link || (data as any)?.action_link;
+  await sendAuthEmail("invite", params.email, actionLink, {
+    displayName: params.displayName,
+    ownerId: params.ownerId ?? data.user?.id,
+    locale: inferredLocale,
+  });
+  return data.user;
+}
+export async function sendEmailChangeConfirmation(params: {
+  email: string; // current email
+  newEmail: string;
+  displayName?: string;
+  ownerId?: string;
+  redirectTo?: string;
+  locale?: string;
+}) {
+  const redirectTo =
+    params.redirectTo || `${NORMALIZED_SITE_URL}/api/auth/callback`;
+  const { data, error } = await generateLink("email_change", {
+    email: params.email,
+    newEmail: params.newEmail,
+    options: { redirectTo },
+  });
+  if (error) throw error;
+  const actionLink =
+    (data as any)?.properties?.action_link || (data as any)?.action_link;
+  await sendAuthEmail("confirm_email_change", params.newEmail, actionLink, {
+    displayName: params.displayName,
+    ownerId: params.ownerId,
+    locale: params.locale,
+  });
+  return data.user;
+}
+export async function sendReauthenticationEmail(
+  params: BaseEmailParams & { locale?: string }
+) {
+  const inferredLocale = (() => {
+    if (params.locale && (params.locale === "fr" || params.locale === "en")) {
+      return params.locale;
+    }
+    const url = params.redirectTo || `${FALLBACK_SITE_URL}/api/auth/callback`;
+    try {
+      const u = new URL(url);
+      const seg = u.pathname.split("/").filter(Boolean)[0];
+      return seg === "fr" || seg === "en" ? seg : undefined;
+    } catch {
+      return undefined;
+    }
+  })();
+  const redirectTo =
+    params.redirectTo || `${NORMALIZED_SITE_URL}/api/auth/callback`;
+  const { data, error } = await generateLink("reauthentication", {
+    email: params.email,
+    options: { redirectTo },
+  });
+  if (error) throw error;
+  const actionLink =
+    (data as any)?.properties?.action_link || (data as any)?.action_link;
+  await sendAuthEmail("reauthentication", params.email, actionLink, {
+    displayName: params.displayName,
+    ownerId: params.ownerId,
+    locale: inferredLocale,
+  });
+  return data.user;
+}
+export async function fetchCurrentUserOwnerId(): Promise<string | null> {
+  const supabase = await getSupabaseServerClient();
+  const {
+    data: { user },
+  } = await supabase.auth.getUser();
+  return user?.id || null;
+}
+export async function sendWelcomeOnboardingEmail(params: {
+  email: string;
+  displayName?: string;
+  locale?: string;
+  ownerId?: string;
+  bonusAmountUsd?: number;
+}) {
+  const branding = getAppBranding(params.locale);
+  // Render the welcome onboarding email using the template from module-contact-pro
+  const html = renderAuthEmailHtml("welcome_onboarding", {
+    kind: "welcome_onboarding",
+    actionLink: `${FALLBACK_SITE_URL}/`,
+    displayName: params.displayName,
+    locale: params.locale,
+    appName: branding.appName,
+    appIcon: branding.icon,
+    appTagline: branding.tagline,
+    supportEmail: branding.supportEmail,
+    bonusAmountUsd: params.bonusAmountUsd,
+  });
+  await sendEmail({
+    to: params.email,
+    subject: getAuthEmailSubject(
+      "welcome_onboarding",
+      params.locale,
+      params.bonusAmountUsd
+    ),
+    html,
+    emailType: "transactional",
+    ownerId: params.ownerId,
+  });
+  return;
+}
+/**
+ * Send notification to admin when new user signs up
+ */
+export async function sendNewUserNotificationToAdmin(params: {
+  userEmail: string;
+  displayName?: string;
+  userId: string;
+  locale?: string;
+  bonusAmountUsd?: number;
+}) {
+  const ADMIN_EMAIL = "contact@lastbrain.io";
+  const branding = getAppBranding("fr");
+  const html = `
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <style>
+    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; line-height: 1.6; color: #333; }
+    .container { max-width: 600px; margin: 0 auto; padding: 20px; }
+    .header { background: #4F46E5; color: white; padding: 20px; border-radius: 8px 8px 0 0; }
+    .content { background: #f9fafb; padding: 30px; border-radius: 0 0 8px 8px; }
+    .info-row { margin: 10px 0; padding: 10px; background: white; border-radius: 4px; }
+    .label { font-weight: 600; color: #6B7280; }
+    .value { color: #111827; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="header">
+      <h2>🎉 Nouvelle inscription - ${branding.appName}</h2>
+    </div>
+    <div class="content">
+      <p>Un nouvel utilisateur vient de s'inscrire sur la plateforme :</p>
+      <div class="info-row">
+        <span class="label">Email :</span>
+        <span class="value">${params.userEmail}</span>
+      </div>
+      ${params.displayName ? `<div class="info-row"><span class="label">Nom :</span><span class="value">${params.displayName}</span></div>` : ""}
+      <div class="info-row">
+        <span class="label">User ID :</span>
+        <span class="value">${params.userId}</span>
+      </div>
+      <div class="info-row">
+        <span class="label">Langue :</span>
+        <span class="value">${params.locale || "non définie"}</span>
+      </div>
+      ${params.bonusAmountUsd ? `<div class="info-row"><span class="label">Bonus accordé :</span><span class="value">$${params.bonusAmountUsd}</span></div>` : ""}
+      <div class="info-row">
+        <span class="label">Date :</span>
+        <span class="value">${new Date().toLocaleString("fr-FR")}</span>
+      </div>
+    </div>
+  </div>
+</body>
+</html>
+  `;
+  try {
+    await sendEmail({
+      to: ADMIN_EMAIL,
+      subject: `[${branding.appName}] Nouvelle inscription : ${params.userEmail}`,
+      html,
+      emailType: "transactional",
+    });
+    logger.info(
+      `[sendNewUserNotificationToAdmin] Notification sent to ${ADMIN_EMAIL} for user ${params.userId}`
+    );
+  } catch (error) {
+    logger.error(
+      "[sendNewUserNotificationToAdmin] Failed to send admin notification:",
+      error
+    );
+  }
+}

package/src/lib/auth-email-templates.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export {
+  type AuthEmailKind,
+  getAuthEmailSubject,
+  renderAuthEmailHtml,
+} from "@lastbrain-labs/module-contact-pro";

package/src/lib/site-url.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { NextRequest } from "next/server";
+const FALLBACK_SITE_URL =
+  process.env.NEXT_PUBLIC_SITE_URL ||
+  process.env.SITE_URL ||
+  "http://localhost:3000";
+export function resolveSiteUrl(request: NextRequest) {
+  const origin =
+    process.env.NEXT_PUBLIC_SITE_URL ||
+    process.env.SITE_URL ||
+    request.headers.get("origin") ||
+    request.nextUrl.origin ||
+    FALLBACK_SITE_URL;
+  return origin.replace(/\/$/, "");
+}

package/src/sitemap/manifest.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Manifest des sitemaps du module auth
+ * Déclare tous les sitemaps enfants à générer
+ * Auth module only has static pages (signin, signup, etc.)
+ */
+import type {
+  SitemapManifest,
+  SitemapChild,
+  SitemapChildKind,
+} from "@lastbrain/core";
+export type { SitemapManifest, SitemapChild, SitemapChildKind };
+export const sitemapManifest: SitemapManifest = {
+  module: "auth",
+  enabled: true,
+  includePublicPagesFromBuildConfig: true,
+  children: [
+    // Pages statiques (générées auto depuis build.config)
+    // Includes: /signin, /signup, /reset-password, /confirm, etc.
+    {
+      id: "static",
+      path: ":lang/static.xml",
+      kind: "static",
+    },
+  ],
+} as const;

package/src/web/admin/signup-stats.tsx CHANGED Viewed

@@ -65,7 +65,7 @@ export function SignupStatsPage() {
   if (loading) {
     return (
-      <div className="flex justify-center items-center min-h-screen">
+      <div className="mt-16 flex justify-center items-center min-h-screen">
         <Spinner
           size="lg"
           label={t("signup_stats.loading") || "Chargement des statistiques..."}
@@ -76,7 +76,7 @@ export function SignupStatsPage() {
   if (error || !stats) {
     return (
-      <div className="p-6">
+      <div className="mt-16 p-6">
         <Card className="border border-danger-200 bg-danger-50/50">
           <CardBody>
             <p className="text-danger-600">{error || "Erreur de chargement"}</p>
@@ -96,7 +96,7 @@ export function SignupStatsPage() {
   ).toFixed(1);
   return (
-    <div className="space-y-6 px-2 md:p-6">
+    <div className="mt-16 space-y-6 px-2 md:p-6">
       {/* Header */}
       <div className="flex items-center gap-2 mb-8">
         <BarChart3 size={28} className="text-primary-600" />