@mesob/auth-hono 0.1.1 → 0.2.0

package/dist/index.js

@@ -430,7 +430,7 @@ var createDatabase = (connectionString) => {
 };
 
 // src/handler.ts
-import { OpenAPIHono as OpenAPIHono16 } from "@hono/zod-openapi";
+import { OpenAPIHono as OpenAPIHono17 } from "@hono/zod-openapi";
 import { getCookie as getCookie3 } from "hono/cookie";
 
 // src/db/orm/session.ts
@@ -691,8 +691,104 @@ var hashToken = async (token, secret) => {
 };
 var generateToken = (bytes = 48) => randomHex(bytes);
 
+// src/lib/error-handler.ts
+import { logger } from "@mesob/common";
+import { HTTPException } from "hono/http-exception";
+var isDatabaseError = (error) => {
+  if (typeof error !== "object" || error === null) {
+    return false;
+  }
+  if ("code" in error || "query" in error || "detail" in error) {
+    return true;
+  }
+  if (error instanceof Error) {
+    const message = error.message.toLowerCase();
+    return message.includes("failed query") || message.includes("relation") || message.includes("column") || message.includes("syntax error") || message.includes("duplicate key") || message.includes("foreign key") || message.includes("null value");
+  }
+  return false;
+};
+var sanitizeDatabaseError = (error) => {
+  const code = error.code;
+  if (code === "23505") {
+    return "Resource already exists";
+  }
+  if (code === "23503") {
+    return "Referenced resource not found";
+  }
+  if (code === "23502") {
+    return "Required field is missing";
+  }
+  if (code === "42P01") {
+    return "Resource not found";
+  }
+  if (code === "42703") {
+    return "Invalid request";
+  }
+  if (code === "23514") {
+    return "Validation failed";
+  }
+  return "An error occurred while processing your request";
+};
+var isDatabaseErrorMessage = (message) => {
+  const lowerMessage = message.toLowerCase();
+  return lowerMessage.includes("failed query") || lowerMessage.includes("select") || lowerMessage.includes("insert") || lowerMessage.includes("update") || lowerMessage.includes("delete") || lowerMessage.includes("from") || lowerMessage.includes("where") || lowerMessage.includes("limit") || lowerMessage.includes("params:") || lowerMessage.includes("query") || message.includes('"iam".') || message.includes('"tenants"') || message.includes('"users"') || message.includes('"sessions"') || message.includes('"accounts"') || lowerMessage.includes("relation") || lowerMessage.includes("column") || lowerMessage.includes("syntax error") || lowerMessage.includes("database") || lowerMessage.includes("postgres") || lowerMessage.includes("sql");
+};
+var handleError = (error, c) => {
+  logger.error("API Error:", {
+    error,
+    path: c.req.path,
+    method: c.req.method,
+    url: c.req.url
+  });
+  if (error instanceof HTTPException) {
+    const message = isDatabaseErrorMessage(error.message) ? "An error occurred while processing your request" : error.message;
+    return c.json({ error: message }, error.status);
+  }
+  if (isDatabaseError(error)) {
+    const userMessage = sanitizeDatabaseError(error);
+    logger.error("Database error details:", {
+      code: error.code,
+      message: error.message,
+      detail: error.detail,
+      query: error.query,
+      parameters: error.parameters
+    });
+    return c.json({ error: userMessage }, 500);
+  }
+  if (error instanceof Error) {
+    const message = error.message;
+    const lowerMessage = message.toLowerCase();
+    const isDatabaseError2 = lowerMessage.includes("failed query") || lowerMessage.includes("select") || lowerMessage.includes("insert") || lowerMessage.includes("update") || lowerMessage.includes("delete") || lowerMessage.includes("from") || lowerMessage.includes("where") || lowerMessage.includes("limit") || lowerMessage.includes("params:") || lowerMessage.includes("query") || message.includes('"iam".') || message.includes('"tenants"') || message.includes('"users"') || message.includes('"sessions"') || message.includes('"accounts"') || lowerMessage.includes("relation") || lowerMessage.includes("column") || lowerMessage.includes("syntax error") || lowerMessage.includes("duplicate key") || lowerMessage.includes("foreign key") || lowerMessage.includes("null value") || lowerMessage.includes("database") || lowerMessage.includes("postgres") || lowerMessage.includes("sql");
+    if (isDatabaseError2) {
+      logger.error("SQL/database error detected:", {
+        message: error.message,
+        stack: error.stack,
+        name: error.name
+      });
+      return c.json(
+        { error: "An error occurred while processing your request" },
+        500
+      );
+    }
+    logger.error("Error details:", {
+      message: error.message,
+      stack: error.stack,
+      name: error.name
+    });
+    return c.json(
+      { error: "An error occurred while processing your request" },
+      500
+    );
+  }
+  logger.error("Unknown error:", error);
+  return c.json(
+    { error: "An error occurred while processing your request" },
+    500
+  );
+};
+
 // src/routes/index.ts
-import { OpenAPIHono as OpenAPIHono15 } from "@hono/zod-openapi";
+import { OpenAPIHono as OpenAPIHono16 } from "@hono/zod-openapi";
 
 // src/routes/auth/auth.route.ts
 import { createRoute, OpenAPIHono } from "@hono/zod-openapi";
@@ -804,11 +900,12 @@ var verifyPasswordSchema = z.object({
 var messageWithVerificationIdSchema = messageSchema.extend({
   verificationId: z.string().uuid().optional()
 });
-var checkUserSchema = z.object({
-  identifier: z.string()
+var checkAccountSchema = z.object({
+  username: z.string()
 });
-var checkUserResponseSchema = z.object({
-  exists: z.boolean()
+var checkAccountResponseSchema = z.object({
+  exists: z.boolean(),
+  verified: z.boolean()
 });
 var updateProfileSchema = z.object({
   fullName: z.string().min(1).max(255).optional().describe("User full name")
@@ -833,131 +930,55 @@ var pendingAccountChangeResponseSchema = z.object({
   verificationId: z.string().uuid().nullable()
 });
 
-// src/routes/auth/handler/check-user.ts
+// src/routes/auth/handler/check-account.ts
 import { and as and4, eq as eq4, sql as sql4 } from "drizzle-orm";
 
 // src/lib/tenant.ts
-import { HTTPException } from "hono/http-exception";
+import { HTTPException as HTTPException2 } from "hono/http-exception";
 var ensureTenantId = (config, tenantId) => {
   const enableTenant = config.tenant?.enabled ?? true;
   if (enableTenant) {
     if (!tenantId) {
-      throw new HTTPException(400, {
+      throw new HTTPException2(400, {
         message: "Missing tenantId. Tenant isolation is enabled."
       });
     }
     return tenantId;
   }
   if (!config.tenant?.tenantId) {
-    throw new HTTPException(500, {
+    throw new HTTPException2(500, {
       message: "tenantId must be provided in config.tenant when tenant.enabled is false."
     });
   }
   return config.tenant.tenantId;
 };
 
-// src/routes/auth/handler/check-user.ts
-var checkUserHandler = async (c) => {
+// src/routes/auth/handler/check-account.ts
+var checkAccountHandler = async (c) => {
   const body = c.req.valid("json");
   const config = c.get("config");
   const database = c.get("database");
   const tenantId = c.get("tenantId");
   const resolvedTenantId = ensureTenantId(config, tenantId);
-  const { identifier } = body;
-  const isEmail = identifier.includes("@");
-  let user = null;
-  if (isEmail) {
-    const [result] = await database.select({
-      id: usersInIam.id,
-      tenantId: usersInIam.tenantId,
-      fullName: usersInIam.fullName,
-      email: usersInIam.email,
-      phone: usersInIam.phone,
-      handle: usersInIam.handle,
-      image: usersInIam.image,
-      emailVerified: usersInIam.emailVerified,
-      phoneVerified: usersInIam.phoneVerified,
-      lastSignInAt: usersInIam.lastSignInAt,
-      userRoles: sql4`
-          COALESCE(
-            json_agg(
-              json_build_object(
-                'id', ${userRolesInIam.id},
-                'roleId', ${rolesInIam.id},
-                'code', ${rolesInIam.code},
-                'name', ${rolesInIam.name},
-                'description', ${rolesInIam.description}
-              )
-            ) FILTER (WHERE ${userRolesInIam.id} IS NOT NULL),
-            '[]'::json
-          )
-        `
-    }).from(usersInIam).leftJoin(
-      userRolesInIam,
-      and4(
-        eq4(userRolesInIam.userId, usersInIam.id),
-        eq4(userRolesInIam.tenantId, resolvedTenantId)
-      )
-    ).leftJoin(
-      rolesInIam,
-      and4(
-        eq4(userRolesInIam.roleId, rolesInIam.id),
-        eq4(rolesInIam.tenantId, resolvedTenantId)
-      )
-    ).where(
-      and4(
-        eq4(usersInIam.tenantId, resolvedTenantId),
-        sql4`lower(${usersInIam.email}) = lower(${identifier})`
-      )
-    ).groupBy(usersInIam.id).limit(1);
-    user = result || null;
-  } else {
-    const [result] = await database.select({
-      id: usersInIam.id,
-      tenantId: usersInIam.tenantId,
-      fullName: usersInIam.fullName,
-      email: usersInIam.email,
-      phone: usersInIam.phone,
-      handle: usersInIam.handle,
-      image: usersInIam.image,
-      emailVerified: usersInIam.emailVerified,
-      phoneVerified: usersInIam.phoneVerified,
-      lastSignInAt: usersInIam.lastSignInAt,
-      userRoles: sql4`
-          COALESCE(
-            json_agg(
-              json_build_object(
-                'id', ${userRolesInIam.id},
-                'roleId', ${rolesInIam.id},
-                'code', ${rolesInIam.code},
-                'name', ${rolesInIam.name},
-                'description', ${rolesInIam.description}
-              )
-            ) FILTER (WHERE ${userRolesInIam.id} IS NOT NULL),
-            '[]'::json
-          )
-        `
-    }).from(usersInIam).leftJoin(
-      userRolesInIam,
-      and4(
-        eq4(userRolesInIam.userId, usersInIam.id),
-        eq4(userRolesInIam.tenantId, resolvedTenantId)
-      )
-    ).leftJoin(
-      rolesInIam,
-      and4(
-        eq4(userRolesInIam.roleId, rolesInIam.id),
-        eq4(rolesInIam.tenantId, resolvedTenantId)
-      )
-    ).where(
-      and4(
-        eq4(usersInIam.tenantId, resolvedTenantId),
-        eq4(usersInIam.phone, identifier)
-      )
-    ).groupBy(usersInIam.id).limit(1);
-    user = result || null;
-  }
-  return c.json({ exists: !!user }, 200);
+  const { username } = body;
+  const isEmail = username.includes("@");
+  const whereClause = isEmail ? and4(
+    eq4(usersInIam.tenantId, resolvedTenantId),
+    sql4`lower(${usersInIam.email}) = lower(${username})`
+  ) : and4(
+    eq4(usersInIam.tenantId, resolvedTenantId),
+    eq4(usersInIam.phone, username)
+  );
+  const [result] = await database.select({
+    verified: isEmail ? usersInIam.emailVerified : usersInIam.phoneVerified
+  }).from(usersInIam).where(whereClause).limit(1);
+  return c.json(
+    {
+      exists: !!result,
+      verified: result?.verified ?? false
+    },
+    200
+  );
 };
 
 // src/routes/auth/handler/sign-in.ts
@@ -1688,6 +1709,18 @@ function withTransaction(database, callback) {
   return database.transaction(async (tx) => callback(tx));
 }
 
+// src/lib/phone-validation.ts
+var createPhoneField = (config) => {
+  const phoneRegex = config.phone.phoneRegex || /^(\+2519|\+2517|2519|2517|09|07)\d{8}$/;
+  const regex = typeof phoneRegex === "string" ? new RegExp(phoneRegex) : phoneRegex;
+  return {
+    validate: (phone) => {
+      return regex.test(phone.trim());
+    },
+    regex
+  };
+};
+
 // src/routes/auth/handler/sign-up.ts
 var SignUpError = class extends Error {
   constructor(message, status) {
@@ -1707,6 +1740,12 @@ var signUpHandler = async (c) => {
     return c.json({ error: "Either email or phone is required" }, 409);
   }
   const isEmail = identifier.includes("@");
+  if (phone) {
+    const phoneValidator = createPhoneField(config);
+    if (!phoneValidator.validate(phone)) {
+      return c.json({ error: "Invalid phone number format" }, 400);
+    }
+  }
   if (isEmail && !config.email.enabled) {
     return c.json({ error: "Email authentication is disabled" }, 403);
   }
@@ -1871,6 +1910,14 @@ var signUpRoute = createRoute({
       },
       description: "Account created"
     },
+    400: {
+      content: {
+        "application/json": {
+          schema: errorResponseSchema
+        }
+      },
+      description: "Invalid request"
+    },
     403: {
       content: {
         "application/json": {
@@ -1922,16 +1969,16 @@ var signInRoute = createRoute({
     }
   }
 });
-var checkUserRoute = createRoute({
+var checkAccountRoute = createRoute({
   method: "post",
-  path: "/check-user",
+  path: "/check-account",
   tags: ["Auth"],
-  summary: "Check if user exists",
+  summary: "Check if account exists",
   request: {
     body: {
       content: {
         "application/json": {
-          schema: checkUserSchema
+          schema: checkAccountSchema
         }
       }
     }
@@ -1940,10 +1987,10 @@ var checkUserRoute = createRoute({
     200: {
       content: {
         "application/json": {
-          schema: checkUserResponseSchema
+          schema: checkAccountResponseSchema
         }
       },
-      description: "User check result"
+      description: "Account check result"
     }
   }
 });
@@ -1959,7 +2006,7 @@ var signOutRoute = createRoute({
     }
   }
 });
-var authRoutes = new OpenAPIHono().openapi(signUpRoute, signUpHandler).openapi(signInRoute, signInHandler).openapi(checkUserRoute, checkUserHandler).openapi(signOutRoute, signOutHandler);
+var authRoutes = new OpenAPIHono().openapi(signUpRoute, signUpHandler).openapi(signInRoute, signInHandler).openapi(checkAccountRoute, checkAccountHandler).openapi(signOutRoute, signOutHandler);
 var auth_route_default = authRoutes;
 
 // src/routes/domains/domains.route.ts
@@ -3388,6 +3435,10 @@ var phoneVerificationRequestHandler = async (c) => {
   if (!phone) {
     return c.json({ error: "Phone required" }, 400);
   }
+  const phoneValidator = createPhoneField(config);
+  if (!phoneValidator.validate(phone)) {
+    return c.json({ error: "Invalid phone number format" }, 400);
+  }
   const genericResponse = {
     message: "If the account exists, a verification code was sent."
   };
@@ -3665,19 +3716,38 @@ var meHandler = (c) => {
 var sessionHandler = (c) => {
   const user = c.get("user");
   const session = c.get("session");
-  return c.json(
-    {
-      user: user ? normalizeUser(user) : null,
-      session: session ? {
-        id: session.id,
-        expiresAt: session.expiresAt,
-        createdAt: session.createdAt,
-        userAgent: session.userAgent,
-        ip: session.ip
-      } : null
-    },
-    200
-  );
+  const status = c.get("sessionStatus");
+  if (status === "no_cookie") {
+    return c.json({ user: null, session: null }, 200);
+  }
+  if (status === "invalid_session") {
+    return c.json({ error: "Invalid session", code: "INVALID_SESSION" }, 401);
+  }
+  if (status === "user_not_found") {
+    return c.json({ error: "User not found", code: "USER_NOT_FOUND" }, 401);
+  }
+  if (status === "error") {
+    return c.json(
+      { error: "Session check error", code: "SESSION_CHECK_ERROR" },
+      500
+    );
+  }
+  if (user && session) {
+    return c.json(
+      {
+        user: normalizeUser(user),
+        session: {
+          id: session.id,
+          expiresAt: session.expiresAt,
+          createdAt: session.createdAt,
+          userAgent: session.userAgent,
+          ip: session.ip
+        }
+      },
+      200
+    );
+  }
+  return c.json({ user: null, session: null }, 200);
 };
 
 // src/routes/profile/handler/update.ts
@@ -3805,6 +3875,10 @@ var updatePhoneHandler = async (c) => {
     return c.json({ error: AUTH_ERRORS.UNAUTHORIZED }, 401);
   }
   const resolvedTenantId = ensureTenantId(config, tenantId);
+  const phoneValidator = createPhoneField(config);
+  if (!phoneValidator.validate(body.phone)) {
+    return c.json({ error: "Invalid phone number format" }, 400);
+  }
   if (user.phone && session?.id) {
     await database.delete(sessionsInIam).where(
       and27(
@@ -3899,7 +3973,23 @@ var sessionRoute = createRoute7({
           })
         }
       },
-      description: "Current session"
+      description: "Session info (null if no cookie sent)"
+    },
+    401: {
+      content: {
+        "application/json": {
+          schema: errorResponseSchema
+        }
+      },
+      description: "Invalid session (cookie sent but invalid/expired)"
+    },
+    500: {
+      content: {
+        "application/json": {
+          schema: errorResponseSchema
+        }
+      },
+      description: "Server error checking session"
     }
   }
 });
@@ -4008,6 +4098,14 @@ var updatePhoneRoute = createRoute7({
       },
       description: "Phone updated"
     },
+    400: {
+      content: {
+        "application/json": {
+          schema: errorResponseSchema
+        }
+      },
+      description: "Invalid request"
+    },
     401: {
       content: {
         "application/json": {
@@ -4716,8 +4814,69 @@ var revokeAllSessionsRoute = createRoute10({
 var sessionRoutes = new OpenAPIHono10().openapi(listSessionsRoute, listSessionsHandler).openapi(getSessionRoute, getSessionHandler).openapi(revokeSessionRoute, revokeSessionHandler).openapi(revokeAllSessionsRoute, revokeAllSessionsHandler);
 var sessions_route_default = sessionRoutes;
 
-// src/routes/tenants/tenants.route.ts
+// src/routes/system/system.route.ts
 import { createRoute as createRoute11, OpenAPIHono as OpenAPIHono11 } from "@hono/zod-openapi";
+import { z as z8 } from "zod";
+
+// src/routes/system/handler/tenant.ts
+var tenantHandler = (c) => {
+  const tenantId = c.get("tenantId");
+  const tenant = c.get("tenant");
+  const host = c.get("host");
+  return c.json(
+    {
+      host: host || null,
+      tenantId: tenantId || null,
+      tenant: tenant || null,
+      status: "ok"
+    },
+    200
+  );
+};
+
+// src/routes/system/system.route.ts
+var tenantRoute = createRoute11({
+  method: "get",
+  path: "/init",
+  tags: ["System"],
+  summary: "Get tenant info",
+  responses: {
+    200: {
+      content: {
+        "application/json": {
+          schema: z8.object({
+            host: z8.string().nullable(),
+            tenantId: z8.string().nullable(),
+            tenant: z8.object({
+              id: z8.string(),
+              name: z8.unknown(),
+              description: z8.unknown(),
+              isActive: z8.boolean()
+            }).nullable(),
+            status: z8.literal("ok")
+          })
+        }
+      },
+      description: "Tenant info"
+    },
+    500: {
+      content: {
+        "application/json": {
+          schema: errorResponseSchema
+        }
+      },
+      description: "Server error"
+    }
+  }
+});
+var tenantRoutes = new OpenAPIHono11().openapi(
+  tenantRoute,
+  tenantHandler
+);
+var system_route_default = tenantRoutes;
+
+// src/routes/tenants/tenants.route.ts
+import { createRoute as createRoute12, OpenAPIHono as OpenAPIHono12 } from "@hono/zod-openapi";
 
 // src/routes/tenants/handler/create-tenant.ts
 import { eq as eq38 } from "drizzle-orm";
@@ -4849,79 +5008,79 @@ var updateTenantHandler = async (c) => {
 };
 
 // src/routes/tenants/tenants.schema.ts
-import { z as z8 } from "zod";
-var listTenantsQuerySchema = z8.object({
-  page: z8.coerce.number().min(1).default(1).optional(),
-  limit: z8.coerce.number().min(1).max(100).default(20).optional(),
-  isActive: z8.coerce.boolean().optional()
-});
-var tenantIdParamSchema = z8.object({
-  id: z8.string()
-});
-var createTenantSchema = z8.object({
-  id: z8.string().max(30),
-  name: z8.unknown(),
-  description: z8.unknown().optional(),
-  theme: z8.unknown().optional(),
-  supportedLanguages: z8.unknown().optional(),
-  defaultLanguage: z8.string().optional(),
-  supportedCurrency: z8.unknown().optional(),
-  defaultCurrency: z8.string().optional(),
-  timezone: z8.string().optional(),
-  isActive: z8.boolean().default(true).optional(),
-  locale: z8.unknown().optional(),
-  settings: z8.unknown().optional(),
-  seo: z8.unknown().optional()
-});
-var updateTenantSchema = z8.object({
-  name: z8.unknown().optional(),
-  description: z8.unknown().nullable().optional(),
-  theme: z8.unknown().nullable().optional(),
-  supportedLanguages: z8.unknown().nullable().optional(),
-  defaultLanguage: z8.string().nullable().optional(),
-  supportedCurrency: z8.unknown().nullable().optional(),
-  defaultCurrency: z8.string().nullable().optional(),
-  timezone: z8.string().nullable().optional(),
-  isActive: z8.boolean().optional(),
-  locale: z8.unknown().nullable().optional(),
-  settings: z8.unknown().nullable().optional(),
-  seo: z8.unknown().nullable().optional()
-});
-var tenantSchema = z8.object({
-  id: z8.string(),
-  createdAt: z8.string(),
-  updatedAt: z8.string(),
-  name: z8.unknown(),
-  description: z8.unknown().nullable(),
-  theme: z8.unknown().nullable(),
-  supportedLanguages: z8.unknown().nullable(),
-  defaultLanguage: z8.string().nullable(),
-  supportedCurrency: z8.unknown().nullable(),
-  defaultCurrency: z8.string().nullable(),
-  timezone: z8.string().nullable(),
-  isActive: z8.boolean(),
-  locale: z8.unknown().nullable(),
-  settings: z8.unknown().nullable(),
-  seo: z8.unknown().nullable()
-});
-var listTenantsResponseSchema = z8.object({
-  tenants: z8.array(tenantSchema),
-  total: z8.number(),
-  page: z8.number(),
-  limit: z8.number()
-});
-var tenantResponseSchema = z8.object({
+import { z as z9 } from "zod";
+var listTenantsQuerySchema = z9.object({
+  page: z9.coerce.number().min(1).default(1).optional(),
+  limit: z9.coerce.number().min(1).max(100).default(20).optional(),
+  isActive: z9.coerce.boolean().optional()
+});
+var tenantIdParamSchema = z9.object({
+  id: z9.string()
+});
+var createTenantSchema = z9.object({
+  id: z9.string().max(30),
+  name: z9.unknown(),
+  description: z9.unknown().optional(),
+  theme: z9.unknown().optional(),
+  supportedLanguages: z9.unknown().optional(),
+  defaultLanguage: z9.string().optional(),
+  supportedCurrency: z9.unknown().optional(),
+  defaultCurrency: z9.string().optional(),
+  timezone: z9.string().optional(),
+  isActive: z9.boolean().default(true).optional(),
+  locale: z9.unknown().optional(),
+  settings: z9.unknown().optional(),
+  seo: z9.unknown().optional()
+});
+var updateTenantSchema = z9.object({
+  name: z9.unknown().optional(),
+  description: z9.unknown().nullable().optional(),
+  theme: z9.unknown().nullable().optional(),
+  supportedLanguages: z9.unknown().nullable().optional(),
+  defaultLanguage: z9.string().nullable().optional(),
+  supportedCurrency: z9.unknown().nullable().optional(),
+  defaultCurrency: z9.string().nullable().optional(),
+  timezone: z9.string().nullable().optional(),
+  isActive: z9.boolean().optional(),
+  locale: z9.unknown().nullable().optional(),
+  settings: z9.unknown().nullable().optional(),
+  seo: z9.unknown().nullable().optional()
+});
+var tenantSchema = z9.object({
+  id: z9.string(),
+  createdAt: z9.string(),
+  updatedAt: z9.string(),
+  name: z9.unknown(),
+  description: z9.unknown().nullable(),
+  theme: z9.unknown().nullable(),
+  supportedLanguages: z9.unknown().nullable(),
+  defaultLanguage: z9.string().nullable(),
+  supportedCurrency: z9.unknown().nullable(),
+  defaultCurrency: z9.string().nullable(),
+  timezone: z9.string().nullable(),
+  isActive: z9.boolean(),
+  locale: z9.unknown().nullable(),
+  settings: z9.unknown().nullable(),
+  seo: z9.unknown().nullable()
+});
+var listTenantsResponseSchema = z9.object({
+  tenants: z9.array(tenantSchema),
+  total: z9.number(),
+  page: z9.number(),
+  limit: z9.number()
+});
+var tenantResponseSchema = z9.object({
   tenant: tenantSchema
 });
-var deleteTenantResponseSchema = z8.object({
-  message: z8.string()
+var deleteTenantResponseSchema = z9.object({
+  message: z9.string()
 });
-var errorResponseSchema7 = z8.object({
-  error: z8.string()
+var errorResponseSchema7 = z9.object({
+  error: z9.string()
 });
 
 // src/routes/tenants/tenants.route.ts
-var listTenantsRoute = createRoute11({
+var listTenantsRoute = createRoute12({
   method: "get",
   path: "/",
   tags: ["Tenants"],
@@ -4940,7 +5099,7 @@ var listTenantsRoute = createRoute11({
     }
   }
 });
-var getTenantRoute = createRoute11({
+var getTenantRoute = createRoute12({
   method: "get",
   path: "/{id}",
   tags: ["Tenants"],
@@ -4967,7 +5126,7 @@ var getTenantRoute = createRoute11({
     }
   }
 });
-var createTenantRoute = createRoute11({
+var createTenantRoute = createRoute12({
   method: "post",
   path: "/",
   tags: ["Tenants"],
@@ -5000,7 +5159,7 @@ var createTenantRoute = createRoute11({
     }
   }
 });
-var updateTenantRoute = createRoute11({
+var updateTenantRoute = createRoute12({
   method: "put",
   path: "/{id}",
   tags: ["Tenants"],
@@ -5034,7 +5193,7 @@ var updateTenantRoute = createRoute11({
     }
   }
 });
-var deleteTenantRoute = createRoute11({
+var deleteTenantRoute = createRoute12({
   method: "delete",
   path: "/{id}",
   tags: ["Tenants"],
@@ -5061,11 +5220,11 @@ var deleteTenantRoute = createRoute11({
     }
   }
 });
-var tenantRoutes = new OpenAPIHono11().openapi(listTenantsRoute, listTenantsHandler).openapi(getTenantRoute, getTenantHandler).openapi(createTenantRoute, createTenantHandler).openapi(updateTenantRoute, updateTenantHandler).openapi(deleteTenantRoute, deleteTenantHandler);
-var tenants_route_default = tenantRoutes;
+var tenantRoutes2 = new OpenAPIHono12().openapi(listTenantsRoute, listTenantsHandler).openapi(getTenantRoute, getTenantHandler).openapi(createTenantRoute, createTenantHandler).openapi(updateTenantRoute, updateTenantHandler).openapi(deleteTenantRoute, deleteTenantHandler);
+var tenants_route_default = tenantRoutes2;
 
 // src/routes/user-roles/user-roles.route.ts
-import { createRoute as createRoute12, OpenAPIHono as OpenAPIHono12 } from "@hono/zod-openapi";
+import { createRoute as createRoute13, OpenAPIHono as OpenAPIHono13 } from "@hono/zod-openapi";
 
 // src/routes/user-roles/handler/assign-user-role.ts
 var assignUserRoleHandler = async (c) => {
@@ -5125,39 +5284,39 @@ var revokeUserRoleHandler = async (c) => {
 };
 
 // src/routes/user-roles/user-roles.schema.ts
-import { z as z9 } from "zod";
-var listUserRolesQuerySchema = z9.object({
-  userId: z9.uuid().optional(),
-  roleId: z9.uuid().optional()
+import { z as z10 } from "zod";
+var listUserRolesQuerySchema = z10.object({
+  userId: z10.uuid().optional(),
+  roleId: z10.uuid().optional()
 });
-var userRoleIdParamSchema = z9.object({
-  id: z9.uuid()
+var userRoleIdParamSchema = z10.object({
+  id: z10.uuid()
 });
-var assignUserRoleSchema = z9.object({
-  userId: z9.uuid(),
-  roleId: z9.uuid()
+var assignUserRoleSchema = z10.object({
+  userId: z10.uuid(),
+  roleId: z10.uuid()
 });
-var userRoleSchema2 = z9.object({
-  id: z9.uuid(),
-  tenantId: z9.string(),
-  userId: z9.uuid(),
-  roleId: z9.uuid()
+var userRoleSchema2 = z10.object({
+  id: z10.uuid(),
+  tenantId: z10.string(),
+  userId: z10.uuid(),
+  roleId: z10.uuid()
 });
-var listUserRolesResponseSchema = z9.object({
-  userRoles: z9.array(userRoleSchema2)
+var listUserRolesResponseSchema = z10.object({
+  userRoles: z10.array(userRoleSchema2)
 });
-var userRoleResponseSchema = z9.object({
+var userRoleResponseSchema = z10.object({
   userRole: userRoleSchema2
 });
-var revokeUserRoleResponseSchema = z9.object({
-  message: z9.string()
+var revokeUserRoleResponseSchema = z10.object({
+  message: z10.string()
 });
-var errorResponseSchema8 = z9.object({
-  error: z9.string()
+var errorResponseSchema8 = z10.object({
+  error: z10.string()
 });
 
 // src/routes/user-roles/user-roles.route.ts
-var listUserRolesRoute = createRoute12({
+var listUserRolesRoute = createRoute13({
   method: "get",
   path: "/",
   tags: ["User Roles"],
@@ -5176,7 +5335,7 @@ var listUserRolesRoute = createRoute12({
     }
   }
 });
-var assignUserRoleRoute = createRoute12({
+var assignUserRoleRoute = createRoute13({
   method: "post",
   path: "/",
   tags: ["User Roles"],
@@ -5209,7 +5368,7 @@ var assignUserRoleRoute = createRoute12({
     }
   }
 });
-var revokeUserRoleRoute = createRoute12({
+var revokeUserRoleRoute = createRoute13({
   method: "delete",
   path: "/{id}",
   tags: ["User Roles"],
@@ -5236,11 +5395,11 @@ var revokeUserRoleRoute = createRoute12({
     }
   }
 });
-var userRoleRoutes = new OpenAPIHono12().openapi(listUserRolesRoute, listUserRolesHandler).openapi(assignUserRoleRoute, assignUserRoleHandler).openapi(revokeUserRoleRoute, revokeUserRoleHandler);
+var userRoleRoutes = new OpenAPIHono13().openapi(listUserRolesRoute, listUserRolesHandler).openapi(assignUserRoleRoute, assignUserRoleHandler).openapi(revokeUserRoleRoute, revokeUserRoleHandler);
 var user_roles_route_default = userRoleRoutes;
 
 // src/routes/users/users.route.ts
-import { createRoute as createRoute13, OpenAPIHono as OpenAPIHono13 } from "@hono/zod-openapi";
+import { createRoute as createRoute14, OpenAPIHono as OpenAPIHono14 } from "@hono/zod-openapi";
 
 // src/routes/users/handler/ban-user.ts
 import { and as and41, eq as eq45, sql as sql22 } from "drizzle-orm";
@@ -5531,72 +5690,72 @@ var updateUserHandler = async (c) => {
 };
 
 // src/routes/users/users.schema.ts
-import { z as z10 } from "zod";
-var listUsersQuerySchema = z10.object({
-  page: z10.coerce.number().min(1).default(1).optional(),
-  limit: z10.coerce.number().min(1).max(100).default(20).optional(),
-  tenantId: z10.string().optional(),
-  email: z10.string().optional(),
-  phone: z10.string().optional(),
-  handle: z10.string().optional()
-});
-var userIdParamSchema2 = z10.object({
-  id: z10.uuid()
+import { z as z11 } from "zod";
+var listUsersQuerySchema = z11.object({
+  page: z11.coerce.number().min(1).default(1).optional(),
+  limit: z11.coerce.number().min(1).max(100).default(20).optional(),
+  tenantId: z11.string().optional(),
+  email: z11.string().optional(),
+  phone: z11.string().optional(),
+  handle: z11.string().optional()
 });
-var createUserSchema = z10.object({
-  email: z10.string().email().optional(),
-  phone: z10.string().optional(),
-  fullName: z10.string().min(1),
-  handle: z10.string().optional(),
-  image: z10.string().url().optional(),
-  emailVerified: z10.boolean().default(false).optional(),
-  phoneVerified: z10.boolean().default(false).optional()
-});
-var updateUserSchema = z10.object({
-  fullName: z10.string().min(1).optional(),
-  email: z10.string().email().nullable().optional(),
-  phone: z10.string().nullable().optional(),
-  handle: z10.string().optional(),
-  image: z10.string().url().nullable().optional(),
-  emailVerified: z10.boolean().optional(),
-  phoneVerified: z10.boolean().optional()
-});
-var banUserSchema = z10.object({
-  bannedUntil: z10.string().datetime().nullable().optional()
-});
-var listUsersResponseSchema = z10.object({
-  users: z10.array(userSchema),
-  total: z10.number(),
-  page: z10.number(),
-  limit: z10.number()
-});
-var userResponseSchema = z10.object({
+var userIdParamSchema2 = z11.object({
+  id: z11.uuid()
+});
+var createUserSchema = z11.object({
+  email: z11.string().email().optional(),
+  phone: z11.string().optional(),
+  fullName: z11.string().min(1),
+  handle: z11.string().optional(),
+  image: z11.string().url().optional(),
+  emailVerified: z11.boolean().default(false).optional(),
+  phoneVerified: z11.boolean().default(false).optional()
+});
+var updateUserSchema = z11.object({
+  fullName: z11.string().min(1).optional(),
+  email: z11.string().email().nullable().optional(),
+  phone: z11.string().nullable().optional(),
+  handle: z11.string().optional(),
+  image: z11.string().url().nullable().optional(),
+  emailVerified: z11.boolean().optional(),
+  phoneVerified: z11.boolean().optional()
+});
+var banUserSchema = z11.object({
+  bannedUntil: z11.string().datetime().nullable().optional()
+});
+var listUsersResponseSchema = z11.object({
+  users: z11.array(userSchema),
+  total: z11.number(),
+  page: z11.number(),
+  limit: z11.number()
+});
+var userResponseSchema = z11.object({
   user: userSchema
 });
-var deleteUserResponseSchema = z10.object({
-  message: z10.string()
+var deleteUserResponseSchema = z11.object({
+  message: z11.string()
 });
-var errorResponseSchema9 = z10.object({
-  error: z10.string()
+var errorResponseSchema9 = z11.object({
+  error: z11.string()
 });
-var searchUsersQuerySchema = z10.object({
-  search: z10.string().optional().describe("Search term"),
-  limit: z10.coerce.number().int().positive().optional().default(20).describe("Limit")
+var searchUsersQuerySchema = z11.object({
+  search: z11.string().optional().describe("Search term"),
+  limit: z11.coerce.number().int().positive().optional().default(20).describe("Limit")
 });
-var userSearchResultSchema = z10.object({
-  id: z10.string().uuid().describe("User ID"),
-  fullName: z10.string().describe("Full name"),
-  email: z10.string().nullable().describe("Email"),
-  phone: z10.string().nullable().describe("Phone"),
-  handle: z10.string().describe("Handle"),
-  image: z10.string().nullable().describe("Image URL")
+var userSearchResultSchema = z11.object({
+  id: z11.string().uuid().describe("User ID"),
+  fullName: z11.string().describe("Full name"),
+  email: z11.string().nullable().describe("Email"),
+  phone: z11.string().nullable().describe("Phone"),
+  handle: z11.string().describe("Handle"),
+  image: z11.string().nullable().describe("Image URL")
 });
-var searchUsersResponseSchema = z10.object({
-  users: z10.array(userSearchResultSchema).describe("Users")
+var searchUsersResponseSchema = z11.object({
+  users: z11.array(userSearchResultSchema).describe("Users")
 });
 
 // src/routes/users/users.route.ts
-var listUsersRoute = createRoute13({
+var listUsersRoute = createRoute14({
   method: "get",
   path: "/",
   tags: ["Users"],
@@ -5615,7 +5774,7 @@ var listUsersRoute = createRoute13({
     }
   }
 });
-var getUserRoute = createRoute13({
+var getUserRoute = createRoute14({
   method: "get",
   path: "/{id}",
   tags: ["Users"],
@@ -5642,7 +5801,7 @@ var getUserRoute = createRoute13({
     }
   }
 });
-var createUserRoute = createRoute13({
+var createUserRoute = createRoute14({
   method: "post",
   path: "/",
   tags: ["Users"],
@@ -5675,7 +5834,7 @@ var createUserRoute = createRoute13({
     }
   }
 });
-var updateUserRoute = createRoute13({
+var updateUserRoute = createRoute14({
   method: "put",
   path: "/{id}",
   tags: ["Users"],
@@ -5717,7 +5876,7 @@ var updateUserRoute = createRoute13({
     }
   }
 });
-var deleteUserRoute = createRoute13({
+var deleteUserRoute = createRoute14({
   method: "delete",
   path: "/{id}",
   tags: ["Users"],
@@ -5744,7 +5903,7 @@ var deleteUserRoute = createRoute13({
     }
   }
 });
-var banUserRoute = createRoute13({
+var banUserRoute = createRoute14({
   method: "post",
   path: "/{id}/ban",
   tags: ["Users"],
@@ -5778,7 +5937,7 @@ var banUserRoute = createRoute13({
     }
   }
 });
-var searchUsersRoute = createRoute13({
+var searchUsersRoute = createRoute14({
   method: "get",
   path: "/search",
   tags: ["Users"],
@@ -5797,11 +5956,11 @@ var searchUsersRoute = createRoute13({
     }
   }
 });
-var userRoutes = new OpenAPIHono13().openapi(listUsersRoute, listUsersHandler).openapi(getUserRoute, getUserHandler).openapi(createUserRoute, createUserHandler).openapi(updateUserRoute, updateUserHandler).openapi(deleteUserRoute, deleteUserHandler).openapi(banUserRoute, banUserHandler).openapi(searchUsersRoute, searchUsersHandler);
+var userRoutes = new OpenAPIHono14().openapi(listUsersRoute, listUsersHandler).openapi(getUserRoute, getUserHandler).openapi(createUserRoute, createUserHandler).openapi(updateUserRoute, updateUserHandler).openapi(deleteUserRoute, deleteUserHandler).openapi(banUserRoute, banUserHandler).openapi(searchUsersRoute, searchUsersHandler);
 var users_route_default = userRoutes;
 
 // src/routes/verifications/verifications.route.ts
-import { createRoute as createRoute14, OpenAPIHono as OpenAPIHono14 } from "@hono/zod-openapi";
+import { createRoute as createRoute15, OpenAPIHono as OpenAPIHono15 } from "@hono/zod-openapi";
 
 // src/routes/verifications/handler/invalidate-verification.ts
 import { and as and47, eq as eq51 } from "drizzle-orm";
@@ -5863,44 +6022,44 @@ var listVerificationsHandler = async (c) => {
 };
 
 // src/routes/verifications/verifications.schema.ts
-import { z as z11 } from "zod";
-var listVerificationsQuerySchema = z11.object({
-  page: z11.coerce.number().min(1).default(1).optional(),
-  limit: z11.coerce.number().min(1).max(100).default(20).optional(),
-  userId: z11.uuid().optional(),
-  type: z11.string().optional(),
-  status: z11.enum(["active", "expired", "consumed"]).optional()
-});
-var verificationIdParamSchema = z11.object({
-  id: z11.uuid()
-});
-var verificationSchema = z11.object({
-  id: z11.uuid(),
-  tenantId: z11.string(),
-  userId: z11.uuid(),
-  code: z11.string(),
-  expiresAt: z11.string(),
-  type: z11.string().nullable(),
-  attempt: z11.number().nullable(),
-  to: z11.string().nullable(),
-  createdAt: z11.string(),
-  updatedAt: z11.string()
-});
-var listVerificationsResponseSchema = z11.object({
-  verifications: z11.array(verificationSchema),
-  total: z11.number(),
-  page: z11.number(),
-  limit: z11.number()
-});
-var invalidateVerificationResponseSchema = z11.object({
-  message: z11.string()
-});
-var errorResponseSchema10 = z11.object({
-  error: z11.string()
+import { z as z12 } from "zod";
+var listVerificationsQuerySchema = z12.object({
+  page: z12.coerce.number().min(1).default(1).optional(),
+  limit: z12.coerce.number().min(1).max(100).default(20).optional(),
+  userId: z12.uuid().optional(),
+  type: z12.string().optional(),
+  status: z12.enum(["active", "expired", "consumed"]).optional()
+});
+var verificationIdParamSchema = z12.object({
+  id: z12.uuid()
+});
+var verificationSchema = z12.object({
+  id: z12.uuid(),
+  tenantId: z12.string(),
+  userId: z12.uuid(),
+  code: z12.string(),
+  expiresAt: z12.string(),
+  type: z12.string().nullable(),
+  attempt: z12.number().nullable(),
+  to: z12.string().nullable(),
+  createdAt: z12.string(),
+  updatedAt: z12.string()
+});
+var listVerificationsResponseSchema = z12.object({
+  verifications: z12.array(verificationSchema),
+  total: z12.number(),
+  page: z12.number(),
+  limit: z12.number()
+});
+var invalidateVerificationResponseSchema = z12.object({
+  message: z12.string()
+});
+var errorResponseSchema10 = z12.object({
+  error: z12.string()
 });
 
 // src/routes/verifications/verifications.route.ts
-var listVerificationsRoute = createRoute14({
+var listVerificationsRoute = createRoute15({
   method: "get",
   path: "/",
   tags: ["Verifications"],
@@ -5919,7 +6078,7 @@ var listVerificationsRoute = createRoute14({
     }
   }
 });
-var invalidateVerificationRoute = createRoute14({
+var invalidateVerificationRoute = createRoute15({
   method: "delete",
   path: "/{id}",
   tags: ["Verifications"],
@@ -5946,11 +6105,11 @@ var invalidateVerificationRoute = createRoute14({
     }
   }
 });
-var verificationRoutes = new OpenAPIHono14().openapi(listVerificationsRoute, listVerificationsHandler).openapi(invalidateVerificationRoute, invalidateVerificationHandler);
+var verificationRoutes = new OpenAPIHono15().openapi(listVerificationsRoute, listVerificationsHandler).openapi(invalidateVerificationRoute, invalidateVerificationHandler);
 var verifications_route_default = verificationRoutes;
 
 // src/routes/index.ts
-var routes = new OpenAPIHono15().route("/", auth_route_default).route("/", profile_route_default).route("/password", password_route_default).route("/email", email_route_default).route("/phone", phone_route_default).route("/users", users_route_default).route("/tenants", tenants_route_default).route("/domains", domains_route_default).route("/roles", roles_route_default).route("/permissions", permissions_route_default).route("/role-permissions", role_permissions_route_default).route("/user-roles", user_roles_route_default).route("/sessions", sessions_route_default).route("/verifications", verifications_route_default);
+var routes = new OpenAPIHono16().route("/", auth_route_default).route("/", profile_route_default).route("/password", password_route_default).route("/email", email_route_default).route("/phone", phone_route_default).route("/users", users_route_default).route("/system", system_route_default).route("/tenants", tenants_route_default).route("/domains", domains_route_default).route("/roles", roles_route_default).route("/permissions", permissions_route_default).route("/role-permissions", role_permissions_route_default).route("/user-roles", user_roles_route_default).route("/sessions", sessions_route_default).route("/verifications", verifications_route_default);
 var routes_default = routes;
 
 // src/utility/set-auth-context.ts
@@ -6031,7 +6190,10 @@ var createAuthRoutes = ({
   config,
   database
 }) => {
-  const app = new OpenAPIHono16();
+  const app = new OpenAPIHono17();
+  app.onError((error, c) => {
+    return handleError(error, c);
+  });
   app.use(
     "*",
     createAuthMiddleware({
@@ -6092,13 +6254,18 @@ var createOpenApiConfig = (config) => {
       },
       { name: "User Roles", description: "User-role assignment (IAM)" },
       { name: "Sessions", description: "Session management (IAM)" },
-      { name: "Verifications", description: "Verification management (IAM)" }
+      { name: "Verifications", description: "Verification management (IAM)" },
+      { name: "System", description: "System initialization" }
     ],
     "x-tagGroups": [
       {
         name: "Authentication",
         tags: ["Auth", "Profile", "Password", "Email", "Phone"]
       },
+      {
+        name: "System",
+        tags: ["System"]
+      },
       {
         name: "IAM Management",
         tags: [
@@ -6126,10 +6293,12 @@ var createSessionMiddleware = () => {
       c.set("user", null);
       c.set("session", null);
       c.set("userId", null);
+      c.set("sessionStatus", "error");
       return await next();
     }
     const sessionData = await authInstance.getSession(c);
-    const { session, user } = sessionData;
+    const { session, user, status } = sessionData;
+    c.set("sessionStatus", status);
     if (!(session && user)) {
       c.set("user", null);
       c.set("session", null);
@@ -6145,16 +6314,9 @@ var createSessionMiddleware = () => {
 };
 
 // src/middlewares/tenant-middleware.ts
-import { logger } from "@mesob/common";
+import { logger as logger2 } from "@mesob/common";
 import { createMiddleware as createMiddleware2 } from "hono/factory";
-import { HTTPException as HTTPException2 } from "hono/http-exception";
-var TENANT_TEST_PATH = "/api/health/tenant-test";
-var AUTH_DOCS_PATHS = [
-  "/api/auth/docs",
-  "/api/auth/openapi.json",
-  "/api/docs",
-  "/api/openapi.json"
-];
+import { HTTPException as HTTPException3 } from "hono/http-exception";
 function resolveHost(hostHeader, forwardedHost) {
   const hostHeaderStr = hostHeader || "";
   const forwardedHostStr = forwardedHost || "";
@@ -6194,7 +6356,7 @@ async function resolveTenant(database, config, host) {
     }
     return { tenantId, tenant };
   } catch (err) {
-    logger.error("Tenant resolution error:", err);
+    logger2.error("Tenant resolution error:", err);
     throw err;
   }
 }
@@ -6212,19 +6374,13 @@ function validateTenant(tenantId, tenant) {
 }
 var createTenantMiddleware = (database, config) => {
   return createMiddleware2(async (c, next) => {
-    const pathname = new URL(c.req.url).pathname;
-    const isTenantTest = pathname === TENANT_TEST_PATH;
-    const isAuthDocs = AUTH_DOCS_PATHS.includes(pathname);
     const host = resolveHost(
       c.req.header("host"),
       c.req.header("x-forwarded-host")
     );
     c.set("host", host);
     if (!host) {
-      if (isTenantTest || isAuthDocs) {
-        return await next();
-      }
-      throw new HTTPException2(400, { message: "Missing Host header" });
+      throw new HTTPException3(400, { message: "Missing Host header" });
     }
     let tenantId = null;
     let tenant = null;
@@ -6233,15 +6389,13 @@ var createTenantMiddleware = (database, config) => {
       tenantId = result.tenantId;
       tenant = result.tenant;
     } catch {
-      if (!isTenantTest) {
-        throw new HTTPException2(500, { message: "Tenant resolution failed" });
-      }
+      throw new HTTPException3(500, { message: "Tenant resolution failed" });
     }
     c.set("tenantId", tenantId);
     c.set("tenant", tenant);
     const error = validateTenant(tenantId, tenant);
-    if (error && !isTenantTest && !isAuthDocs) {
-      throw new HTTPException2(404, { message: error });
+    if (error) {
+      throw new HTTPException3(404, { message: error });
     }
     return await next();
   });
@@ -6253,7 +6407,12 @@ var createGetSession = (database, config) => {
   return async (c) => {
     const sessionToken = getCookie4(c, getSessionCookieName(config));
     if (!sessionToken) {
-      return { session: null, user: null, sessionToken: null };
+      return {
+        session: null,
+        user: null,
+        sessionToken: null,
+        status: "no_cookie"
+      };
     }
     try {
       const hashedToken = await hashToken(sessionToken, config.secret);
@@ -6264,7 +6423,12 @@ var createGetSession = (database, config) => {
       });
       if (!session) {
         deleteSessionCookie(c, config);
-        return { session: null, user: null, sessionToken: null };
+        return {
+          session: null,
+          user: null,
+          sessionToken: null,
+          status: "invalid_session"
+        };
       }
       const user = await fetchUserWithRoles({
         database,
@@ -6278,7 +6442,12 @@ var createGetSession = (database, config) => {
           tenantId: session.tenantId
         });
         deleteSessionCookie(c, config);
-        return { session: null, user: null, sessionToken: null };
+        return {
+          session: null,
+          user: null,
+          sessionToken: null,
+          status: "user_not_found"
+        };
       }
       const rememberMe = session.meta?.rememberMe !== false;
       const updateAge = getSessionUpdateAge({
@@ -6302,21 +6471,22 @@ var createGetSession = (database, config) => {
         return {
           session: { ...session, expiresAt: newExpiresAt },
           user,
-          sessionToken
+          sessionToken,
+          status: "valid"
         };
       }
-      return { session, user, sessionToken };
+      return { session, user, sessionToken, status: "valid" };
     } catch {
-      return { session: null, user: null, sessionToken: null };
+      return { session: null, user: null, sessionToken: null, status: "error" };
     }
   };
 };
 
 // src/types/index.ts
-import { logger as logger2 } from "@mesob/common";
+import { logger as logger3 } from "@mesob/common";
 var createDefaultSendVerificationOTP = (expiresIn) => {
   return (params) => {
-    logger2.log(
+    logger3.log(
       `[Verification OTP] Code: ${params.code}, Hash: ${params.hash}, ExpiresIn: ${expiresIn}, Type: ${params.type}`
     );
   };
@@ -6330,6 +6500,7 @@ var defaultConfig = {
   resendInterval: "30s",
   sendVerificationOTP: createDefaultSendVerificationOTP("15m")
 };
+var defaultPhoneRegex = /^(\+2519|\+2517|2519|2517|09|07)\d{8}$/;
 var defaultAuthConfig = {
   tenant: {
     enabled: true,
@@ -6350,7 +6521,10 @@ var defaultAuthConfig = {
     maxPerUser: 5
   },
   email: defaultConfig,
-  phone: defaultConfig,
+  phone: {
+    ...defaultConfig,
+    phoneRegex: defaultPhoneRegex
+  },
   security: {
     maxLoginAttempts: 5,
     lockoutDuration: "15m"
@@ -6406,20 +6580,7 @@ var createMesobAuth = (authConfig) => {
   const getSession = createGetSession(database, config);
   const tenantMiddleware = createTenantMiddleware(database, config);
   const sessionMiddleware = createSessionMiddleware();
-  const routes2 = {
-    ...routesApp,
-    fetch: async (request, env) => {
-      if (basePath && request.url) {
-        const url = new URL(request.url);
-        if (url.pathname.startsWith(basePath)) {
-          url.pathname = url.pathname.slice(basePath.length) || "/";
-          const modifiedRequest = new Request(url, request);
-          return await routesApp.fetch(modifiedRequest, env);
-        }
-      }
-      return await routesApp.fetch(request, env);
-    }
-  };
+  const routes2 = routesApp;
   return {
     routes: routes2,
     getSession,