npm - @open-mercato/core - Versions diffs - 0.4.2-canary-07dbc98202 → 0.4.2-canary-1000cb714f - Mend

@open-mercato/core 0.4.2-canary-07dbc98202 → 0.4.2-canary-1000cb714f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

package/dist/modules/auth/api/reset/confirm.js CHANGED Viewed

@@ -1,9 +1,6 @@
 import { confirmPasswordResetSchema } from "@open-mercato/core/modules/auth/data/validators";
 import { NextResponse } from "next/server";
 import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
-import { buildNotificationFromType } from "@open-mercato/core/modules/notifications/lib/notificationBuilder";
-import { resolveNotificationService } from "@open-mercato/core/modules/notifications/lib/notificationService";
-import notificationTypes from "@open-mercato/core/modules/auth/notifications";
 import { z } from "zod";
 async function POST(req) {
   const form = await req.formData();
@@ -13,28 +10,8 @@ async function POST(req) {
   if (!parsed.success) return NextResponse.json({ ok: false, error: "Invalid request" }, { status: 400 });
   const c = await createRequestContainer();
   const auth = c.resolve("authService");
-  const user = await auth.confirmPasswordReset(parsed.data.token, parsed.data.password);
-  if (!user) return NextResponse.json({ ok: false, error: "Invalid or expired token" }, { status: 400 });
-  try {
-    const tenantId = user.tenantId ? String(user.tenantId) : null;
-    if (tenantId) {
-      const notificationService = resolveNotificationService(c);
-      const typeDef = notificationTypes.find((type) => type.type === "auth.password_reset.completed");
-      if (typeDef) {
-        const notificationInput = buildNotificationFromType(typeDef, {
-          recipientUserId: String(user.id),
-          sourceEntityType: "auth:user",
-          sourceEntityId: String(user.id)
-        });
-        await notificationService.create(notificationInput, {
-          tenantId,
-          organizationId: user.organizationId ? String(user.organizationId) : null
-        });
-      }
-    }
-  } catch (err) {
-    console.error("[auth.reset.confirm] Failed to create notification:", err);
-  }
+  const ok = await auth.confirmPasswordReset(parsed.data.token, parsed.data.password);
+  if (!ok) return NextResponse.json({ ok: false, error: "Invalid or expired token" }, { status: 400 });
   return NextResponse.json({ ok: true, redirect: "/login" });
 }
 const metadata = {

package/dist/modules/auth/api/reset/confirm.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/modules/auth/api/reset/confirm.ts"],
-  "sourcesContent": ["import { confirmPasswordResetSchema } from '@open-mercato/core/modules/auth/data/validators'\nimport { NextResponse } from 'next/server'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { AuthService } from '@open-mercato/core/modules/auth/services/authService'\nimport { buildNotificationFromType } from '@open-mercato/core/modules/notifications/lib/notificationBuilder'\nimport { resolveNotificationService } from '@open-mercato/core/modules/notifications/lib/notificationService'\nimport notificationTypes from '@open-mercato/core/modules/auth/notifications'\nimport { z } from 'zod'\n\n// validation via confirmPasswordResetSchema\n\nexport async function POST(req: Request) {\n  const form = await req.formData()\n  const token = String(form.get('token') ?? '')\n  const password = String(form.get('password') ?? '')\n  const parsed = confirmPasswordResetSchema.safeParse({ token, password })\n  if (!parsed.success) return NextResponse.json({ ok: false, error: 'Invalid request' }, { status: 400 })\n  const c = await createRequestContainer()\n  const auth = c.resolve<AuthService>('authService')\n  const user = await auth.confirmPasswordReset(parsed.data.token, parsed.data.password)\n  if (!user) return NextResponse.json({ ok: false, error: 'Invalid or expired token' }, { status: 400 })\n  try {\n    const tenantId = user.tenantId ? String(user.tenantId) : null\n    if (tenantId) {\n      const notificationService = resolveNotificationService(c)\n      const typeDef = notificationTypes.find((type) => type.type === 'auth.password_reset.completed')\n      if (typeDef) {\n        const notificationInput = buildNotificationFromType(typeDef, {\n          recipientUserId: String(user.id),\n          sourceEntityType: 'auth:user',\n          sourceEntityId: String(user.id),\n        })\n        await notificationService.create(notificationInput, {\n          tenantId,\n          organizationId: user.organizationId ? String(user.organizationId) : null,\n        })\n      }\n    }\n  } catch (err) {\n    console.error('[auth.reset.confirm] Failed to create notification:', err)\n  }\n  return NextResponse.json({ ok: true, redirect: '/login' })\n}\n\nexport const metadata = {\n  POST: {},\n}\n\nconst passwordResetConfirmResponseSchema = z.object({\n  ok: z.literal(true),\n  redirect: z.string(),\n})\n\nconst passwordResetErrorSchema = z.object({\n  ok: z.literal(false),\n  error: z.string(),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Confirm password reset',\n  methods: {\n    POST: {\n      summary: 'Complete password reset',\n      description: 'Validates the reset token and updates the user password.',\n      requestBody: {\n        contentType: 'application/x-www-form-urlencoded',\n        schema: confirmPasswordResetSchema,\n      },\n      responses: [\n        { status: 200, description: 'Password reset succeeded', schema: passwordResetConfirmResponseSchema },\n        { status: 400, description: 'Invalid token or payload', schema: passwordResetErrorSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,kCAAkC;AAC3C,SAAS,oBAAoB;AAE7B,SAAS,8BAA8B;AAEvC,SAAS,iCAAiC;AAC1C,SAAS,kCAAkC;AAC3C,OAAO,uBAAuB;AAC9B,SAAS,SAAS;AAIlB,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,KAAK,EAAE;AAC5C,QAAM,WAAW,OAAO,KAAK,IAAI,UAAU,KAAK,EAAE;AAClD,QAAM,SAAS,2BAA2B,UAAU,EAAE,OAAO,SAAS,CAAC;AACvE,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AACtG,QAAM,IAAI,MAAM,uBAAuB;AACvC,QAAM,OAAO,EAAE,QAAqB,aAAa;AACjD,QAAM,OAAO,MAAM,KAAK,qBAAqB,OAAO,KAAK,OAAO,OAAO,KAAK,QAAQ;AACpF,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AACrG,MAAI;AACF,UAAM,WAAW,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI;AACzD,QAAI,UAAU;AACZ,YAAM,sBAAsB,2BAA2B,CAAC;AACxD,YAAM,UAAU,kBAAkB,KAAK,CAAC,SAAS,KAAK,SAAS,+BAA+B;AAC9F,UAAI,SAAS;AACX,cAAM,oBAAoB,0BAA0B,SAAS;AAAA,UAC3D,iBAAiB,OAAO,KAAK,EAAE;AAAA,UAC/B,kBAAkB;AAAA,UAClB,gBAAgB,OAAO,KAAK,EAAE;AAAA,QAChC,CAAC;AACD,cAAM,oBAAoB,OAAO,mBAAmB;AAAA,UAClD;AAAA,UACA,gBAAgB,KAAK,iBAAiB,OAAO,KAAK,cAAc,IAAI;AAAA,QACtE,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,MAAM,uDAAuD,GAAG;AAAA,EAC1E;AACA,SAAO,aAAa,KAAK,EAAE,IAAI,MAAM,UAAU,SAAS,CAAC;AAC3D;AAEO,MAAM,WAAW;AAAA,EACtB,MAAM,CAAC;AACT;AAEA,MAAM,qCAAqC,EAAE,OAAO;AAAA,EAClD,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,UAAU,EAAE,OAAO;AACrB,CAAC;AAED,MAAM,2BAA2B,EAAE,OAAO;AAAA,EACxC,IAAI,EAAE,QAAQ,KAAK;AAAA,EACnB,OAAO,EAAE,OAAO;AAClB,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,mCAAmC;AAAA,QACnG,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,yBAAyB;AAAA,MAC3F;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["import { confirmPasswordResetSchema } from '@open-mercato/core/modules/auth/data/validators'\nimport { NextResponse } from 'next/server'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { AuthService } from '@open-mercato/core/modules/auth/services/authService'\nimport { z } from 'zod'\n\n// validation via confirmPasswordResetSchema\n\nexport async function POST(req: Request) {\n  const form = await req.formData()\n  const token = String(form.get('token') ?? '')\n  const password = String(form.get('password') ?? '')\n  const parsed = confirmPasswordResetSchema.safeParse({ token, password })\n  if (!parsed.success) return NextResponse.json({ ok: false, error: 'Invalid request' }, { status: 400 })\n  const c = await createRequestContainer()\n  const auth = c.resolve<AuthService>('authService')\n  const ok = await auth.confirmPasswordReset(parsed.data.token, parsed.data.password)\n  if (!ok) return NextResponse.json({ ok: false, error: 'Invalid or expired token' }, { status: 400 })\n  return NextResponse.json({ ok: true, redirect: '/login' })\n}\n\nexport const metadata = {\n  POST: {},\n}\n\nconst passwordResetConfirmResponseSchema = z.object({\n  ok: z.literal(true),\n  redirect: z.string(),\n})\n\nconst passwordResetErrorSchema = z.object({\n  ok: z.literal(false),\n  error: z.string(),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Confirm password reset',\n  methods: {\n    POST: {\n      summary: 'Complete password reset',\n      description: 'Validates the reset token and updates the user password.',\n      requestBody: {\n        contentType: 'application/x-www-form-urlencoded',\n        schema: confirmPasswordResetSchema,\n      },\n      responses: [\n        { status: 200, description: 'Password reset succeeded', schema: passwordResetConfirmResponseSchema },\n        { status: 400, description: 'Invalid token or payload', schema: passwordResetErrorSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,kCAAkC;AAC3C,SAAS,oBAAoB;AAE7B,SAAS,8BAA8B;AAEvC,SAAS,SAAS;AAIlB,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,KAAK,EAAE;AAC5C,QAAM,WAAW,OAAO,KAAK,IAAI,UAAU,KAAK,EAAE;AAClD,QAAM,SAAS,2BAA2B,UAAU,EAAE,OAAO,SAAS,CAAC;AACvE,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AACtG,QAAM,IAAI,MAAM,uBAAuB;AACvC,QAAM,OAAO,EAAE,QAAqB,aAAa;AACjD,QAAM,KAAK,MAAM,KAAK,qBAAqB,OAAO,KAAK,OAAO,OAAO,KAAK,QAAQ;AAClF,MAAI,CAAC,GAAI,QAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AACnG,SAAO,aAAa,KAAK,EAAE,IAAI,MAAM,UAAU,SAAS,CAAC;AAC3D;AAEO,MAAM,WAAW;AAAA,EACtB,MAAM,CAAC;AACT;AAEA,MAAM,qCAAqC,EAAE,OAAO;AAAA,EAClD,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,UAAU,EAAE,OAAO;AACrB,CAAC;AAED,MAAM,2BAA2B,EAAE,OAAO;AAAA,EACxC,IAAI,EAAE,QAAQ,KAAK;AAAA,EACnB,OAAO,EAAE,OAAO;AAClB,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,mCAAmC;AAAA,QACnG,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,yBAAyB;AAAA,MAC3F;AAAA,IACF;AAAA,EACF;AACF;",
   "names": []
 }

package/dist/modules/auth/api/reset.js CHANGED Viewed

@@ -4,9 +4,6 @@ import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
 import { sendEmail } from "@open-mercato/shared/lib/email/send";
 import ResetPasswordEmail from "@open-mercato/core/modules/auth/emails/ResetPasswordEmail";
 import { resolveTranslations } from "@open-mercato/shared/lib/i18n/server";
-import { buildNotificationFromType } from "@open-mercato/core/modules/notifications/lib/notificationBuilder";
-import { resolveNotificationService } from "@open-mercato/core/modules/notifications/lib/notificationService";
-import notificationTypes from "@open-mercato/core/modules/auth/notifications";
 import { z } from "zod";
 async function POST(req) {
   const form = await req.formData();
@@ -31,26 +28,6 @@ async function POST(req) {
     hint: translate("auth.email.resetPassword.hint", "If you didn't request this, you can safely ignore this email.")
   };
   await sendEmail({ to: user.email, subject, react: ResetPasswordEmail({ resetUrl, copy }) });
-  try {
-    const tenantId = user.tenantId ? String(user.tenantId) : null;
-    if (tenantId) {
-      const notificationService = resolveNotificationService(c);
-      const typeDef = notificationTypes.find((type) => type.type === "auth.password_reset.requested");
-      if (typeDef) {
-        const notificationInput = buildNotificationFromType(typeDef, {
-          recipientUserId: String(user.id),
-          sourceEntityType: "auth:user",
-          sourceEntityId: String(user.id)
-        });
-        await notificationService.create(notificationInput, {
-          tenantId,
-          organizationId: user.organizationId ? String(user.organizationId) : null
-        });
-      }
-    }
-  } catch (err) {
-    console.error("[auth.reset] Failed to create notification:", err);
-  }
   return NextResponse.json({ ok: true });
 }
 const metadata = {

package/dist/modules/auth/api/reset.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/auth/api/reset.ts"],
-  "sourcesContent": ["import { requestPasswordResetSchema } from '@open-mercato/core/modules/auth/data/validators'\nimport { NextResponse } from 'next/server'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { AuthService } from '@open-mercato/core/modules/auth/services/authService'\nimport { sendEmail } from '@open-mercato/shared/lib/email/send'\nimport ResetPasswordEmail from '@open-mercato/core/modules/auth/emails/ResetPasswordEmail'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { buildNotificationFromType } from '@open-mercato/core/modules/notifications/lib/notificationBuilder'\nimport { resolveNotificationService } from '@open-mercato/core/modules/notifications/lib/notificationService'\nimport notificationTypes from '@open-mercato/core/modules/auth/notifications'\nimport { z } from 'zod'\n\n// validation via requestPasswordResetSchema\n\nexport async function POST(req: Request) {\n  const form = await req.formData()\n  const email = String(form.get('email') ?? '')\n  const parsed = requestPasswordResetSchema.safeParse({ email })\n  if (!parsed.success) return NextResponse.json({ ok: true }) // do not reveal\n  const c = await createRequestContainer()\n  const auth = c.resolve<AuthService>('authService')\n  const resReq = await auth.requestPasswordReset(parsed.data.email)\n  if (!resReq) return NextResponse.json({ ok: true })\n  const { user, token } = resReq\n  const url = new URL(req.url)\n  const base = process.env.APP_URL || `${url.protocol}//${url.host}`\n  const resetUrl = `${base}/reset/${token}`\n\n  const { translate } = await resolveTranslations()\n  const subject = translate('auth.email.resetPassword.subject', 'Reset your password')\n  const copy = {\n    preview: translate('auth.email.resetPassword.preview', 'Reset your password'),\n    title: translate('auth.email.resetPassword.title', 'Reset your password'),\n    body: translate('auth.email.resetPassword.body', 'Click the link below to set a new password. This link will expire in 60 minutes.'),\n    cta: translate('auth.email.resetPassword.cta', 'Set a new password'),\n    hint: translate('auth.email.resetPassword.hint', \"If you didn't request this, you can safely ignore this email.\"),\n  }\n\n  await sendEmail({ to: user.email, subject, react: ResetPasswordEmail({ resetUrl, copy }) })\n  try {\n    const tenantId = user.tenantId ? String(user.tenantId) : null\n    if (tenantId) {\n      const notificationService = resolveNotificationService(c)\n      const typeDef = notificationTypes.find((type) => type.type === 'auth.password_reset.requested')\n      if (typeDef) {\n        const notificationInput = buildNotificationFromType(typeDef, {\n          recipientUserId: String(user.id),\n          sourceEntityType: 'auth:user',\n          sourceEntityId: String(user.id),\n        })\n        await notificationService.create(notificationInput, {\n          tenantId,\n          organizationId: user.organizationId ? String(user.organizationId) : null,\n        })\n      }\n    }\n  } catch (err) {\n    console.error('[auth.reset] Failed to create notification:', err)\n  }\n  return NextResponse.json({ ok: true })\n}\n\nexport const metadata = {\n  POST: {},\n}\n\nconst passwordResetRequestSchema = z.object({\n  email: z.string().email(),\n})\n\nconst passwordResetResponseSchema = z.object({\n  ok: z.literal(true),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Request password reset',\n  methods: {\n    POST: {\n      summary: 'Send reset email',\n      description: 'Requests a password reset email for the given account. The endpoint always returns `ok: true` to avoid leaking account existence.',\n      requestBody: {\n        contentType: 'application/x-www-form-urlencoded',\n        schema: passwordResetRequestSchema,\n      },\n      responses: [\n        { status: 200, description: 'Reset email dispatched (or ignored for unknown accounts)', schema: passwordResetResponseSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,kCAAkC;AAC3C,SAAS,oBAAoB;AAE7B,SAAS,8BAA8B;AAEvC,SAAS,iBAAiB;AAC1B,OAAO,wBAAwB;AAC/B,SAAS,2BAA2B;AACpC,SAAS,iCAAiC;AAC1C,SAAS,kCAAkC;AAC3C,OAAO,uBAAuB;AAC9B,SAAS,SAAS;AAIlB,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,KAAK,EAAE;AAC5C,QAAM,SAAS,2BAA2B,UAAU,EAAE,MAAM,CAAC;AAC7D,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAC1D,QAAM,IAAI,MAAM,uBAAuB;AACvC,QAAM,OAAO,EAAE,QAAqB,aAAa;AACjD,QAAM,SAAS,MAAM,KAAK,qBAAqB,OAAO,KAAK,KAAK;AAChE,MAAI,CAAC,OAAQ,QAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAClD,QAAM,EAAE,MAAM,MAAM,IAAI;AACxB,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,OAAO,QAAQ,IAAI,WAAW,GAAG,IAAI,QAAQ,KAAK,IAAI,IAAI;AAChE,QAAM,WAAW,GAAG,IAAI,UAAU,KAAK;AAEvC,QAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAM,UAAU,UAAU,oCAAoC,qBAAqB;AACnF,QAAM,OAAO;AAAA,IACX,SAAS,UAAU,oCAAoC,qBAAqB;AAAA,IAC5E,OAAO,UAAU,kCAAkC,qBAAqB;AAAA,IACxE,MAAM,UAAU,iCAAiC,kFAAkF;AAAA,IACnI,KAAK,UAAU,gCAAgC,oBAAoB;AAAA,IACnE,MAAM,UAAU,iCAAiC,+DAA+D;AAAA,EAClH;AAEA,QAAM,UAAU,EAAE,IAAI,KAAK,OAAO,SAAS,OAAO,mBAAmB,EAAE,UAAU,KAAK,CAAC,EAAE,CAAC;AAC1F,MAAI;AACF,UAAM,WAAW,KAAK,WAAW,OAAO,KAAK,QAAQ,IAAI;AACzD,QAAI,UAAU;AACZ,YAAM,sBAAsB,2BAA2B,CAAC;AACxD,YAAM,UAAU,kBAAkB,KAAK,CAAC,SAAS,KAAK,SAAS,+BAA+B;AAC9F,UAAI,SAAS;AACX,cAAM,oBAAoB,0BAA0B,SAAS;AAAA,UAC3D,iBAAiB,OAAO,KAAK,EAAE;AAAA,UAC/B,kBAAkB;AAAA,UAClB,gBAAgB,OAAO,KAAK,EAAE;AAAA,QAChC,CAAC;AACD,cAAM,oBAAoB,OAAO,mBAAmB;AAAA,UAClD;AAAA,UACA,gBAAgB,KAAK,iBAAiB,OAAO,KAAK,cAAc,IAAI;AAAA,QACtE,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,MAAM,+CAA+C,GAAG;AAAA,EAClE;AACA,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEO,MAAM,WAAW;AAAA,EACtB,MAAM,CAAC;AACT;AAEA,MAAM,6BAA6B,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,MAAM;AAC1B,CAAC;AAED,MAAM,8BAA8B,EAAE,OAAO;AAAA,EAC3C,IAAI,EAAE,QAAQ,IAAI;AACpB,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,4DAA4D,QAAQ,4BAA4B;AAAA,MAC9H;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["import { requestPasswordResetSchema } from '@open-mercato/core/modules/auth/data/validators'\nimport { NextResponse } from 'next/server'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { AuthService } from '@open-mercato/core/modules/auth/services/authService'\nimport { sendEmail } from '@open-mercato/shared/lib/email/send'\nimport ResetPasswordEmail from '@open-mercato/core/modules/auth/emails/ResetPasswordEmail'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { z } from 'zod'\n\n// validation via requestPasswordResetSchema\n\nexport async function POST(req: Request) {\n  const form = await req.formData()\n  const email = String(form.get('email') ?? '')\n  const parsed = requestPasswordResetSchema.safeParse({ email })\n  if (!parsed.success) return NextResponse.json({ ok: true }) // do not reveal\n  const c = await createRequestContainer()\n  const auth = c.resolve<AuthService>('authService')\n  const resReq = await auth.requestPasswordReset(parsed.data.email)\n  if (!resReq) return NextResponse.json({ ok: true })\n  const { user, token } = resReq\n  const url = new URL(req.url)\n  const base = process.env.APP_URL || `${url.protocol}//${url.host}`\n  const resetUrl = `${base}/reset/${token}`\n\n  const { translate } = await resolveTranslations()\n  const subject = translate('auth.email.resetPassword.subject', 'Reset your password')\n  const copy = {\n    preview: translate('auth.email.resetPassword.preview', 'Reset your password'),\n    title: translate('auth.email.resetPassword.title', 'Reset your password'),\n    body: translate('auth.email.resetPassword.body', 'Click the link below to set a new password. This link will expire in 60 minutes.'),\n    cta: translate('auth.email.resetPassword.cta', 'Set a new password'),\n    hint: translate('auth.email.resetPassword.hint', \"If you didn't request this, you can safely ignore this email.\"),\n  }\n\n  await sendEmail({ to: user.email, subject, react: ResetPasswordEmail({ resetUrl, copy }) })\n  return NextResponse.json({ ok: true })\n}\n\nexport const metadata = {\n  POST: {},\n}\n\nconst passwordResetRequestSchema = z.object({\n  email: z.string().email(),\n})\n\nconst passwordResetResponseSchema = z.object({\n  ok: z.literal(true),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Request password reset',\n  methods: {\n    POST: {\n      summary: 'Send reset email',\n      description: 'Requests a password reset email for the given account. The endpoint always returns `ok: true` to avoid leaking account existence.',\n      requestBody: {\n        contentType: 'application/x-www-form-urlencoded',\n        schema: passwordResetRequestSchema,\n      },\n      responses: [\n        { status: 200, description: 'Reset email dispatched (or ignored for unknown accounts)', schema: passwordResetResponseSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,kCAAkC;AAC3C,SAAS,oBAAoB;AAE7B,SAAS,8BAA8B;AAEvC,SAAS,iBAAiB;AAC1B,OAAO,wBAAwB;AAC/B,SAAS,2BAA2B;AACpC,SAAS,SAAS;AAIlB,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,KAAK,EAAE;AAC5C,QAAM,SAAS,2BAA2B,UAAU,EAAE,MAAM,CAAC;AAC7D,MAAI,CAAC,OAAO,QAAS,QAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAC1D,QAAM,IAAI,MAAM,uBAAuB;AACvC,QAAM,OAAO,EAAE,QAAqB,aAAa;AACjD,QAAM,SAAS,MAAM,KAAK,qBAAqB,OAAO,KAAK,KAAK;AAChE,MAAI,CAAC,OAAQ,QAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAClD,QAAM,EAAE,MAAM,MAAM,IAAI;AACxB,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,OAAO,QAAQ,IAAI,WAAW,GAAG,IAAI,QAAQ,KAAK,IAAI,IAAI;AAChE,QAAM,WAAW,GAAG,IAAI,UAAU,KAAK;AAEvC,QAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAM,UAAU,UAAU,oCAAoC,qBAAqB;AACnF,QAAM,OAAO;AAAA,IACX,SAAS,UAAU,oCAAoC,qBAAqB;AAAA,IAC5E,OAAO,UAAU,kCAAkC,qBAAqB;AAAA,IACxE,MAAM,UAAU,iCAAiC,kFAAkF;AAAA,IACnI,KAAK,UAAU,gCAAgC,oBAAoB;AAAA,IACnE,MAAM,UAAU,iCAAiC,+DAA+D;AAAA,EAClH;AAEA,QAAM,UAAU,EAAE,IAAI,KAAK,OAAO,SAAS,OAAO,mBAAmB,EAAE,UAAU,KAAK,CAAC,EAAE,CAAC;AAC1F,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEO,MAAM,WAAW;AAAA,EACtB,MAAM,CAAC;AACT;AAEA,MAAM,6BAA6B,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,MAAM;AAC1B,CAAC;AAED,MAAM,8BAA8B,EAAE,OAAO;AAAA,EAC3C,IAAI,EAAE,QAAQ,IAAI;AACpB,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,4DAA4D,QAAQ,4BAA4B;AAAA,MAC9H;AAAA,IACF;AAAA,EACF;AACF;",
   "names": []
 }

package/dist/modules/auth/api/sidebar/preferences/route.js CHANGED Viewed

@@ -53,13 +53,12 @@ async function GET(req) {
     ["auth.sidebar.manage"],
     { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null }
   ) ?? false;
-  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub;
-  const settings = effectiveUserId ? await loadSidebarPreference(em, {
-    userId: effectiveUserId,
+  const settings = await loadSidebarPreference(em, {
+    userId: auth.sub,
     tenantId: auth.tenantId ?? null,
     organizationId: auth.orgId ?? null,
     locale
-  }) : null;
+  });
   let rolesPayload = [];
   if (canApplyToRoles) {
     const roleScope = auth.tenantId ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] } : { tenantId: null };
@@ -78,11 +77,11 @@ async function GET(req) {
   return NextResponse.json({
     locale,
     settings: {
-      version: settings?.version ?? SIDEBAR_PREFERENCES_VERSION,
-      groupOrder: settings?.groupOrder ?? [],
-      groupLabels: settings?.groupLabels ?? {},
-      itemLabels: settings?.itemLabels ?? {},
-      hiddenItems: settings?.hiddenItems ?? []
+      version: settings.version ?? SIDEBAR_PREFERENCES_VERSION,
+      groupOrder: settings.groupOrder ?? [],
+      groupLabels: settings.groupLabels ?? {},
+      itemLabels: settings.itemLabels ?? {},
+      hiddenItems: settings.hiddenItems ?? []
     },
     canApplyToRoles,
     roles: rolesPayload
@@ -91,10 +90,6 @@ async function GET(req) {
 async function PUT(req) {
   const auth = await getAuthFromRequest(req);
   if (!auth) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub;
-  if (!effectiveUserId) {
-    return NextResponse.json({ error: "Cannot save preferences: no user associated with this API key" }, { status: 403 });
-  }
   let parsedBody;
   try {
     parsedBody = await req.json();
@@ -161,7 +156,7 @@ async function PUT(req) {
     return NextResponse.json({ error: "Forbidden", requiredFeatures: ["auth.sidebar.manage"] }, { status: 403 });
   }
   const settings = await saveSidebarPreference(em, {
-    userId: effectiveUserId,
+    userId: auth.sub,
     tenantId: auth.tenantId ?? null,
     organizationId: auth.orgId ?? null,
     locale

package/dist/modules/auth/api/sidebar/preferences/route.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../../src/modules/auth/api/sidebar/preferences/route.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { sidebarPreferencesInputSchema } from '../../../data/validators'\nimport {\n  loadRoleSidebarPreferences,\n  loadSidebarPreference,\n  saveRoleSidebarPreference,\n  saveSidebarPreference,\n} from '../../../services/sidebarPreferencesService'\nimport { SIDEBAR_PREFERENCES_VERSION } from '@open-mercato/shared/modules/navigation/sidebarPreferences'\nimport { Role, RoleSidebarPreference } from '../../../data/entities'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { z } from 'zod'\n\nexport const metadata = {\n  GET: { requireAuth: true },\n  PUT: { requireAuth: true },\n}\n\nconst sidebarSettingsSchema = z.object({\n  version: z.number().int().positive(),\n  groupOrder: z.array(z.string()),\n  groupLabels: z.record(z.string(), z.string()),\n  itemLabels: z.record(z.string(), z.string()),\n  hiddenItems: z.array(z.string()),\n})\n\nconst sidebarRoleEntrySchema = z.object({\n  id: z.string().uuid(),\n  name: z.string(),\n  hasPreference: z.boolean(),\n})\n\nconst sidebarPreferencesResponseSchema = z.object({\n  locale: z.string(),\n  settings: sidebarSettingsSchema,\n  canApplyToRoles: z.boolean(),\n  roles: z.array(sidebarRoleEntrySchema),\n})\n\nconst sidebarPreferencesUpdateResponseSchema = sidebarPreferencesResponseSchema.extend({\n  appliedRoles: z.array(z.string().uuid()),\n  clearedRoles: z.array(z.string().uuid()),\n})\n\nconst sidebarErrorSchema = z.object({\n  error: z.string(),\n})\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n\n  const { locale } = await resolveTranslations()\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as any\n  const rbac = resolve('rbacService') as any\n\n  const canApplyToRoles = await rbac.userHasAllFeatures?.(\n    auth.sub,\n    ['auth.sidebar.manage'],\n    { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n  ) ?? false\n\n  // For API key auth, use userId (the actual user) if available\n  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub\n  const settings = effectiveUserId\n    ? await loadSidebarPreference(em, {\n        userId: effectiveUserId,\n        tenantId: auth.tenantId ?? null,\n        organizationId: auth.orgId ?? null,\n        locale,\n      })\n    : null\n\n  let rolesPayload: Array<{ id: string; name: string; hasPreference: boolean }> = []\n  if (canApplyToRoles) {\n    const roleScope = auth.tenantId\n      ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] }\n      : { tenantId: null }\n    const roles = await em.find(Role, roleScope as any, { orderBy: { name: 'asc' } })\n    const rolePrefs = await loadRoleSidebarPreferences(em, {\n      roleIds: roles.map((r: Role) => r.id),\n      tenantId: auth.tenantId ?? null,\n      locale,\n    })\n    rolesPayload = roles.map((role: Role) => ({\n      id: role.id,\n      name: role.name,\n      hasPreference: rolePrefs.has(role.id),\n    }))\n  }\n\n  return NextResponse.json({\n    locale,\n    settings: {\n      version: settings?.version ?? SIDEBAR_PREFERENCES_VERSION,\n      groupOrder: settings?.groupOrder ?? [],\n      groupLabels: settings?.groupLabels ?? {},\n      itemLabels: settings?.itemLabels ?? {},\n      hiddenItems: settings?.hiddenItems ?? [],\n    },\n    canApplyToRoles,\n    roles: rolesPayload,\n  })\n}\n\nexport async function PUT(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n  // For API key auth, use userId (the actual user) if available\n  const effectiveUserId = auth.isApiKey ? auth.userId : auth.sub\n  if (!effectiveUserId) {\n    return NextResponse.json({ error: 'Cannot save preferences: no user associated with this API key' }, { status: 403 })\n  }\n\n  let parsedBody: unknown\n  try {\n    parsedBody = await req.json()\n  } catch {\n    return NextResponse.json({ error: 'Invalid JSON' }, { status: 400 })\n  }\n\n  const parsed = sidebarPreferencesInputSchema.safeParse(parsedBody)\n  if (!parsed.success) {\n    return NextResponse.json({ error: 'Invalid payload', details: parsed.error.flatten() }, { status: 400 })\n  }\n\n  const sanitizeRecord = (record?: Record<string, string>) => {\n    if (!record) return {}\n    const result: Record<string, string> = {}\n    for (const [key, value] of Object.entries(record)) {\n      const trimmedKey = key.trim()\n      const trimmedValue = value.trim()\n      if (!trimmedKey || !trimmedValue) continue\n      result[trimmedKey] = trimmedValue\n    }\n    return result\n  }\n\n  const groupOrderSource = parsed.data.groupOrder ?? []\n  const seen = new Set<string>()\n  const groupOrder: string[] = []\n  for (const id of groupOrderSource) {\n    const trimmed = id.trim()\n    if (!trimmed || seen.has(trimmed)) continue\n    seen.add(trimmed)\n    groupOrder.push(trimmed)\n  }\n\n  const payload = {\n    version: parsed.data.version ?? SIDEBAR_PREFERENCES_VERSION,\n    groupOrder,\n    groupLabels: sanitizeRecord(parsed.data.groupLabels),\n    itemLabels: sanitizeRecord(parsed.data.itemLabels),\n    hiddenItems: (() => {\n      const source = parsed.data.hiddenItems ?? []\n      const seenHidden = new Set<string>()\n      const values: string[] = []\n      for (const href of source) {\n        const trimmed = href.trim()\n        if (!trimmed || seenHidden.has(trimmed)) continue\n        seenHidden.add(trimmed)\n        values.push(trimmed)\n      }\n      return values\n    })(),\n  }\n\n  const { locale } = await resolveTranslations()\n  const container = await createRequestContainer()\n  const em = container.resolve('em') as any\n  const rbac = container.resolve('rbacService') as any\n  const cache = container.resolve('cache') as { deleteByTags?: (tags: string[]) => Promise<unknown> } | undefined\n\n  const applyToRolesSource = parsed.data.applyToRoles ?? []\n  const applyToRoles = Array.from(new Set(applyToRolesSource.map((id) => id.trim()).filter((id) => id.length > 0)))\n  const clearRoleIdsSource = parsed.data.clearRoleIds ?? []\n  const clearRoleIds = Array.from(new Set(clearRoleIdsSource.map((id) => id.trim()).filter((id) => id.length > 0)))\n\n  const canApplyToRoles = await rbac.userHasAllFeatures?.(\n    auth.sub,\n    ['auth.sidebar.manage'],\n    { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n  ) ?? false\n\n  if ((applyToRoles.length > 0 || clearRoleIds.length > 0) && !canApplyToRoles) {\n    return NextResponse.json({ error: 'Forbidden', requiredFeatures: ['auth.sidebar.manage'] }, { status: 403 })\n  }\n\n  const settings = await saveSidebarPreference(em, {\n    userId: effectiveUserId,\n    tenantId: auth.tenantId ?? null,\n    organizationId: auth.orgId ?? null,\n    locale,\n  }, payload)\n\n  const roleScope = auth.tenantId\n    ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] }\n    : { tenantId: null }\n  const availableRoles = canApplyToRoles\n    ? await em.find(Role, roleScope as any, { orderBy: { name: 'asc' } })\n    : []\n  const roleMap = new Map<string, Role>(availableRoles.map((role: Role) => [String(role.id), role]))\n\n  let updatedRoleIds: string[] = []\n  if (applyToRoles.length > 0) {\n    const missing = applyToRoles.filter((id) => !roleMap.has(id))\n    if (missing.length) {\n      return NextResponse.json({ error: 'Invalid roles', missing }, { status: 400 })\n    }\n    for (const roleId of applyToRoles) {\n      const role = roleMap.get(roleId)!\n      await saveRoleSidebarPreference(em, {\n        roleId: role.id,\n        tenantId: auth.tenantId ?? null,\n        locale,\n      }, payload)\n      updatedRoleIds.push(role.id)\n    }\n  }\n\n  const filteredClearRoleIds = clearRoleIds.filter((id) => !updatedRoleIds.includes(id) && !applyToRoles.includes(id))\n\n  if (filteredClearRoleIds.length > 0) {\n    await em.nativeDelete(RoleSidebarPreference, {\n      role: { $in: filteredClearRoleIds },\n      locale,\n      tenantId: auth.tenantId ?? null,\n    })\n    if (cache?.deleteByTags) {\n      try {\n        await cache.deleteByTags(filteredClearRoleIds.map((roleId) => `nav:sidebar:role:${roleId}`))\n      } catch {}\n    }\n  }\n\n  if (cache?.deleteByTags) {\n    const tags = [\n      `nav:sidebar:user:${auth.sub}`,\n      `nav:sidebar:scope:${auth.sub}:${auth.tenantId ?? 'null'}:${auth.orgId ?? 'null'}:${locale}`,\n      ...updatedRoleIds.map((roleId) => `nav:sidebar:role:${roleId}`),\n    ]\n    try {\n      await cache.deleteByTags(tags)\n    } catch {}\n  }\n\n  let rolesPayload: Array<{ id: string; name: string; hasPreference: boolean }> = []\n  if (canApplyToRoles) {\n    const rolePrefs = await loadRoleSidebarPreferences(em, {\n      roleIds: availableRoles.map((role: Role) => role.id),\n      tenantId: auth.tenantId ?? null,\n      locale,\n    })\n    rolesPayload = availableRoles.map((role: Role) => ({\n      id: role.id,\n      name: role.name,\n      hasPreference: rolePrefs.has(role.id),\n    }))\n  }\n\n  return NextResponse.json({\n    locale,\n    settings,\n    canApplyToRoles,\n    roles: rolesPayload,\n    appliedRoles: updatedRoleIds,\n    clearedRoles: filteredClearRoleIds,\n  })\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Sidebar preferences',\n  methods: {\n    GET: {\n      summary: 'Get sidebar preferences',\n      description: 'Returns personal sidebar customization and any role-level preferences the user can manage.',\n      responses: [\n        { status: 200, description: 'Current sidebar configuration', schema: sidebarPreferencesResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: sidebarErrorSchema },\n      ],\n    },\n    PUT: {\n      summary: 'Update sidebar preferences',\n      description: 'Updates personal sidebar configuration and, optionally, applies the same settings to selected roles.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: sidebarPreferencesInputSchema,\n      },\n      responses: [\n        { status: 200, description: 'Preferences saved', schema: sidebarPreferencesUpdateResponseSchema },\n        { status: 400, description: 'Invalid payload', schema: sidebarErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: sidebarErrorSchema },\n        { status: 403, description: 'Missing features for role-wide updates', schema: sidebarErrorSchema },\n      ],\n    },\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,0BAA0B;AACnC,SAAS,2BAA2B;AACpC,SAAS,8BAA8B;AACvC,SAAS,qCAAqC;AAC9C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,mCAAmC;AAC5C,SAAS,MAAM,6BAA6B;AAE5C,SAAS,SAAS;AAEX,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,KAAK;AAAA,EACzB,KAAK,EAAE,aAAa,KAAK;AAC3B;AAEA,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACnC,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAC9B,aAAa,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC;AAAA,EAC5C,YAAY,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC;AAAA,EAC3C,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC;AACjC,CAAC;AAED,MAAM,yBAAyB,EAAE,OAAO;AAAA,EACtC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,MAAM,EAAE,OAAO;AAAA,EACf,eAAe,EAAE,QAAQ;AAC3B,CAAC;AAED,MAAM,mCAAmC,EAAE,OAAO;AAAA,EAChD,QAAQ,EAAE,OAAO;AAAA,EACjB,UAAU;AAAA,EACV,iBAAiB,EAAE,QAAQ;AAAA,EAC3B,OAAO,EAAE,MAAM,sBAAsB;AACvC,CAAC;AAED,MAAM,yCAAyC,iCAAiC,OAAO;AAAA,EACrF,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC;AAAA,EACvC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC;AACzC,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE9E,QAAM,EAAE,OAAO,IAAI,MAAM,oBAAoB;AAC7C,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,OAAO,QAAQ,aAAa;AAElC,QAAM,kBAAkB,MAAM,KAAK;AAAA,IACjC,KAAK;AAAA,IACL,CAAC,qBAAqB;AAAA,IACtB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,KAAK;AAGL,QAAM,kBAAkB,KAAK,WAAW,KAAK,SAAS,KAAK;AAC3D,QAAM,WAAW,kBACb,MAAM,sBAAsB,IAAI;AAAA,IAC9B,QAAQ;AAAA,IACR,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B;AAAA,EACF,CAAC,IACD;AAEJ,MAAI,eAA4E,CAAC;AACjF,MAAI,iBAAiB;AACnB,UAAM,YAAY,KAAK,WACnB,EAAE,KAAK,CAAC,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAC,EAAE,IACzD,EAAE,UAAU,KAAK;AACrB,UAAM,QAAQ,MAAM,GAAG,KAAK,MAAM,WAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,EAAE,CAAC;AAChF,UAAM,YAAY,MAAM,2BAA2B,IAAI;AAAA,MACrD,SAAS,MAAM,IAAI,CAAC,MAAY,EAAE,EAAE;AAAA,MACpC,UAAU,KAAK,YAAY;AAAA,MAC3B;AAAA,IACF,CAAC;AACD,mBAAe,MAAM,IAAI,CAAC,UAAgB;AAAA,MACxC,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,eAAe,UAAU,IAAI,KAAK,EAAE;AAAA,IACtC,EAAE;AAAA,EACJ;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB;AAAA,IACA,UAAU;AAAA,MACR,SAAS,UAAU,WAAW;AAAA,MAC9B,YAAY,UAAU,cAAc,CAAC;AAAA,MACrC,aAAa,UAAU,eAAe,CAAC;AAAA,MACvC,YAAY,UAAU,cAAc,CAAC;AAAA,MACrC,aAAa,UAAU,eAAe,CAAC;AAAA,IACzC;AAAA,IACA;AAAA,IACA,OAAO;AAAA,EACT,CAAC;AACH;AAEA,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE9E,QAAM,kBAAkB,KAAK,WAAW,KAAK,SAAS,KAAK;AAC3D,MAAI,CAAC,iBAAiB;AACpB,WAAO,aAAa,KAAK,EAAE,OAAO,gEAAgE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACtH;AAEA,MAAI;AACJ,MAAI;AACF,iBAAa,MAAM,IAAI,KAAK;AAAA,EAC9B,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,QAAM,SAAS,8BAA8B,UAAU,UAAU;AACjE,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,OAAO,mBAAmB,SAAS,OAAO,MAAM,QAAQ,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzG;AAEA,QAAM,iBAAiB,CAAC,WAAoC;AAC1D,QAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,UAAM,SAAiC,CAAC;AACxC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,YAAM,aAAa,IAAI,KAAK;AAC5B,YAAM,eAAe,MAAM,KAAK;AAChC,UAAI,CAAC,cAAc,CAAC,aAAc;AAClC,aAAO,UAAU,IAAI;AAAA,IACvB;AACA,WAAO;AAAA,EACT;AAEA,QAAM,mBAAmB,OAAO,KAAK,cAAc,CAAC;AACpD,QAAM,OAAO,oBAAI,IAAY;AAC7B,QAAM,aAAuB,CAAC;AAC9B,aAAW,MAAM,kBAAkB;AACjC,UAAM,UAAU,GAAG,KAAK;AACxB,QAAI,CAAC,WAAW,KAAK,IAAI,OAAO,EAAG;AACnC,SAAK,IAAI,OAAO;AAChB,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,QAAM,UAAU;AAAA,IACd,SAAS,OAAO,KAAK,WAAW;AAAA,IAChC;AAAA,IACA,aAAa,eAAe,OAAO,KAAK,WAAW;AAAA,IACnD,YAAY,eAAe,OAAO,KAAK,UAAU;AAAA,IACjD,cAAc,MAAM;AAClB,YAAM,SAAS,OAAO,KAAK,eAAe,CAAC;AAC3C,YAAM,aAAa,oBAAI,IAAY;AACnC,YAAM,SAAmB,CAAC;AAC1B,iBAAW,QAAQ,QAAQ;AACzB,cAAM,UAAU,KAAK,KAAK;AAC1B,YAAI,CAAC,WAAW,WAAW,IAAI,OAAO,EAAG;AACzC,mBAAW,IAAI,OAAO;AACtB,eAAO,KAAK,OAAO;AAAA,MACrB;AACA,aAAO;AAAA,IACT,GAAG;AAAA,EACL;AAEA,QAAM,EAAE,OAAO,IAAI,MAAM,oBAAoB;AAC7C,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,OAAO,UAAU,QAAQ,aAAa;AAC5C,QAAM,QAAQ,UAAU,QAAQ,OAAO;AAEvC,QAAM,qBAAqB,OAAO,KAAK,gBAAgB,CAAC;AACxD,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,mBAAmB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC;AAChH,QAAM,qBAAqB,OAAO,KAAK,gBAAgB,CAAC;AACxD,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,mBAAmB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC;AAEhH,QAAM,kBAAkB,MAAM,KAAK;AAAA,IACjC,KAAK;AAAA,IACL,CAAC,qBAAqB;AAAA,IACtB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,KAAK;AAEL,OAAK,aAAa,SAAS,KAAK,aAAa,SAAS,MAAM,CAAC,iBAAiB;AAC5E,WAAO,aAAa,KAAK,EAAE,OAAO,aAAa,kBAAkB,CAAC,qBAAqB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7G;AAEA,QAAM,WAAW,MAAM,sBAAsB,IAAI;AAAA,IAC/C,QAAQ;AAAA,IACR,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B;AAAA,EACF,GAAG,OAAO;AAEV,QAAM,YAAY,KAAK,WACnB,EAAE,KAAK,CAAC,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAC,EAAE,IACzD,EAAE,UAAU,KAAK;AACrB,QAAM,iBAAiB,kBACnB,MAAM,GAAG,KAAK,MAAM,WAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,EAAE,CAAC,IAClE,CAAC;AACL,QAAM,UAAU,IAAI,IAAkB,eAAe,IAAI,CAAC,SAAe,CAAC,OAAO,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;AAEjG,MAAI,iBAA2B,CAAC;AAChC,MAAI,aAAa,SAAS,GAAG;AAC3B,UAAM,UAAU,aAAa,OAAO,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;AAC5D,QAAI,QAAQ,QAAQ;AAClB,aAAO,aAAa,KAAK,EAAE,OAAO,iBAAiB,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC/E;AACA,eAAW,UAAU,cAAc;AACjC,YAAM,OAAO,QAAQ,IAAI,MAAM;AAC/B,YAAM,0BAA0B,IAAI;AAAA,QAClC,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK,YAAY;AAAA,QAC3B;AAAA,MACF,GAAG,OAAO;AACV,qBAAe,KAAK,KAAK,EAAE;AAAA,IAC7B;AAAA,EACF;AAEA,QAAM,uBAAuB,aAAa,OAAO,CAAC,OAAO,CAAC,eAAe,SAAS,EAAE,KAAK,CAAC,aAAa,SAAS,EAAE,CAAC;AAEnH,MAAI,qBAAqB,SAAS,GAAG;AACnC,UAAM,GAAG,aAAa,uBAAuB;AAAA,MAC3C,MAAM,EAAE,KAAK,qBAAqB;AAAA,MAClC;AAAA,MACA,UAAU,KAAK,YAAY;AAAA,IAC7B,CAAC;AACD,QAAI,OAAO,cAAc;AACvB,UAAI;AACF,cAAM,MAAM,aAAa,qBAAqB,IAAI,CAAC,WAAW,oBAAoB,MAAM,EAAE,CAAC;AAAA,MAC7F,QAAQ;AAAA,MAAC;AAAA,IACX;AAAA,EACF;AAEA,MAAI,OAAO,cAAc;AACvB,UAAM,OAAO;AAAA,MACX,oBAAoB,KAAK,GAAG;AAAA,MAC5B,qBAAqB,KAAK,GAAG,IAAI,KAAK,YAAY,MAAM,IAAI,KAAK,SAAS,MAAM,IAAI,MAAM;AAAA,MAC1F,GAAG,eAAe,IAAI,CAAC,WAAW,oBAAoB,MAAM,EAAE;AAAA,IAChE;AACA,QAAI;AACF,YAAM,MAAM,aAAa,IAAI;AAAA,IAC/B,QAAQ;AAAA,IAAC;AAAA,EACX;AAEA,MAAI,eAA4E,CAAC;AACjF,MAAI,iBAAiB;AACnB,UAAM,YAAY,MAAM,2BAA2B,IAAI;AAAA,MACrD,SAAS,eAAe,IAAI,CAAC,SAAe,KAAK,EAAE;AAAA,MACnD,UAAU,KAAK,YAAY;AAAA,MAC3B;AAAA,IACF,CAAC;AACD,mBAAe,eAAe,IAAI,CAAC,UAAgB;AAAA,MACjD,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,eAAe,UAAU,IAAI,KAAK,EAAE;AAAA,IACtC,EAAE;AAAA,EACJ;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,cAAc;AAAA,IACd,cAAc;AAAA,EAChB,CAAC;AACH;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,iCAAiC,QAAQ,iCAAiC;AAAA,QACtG,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,MACzE;AAAA,IACF;AAAA,IACA,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,uCAAuC;AAAA,QAChG,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,mBAAmB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,QACvE,EAAE,QAAQ,KAAK,aAAa,0CAA0C,QAAQ,mBAAmB;AAAA,MACnG;AAAA,IACF;AAAA,EACF;AACF;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { sidebarPreferencesInputSchema } from '../../../data/validators'\nimport {\n  loadRoleSidebarPreferences,\n  loadSidebarPreference,\n  saveRoleSidebarPreference,\n  saveSidebarPreference,\n} from '../../../services/sidebarPreferencesService'\nimport { SIDEBAR_PREFERENCES_VERSION } from '@open-mercato/shared/modules/navigation/sidebarPreferences'\nimport { Role, RoleSidebarPreference } from '../../../data/entities'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { z } from 'zod'\n\nexport const metadata = {\n  GET: { requireAuth: true },\n  PUT: { requireAuth: true },\n}\n\nconst sidebarSettingsSchema = z.object({\n  version: z.number().int().positive(),\n  groupOrder: z.array(z.string()),\n  groupLabels: z.record(z.string(), z.string()),\n  itemLabels: z.record(z.string(), z.string()),\n  hiddenItems: z.array(z.string()),\n})\n\nconst sidebarRoleEntrySchema = z.object({\n  id: z.string().uuid(),\n  name: z.string(),\n  hasPreference: z.boolean(),\n})\n\nconst sidebarPreferencesResponseSchema = z.object({\n  locale: z.string(),\n  settings: sidebarSettingsSchema,\n  canApplyToRoles: z.boolean(),\n  roles: z.array(sidebarRoleEntrySchema),\n})\n\nconst sidebarPreferencesUpdateResponseSchema = sidebarPreferencesResponseSchema.extend({\n  appliedRoles: z.array(z.string().uuid()),\n  clearedRoles: z.array(z.string().uuid()),\n})\n\nconst sidebarErrorSchema = z.object({\n  error: z.string(),\n})\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n\n  const { locale } = await resolveTranslations()\n  const { resolve } = await createRequestContainer()\n  const em = resolve('em') as any\n  const rbac = resolve('rbacService') as any\n\n  const canApplyToRoles = await rbac.userHasAllFeatures?.(\n    auth.sub,\n    ['auth.sidebar.manage'],\n    { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n  ) ?? false\n\n  const settings = await loadSidebarPreference(em, {\n    userId: auth.sub,\n    tenantId: auth.tenantId ?? null,\n    organizationId: auth.orgId ?? null,\n    locale,\n  })\n\n  let rolesPayload: Array<{ id: string; name: string; hasPreference: boolean }> = []\n  if (canApplyToRoles) {\n    const roleScope = auth.tenantId\n      ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] }\n      : { tenantId: null }\n    const roles = await em.find(Role, roleScope as any, { orderBy: { name: 'asc' } })\n    const rolePrefs = await loadRoleSidebarPreferences(em, {\n      roleIds: roles.map((r: Role) => r.id),\n      tenantId: auth.tenantId ?? null,\n      locale,\n    })\n    rolesPayload = roles.map((role: Role) => ({\n      id: role.id,\n      name: role.name,\n      hasPreference: rolePrefs.has(role.id),\n    }))\n  }\n\n  return NextResponse.json({\n    locale,\n    settings: {\n      version: settings.version ?? SIDEBAR_PREFERENCES_VERSION,\n      groupOrder: settings.groupOrder ?? [],\n      groupLabels: settings.groupLabels ?? {},\n      itemLabels: settings.itemLabels ?? {},\n      hiddenItems: settings.hiddenItems ?? [],\n    },\n    canApplyToRoles,\n    roles: rolesPayload,\n  })\n}\n\nexport async function PUT(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n\n  let parsedBody: unknown\n  try {\n    parsedBody = await req.json()\n  } catch {\n    return NextResponse.json({ error: 'Invalid JSON' }, { status: 400 })\n  }\n\n  const parsed = sidebarPreferencesInputSchema.safeParse(parsedBody)\n  if (!parsed.success) {\n    return NextResponse.json({ error: 'Invalid payload', details: parsed.error.flatten() }, { status: 400 })\n  }\n\n  const sanitizeRecord = (record?: Record<string, string>) => {\n    if (!record) return {}\n    const result: Record<string, string> = {}\n    for (const [key, value] of Object.entries(record)) {\n      const trimmedKey = key.trim()\n      const trimmedValue = value.trim()\n      if (!trimmedKey || !trimmedValue) continue\n      result[trimmedKey] = trimmedValue\n    }\n    return result\n  }\n\n  const groupOrderSource = parsed.data.groupOrder ?? []\n  const seen = new Set<string>()\n  const groupOrder: string[] = []\n  for (const id of groupOrderSource) {\n    const trimmed = id.trim()\n    if (!trimmed || seen.has(trimmed)) continue\n    seen.add(trimmed)\n    groupOrder.push(trimmed)\n  }\n\n  const payload = {\n    version: parsed.data.version ?? SIDEBAR_PREFERENCES_VERSION,\n    groupOrder,\n    groupLabels: sanitizeRecord(parsed.data.groupLabels),\n    itemLabels: sanitizeRecord(parsed.data.itemLabels),\n    hiddenItems: (() => {\n      const source = parsed.data.hiddenItems ?? []\n      const seenHidden = new Set<string>()\n      const values: string[] = []\n      for (const href of source) {\n        const trimmed = href.trim()\n        if (!trimmed || seenHidden.has(trimmed)) continue\n        seenHidden.add(trimmed)\n        values.push(trimmed)\n      }\n      return values\n    })(),\n  }\n\n  const { locale } = await resolveTranslations()\n  const container = await createRequestContainer()\n  const em = container.resolve('em') as any\n  const rbac = container.resolve('rbacService') as any\n  const cache = container.resolve('cache') as { deleteByTags?: (tags: string[]) => Promise<unknown> } | undefined\n\n  const applyToRolesSource = parsed.data.applyToRoles ?? []\n  const applyToRoles = Array.from(new Set(applyToRolesSource.map((id) => id.trim()).filter((id) => id.length > 0)))\n  const clearRoleIdsSource = parsed.data.clearRoleIds ?? []\n  const clearRoleIds = Array.from(new Set(clearRoleIdsSource.map((id) => id.trim()).filter((id) => id.length > 0)))\n\n  const canApplyToRoles = await rbac.userHasAllFeatures?.(\n    auth.sub,\n    ['auth.sidebar.manage'],\n    { tenantId: auth.tenantId ?? null, organizationId: auth.orgId ?? null },\n  ) ?? false\n\n  if ((applyToRoles.length > 0 || clearRoleIds.length > 0) && !canApplyToRoles) {\n    return NextResponse.json({ error: 'Forbidden', requiredFeatures: ['auth.sidebar.manage'] }, { status: 403 })\n  }\n\n  const settings = await saveSidebarPreference(em, {\n    userId: auth.sub,\n    tenantId: auth.tenantId ?? null,\n    organizationId: auth.orgId ?? null,\n    locale,\n  }, payload)\n\n  const roleScope = auth.tenantId\n    ? { $or: [{ tenantId: auth.tenantId }, { tenantId: null }] }\n    : { tenantId: null }\n  const availableRoles = canApplyToRoles\n    ? await em.find(Role, roleScope as any, { orderBy: { name: 'asc' } })\n    : []\n  const roleMap = new Map<string, Role>(availableRoles.map((role: Role) => [String(role.id), role]))\n\n  let updatedRoleIds: string[] = []\n  if (applyToRoles.length > 0) {\n    const missing = applyToRoles.filter((id) => !roleMap.has(id))\n    if (missing.length) {\n      return NextResponse.json({ error: 'Invalid roles', missing }, { status: 400 })\n    }\n    for (const roleId of applyToRoles) {\n      const role = roleMap.get(roleId)!\n      await saveRoleSidebarPreference(em, {\n        roleId: role.id,\n        tenantId: auth.tenantId ?? null,\n        locale,\n      }, payload)\n      updatedRoleIds.push(role.id)\n    }\n  }\n\n  const filteredClearRoleIds = clearRoleIds.filter((id) => !updatedRoleIds.includes(id) && !applyToRoles.includes(id))\n\n  if (filteredClearRoleIds.length > 0) {\n    await em.nativeDelete(RoleSidebarPreference, {\n      role: { $in: filteredClearRoleIds },\n      locale,\n      tenantId: auth.tenantId ?? null,\n    })\n    if (cache?.deleteByTags) {\n      try {\n        await cache.deleteByTags(filteredClearRoleIds.map((roleId) => `nav:sidebar:role:${roleId}`))\n      } catch {}\n    }\n  }\n\n  if (cache?.deleteByTags) {\n    const tags = [\n      `nav:sidebar:user:${auth.sub}`,\n      `nav:sidebar:scope:${auth.sub}:${auth.tenantId ?? 'null'}:${auth.orgId ?? 'null'}:${locale}`,\n      ...updatedRoleIds.map((roleId) => `nav:sidebar:role:${roleId}`),\n    ]\n    try {\n      await cache.deleteByTags(tags)\n    } catch {}\n  }\n\n  let rolesPayload: Array<{ id: string; name: string; hasPreference: boolean }> = []\n  if (canApplyToRoles) {\n    const rolePrefs = await loadRoleSidebarPreferences(em, {\n      roleIds: availableRoles.map((role: Role) => role.id),\n      tenantId: auth.tenantId ?? null,\n      locale,\n    })\n    rolesPayload = availableRoles.map((role: Role) => ({\n      id: role.id,\n      name: role.name,\n      hasPreference: rolePrefs.has(role.id),\n    }))\n  }\n\n  return NextResponse.json({\n    locale,\n    settings,\n    canApplyToRoles,\n    roles: rolesPayload,\n    appliedRoles: updatedRoleIds,\n    clearedRoles: filteredClearRoleIds,\n  })\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Authentication & Accounts',\n  summary: 'Sidebar preferences',\n  methods: {\n    GET: {\n      summary: 'Get sidebar preferences',\n      description: 'Returns personal sidebar customization and any role-level preferences the user can manage.',\n      responses: [\n        { status: 200, description: 'Current sidebar configuration', schema: sidebarPreferencesResponseSchema },\n        { status: 401, description: 'Unauthorized', schema: sidebarErrorSchema },\n      ],\n    },\n    PUT: {\n      summary: 'Update sidebar preferences',\n      description: 'Updates personal sidebar configuration and, optionally, applies the same settings to selected roles.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: sidebarPreferencesInputSchema,\n      },\n      responses: [\n        { status: 200, description: 'Preferences saved', schema: sidebarPreferencesUpdateResponseSchema },\n        { status: 400, description: 'Invalid payload', schema: sidebarErrorSchema },\n        { status: 401, description: 'Unauthorized', schema: sidebarErrorSchema },\n        { status: 403, description: 'Missing features for role-wide updates', schema: sidebarErrorSchema },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,0BAA0B;AACnC,SAAS,2BAA2B;AACpC,SAAS,8BAA8B;AACvC,SAAS,qCAAqC;AAC9C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,mCAAmC;AAC5C,SAAS,MAAM,6BAA6B;AAE5C,SAAS,SAAS;AAEX,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,KAAK;AAAA,EACzB,KAAK,EAAE,aAAa,KAAK;AAC3B;AAEA,MAAM,wBAAwB,EAAE,OAAO;AAAA,EACrC,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EACnC,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAC9B,aAAa,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC;AAAA,EAC5C,YAAY,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC;AAAA,EAC3C,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC;AACjC,CAAC;AAED,MAAM,yBAAyB,EAAE,OAAO;AAAA,EACtC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,MAAM,EAAE,OAAO;AAAA,EACf,eAAe,EAAE,QAAQ;AAC3B,CAAC;AAED,MAAM,mCAAmC,EAAE,OAAO;AAAA,EAChD,QAAQ,EAAE,OAAO;AAAA,EACjB,UAAU;AAAA,EACV,iBAAiB,EAAE,QAAQ;AAAA,EAC3B,OAAO,EAAE,MAAM,sBAAsB;AACvC,CAAC;AAED,MAAM,yCAAyC,iCAAiC,OAAO;AAAA,EACrF,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC;AAAA,EACvC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC;AACzC,CAAC;AAED,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE9E,QAAM,EAAE,OAAO,IAAI,MAAM,oBAAoB;AAC7C,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,OAAO,QAAQ,aAAa;AAElC,QAAM,kBAAkB,MAAM,KAAK;AAAA,IACjC,KAAK;AAAA,IACL,CAAC,qBAAqB;AAAA,IACtB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,KAAK;AAEL,QAAM,WAAW,MAAM,sBAAsB,IAAI;AAAA,IAC/C,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B;AAAA,EACF,CAAC;AAED,MAAI,eAA4E,CAAC;AACjF,MAAI,iBAAiB;AACnB,UAAM,YAAY,KAAK,WACnB,EAAE,KAAK,CAAC,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAC,EAAE,IACzD,EAAE,UAAU,KAAK;AACrB,UAAM,QAAQ,MAAM,GAAG,KAAK,MAAM,WAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,EAAE,CAAC;AAChF,UAAM,YAAY,MAAM,2BAA2B,IAAI;AAAA,MACrD,SAAS,MAAM,IAAI,CAAC,MAAY,EAAE,EAAE;AAAA,MACpC,UAAU,KAAK,YAAY;AAAA,MAC3B;AAAA,IACF,CAAC;AACD,mBAAe,MAAM,IAAI,CAAC,UAAgB;AAAA,MACxC,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,eAAe,UAAU,IAAI,KAAK,EAAE;AAAA,IACtC,EAAE;AAAA,EACJ;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB;AAAA,IACA,UAAU;AAAA,MACR,SAAS,SAAS,WAAW;AAAA,MAC7B,YAAY,SAAS,cAAc,CAAC;AAAA,MACpC,aAAa,SAAS,eAAe,CAAC;AAAA,MACtC,YAAY,SAAS,cAAc,CAAC;AAAA,MACpC,aAAa,SAAS,eAAe,CAAC;AAAA,IACxC;AAAA,IACA;AAAA,IACA,OAAO;AAAA,EACT,CAAC;AACH;AAEA,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAE9E,MAAI;AACJ,MAAI;AACF,iBAAa,MAAM,IAAI,KAAK;AAAA,EAC9B,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,QAAM,SAAS,8BAA8B,UAAU,UAAU;AACjE,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,OAAO,mBAAmB,SAAS,OAAO,MAAM,QAAQ,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzG;AAEA,QAAM,iBAAiB,CAAC,WAAoC;AAC1D,QAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,UAAM,SAAiC,CAAC;AACxC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,YAAM,aAAa,IAAI,KAAK;AAC5B,YAAM,eAAe,MAAM,KAAK;AAChC,UAAI,CAAC,cAAc,CAAC,aAAc;AAClC,aAAO,UAAU,IAAI;AAAA,IACvB;AACA,WAAO;AAAA,EACT;AAEA,QAAM,mBAAmB,OAAO,KAAK,cAAc,CAAC;AACpD,QAAM,OAAO,oBAAI,IAAY;AAC7B,QAAM,aAAuB,CAAC;AAC9B,aAAW,MAAM,kBAAkB;AACjC,UAAM,UAAU,GAAG,KAAK;AACxB,QAAI,CAAC,WAAW,KAAK,IAAI,OAAO,EAAG;AACnC,SAAK,IAAI,OAAO;AAChB,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,QAAM,UAAU;AAAA,IACd,SAAS,OAAO,KAAK,WAAW;AAAA,IAChC;AAAA,IACA,aAAa,eAAe,OAAO,KAAK,WAAW;AAAA,IACnD,YAAY,eAAe,OAAO,KAAK,UAAU;AAAA,IACjD,cAAc,MAAM;AAClB,YAAM,SAAS,OAAO,KAAK,eAAe,CAAC;AAC3C,YAAM,aAAa,oBAAI,IAAY;AACnC,YAAM,SAAmB,CAAC;AAC1B,iBAAW,QAAQ,QAAQ;AACzB,cAAM,UAAU,KAAK,KAAK;AAC1B,YAAI,CAAC,WAAW,WAAW,IAAI,OAAO,EAAG;AACzC,mBAAW,IAAI,OAAO;AACtB,eAAO,KAAK,OAAO;AAAA,MACrB;AACA,aAAO;AAAA,IACT,GAAG;AAAA,EACL;AAEA,QAAM,EAAE,OAAO,IAAI,MAAM,oBAAoB;AAC7C,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,OAAO,UAAU,QAAQ,aAAa;AAC5C,QAAM,QAAQ,UAAU,QAAQ,OAAO;AAEvC,QAAM,qBAAqB,OAAO,KAAK,gBAAgB,CAAC;AACxD,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,mBAAmB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC;AAChH,QAAM,qBAAqB,OAAO,KAAK,gBAAgB,CAAC;AACxD,QAAM,eAAe,MAAM,KAAK,IAAI,IAAI,mBAAmB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,EAAE,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC;AAEhH,QAAM,kBAAkB,MAAM,KAAK;AAAA,IACjC,KAAK;AAAA,IACL,CAAC,qBAAqB;AAAA,IACtB,EAAE,UAAU,KAAK,YAAY,MAAM,gBAAgB,KAAK,SAAS,KAAK;AAAA,EACxE,KAAK;AAEL,OAAK,aAAa,SAAS,KAAK,aAAa,SAAS,MAAM,CAAC,iBAAiB;AAC5E,WAAO,aAAa,KAAK,EAAE,OAAO,aAAa,kBAAkB,CAAC,qBAAqB,EAAE,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7G;AAEA,QAAM,WAAW,MAAM,sBAAsB,IAAI;AAAA,IAC/C,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK,YAAY;AAAA,IAC3B,gBAAgB,KAAK,SAAS;AAAA,IAC9B;AAAA,EACF,GAAG,OAAO;AAEV,QAAM,YAAY,KAAK,WACnB,EAAE,KAAK,CAAC,EAAE,UAAU,KAAK,SAAS,GAAG,EAAE,UAAU,KAAK,CAAC,EAAE,IACzD,EAAE,UAAU,KAAK;AACrB,QAAM,iBAAiB,kBACnB,MAAM,GAAG,KAAK,MAAM,WAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,EAAE,CAAC,IAClE,CAAC;AACL,QAAM,UAAU,IAAI,IAAkB,eAAe,IAAI,CAAC,SAAe,CAAC,OAAO,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;AAEjG,MAAI,iBAA2B,CAAC;AAChC,MAAI,aAAa,SAAS,GAAG;AAC3B,UAAM,UAAU,aAAa,OAAO,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;AAC5D,QAAI,QAAQ,QAAQ;AAClB,aAAO,aAAa,KAAK,EAAE,OAAO,iBAAiB,QAAQ,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC/E;AACA,eAAW,UAAU,cAAc;AACjC,YAAM,OAAO,QAAQ,IAAI,MAAM;AAC/B,YAAM,0BAA0B,IAAI;AAAA,QAClC,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK,YAAY;AAAA,QAC3B;AAAA,MACF,GAAG,OAAO;AACV,qBAAe,KAAK,KAAK,EAAE;AAAA,IAC7B;AAAA,EACF;AAEA,QAAM,uBAAuB,aAAa,OAAO,CAAC,OAAO,CAAC,eAAe,SAAS,EAAE,KAAK,CAAC,aAAa,SAAS,EAAE,CAAC;AAEnH,MAAI,qBAAqB,SAAS,GAAG;AACnC,UAAM,GAAG,aAAa,uBAAuB;AAAA,MAC3C,MAAM,EAAE,KAAK,qBAAqB;AAAA,MAClC;AAAA,MACA,UAAU,KAAK,YAAY;AAAA,IAC7B,CAAC;AACD,QAAI,OAAO,cAAc;AACvB,UAAI;AACF,cAAM,MAAM,aAAa,qBAAqB,IAAI,CAAC,WAAW,oBAAoB,MAAM,EAAE,CAAC;AAAA,MAC7F,QAAQ;AAAA,MAAC;AAAA,IACX;AAAA,EACF;AAEA,MAAI,OAAO,cAAc;AACvB,UAAM,OAAO;AAAA,MACX,oBAAoB,KAAK,GAAG;AAAA,MAC5B,qBAAqB,KAAK,GAAG,IAAI,KAAK,YAAY,MAAM,IAAI,KAAK,SAAS,MAAM,IAAI,MAAM;AAAA,MAC1F,GAAG,eAAe,IAAI,CAAC,WAAW,oBAAoB,MAAM,EAAE;AAAA,IAChE;AACA,QAAI;AACF,YAAM,MAAM,aAAa,IAAI;AAAA,IAC/B,QAAQ;AAAA,IAAC;AAAA,EACX;AAEA,MAAI,eAA4E,CAAC;AACjF,MAAI,iBAAiB;AACnB,UAAM,YAAY,MAAM,2BAA2B,IAAI;AAAA,MACrD,SAAS,eAAe,IAAI,CAAC,SAAe,KAAK,EAAE;AAAA,MACnD,UAAU,KAAK,YAAY;AAAA,MAC3B;AAAA,IACF,CAAC;AACD,mBAAe,eAAe,IAAI,CAAC,UAAgB;AAAA,MACjD,IAAI,KAAK;AAAA,MACT,MAAM,KAAK;AAAA,MACX,eAAe,UAAU,IAAI,KAAK,EAAE;AAAA,IACtC,EAAE;AAAA,EACJ;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,cAAc;AAAA,IACd,cAAc;AAAA,EAChB,CAAC;AACH;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,iCAAiC,QAAQ,iCAAiC;AAAA,QACtG,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,MACzE;AAAA,IACF;AAAA,IACA,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,uCAAuC;AAAA,QAChG,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,mBAAmB;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,mBAAmB;AAAA,QACvE,EAAE,QAAQ,KAAK,aAAa,0CAA0C,QAAQ,mBAAmB;AAAA,MACnG;AAAA,IACF;AAAA,EACF;AACF;",
   "names": []
 }

package/dist/modules/auth/commands/users.js CHANGED Viewed

@@ -22,9 +22,6 @@ import {
 import { normalizeTenantId } from "@open-mercato/core/modules/auth/lib/tenantAccess";
 import { computeEmailHash } from "@open-mercato/core/modules/auth/lib/emailHash";
 import { findOneWithDecryption, findWithDecryption } from "@open-mercato/shared/lib/encryption/find";
-import { buildNotificationFromType } from "@open-mercato/core/modules/notifications/lib/notificationBuilder";
-import { resolveNotificationService } from "@open-mercato/core/modules/notifications/lib/notificationService";
-import notificationTypes from "@open-mercato/core/modules/auth/notifications";
 const createSchema = z.object({
   email: z.string().email(),
   password: z.string().min(6),
@@ -63,38 +60,6 @@ const userCrudIndexer = {
     tenantId: ctx.identifiers.tenantId
   })
 };
-async function notifyRoleChanges(ctx, user, assignedRoles, revokedRoles) {
-  const tenantId = user.tenantId ? String(user.tenantId) : null;
-  if (!tenantId) return;
-  const organizationId = user.organizationId ? String(user.organizationId) : null;
-  try {
-    const notificationService = resolveNotificationService(ctx.container);
-    if (assignedRoles.length) {
-      const assignedType = notificationTypes.find((type) => type.type === "auth.role.assigned");
-      if (assignedType) {
-        const notificationInput = buildNotificationFromType(assignedType, {
-          recipientUserId: String(user.id),
-          sourceEntityType: "auth:user",
-          sourceEntityId: String(user.id)
-        });
-        await notificationService.create(notificationInput, { tenantId, organizationId });
-      }
-    }
-    if (revokedRoles.length) {
-      const revokedType = notificationTypes.find((type) => type.type === "auth.role.revoked");
-      if (revokedType) {
-        const notificationInput = buildNotificationFromType(revokedType, {
-          recipientUserId: String(user.id),
-          sourceEntityType: "auth:user",
-          sourceEntityId: String(user.id)
-        });
-        await notificationService.create(notificationInput, { tenantId, organizationId });
-      }
-    }
-  } catch (err) {
-    console.error("[auth.users.roles] Failed to create notification:", err);
-  }
-}
 const createUserCommand = {
   id: "auth.users.create",
   async execute(rawInput, ctx) {
@@ -132,10 +97,8 @@ const createUserCommand = {
       if (isUniqueViolation(error)) await throwDuplicateEmailError();
       throw error;
     }
-    let assignedRoles = [];
     if (Array.isArray(parsed.roles) && parsed.roles.length) {
       await syncUserRoles(em, user, parsed.roles, tenantId);
-      assignedRoles = await loadUserRoleNames(em, String(user.id));
     }
     await setCustomFieldsIfAny({
       dataEngine: de,
@@ -157,9 +120,6 @@ const createUserCommand = {
       events: userCrudEvents,
       indexer: userCrudIndexer
     });
-    if (assignedRoles.length) {
-      await notifyRoleChanges(ctx, user, assignedRoles, []);
-    }
     return user;
   },
   captureAfter: async (_input, result, ctx) => {
@@ -270,7 +230,6 @@ const updateUserCommand = {
   async execute(rawInput, ctx) {
     const { parsed, custom } = parseWithCustomFields(updateSchema, rawInput);
     const em = ctx.container.resolve("em");
-    const rolesBefore = Array.isArray(parsed.roles) ? await loadUserRoleNames(em, parsed.id) : null;
     if (parsed.email !== void 0) {
       const emailHash2 = computeEmailHash(parsed.email);
       const duplicate = await em.findOne(
@@ -351,13 +310,6 @@ const updateUserCommand = {
       events: userCrudEvents,
       indexer: userCrudIndexer
     });
-    if (Array.isArray(parsed.roles) && rolesBefore) {
-      const rolesAfter = await loadUserRoleNames(em, String(user.id));
-      const { assigned, revoked } = diffRoleChanges(rolesBefore, rolesAfter);
-      if (assigned.length || revoked.length) {
-        await notifyRoleChanges(ctx, user, assigned, revoked);
-      }
-    }
     await invalidateUserCache(ctx, parsed.id);
     return user;
   },
@@ -704,13 +656,6 @@ async function invalidateUserCache(ctx, userId) {
   } catch {
   }
 }
-function diffRoleChanges(before, after) {
-  const beforeSet = new Set(before);
-  const afterSet = new Set(after);
-  const assigned = after.filter((role) => !beforeSet.has(role));
-  const revoked = before.filter((role) => !afterSet.has(role));
-  return { assigned, revoked };
-}
 function arrayEquals(left, right) {
   if (!left) return false;
   if (left.length !== right.length) return false;