npm - @open-mercato/core - Versions diffs - 0.4.8-develop-28cee031d6 → 0.4.8-develop-15259be22b - Mend

@open-mercato/core 0.4.8-develop-28cee031d6 → 0.4.8-develop-15259be22b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/dist/modules/customer_accounts/api/admin/users.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/modules/customer_accounts/api/admin/users.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { CustomerUser, CustomerUserRole, CustomerRole } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { adminCreateUserSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\n\nexport const metadata = {}\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.view'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as EntityManager\n\n  const url = new URL(req.url)\n  const page = Math.max(1, parseInt(url.searchParams.get('page') || '1'))\n  const pageSize = Math.min(100, Math.max(1, parseInt(url.searchParams.get('pageSize') || '25')))\n  const status = url.searchParams.get('status') as 'active' | 'inactive' | 'locked' | null\n  const customerEntityId = url.searchParams.get('customerEntityId')\n  const personEntityId = url.searchParams.get('personEntityId')\n  const roleId = url.searchParams.get('roleId')\n  const search = url.searchParams.get('search')\n\n  const where: Record<string, unknown> = {\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    deletedAt: null,\n  }\n\n  if (status === 'active') {\n    where.isActive = true\n    where.$or = [{ lockedUntil: null }, { lockedUntil: { $lt: new Date() } }]\n  } else if (status === 'inactive') {\n    where.isActive = false\n  } else if (status === 'locked') {\n    where.lockedUntil = { $gt: new Date() }\n  }\n\n  if (customerEntityId) {\n    where.customerEntityId = customerEntityId\n  }\n\n  if (personEntityId) {\n    where.personEntityId = personEntityId\n  }\n\n  if (search) {\n    const escapedSearch = search.replace(/[%_\\\\]/g, '\\\\$&')\n    const searchFilter = [\n      { email: { $ilike: `%${escapedSearch}%` } },\n      { displayName: { $ilike: `%${escapedSearch}%` } },\n    ]\n    if (where.$or) {\n      where.$and = [{ $or: where.$or }, { $or: searchFilter }]\n      delete where.$or\n    } else {\n      where.$or = searchFilter\n    }\n  }\n\n  let userIds: string[] | null = null\n  if (roleId) {\n    const roleLinks = await em.find(CustomerUserRole, {\n      role: roleId as any,\n      deletedAt: null,\n    })\n    userIds = roleLinks.map((link) => (link.user as any)?.id || (link.user as unknown as string))\n    if (userIds.length === 0) {\n      return NextResponse.json({\n        ok: true,\n        items: [],\n        total: 0,\n        totalPages: 1,\n        page,\n      })\n    }\n    where.id = { $in: userIds }\n  }\n\n  const offset = (page - 1) * pageSize\n  const [users, total] = await em.findAndCount(CustomerUser, where as any, {\n    orderBy: { createdAt: 'DESC' },\n    limit: pageSize,\n    offset,\n  })\n\n  const items = await Promise.all(users.map(async (user) => {\n    const userRoles = await em.find(CustomerUserRole, {\n      user: user.id as any,\n      deletedAt: null,\n    }, { populate: ['role'] })\n    const roles = userRoles.map((ur) => ({\n      id: (ur.role as any).id,\n      name: (ur.role as any).name,\n      slug: (ur.role as any).slug,\n    }))\n\n    return {\n      id: user.id,\n      email: user.email,\n      displayName: user.displayName,\n      emailVerified: !!user.emailVerifiedAt,\n      isActive: user.isActive,\n      lockedUntil: user.lockedUntil || null,\n      lastLoginAt: user.lastLoginAt || null,\n      customerEntityId: user.customerEntityId || null,\n      personEntityId: user.personEntityId || null,\n      createdAt: user.createdAt,\n      roles,\n    }\n  }))\n\n  const totalPages = Math.max(1, Math.ceil(total / pageSize))\n\n  return NextResponse.json({\n    ok: true,\n    items,\n    total,\n    totalPages,\n    page,\n  })\n}\n\nexport async function POST(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = adminCreateUserSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const em = container.resolve('em') as EntityManager\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n\n  const existing = await customerUserService.findByEmail(parsed.data.email, auth.tenantId!)\n  if (existing) {\n    return NextResponse.json({ ok: false, error: 'A user with this email already exists' }, { status: 409 })\n  }\n\n  const user = await customerUserService.createUser(\n    parsed.data.email,\n    parsed.data.password,\n    parsed.data.displayName,\n    { tenantId: auth.tenantId!, organizationId: auth.orgId! },\n  )\n  em.persist(user)\n  await em.flush()\n\n  if (parsed.data.customerEntityId) {\n    await em.nativeUpdate(CustomerUser, { id: user.id }, { customerEntityId: parsed.data.customerEntityId })\n  }\n\n  if (parsed.data.roleIds && parsed.data.roleIds.length > 0) {\n    const validRoles: InstanceType<typeof CustomerRole>[] = []\n    for (const roleId of parsed.data.roleIds) {\n      const role = await em.findOne(CustomerRole, { id: roleId, tenantId: auth.tenantId, deletedAt: null })\n      if (role) validRoles.push(role)\n    }\n    for (const role of validRoles) {\n      const userRole = em.create(CustomerUserRole, {\n        user,\n        role,\n        createdAt: new Date(),\n      } as any)\n      em.persist(userRole)\n    }\n    await em.flush()\n  }\n\n  void emitCustomerAccountsEvent('customer_accounts.user.created', {\n    id: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    createdBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({\n    ok: true,\n    user: { id: user.id, email: user.email, displayName: user.displayName },\n  }, { status: 201 })\n}\n\nconst roleSchema = z.object({ id: z.string().uuid(), name: z.string(), slug: z.string() })\nconst userSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string(),\n  displayName: z.string(),\n  emailVerified: z.boolean(),\n  isActive: z.boolean(),\n  lockedUntil: z.string().datetime().nullable(),\n  lastLoginAt: z.string().datetime().nullable(),\n  customerEntityId: z.string().uuid().nullable(),\n  personEntityId: z.string().uuid().nullable(),\n  createdAt: z.string().datetime(),\n  roles: z.array(roleSchema),\n})\n\nconst successSchema = z.object({\n  ok: z.literal(true),\n  user: z.object({ id: z.string().uuid(), email: z.string(), displayName: z.string() }),\n})\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst getMethodDoc: OpenApiMethodDoc = {\n  summary: 'List customer users (admin)',\n  description: 'Returns a paginated list of customer users with roles. Supports filtering by status, company, role, and search.',\n  tags: ['Customer Accounts Admin'],\n  query: z.object({\n    page: z.number().int().positive().optional(),\n    pageSize: z.number().int().positive().max(100).optional(),\n    status: z.enum(['active', 'inactive', 'locked']).optional(),\n    customerEntityId: z.string().uuid().optional(),\n    roleId: z.string().uuid().optional(),\n    search: z.string().optional(),\n  }),\n  responses: [{\n    status: 200,\n    description: 'Paginated user list',\n    schema: z.object({ ok: z.literal(true), items: z.array(userSchema), total: z.number(), totalPages: z.number(), page: z.number() }),\n  }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n  ],\n}\n\nconst postMethodDoc: OpenApiMethodDoc = {\n  summary: 'Create customer user (admin)',\n  description: 'Creates a new customer user directly. Staff-initiated, bypasses signup flow.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: adminCreateUserSchema },\n  responses: [{ status: 201, description: 'User created', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 409, description: 'Email already exists', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer user management (admin)',\n  methods: {\n    GET: getMethodDoc,\n    POST: postMethodDoc,\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,cAAc,kBAAkB,oBAAoB;AAE7D,SAAS,6BAA6B;AACtC,SAAS,iCAAiC;AAEnC,MAAM,WAAW,CAAC;AAEzB,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,wBAAwB,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACpJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,OAAO,KAAK,IAAI,GAAG,SAAS,IAAI,aAAa,IAAI,MAAM,KAAK,GAAG,CAAC;AACtE,QAAM,WAAW,KAAK,IAAI,KAAK,KAAK,IAAI,GAAG,SAAS,IAAI,aAAa,IAAI,UAAU,KAAK,IAAI,CAAC,CAAC;AAC9F,QAAM,SAAS,IAAI,aAAa,IAAI,QAAQ;AAC5C,QAAM,mBAAmB,IAAI,aAAa,IAAI,kBAAkB;AAChE,QAAM,iBAAiB,IAAI,aAAa,IAAI,gBAAgB;AAC5D,QAAM,SAAS,IAAI,aAAa,IAAI,QAAQ;AAC5C,QAAM,SAAS,IAAI,aAAa,IAAI,QAAQ;AAE5C,QAAM,QAAiC;AAAA,IACrC,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW;AAAA,EACb;AAEA,MAAI,WAAW,UAAU;AACvB,UAAM,WAAW;AACjB,UAAM,MAAM,CAAC,EAAE,aAAa,KAAK,GAAG,EAAE,aAAa,EAAE,KAAK,oBAAI,KAAK,EAAE,EAAE,CAAC;AAAA,EAC1E,WAAW,WAAW,YAAY;AAChC,UAAM,WAAW;AAAA,EACnB,WAAW,WAAW,UAAU;AAC9B,UAAM,cAAc,EAAE,KAAK,oBAAI,KAAK,EAAE;AAAA,EACxC;AAEA,MAAI,kBAAkB;AACpB,UAAM,mBAAmB;AAAA,EAC3B;AAEA,MAAI,gBAAgB;AAClB,UAAM,iBAAiB;AAAA,EACzB;AAEA,MAAI,QAAQ;AACV,UAAM,gBAAgB,OAAO,QAAQ,WAAW,MAAM;AACtD,UAAM,eAAe;AAAA,MACnB,EAAE,OAAO,EAAE,QAAQ,IAAI,aAAa,IAAI,EAAE;AAAA,MAC1C,EAAE,aAAa,EAAE,QAAQ,IAAI,aAAa,IAAI,EAAE;AAAA,IAClD;AACA,QAAI,MAAM,KAAK;AACb,YAAM,OAAO,CAAC,EAAE,KAAK,MAAM,IAAI,GAAG,EAAE,KAAK,aAAa,CAAC;AACvD,aAAO,MAAM;AAAA,IACf,OAAO;AACL,YAAM,MAAM;AAAA,IACd;AAAA,EACF;AAEA,MAAI,UAA2B;AAC/B,MAAI,QAAQ;AACV,UAAM,YAAY,MAAM,GAAG,KAAK,kBAAkB;AAAA,MAChD,MAAM;AAAA,MACN,WAAW;AAAA,IACb,CAAC;AACD,cAAU,UAAU,IAAI,CAAC,SAAU,KAAK,MAAc,MAAO,KAAK,IAA0B;AAC5F,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,aAAa,KAAK;AAAA,QACvB,IAAI;AAAA,QACJ,OAAO,CAAC;AAAA,QACR,OAAO;AAAA,QACP,YAAY;AAAA,QACZ;AAAA,MACF,CAAC;AAAA,IACH;AACA,UAAM,KAAK,EAAE,KAAK,QAAQ;AAAA,EAC5B;AAEA,QAAM,UAAU,OAAO,KAAK;AAC5B,QAAM,CAAC,OAAO,KAAK,IAAI,MAAM,GAAG,aAAa,cAAc,OAAc;AAAA,IACvE,SAAS,EAAE,WAAW,OAAO;AAAA,IAC7B,OAAO;AAAA,IACP;AAAA,EACF,CAAC;AAED,QAAM,QAAQ,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAO,SAAS;AACxD,UAAM,YAAY,MAAM,GAAG,KAAK,kBAAkB;AAAA,MAChD,MAAM,KAAK;AAAA,MACX,WAAW;AAAA,IACb,GAAG,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC;AACzB,UAAM,QAAQ,UAAU,IAAI,CAAC,QAAQ;AAAA,MACnC,IAAK,GAAG,KAAa;AAAA,MACrB,MAAO,GAAG,KAAa;AAAA,MACvB,MAAO,GAAG,KAAa;AAAA,IACzB,EAAE;AAEF,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,aAAa,KAAK;AAAA,MAClB,eAAe,CAAC,CAAC,KAAK;AAAA,MACtB,UAAU,KAAK;AAAA,MACf,aAAa,KAAK,eAAe;AAAA,MACjC,aAAa,KAAK,eAAe;AAAA,MACjC,kBAAkB,KAAK,oBAAoB;AAAA,MAC3C,gBAAgB,KAAK,kBAAkB;AAAA,MACvC,WAAW,KAAK;AAAA,MAChB;AAAA,IACF;AAAA,EACF,CAAC,CAAC;AAEF,QAAM,aAAa,KAAK,IAAI,GAAG,KAAK,KAAK,QAAQ,QAAQ,CAAC;AAE1D,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,sBAAsB,UAAU,IAAI;AACnD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AAEnE,QAAM,WAAW,MAAM,oBAAoB,YAAY,OAAO,KAAK,OAAO,KAAK,QAAS;AACxF,MAAI,UAAU;AACZ,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,wCAAwC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzG;AAEA,QAAM,OAAO,MAAM,oBAAoB;AAAA,IACrC,OAAO,KAAK;AAAA,IACZ,OAAO,KAAK;AAAA,IACZ,OAAO,KAAK;AAAA,IACZ,EAAE,UAAU,KAAK,UAAW,gBAAgB,KAAK,MAAO;AAAA,EAC1D;AACA,KAAG,QAAQ,IAAI;AACf,QAAM,GAAG,MAAM;AAEf,MAAI,OAAO,KAAK,kBAAkB;AAChC,UAAM,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,kBAAkB,OAAO,KAAK,iBAAiB,CAAC;AAAA,EACzG;AAEA,MAAI,OAAO,KAAK,WAAW,OAAO,KAAK,QAAQ,SAAS,GAAG;AACzD,UAAM,aAAkD,CAAC;AACzD,eAAW,UAAU,OAAO,KAAK,SAAS;AACxC,YAAM,OAAO,MAAM,GAAG,QAAQ,cAAc,EAAE,IAAI,QAAQ,UAAU,KAAK,UAAU,WAAW,KAAK,CAAC;AACpG,UAAI,KAAM,YAAW,KAAK,IAAI;AAAA,IAChC;AACA,eAAW,QAAQ,YAAY;AAC7B,YAAM,WAAW,GAAG,OAAO,kBAAkB;AAAA,QAC3C;AAAA,QACA;AAAA,QACA,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAQ;AACR,SAAG,QAAQ,QAAQ;AAAA,IACrB;AACA,UAAM,GAAG,MAAM;AAAA,EACjB;AAEA,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW,KAAK;AAAA,EAClB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,MAAM,EAAE,IAAI,KAAK,IAAI,OAAO,KAAK,OAAO,aAAa,KAAK,YAAY;AAAA,EACxE,GAAG,EAAE,QAAQ,IAAI,CAAC;AACpB;AAEA,MAAM,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC;AACzF,MAAM,aAAa,EAAE,OAAO;AAAA,EAC1B,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO;AAAA,EAChB,aAAa,EAAE,OAAO;AAAA,EACtB,eAAe,EAAE,QAAQ;AAAA,EACzB,UAAU,EAAE,QAAQ;AAAA,EACpB,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,kBAAkB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC7C,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,OAAO,EAAE,MAAM,UAAU;AAC3B,CAAC;AAED,MAAM,gBAAgB,EAAE,OAAO;AAAA,EAC7B,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,OAAO,EAAE,OAAO,GAAG,aAAa,EAAE,OAAO,EAAE,CAAC;AACtF,CAAC;AACD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,OAAO,EAAE,OAAO;AAAA,IACd,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,IAC3C,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IACxD,QAAQ,EAAE,KAAK,CAAC,UAAU,YAAY,QAAQ,CAAC,EAAE,SAAS;AAAA,IAC1D,kBAAkB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,IAC7C,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,IACnC,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,CAAC;AAAA,EACD,WAAW,CAAC;AAAA,IACV,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,OAAO,EAAE,MAAM,UAAU,GAAG,OAAO,EAAE,OAAO,GAAG,YAAY,EAAE,OAAO,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC;AAAA,EACnI,CAAC;AAAA,EACD,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,EAC9E;AACF;AAEA,MAAM,gBAAkC;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,sBAAsB;AAAA,EAC7C,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,YAAY;AAAA,EAC1E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;",
+  "names": []
+}

package/dist/modules/customer_accounts/api/email/verify.js ADDED Viewed

@@ -0,0 +1,59 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { emailVerifySchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { CustomerUser } from "@open-mercato/core/modules/customer_accounts/data/entities";
+import { emitCustomerAccountsEvent } from "@open-mercato/core/modules/customer_accounts/events";
+const metadata = {};
+async function POST(req) {
+  let body;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ ok: false, error: "Invalid request body" }, { status: 400 });
+  }
+  const parsed = emailVerifySchema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json({ ok: false, error: "Invalid token" }, { status: 400 });
+  }
+  const container = await createRequestContainer();
+  const customerTokenService = container.resolve("customerTokenService");
+  const em = container.resolve("em");
+  const result = await customerTokenService.verifyEmailToken(parsed.data.token, "email_verification");
+  if (!result) {
+    return NextResponse.json({ ok: false, error: "Invalid or expired token" }, { status: 400 });
+  }
+  await em.nativeUpdate(CustomerUser, { id: result.userId }, { emailVerifiedAt: /* @__PURE__ */ new Date() });
+  void emitCustomerAccountsEvent("customer_accounts.email.verified", {
+    userId: result.userId
+  }).catch(() => void 0);
+  return NextResponse.json({ ok: true });
+}
+const successSchema = z.object({ ok: z.literal(true) });
+const errorSchema = z.object({ ok: z.literal(false), error: z.string() });
+const methodDoc = {
+  summary: "Verify customer email address",
+  description: "Validates the email verification token and marks the email as verified.",
+  tags: ["Customer Authentication"],
+  requestBody: {
+    schema: emailVerifySchema,
+    description: "Email verification token."
+  },
+  responses: [
+    { status: 200, description: "Email verified", schema: successSchema }
+  ],
+  errors: [
+    { status: 400, description: "Invalid or expired token", schema: errorSchema }
+  ]
+};
+const openApi = {
+  summary: "Verify customer email",
+  description: "Handles email verification for customer accounts.",
+  methods: { POST: methodDoc }
+};
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=verify.js.map

package/dist/modules/customer_accounts/api/email/verify.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/modules/customer_accounts/api/email/verify.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { emailVerifySchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { CustomerTokenService } from '@open-mercato/core/modules/customer_accounts/services/customerTokenService'\nimport { CustomerUser } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\n\nexport const metadata: { path?: string } = {}\n\nexport async function POST(req: Request) {\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = emailVerifySchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Invalid token' }, { status: 400 })\n  }\n\n  const container = await createRequestContainer()\n  const customerTokenService = container.resolve('customerTokenService') as CustomerTokenService\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const result = await customerTokenService.verifyEmailToken(parsed.data.token, 'email_verification')\n  if (!result) {\n    return NextResponse.json({ ok: false, error: 'Invalid or expired token' }, { status: 400 })\n  }\n\n  await em.nativeUpdate(CustomerUser, { id: result.userId }, { emailVerifiedAt: new Date() })\n\n  void emitCustomerAccountsEvent('customer_accounts.email.verified', {\n    userId: result.userId,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true })\n}\n\nconst successSchema = z.object({ ok: z.literal(true) })\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Verify customer email address',\n  description: 'Validates the email verification token and marks the email as verified.',\n  tags: ['Customer Authentication'],\n  requestBody: {\n    schema: emailVerifySchema,\n    description: 'Email verification token.',\n  },\n  responses: [\n    { status: 200, description: 'Email verified', schema: successSchema },\n  ],\n  errors: [\n    { status: 400, description: 'Invalid or expired token', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Verify customer email',\n  description: 'Handles email verification for customer accounts.',\n  methods: { POST: methodDoc },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,yBAAyB;AAClC,SAAS,8BAA8B;AAEvC,SAAS,oBAAoB;AAC7B,SAAS,iCAAiC;AAEnC,MAAM,WAA8B,CAAC;AAE5C,eAAsB,KAAK,KAAc;AACvC,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,kBAAkB,UAAU,IAAI;AAC/C,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,gBAAgB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACjF;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,uBAAuB,UAAU,QAAQ,sBAAsB;AACrE,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,SAAS,MAAM,qBAAqB,iBAAiB,OAAO,KAAK,OAAO,oBAAoB;AAClG,MAAI,CAAC,QAAQ;AACX,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,GAAG,aAAa,cAAc,EAAE,IAAI,OAAO,OAAO,GAAG,EAAE,iBAAiB,oBAAI,KAAK,EAAE,CAAC;AAE1F,OAAK,0BAA0B,oCAAoC;AAAA,IACjE,QAAQ,OAAO;AAAA,EACjB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,MAAM,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AACtD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa;AAAA,IACX,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,WAAW;AAAA,IACT,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,cAAc;AAAA,EACtE;AAAA,EACA,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,EAC9E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,SAAS,EAAE,MAAM,UAAU;AAC7B;",
+  "names": []
+}

package/dist/modules/customer_accounts/api/interceptors.js ADDED Viewed

@@ -0,0 +1,5 @@
+const interceptors = [];
+export {
+  interceptors
+};
+//# sourceMappingURL=interceptors.js.map

package/dist/modules/customer_accounts/api/interceptors.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/customer_accounts/api/interceptors.ts"],
+  "sourcesContent": ["import type { ApiInterceptor } from '@open-mercato/shared/lib/crud/api-interceptor'\n\nexport const interceptors: ApiInterceptor[] = []\n"],
+  "mappings": "AAEO,MAAM,eAAiC,CAAC;",
+  "names": []
+}

package/dist/modules/customer_accounts/api/invitations/accept.js ADDED Viewed

@@ -0,0 +1,114 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { invitationAcceptSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { emitCustomerAccountsEvent } from "@open-mercato/core/modules/customer_accounts/events";
+import { getClientIp } from "@open-mercato/shared/lib/ratelimit/helpers";
+const metadata = {};
+async function POST(req) {
+  let body;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ ok: false, error: "Invalid request body" }, { status: 400 });
+  }
+  const parsed = invitationAcceptSchema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json({ ok: false, error: "Validation failed", details: parsed.error.flatten().fieldErrors }, { status: 400 });
+  }
+  const container = await createRequestContainer();
+  const customerInvitationService = container.resolve("customerInvitationService");
+  const customerSessionService = container.resolve("customerSessionService");
+  const customerRbacService = container.resolve("customerRbacService");
+  const result = await customerInvitationService.acceptInvitation(
+    parsed.data.token,
+    parsed.data.password,
+    parsed.data.displayName
+  );
+  if (!result) {
+    return NextResponse.json({ ok: false, error: "Invalid or expired invitation" }, { status: 400 });
+  }
+  const { user, invitation } = result;
+  const acl = await customerRbacService.loadAcl(user.id, {
+    tenantId: user.tenantId,
+    organizationId: user.organizationId
+  });
+  const resolvedFeatures = acl.features;
+  const ip = getClientIp(req, 0);
+  const userAgent = req.headers.get("user-agent") || null;
+  const { rawToken, jwt } = await customerSessionService.createSession(user, resolvedFeatures, ip, userAgent);
+  void emitCustomerAccountsEvent("customer_accounts.user.created", {
+    id: user.id,
+    email: user.email,
+    tenantId: user.tenantId,
+    organizationId: user.organizationId,
+    invitationId: invitation.id
+  }).catch(() => void 0);
+  void emitCustomerAccountsEvent("customer_accounts.invitation.accepted", {
+    invitationId: invitation.id,
+    userId: user.id,
+    tenantId: user.tenantId
+  }).catch(() => void 0);
+  const res = NextResponse.json({
+    ok: true,
+    user: {
+      id: user.id,
+      email: user.email,
+      displayName: user.displayName,
+      emailVerified: true
+    },
+    resolvedFeatures
+  }, { status: 201 });
+  res.cookies.set("customer_auth_token", jwt, {
+    httpOnly: true,
+    path: "/",
+    sameSite: "lax",
+    secure: process.env.NODE_ENV === "production",
+    maxAge: 60 * 60 * 8
+  });
+  res.cookies.set("customer_session_token", rawToken, {
+    httpOnly: true,
+    path: "/",
+    sameSite: "lax",
+    secure: process.env.NODE_ENV === "production",
+    maxAge: 60 * 60 * 24 * 30
+  });
+  return res;
+}
+const acceptSuccessSchema = z.object({
+  ok: z.literal(true),
+  user: z.object({
+    id: z.string().uuid(),
+    email: z.string().email(),
+    displayName: z.string(),
+    emailVerified: z.boolean()
+  }),
+  resolvedFeatures: z.array(z.string())
+});
+const errorSchema = z.object({ ok: z.literal(false), error: z.string() });
+const methodDoc = {
+  summary: "Accept customer invitation",
+  description: "Accepts an invitation, creates the user account, assigns roles, and auto-logs in.",
+  tags: ["Customer Authentication"],
+  requestBody: {
+    schema: invitationAcceptSchema,
+    description: "Invitation acceptance with token, password, and display name."
+  },
+  responses: [
+    { status: 201, description: "Invitation accepted and user created", schema: acceptSuccessSchema }
+  ],
+  errors: [
+    { status: 400, description: "Invalid or expired invitation", schema: errorSchema }
+  ]
+};
+const openApi = {
+  summary: "Accept customer invitation",
+  description: "Handles invitation acceptance for customer accounts.",
+  methods: { POST: methodDoc }
+};
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=accept.js.map

package/dist/modules/customer_accounts/api/invitations/accept.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/modules/customer_accounts/api/invitations/accept.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { invitationAcceptSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { CustomerInvitationService } from '@open-mercato/core/modules/customer_accounts/services/customerInvitationService'\nimport { CustomerSessionService } from '@open-mercato/core/modules/customer_accounts/services/customerSessionService'\nimport { CustomerRbacService } from '@open-mercato/core/modules/customer_accounts/services/customerRbacService'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\nimport { getClientIp } from '@open-mercato/shared/lib/ratelimit/helpers'\n\nexport const metadata: { path?: string } = {}\n\nexport async function POST(req: Request) {\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = invitationAcceptSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const container = await createRequestContainer()\n  const customerInvitationService = container.resolve('customerInvitationService') as CustomerInvitationService\n  const customerSessionService = container.resolve('customerSessionService') as CustomerSessionService\n  const customerRbacService = container.resolve('customerRbacService') as CustomerRbacService\n\n  const result = await customerInvitationService.acceptInvitation(\n    parsed.data.token,\n    parsed.data.password,\n    parsed.data.displayName,\n  )\n  if (!result) {\n    return NextResponse.json({ ok: false, error: 'Invalid or expired invitation' }, { status: 400 })\n  }\n\n  const { user, invitation } = result\n  const acl = await customerRbacService.loadAcl(user.id, {\n    tenantId: user.tenantId,\n    organizationId: user.organizationId,\n  })\n  const resolvedFeatures = acl.features\n\n  const ip = getClientIp(req, 0)\n  const userAgent = req.headers.get('user-agent') || null\n  const { rawToken, jwt } = await customerSessionService.createSession(user, resolvedFeatures, ip, userAgent)\n\n  void emitCustomerAccountsEvent('customer_accounts.user.created', {\n    id: user.id,\n    email: user.email,\n    tenantId: user.tenantId,\n    organizationId: user.organizationId,\n    invitationId: invitation.id,\n  }).catch(() => undefined)\n\n  void emitCustomerAccountsEvent('customer_accounts.invitation.accepted', {\n    invitationId: invitation.id,\n    userId: user.id,\n    tenantId: user.tenantId,\n  }).catch(() => undefined)\n\n  const res = NextResponse.json({\n    ok: true,\n    user: {\n      id: user.id,\n      email: user.email,\n      displayName: user.displayName,\n      emailVerified: true,\n    },\n    resolvedFeatures,\n  }, { status: 201 })\n\n  res.cookies.set('customer_auth_token', jwt, {\n    httpOnly: true,\n    path: '/',\n    sameSite: 'lax',\n    secure: process.env.NODE_ENV === 'production',\n    maxAge: 60 * 60 * 8,\n  })\n  res.cookies.set('customer_session_token', rawToken, {\n    httpOnly: true,\n    path: '/',\n    sameSite: 'lax',\n    secure: process.env.NODE_ENV === 'production',\n    maxAge: 60 * 60 * 24 * 30,\n  })\n\n  return res\n}\n\nconst acceptSuccessSchema = z.object({\n  ok: z.literal(true),\n  user: z.object({\n    id: z.string().uuid(),\n    email: z.string().email(),\n    displayName: z.string(),\n    emailVerified: z.boolean(),\n  }),\n  resolvedFeatures: z.array(z.string()),\n})\n\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Accept customer invitation',\n  description: 'Accepts an invitation, creates the user account, assigns roles, and auto-logs in.',\n  tags: ['Customer Authentication'],\n  requestBody: {\n    schema: invitationAcceptSchema,\n    description: 'Invitation acceptance with token, password, and display name.',\n  },\n  responses: [\n    { status: 201, description: 'Invitation accepted and user created', schema: acceptSuccessSchema },\n  ],\n  errors: [\n    { status: 400, description: 'Invalid or expired invitation', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Accept customer invitation',\n  description: 'Handles invitation acceptance for customer accounts.',\n  methods: { POST: methodDoc },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,8BAA8B;AACvC,SAAS,8BAA8B;AAIvC,SAAS,iCAAiC;AAC1C,SAAS,mBAAmB;AAErB,MAAM,WAA8B,CAAC;AAE5C,eAAsB,KAAK,KAAc;AACvC,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,uBAAuB,UAAU,IAAI;AACpD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,4BAA4B,UAAU,QAAQ,2BAA2B;AAC/E,QAAM,yBAAyB,UAAU,QAAQ,wBAAwB;AACzE,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AAEnE,QAAM,SAAS,MAAM,0BAA0B;AAAA,IAC7C,OAAO,KAAK;AAAA,IACZ,OAAO,KAAK;AAAA,IACZ,OAAO,KAAK;AAAA,EACd;AACA,MAAI,CAAC,QAAQ;AACX,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,gCAAgC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACjG;AAEA,QAAM,EAAE,MAAM,WAAW,IAAI;AAC7B,QAAM,MAAM,MAAM,oBAAoB,QAAQ,KAAK,IAAI;AAAA,IACrD,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB,CAAC;AACD,QAAM,mBAAmB,IAAI;AAE7B,QAAM,KAAK,YAAY,KAAK,CAAC;AAC7B,QAAM,YAAY,IAAI,QAAQ,IAAI,YAAY,KAAK;AACnD,QAAM,EAAE,UAAU,IAAI,IAAI,MAAM,uBAAuB,cAAc,MAAM,kBAAkB,IAAI,SAAS;AAE1G,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,cAAc,WAAW;AAAA,EAC3B,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,OAAK,0BAA0B,yCAAyC;AAAA,IACtE,cAAc,WAAW;AAAA,IACzB,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,EACjB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,QAAM,MAAM,aAAa,KAAK;AAAA,IAC5B,IAAI;AAAA,IACJ,MAAM;AAAA,MACJ,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,aAAa,KAAK;AAAA,MAClB,eAAe;AAAA,IACjB;AAAA,IACA;AAAA,EACF,GAAG,EAAE,QAAQ,IAAI,CAAC;AAElB,MAAI,QAAQ,IAAI,uBAAuB,KAAK;AAAA,IAC1C,UAAU;AAAA,IACV,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,QAAQ,KAAK,KAAK;AAAA,EACpB,CAAC;AACD,MAAI,QAAQ,IAAI,0BAA0B,UAAU;AAAA,IAClD,UAAU;AAAA,IACV,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,QAAQ,KAAK,KAAK,KAAK;AAAA,EACzB,CAAC;AAED,SAAO;AACT;AAEA,MAAM,sBAAsB,EAAE,OAAO;AAAA,EACnC,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,MAAM,EAAE,OAAO;AAAA,IACb,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,IACxB,aAAa,EAAE,OAAO;AAAA,IACtB,eAAe,EAAE,QAAQ;AAAA,EAC3B,CAAC;AAAA,EACD,kBAAkB,EAAE,MAAM,EAAE,OAAO,CAAC;AACtC,CAAC;AAED,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa;AAAA,IACX,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,WAAW;AAAA,IACT,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,oBAAoB;AAAA,EAClG;AAAA,EACA,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,iCAAiC,QAAQ,YAAY;AAAA,EACnF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,SAAS,EAAE,MAAM,UAAU;AAC7B;",
+  "names": []
+}

package/dist/modules/customer_accounts/api/login.js ADDED Viewed

@@ -0,0 +1,143 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { loginSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { emitCustomerAccountsEvent } from "@open-mercato/core/modules/customer_accounts/events";
+import { rateLimitErrorSchema } from "@open-mercato/shared/lib/ratelimit/helpers";
+import { getClientIp } from "@open-mercato/shared/lib/ratelimit/helpers";
+import {
+  checkAuthRateLimit,
+  resetAuthRateLimit,
+  customerLoginRateLimitConfig,
+  customerLoginIpRateLimitConfig
+} from "@open-mercato/core/modules/customer_accounts/lib/rateLimiter";
+const metadata = {};
+async function POST(req) {
+  let body;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ ok: false, error: "Invalid request body" }, { status: 400 });
+  }
+  const parsed = loginSchema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json({ ok: false, error: "Invalid credentials" }, { status: 400 });
+  }
+  const { email, password, tenantId } = parsed.data;
+  if (!tenantId) {
+    return NextResponse.json({ ok: false, error: "tenantId is required" }, { status: 400 });
+  }
+  const { error: rateLimitError, compoundKey } = await checkAuthRateLimit({
+    req,
+    ipConfig: customerLoginIpRateLimitConfig,
+    compoundConfig: customerLoginRateLimitConfig,
+    compoundIdentifier: email
+  });
+  if (rateLimitError) return rateLimitError;
+  const container = await createRequestContainer();
+  const customerUserService = container.resolve("customerUserService");
+  const customerSessionService = container.resolve("customerSessionService");
+  const customerRbacService = container.resolve("customerRbacService");
+  const user = await customerUserService.findByEmail(email, tenantId);
+  if (!user || !user.passwordHash) {
+    void emitCustomerAccountsEvent("customer_accounts.login.failed", { email, reason: "invalid_credentials", tenantId }).catch(() => void 0);
+    return NextResponse.json({ ok: false, error: "Invalid email or password" }, { status: 401 });
+  }
+  if (!user.isActive) {
+    return NextResponse.json({ ok: false, error: "Account is deactivated" }, { status: 401 });
+  }
+  if (customerUserService.checkLockout(user)) {
+    void emitCustomerAccountsEvent("customer_accounts.login.failed", { email, reason: "locked", tenantId }).catch(() => void 0);
+    return NextResponse.json({ ok: false, error: "Account is temporarily locked. Please try again later." }, { status: 423 });
+  }
+  const passwordValid = await customerUserService.verifyPassword(user, password);
+  if (!passwordValid) {
+    await customerUserService.incrementFailedAttempts(user);
+    void emitCustomerAccountsEvent("customer_accounts.login.failed", { email, reason: "invalid_password", tenantId }).catch(() => void 0);
+    return NextResponse.json({ ok: false, error: "Invalid email or password" }, { status: 401 });
+  }
+  await customerUserService.resetFailedAttempts(user);
+  await customerUserService.updateLastLoginAt(user);
+  if (compoundKey) {
+    await resetAuthRateLimit(compoundKey, customerLoginRateLimitConfig);
+  }
+  const acl = await customerRbacService.loadAcl(user.id, { tenantId, organizationId: user.organizationId });
+  const resolvedFeatures = acl.features;
+  const ip = getClientIp(req, 0);
+  const userAgent = req.headers.get("user-agent") || null;
+  const { rawToken, jwt, session } = await customerSessionService.createSession(user, resolvedFeatures, ip, userAgent);
+  void emitCustomerAccountsEvent("customer_accounts.login.success", {
+    id: user.id,
+    email: user.email,
+    tenantId,
+    organizationId: user.organizationId
+  }).catch(() => void 0);
+  const res = NextResponse.json({
+    ok: true,
+    user: {
+      id: user.id,
+      email: user.email,
+      displayName: user.displayName,
+      emailVerified: !!user.emailVerifiedAt
+    },
+    resolvedFeatures
+  });
+  res.cookies.set("customer_auth_token", jwt, {
+    httpOnly: true,
+    path: "/",
+    sameSite: "lax",
+    secure: process.env.NODE_ENV === "production",
+    maxAge: 60 * 60 * 8
+  });
+  res.cookies.set("customer_session_token", rawToken, {
+    httpOnly: true,
+    path: "/",
+    sameSite: "lax",
+    secure: process.env.NODE_ENV === "production",
+    maxAge: 60 * 60 * 24 * 30
+  });
+  return res;
+}
+const loginSuccessSchema = z.object({
+  ok: z.literal(true),
+  user: z.object({
+    id: z.string().uuid(),
+    email: z.string().email(),
+    displayName: z.string(),
+    emailVerified: z.boolean()
+  }),
+  resolvedFeatures: z.array(z.string())
+});
+const errorSchema = z.object({
+  ok: z.literal(false),
+  error: z.string()
+});
+const methodDoc = {
+  summary: "Authenticate customer credentials",
+  description: "Validates customer credentials and issues JWT + session cookies.",
+  tags: ["Customer Authentication"],
+  requestBody: {
+    schema: loginSchema,
+    description: "Login payload with email and password."
+  },
+  responses: [
+    { status: 200, description: "Login successful", schema: loginSuccessSchema }
+  ],
+  errors: [
+    { status: 400, description: "Validation failed", schema: errorSchema },
+    { status: 401, description: "Invalid credentials", schema: errorSchema },
+    { status: 423, description: "Account locked", schema: errorSchema },
+    { status: 429, description: "Too many login attempts", schema: rateLimitErrorSchema }
+  ]
+};
+const openApi = {
+  summary: "Customer login",
+  description: "Handles customer authentication and session issuance.",
+  methods: { POST: methodDoc }
+};
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=login.js.map

package/dist/modules/customer_accounts/api/login.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/customer_accounts/api/login.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { loginSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { CustomerSessionService } from '@open-mercato/core/modules/customer_accounts/services/customerSessionService'\nimport { CustomerRbacService } from '@open-mercato/core/modules/customer_accounts/services/customerRbacService'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\nimport { rateLimitErrorSchema } from '@open-mercato/shared/lib/ratelimit/helpers'\nimport { getClientIp } from '@open-mercato/shared/lib/ratelimit/helpers'\nimport {\n  checkAuthRateLimit,\n  resetAuthRateLimit,\n  customerLoginRateLimitConfig,\n  customerLoginIpRateLimitConfig,\n} from '@open-mercato/core/modules/customer_accounts/lib/rateLimiter'\n\nexport const metadata: { path?: string } = {}\n\nexport async function POST(req: Request) {\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = loginSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Invalid credentials' }, { status: 400 })\n  }\n\n  const { email, password, tenantId } = parsed.data\n  if (!tenantId) {\n    return NextResponse.json({ ok: false, error: 'tenantId is required' }, { status: 400 })\n  }\n\n  const { error: rateLimitError, compoundKey } = await checkAuthRateLimit({\n    req,\n    ipConfig: customerLoginIpRateLimitConfig,\n    compoundConfig: customerLoginRateLimitConfig,\n    compoundIdentifier: email,\n  })\n  if (rateLimitError) return rateLimitError\n\n  const container = await createRequestContainer()\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n  const customerSessionService = container.resolve('customerSessionService') as CustomerSessionService\n  const customerRbacService = container.resolve('customerRbacService') as CustomerRbacService\n\n  const user = await customerUserService.findByEmail(email, tenantId)\n  if (!user || !user.passwordHash) {\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', { email, reason: 'invalid_credentials', tenantId }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Invalid email or password' }, { status: 401 })\n  }\n\n  if (!user.isActive) {\n    return NextResponse.json({ ok: false, error: 'Account is deactivated' }, { status: 401 })\n  }\n\n  if (customerUserService.checkLockout(user)) {\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', { email, reason: 'locked', tenantId }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Account is temporarily locked. Please try again later.' }, { status: 423 })\n  }\n\n  const passwordValid = await customerUserService.verifyPassword(user, password)\n  if (!passwordValid) {\n    await customerUserService.incrementFailedAttempts(user)\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', { email, reason: 'invalid_password', tenantId }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Invalid email or password' }, { status: 401 })\n  }\n\n  await customerUserService.resetFailedAttempts(user)\n  await customerUserService.updateLastLoginAt(user)\n\n  if (compoundKey) {\n    await resetAuthRateLimit(compoundKey, customerLoginRateLimitConfig)\n  }\n\n  const acl = await customerRbacService.loadAcl(user.id, { tenantId, organizationId: user.organizationId })\n  const resolvedFeatures = acl.features\n\n  const ip = getClientIp(req, 0)\n  const userAgent = req.headers.get('user-agent') || null\n  const { rawToken, jwt, session } = await customerSessionService.createSession(user, resolvedFeatures, ip, userAgent)\n\n  void emitCustomerAccountsEvent('customer_accounts.login.success', {\n    id: user.id,\n    email: user.email,\n    tenantId,\n    organizationId: user.organizationId,\n  }).catch(() => undefined)\n\n  const res = NextResponse.json({\n    ok: true,\n    user: {\n      id: user.id,\n      email: user.email,\n      displayName: user.displayName,\n      emailVerified: !!user.emailVerifiedAt,\n    },\n    resolvedFeatures,\n  })\n\n  res.cookies.set('customer_auth_token', jwt, {\n    httpOnly: true,\n    path: '/',\n    sameSite: 'lax',\n    secure: process.env.NODE_ENV === 'production',\n    maxAge: 60 * 60 * 8,\n  })\n  res.cookies.set('customer_session_token', rawToken, {\n    httpOnly: true,\n    path: '/',\n    sameSite: 'lax',\n    secure: process.env.NODE_ENV === 'production',\n    maxAge: 60 * 60 * 24 * 30,\n  })\n\n  return res\n}\n\nconst loginSuccessSchema = z.object({\n  ok: z.literal(true),\n  user: z.object({\n    id: z.string().uuid(),\n    email: z.string().email(),\n    displayName: z.string(),\n    emailVerified: z.boolean(),\n  }),\n  resolvedFeatures: z.array(z.string()),\n})\n\nconst errorSchema = z.object({\n  ok: z.literal(false),\n  error: z.string(),\n})\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Authenticate customer credentials',\n  description: 'Validates customer credentials and issues JWT + session cookies.',\n  tags: ['Customer Authentication'],\n  requestBody: {\n    schema: loginSchema,\n    description: 'Login payload with email and password.',\n  },\n  responses: [\n    { status: 200, description: 'Login successful', schema: loginSuccessSchema },\n  ],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Invalid credentials', schema: errorSchema },\n    { status: 423, description: 'Account locked', schema: errorSchema },\n    { status: 429, description: 'Too many login attempts', schema: rateLimitErrorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer login',\n  description: 'Handles customer authentication and session issuance.',\n  methods: { POST: methodDoc },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,mBAAmB;AAC5B,SAAS,8BAA8B;AAIvC,SAAS,iCAAiC;AAC1C,SAAS,4BAA4B;AACrC,SAAS,mBAAmB;AAC5B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEA,MAAM,WAA8B,CAAC;AAE5C,eAAsB,KAAK,KAAc;AACvC,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,YAAY,UAAU,IAAI;AACzC,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,sBAAsB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvF;AAEA,QAAM,EAAE,OAAO,UAAU,SAAS,IAAI,OAAO;AAC7C,MAAI,CAAC,UAAU;AACb,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,EAAE,OAAO,gBAAgB,YAAY,IAAI,MAAM,mBAAmB;AAAA,IACtE;AAAA,IACA,UAAU;AAAA,IACV,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB,CAAC;AACD,MAAI,eAAgB,QAAO;AAE3B,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,QAAM,yBAAyB,UAAU,QAAQ,wBAAwB;AACzE,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AAEnE,QAAM,OAAO,MAAM,oBAAoB,YAAY,OAAO,QAAQ;AAClE,MAAI,CAAC,QAAQ,CAAC,KAAK,cAAc;AAC/B,SAAK,0BAA0B,kCAAkC,EAAE,OAAO,QAAQ,uBAAuB,SAAS,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1I,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AAEA,MAAI,CAAC,KAAK,UAAU;AAClB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,yBAAyB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1F;AAEA,MAAI,oBAAoB,aAAa,IAAI,GAAG;AAC1C,SAAK,0BAA0B,kCAAkC,EAAE,OAAO,QAAQ,UAAU,SAAS,CAAC,EAAE,MAAM,MAAM,MAAS;AAC7H,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,yDAAyD,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1H;AAEA,QAAM,gBAAgB,MAAM,oBAAoB,eAAe,MAAM,QAAQ;AAC7E,MAAI,CAAC,eAAe;AAClB,UAAM,oBAAoB,wBAAwB,IAAI;AACtD,SAAK,0BAA0B,kCAAkC,EAAE,OAAO,QAAQ,oBAAoB,SAAS,CAAC,EAAE,MAAM,MAAM,MAAS;AACvI,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AAEA,QAAM,oBAAoB,oBAAoB,IAAI;AAClD,QAAM,oBAAoB,kBAAkB,IAAI;AAEhD,MAAI,aAAa;AACf,UAAM,mBAAmB,aAAa,4BAA4B;AAAA,EACpE;AAEA,QAAM,MAAM,MAAM,oBAAoB,QAAQ,KAAK,IAAI,EAAE,UAAU,gBAAgB,KAAK,eAAe,CAAC;AACxG,QAAM,mBAAmB,IAAI;AAE7B,QAAM,KAAK,YAAY,KAAK,CAAC;AAC7B,QAAM,YAAY,IAAI,QAAQ,IAAI,YAAY,KAAK;AACnD,QAAM,EAAE,UAAU,KAAK,QAAQ,IAAI,MAAM,uBAAuB,cAAc,MAAM,kBAAkB,IAAI,SAAS;AAEnH,OAAK,0BAA0B,mCAAmC;AAAA,IAChE,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ;AAAA,IACA,gBAAgB,KAAK;AAAA,EACvB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,QAAM,MAAM,aAAa,KAAK;AAAA,IAC5B,IAAI;AAAA,IACJ,MAAM;AAAA,MACJ,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,aAAa,KAAK;AAAA,MAClB,eAAe,CAAC,CAAC,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,EACF,CAAC;AAED,MAAI,QAAQ,IAAI,uBAAuB,KAAK;AAAA,IAC1C,UAAU;AAAA,IACV,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,QAAQ,KAAK,KAAK;AAAA,EACpB,CAAC;AACD,MAAI,QAAQ,IAAI,0BAA0B,UAAU;AAAA,IAClD,UAAU;AAAA,IACV,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,QAAQ,KAAK,KAAK,KAAK;AAAA,EACzB,CAAC;AAED,SAAO;AACT;AAEA,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,MAAM,EAAE,OAAO;AAAA,IACb,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,IACxB,aAAa,EAAE,OAAO;AAAA,IACtB,eAAe,EAAE,QAAQ;AAAA,EAC3B,CAAC;AAAA,EACD,kBAAkB,EAAE,MAAM,EAAE,OAAO,CAAC;AACtC,CAAC;AAED,MAAM,cAAc,EAAE,OAAO;AAAA,EAC3B,IAAI,EAAE,QAAQ,KAAK;AAAA,EACnB,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa;AAAA,IACX,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,WAAW;AAAA,IACT,EAAE,QAAQ,KAAK,aAAa,oBAAoB,QAAQ,mBAAmB;AAAA,EAC7E;AAAA,EACA,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,uBAAuB,QAAQ,YAAY;AAAA,IACvE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,IAClE,EAAE,QAAQ,KAAK,aAAa,2BAA2B,QAAQ,qBAAqB;AAAA,EACtF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,SAAS,EAAE,MAAM,UAAU;AAC7B;",
+  "names": []
+}

package/dist/modules/customer_accounts/api/magic-link/request.js ADDED Viewed

@@ -0,0 +1,78 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { magicLinkRequestSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { rateLimitErrorSchema } from "@open-mercato/shared/lib/ratelimit/helpers";
+import {
+  checkAuthRateLimit,
+  customerMagicLinkRateLimitConfig,
+  customerMagicLinkIpRateLimitConfig
+} from "@open-mercato/core/modules/customer_accounts/lib/rateLimiter";
+const metadata = {};
+async function POST(req) {
+  const { error: rateLimitError } = await checkAuthRateLimit({
+    req,
+    ipConfig: customerMagicLinkIpRateLimitConfig,
+    compoundConfig: customerMagicLinkRateLimitConfig,
+    compoundIdentifier: ""
+  });
+  if (rateLimitError) return rateLimitError;
+  let body;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ ok: true });
+  }
+  const parsed = magicLinkRequestSchema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json({ ok: true });
+  }
+  const { email, tenantId } = parsed.data;
+  if (!tenantId) {
+    return NextResponse.json({ ok: true });
+  }
+  const container = await createRequestContainer();
+  const customerUserService = container.resolve("customerUserService");
+  const customerTokenService = container.resolve("customerTokenService");
+  const user = await customerUserService.findByEmail(email, tenantId);
+  if (user) {
+    const token = await customerTokenService.createMagicLink(user.id, tenantId);
+    void import("@open-mercato/core/modules/customer_accounts/events").then(
+      ({ emitCustomerAccountsEvent }) => emitCustomerAccountsEvent("customer_accounts.login.success", {
+        id: user.id,
+        email: user.email,
+        tenantId,
+        organizationId: user.organizationId,
+        magicLinkToken: token
+      })
+    ).catch(() => void 0);
+  }
+  return NextResponse.json({ ok: true });
+}
+const successSchema = z.object({ ok: z.literal(true) });
+const methodDoc = {
+  summary: "Request magic link login",
+  description: "Sends a magic link to the customer email. Always returns 200 to prevent enumeration.",
+  tags: ["Customer Authentication"],
+  requestBody: {
+    schema: magicLinkRequestSchema,
+    description: "Magic link request with email."
+  },
+  responses: [
+    { status: 200, description: "Request accepted", schema: successSchema }
+  ],
+  errors: [
+    { status: 429, description: "Too many requests", schema: rateLimitErrorSchema }
+  ]
+};
+const openApi = {
+  summary: "Request customer magic link",
+  description: "Handles magic link login requests for customer accounts.",
+  methods: { POST: methodDoc }
+};
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=request.js.map

package/dist/modules/customer_accounts/api/magic-link/request.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/modules/customer_accounts/api/magic-link/request.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { magicLinkRequestSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { CustomerTokenService } from '@open-mercato/core/modules/customer_accounts/services/customerTokenService'\nimport { rateLimitErrorSchema } from '@open-mercato/shared/lib/ratelimit/helpers'\nimport {\n  checkAuthRateLimit,\n  customerMagicLinkRateLimitConfig,\n  customerMagicLinkIpRateLimitConfig,\n} from '@open-mercato/core/modules/customer_accounts/lib/rateLimiter'\n\nexport const metadata: { path?: string } = {}\n\nexport async function POST(req: Request) {\n  const { error: rateLimitError } = await checkAuthRateLimit({\n    req,\n    ipConfig: customerMagicLinkIpRateLimitConfig,\n    compoundConfig: customerMagicLinkRateLimitConfig,\n    compoundIdentifier: '',\n  })\n  if (rateLimitError) return rateLimitError\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: true })\n  }\n\n  const parsed = magicLinkRequestSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: true })\n  }\n\n  const { email, tenantId } = parsed.data\n  if (!tenantId) {\n    return NextResponse.json({ ok: true })\n  }\n\n  const container = await createRequestContainer()\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n  const customerTokenService = container.resolve('customerTokenService') as CustomerTokenService\n\n  const user = await customerUserService.findByEmail(email, tenantId)\n  if (user) {\n    const token = await customerTokenService.createMagicLink(user.id, tenantId)\n    // Token would be sent via email; emit event for subscribers\n    void import('@open-mercato/core/modules/customer_accounts/events').then(({ emitCustomerAccountsEvent }) =>\n      emitCustomerAccountsEvent('customer_accounts.login.success', {\n        id: user.id,\n        email: user.email,\n        tenantId,\n        organizationId: user.organizationId,\n        magicLinkToken: token,\n      })\n    ).catch(() => undefined)\n  }\n\n  return NextResponse.json({ ok: true })\n}\n\nconst successSchema = z.object({ ok: z.literal(true) })\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Request magic link login',\n  description: 'Sends a magic link to the customer email. Always returns 200 to prevent enumeration.',\n  tags: ['Customer Authentication'],\n  requestBody: {\n    schema: magicLinkRequestSchema,\n    description: 'Magic link request with email.',\n  },\n  responses: [\n    { status: 200, description: 'Request accepted', schema: successSchema },\n  ],\n  errors: [\n    { status: 429, description: 'Too many requests', schema: rateLimitErrorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Request customer magic link',\n  description: 'Handles magic link login requests for customer accounts.',\n  methods: { POST: methodDoc },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,8BAA8B;AACvC,SAAS,8BAA8B;AAGvC,SAAS,4BAA4B;AACrC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEA,MAAM,WAA8B,CAAC;AAE5C,eAAsB,KAAK,KAAc;AACvC,QAAM,EAAE,OAAO,eAAe,IAAI,MAAM,mBAAmB;AAAA,IACzD;AAAA,IACA,UAAU;AAAA,IACV,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB,CAAC;AACD,MAAI,eAAgB,QAAO;AAE3B,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA,EACvC;AAEA,QAAM,SAAS,uBAAuB,UAAU,IAAI;AACpD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA,EACvC;AAEA,QAAM,EAAE,OAAO,SAAS,IAAI,OAAO;AACnC,MAAI,CAAC,UAAU;AACb,WAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA,EACvC;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,QAAM,uBAAuB,UAAU,QAAQ,sBAAsB;AAErE,QAAM,OAAO,MAAM,oBAAoB,YAAY,OAAO,QAAQ;AAClE,MAAI,MAAM;AACR,UAAM,QAAQ,MAAM,qBAAqB,gBAAgB,KAAK,IAAI,QAAQ;AAE1E,SAAK,OAAO,qDAAqD,EAAE;AAAA,MAAK,CAAC,EAAE,0BAA0B,MACnG,0BAA0B,mCAAmC;AAAA,QAC3D,IAAI,KAAK;AAAA,QACT,OAAO,KAAK;AAAA,QACZ;AAAA,QACA,gBAAgB,KAAK;AAAA,QACrB,gBAAgB;AAAA,MAClB,CAAC;AAAA,IACH,EAAE,MAAM,MAAM,MAAS;AAAA,EACzB;AAEA,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,MAAM,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AAEtD,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa;AAAA,IACX,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,WAAW;AAAA,IACT,EAAE,QAAQ,KAAK,aAAa,oBAAoB,QAAQ,cAAc;AAAA,EACxE;AAAA,EACA,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,qBAAqB;AAAA,EAChF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,SAAS,EAAE,MAAM,UAAU;AAC7B;",
+  "names": []
+}