@lastbrain/module-auth 2.0.27 → 2.0.31

package/src/api/public/callback.ts

@@ -0,0 +1,307 @@
+import { NextRequest, NextResponse } from "next/server";
+import {
+  getSupabaseServerClient,
+  getSupabaseServiceClient,
+} from "@lastbrain/core/server";
+import { logger } from "@lastbrain/core";
+import {
+  sendWelcomeOnboardingEmail,
+  sendNewUserNotificationToAdmin,
+} from "../../lib/auth-email-service";
+
+export async function GET(request: NextRequest) {
+  const { searchParams } = new URL(request.url);
+
+  const code = searchParams.get("code");
+  const next = searchParams.get("next") ?? "/";
+  const error = searchParams.get("error");
+  const errorDescription = searchParams.get("error_description");
+
+  // If there's an error from Supabase, redirect to error page
+  if (error) {
+    logger.error("Auth callback error:", error, errorDescription);
+    return NextResponse.redirect(
+      new URL(
+        `/auth-code-error?error=${encodeURIComponent(
+          error
+        )}&description=${encodeURIComponent(errorDescription || "")}`,
+        request.url
+      )
+    );
+  }
+
+  // If we have a code, exchange it server-side for a session
+  if (code) {
+    try {
+      // Get Supabase server client with proper cookie handlers
+      const supabase = await getSupabaseServerClient();
+
+      // Exchange code for session - cookies are set automatically via @supabase/ssr
+      const { data, error: exchangeError } =
+        await supabase.auth.exchangeCodeForSession(code);
+
+      if (exchangeError || !data?.session) {
+        logger.error("Code exchange failed:", exchangeError);
+        return NextResponse.redirect(
+          new URL(
+            `/auth-code-error?error=${encodeURIComponent(
+              exchangeError?.message || "Failed to exchange code for session"
+            )}`,
+            request.url
+          )
+        );
+      }
+
+      logger.debug(
+        "✅ Session established successfully for user:",
+        data.user?.email
+      );
+
+      // Add welcome bonus when email is confirmed
+      if (data.user?.id) {
+        try {
+          // Check if welcome bonus is enabled via env var
+          const ENABLE_SIGNUP_BONUS =
+            process.env.NEXT_PUBLIC_ENABLE_SIGNUP_BONUS === "true";
+          const SIGNUP_BONUS_AMOUNT_USD = parseFloat(
+            process.env.NEXT_PUBLIC_SIGNUP_BONUS_AMOUNT_USD || "1.0"
+          );
+
+          logger.debug(
+            `[callback] Signup bonus config - enabled: ${ENABLE_SIGNUP_BONUS}, amount: ${SIGNUP_BONUS_AMOUNT_USD}`
+          );
+
+          if (!ENABLE_SIGNUP_BONUS) {
+            logger.debug(
+              "Signup bonus disabled via NEXT_PUBLIC_ENABLE_SIGNUP_BONUS"
+            );
+          } else {
+            const serviceClient = await getSupabaseServiceClient();
+
+            // Check if we already added bonus for this user
+            const { data: existingBonus } = await serviceClient
+              .from("user_token_ledger")
+              .select("id")
+              .eq("owner_id", data.user.id)
+              .eq("type", "signup_bonus")
+              .single();
+
+            logger.debug(
+              `[callback] Existing bonus check for user ${data.user.id}:`,
+              existingBonus ? "Already exists" : "Not found"
+            );
+
+            // Only add bonus if not already added
+            if (!existingBonus) {
+              // Add welcome bonus using wallet system
+              const MARGIN_TARGET = 0.6;
+              const providerBudgetUsd =
+                SIGNUP_BONUS_AMOUNT_USD * (1 - MARGIN_TARGET); // 40%
+
+              logger.debug(
+                `[callback] Inserting bonus for user ${data.user.id}: sell=$${SIGNUP_BONUS_AMOUNT_USD}, provider=$${providerBudgetUsd}`
+              );
+
+              // Insert into ledger with USD values
+              const { error: ledgerError } = await serviceClient
+                .from("user_token_ledger")
+                .insert({
+                  owner_id: data.user.id,
+                  type: "signup_bonus",
+                  amount: 0, // Tokens deprecated
+                  sell_value_added_usd: SIGNUP_BONUS_AMOUNT_USD,
+                  provider_budget_added_usd: providerBudgetUsd,
+                  meta: {
+                    reason: "signup_welcome_bonus",
+                    provider: "system",
+                  },
+                  created_by: null,
+                });
+
+              if (ledgerError) {
+                logger.error(
+                  "[callback] Error adding welcome bonus to ledger:",
+                  ledgerError
+                );
+              } else {
+                logger.debug(
+                  `[callback] ✅ Bonus inserted in ledger for user ${data.user.id}`
+                );
+                // Update wallet table
+                const { data: currentWallet } = await serviceClient
+                  .from("user_token_wallet")
+                  .select("wallet_provider_budget_usd, wallet_sell_value_usd")
+                  .eq("user_id", data.user.id)
+                  .single();
+
+                const newProviderBudget =
+                  (currentWallet?.wallet_provider_budget_usd || 0) +
+                  providerBudgetUsd;
+                const newSellValue =
+                  (currentWallet?.wallet_sell_value_usd || 0) +
+                  SIGNUP_BONUS_AMOUNT_USD;
+
+                const { error: walletError } = await serviceClient
+                  .from("user_token_wallet")
+                  .upsert(
+                    {
+                      user_id: data.user.id,
+                      wallet_provider_budget_usd: newProviderBudget,
+                      wallet_sell_value_usd: newSellValue,
+                      updated_at: new Date().toISOString(),
+                    },
+                    {
+                      onConflict: "user_id",
+                    }
+                  );
+
+                if (walletError) {
+                  logger.error(
+                    "Error updating wallet for welcome bonus:",
+                    walletError
+                  );
+                } else {
+                  logger.debug(
+                    `✅ Added $${SIGNUP_BONUS_AMOUNT_USD} welcome bonus to user ${data.user.id}`
+                  );
+                }
+              }
+            }
+
+            // Extract locale from user metadata or default to 'en'
+            const locale = (data.user.user_metadata?.locale as string) || "en";
+
+            logger.debug(
+              `[callback] User locale detected: ${locale} (from metadata: ${data.user.user_metadata?.locale || "not set"})`
+            );
+
+            // Add welcome notifications
+            const notifications = [
+              {
+                title: locale === "fr" ? "Bienvenue ! 👋" : "Welcome! 👋",
+                body:
+                  locale === "fr"
+                    ? "Merci de vous être inscrit ! Explorez toutes les fonctionnalités disponibles."
+                    : "Thank you for signing up! Explore all available features.",
+                type: "primary",
+              },
+            ];
+
+            // Add signup bonus notification only if enabled
+            if (ENABLE_SIGNUP_BONUS && SIGNUP_BONUS_AMOUNT_USD > 0) {
+              notifications.push({
+                title:
+                  locale === "fr"
+                    ? `🎁 Cadeau de bienvenue : $${SIGNUP_BONUS_AMOUNT_USD}`
+                    : `🎁 Welcome gift: $${SIGNUP_BONUS_AMOUNT_USD}`,
+                body:
+                  locale === "fr"
+                    ? `Nous vous offrons $${SIGNUP_BONUS_AMOUNT_USD} de crédit IA pour démarrer. Utilisez-les pour accéder à nos services premium.`
+                    : `We're giving you $${SIGNUP_BONUS_AMOUNT_USD} AI credits to get started. Use them to access our premium services.`,
+                type: "success",
+              });
+            }
+
+            for (const notification of notifications) {
+              const { error: notifError } = await serviceClient
+                .from("user_notifications")
+                .insert({
+                  owner_id: data.user.id,
+                  title: notification.title,
+                  body: notification.body,
+                  type: notification.type,
+                });
+
+              if (notifError) {
+                logger.error(
+                  "[callback] Error creating welcome notification:",
+                  notifError
+                );
+              } else {
+                logger.debug(
+                  `[callback] ✅ Notification created: ${notification.title}`
+                );
+              }
+            }
+
+            logger.debug(
+              `✅ Created welcome notifications for user ${data.user.id}`
+            );
+
+            // Send welcome onboarding email with bonus amount if enabled
+            try {
+              await sendWelcomeOnboardingEmail({
+                email: data.user.email || "",
+                displayName:
+                  (data.user.user_metadata?.full_name as string) || "user",
+                locale,
+                ownerId: data.user.id,
+                bonusAmountUsd:
+                  ENABLE_SIGNUP_BONUS && SIGNUP_BONUS_AMOUNT_USD > 0
+                    ? SIGNUP_BONUS_AMOUNT_USD
+                    : undefined,
+              });
+              logger.debug(
+                `📧 Sent welcome onboarding email to ${data.user.email}`
+              );
+            } catch (emailError) {
+              logger.warn(
+                "Failed to send welcome email (non-blocking):",
+                emailError
+              );
+              // Don't fail the response if email fails
+            }
+
+            // Send notification to admin about new user signup
+            try {
+              await sendNewUserNotificationToAdmin({
+                userEmail: data.user.email || "",
+                displayName:
+                  (data.user.user_metadata?.full_name as string) || undefined,
+                userId: data.user.id,
+                locale,
+                bonusAmountUsd:
+                  ENABLE_SIGNUP_BONUS && SIGNUP_BONUS_AMOUNT_USD > 0
+                    ? SIGNUP_BONUS_AMOUNT_USD
+                    : undefined,
+              });
+              logger.debug(
+                `📧 Sent admin notification for new user: ${data.user.email}`
+              );
+            } catch (adminEmailError) {
+              logger.warn(
+                "Failed to send admin notification email (non-blocking):",
+                adminEmailError
+              );
+              // Don't fail the response if admin email fails
+            }
+          }
+        } catch (bonusError) {
+          logger.error(
+            "Error adding welcome bonus (non-blocking):",
+            bonusError
+          );
+          // Don't fail auth if bonus creation fails
+        }
+      }
+
+      // Success! Cookies have been set via the @supabase/ssr cookie handlers
+      // Redirect to destination
+      return NextResponse.redirect(new URL(next, request.url));
+    } catch (err) {
+      logger.error("Unexpected callback error:", err);
+      return NextResponse.redirect(
+        new URL(
+          `/auth-code-error?error=${encodeURIComponent(
+            "Unexpected error during authentication"
+          )}`,
+          request.url
+        )
+      );
+    }
+  }
+
+  // No code or error, redirect to next or home
+  logger.warn("Auth callback called without code or error");
+  return NextResponse.redirect(new URL(next, request.url));
+}

package/src/api/public/reset-password.ts

@@ -0,0 +1,52 @@
+import { NextRequest, NextResponse } from "next/server";
+import { sendPasswordResetEmail } from "../../lib/auth-email-service";
+import { logger } from "@lastbrain/core";
+import { resolveSiteUrl } from "../../lib/site-url";
+
+function extractLocaleFromRequest(request: NextRequest): string | undefined {
+  // 1. Priorité : cookie NEXT_LOCALE
+  const localeCookie = request.cookies.get("NEXT_LOCALE")?.value;
+  if (localeCookie && /^[a-z]{2}$/.test(localeCookie)) {
+    return localeCookie;
+  }
+
+  // 2. Fallback : header accept-language
+  const lang = request.headers
+    .get("accept-language")
+    ?.split(",")?.[0]
+    ?.split("-")?.[0];
+  return lang === "fr" || lang === "en" ? lang : undefined;
+}
+
+const DEFAULT_LOCALE = "fr";
+
+export async function POST(request: NextRequest) {
+  try {
+    const locale = extractLocaleFromRequest(request);
+    const body = await request.json();
+    const { email, next } = body;
+
+    const resolvedLocale = locale || DEFAULT_LOCALE;
+    const baseRedirect = `${resolveSiteUrl(request)}/${resolvedLocale}/reset-password`;
+    const redirectTo = next
+      ? `${baseRedirect}?next=${encodeURIComponent(next)}`
+      : baseRedirect;
+
+    if (!email) {
+      return NextResponse.json({ error: "Email requis" }, { status: 400 });
+    }
+
+    logger.debug("[reset-password] computed redirectTo", { redirectTo, next });
+    await sendPasswordResetEmail({ email, locale, redirectTo, next });
+
+    const respBody: any = { message: "Lien de réinitialisation envoyé" };
+    if (process.env.NODE_ENV !== "production") respBody.redirectTo = redirectTo;
+    return NextResponse.json(respBody);
+  } catch (error) {
+    logger.error("reset-password error:", error);
+    return NextResponse.json(
+      { error: "Impossible d'envoyer le lien de réinitialisation" },
+      { status: 500 }
+    );
+  }
+}

package/src/api/public/set-session.ts

@@ -0,0 +1,73 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getSupabaseServerClient } from "@lastbrain/core/server";
+import { logger } from "@lastbrain/core";
+
+export async function POST(request: NextRequest) {
+  try {
+    const payload = await request.json().catch((e) => {
+      logger.error("[set-session] failed to parse body", e);
+      return {};
+    });
+
+    const { access_token, refresh_token } = payload as {
+      access_token?: string;
+      refresh_token?: string;
+    };
+
+    logger.debug("[set-session] incoming payload", {
+      hasAccessToken: !!access_token,
+      hasRefreshToken: !!refresh_token,
+      url: request.url,
+      headers: {
+        host: request.headers.get("host"),
+        origin: request.headers.get("origin"),
+        referer: request.headers.get("referer"),
+      },
+    });
+
+    if (!access_token || !refresh_token) {
+      logger.warn("[set-session] missing tokens", { payload });
+      return NextResponse.json({ error: "Missing tokens" }, { status: 400 });
+    }
+
+    const supabase = await getSupabaseServerClient();
+
+    logger.debug("[set-session] calling supabase.auth.setSession");
+    const { data, error } = await supabase.auth
+      .setSession({
+        access_token,
+        refresh_token,
+      })
+      .catch((e) => {
+        logger.error("[set-session] supabase.setSession threw", e);
+        return { data: null, error: { message: String(e) } };
+      });
+
+    logger.debug("[set-session] supabase response", {
+      hasSession: !!data?.session,
+      userId: data?.session?.user?.id,
+      error: error?.message,
+    });
+
+    if (error || !data?.session) {
+      logger.warn("[set-session] failed to set session", { error });
+      return NextResponse.json(
+        { error: error?.message || "Failed to set session" },
+        { status: 401 }
+      );
+    }
+
+    // Cookies are set by the Supabase SSR adapter inside setSession
+    logger.debug("[set-session] session set successfully for user", {
+      userId: data.session.user.id,
+    });
+
+    return NextResponse.json({ success: true });
+  } catch (err: any) {
+    logger.error("[set-session] unexpected error", err);
+    return NextResponse.json(
+      { error: err?.message || "Unexpected error" },
+      { status: 500 }
+    );
+  }
+}

package/src/api/public/signin.ts

@@ -27,5 +27,41 @@ export async function POST(request: Request) {
     return jsonResponse({ error: error.message }, 400);
   }
 
+  // Si le client a envoyé un cookie NEXT_LOCALE, synchroniser côté serveur
+  // la préférence stockée en base (user_profil.language). Ne rien faire
+  // si le cookie n'existe pas.
+  try {
+    const cookieHeader = request.headers.get("cookie") || "";
+    const match = cookieHeader.match(/(?:^|; )NEXT_LOCALE=([^;]+)/);
+    const currentCookie = match ? decodeURIComponent(match[1]) : null;
+
+    if (currentCookie && data?.user?.id) {
+      const { data: profil, error: _profilErr } = await supabase
+        .from("user_profil")
+        .select("language")
+        .eq("user_id", data.user.id)
+        .maybeSingle();
+
+      const profileLang = profil?.language;
+      if (profileLang && profileLang !== currentCookie) {
+        const maxAge = 365 * 24 * 60 * 60; // 1 an
+        const cookieValue = `NEXT_LOCALE=${encodeURIComponent(
+          profileLang
+        )}; Path=/; Max-Age=${maxAge}; SameSite=Lax`;
+
+        return new Response(JSON.stringify({ data, updated: true }), {
+          headers: {
+            "content-type": "application/json",
+            "set-cookie": cookieValue,
+          },
+          status: 200,
+        });
+      }
+    }
+  } catch (e) {
+    // ne pas bloquer la connexion si la sync échoue
+    console.debug("signin: sync-locale failed", e);
+  }
+
   return jsonResponse({ data });
 }

package/src/api/public/signup.ts

@@ -1,21 +1,30 @@
-import {
-  getSupabaseServerClient,
-  getSupabaseServiceClient,
-} from "@lastbrain/core/server";
+import { getSupabaseServiceClient } from "@lastbrain/core/server";
 import { NextRequest, NextResponse } from "next/server";
+import { sendSignupConfirmationEmail } from "../../lib/auth-email-service";
+import { logger } from "@lastbrain/core";
+import { resolveSiteUrl } from "../../lib/site-url";
+
+function extractLocale(request: NextRequest): string | undefined {
+  const lang = request.headers
+    .get("accept-language")
+    ?.split(",")?.[0]
+    ?.split("-")?.[0];
+  return lang === "fr" || lang === "en" ? lang : undefined;
+}
 
 interface SignUpRequest {
   email: string;
   password: string;
   fullName: string;
   signupSource?: string; // 'lastbrain' or 'recipe'
+  next?: string;
 }
 
 export async function POST(request: NextRequest) {
   try {
     const body: SignUpRequest = await request.json();
+    const locale = extractLocale(request);
     const defaultSource = process.env.APP_NAME || "undefined";
-    console.log("🚀 ~ POST ~ defaultSource:", defaultSource);
     const { email, password, fullName, signupSource = defaultSource } = body;
 
     // Validate required fields
@@ -26,41 +35,38 @@ export async function POST(request: NextRequest) {
       );
     }
 
-    // Get Supabase client for authentication
-    const supabase = await getSupabaseServerClient();
-
-    // Sign up the user
-    const { data: authData, error: signUpError } = await supabase.auth.signUp({
-      email,
-      password,
-      options: {
-        emailRedirectTo: `${request.nextUrl.origin}/api/auth/callback`,
-        data: {
-          full_name: fullName,
-          signup_source: signupSource,
-        },
-      },
-    });
-
-    if (signUpError) {
-      return NextResponse.json({ error: signUpError.message }, { status: 400 });
-    }
-
-    if (!authData.user) {
-      return NextResponse.json(
-        { error: "Erreur lors de la création du compte" },
-        { status: 500 }
-      );
+    // Générer le lien d'inscription + envoyer l'email via module-contact-pro
+    let user;
+    try {
+      user = await sendSignupConfirmationEmail({
+        email,
+        password,
+        locale,
+        fullName,
+        signupSource,
+        // Use client-side confirm page so Supabase can return hash tokens
+        // and the client `ConfirmPage` will set the session and add welcome bonus.
+        redirectTo: `${resolveSiteUrl(request)}/confirm`,
+        next: body.next,
+      });
+    } catch (emailError: any) {
+      // Handle Supabase auth errors
+      if (emailError?.status === 422 && emailError?.code === "email_exists") {
+        return NextResponse.json(
+          { error: "Cet email est déjà utilisé." },
+          { status: 409 }
+        );
+      }
+      throw emailError;
     }
 
-    // Create user profile with signup_source
     const serviceClient = await getSupabaseServiceClient();
 
     // Check if profile already exists
     const { data: existingProfile } = await serviceClient
       .from("user_profil")
       .select("owner_id")
-      .eq("owner_id", authData.user.id)
+      .eq("owner_id", user?.id)
       .single();
 
     // Only create profile if it doesn't exist
@@ -68,7 +74,7 @@ export async function POST(request: NextRequest) {
       const { error: profileError } = await serviceClient
         .from("user_profil")
         .insert({
-          owner_id: authData.user.id,
+          owner_id: user?.id,
           first_name: fullName?.split(" ")[0] || "",
           last_name: fullName?.split(" ").slice(1).join(" ") || "",
           signup_source: signupSource,
@@ -76,7 +82,7 @@ export async function POST(request: NextRequest) {
         });
 
       if (profileError) {
-        console.error("Error creating user profile:", profileError);
+        logger.error("Error creating user profile:", profileError);
         return NextResponse.json(
           {
             error: "Compte créé mais profil non configuré",
@@ -90,14 +96,15 @@ export async function POST(request: NextRequest) {
     return NextResponse.json(
       {
         data: {
-          user: authData.user,
-          message: "Compte créé avec succès",
+          user,
+          message:
+            "Compte créé avec succès. Vérifiez vos emails pour confirmer votre compte.",
         },
       },
       { status: 201 }
     );
   } catch (error) {
-    console.error("Signup error:", error);
+    logger.error("Signup error:", error);
     return NextResponse.json(
       { error: "Erreur interne du serveur" },
       { status: 500 }