npm - @open-mercato/core - Versions diffs - 0.6.4-develop.4382.1.6b4f656b77 → 0.6.4 - Mend

@open-mercato/core 0.6.4-develop.4382.1.6b4f656b77 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1795) hide show

package/dist/modules/customer_accounts/api/admin/users/[id].js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../../src/modules/customer_accounts/api/admin/users/%5Bid%5D.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerUser, CustomerUserRole, CustomerRole, CustomerUserSession } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { CustomerSessionService } from '@open-mercato/core/modules/customer_accounts/services/customerSessionService'\nimport { CustomerRbacService } from '@open-mercato/core/modules/customer_accounts/services/customerRbacService'\nimport { adminUpdateUserSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\nimport { findOneWithDecryption, findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport const metadata = {}\n\nconst UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i\n\nexport async function GET(req: Request, { params }: { params: { id: string } }) {\n  if (!UUID_RE.test(params.id)) {\n    return NextResponse.json({ ok: false, error: 'Invalid user ID' }, { status: 400 })\n  }\n\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.view'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const user = await findOneWithDecryption(\n    em,\n    CustomerUser,\n    { id: params.id, tenantId: auth.tenantId, deletedAt: null } as any,\n    undefined,\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  const userRoles = await findWithDecryption(\n    em,\n    CustomerUserRole,\n    { user: user.id as any, deletedAt: null } as any,\n    { populate: ['role'] },\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n  const roles = userRoles.map((ur) => ({\n    id: (ur.role as any).id,\n    name: (ur.role as any).name,\n    slug: (ur.role as any).slug,\n  }))\n\n  const activeSessions = await findWithDecryption(\n    em,\n    CustomerUserSession,\n    {\n      user: user.id as any,\n      deletedAt: null,\n      expiresAt: { $gt: new Date() },\n    } as any,\n    { orderBy: { lastUsedAt: 'DESC' } },\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n\n  const sessions = activeSessions.map((session) => ({\n    id: session.id,\n    ipAddress: (session as any).ipAddress || null,\n    userAgent: (session as any).userAgent || null,\n    lastUsedAt: (session as any).lastUsedAt || null,\n    createdAt: session.createdAt,\n    expiresAt: session.expiresAt,\n  }))\n\n  return NextResponse.json({\n    ok: true,\n    id: user.id,\n    email: user.email,\n    displayName: user.displayName,\n    emailVerifiedAt: user.emailVerifiedAt || null,\n    isActive: user.isActive,\n    lockedUntil: user.lockedUntil || null,\n    lastLoginAt: user.lastLoginAt || null,\n    customerEntityId: user.customerEntityId || null,\n    personEntityId: user.personEntityId || null,\n    createdAt: user.createdAt,\n    updatedAt: user.updatedAt || null,\n    roles,\n    sessions,\n  })\n}\n\nexport async function PUT(req: Request, { params }: { params: { id: string } }) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = adminUpdateUserSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const user = await findOneWithDecryption(\n    em,\n    CustomerUser,\n    { id: params.id, tenantId: auth.tenantId, deletedAt: null } as any,\n    undefined,\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  const updates: Record<string, unknown> = {}\n  if (parsed.data.displayName !== undefined) updates.displayName = parsed.data.displayName\n  if (parsed.data.isActive !== undefined) updates.isActive = parsed.data.isActive\n  if (parsed.data.lockedUntil !== undefined) updates.lockedUntil = parsed.data.lockedUntil ? new Date(parsed.data.lockedUntil) : null\n  if (parsed.data.personEntityId !== undefined) updates.personEntityId = parsed.data.personEntityId\n  if (parsed.data.customerEntityId !== undefined) updates.customerEntityId = parsed.data.customerEntityId\n\n  if (Object.keys(updates).length > 0) {\n    await em.nativeUpdate(CustomerUser, { id: user.id }, updates)\n  }\n\n  let rolesChanged = false\n  if (parsed.data.roleIds !== undefined) {\n    const requestedRoleIds = parsed.data.roleIds\n    const validRoles = requestedRoleIds.length > 0\n      ? await findWithDecryption(\n          em,\n          CustomerRole,\n          {\n            id: { $in: requestedRoleIds } as any,\n            tenantId: auth.tenantId,\n            deletedAt: null,\n          } as any,\n          undefined,\n          { tenantId: auth.tenantId, organizationId: auth.orgId },\n        )\n      : []\n    if (validRoles.length !== requestedRoleIds.length) {\n      const foundIds = new Set(validRoles.map((role) => role.id))\n      const missingId = requestedRoleIds.find((roleId) => !foundIds.has(roleId))\n      return NextResponse.json({ ok: false, error: `Role ${missingId} not found` }, { status: 400 })\n    }\n\n    await em.nativeDelete(CustomerUserRole, { user: user.id } as Record<string, unknown>)\n\n    for (const role of validRoles) {\n      const userRole = em.create(CustomerUserRole, {\n        user,\n        role,\n        createdAt: new Date(),\n      } as any)\n      em.persist(userRole)\n    }\n    await em.flush()\n    rolesChanged = true\n  }\n\n  if (rolesChanged) {\n    const customerRbacService = container.resolve('customerRbacService') as CustomerRbacService\n    await customerRbacService.invalidateUserCache(user.id)\n  }\n\n  void emitCustomerAccountsEvent('customer_accounts.user.updated', {\n    id: user.id,\n    recipientUserId: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    updatedBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true })\n}\n\nexport async function DELETE(req: Request, { params }: { params: { id: string } }) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const user = await findOneWithDecryption(\n    em,\n    CustomerUser,\n    { id: params.id, tenantId: auth.tenantId, deletedAt: null } as any,\n    undefined,\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n  const customerSessionService = container.resolve('customerSessionService') as CustomerSessionService\n\n  await customerUserService.softDelete(user.id)\n  await customerSessionService.revokeAllUserSessions(user.id)\n\n  void emitCustomerAccountsEvent('customer_accounts.user.deleted', {\n    id: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    deletedBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true })\n}\n\nconst roleSchema = z.object({ id: z.string().uuid(), name: z.string(), slug: z.string() })\nconst userDetailSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string(),\n  displayName: z.string(),\n  emailVerified: z.boolean(),\n  isActive: z.boolean(),\n  lockedUntil: z.string().datetime().nullable(),\n  lastLoginAt: z.string().datetime().nullable(),\n  failedLoginAttempts: z.number(),\n  customerEntityId: z.string().uuid().nullable(),\n  personEntityId: z.string().uuid().nullable(),\n  createdAt: z.string().datetime(),\n  updatedAt: z.string().datetime().nullable(),\n  roles: z.array(roleSchema),\n  activeSessionCount: z.number(),\n})\n\nconst successSchema = z.object({ ok: z.literal(true) })\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst getMethodDoc: OpenApiMethodDoc = {\n  summary: 'Get customer user detail (admin)',\n  description: 'Returns full customer user details including CRM links, roles, and active session count.',\n  tags: ['Customer Accounts Admin'],\n  responses: [{\n    status: 200,\n    description: 'User detail',\n    schema: z.object({ ok: z.literal(true), user: userDetailSchema }),\n  }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nconst putMethodDoc: OpenApiMethodDoc = {\n  summary: 'Update customer user (admin)',\n  description: 'Updates a customer user. Staff can update status, lock, CRM links, and roles. Role assignment bypasses customer_assignable check.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: adminUpdateUserSchema },\n  responses: [{ status: 200, description: 'User updated', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed or role not found', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nconst deleteMethodDoc: OpenApiMethodDoc = {\n  summary: 'Delete customer user (admin)',\n  description: 'Soft deletes a customer user and revokes all their active sessions.',\n  tags: ['Customer Accounts Admin'],\n  responses: [{ status: 200, description: 'User deleted', schema: successSchema }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer user detail management (admin)',\n  pathParams: z.object({ id: z.string().uuid() }),\n  methods: {\n    GET: getMethodDoc,\n    PUT: putMethodDoc,\n    DELETE: deleteMethodDoc,\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,cAAc,kBAAkB,cAAc,2BAA2B;AAIlF,SAAS,6BAA6B;AACtC,SAAS,iCAAiC;AAC1C,SAAS,uBAAuB,0BAA0B;AAEnD,MAAM,WAAW,CAAC;AAEzB,MAAM,UAAU;AAEhB,eAAsB,IAAI,KAAc,EAAE,OAAO,GAA+B;AAC9E,MAAI,CAAC,QAAQ,KAAK,OAAO,EAAE,GAAG;AAC5B,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACnF;AAEA,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,wBAAwB,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACpJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,OAAO,IAAI,UAAU,KAAK,UAAU,WAAW,KAAK;AAAA,IAC1D;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AACA,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,QAAM,YAAY,MAAM;AAAA,IACtB;AAAA,IACA;AAAA,IACA,EAAE,MAAM,KAAK,IAAW,WAAW,KAAK;AAAA,IACxC,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,IACrB,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AACA,QAAM,QAAQ,UAAU,IAAI,CAAC,QAAQ;AAAA,IACnC,IAAK,GAAG,KAAa;AAAA,IACrB,MAAO,GAAG,KAAa;AAAA,IACvB,MAAO,GAAG,KAAa;AAAA,EACzB,EAAE;AAEF,QAAM,iBAAiB,MAAM;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,MACE,MAAM,KAAK;AAAA,MACX,WAAW;AAAA,MACX,WAAW,EAAE,KAAK,oBAAI,KAAK,EAAE;AAAA,IAC/B;AAAA,IACA,EAAE,SAAS,EAAE,YAAY,OAAO,EAAE;AAAA,IAClC,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AAEA,QAAM,WAAW,eAAe,IAAI,CAAC,aAAa;AAAA,IAChD,IAAI,QAAQ;AAAA,IACZ,WAAY,QAAgB,aAAa;AAAA,IACzC,WAAY,QAAgB,aAAa;AAAA,IACzC,YAAa,QAAgB,cAAc;AAAA,IAC3C,WAAW,QAAQ;AAAA,IACnB,WAAW,QAAQ;AAAA,EACrB,EAAE;AAEF,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,aAAa,KAAK;AAAA,IAClB,iBAAiB,KAAK,mBAAmB;AAAA,IACzC,UAAU,KAAK;AAAA,IACf,aAAa,KAAK,eAAe;AAAA,IACjC,aAAa,KAAK,eAAe;AAAA,IACjC,kBAAkB,KAAK,oBAAoB;AAAA,IAC3C,gBAAgB,KAAK,kBAAkB;AAAA,IACvC,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK,aAAa;AAAA,IAC7B;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,IAAI,KAAc,EAAE,OAAO,GAA+B;AAC9E,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,sBAAsB,UAAU,IAAI;AACnD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,OAAO,IAAI,UAAU,KAAK,UAAU,WAAW,KAAK;AAAA,IAC1D;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AACA,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,QAAM,UAAmC,CAAC;AAC1C,MAAI,OAAO,KAAK,gBAAgB,OAAW,SAAQ,cAAc,OAAO,KAAK;AAC7E,MAAI,OAAO,KAAK,aAAa,OAAW,SAAQ,WAAW,OAAO,KAAK;AACvE,MAAI,OAAO,KAAK,gBAAgB,OAAW,SAAQ,cAAc,OAAO,KAAK,cAAc,IAAI,KAAK,OAAO,KAAK,WAAW,IAAI;AAC/H,MAAI,OAAO,KAAK,mBAAmB,OAAW,SAAQ,iBAAiB,OAAO,KAAK;AACnF,MAAI,OAAO,KAAK,qBAAqB,OAAW,SAAQ,mBAAmB,OAAO,KAAK;AAEvF,MAAI,OAAO,KAAK,OAAO,EAAE,SAAS,GAAG;AACnC,UAAM,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,OAAO;AAAA,EAC9D;AAEA,MAAI,eAAe;AACnB,MAAI,OAAO,KAAK,YAAY,QAAW;AACrC,UAAM,mBAAmB,OAAO,KAAK;AACrC,UAAM,aAAa,iBAAiB,SAAS,IACzC,MAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,QACE,IAAI,EAAE,KAAK,iBAAiB;AAAA,QAC5B,UAAU,KAAK;AAAA,QACf,WAAW;AAAA,MACb;AAAA,MACA;AAAA,MACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,IACxD,IACA,CAAC;AACL,QAAI,WAAW,WAAW,iBAAiB,QAAQ;AACjD,YAAM,WAAW,IAAI,IAAI,WAAW,IAAI,CAAC,SAAS,KAAK,EAAE,CAAC;AAC1D,YAAM,YAAY,iBAAiB,KAAK,CAAC,WAAW,CAAC,SAAS,IAAI,MAAM,CAAC;AACzE,aAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,QAAQ,SAAS,aAAa,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC/F;AAEA,UAAM,GAAG,aAAa,kBAAkB,EAAE,MAAM,KAAK,GAAG,CAA4B;AAEpF,eAAW,QAAQ,YAAY;AAC7B,YAAM,WAAW,GAAG,OAAO,kBAAkB;AAAA,QAC3C;AAAA,QACA;AAAA,QACA,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAQ;AACR,SAAG,QAAQ,QAAQ;AAAA,IACrB;AACA,UAAM,GAAG,MAAM;AACf,mBAAe;AAAA,EACjB;AAEA,MAAI,cAAc;AAChB,UAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,UAAM,oBAAoB,oBAAoB,KAAK,EAAE;AAAA,EACvD;AAEA,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,iBAAiB,KAAK;AAAA,IACtB,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW,KAAK;AAAA,EAClB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,eAAsB,OAAO,KAAc,EAAE,OAAO,GAA+B;AACjF,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,OAAO,IAAI,UAAU,KAAK,UAAU,WAAW,KAAK;AAAA,IAC1D;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AACA,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,QAAM,yBAAyB,UAAU,QAAQ,wBAAwB;AAEzE,QAAM,oBAAoB,WAAW,KAAK,EAAE;AAC5C,QAAM,uBAAuB,sBAAsB,KAAK,EAAE;AAE1D,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW,KAAK;AAAA,EAClB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,MAAM,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC;AACzF,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO;AAAA,EAChB,aAAa,EAAE,OAAO;AAAA,EACtB,eAAe,EAAE,QAAQ;AAAA,EACzB,UAAU,EAAE,QAAQ;AAAA,EACpB,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,qBAAqB,EAAE,OAAO;AAAA,EAC9B,kBAAkB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC7C,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,OAAO,EAAE,MAAM,UAAU;AAAA,EACzB,oBAAoB,EAAE,OAAO;AAC/B,CAAC;AAED,MAAM,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AACtD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,WAAW,CAAC;AAAA,IACV,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,MAAM,iBAAiB,CAAC;AAAA,EAClE,CAAC;AAAA,EACD,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEA,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,sBAAsB;AAAA,EAC7C,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,uCAAuC,QAAQ,YAAY;AAAA,IACvF,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEA,MAAM,kBAAoC;AAAA,EACxC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,EAC9C,SAAS;AAAA,IACP,KAAK;AAAA,IACL,KAAK;AAAA,IACL,QAAQ;AAAA,EACV;AACF;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerUser, CustomerUserRole, CustomerRole, CustomerUserSession } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { CustomerSessionService } from '@open-mercato/core/modules/customer_accounts/services/customerSessionService'\nimport { CustomerRbacService } from '@open-mercato/core/modules/customer_accounts/services/customerRbacService'\nimport { adminUpdateUserSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\nimport { findOneWithDecryption, findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { isOwnedCompanyEntity } from '@open-mercato/core/modules/customer_accounts/lib/customerEntityOwnership'\nimport { enforceCommandOptimisticLock } from '@open-mercato/shared/lib/crud/optimistic-lock-command'\nimport { isCrudHttpError } from '@open-mercato/shared/lib/crud/errors'\n\nexport const metadata = {}\n\nconst UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i\n\nexport async function GET(req: Request, { params }: { params: { id: string } }) {\n  if (!UUID_RE.test(params.id)) {\n    return NextResponse.json({ ok: false, error: 'Invalid user ID' }, { status: 400 })\n  }\n\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.view'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const user = await findOneWithDecryption(\n    em,\n    CustomerUser,\n    { id: params.id, tenantId: auth.tenantId, deletedAt: null } as any,\n    undefined,\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  const userRoles = await findWithDecryption(\n    em,\n    CustomerUserRole,\n    { user: user.id as any, deletedAt: null } as any,\n    { populate: ['role'] },\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n  const roles = userRoles.map((ur) => ({\n    id: (ur.role as any).id,\n    name: (ur.role as any).name,\n    slug: (ur.role as any).slug,\n  }))\n\n  const activeSessions = await findWithDecryption(\n    em,\n    CustomerUserSession,\n    {\n      user: user.id as any,\n      deletedAt: null,\n      expiresAt: { $gt: new Date() },\n    } as any,\n    { orderBy: { lastUsedAt: 'DESC' } },\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n\n  const sessions = activeSessions.map((session) => ({\n    id: session.id,\n    ipAddress: (session as any).ipAddress || null,\n    userAgent: (session as any).userAgent || null,\n    lastUsedAt: (session as any).lastUsedAt || null,\n    createdAt: session.createdAt,\n    expiresAt: session.expiresAt,\n  }))\n\n  return NextResponse.json({\n    ok: true,\n    id: user.id,\n    email: user.email,\n    displayName: user.displayName,\n    emailVerifiedAt: user.emailVerifiedAt || null,\n    isActive: user.isActive,\n    lockedUntil: user.lockedUntil || null,\n    lastLoginAt: user.lastLoginAt || null,\n    customerEntityId: user.customerEntityId || null,\n    personEntityId: user.personEntityId || null,\n    createdAt: user.createdAt,\n    updatedAt: user.updatedAt || null,\n    roles,\n    sessions,\n  })\n}\n\nexport async function PUT(req: Request, { params }: { params: { id: string } }) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = adminUpdateUserSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const user = await findOneWithDecryption(\n    em,\n    CustomerUser,\n    { id: params.id, tenantId: auth.tenantId, deletedAt: null } as any,\n    undefined,\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  // Optimistic lock: refuse a stale overwrite so two admins editing the same\n  // customer user in parallel cannot silently clobber each other (#2055). The\n  // check is strictly additive \u2014 a no-op when the client sends no expected-version header.\n  try {\n    enforceCommandOptimisticLock({\n      resourceKind: 'customer_accounts.user',\n      resourceId: user.id,\n      current: user.updatedAt ?? null,\n      request: req,\n    })\n  } catch (err) {\n    if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n    throw err\n  }\n\n  // Reject a customerEntityId the caller does not own before persisting it.\n  // Without this check a mislinked company FK cross-links the user into another\n  // org/company's portal context and persists indefinitely (#2693). A null value\n  // (unlink) needs no ownership check.\n  if (parsed.data.customerEntityId) {\n    const owned = await isOwnedCompanyEntity(em, parsed.data.customerEntityId, {\n      tenantId: auth.tenantId,\n      organizationId: auth.orgId,\n    })\n    if (!owned) {\n      return NextResponse.json({ ok: false, error: 'Company not found' }, { status: 400 })\n    }\n  }\n\n  // Always bump updated_at so the optimistic-lock version advances on every save.\n  // `nativeUpdate` bypasses MikroORM's `onUpdate` hook, so set it explicitly \u2014 without\n  // this the version never changes and concurrent edits cannot be detected (#2055).\n  const nextUpdatedAt = new Date()\n  const updates: Record<string, unknown> = { updatedAt: nextUpdatedAt }\n  if (parsed.data.displayName !== undefined) updates.displayName = parsed.data.displayName\n  if (parsed.data.isActive !== undefined) updates.isActive = parsed.data.isActive\n  if (parsed.data.lockedUntil !== undefined) updates.lockedUntil = parsed.data.lockedUntil ? new Date(parsed.data.lockedUntil) : null\n  if (parsed.data.personEntityId !== undefined) updates.personEntityId = parsed.data.personEntityId\n  if (parsed.data.customerEntityId !== undefined) updates.customerEntityId = parsed.data.customerEntityId\n\n  await em.nativeUpdate(CustomerUser, { id: user.id }, updates)\n\n  let rolesChanged = false\n  if (parsed.data.roleIds !== undefined) {\n    const requestedRoleIds = parsed.data.roleIds\n    // Scope role resolution to the caller's organization too \u2014 CustomerRole is\n    // org-scoped, so a tenant-only filter would let an admin link roles from\n    // another org in the same tenant (#2693).\n    const validRoles = requestedRoleIds.length > 0\n      ? await findWithDecryption(\n          em,\n          CustomerRole,\n          {\n            id: { $in: requestedRoleIds } as any,\n            tenantId: auth.tenantId,\n            organizationId: auth.orgId,\n            deletedAt: null,\n          } as any,\n          undefined,\n          { tenantId: auth.tenantId, organizationId: auth.orgId },\n        )\n      : []\n    if (validRoles.length !== requestedRoleIds.length) {\n      const foundIds = new Set(validRoles.map((role) => role.id))\n      const missingId = requestedRoleIds.find((roleId) => !foundIds.has(roleId))\n      return NextResponse.json({ ok: false, error: `Role ${missingId} not found` }, { status: 400 })\n    }\n\n    await em.nativeDelete(CustomerUserRole, { user: user.id } as Record<string, unknown>)\n\n    for (const role of validRoles) {\n      const userRole = em.create(CustomerUserRole, {\n        user,\n        role,\n        createdAt: new Date(),\n      } as any)\n      em.persist(userRole)\n    }\n    await em.flush()\n    rolesChanged = true\n  }\n\n  if (rolesChanged) {\n    const customerRbacService = container.resolve('customerRbacService') as CustomerRbacService\n    await customerRbacService.invalidateUserCache(user.id)\n  }\n\n  void emitCustomerAccountsEvent('customer_accounts.user.updated', {\n    id: user.id,\n    recipientUserId: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    updatedBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true, updatedAt: nextUpdatedAt.toISOString() })\n}\n\nexport async function DELETE(req: Request, { params }: { params: { id: string } }) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const user = await findOneWithDecryption(\n    em,\n    CustomerUser,\n    { id: params.id, tenantId: auth.tenantId, deletedAt: null } as any,\n    undefined,\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  // Optimistic lock: refuse a stale delete (e.g. deleting a record another admin\n  // already modified). Strictly additive \u2014 a no-op without the expected-version header.\n  try {\n    enforceCommandOptimisticLock({\n      resourceKind: 'customer_accounts.user',\n      resourceId: user.id,\n      current: user.updatedAt ?? null,\n      request: req,\n    })\n  } catch (err) {\n    if (isCrudHttpError(err)) return NextResponse.json(err.body, { status: err.status })\n    throw err\n  }\n\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n  const customerSessionService = container.resolve('customerSessionService') as CustomerSessionService\n\n  await customerUserService.softDelete(user.id)\n  await customerSessionService.revokeAllUserSessions(user.id)\n\n  void emitCustomerAccountsEvent('customer_accounts.user.deleted', {\n    id: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    deletedBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true })\n}\n\nconst roleSchema = z.object({ id: z.string().uuid(), name: z.string(), slug: z.string() })\nconst userDetailSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string(),\n  displayName: z.string(),\n  emailVerified: z.boolean(),\n  isActive: z.boolean(),\n  lockedUntil: z.string().datetime().nullable(),\n  lastLoginAt: z.string().datetime().nullable(),\n  failedLoginAttempts: z.number(),\n  customerEntityId: z.string().uuid().nullable(),\n  personEntityId: z.string().uuid().nullable(),\n  createdAt: z.string().datetime(),\n  updatedAt: z.string().datetime().nullable(),\n  roles: z.array(roleSchema),\n  activeSessionCount: z.number(),\n})\n\nconst successSchema = z.object({ ok: z.literal(true) })\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst getMethodDoc: OpenApiMethodDoc = {\n  summary: 'Get customer user detail (admin)',\n  description: 'Returns full customer user details including CRM links, roles, and active session count.',\n  tags: ['Customer Accounts Admin'],\n  responses: [{\n    status: 200,\n    description: 'User detail',\n    schema: z.object({ ok: z.literal(true), user: userDetailSchema }),\n  }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nconst putMethodDoc: OpenApiMethodDoc = {\n  summary: 'Update customer user (admin)',\n  description: 'Updates a customer user. Staff can update status, lock, CRM links, and roles. Role assignment bypasses customer_assignable check.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: adminUpdateUserSchema },\n  responses: [{ status: 200, description: 'User updated', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed or role not found', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nconst deleteMethodDoc: OpenApiMethodDoc = {\n  summary: 'Delete customer user (admin)',\n  description: 'Soft deletes a customer user and revokes all their active sessions.',\n  tags: ['Customer Accounts Admin'],\n  responses: [{ status: 200, description: 'User deleted', schema: successSchema }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer user detail management (admin)',\n  pathParams: z.object({ id: z.string().uuid() }),\n  methods: {\n    GET: getMethodDoc,\n    PUT: putMethodDoc,\n    DELETE: deleteMethodDoc,\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,cAAc,kBAAkB,cAAc,2BAA2B;AAIlF,SAAS,6BAA6B;AACtC,SAAS,iCAAiC;AAC1C,SAAS,uBAAuB,0BAA0B;AAC1D,SAAS,4BAA4B;AACrC,SAAS,oCAAoC;AAC7C,SAAS,uBAAuB;AAEzB,MAAM,WAAW,CAAC;AAEzB,MAAM,UAAU;AAEhB,eAAsB,IAAI,KAAc,EAAE,OAAO,GAA+B;AAC9E,MAAI,CAAC,QAAQ,KAAK,OAAO,EAAE,GAAG;AAC5B,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACnF;AAEA,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,wBAAwB,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACpJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,OAAO,IAAI,UAAU,KAAK,UAAU,WAAW,KAAK;AAAA,IAC1D;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AACA,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,QAAM,YAAY,MAAM;AAAA,IACtB;AAAA,IACA;AAAA,IACA,EAAE,MAAM,KAAK,IAAW,WAAW,KAAK;AAAA,IACxC,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,IACrB,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AACA,QAAM,QAAQ,UAAU,IAAI,CAAC,QAAQ;AAAA,IACnC,IAAK,GAAG,KAAa;AAAA,IACrB,MAAO,GAAG,KAAa;AAAA,IACvB,MAAO,GAAG,KAAa;AAAA,EACzB,EAAE;AAEF,QAAM,iBAAiB,MAAM;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,MACE,MAAM,KAAK;AAAA,MACX,WAAW;AAAA,MACX,WAAW,EAAE,KAAK,oBAAI,KAAK,EAAE;AAAA,IAC/B;AAAA,IACA,EAAE,SAAS,EAAE,YAAY,OAAO,EAAE;AAAA,IAClC,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AAEA,QAAM,WAAW,eAAe,IAAI,CAAC,aAAa;AAAA,IAChD,IAAI,QAAQ;AAAA,IACZ,WAAY,QAAgB,aAAa;AAAA,IACzC,WAAY,QAAgB,aAAa;AAAA,IACzC,YAAa,QAAgB,cAAc;AAAA,IAC3C,WAAW,QAAQ;AAAA,IACnB,WAAW,QAAQ;AAAA,EACrB,EAAE;AAEF,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,aAAa,KAAK;AAAA,IAClB,iBAAiB,KAAK,mBAAmB;AAAA,IACzC,UAAU,KAAK;AAAA,IACf,aAAa,KAAK,eAAe;AAAA,IACjC,aAAa,KAAK,eAAe;AAAA,IACjC,kBAAkB,KAAK,oBAAoB;AAAA,IAC3C,gBAAgB,KAAK,kBAAkB;AAAA,IACvC,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK,aAAa;AAAA,IAC7B;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,IAAI,KAAc,EAAE,OAAO,GAA+B;AAC9E,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,sBAAsB,UAAU,IAAI;AACnD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,OAAO,IAAI,UAAU,KAAK,UAAU,WAAW,KAAK;AAAA,IAC1D;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AACA,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAKA,MAAI;AACF,iCAA6B;AAAA,MAC3B,cAAc;AAAA,MACd,YAAY,KAAK;AAAA,MACjB,SAAS,KAAK,aAAa;AAAA,MAC3B,SAAS;AAAA,IACX,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,QAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAM;AAAA,EACR;AAMA,MAAI,OAAO,KAAK,kBAAkB;AAChC,UAAM,QAAQ,MAAM,qBAAqB,IAAI,OAAO,KAAK,kBAAkB;AAAA,MACzE,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,IACvB,CAAC;AACD,QAAI,CAAC,OAAO;AACV,aAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACrF;AAAA,EACF;AAKA,QAAM,gBAAgB,oBAAI,KAAK;AAC/B,QAAM,UAAmC,EAAE,WAAW,cAAc;AACpE,MAAI,OAAO,KAAK,gBAAgB,OAAW,SAAQ,cAAc,OAAO,KAAK;AAC7E,MAAI,OAAO,KAAK,aAAa,OAAW,SAAQ,WAAW,OAAO,KAAK;AACvE,MAAI,OAAO,KAAK,gBAAgB,OAAW,SAAQ,cAAc,OAAO,KAAK,cAAc,IAAI,KAAK,OAAO,KAAK,WAAW,IAAI;AAC/H,MAAI,OAAO,KAAK,mBAAmB,OAAW,SAAQ,iBAAiB,OAAO,KAAK;AACnF,MAAI,OAAO,KAAK,qBAAqB,OAAW,SAAQ,mBAAmB,OAAO,KAAK;AAEvF,QAAM,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,OAAO;AAE5D,MAAI,eAAe;AACnB,MAAI,OAAO,KAAK,YAAY,QAAW;AACrC,UAAM,mBAAmB,OAAO,KAAK;AAIrC,UAAM,aAAa,iBAAiB,SAAS,IACzC,MAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,QACE,IAAI,EAAE,KAAK,iBAAiB;AAAA,QAC5B,UAAU,KAAK;AAAA,QACf,gBAAgB,KAAK;AAAA,QACrB,WAAW;AAAA,MACb;AAAA,MACA;AAAA,MACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,IACxD,IACA,CAAC;AACL,QAAI,WAAW,WAAW,iBAAiB,QAAQ;AACjD,YAAM,WAAW,IAAI,IAAI,WAAW,IAAI,CAAC,SAAS,KAAK,EAAE,CAAC;AAC1D,YAAM,YAAY,iBAAiB,KAAK,CAAC,WAAW,CAAC,SAAS,IAAI,MAAM,CAAC;AACzE,aAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,QAAQ,SAAS,aAAa,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC/F;AAEA,UAAM,GAAG,aAAa,kBAAkB,EAAE,MAAM,KAAK,GAAG,CAA4B;AAEpF,eAAW,QAAQ,YAAY;AAC7B,YAAM,WAAW,GAAG,OAAO,kBAAkB;AAAA,QAC3C;AAAA,QACA;AAAA,QACA,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAQ;AACR,SAAG,QAAQ,QAAQ;AAAA,IACrB;AACA,UAAM,GAAG,MAAM;AACf,mBAAe;AAAA,EACjB;AAEA,MAAI,cAAc;AAChB,UAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,UAAM,oBAAoB,oBAAoB,KAAK,EAAE;AAAA,EACvD;AAEA,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,iBAAiB,KAAK;AAAA,IACtB,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW,KAAK;AAAA,EAClB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,MAAM,WAAW,cAAc,YAAY,EAAE,CAAC;AAC/E;AAEA,eAAsB,OAAO,KAAc,EAAE,OAAO,GAA+B;AACjF,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM;AAAA,IACjB;AAAA,IACA;AAAA,IACA,EAAE,IAAI,OAAO,IAAI,UAAU,KAAK,UAAU,WAAW,KAAK;AAAA,IAC1D;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AACA,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAIA,MAAI;AACF,iCAA6B;AAAA,MAC3B,cAAc;AAAA,MACd,YAAY,KAAK;AAAA,MACjB,SAAS,KAAK,aAAa;AAAA,MAC3B,SAAS;AAAA,IACX,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,QAAI,gBAAgB,GAAG,EAAG,QAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AACnF,UAAM;AAAA,EACR;AAEA,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,QAAM,yBAAyB,UAAU,QAAQ,wBAAwB;AAEzE,QAAM,oBAAoB,WAAW,KAAK,EAAE;AAC5C,QAAM,uBAAuB,sBAAsB,KAAK,EAAE;AAE1D,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW,KAAK;AAAA,EAClB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,MAAM,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC;AACzF,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO;AAAA,EAChB,aAAa,EAAE,OAAO;AAAA,EACtB,eAAe,EAAE,QAAQ;AAAA,EACzB,UAAU,EAAE,QAAQ;AAAA,EACpB,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,qBAAqB,EAAE,OAAO;AAAA,EAC9B,kBAAkB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC7C,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,OAAO,EAAE,MAAM,UAAU;AAAA,EACzB,oBAAoB,EAAE,OAAO;AAC/B,CAAC;AAED,MAAM,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AACtD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,WAAW,CAAC;AAAA,IACV,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,MAAM,iBAAiB,CAAC;AAAA,EAClE,CAAC;AAAA,EACD,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEA,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,sBAAsB;AAAA,EAC7C,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,uCAAuC,QAAQ,YAAY;AAAA,IACvF,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEA,MAAM,kBAAoC;AAAA,EACxC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,EAC9C,SAAS;AAAA,IACP,KAAK;AAAA,IACL,KAAK;AAAA,IACL,QAAQ;AAAA,EACV;AACF;",
   "names": []
 }

package/dist/modules/customer_accounts/api/admin/users-invite.js CHANGED Viewed

@@ -3,12 +3,27 @@ import { z } from "zod";
 import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
 import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
 import { inviteUserSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+import { rateLimitErrorSchema } from "@open-mercato/shared/lib/ratelimit/helpers";
+import {
+  checkAuthRateLimit,
+  customerInviteRateLimitConfig,
+  customerInviteIpRateLimitConfig
+} from "@open-mercato/core/modules/customer_accounts/lib/rateLimiter";
+import { readNormalizedEmailFromJsonRequest } from "@open-mercato/core/modules/customer_accounts/lib/rateLimitIdentifier";
 const metadata = {};
 async function POST(req) {
   const auth = await getAuthFromRequest(req);
   if (!auth) {
     return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
   }
+  const rateLimitEmail = await readNormalizedEmailFromJsonRequest(req);
+  const { error: rateLimitError } = await checkAuthRateLimit({
+    req,
+    ipConfig: customerInviteIpRateLimitConfig,
+    compoundConfig: customerInviteRateLimitConfig,
+    compoundIdentifier: rateLimitEmail
+  });
+  if (rateLimitError) return rateLimitError;
   const container = await createRequestContainer();
   const rbacService = container.resolve("rbacService");
   const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.invite"], { tenantId: auth.tenantId, organizationId: auth.orgId });
@@ -63,7 +78,8 @@ const methodDoc = {
   errors: [
     { status: 400, description: "Validation failed", schema: errorSchema },
     { status: 401, description: "Not authenticated", schema: errorSchema },
-    { status: 403, description: "Insufficient permissions", schema: errorSchema }
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 429, description: "Too many invitation requests", schema: rateLimitErrorSchema }
   ]
 };
 const openApi = {

package/dist/modules/customer_accounts/api/admin/users-invite.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/modules/customer_accounts/api/admin/users-invite.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerInvitationService } from '@open-mercato/core/modules/customer_accounts/services/customerInvitationService'\nimport { inviteUserSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\n\nexport const metadata = {}\n\nexport async function POST(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.invite'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = inviteUserSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const customerInvitationService = container.resolve('customerInvitationService') as CustomerInvitationService\n\n  const { invitation } = await customerInvitationService.createInvitation(\n    parsed.data.email,\n    { tenantId: auth.tenantId!, organizationId: auth.orgId! },\n    {\n      customerEntityId: parsed.data.customerEntityId || null,\n      roleIds: parsed.data.roleIds,\n      invitedByUserId: auth.sub,\n      displayName: parsed.data.displayName || null,\n    },\n  )\n\n  return NextResponse.json({\n    ok: true,\n    invitation: {\n      id: invitation.id,\n      email: invitation.email,\n      expiresAt: invitation.expiresAt,\n    },\n  }, { status: 201 })\n}\n\nconst successSchema = z.object({\n  ok: z.literal(true),\n  invitation: z.object({\n    id: z.string().uuid(),\n    email: z.string(),\n    expiresAt: z.string().datetime(),\n  }),\n})\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Invite customer user (admin)',\n  description: 'Creates a staff-initiated invitation for a new customer user. The invitedByUserId is set from the staff auth context.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: inviteUserSchema },\n  responses: [{ status: 201, description: 'Invitation created', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Invite customer user (admin)',\n  methods: { POST: methodDoc },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,wBAAwB;AAE1B,MAAM,WAAW,CAAC;AAEzB,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,iBAAiB,UAAU,IAAI;AAC9C,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,4BAA4B,UAAU,QAAQ,2BAA2B;AAE/E,QAAM,EAAE,WAAW,IAAI,MAAM,0BAA0B;AAAA,IACrD,OAAO,KAAK;AAAA,IACZ,EAAE,UAAU,KAAK,UAAW,gBAAgB,KAAK,MAAO;AAAA,IACxD;AAAA,MACE,kBAAkB,OAAO,KAAK,oBAAoB;AAAA,MAClD,SAAS,OAAO,KAAK;AAAA,MACrB,iBAAiB,KAAK;AAAA,MACtB,aAAa,OAAO,KAAK,eAAe;AAAA,IAC1C;AAAA,EACF;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,YAAY;AAAA,MACV,IAAI,WAAW;AAAA,MACf,OAAO,WAAW;AAAA,MAClB,WAAW,WAAW;AAAA,IACxB;AAAA,EACF,GAAG,EAAE,QAAQ,IAAI,CAAC;AACpB;AAEA,MAAM,gBAAgB,EAAE,OAAO;AAAA,EAC7B,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,YAAY,EAAE,OAAO;AAAA,IACnB,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,OAAO,EAAE,OAAO;AAAA,IAChB,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,CAAC;AACH,CAAC;AACD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,iBAAiB;AAAA,EACxC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,sBAAsB,QAAQ,cAAc,CAAC;AAAA,EACrF,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,EAC9E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,SAAS,EAAE,MAAM,UAAU;AAC7B;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerInvitationService } from '@open-mercato/core/modules/customer_accounts/services/customerInvitationService'\nimport { inviteUserSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { rateLimitErrorSchema } from '@open-mercato/shared/lib/ratelimit/helpers'\nimport {\n  checkAuthRateLimit,\n  customerInviteRateLimitConfig,\n  customerInviteIpRateLimitConfig,\n} from '@open-mercato/core/modules/customer_accounts/lib/rateLimiter'\nimport { readNormalizedEmailFromJsonRequest } from '@open-mercato/core/modules/customer_accounts/lib/rateLimitIdentifier'\n\nexport const metadata = {}\n\nexport async function POST(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const rateLimitEmail = await readNormalizedEmailFromJsonRequest(req)\n  const { error: rateLimitError } = await checkAuthRateLimit({\n    req,\n    ipConfig: customerInviteIpRateLimitConfig,\n    compoundConfig: customerInviteRateLimitConfig,\n    compoundIdentifier: rateLimitEmail,\n  })\n  if (rateLimitError) return rateLimitError\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.invite'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = inviteUserSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const customerInvitationService = container.resolve('customerInvitationService') as CustomerInvitationService\n\n  const { invitation } = await customerInvitationService.createInvitation(\n    parsed.data.email,\n    { tenantId: auth.tenantId!, organizationId: auth.orgId! },\n    {\n      customerEntityId: parsed.data.customerEntityId || null,\n      roleIds: parsed.data.roleIds,\n      invitedByUserId: auth.sub,\n      displayName: parsed.data.displayName || null,\n    },\n  )\n\n  return NextResponse.json({\n    ok: true,\n    invitation: {\n      id: invitation.id,\n      email: invitation.email,\n      expiresAt: invitation.expiresAt,\n    },\n  }, { status: 201 })\n}\n\nconst successSchema = z.object({\n  ok: z.literal(true),\n  invitation: z.object({\n    id: z.string().uuid(),\n    email: z.string(),\n    expiresAt: z.string().datetime(),\n  }),\n})\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Invite customer user (admin)',\n  description: 'Creates a staff-initiated invitation for a new customer user. The invitedByUserId is set from the staff auth context.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: inviteUserSchema },\n  responses: [{ status: 201, description: 'Invitation created', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 429, description: 'Too many invitation requests', schema: rateLimitErrorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Invite customer user (admin)',\n  methods: { POST: methodDoc },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,wBAAwB;AACjC,SAAS,4BAA4B;AACrC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,0CAA0C;AAE5C,MAAM,WAAW,CAAC;AAEzB,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,iBAAiB,MAAM,mCAAmC,GAAG;AACnE,QAAM,EAAE,OAAO,eAAe,IAAI,MAAM,mBAAmB;AAAA,IACzD;AAAA,IACA,UAAU;AAAA,IACV,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB,CAAC;AACD,MAAI,eAAgB,QAAO;AAE3B,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,iBAAiB,UAAU,IAAI;AAC9C,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,4BAA4B,UAAU,QAAQ,2BAA2B;AAE/E,QAAM,EAAE,WAAW,IAAI,MAAM,0BAA0B;AAAA,IACrD,OAAO,KAAK;AAAA,IACZ,EAAE,UAAU,KAAK,UAAW,gBAAgB,KAAK,MAAO;AAAA,IACxD;AAAA,MACE,kBAAkB,OAAO,KAAK,oBAAoB;AAAA,MAClD,SAAS,OAAO,KAAK;AAAA,MACrB,iBAAiB,KAAK;AAAA,MACtB,aAAa,OAAO,KAAK,eAAe;AAAA,IAC1C;AAAA,EACF;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,YAAY;AAAA,MACV,IAAI,WAAW;AAAA,MACf,OAAO,WAAW;AAAA,MAClB,WAAW,WAAW;AAAA,IACxB;AAAA,EACF,GAAG,EAAE,QAAQ,IAAI,CAAC;AACpB;AAEA,MAAM,gBAAgB,EAAE,OAAO;AAAA,EAC7B,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,YAAY,EAAE,OAAO;AAAA,IACnB,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,OAAO,EAAE,OAAO;AAAA,IAChB,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,CAAC;AACH,CAAC;AACD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,iBAAiB;AAAA,EACxC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,sBAAsB,QAAQ,cAAc,CAAC;AAAA,EACrF,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,gCAAgC,QAAQ,qBAAqB;AAAA,EAC3F;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,SAAS,EAAE,MAAM,UAAU;AAC7B;",
   "names": []
 }

package/dist/modules/customer_accounts/api/admin/users.js CHANGED Viewed

@@ -5,8 +5,9 @@ import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
 import { CustomerUser, CustomerUserRole, CustomerRole } from "@open-mercato/core/modules/customer_accounts/data/entities";
 import { adminCreateUserSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
 import { emitCustomerAccountsEvent } from "@open-mercato/core/modules/customer_accounts/events";
-import { findAndCountWithDecryption, findWithDecryption } from "@open-mercato/shared/lib/encryption/find";
-import { hashForLookup } from "@open-mercato/shared/lib/encryption/aes";
+import { findAndCountWithDecryption, findWithDecryption, findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+import { isOwnedCompanyEntity } from "@open-mercato/core/modules/customer_accounts/lib/customerEntityOwnership";
+import { lookupHashCandidates } from "@open-mercato/shared/lib/encryption/aes";
 import { E } from "../../../../generated/entities.ids.generated.js";
 import { resolveSearchConfig } from "@open-mercato/shared/lib/search/config";
 import { tokenizeText } from "@open-mercato/shared/lib/search/tokenize";
@@ -60,7 +61,7 @@ async function GET(req) {
       searchFilter.push({ id: { $in: matchedIds } });
     }
     if (EMAIL_LIKE_PATTERN.test(search)) {
-      searchFilter.push({ emailHash: hashForLookup(search) });
+      searchFilter.push({ emailHash: { $in: lookupHashCandidates(search) } });
     }
     if (searchFilter.length > 0) {
       if (where.$or) {
@@ -81,6 +82,22 @@ async function GET(req) {
   }
   let userIds = null;
   if (roleId) {
+    const scopedRole = await findOneWithDecryption(
+      em,
+      CustomerRole,
+      { id: roleId, tenantId: auth.tenantId, organizationId: auth.orgId, deletedAt: null },
+      void 0,
+      { tenantId: auth.tenantId, organizationId: auth.orgId }
+    );
+    if (!scopedRole) {
+      return NextResponse.json({
+        ok: true,
+        items: [],
+        total: 0,
+        totalPages: 1,
+        page
+      });
+    }
     const roleLinks = await findWithDecryption(
       em,
       CustomerUserRole,
@@ -140,6 +157,7 @@ async function GET(req) {
     customerEntityId: user.customerEntityId || null,
     personEntityId: user.personEntityId || null,
     createdAt: user.createdAt,
+    updatedAt: user.updatedAt || null,
     roles: rolesByUserId.get(user.id) ?? []
   }));
   const totalPages = Math.max(1, Math.ceil(total / pageSize));
@@ -178,6 +196,37 @@ async function POST(req) {
   if (existing) {
     return NextResponse.json({ ok: false, error: "A user with this email already exists" }, { status: 409 });
   }
+  let resolvedRoles = [];
+  if (parsed.data.roleIds && parsed.data.roleIds.length > 0) {
+    const requestedRoleIds = parsed.data.roleIds;
+    const validRoles = await findWithDecryption(
+      em,
+      CustomerRole,
+      {
+        id: { $in: requestedRoleIds },
+        tenantId: auth.tenantId,
+        organizationId: auth.orgId,
+        deletedAt: null
+      },
+      void 0,
+      { tenantId: auth.tenantId, organizationId: auth.orgId }
+    );
+    if (validRoles.length !== requestedRoleIds.length) {
+      const foundIds = new Set(validRoles.map((role) => role.id));
+      const missingId = requestedRoleIds.find((roleId) => !foundIds.has(roleId));
+      return NextResponse.json({ ok: false, error: `Role ${missingId} not found` }, { status: 400 });
+    }
+    resolvedRoles = validRoles;
+  }
+  if (parsed.data.customerEntityId) {
+    const owned = await isOwnedCompanyEntity(em, parsed.data.customerEntityId, {
+      tenantId: auth.tenantId,
+      organizationId: auth.orgId
+    });
+    if (!owned) {
+      return NextResponse.json({ ok: false, error: "Company not found" }, { status: 400 });
+    }
+  }
   const user = await customerUserService.createUser(
     parsed.data.email,
     parsed.data.password,
@@ -191,26 +240,13 @@ async function POST(req) {
     if (parsed.data.customerEntityId) {
       await tx.nativeUpdate(CustomerUser, { id: user.id }, { customerEntityId: parsed.data.customerEntityId });
     }
-    if (parsed.data.roleIds && parsed.data.roleIds.length > 0) {
-      const validRoles = await findWithDecryption(
-        tx,
-        CustomerRole,
-        {
-          id: { $in: parsed.data.roleIds },
-          tenantId: auth.tenantId,
-          deletedAt: null
-        },
-        void 0,
-        { tenantId: auth.tenantId, organizationId: auth.orgId }
-      );
-      for (const role of validRoles) {
-        const userRole = tx.create(CustomerUserRole, {
-          user,
-          role,
-          createdAt: /* @__PURE__ */ new Date()
-        });
-        tx.persist(userRole);
-      }
+    for (const role of resolvedRoles) {
+      const userRole = tx.create(CustomerUserRole, {
+        user,
+        role,
+        createdAt: /* @__PURE__ */ new Date()
+      });
+      tx.persist(userRole);
     }
   });
   void emitCustomerAccountsEvent("customer_accounts.user.created", {
@@ -237,6 +273,7 @@ const userSchema = z.object({
   customerEntityId: z.string().uuid().nullable(),
   personEntityId: z.string().uuid().nullable(),
   createdAt: z.string().datetime(),
+  updatedAt: z.string().datetime().nullable(),
   roles: z.array(roleSchema)
 });
 const successSchema = z.object({

package/dist/modules/customer_accounts/api/admin/users.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/modules/customer_accounts/api/admin/users.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { CustomerUser, CustomerUserRole, CustomerRole } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { adminCreateUserSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\nimport { findAndCountWithDecryption, findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { hashForLookup } from '@open-mercato/shared/lib/encryption/aes'\nimport { E } from '#generated/entities.ids.generated'\nimport { resolveSearchConfig } from '@open-mercato/shared/lib/search/config'\nimport { tokenizeText } from '@open-mercato/shared/lib/search/tokenize'\nimport { sql } from 'kysely'\n\nconst EMAIL_LIKE_PATTERN = /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/\n\nexport const metadata = {}\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.view'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as EntityManager\n\n  const url = new URL(req.url)\n  const page = Math.max(1, parseInt(url.searchParams.get('page') || '1'))\n  const pageSize = Math.min(100, Math.max(1, parseInt(url.searchParams.get('pageSize') || '25')))\n  const status = url.searchParams.get('status') as 'active' | 'inactive' | 'locked' | null\n  const customerEntityId = url.searchParams.get('customerEntityId')\n  const personEntityId = url.searchParams.get('personEntityId')\n  const roleId = url.searchParams.get('roleId')\n  const search = url.searchParams.get('search')\n\n  const where: Record<string, unknown> = {\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    deletedAt: null,\n  }\n\n  if (status === 'active') {\n    where.isActive = true\n    where.$or = [{ lockedUntil: null }, { lockedUntil: { $lt: new Date() } }]\n  } else if (status === 'inactive') {\n    where.isActive = false\n  } else if (status === 'locked') {\n    where.lockedUntil = { $gt: new Date() }\n  }\n\n  if (customerEntityId) {\n    where.customerEntityId = customerEntityId\n  }\n\n  if (personEntityId) {\n    where.personEntityId = personEntityId\n  }\n\n  if (search) {\n    const trimmedSearch = search.trim()\n    // email/displayName are stored encrypted, so SQL ILIKE on the ciphertext\n    // never matches a plaintext search term. Use search_tokens table for partial\n    // matches and emailHash for exact email lookups.\n    const searchFilter: Record<string, unknown>[] = []\n\n    // Search encrypted fields via search_tokens\n    const matchedIds = await findCustomerUserIdsBySearchTokens(em, E.customer_accounts.customer_user, trimmedSearch, auth.tenantId)\n    if (matchedIds && matchedIds.length > 0) {\n      searchFilter.push({ id: { $in: matchedIds } })\n    }\n\n    // Also support exact email lookup via emailHash\n    if (EMAIL_LIKE_PATTERN.test(search)) {\n      searchFilter.push({ emailHash: hashForLookup(search) })\n    }\n\n    if (searchFilter.length > 0) {\n      if (where.$or) {\n        where.$and = [{ $or: where.$or }, { $or: searchFilter }]\n        delete where.$or\n      } else {\n        where.$or = searchFilter\n      }\n    } else {\n      // No search results found, return empty\n      return NextResponse.json({\n        ok: true,\n        items: [],\n        total: 0,\n        totalPages: 1,\n        page,\n      })\n    }\n  }\n\n  let userIds: string[] | null = null\n  if (roleId) {\n    const roleLinks = await findWithDecryption(\n      em,\n      CustomerUserRole,\n      { role: roleId as any, deletedAt: null } as any,\n      undefined,\n      { tenantId: auth.tenantId, organizationId: auth.orgId },\n    )\n    userIds = roleLinks.map((link) => (link.user as any)?.id || (link.user as unknown as string))\n    if (userIds.length === 0) {\n      return NextResponse.json({\n        ok: true,\n        items: [],\n        total: 0,\n        totalPages: 1,\n        page,\n      })\n    }\n    where.id = { $in: userIds }\n  }\n\n  const offset = (page - 1) * pageSize\n  const [users, total] = await findAndCountWithDecryption(\n    em,\n    CustomerUser,\n    where as any,\n    {\n      orderBy: { createdAt: 'DESC' },\n      limit: pageSize,\n      offset,\n    },\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n\n  const pageUserIds = users.map((user) => user.id)\n  const userRoleLinks = pageUserIds.length > 0\n    ? await findWithDecryption(\n        em,\n        CustomerUserRole,\n        { user: { $in: pageUserIds } as any, deletedAt: null } as any,\n        { populate: ['role'] },\n        { tenantId: auth.tenantId, organizationId: auth.orgId },\n      )\n    : []\n\n  const rolesByUserId = new Map<string, Array<{ id: string; name: string; slug: string }>>()\n  for (const link of userRoleLinks) {\n    const linkUserId = (link.user as any)?.id ?? (link.user as unknown as string)\n    const role = link.role as any\n    const bucket = rolesByUserId.get(linkUserId)\n    const entry = { id: role.id, name: role.name, slug: role.slug }\n    if (bucket) bucket.push(entry)\n    else rolesByUserId.set(linkUserId, [entry])\n  }\n\n  const items = users.map((user) => ({\n    id: user.id,\n    email: user.email,\n    displayName: user.displayName,\n    emailVerified: !!user.emailVerifiedAt,\n    isActive: user.isActive,\n    lockedUntil: user.lockedUntil || null,\n    lastLoginAt: user.lastLoginAt || null,\n    customerEntityId: user.customerEntityId || null,\n    personEntityId: user.personEntityId || null,\n    createdAt: user.createdAt,\n    roles: rolesByUserId.get(user.id) ?? [],\n  }))\n\n  const totalPages = Math.max(1, Math.ceil(total / pageSize))\n\n  return NextResponse.json({\n    ok: true,\n    items,\n    total,\n    totalPages,\n    page,\n  })\n}\n\nexport async function POST(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = adminCreateUserSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const em = container.resolve('em') as EntityManager\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n\n  const existing = await customerUserService.findByEmail(parsed.data.email, auth.tenantId!)\n  if (existing) {\n    return NextResponse.json({ ok: false, error: 'A user with this email already exists' }, { status: 409 })\n  }\n\n  const user = await customerUserService.createUser(\n    parsed.data.email,\n    parsed.data.password,\n    parsed.data.displayName,\n    { tenantId: auth.tenantId!, organizationId: auth.orgId! },\n  )\n  user.emailVerifiedAt = new Date()\n\n  // Persist the user, its company association, and its role links in one\n  // transaction so a flush failure on the role loop cannot leave a roleless\n  // user committed (privilege gap).\n  await em.transactional(async (tx) => {\n    tx.persist(user)\n    await tx.flush()\n\n    if (parsed.data.customerEntityId) {\n      await tx.nativeUpdate(CustomerUser, { id: user.id }, { customerEntityId: parsed.data.customerEntityId })\n    }\n\n    if (parsed.data.roleIds && parsed.data.roleIds.length > 0) {\n      const validRoles = await findWithDecryption(\n        tx,\n        CustomerRole,\n        {\n          id: { $in: parsed.data.roleIds } as any,\n          tenantId: auth.tenantId,\n          deletedAt: null,\n        } as any,\n        undefined,\n        { tenantId: auth.tenantId, organizationId: auth.orgId },\n      )\n      for (const role of validRoles) {\n        const userRole = tx.create(CustomerUserRole, {\n          user,\n          role,\n          createdAt: new Date(),\n        } as any)\n        tx.persist(userRole)\n      }\n    }\n  })\n\n  void emitCustomerAccountsEvent('customer_accounts.user.created', {\n    id: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    createdBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({\n    ok: true,\n    user: { id: user.id, email: user.email, displayName: user.displayName },\n  }, { status: 201 })\n}\n\nconst roleSchema = z.object({ id: z.string().uuid(), name: z.string(), slug: z.string() })\nconst userSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string(),\n  displayName: z.string(),\n  emailVerified: z.boolean(),\n  isActive: z.boolean(),\n  lockedUntil: z.string().datetime().nullable(),\n  lastLoginAt: z.string().datetime().nullable(),\n  customerEntityId: z.string().uuid().nullable(),\n  personEntityId: z.string().uuid().nullable(),\n  createdAt: z.string().datetime(),\n  roles: z.array(roleSchema),\n})\n\nconst successSchema = z.object({\n  ok: z.literal(true),\n  user: z.object({ id: z.string().uuid(), email: z.string(), displayName: z.string() }),\n})\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nasync function findCustomerUserIdsBySearchTokens(\n  em: EntityManager,\n  entityType: string,\n  search: string,\n  tenantScope: string | null | undefined,\n  field?: string,\n): Promise<string[] | null> {\n  const trimmed = search.trim()\n  if (!trimmed) return null\n  const searchConfig = resolveSearchConfig()\n  if (!searchConfig.enabled) return []\n  const { hashes } = tokenizeText(trimmed, searchConfig)\n  if (!hashes.length) return []\n\n  const db = (em as any).getKysely() as any\n  let query = db\n    .selectFrom('search_tokens')\n    .select('entity_id')\n    .where('entity_type', '=', entityType)\n    .where('token_hash', 'in', hashes)\n    .groupBy('entity_id')\n    .having(sql<boolean>`count(distinct token_hash) >= ${hashes.length}`)\n  if (field) {\n    query = query.where('field', '=', field)\n  }\n  if (tenantScope !== undefined) {\n    query = query.where(sql<boolean>`tenant_id is not distinct from ${tenantScope}`)\n  }\n  const rows = (await query.execute()) as Array<{ entity_id?: unknown }>\n  return rows\n    .map((row) => (typeof row.entity_id === 'string' ? row.entity_id : null))\n    .filter((id): id is string => typeof id === 'string' && id.length > 0)\n}\n\nconst getMethodDoc: OpenApiMethodDoc = {\n  summary: 'List customer users (admin)',\n  description: 'Returns a paginated list of customer users with roles. Supports filtering by status, company, role, and search.',\n  tags: ['Customer Accounts Admin'],\n  query: z.object({\n    page: z.number().int().positive().optional(),\n    pageSize: z.number().int().positive().max(100).optional(),\n    status: z.enum(['active', 'inactive', 'locked']).optional(),\n    customerEntityId: z.string().uuid().optional(),\n    roleId: z.string().uuid().optional(),\n    search: z.string().optional(),\n  }),\n  responses: [{\n    status: 200,\n    description: 'Paginated user list',\n    schema: z.object({ ok: z.literal(true), items: z.array(userSchema), total: z.number(), totalPages: z.number(), page: z.number() }),\n  }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n  ],\n}\n\nconst postMethodDoc: OpenApiMethodDoc = {\n  summary: 'Create customer user (admin)',\n  description: 'Creates a new customer user directly. Staff-initiated, bypasses signup flow.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: adminCreateUserSchema },\n  responses: [{ status: 201, description: 'User created', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 409, description: 'Email already exists', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer user management (admin)',\n  methods: {\n    GET: getMethodDoc,\n    POST: postMethodDoc,\n  },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,cAAc,kBAAkB,oBAAoB;AAE7D,SAAS,6BAA6B;AACtC,SAAS,iCAAiC;AAC1C,SAAS,4BAA4B,0BAA0B;AAC/D,SAAS,qBAAqB;AAC9B,SAAS,SAAS;AAClB,SAAS,2BAA2B;AACpC,SAAS,oBAAoB;AAC7B,SAAS,WAAW;AAEpB,MAAM,qBAAqB;AAEpB,MAAM,WAAW,CAAC;AAEzB,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,wBAAwB,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACpJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,OAAO,KAAK,IAAI,GAAG,SAAS,IAAI,aAAa,IAAI,MAAM,KAAK,GAAG,CAAC;AACtE,QAAM,WAAW,KAAK,IAAI,KAAK,KAAK,IAAI,GAAG,SAAS,IAAI,aAAa,IAAI,UAAU,KAAK,IAAI,CAAC,CAAC;AAC9F,QAAM,SAAS,IAAI,aAAa,IAAI,QAAQ;AAC5C,QAAM,mBAAmB,IAAI,aAAa,IAAI,kBAAkB;AAChE,QAAM,iBAAiB,IAAI,aAAa,IAAI,gBAAgB;AAC5D,QAAM,SAAS,IAAI,aAAa,IAAI,QAAQ;AAC5C,QAAM,SAAS,IAAI,aAAa,IAAI,QAAQ;AAE5C,QAAM,QAAiC;AAAA,IACrC,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW;AAAA,EACb;AAEA,MAAI,WAAW,UAAU;AACvB,UAAM,WAAW;AACjB,UAAM,MAAM,CAAC,EAAE,aAAa,KAAK,GAAG,EAAE,aAAa,EAAE,KAAK,oBAAI,KAAK,EAAE,EAAE,CAAC;AAAA,EAC1E,WAAW,WAAW,YAAY;AAChC,UAAM,WAAW;AAAA,EACnB,WAAW,WAAW,UAAU;AAC9B,UAAM,cAAc,EAAE,KAAK,oBAAI,KAAK,EAAE;AAAA,EACxC;AAEA,MAAI,kBAAkB;AACpB,UAAM,mBAAmB;AAAA,EAC3B;AAEA,MAAI,gBAAgB;AAClB,UAAM,iBAAiB;AAAA,EACzB;AAEA,MAAI,QAAQ;AACV,UAAM,gBAAgB,OAAO,KAAK;AAIlC,UAAM,eAA0C,CAAC;AAGjD,UAAM,aAAa,MAAM,kCAAkC,IAAI,EAAE,kBAAkB,eAAe,eAAe,KAAK,QAAQ;AAC9H,QAAI,cAAc,WAAW,SAAS,GAAG;AACvC,mBAAa,KAAK,EAAE,IAAI,EAAE,KAAK,WAAW,EAAE,CAAC;AAAA,IAC/C;AAGA,QAAI,mBAAmB,KAAK,MAAM,GAAG;AACnC,mBAAa,KAAK,EAAE,WAAW,cAAc,MAAM,EAAE,CAAC;AAAA,IACxD;AAEA,QAAI,aAAa,SAAS,GAAG;AAC3B,UAAI,MAAM,KAAK;AACb,cAAM,OAAO,CAAC,EAAE,KAAK,MAAM,IAAI,GAAG,EAAE,KAAK,aAAa,CAAC;AACvD,eAAO,MAAM;AAAA,MACf,OAAO;AACL,cAAM,MAAM;AAAA,MACd;AAAA,IACF,OAAO;AAEL,aAAO,aAAa,KAAK;AAAA,QACvB,IAAI;AAAA,QACJ,OAAO,CAAC;AAAA,QACR,OAAO;AAAA,QACP,YAAY;AAAA,QACZ;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,UAA2B;AAC/B,MAAI,QAAQ;AACV,UAAM,YAAY,MAAM;AAAA,MACtB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,QAAe,WAAW,KAAK;AAAA,MACvC;AAAA,MACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,IACxD;AACA,cAAU,UAAU,IAAI,CAAC,SAAU,KAAK,MAAc,MAAO,KAAK,IAA0B;AAC5F,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,aAAa,KAAK;AAAA,QACvB,IAAI;AAAA,QACJ,OAAO,CAAC;AAAA,QACR,OAAO;AAAA,QACP,YAAY;AAAA,QACZ;AAAA,MACF,CAAC;AAAA,IACH;AACA,UAAM,KAAK,EAAE,KAAK,QAAQ;AAAA,EAC5B;AAEA,QAAM,UAAU,OAAO,KAAK;AAC5B,QAAM,CAAC,OAAO,KAAK,IAAI,MAAM;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,MACE,SAAS,EAAE,WAAW,OAAO;AAAA,MAC7B,OAAO;AAAA,MACP;AAAA,IACF;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AAEA,QAAM,cAAc,MAAM,IAAI,CAAC,SAAS,KAAK,EAAE;AAC/C,QAAM,gBAAgB,YAAY,SAAS,IACvC,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,EAAE,MAAM,EAAE,KAAK,YAAY,GAAU,WAAW,KAAK;AAAA,IACrD,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,IACrB,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD,IACA,CAAC;AAEL,QAAM,gBAAgB,oBAAI,IAA+D;AACzF,aAAW,QAAQ,eAAe;AAChC,UAAM,aAAc,KAAK,MAAc,MAAO,KAAK;AACnD,UAAM,OAAO,KAAK;AAClB,UAAM,SAAS,cAAc,IAAI,UAAU;AAC3C,UAAM,QAAQ,EAAE,IAAI,KAAK,IAAI,MAAM,KAAK,MAAM,MAAM,KAAK,KAAK;AAC9D,QAAI,OAAQ,QAAO,KAAK,KAAK;AAAA,QACxB,eAAc,IAAI,YAAY,CAAC,KAAK,CAAC;AAAA,EAC5C;AAEA,QAAM,QAAQ,MAAM,IAAI,CAAC,UAAU;AAAA,IACjC,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,aAAa,KAAK;AAAA,IAClB,eAAe,CAAC,CAAC,KAAK;AAAA,IACtB,UAAU,KAAK;AAAA,IACf,aAAa,KAAK,eAAe;AAAA,IACjC,aAAa,KAAK,eAAe;AAAA,IACjC,kBAAkB,KAAK,oBAAoB;AAAA,IAC3C,gBAAgB,KAAK,kBAAkB;AAAA,IACvC,WAAW,KAAK;AAAA,IAChB,OAAO,cAAc,IAAI,KAAK,EAAE,KAAK,CAAC;AAAA,EACxC,EAAE;AAEF,QAAM,aAAa,KAAK,IAAI,GAAG,KAAK,KAAK,QAAQ,QAAQ,CAAC;AAE1D,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,sBAAsB,UAAU,IAAI;AACnD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AAEnE,QAAM,WAAW,MAAM,oBAAoB,YAAY,OAAO,KAAK,OAAO,KAAK,QAAS;AACxF,MAAI,UAAU;AACZ,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,wCAAwC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzG;AAEA,QAAM,OAAO,MAAM,oBAAoB;AAAA,IACrC,OAAO,KAAK;AAAA,IACZ,OAAO,KAAK;AAAA,IACZ,OAAO,KAAK;AAAA,IACZ,EAAE,UAAU,KAAK,UAAW,gBAAgB,KAAK,MAAO;AAAA,EAC1D;AACA,OAAK,kBAAkB,oBAAI,KAAK;AAKhC,QAAM,GAAG,cAAc,OAAO,OAAO;AACnC,OAAG,QAAQ,IAAI;AACf,UAAM,GAAG,MAAM;AAEf,QAAI,OAAO,KAAK,kBAAkB;AAChC,YAAM,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,kBAAkB,OAAO,KAAK,iBAAiB,CAAC;AAAA,IACzG;AAEA,QAAI,OAAO,KAAK,WAAW,OAAO,KAAK,QAAQ,SAAS,GAAG;AACzD,YAAM,aAAa,MAAM;AAAA,QACvB;AAAA,QACA;AAAA,QACA;AAAA,UACE,IAAI,EAAE,KAAK,OAAO,KAAK,QAAQ;AAAA,UAC/B,UAAU,KAAK;AAAA,UACf,WAAW;AAAA,QACb;AAAA,QACA;AAAA,QACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,MACxD;AACA,iBAAW,QAAQ,YAAY;AAC7B,cAAM,WAAW,GAAG,OAAO,kBAAkB;AAAA,UAC3C;AAAA,UACA;AAAA,UACA,WAAW,oBAAI,KAAK;AAAA,QACtB,CAAQ;AACR,WAAG,QAAQ,QAAQ;AAAA,MACrB;AAAA,IACF;AAAA,EACF,CAAC;AAED,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW,KAAK;AAAA,EAClB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,MAAM,EAAE,IAAI,KAAK,IAAI,OAAO,KAAK,OAAO,aAAa,KAAK,YAAY;AAAA,EACxE,GAAG,EAAE,QAAQ,IAAI,CAAC;AACpB;AAEA,MAAM,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC;AACzF,MAAM,aAAa,EAAE,OAAO;AAAA,EAC1B,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO;AAAA,EAChB,aAAa,EAAE,OAAO;AAAA,EACtB,eAAe,EAAE,QAAQ;AAAA,EACzB,UAAU,EAAE,QAAQ;AAAA,EACpB,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,kBAAkB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC7C,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,OAAO,EAAE,MAAM,UAAU;AAC3B,CAAC;AAED,MAAM,gBAAgB,EAAE,OAAO;AAAA,EAC7B,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,OAAO,EAAE,OAAO,GAAG,aAAa,EAAE,OAAO,EAAE,CAAC;AACtF,CAAC;AACD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,eAAe,kCACb,IACA,YACA,QACA,aACA,OAC0B;AAC1B,QAAM,UAAU,OAAO,KAAK;AAC5B,MAAI,CAAC,QAAS,QAAO;AACrB,QAAM,eAAe,oBAAoB;AACzC,MAAI,CAAC,aAAa,QAAS,QAAO,CAAC;AACnC,QAAM,EAAE,OAAO,IAAI,aAAa,SAAS,YAAY;AACrD,MAAI,CAAC,OAAO,OAAQ,QAAO,CAAC;AAE5B,QAAM,KAAM,GAAW,UAAU;AACjC,MAAI,QAAQ,GACT,WAAW,eAAe,EAC1B,OAAO,WAAW,EAClB,MAAM,eAAe,KAAK,UAAU,EACpC,MAAM,cAAc,MAAM,MAAM,EAChC,QAAQ,WAAW,EACnB,OAAO,oCAA6C,OAAO,MAAM,EAAE;AACtE,MAAI,OAAO;AACT,YAAQ,MAAM,MAAM,SAAS,KAAK,KAAK;AAAA,EACzC;AACA,MAAI,gBAAgB,QAAW;AAC7B,YAAQ,MAAM,MAAM,qCAA8C,WAAW,EAAE;AAAA,EACjF;AACA,QAAM,OAAQ,MAAM,MAAM,QAAQ;AAClC,SAAO,KACJ,IAAI,CAAC,QAAS,OAAO,IAAI,cAAc,WAAW,IAAI,YAAY,IAAK,EACvE,OAAO,CAAC,OAAqB,OAAO,OAAO,YAAY,GAAG,SAAS,CAAC;AACzE;AAEA,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,OAAO,EAAE,OAAO;AAAA,IACd,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,IAC3C,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IACxD,QAAQ,EAAE,KAAK,CAAC,UAAU,YAAY,QAAQ,CAAC,EAAE,SAAS;AAAA,IAC1D,kBAAkB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,IAC7C,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,IACnC,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,CAAC;AAAA,EACD,WAAW,CAAC;AAAA,IACV,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,OAAO,EAAE,MAAM,UAAU,GAAG,OAAO,EAAE,OAAO,GAAG,YAAY,EAAE,OAAO,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC;AAAA,EACnI,CAAC;AAAA,EACD,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,EAC9E;AACF;AAEA,MAAM,gBAAkC;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,sBAAsB;AAAA,EAC7C,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,YAAY;AAAA,EAC1E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { CustomerUser, CustomerUserRole, CustomerRole } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { adminCreateUserSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\nimport { findAndCountWithDecryption, findWithDecryption, findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { isOwnedCompanyEntity } from '@open-mercato/core/modules/customer_accounts/lib/customerEntityOwnership'\nimport { lookupHashCandidates } from '@open-mercato/shared/lib/encryption/aes'\nimport { E } from '#generated/entities.ids.generated'\nimport { resolveSearchConfig } from '@open-mercato/shared/lib/search/config'\nimport { tokenizeText } from '@open-mercato/shared/lib/search/tokenize'\nimport { sql } from 'kysely'\n\nconst EMAIL_LIKE_PATTERN = /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/\n\nexport const metadata = {}\n\nexport async function GET(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.view'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as EntityManager\n\n  const url = new URL(req.url)\n  const page = Math.max(1, parseInt(url.searchParams.get('page') || '1'))\n  const pageSize = Math.min(100, Math.max(1, parseInt(url.searchParams.get('pageSize') || '25')))\n  const status = url.searchParams.get('status') as 'active' | 'inactive' | 'locked' | null\n  const customerEntityId = url.searchParams.get('customerEntityId')\n  const personEntityId = url.searchParams.get('personEntityId')\n  const roleId = url.searchParams.get('roleId')\n  const search = url.searchParams.get('search')\n\n  const where: Record<string, unknown> = {\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    deletedAt: null,\n  }\n\n  if (status === 'active') {\n    where.isActive = true\n    where.$or = [{ lockedUntil: null }, { lockedUntil: { $lt: new Date() } }]\n  } else if (status === 'inactive') {\n    where.isActive = false\n  } else if (status === 'locked') {\n    where.lockedUntil = { $gt: new Date() }\n  }\n\n  if (customerEntityId) {\n    where.customerEntityId = customerEntityId\n  }\n\n  if (personEntityId) {\n    where.personEntityId = personEntityId\n  }\n\n  if (search) {\n    const trimmedSearch = search.trim()\n    // email/displayName are stored encrypted, so SQL ILIKE on the ciphertext\n    // never matches a plaintext search term. Use search_tokens table for partial\n    // matches and emailHash for exact email lookups.\n    const searchFilter: Record<string, unknown>[] = []\n\n    // Search encrypted fields via search_tokens\n    const matchedIds = await findCustomerUserIdsBySearchTokens(em, E.customer_accounts.customer_user, trimmedSearch, auth.tenantId)\n    if (matchedIds && matchedIds.length > 0) {\n      searchFilter.push({ id: { $in: matchedIds } })\n    }\n\n    // Also support exact email lookup via emailHash\n    if (EMAIL_LIKE_PATTERN.test(search)) {\n      searchFilter.push({ emailHash: { $in: lookupHashCandidates(search) } })\n    }\n\n    if (searchFilter.length > 0) {\n      if (where.$or) {\n        where.$and = [{ $or: where.$or }, { $or: searchFilter }]\n        delete where.$or\n      } else {\n        where.$or = searchFilter\n      }\n    } else {\n      // No search results found, return empty\n      return NextResponse.json({\n        ok: true,\n        items: [],\n        total: 0,\n        totalPages: 1,\n        page,\n      })\n    }\n  }\n\n  let userIds: string[] | null = null\n  if (roleId) {\n    // Validate the roleId against the scoped CustomerRole set before touching the\n    // junction table. CustomerUserRole carries no tenant/org column of its own,\n    // so an unscoped lookup here is a role-UUID existence oracle and is brittle\n    // against future code that reads the link rows directly (#2693, defence-in-depth).\n    const scopedRole = await findOneWithDecryption(\n      em,\n      CustomerRole,\n      { id: roleId, tenantId: auth.tenantId, organizationId: auth.orgId, deletedAt: null } as any,\n      undefined,\n      { tenantId: auth.tenantId, organizationId: auth.orgId },\n    )\n    if (!scopedRole) {\n      return NextResponse.json({\n        ok: true,\n        items: [],\n        total: 0,\n        totalPages: 1,\n        page,\n      })\n    }\n    const roleLinks = await findWithDecryption(\n      em,\n      CustomerUserRole,\n      { role: roleId as any, deletedAt: null } as any,\n      undefined,\n      { tenantId: auth.tenantId, organizationId: auth.orgId },\n    )\n    userIds = roleLinks.map((link) => (link.user as any)?.id || (link.user as unknown as string))\n    if (userIds.length === 0) {\n      return NextResponse.json({\n        ok: true,\n        items: [],\n        total: 0,\n        totalPages: 1,\n        page,\n      })\n    }\n    where.id = { $in: userIds }\n  }\n\n  const offset = (page - 1) * pageSize\n  const [users, total] = await findAndCountWithDecryption(\n    em,\n    CustomerUser,\n    where as any,\n    {\n      orderBy: { createdAt: 'DESC' },\n      limit: pageSize,\n      offset,\n    },\n    { tenantId: auth.tenantId, organizationId: auth.orgId },\n  )\n\n  const pageUserIds = users.map((user) => user.id)\n  const userRoleLinks = pageUserIds.length > 0\n    ? await findWithDecryption(\n        em,\n        CustomerUserRole,\n        { user: { $in: pageUserIds } as any, deletedAt: null } as any,\n        { populate: ['role'] },\n        { tenantId: auth.tenantId, organizationId: auth.orgId },\n      )\n    : []\n\n  const rolesByUserId = new Map<string, Array<{ id: string; name: string; slug: string }>>()\n  for (const link of userRoleLinks) {\n    const linkUserId = (link.user as any)?.id ?? (link.user as unknown as string)\n    const role = link.role as any\n    const bucket = rolesByUserId.get(linkUserId)\n    const entry = { id: role.id, name: role.name, slug: role.slug }\n    if (bucket) bucket.push(entry)\n    else rolesByUserId.set(linkUserId, [entry])\n  }\n\n  const items = users.map((user) => ({\n    id: user.id,\n    email: user.email,\n    displayName: user.displayName,\n    emailVerified: !!user.emailVerifiedAt,\n    isActive: user.isActive,\n    lockedUntil: user.lockedUntil || null,\n    lastLoginAt: user.lastLoginAt || null,\n    customerEntityId: user.customerEntityId || null,\n    personEntityId: user.personEntityId || null,\n    createdAt: user.createdAt,\n    updatedAt: user.updatedAt || null,\n    roles: rolesByUserId.get(user.id) ?? [],\n  }))\n\n  const totalPages = Math.max(1, Math.ceil(total / pageSize))\n\n  return NextResponse.json({\n    ok: true,\n    items,\n    total,\n    totalPages,\n    page,\n  })\n}\n\nexport async function POST(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = adminCreateUserSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const em = container.resolve('em') as EntityManager\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n\n  const existing = await customerUserService.findByEmail(parsed.data.email, auth.tenantId!)\n  if (existing) {\n    return NextResponse.json({ ok: false, error: 'A user with this email already exists' }, { status: 409 })\n  }\n\n  // Resolve roles up front, scoped to the caller's tenant AND organization, and\n  // reject the request if any requested role is missing from the scoped set.\n  // CustomerRole is org-scoped, so omitting organizationId here would let an\n  // admin in org A link roles from org B in the same tenant \u2014 a cross-org\n  // privilege grant (#2693). Invalid IDs must be rejected, not silently dropped.\n  let resolvedRoles: Array<{ id: string }> = []\n  if (parsed.data.roleIds && parsed.data.roleIds.length > 0) {\n    const requestedRoleIds = parsed.data.roleIds\n    const validRoles = await findWithDecryption(\n      em,\n      CustomerRole,\n      {\n        id: { $in: requestedRoleIds } as any,\n        tenantId: auth.tenantId,\n        organizationId: auth.orgId,\n        deletedAt: null,\n      } as any,\n      undefined,\n      { tenantId: auth.tenantId, organizationId: auth.orgId },\n    )\n    if (validRoles.length !== requestedRoleIds.length) {\n      const foundIds = new Set(validRoles.map((role) => role.id))\n      const missingId = requestedRoleIds.find((roleId) => !foundIds.has(roleId))\n      return NextResponse.json({ ok: false, error: `Role ${missingId} not found` }, { status: 400 })\n    }\n    resolvedRoles = validRoles\n  }\n\n  // Reject a customerEntityId the caller does not own. Without this check a\n  // mislinked company FK persists indefinitely and cross-links the user into\n  // another org/company's portal context (#2693).\n  if (parsed.data.customerEntityId) {\n    const owned = await isOwnedCompanyEntity(em, parsed.data.customerEntityId, {\n      tenantId: auth.tenantId,\n      organizationId: auth.orgId,\n    })\n    if (!owned) {\n      return NextResponse.json({ ok: false, error: 'Company not found' }, { status: 400 })\n    }\n  }\n\n  const user = await customerUserService.createUser(\n    parsed.data.email,\n    parsed.data.password,\n    parsed.data.displayName,\n    { tenantId: auth.tenantId!, organizationId: auth.orgId! },\n  )\n  user.emailVerifiedAt = new Date()\n\n  // Persist the user, its company association, and its role links in one\n  // transaction so a flush failure on the role loop cannot leave a roleless\n  // user committed (privilege gap).\n  await em.transactional(async (tx) => {\n    tx.persist(user)\n    await tx.flush()\n\n    if (parsed.data.customerEntityId) {\n      await tx.nativeUpdate(CustomerUser, { id: user.id }, { customerEntityId: parsed.data.customerEntityId })\n    }\n\n    for (const role of resolvedRoles) {\n      const userRole = tx.create(CustomerUserRole, {\n        user,\n        role,\n        createdAt: new Date(),\n      } as any)\n      tx.persist(userRole)\n    }\n  })\n\n  void emitCustomerAccountsEvent('customer_accounts.user.created', {\n    id: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    createdBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({\n    ok: true,\n    user: { id: user.id, email: user.email, displayName: user.displayName },\n  }, { status: 201 })\n}\n\nconst roleSchema = z.object({ id: z.string().uuid(), name: z.string(), slug: z.string() })\nconst userSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string(),\n  displayName: z.string(),\n  emailVerified: z.boolean(),\n  isActive: z.boolean(),\n  lockedUntil: z.string().datetime().nullable(),\n  lastLoginAt: z.string().datetime().nullable(),\n  customerEntityId: z.string().uuid().nullable(),\n  personEntityId: z.string().uuid().nullable(),\n  createdAt: z.string().datetime(),\n  updatedAt: z.string().datetime().nullable(),\n  roles: z.array(roleSchema),\n})\n\nconst successSchema = z.object({\n  ok: z.literal(true),\n  user: z.object({ id: z.string().uuid(), email: z.string(), displayName: z.string() }),\n})\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nasync function findCustomerUserIdsBySearchTokens(\n  em: EntityManager,\n  entityType: string,\n  search: string,\n  tenantScope: string | null | undefined,\n  field?: string,\n): Promise<string[] | null> {\n  const trimmed = search.trim()\n  if (!trimmed) return null\n  const searchConfig = resolveSearchConfig()\n  if (!searchConfig.enabled) return []\n  const { hashes } = tokenizeText(trimmed, searchConfig)\n  if (!hashes.length) return []\n\n  const db = (em as any).getKysely() as any\n  let query = db\n    .selectFrom('search_tokens')\n    .select('entity_id')\n    .where('entity_type', '=', entityType)\n    .where('token_hash', 'in', hashes)\n    .groupBy('entity_id')\n    .having(sql<boolean>`count(distinct token_hash) >= ${hashes.length}`)\n  if (field) {\n    query = query.where('field', '=', field)\n  }\n  if (tenantScope !== undefined) {\n    query = query.where(sql<boolean>`tenant_id is not distinct from ${tenantScope}`)\n  }\n  const rows = (await query.execute()) as Array<{ entity_id?: unknown }>\n  return rows\n    .map((row) => (typeof row.entity_id === 'string' ? row.entity_id : null))\n    .filter((id): id is string => typeof id === 'string' && id.length > 0)\n}\n\nconst getMethodDoc: OpenApiMethodDoc = {\n  summary: 'List customer users (admin)',\n  description: 'Returns a paginated list of customer users with roles. Supports filtering by status, company, role, and search.',\n  tags: ['Customer Accounts Admin'],\n  query: z.object({\n    page: z.number().int().positive().optional(),\n    pageSize: z.number().int().positive().max(100).optional(),\n    status: z.enum(['active', 'inactive', 'locked']).optional(),\n    customerEntityId: z.string().uuid().optional(),\n    roleId: z.string().uuid().optional(),\n    search: z.string().optional(),\n  }),\n  responses: [{\n    status: 200,\n    description: 'Paginated user list',\n    schema: z.object({ ok: z.literal(true), items: z.array(userSchema), total: z.number(), totalPages: z.number(), page: z.number() }),\n  }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n  ],\n}\n\nconst postMethodDoc: OpenApiMethodDoc = {\n  summary: 'Create customer user (admin)',\n  description: 'Creates a new customer user directly. Staff-initiated, bypasses signup flow.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: adminCreateUserSchema },\n  responses: [{ status: 201, description: 'User created', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 409, description: 'Email already exists', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer user management (admin)',\n  methods: {\n    GET: getMethodDoc,\n    POST: postMethodDoc,\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,cAAc,kBAAkB,oBAAoB;AAE7D,SAAS,6BAA6B;AACtC,SAAS,iCAAiC;AAC1C,SAAS,4BAA4B,oBAAoB,6BAA6B;AACtF,SAAS,4BAA4B;AACrC,SAAS,4BAA4B;AACrC,SAAS,SAAS;AAClB,SAAS,2BAA2B;AACpC,SAAS,oBAAoB;AAC7B,SAAS,WAAW;AAEpB,MAAM,qBAAqB;AAEpB,MAAM,WAAW,CAAC;AAEzB,eAAsB,IAAI,KAAc;AACtC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,wBAAwB,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACpJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,OAAO,KAAK,IAAI,GAAG,SAAS,IAAI,aAAa,IAAI,MAAM,KAAK,GAAG,CAAC;AACtE,QAAM,WAAW,KAAK,IAAI,KAAK,KAAK,IAAI,GAAG,SAAS,IAAI,aAAa,IAAI,UAAU,KAAK,IAAI,CAAC,CAAC;AAC9F,QAAM,SAAS,IAAI,aAAa,IAAI,QAAQ;AAC5C,QAAM,mBAAmB,IAAI,aAAa,IAAI,kBAAkB;AAChE,QAAM,iBAAiB,IAAI,aAAa,IAAI,gBAAgB;AAC5D,QAAM,SAAS,IAAI,aAAa,IAAI,QAAQ;AAC5C,QAAM,SAAS,IAAI,aAAa,IAAI,QAAQ;AAE5C,QAAM,QAAiC;AAAA,IACrC,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW;AAAA,EACb;AAEA,MAAI,WAAW,UAAU;AACvB,UAAM,WAAW;AACjB,UAAM,MAAM,CAAC,EAAE,aAAa,KAAK,GAAG,EAAE,aAAa,EAAE,KAAK,oBAAI,KAAK,EAAE,EAAE,CAAC;AAAA,EAC1E,WAAW,WAAW,YAAY;AAChC,UAAM,WAAW;AAAA,EACnB,WAAW,WAAW,UAAU;AAC9B,UAAM,cAAc,EAAE,KAAK,oBAAI,KAAK,EAAE;AAAA,EACxC;AAEA,MAAI,kBAAkB;AACpB,UAAM,mBAAmB;AAAA,EAC3B;AAEA,MAAI,gBAAgB;AAClB,UAAM,iBAAiB;AAAA,EACzB;AAEA,MAAI,QAAQ;AACV,UAAM,gBAAgB,OAAO,KAAK;AAIlC,UAAM,eAA0C,CAAC;AAGjD,UAAM,aAAa,MAAM,kCAAkC,IAAI,EAAE,kBAAkB,eAAe,eAAe,KAAK,QAAQ;AAC9H,QAAI,cAAc,WAAW,SAAS,GAAG;AACvC,mBAAa,KAAK,EAAE,IAAI,EAAE,KAAK,WAAW,EAAE,CAAC;AAAA,IAC/C;AAGA,QAAI,mBAAmB,KAAK,MAAM,GAAG;AACnC,mBAAa,KAAK,EAAE,WAAW,EAAE,KAAK,qBAAqB,MAAM,EAAE,EAAE,CAAC;AAAA,IACxE;AAEA,QAAI,aAAa,SAAS,GAAG;AAC3B,UAAI,MAAM,KAAK;AACb,cAAM,OAAO,CAAC,EAAE,KAAK,MAAM,IAAI,GAAG,EAAE,KAAK,aAAa,CAAC;AACvD,eAAO,MAAM;AAAA,MACf,OAAO;AACL,cAAM,MAAM;AAAA,MACd;AAAA,IACF,OAAO;AAEL,aAAO,aAAa,KAAK;AAAA,QACvB,IAAI;AAAA,QACJ,OAAO,CAAC;AAAA,QACR,OAAO;AAAA,QACP,YAAY;AAAA,QACZ;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,UAA2B;AAC/B,MAAI,QAAQ;AAKV,UAAM,aAAa,MAAM;AAAA,MACvB;AAAA,MACA;AAAA,MACA,EAAE,IAAI,QAAQ,UAAU,KAAK,UAAU,gBAAgB,KAAK,OAAO,WAAW,KAAK;AAAA,MACnF;AAAA,MACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,IACxD;AACA,QAAI,CAAC,YAAY;AACf,aAAO,aAAa,KAAK;AAAA,QACvB,IAAI;AAAA,QACJ,OAAO,CAAC;AAAA,QACR,OAAO;AAAA,QACP,YAAY;AAAA,QACZ;AAAA,MACF,CAAC;AAAA,IACH;AACA,UAAM,YAAY,MAAM;AAAA,MACtB;AAAA,MACA;AAAA,MACA,EAAE,MAAM,QAAe,WAAW,KAAK;AAAA,MACvC;AAAA,MACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,IACxD;AACA,cAAU,UAAU,IAAI,CAAC,SAAU,KAAK,MAAc,MAAO,KAAK,IAA0B;AAC5F,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,aAAa,KAAK;AAAA,QACvB,IAAI;AAAA,QACJ,OAAO,CAAC;AAAA,QACR,OAAO;AAAA,QACP,YAAY;AAAA,QACZ;AAAA,MACF,CAAC;AAAA,IACH;AACA,UAAM,KAAK,EAAE,KAAK,QAAQ;AAAA,EAC5B;AAEA,QAAM,UAAU,OAAO,KAAK;AAC5B,QAAM,CAAC,OAAO,KAAK,IAAI,MAAM;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,MACE,SAAS,EAAE,WAAW,OAAO;AAAA,MAC7B,OAAO;AAAA,MACP;AAAA,IACF;AAAA,IACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD;AAEA,QAAM,cAAc,MAAM,IAAI,CAAC,SAAS,KAAK,EAAE;AAC/C,QAAM,gBAAgB,YAAY,SAAS,IACvC,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,EAAE,MAAM,EAAE,KAAK,YAAY,GAAU,WAAW,KAAK;AAAA,IACrD,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,IACrB,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,EACxD,IACA,CAAC;AAEL,QAAM,gBAAgB,oBAAI,IAA+D;AACzF,aAAW,QAAQ,eAAe;AAChC,UAAM,aAAc,KAAK,MAAc,MAAO,KAAK;AACnD,UAAM,OAAO,KAAK;AAClB,UAAM,SAAS,cAAc,IAAI,UAAU;AAC3C,UAAM,QAAQ,EAAE,IAAI,KAAK,IAAI,MAAM,KAAK,MAAM,MAAM,KAAK,KAAK;AAC9D,QAAI,OAAQ,QAAO,KAAK,KAAK;AAAA,QACxB,eAAc,IAAI,YAAY,CAAC,KAAK,CAAC;AAAA,EAC5C;AAEA,QAAM,QAAQ,MAAM,IAAI,CAAC,UAAU;AAAA,IACjC,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,aAAa,KAAK;AAAA,IAClB,eAAe,CAAC,CAAC,KAAK;AAAA,IACtB,UAAU,KAAK;AAAA,IACf,aAAa,KAAK,eAAe;AAAA,IACjC,aAAa,KAAK,eAAe;AAAA,IACjC,kBAAkB,KAAK,oBAAoB;AAAA,IAC3C,gBAAgB,KAAK,kBAAkB;AAAA,IACvC,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK,aAAa;AAAA,IAC7B,OAAO,cAAc,IAAI,KAAK,EAAE,KAAK,CAAC;AAAA,EACxC,EAAE;AAEF,QAAM,aAAa,KAAK,IAAI,GAAG,KAAK,KAAK,QAAQ,QAAQ,CAAC;AAE1D,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,sBAAsB,UAAU,IAAI;AACnD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AACjC,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AAEnE,QAAM,WAAW,MAAM,oBAAoB,YAAY,OAAO,KAAK,OAAO,KAAK,QAAS;AACxF,MAAI,UAAU;AACZ,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,wCAAwC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzG;AAOA,MAAI,gBAAuC,CAAC;AAC5C,MAAI,OAAO,KAAK,WAAW,OAAO,KAAK,QAAQ,SAAS,GAAG;AACzD,UAAM,mBAAmB,OAAO,KAAK;AACrC,UAAM,aAAa,MAAM;AAAA,MACvB;AAAA,MACA;AAAA,MACA;AAAA,QACE,IAAI,EAAE,KAAK,iBAAiB;AAAA,QAC5B,UAAU,KAAK;AAAA,QACf,gBAAgB,KAAK;AAAA,QACrB,WAAW;AAAA,MACb;AAAA,MACA;AAAA,MACA,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM;AAAA,IACxD;AACA,QAAI,WAAW,WAAW,iBAAiB,QAAQ;AACjD,YAAM,WAAW,IAAI,IAAI,WAAW,IAAI,CAAC,SAAS,KAAK,EAAE,CAAC;AAC1D,YAAM,YAAY,iBAAiB,KAAK,CAAC,WAAW,CAAC,SAAS,IAAI,MAAM,CAAC;AACzE,aAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,QAAQ,SAAS,aAAa,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC/F;AACA,oBAAgB;AAAA,EAClB;AAKA,MAAI,OAAO,KAAK,kBAAkB;AAChC,UAAM,QAAQ,MAAM,qBAAqB,IAAI,OAAO,KAAK,kBAAkB;AAAA,MACzE,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,IACvB,CAAC;AACD,QAAI,CAAC,OAAO;AACV,aAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,oBAAoB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACrF;AAAA,EACF;AAEA,QAAM,OAAO,MAAM,oBAAoB;AAAA,IACrC,OAAO,KAAK;AAAA,IACZ,OAAO,KAAK;AAAA,IACZ,OAAO,KAAK;AAAA,IACZ,EAAE,UAAU,KAAK,UAAW,gBAAgB,KAAK,MAAO;AAAA,EAC1D;AACA,OAAK,kBAAkB,oBAAI,KAAK;AAKhC,QAAM,GAAG,cAAc,OAAO,OAAO;AACnC,OAAG,QAAQ,IAAI;AACf,UAAM,GAAG,MAAM;AAEf,QAAI,OAAO,KAAK,kBAAkB;AAChC,YAAM,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,kBAAkB,OAAO,KAAK,iBAAiB,CAAC;AAAA,IACzG;AAEA,eAAW,QAAQ,eAAe;AAChC,YAAM,WAAW,GAAG,OAAO,kBAAkB;AAAA,QAC3C;AAAA,QACA;AAAA,QACA,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAQ;AACR,SAAG,QAAQ,QAAQ;AAAA,IACrB;AAAA,EACF,CAAC;AAED,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW,KAAK;AAAA,EAClB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,MAAM,EAAE,IAAI,KAAK,IAAI,OAAO,KAAK,OAAO,aAAa,KAAK,YAAY;AAAA,EACxE,GAAG,EAAE,QAAQ,IAAI,CAAC;AACpB;AAEA,MAAM,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC;AACzF,MAAM,aAAa,EAAE,OAAO;AAAA,EAC1B,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO;AAAA,EAChB,aAAa,EAAE,OAAO;AAAA,EACtB,eAAe,EAAE,QAAQ;AAAA,EACzB,UAAU,EAAE,QAAQ;AAAA,EACpB,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,kBAAkB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC7C,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,OAAO,EAAE,MAAM,UAAU;AAC3B,CAAC;AAED,MAAM,gBAAgB,EAAE,OAAO;AAAA,EAC7B,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,OAAO,EAAE,OAAO,GAAG,aAAa,EAAE,OAAO,EAAE,CAAC;AACtF,CAAC;AACD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,eAAe,kCACb,IACA,YACA,QACA,aACA,OAC0B;AAC1B,QAAM,UAAU,OAAO,KAAK;AAC5B,MAAI,CAAC,QAAS,QAAO;AACrB,QAAM,eAAe,oBAAoB;AACzC,MAAI,CAAC,aAAa,QAAS,QAAO,CAAC;AACnC,QAAM,EAAE,OAAO,IAAI,aAAa,SAAS,YAAY;AACrD,MAAI,CAAC,OAAO,OAAQ,QAAO,CAAC;AAE5B,QAAM,KAAM,GAAW,UAAU;AACjC,MAAI,QAAQ,GACT,WAAW,eAAe,EAC1B,OAAO,WAAW,EAClB,MAAM,eAAe,KAAK,UAAU,EACpC,MAAM,cAAc,MAAM,MAAM,EAChC,QAAQ,WAAW,EACnB,OAAO,oCAA6C,OAAO,MAAM,EAAE;AACtE,MAAI,OAAO;AACT,YAAQ,MAAM,MAAM,SAAS,KAAK,KAAK;AAAA,EACzC;AACA,MAAI,gBAAgB,QAAW;AAC7B,YAAQ,MAAM,MAAM,qCAA8C,WAAW,EAAE;AAAA,EACjF;AACA,QAAM,OAAQ,MAAM,MAAM,QAAQ;AAClC,SAAO,KACJ,IAAI,CAAC,QAAS,OAAO,IAAI,cAAc,WAAW,IAAI,YAAY,IAAK,EACvE,OAAO,CAAC,OAAqB,OAAO,OAAO,YAAY,GAAG,SAAS,CAAC;AACzE;AAEA,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,OAAO,EAAE,OAAO;AAAA,IACd,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,IAC3C,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,GAAG,EAAE,SAAS;AAAA,IACxD,QAAQ,EAAE,KAAK,CAAC,UAAU,YAAY,QAAQ,CAAC,EAAE,SAAS;AAAA,IAC1D,kBAAkB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,IAC7C,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,IACnC,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,CAAC;AAAA,EACD,WAAW,CAAC;AAAA,IACV,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,OAAO,EAAE,MAAM,UAAU,GAAG,OAAO,EAAE,OAAO,GAAG,YAAY,EAAE,OAAO,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC;AAAA,EACnI,CAAC;AAAA,EACD,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,EAC9E;AACF;AAEA,MAAM,gBAAkC;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,sBAAsB;AAAA,EAC7C,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,YAAY;AAAA,EAC1E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;",
   "names": []
 }

package/dist/modules/customer_accounts/api/login.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { NextResponse } from "next/server";
+import { compare as bcryptCompare } from "bcryptjs";
 import { z } from "zod";
 import { loginSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
 import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
@@ -16,6 +17,7 @@ import {
   TenantResolutionError
 } from "@open-mercato/core/modules/customer_accounts/lib/resolveTenantContext";
 const metadata = { requireAuth: false };
+const TIMING_EQUALIZATION_HASH = "$2b$10$.F2A6UHFzk.d8trNdfqt4OLz05Nf3IOuMmN6VJKflhD4.rz.prR8i";
 async function POST(req) {
   let body;
   try {
@@ -30,7 +32,9 @@ async function POST(req) {
   const { email, password } = parsed.data;
   let tenantId;
   try {
-    const context = await resolveTenantContext(req, parsed.data.tenantId);
+    const context = await resolveTenantContext(req, parsed.data.tenantId, {
+      organizationId: parsed.data.organizationId ?? null
+    });
     tenantId = context.tenantId;
   } catch (err) {
     if (err instanceof TenantResolutionError) {
@@ -51,15 +55,19 @@ async function POST(req) {
   const customerRbacService = container.resolve("customerRbacService");
   const user = await customerUserService.findByEmail(email, tenantId);
   if (!user || !user.passwordHash) {
+    await bcryptCompare(password, TIMING_EQUALIZATION_HASH);
     void emitCustomerAccountsEvent("customer_accounts.login.failed", { email, reason: "invalid_credentials", tenantId }).catch(() => void 0);
     return NextResponse.json({ ok: false, error: "Invalid email or password" }, { status: 401 });
   }
   if (!user.isActive) {
-    return NextResponse.json({ ok: false, error: "Account is deactivated" }, { status: 401 });
+    await bcryptCompare(password, TIMING_EQUALIZATION_HASH);
+    void emitCustomerAccountsEvent("customer_accounts.login.failed", { email, reason: "inactive", tenantId }).catch(() => void 0);
+    return NextResponse.json({ ok: false, error: "Invalid email or password" }, { status: 401 });
   }
   if (customerUserService.checkLockout(user)) {
+    await bcryptCompare(password, TIMING_EQUALIZATION_HASH);
     void emitCustomerAccountsEvent("customer_accounts.login.failed", { email, reason: "locked", tenantId }).catch(() => void 0);
-    return NextResponse.json({ ok: false, error: "Account is temporarily locked. Please try again later." }, { status: 423 });
+    return NextResponse.json({ ok: false, error: "Invalid email or password" }, { status: 401 });
   }
   const passwordValid = await customerUserService.verifyPassword(user, password);
   if (!passwordValid) {
@@ -145,7 +153,6 @@ const methodDoc = {
   errors: [
     { status: 400, description: "Validation failed", schema: errorSchema },
     { status: 401, description: "Invalid credentials", schema: errorSchema },
-    { status: 423, description: "Account locked", schema: errorSchema },
     { status: 429, description: "Too many login attempts", schema: rateLimitErrorSchema }
   ]
 };

package/dist/modules/customer_accounts/api/login.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/customer_accounts/api/login.ts"],
-  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { loginSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { CustomerSessionService } from '@open-mercato/core/modules/customer_accounts/services/customerSessionService'\nimport { CustomerRbacService } from '@open-mercato/core/modules/customer_accounts/services/customerRbacService'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\nimport { rateLimitErrorSchema } from '@open-mercato/shared/lib/ratelimit/helpers'\nimport { getClientIp } from '@open-mercato/shared/lib/ratelimit/helpers'\nimport {\n  checkAuthRateLimit,\n  resetAuthRateLimit,\n  customerLoginRateLimitConfig,\n  customerLoginIpRateLimitConfig,\n} from '@open-mercato/core/modules/customer_accounts/lib/rateLimiter'\nimport {\n  resolveTenantContext,\n  TenantResolutionError,\n} from '@open-mercato/core/modules/customer_accounts/lib/resolveTenantContext'\n\nexport const metadata: { path?: string; requireAuth?: boolean } = { requireAuth: false }\n\nexport async function POST(req: Request) {\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = loginSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Invalid credentials' }, { status: 400 })\n  }\n\n  const { email, password } = parsed.data\n  let tenantId: string\n  try {\n    const context = await resolveTenantContext(req, parsed.data.tenantId)\n    tenantId = context.tenantId\n  } catch (err) {\n    if (err instanceof TenantResolutionError) {\n      return NextResponse.json({ ok: false, error: err.message }, { status: err.status })\n    }\n    throw err\n  }\n\n  const { error: rateLimitError, compoundKey } = await checkAuthRateLimit({\n    req,\n    ipConfig: customerLoginIpRateLimitConfig,\n    compoundConfig: customerLoginRateLimitConfig,\n    compoundIdentifier: email,\n  })\n  if (rateLimitError) return rateLimitError\n\n  const container = await createRequestContainer()\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n  const customerSessionService = container.resolve('customerSessionService') as CustomerSessionService\n  const customerRbacService = container.resolve('customerRbacService') as CustomerRbacService\n\n  const user = await customerUserService.findByEmail(email, tenantId)\n  if (!user || !user.passwordHash) {\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', { email, reason: 'invalid_credentials', tenantId }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Invalid email or password' }, { status: 401 })\n  }\n\n  if (!user.isActive) {\n    return NextResponse.json({ ok: false, error: 'Account is deactivated' }, { status: 401 })\n  }\n\n  if (customerUserService.checkLockout(user)) {\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', { email, reason: 'locked', tenantId }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Account is temporarily locked. Please try again later.' }, { status: 423 })\n  }\n\n  const passwordValid = await customerUserService.verifyPassword(user, password)\n  if (!passwordValid) {\n    await customerUserService.incrementFailedAttempts(user)\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', { email, reason: 'invalid_password', tenantId }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Invalid email or password' }, { status: 401 })\n  }\n\n  if (!user.emailVerifiedAt) {\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', {\n      email,\n      reason: 'email_not_verified',\n      tenantId,\n    }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Invalid email or password' }, { status: 401 })\n  }\n\n  await customerUserService.resetFailedAttempts(user)\n  await customerUserService.updateLastLoginAt(user)\n\n  if (compoundKey) {\n    await resetAuthRateLimit(compoundKey, customerLoginRateLimitConfig)\n  }\n\n  const acl = await customerRbacService.loadAcl(user.id, { tenantId, organizationId: user.organizationId })\n  const resolvedFeatures = acl.features\n\n  const ip = getClientIp(req, 0)\n  const userAgent = req.headers.get('user-agent') || null\n  const { rawToken, jwt, session } = await customerSessionService.createSession(user, resolvedFeatures, ip, userAgent)\n\n  void emitCustomerAccountsEvent('customer_accounts.login.success', {\n    id: user.id,\n    email: user.email,\n    tenantId,\n    organizationId: user.organizationId,\n  }).catch(() => undefined)\n\n  const res = NextResponse.json({\n    ok: true,\n    user: {\n      id: user.id,\n      email: user.email,\n      displayName: user.displayName,\n      emailVerified: !!user.emailVerifiedAt,\n    },\n    resolvedFeatures,\n  })\n\n  res.cookies.set('customer_auth_token', jwt, {\n    httpOnly: true,\n    path: '/',\n    sameSite: 'lax',\n    secure: process.env.NODE_ENV === 'production',\n    maxAge: 60 * 60 * 8,\n  })\n  res.cookies.set('customer_session_token', rawToken, {\n    httpOnly: true,\n    path: '/',\n    sameSite: 'lax',\n    secure: process.env.NODE_ENV === 'production',\n    maxAge: 60 * 60 * 24 * 30,\n  })\n\n  return res\n}\n\nconst loginSuccessSchema = z.object({\n  ok: z.literal(true),\n  user: z.object({\n    id: z.string().uuid(),\n    email: z.string().email(),\n    displayName: z.string(),\n    emailVerified: z.boolean(),\n  }),\n  resolvedFeatures: z.array(z.string()),\n})\n\nconst errorSchema = z.object({\n  ok: z.literal(false),\n  error: z.string(),\n})\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Authenticate customer credentials',\n  description: 'Validates customer credentials and issues JWT + session cookies.',\n  tags: ['Customer Authentication'],\n  requestBody: {\n    schema: loginSchema,\n    description: 'Login payload with email and password.',\n  },\n  responses: [\n    { status: 200, description: 'Login successful', schema: loginSuccessSchema },\n  ],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Invalid credentials', schema: errorSchema },\n    { status: 423, description: 'Account locked', schema: errorSchema },\n    { status: 429, description: 'Too many login attempts', schema: rateLimitErrorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer login',\n  description: 'Handles customer authentication and session issuance.',\n  methods: { POST: methodDoc },\n}\n"],
-  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,mBAAmB;AAC5B,SAAS,8BAA8B;AAIvC,SAAS,iCAAiC;AAC1C,SAAS,4BAA4B;AACrC,SAAS,mBAAmB;AAC5B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEA,MAAM,WAAqD,EAAE,aAAa,MAAM;AAEvF,eAAsB,KAAK,KAAc;AACvC,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,YAAY,UAAU,IAAI;AACzC,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,sBAAsB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvF;AAEA,QAAM,EAAE,OAAO,SAAS,IAAI,OAAO;AACnC,MAAI;AACJ,MAAI;AACF,UAAM,UAAU,MAAM,qBAAqB,KAAK,OAAO,KAAK,QAAQ;AACpE,eAAW,QAAQ;AAAA,EACrB,SAAS,KAAK;AACZ,QAAI,eAAe,uBAAuB;AACxC,aAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,IAAI,QAAQ,GAAG,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,IACpF;AACA,UAAM;AAAA,EACR;AAEA,QAAM,EAAE,OAAO,gBAAgB,YAAY,IAAI,MAAM,mBAAmB;AAAA,IACtE;AAAA,IACA,UAAU;AAAA,IACV,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB,CAAC;AACD,MAAI,eAAgB,QAAO;AAE3B,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,QAAM,yBAAyB,UAAU,QAAQ,wBAAwB;AACzE,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AAEnE,QAAM,OAAO,MAAM,oBAAoB,YAAY,OAAO,QAAQ;AAClE,MAAI,CAAC,QAAQ,CAAC,KAAK,cAAc;AAC/B,SAAK,0BAA0B,kCAAkC,EAAE,OAAO,QAAQ,uBAAuB,SAAS,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1I,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AAEA,MAAI,CAAC,KAAK,UAAU;AAClB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,yBAAyB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1F;AAEA,MAAI,oBAAoB,aAAa,IAAI,GAAG;AAC1C,SAAK,0BAA0B,kCAAkC,EAAE,OAAO,QAAQ,UAAU,SAAS,CAAC,EAAE,MAAM,MAAM,MAAS;AAC7H,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,yDAAyD,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1H;AAEA,QAAM,gBAAgB,MAAM,oBAAoB,eAAe,MAAM,QAAQ;AAC7E,MAAI,CAAC,eAAe;AAClB,UAAM,oBAAoB,wBAAwB,IAAI;AACtD,SAAK,0BAA0B,kCAAkC,EAAE,OAAO,QAAQ,oBAAoB,SAAS,CAAC,EAAE,MAAM,MAAM,MAAS;AACvI,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AAEA,MAAI,CAAC,KAAK,iBAAiB;AACzB,SAAK,0BAA0B,kCAAkC;AAAA,MAC/D;AAAA,MACA,QAAQ;AAAA,MACR;AAAA,IACF,CAAC,EAAE,MAAM,MAAM,MAAS;AACxB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AAEA,QAAM,oBAAoB,oBAAoB,IAAI;AAClD,QAAM,oBAAoB,kBAAkB,IAAI;AAEhD,MAAI,aAAa;AACf,UAAM,mBAAmB,aAAa,4BAA4B;AAAA,EACpE;AAEA,QAAM,MAAM,MAAM,oBAAoB,QAAQ,KAAK,IAAI,EAAE,UAAU,gBAAgB,KAAK,eAAe,CAAC;AACxG,QAAM,mBAAmB,IAAI;AAE7B,QAAM,KAAK,YAAY,KAAK,CAAC;AAC7B,QAAM,YAAY,IAAI,QAAQ,IAAI,YAAY,KAAK;AACnD,QAAM,EAAE,UAAU,KAAK,QAAQ,IAAI,MAAM,uBAAuB,cAAc,MAAM,kBAAkB,IAAI,SAAS;AAEnH,OAAK,0BAA0B,mCAAmC;AAAA,IAChE,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ;AAAA,IACA,gBAAgB,KAAK;AAAA,EACvB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,QAAM,MAAM,aAAa,KAAK;AAAA,IAC5B,IAAI;AAAA,IACJ,MAAM;AAAA,MACJ,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,aAAa,KAAK;AAAA,MAClB,eAAe,CAAC,CAAC,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,EACF,CAAC;AAED,MAAI,QAAQ,IAAI,uBAAuB,KAAK;AAAA,IAC1C,UAAU;AAAA,IACV,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,QAAQ,KAAK,KAAK;AAAA,EACpB,CAAC;AACD,MAAI,QAAQ,IAAI,0BAA0B,UAAU;AAAA,IAClD,UAAU;AAAA,IACV,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,QAAQ,KAAK,KAAK,KAAK;AAAA,EACzB,CAAC;AAED,SAAO;AACT;AAEA,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,MAAM,EAAE,OAAO;AAAA,IACb,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,IACxB,aAAa,EAAE,OAAO;AAAA,IACtB,eAAe,EAAE,QAAQ;AAAA,EAC3B,CAAC;AAAA,EACD,kBAAkB,EAAE,MAAM,EAAE,OAAO,CAAC;AACtC,CAAC;AAED,MAAM,cAAc,EAAE,OAAO;AAAA,EAC3B,IAAI,EAAE,QAAQ,KAAK;AAAA,EACnB,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa;AAAA,IACX,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,WAAW;AAAA,IACT,EAAE,QAAQ,KAAK,aAAa,oBAAoB,QAAQ,mBAAmB;AAAA,EAC7E;AAAA,EACA,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,uBAAuB,QAAQ,YAAY;AAAA,IACvE,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,IAClE,EAAE,QAAQ,KAAK,aAAa,2BAA2B,QAAQ,qBAAqB;AAAA,EACtF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,SAAS,EAAE,MAAM,UAAU;AAC7B;",
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { compare as bcryptCompare } from 'bcryptjs'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { loginSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { CustomerSessionService } from '@open-mercato/core/modules/customer_accounts/services/customerSessionService'\nimport { CustomerRbacService } from '@open-mercato/core/modules/customer_accounts/services/customerRbacService'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\nimport { rateLimitErrorSchema } from '@open-mercato/shared/lib/ratelimit/helpers'\nimport { getClientIp } from '@open-mercato/shared/lib/ratelimit/helpers'\nimport {\n  checkAuthRateLimit,\n  resetAuthRateLimit,\n  customerLoginRateLimitConfig,\n  customerLoginIpRateLimitConfig,\n} from '@open-mercato/core/modules/customer_accounts/lib/rateLimiter'\nimport {\n  resolveTenantContext,\n  TenantResolutionError,\n} from '@open-mercato/core/modules/customer_accounts/lib/resolveTenantContext'\n\nexport const metadata: { path?: string; requireAuth?: boolean } = { requireAuth: false }\n\n// Precomputed bcrypt cost-10 hash of an unknowable random 32-byte input; used to equalize\n// response latency between the real-account and unknown/inactive/locked/no-hash login branches\n// so account existence cannot be inferred from a timing side channel. Mirrors signup.ts.\nconst TIMING_EQUALIZATION_HASH = '$2b$10$.F2A6UHFzk.d8trNdfqt4OLz05Nf3IOuMmN6VJKflhD4.rz.prR8i'\n\nexport async function POST(req: Request) {\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = loginSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Invalid credentials' }, { status: 400 })\n  }\n\n  const { email, password } = parsed.data\n  let tenantId: string\n  try {\n    const context = await resolveTenantContext(req, parsed.data.tenantId, {\n      organizationId: parsed.data.organizationId ?? null,\n    })\n    tenantId = context.tenantId\n  } catch (err) {\n    if (err instanceof TenantResolutionError) {\n      return NextResponse.json({ ok: false, error: err.message }, { status: err.status })\n    }\n    throw err\n  }\n\n  const { error: rateLimitError, compoundKey } = await checkAuthRateLimit({\n    req,\n    ipConfig: customerLoginIpRateLimitConfig,\n    compoundConfig: customerLoginRateLimitConfig,\n    compoundIdentifier: email,\n  })\n  if (rateLimitError) return rateLimitError\n\n  const container = await createRequestContainer()\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n  const customerSessionService = container.resolve('customerSessionService') as CustomerSessionService\n  const customerRbacService = container.resolve('customerRbacService') as CustomerRbacService\n\n  const user = await customerUserService.findByEmail(email, tenantId)\n\n  // Equalize response timing and error responses across every failed-login branch so an\n  // attacker cannot enumerate which emails have an account in this tenant. Unknown,\n  // password-less, inactive, locked, wrong-password, and unverified accounts all run a\n  // bcrypt comparison and return the same generic 401 \u2014 lockout/deactivation guidance is\n  // conveyed out-of-band (e.g. email), never in the synchronous response.\n  if (!user || !user.passwordHash) {\n    await bcryptCompare(password, TIMING_EQUALIZATION_HASH)\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', { email, reason: 'invalid_credentials', tenantId }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Invalid email or password' }, { status: 401 })\n  }\n\n  if (!user.isActive) {\n    await bcryptCompare(password, TIMING_EQUALIZATION_HASH)\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', { email, reason: 'inactive', tenantId }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Invalid email or password' }, { status: 401 })\n  }\n\n  if (customerUserService.checkLockout(user)) {\n    await bcryptCompare(password, TIMING_EQUALIZATION_HASH)\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', { email, reason: 'locked', tenantId }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Invalid email or password' }, { status: 401 })\n  }\n\n  const passwordValid = await customerUserService.verifyPassword(user, password)\n  if (!passwordValid) {\n    await customerUserService.incrementFailedAttempts(user)\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', { email, reason: 'invalid_password', tenantId }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Invalid email or password' }, { status: 401 })\n  }\n\n  if (!user.emailVerifiedAt) {\n    void emitCustomerAccountsEvent('customer_accounts.login.failed', {\n      email,\n      reason: 'email_not_verified',\n      tenantId,\n    }).catch(() => undefined)\n    return NextResponse.json({ ok: false, error: 'Invalid email or password' }, { status: 401 })\n  }\n\n  await customerUserService.resetFailedAttempts(user)\n  await customerUserService.updateLastLoginAt(user)\n\n  if (compoundKey) {\n    await resetAuthRateLimit(compoundKey, customerLoginRateLimitConfig)\n  }\n\n  const acl = await customerRbacService.loadAcl(user.id, { tenantId, organizationId: user.organizationId })\n  const resolvedFeatures = acl.features\n\n  const ip = getClientIp(req, 0)\n  const userAgent = req.headers.get('user-agent') || null\n  const { rawToken, jwt, session } = await customerSessionService.createSession(user, resolvedFeatures, ip, userAgent)\n\n  void emitCustomerAccountsEvent('customer_accounts.login.success', {\n    id: user.id,\n    email: user.email,\n    tenantId,\n    organizationId: user.organizationId,\n  }).catch(() => undefined)\n\n  const res = NextResponse.json({\n    ok: true,\n    user: {\n      id: user.id,\n      email: user.email,\n      displayName: user.displayName,\n      emailVerified: !!user.emailVerifiedAt,\n    },\n    resolvedFeatures,\n  })\n\n  res.cookies.set('customer_auth_token', jwt, {\n    httpOnly: true,\n    path: '/',\n    sameSite: 'lax',\n    secure: process.env.NODE_ENV === 'production',\n    maxAge: 60 * 60 * 8,\n  })\n  res.cookies.set('customer_session_token', rawToken, {\n    httpOnly: true,\n    path: '/',\n    sameSite: 'lax',\n    secure: process.env.NODE_ENV === 'production',\n    maxAge: 60 * 60 * 24 * 30,\n  })\n\n  return res\n}\n\nconst loginSuccessSchema = z.object({\n  ok: z.literal(true),\n  user: z.object({\n    id: z.string().uuid(),\n    email: z.string().email(),\n    displayName: z.string(),\n    emailVerified: z.boolean(),\n  }),\n  resolvedFeatures: z.array(z.string()),\n})\n\nconst errorSchema = z.object({\n  ok: z.literal(false),\n  error: z.string(),\n})\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Authenticate customer credentials',\n  description: 'Validates customer credentials and issues JWT + session cookies.',\n  tags: ['Customer Authentication'],\n  requestBody: {\n    schema: loginSchema,\n    description: 'Login payload with email and password.',\n  },\n  responses: [\n    { status: 200, description: 'Login successful', schema: loginSuccessSchema },\n  ],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Invalid credentials', schema: errorSchema },\n    { status: 429, description: 'Too many login attempts', schema: rateLimitErrorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer login',\n  description: 'Handles customer authentication and session issuance.',\n  methods: { POST: methodDoc },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,WAAW,qBAAqB;AACzC,SAAS,SAAS;AAElB,SAAS,mBAAmB;AAC5B,SAAS,8BAA8B;AAIvC,SAAS,iCAAiC;AAC1C,SAAS,4BAA4B;AACrC,SAAS,mBAAmB;AAC5B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEA,MAAM,WAAqD,EAAE,aAAa,MAAM;AAKvF,MAAM,2BAA2B;AAEjC,eAAsB,KAAK,KAAc;AACvC,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,YAAY,UAAU,IAAI;AACzC,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,sBAAsB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvF;AAEA,QAAM,EAAE,OAAO,SAAS,IAAI,OAAO;AACnC,MAAI;AACJ,MAAI;AACF,UAAM,UAAU,MAAM,qBAAqB,KAAK,OAAO,KAAK,UAAU;AAAA,MACpE,gBAAgB,OAAO,KAAK,kBAAkB;AAAA,IAChD,CAAC;AACD,eAAW,QAAQ;AAAA,EACrB,SAAS,KAAK;AACZ,QAAI,eAAe,uBAAuB;AACxC,aAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,IAAI,QAAQ,GAAG,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,IACpF;AACA,UAAM;AAAA,EACR;AAEA,QAAM,EAAE,OAAO,gBAAgB,YAAY,IAAI,MAAM,mBAAmB;AAAA,IACtE;AAAA,IACA,UAAU;AAAA,IACV,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB,CAAC;AACD,MAAI,eAAgB,QAAO;AAE3B,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,QAAM,yBAAyB,UAAU,QAAQ,wBAAwB;AACzE,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AAEnE,QAAM,OAAO,MAAM,oBAAoB,YAAY,OAAO,QAAQ;AAOlE,MAAI,CAAC,QAAQ,CAAC,KAAK,cAAc;AAC/B,UAAM,cAAc,UAAU,wBAAwB;AACtD,SAAK,0BAA0B,kCAAkC,EAAE,OAAO,QAAQ,uBAAuB,SAAS,CAAC,EAAE,MAAM,MAAM,MAAS;AAC1I,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AAEA,MAAI,CAAC,KAAK,UAAU;AAClB,UAAM,cAAc,UAAU,wBAAwB;AACtD,SAAK,0BAA0B,kCAAkC,EAAE,OAAO,QAAQ,YAAY,SAAS,CAAC,EAAE,MAAM,MAAM,MAAS;AAC/H,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AAEA,MAAI,oBAAoB,aAAa,IAAI,GAAG;AAC1C,UAAM,cAAc,UAAU,wBAAwB;AACtD,SAAK,0BAA0B,kCAAkC,EAAE,OAAO,QAAQ,UAAU,SAAS,CAAC,EAAE,MAAM,MAAM,MAAS;AAC7H,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AAEA,QAAM,gBAAgB,MAAM,oBAAoB,eAAe,MAAM,QAAQ;AAC7E,MAAI,CAAC,eAAe;AAClB,UAAM,oBAAoB,wBAAwB,IAAI;AACtD,SAAK,0BAA0B,kCAAkC,EAAE,OAAO,QAAQ,oBAAoB,SAAS,CAAC,EAAE,MAAM,MAAM,MAAS;AACvI,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AAEA,MAAI,CAAC,KAAK,iBAAiB;AACzB,SAAK,0BAA0B,kCAAkC;AAAA,MAC/D;AAAA,MACA,QAAQ;AAAA,MACR;AAAA,IACF,CAAC,EAAE,MAAM,MAAM,MAAS;AACxB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC7F;AAEA,QAAM,oBAAoB,oBAAoB,IAAI;AAClD,QAAM,oBAAoB,kBAAkB,IAAI;AAEhD,MAAI,aAAa;AACf,UAAM,mBAAmB,aAAa,4BAA4B;AAAA,EACpE;AAEA,QAAM,MAAM,MAAM,oBAAoB,QAAQ,KAAK,IAAI,EAAE,UAAU,gBAAgB,KAAK,eAAe,CAAC;AACxG,QAAM,mBAAmB,IAAI;AAE7B,QAAM,KAAK,YAAY,KAAK,CAAC;AAC7B,QAAM,YAAY,IAAI,QAAQ,IAAI,YAAY,KAAK;AACnD,QAAM,EAAE,UAAU,KAAK,QAAQ,IAAI,MAAM,uBAAuB,cAAc,MAAM,kBAAkB,IAAI,SAAS;AAEnH,OAAK,0BAA0B,mCAAmC;AAAA,IAChE,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ;AAAA,IACA,gBAAgB,KAAK;AAAA,EACvB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,QAAM,MAAM,aAAa,KAAK;AAAA,IAC5B,IAAI;AAAA,IACJ,MAAM;AAAA,MACJ,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,aAAa,KAAK;AAAA,MAClB,eAAe,CAAC,CAAC,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,EACF,CAAC;AAED,MAAI,QAAQ,IAAI,uBAAuB,KAAK;AAAA,IAC1C,UAAU;AAAA,IACV,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,QAAQ,KAAK,KAAK;AAAA,EACpB,CAAC;AACD,MAAI,QAAQ,IAAI,0BAA0B,UAAU;AAAA,IAClD,UAAU;AAAA,IACV,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,QAAQ,KAAK,KAAK,KAAK;AAAA,EACzB,CAAC;AAED,SAAO;AACT;AAEA,MAAM,qBAAqB,EAAE,OAAO;AAAA,EAClC,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,MAAM,EAAE,OAAO;AAAA,IACb,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,IACxB,aAAa,EAAE,OAAO;AAAA,IACtB,eAAe,EAAE,QAAQ;AAAA,EAC3B,CAAC;AAAA,EACD,kBAAkB,EAAE,MAAM,EAAE,OAAO,CAAC;AACtC,CAAC;AAED,MAAM,cAAc,EAAE,OAAO;AAAA,EAC3B,IAAI,EAAE,QAAQ,KAAK;AAAA,EACnB,OAAO,EAAE,OAAO;AAClB,CAAC;AAED,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa;AAAA,IACX,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,WAAW;AAAA,IACT,EAAE,QAAQ,KAAK,aAAa,oBAAoB,QAAQ,mBAAmB;AAAA,EAC7E;AAAA,EACA,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,uBAAuB,QAAQ,YAAY;AAAA,IACvE,EAAE,QAAQ,KAAK,aAAa,2BAA2B,QAAQ,qBAAqB;AAAA,EACtF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,SAAS,EAAE,MAAM,UAAU;AAC7B;",
   "names": []
 }

package/dist/modules/customer_accounts/api/portal/users-invite.js CHANGED Viewed

@@ -5,12 +5,27 @@ import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
 import { CustomerRole } from "@open-mercato/core/modules/customer_accounts/data/entities";
 import { inviteUserSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
 import { findWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+import { rateLimitErrorSchema } from "@open-mercato/shared/lib/ratelimit/helpers";
+import {
+  checkAuthRateLimit,
+  customerInviteRateLimitConfig,
+  customerInviteIpRateLimitConfig
+} from "@open-mercato/core/modules/customer_accounts/lib/rateLimiter";
+import { readNormalizedEmailFromJsonRequest } from "@open-mercato/core/modules/customer_accounts/lib/rateLimitIdentifier";
 const metadata = { requireAuth: false };
 async function POST(req) {
   const auth = await getCustomerAuthFromRequest(req);
   if (!auth) {
     return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
   }
+  const rateLimitEmail = await readNormalizedEmailFromJsonRequest(req);
+  const { error: rateLimitError } = await checkAuthRateLimit({
+    req,
+    ipConfig: customerInviteIpRateLimitConfig,
+    compoundConfig: customerInviteRateLimitConfig,
+    compoundIdentifier: rateLimitEmail
+  });
+  if (rateLimitError) return rateLimitError;
   const container = await createRequestContainer();
   const customerRbacService = container.resolve("customerRbacService");
   try {
@@ -88,7 +103,8 @@ const methodDoc = {
   errors: [
     { status: 400, description: "Validation failed", schema: errorSchema },
     { status: 401, description: "Not authenticated", schema: errorSchema },
-    { status: 403, description: "Insufficient permissions or non-assignable role", schema: errorSchema }
+    { status: 403, description: "Insufficient permissions or non-assignable role", schema: errorSchema },
+    { status: 429, description: "Too many invitation requests", schema: rateLimitErrorSchema }
   ]
 };
 const openApi = {