@rovela-ai/sdk 0.4.1 → 0.4.2

package/dist/auth/api/request-return.d.ts

@@ -0,0 +1,39 @@
+/**
+ * @rovela/sdk/auth/api/request-return
+ *
+ * API route handler for customer return requests.
+ * Customers can request a return on orders that have been delivered.
+ * This creates a return request that must be approved by an admin.
+ *
+ * Usage:
+ * ```typescript
+ * // app/api/account/orders/[id]/return/route.ts
+ * export { POST } from '@rovela-ai/sdk/auth/api/request-return'
+ * ```
+ */
+import { NextRequest, NextResponse } from 'next/server';
+interface ReturnRequestResponse {
+    success: boolean;
+    message: string;
+}
+interface ReturnRequestError {
+    error: string;
+    code: 'UNAUTHORIZED' | 'NOT_FOUND' | 'FORBIDDEN' | 'VALIDATION_ERROR' | 'INTERNAL_ERROR';
+}
+/**
+ * POST /api/account/orders/[id]/return
+ *
+ * Request a return for an order. Only available for orders that:
+ * - Belong to the authenticated customer
+ * - Have status 'delivered'
+ *
+ * This creates a return request that must be approved by an admin
+ * before a refund is processed.
+ */
+export declare function POST(request: NextRequest, { params }: {
+    params: Promise<{
+        id: string;
+    }>;
+}): Promise<NextResponse<ReturnRequestResponse | ReturnRequestError>>;
+export {};
+//# sourceMappingURL=request-return.d.ts.map

package/dist/auth/api/request-return.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-return.d.ts","sourceRoot":"","sources":["../../../src/auth/api/request-return.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAYvD,UAAU,qBAAqB;IAC7B,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,UAAU,kBAAkB;IAC1B,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,cAAc,GAAG,WAAW,GAAG,WAAW,GAAG,kBAAkB,GAAG,gBAAgB,CAAA;CACzF;AAMD;;;;;;;;;GASG;AACH,wBAAsB,IAAI,CACxB,OAAO,EAAE,WAAW,EACpB,EAAE,MAAM,EAAE,EAAE;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE,GAC9C,OAAO,CAAC,YAAY,CAAC,qBAAqB,GAAG,kBAAkB,CAAC,CAAC,CAgHnE"}

package/dist/auth/api/request-return.js

@@ -0,0 +1,109 @@
+/**
+ * @rovela/sdk/auth/api/request-return
+ *
+ * API route handler for customer return requests.
+ * Customers can request a return on orders that have been delivered.
+ * This creates a return request that must be approved by an admin.
+ *
+ * Usage:
+ * ```typescript
+ * // app/api/account/orders/[id]/return/route.ts
+ * export { POST } from '@rovela-ai/sdk/auth/api/request-return'
+ * ```
+ */
+import { NextResponse } from 'next/server';
+import { requireCustomer } from '../server/customer-session';
+import { findOrderById, updateOrderReturnRequest } from '../../core/db/queries';
+// =============================================================================
+// Handler
+// =============================================================================
+/**
+ * POST /api/account/orders/[id]/return
+ *
+ * Request a return for an order. Only available for orders that:
+ * - Belong to the authenticated customer
+ * - Have status 'delivered'
+ *
+ * This creates a return request that must be approved by an admin
+ * before a refund is processed.
+ */
+export async function POST(request, { params }) {
+    // Check customer authentication. `requireCustomer` rejects admin sessions
+    // and orphan JWTs — defense in depth on top of the separate-cookie split.
+    const guard = await requireCustomer();
+    if (!guard.ok) {
+        return guard.response;
+    }
+    const customerId = guard.customer.id;
+    try {
+        const { id: orderId } = await params;
+        // Parse request body
+        let body;
+        try {
+            body = await request.json();
+        }
+        catch {
+            return NextResponse.json({ error: 'Invalid request body', code: 'VALIDATION_ERROR' }, { status: 400 });
+        }
+        // Validate reason is provided
+        const reason = body.reason?.trim();
+        if (!reason) {
+            return NextResponse.json({ error: 'Please provide a reason for your return request', code: 'VALIDATION_ERROR' }, { status: 400 });
+        }
+        if (reason.length > 500) {
+            return NextResponse.json({ error: 'Return reason must be 500 characters or less', code: 'VALIDATION_ERROR' }, { status: 400 });
+        }
+        // Get order
+        const order = await findOrderById(orderId);
+        if (!order) {
+            return NextResponse.json({ error: 'Order not found', code: 'NOT_FOUND' }, { status: 404 });
+        }
+        // Verify order belongs to this customer
+        if (order.customerId !== customerId) {
+            return NextResponse.json({ error: 'You do not have permission to request a return for this order', code: 'FORBIDDEN' }, { status: 403 });
+        }
+        // Check order is eligible for return request
+        // Only allow returns on delivered orders
+        if (order.status !== 'delivered') {
+            let message;
+            switch (order.status) {
+                case 'pending':
+                    message = 'This order is still being processed and cannot be returned yet.';
+                    break;
+                case 'paid':
+                    message = 'This order has not shipped yet. You can request a refund instead.';
+                    break;
+                case 'shipped':
+                    message = 'This order is in transit. Please wait until it is delivered to request a return.';
+                    break;
+                case 'return_requested':
+                    message = 'A return request has already been submitted for this order.';
+                    break;
+                case 'refunded':
+                    message = 'This order has already been refunded.';
+                    break;
+                case 'cancelled':
+                    message = 'This order has been cancelled.';
+                    break;
+                default:
+                    message = 'This order is not eligible for a return at this time.';
+            }
+            return NextResponse.json({ error: message, code: 'VALIDATION_ERROR' }, { status: 400 });
+        }
+        // Create return request
+        const updatedOrder = await updateOrderReturnRequest(orderId, reason);
+        if (!updatedOrder) {
+            return NextResponse.json({ error: 'Failed to submit return request. Please try again.', code: 'INTERNAL_ERROR' }, { status: 500 });
+        }
+        console.log('[Customer Return] Return request submitted for order:', orderId);
+        return NextResponse.json({
+            success: true,
+            message: 'Your return request has been submitted. We will review it and get back to you soon.',
+        });
+    }
+    catch (error) {
+        console.error('[Customer Return API] POST error:', error);
+        return NextResponse.json({ error: 'Failed to submit return request. Please try again.', code: 'INTERNAL_ERROR' }, { status: 500 });
+    }
+}
+//# sourceMappingURL=request-return.js.map

package/dist/auth/api/request-return.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-return.js","sourceRoot":"","sources":["../../../src/auth/api/request-return.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAA;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAA;AAC5D,OAAO,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAA;AAoB/E,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,OAAoB,EACpB,EAAE,MAAM,EAAuC;IAE/C,0EAA0E;IAC1E,0EAA0E;IAC1E,MAAM,KAAK,GAAG,MAAM,eAAe,EAAE,CAAA;IACrC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACd,OAAO,KAAK,CAAC,QAAuD,CAAA;IACtE,CAAC;IACD,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAA;IAEpC,IAAI,CAAC;QACH,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAA;QAEpC,qBAAqB;QACrB,IAAI,IAAuB,CAAA;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,sBAAsB,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAC3D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,8BAA8B;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAA;QAClC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,iDAAiD,EAAE,IAAI,EAAE,kBAAkB,EAAE,EACtF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACxB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,8CAA8C,EAAE,IAAI,EAAE,kBAAkB,EAAE,EACnF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,YAAY;QACZ,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAA;QAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,iBAAiB,EAAE,IAAI,EAAE,WAAW,EAAE,EAC/C,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,wCAAwC;QACxC,IAAI,KAAK,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;YACpC,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,+DAA+D,EAAE,IAAI,EAAE,WAAW,EAAE,EAC7F,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,6CAA6C;QAC7C,yCAAyC;QACzC,IAAI,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACjC,IAAI,OAAe,CAAA;YACnB,QAAQ,KAAK,CAAC,MAAM,EAAE,CAAC;gBACrB,KAAK,SAAS;oBACZ,OAAO,GAAG,iEAAiE,CAAA;oBAC3E,MAAK;gBACP,KAAK,MAAM;oBACT,OAAO,GAAG,mEAAmE,CAAA;oBAC7E,MAAK;gBACP,KAAK,SAAS;oBACZ,OAAO,GAAG,kFAAkF,CAAA;oBAC5F,MAAK;gBACP,KAAK,kBAAkB;oBACrB,OAAO,GAAG,6DAA6D,CAAA;oBACvE,MAAK;gBACP,KAAK,UAAU;oBACb,OAAO,GAAG,uCAAuC,CAAA;oBACjD,MAAK;gBACP,KAAK,WAAW;oBACd,OAAO,GAAG,gCAAgC,CAAA;oBAC1C,MAAK;gBACP;oBACE,OAAO,GAAG,uDAAuD,CAAA;YACrE,CAAC;YACD,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAC5C,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,wBAAwB;QACxB,MAAM,YAAY,GAAG,MAAM,wBAAwB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAEpE,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,oDAAoD,EAAE,IAAI,EAAE,gBAAgB,EAAE,EACvF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAA;QAE7E,OAAO,YAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,qFAAqF;SAC/F,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAA;QAEzD,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,oDAAoD,EAAE,IAAI,EAAE,gBAAgB,EAAE,EACvF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;IACH,CAAC;AACH,CAAC"}

package/dist/auth/api/resend-verification.d.ts

@@ -0,0 +1,41 @@
+/**
+ * @rovela/sdk/auth/api/resend-verification
+ *
+ * Resend verification email API route handler.
+ */
+import { NextResponse } from 'next/server';
+import type { AuthApiError } from '../types';
+interface ResendVerificationResponse {
+    success: boolean;
+    message: string;
+}
+/**
+ * POST handler for resending verification email.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/resend-verification/route.ts
+ * export { POST } from '@rovela/sdk/auth/api'
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Request body
+ * { "email": "customer@example.com" }
+ *
+ * // Success response (200)
+ * {
+ *   "success": true,
+ *   "message": "If an account exists with this email, a verification link has been sent."
+ * }
+ *
+ * // Error response (400)
+ * {
+ *   "error": "Email is already verified",
+ *   "code": "VALIDATION_ERROR"
+ * }
+ * ```
+ */
+export declare function POST(request: Request): Promise<NextResponse<ResendVerificationResponse | AuthApiError>>;
+export {};
+//# sourceMappingURL=resend-verification.d.ts.map

package/dist/auth/api/resend-verification.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resend-verification.d.ts","sourceRoot":"","sources":["../../../src/auth/api/resend-verification.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAE1C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAU5C,UAAU,0BAA0B;IAClC,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;CAChB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,0BAA0B,GAAG,YAAY,CAAC,CAAC,CAyC7G"}

package/dist/auth/api/resend-verification.js

@@ -0,0 +1,68 @@
+/**
+ * @rovela/sdk/auth/api/resend-verification
+ *
+ * Resend verification email API route handler.
+ */
+import { NextResponse } from 'next/server';
+import { resendVerificationEmail } from '../server/verification-service';
+/**
+ * Validate email format.
+ */
+function isValidEmail(email) {
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    return emailRegex.test(email);
+}
+/**
+ * POST handler for resending verification email.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/resend-verification/route.ts
+ * export { POST } from '@rovela/sdk/auth/api'
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Request body
+ * { "email": "customer@example.com" }
+ *
+ * // Success response (200)
+ * {
+ *   "success": true,
+ *   "message": "If an account exists with this email, a verification link has been sent."
+ * }
+ *
+ * // Error response (400)
+ * {
+ *   "error": "Email is already verified",
+ *   "code": "VALIDATION_ERROR"
+ * }
+ * ```
+ */
+export async function POST(request) {
+    try {
+        const body = await request.json();
+        const email = body.email;
+        if (!email) {
+            return NextResponse.json({ error: 'Email is required', code: 'VALIDATION_ERROR' }, { status: 400 });
+        }
+        if (!isValidEmail(email)) {
+            return NextResponse.json({ error: 'Please enter a valid email address', code: 'VALIDATION_ERROR' }, { status: 400 });
+        }
+        const result = await resendVerificationEmail(email);
+        // If already verified, return error
+        if (!result.success && result.error?.includes('already verified')) {
+            return NextResponse.json({ error: result.error, code: 'VALIDATION_ERROR' }, { status: 400 });
+        }
+        // Always return success message to prevent email enumeration
+        return NextResponse.json({
+            success: true,
+            message: 'If an account exists with this email, a verification link has been sent.',
+        });
+    }
+    catch (error) {
+        console.error('[Auth Resend Verification] Error:', error);
+        return NextResponse.json({ error: 'Failed to send verification email. Please try again.', code: 'VALIDATION_ERROR' }, { status: 500 });
+    }
+}
+//# sourceMappingURL=resend-verification.js.map

package/dist/auth/api/resend-verification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resend-verification.js","sourceRoot":"","sources":["../../../src/auth/api/resend-verification.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAA;AAGxE;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,UAAU,GAAG,4BAA4B,CAAA;IAC/C,OAAO,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AAC/B,CAAC;AAOD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAAgB;IACzC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAA;QAExB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,mBAAmB,EAAE,IAAI,EAAE,kBAAkB,EAAE,EACxD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,oCAAoC,EAAE,IAAI,EAAE,kBAAkB,EAAE,EACzE,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAAC,KAAK,CAAC,CAAA;QAEnD,oCAAoC;QACpC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAClE,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,kBAAkB,EAAE,EACjD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,6DAA6D;QAC7D,OAAO,YAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,0EAA0E;SACpF,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAA;QACzD,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,sDAAsD,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAC3F,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;IACH,CAAC;AACH,CAAC"}

package/dist/auth/api/reset-password.d.ts

@@ -0,0 +1,67 @@
+/**
+ * @rovela/sdk/auth/api/reset-password
+ *
+ * Reset password API route handler.
+ */
+import { NextResponse } from 'next/server';
+import type { AuthApiError } from '../types';
+interface ValidateTokenResponse {
+    valid: boolean;
+    error?: string;
+}
+interface ResetPasswordResponse {
+    success: boolean;
+    message: string;
+}
+/**
+ * GET handler for validating reset token.
+ * Use this to check if token is valid before showing the reset form.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/reset-password/route.ts
+ * export { GET, POST } from '@rovela/sdk/auth/api'
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Request: GET /api/auth/reset-password?token=abc123
+ *
+ * // Success response (200)
+ * { "valid": true }
+ *
+ * // Error response (400)
+ * {
+ *   "valid": false,
+ *   "error": "Reset link has expired. Please request a new one."
+ * }
+ * ```
+ */
+export declare function GET(request: Request): Promise<NextResponse<ValidateTokenResponse>>;
+/**
+ * POST handler for resetting password.
+ *
+ * @example
+ * ```typescript
+ * // Request body
+ * {
+ *   "token": "abc123",
+ *   "password": "newSecurePassword123"
+ * }
+ *
+ * // Success response (200)
+ * {
+ *   "success": true,
+ *   "message": "Password reset successfully. You can now sign in with your new password."
+ * }
+ *
+ * // Error response (400)
+ * {
+ *   "error": "Reset link has expired. Please request a new one.",
+ *   "code": "TOKEN_EXPIRED"
+ * }
+ * ```
+ */
+export declare function POST(request: Request): Promise<NextResponse<ResetPasswordResponse | AuthApiError>>;
+export {};
+//# sourceMappingURL=reset-password.d.ts.map

package/dist/auth/api/reset-password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reset-password.d.ts","sourceRoot":"","sources":["../../../src/auth/api/reset-password.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAG1C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAE5C,UAAU,qBAAqB;IAC7B,KAAK,EAAE,OAAO,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,UAAU,qBAAqB;IAC7B,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;CAChB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,qBAAqB,CAAC,CAAC,CA6BxF;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,qBAAqB,GAAG,YAAY,CAAC,CAAC,CAkDxG"}

package/dist/auth/api/reset-password.js

@@ -0,0 +1,106 @@
+/**
+ * @rovela/sdk/auth/api/reset-password
+ *
+ * Reset password API route handler.
+ */
+import { NextResponse } from 'next/server';
+import { validateResetToken, resetPassword } from '../server/password-reset-service';
+import { validatePassword } from '../server/password';
+/**
+ * GET handler for validating reset token.
+ * Use this to check if token is valid before showing the reset form.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/reset-password/route.ts
+ * export { GET, POST } from '@rovela/sdk/auth/api'
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Request: GET /api/auth/reset-password?token=abc123
+ *
+ * // Success response (200)
+ * { "valid": true }
+ *
+ * // Error response (400)
+ * {
+ *   "valid": false,
+ *   "error": "Reset link has expired. Please request a new one."
+ * }
+ * ```
+ */
+export async function GET(request) {
+    try {
+        const { searchParams } = new URL(request.url);
+        const token = searchParams.get('token');
+        if (!token) {
+            return NextResponse.json({ valid: false, error: 'Reset token is required' }, { status: 400 });
+        }
+        const result = await validateResetToken(token);
+        if (!result.valid) {
+            return NextResponse.json({ valid: false, error: result.error }, { status: 400 });
+        }
+        return NextResponse.json({ valid: true });
+    }
+    catch (error) {
+        console.error('[Auth Reset Password] Validation error:', error);
+        return NextResponse.json({ valid: false, error: 'Failed to validate token. Please try again.' }, { status: 500 });
+    }
+}
+/**
+ * POST handler for resetting password.
+ *
+ * @example
+ * ```typescript
+ * // Request body
+ * {
+ *   "token": "abc123",
+ *   "password": "newSecurePassword123"
+ * }
+ *
+ * // Success response (200)
+ * {
+ *   "success": true,
+ *   "message": "Password reset successfully. You can now sign in with your new password."
+ * }
+ *
+ * // Error response (400)
+ * {
+ *   "error": "Reset link has expired. Please request a new one.",
+ *   "code": "TOKEN_EXPIRED"
+ * }
+ * ```
+ */
+export async function POST(request) {
+    try {
+        const body = await request.json();
+        const { token, password } = body;
+        if (!token) {
+            return NextResponse.json({ error: 'Reset token is required', code: 'INVALID_TOKEN' }, { status: 400 });
+        }
+        if (!password) {
+            return NextResponse.json({ error: 'New password is required', code: 'VALIDATION_ERROR' }, { status: 400 });
+        }
+        // Validate password strength
+        const passwordValidation = validatePassword(password);
+        if (!passwordValidation.valid) {
+            return NextResponse.json({ error: passwordValidation.error, code: 'VALIDATION_ERROR' }, { status: 400 });
+        }
+        // Reset password
+        const result = await resetPassword(token, password);
+        if (!result.success) {
+            const code = result.error?.includes('expired') ? 'TOKEN_EXPIRED' : 'INVALID_TOKEN';
+            return NextResponse.json({ error: result.error, code }, { status: 400 });
+        }
+        return NextResponse.json({
+            success: true,
+            message: 'Password reset successfully. You can now sign in with your new password.',
+        });
+    }
+    catch (error) {
+        console.error('[Auth Reset Password] Error:', error);
+        return NextResponse.json({ error: 'Failed to reset password. Please try again.', code: 'VALIDATION_ERROR' }, { status: 500 });
+    }
+}
+//# sourceMappingURL=reset-password.js.map

package/dist/auth/api/reset-password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reset-password.js","sourceRoot":"","sources":["../../../src/auth/api/reset-password.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAA;AACpF,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAarD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,KAAK,UAAU,GAAG,CAAC,OAAgB;IACxC,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC7C,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAEvC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAClD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAA;QAE9C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,EACrC,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;IAC3C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAA;QAC/D,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,6CAA6C,EAAE,EACtE,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAAgB;IACzC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;QACjC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAA;QAEhC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,yBAAyB,EAAE,IAAI,EAAE,eAAe,EAAE,EAC3D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,0BAA0B,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAC/D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,6BAA6B;QAC7B,MAAM,kBAAkB,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAA;QACrD,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;YAC9B,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,kBAAkB,CAAC,KAAM,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAC9D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,iBAAiB;QACjB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;QAEnD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAA;YAClF,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,MAAM,CAAC,KAAM,EAAE,IAAI,EAAE,EAC9B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,0EAA0E;SACpF,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAA;QACpD,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,6CAA6C,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAClF,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;IACH,CAAC;AACH,CAAC"}

package/dist/auth/api/verify-email.d.ts

@@ -0,0 +1,47 @@
+/**
+ * @rovela/sdk/auth/api/verify-email
+ *
+ * Email verification API route handler.
+ */
+import { NextResponse } from 'next/server';
+import type { VerifyEmailResponse, AuthApiError } from '../types';
+/**
+ * GET handler for email verification.
+ * Verifies the token from the email link.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/verify-email/route.ts
+ * export { GET } from '@rovela/sdk/auth/api'
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Request: GET /api/auth/verify-email?token=abc123
+ *
+ * // Success response (200)
+ * {
+ *   "success": true,
+ *   "message": "Email verified successfully. You can now sign in."
+ * }
+ *
+ * // Error response (400)
+ * {
+ *   "error": "Invalid or expired verification link",
+ *   "code": "INVALID_TOKEN" | "TOKEN_EXPIRED"
+ * }
+ * ```
+ */
+export declare function GET(request: Request): Promise<NextResponse<VerifyEmailResponse | AuthApiError>>;
+/**
+ * POST handler for email verification.
+ * Alternative to GET for clients that prefer POST.
+ *
+ * @example
+ * ```typescript
+ * // Request body
+ * { "token": "abc123" }
+ * ```
+ */
+export declare function POST(request: Request): Promise<NextResponse<VerifyEmailResponse | AuthApiError>>;
+//# sourceMappingURL=verify-email.d.ts.map

package/dist/auth/api/verify-email.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-email.d.ts","sourceRoot":"","sources":["../../../src/auth/api/verify-email.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAE1C,OAAO,KAAK,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAEjE;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,mBAAmB,GAAG,YAAY,CAAC,CAAC,CAkCrG;AAED;;;;;;;;;GASG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,mBAAmB,GAAG,YAAY,CAAC,CAAC,CAiCtG"}

package/dist/auth/api/verify-email.js

@@ -0,0 +1,90 @@
+/**
+ * @rovela/sdk/auth/api/verify-email
+ *
+ * Email verification API route handler.
+ */
+import { NextResponse } from 'next/server';
+import { verifyEmail } from '../server/verification-service';
+/**
+ * GET handler for email verification.
+ * Verifies the token from the email link.
+ *
+ * @example
+ * ```typescript
+ * // app/api/auth/verify-email/route.ts
+ * export { GET } from '@rovela/sdk/auth/api'
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Request: GET /api/auth/verify-email?token=abc123
+ *
+ * // Success response (200)
+ * {
+ *   "success": true,
+ *   "message": "Email verified successfully. You can now sign in."
+ * }
+ *
+ * // Error response (400)
+ * {
+ *   "error": "Invalid or expired verification link",
+ *   "code": "INVALID_TOKEN" | "TOKEN_EXPIRED"
+ * }
+ * ```
+ */
+export async function GET(request) {
+    try {
+        const { searchParams } = new URL(request.url);
+        const token = searchParams.get('token');
+        if (!token) {
+            return NextResponse.json({ error: 'Verification token is required', code: 'INVALID_TOKEN' }, { status: 400 });
+        }
+        const result = await verifyEmail(token);
+        if (!result.success) {
+            // Determine error code based on message
+            const code = result.error?.includes('expired') ? 'TOKEN_EXPIRED' : 'INVALID_TOKEN';
+            return NextResponse.json({ error: result.error, code }, { status: 400 });
+        }
+        return NextResponse.json({
+            success: true,
+            message: 'Email verified successfully. You can now sign in.',
+        });
+    }
+    catch (error) {
+        console.error('[Auth Verify Email] Error:', error);
+        return NextResponse.json({ error: 'Failed to verify email. Please try again.', code: 'INVALID_TOKEN' }, { status: 500 });
+    }
+}
+/**
+ * POST handler for email verification.
+ * Alternative to GET for clients that prefer POST.
+ *
+ * @example
+ * ```typescript
+ * // Request body
+ * { "token": "abc123" }
+ * ```
+ */
+export async function POST(request) {
+    try {
+        const body = await request.json();
+        const token = body.token;
+        if (!token) {
+            return NextResponse.json({ error: 'Verification token is required', code: 'INVALID_TOKEN' }, { status: 400 });
+        }
+        const result = await verifyEmail(token);
+        if (!result.success) {
+            const code = result.error?.includes('expired') ? 'TOKEN_EXPIRED' : 'INVALID_TOKEN';
+            return NextResponse.json({ error: result.error, code }, { status: 400 });
+        }
+        return NextResponse.json({
+            success: true,
+            message: 'Email verified successfully. You can now sign in.',
+        });
+    }
+    catch (error) {
+        console.error('[Auth Verify Email] Error:', error);
+        return NextResponse.json({ error: 'Failed to verify email. Please try again.', code: 'INVALID_TOKEN' }, { status: 500 });
+    }
+}
+//# sourceMappingURL=verify-email.js.map

package/dist/auth/api/verify-email.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-email.js","sourceRoot":"","sources":["../../../src/auth/api/verify-email.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAA;AAG5D;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,CAAC,KAAK,UAAU,GAAG,CAAC,OAAgB;IACxC,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC7C,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAEvC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,gCAAgC,EAAE,IAAI,EAAE,eAAe,EAAE,EAClE,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,CAAA;QAEvC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,wCAAwC;YACxC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAA;YAClF,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,MAAM,CAAC,KAAM,EAAE,IAAI,EAAE,EAC9B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAA;QAClD,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,2CAA2C,EAAE,IAAI,EAAE,eAAe,EAAE,EAC7E,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAAgB;IACzC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAA;QAExB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,gCAAgC,EAAE,IAAI,EAAE,eAAe,EAAE,EAClE,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,CAAA;QAEvC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAA;YAClF,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,MAAM,CAAC,KAAM,EAAE,IAAI,EAAE,EAC9B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;QACH,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC;YACvB,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,mDAAmD;SAC7D,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAA;QAClD,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,2CAA2C,EAAE,IAAI,EAAE,eAAe,EAAE,EAC7E,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;IACH,CAAC;AACH,CAAC"}

package/dist/auth/components/AuthGuard.d.ts

@@ -0,0 +1,52 @@
+import type { AuthGuardProps } from '../types';
+/**
+ * Guard component that protects routes requiring authentication.
+ *
+ * @example
+ * ```tsx
+ * // Basic usage - redirect to signin if not authenticated
+ * <AuthGuard>
+ *   <AccountPage />
+ * </AuthGuard>
+ *
+ * // With custom redirect
+ * <AuthGuard redirectTo="/login">
+ *   <ProtectedContent />
+ * </AuthGuard>
+ *
+ * // With fallback component
+ * <AuthGuard fallback={<div>Please sign in to continue</div>}>
+ *   <ProtectedContent />
+ * </AuthGuard>
+ *
+ * // Require verified email
+ * <AuthGuard requireVerified>
+ *   <OrderHistory />
+ * </AuthGuard>
+ * ```
+ */
+export declare function AuthGuard({ children, fallback, redirectTo, requireVerified, loadingComponent, }: AuthGuardProps): import("react/jsx-runtime").JSX.Element | null;
+/**
+ * HOC version of AuthGuard for wrapping page components.
+ *
+ * @example
+ * ```tsx
+ * // pages/account.tsx
+ * function AccountPage() {
+ *   return <div>Account content</div>
+ * }
+ *
+ * export default withAuth(AccountPage)
+ *
+ * // With options
+ * export default withAuth(AccountPage, {
+ *   redirectTo: '/login',
+ *   requireVerified: true,
+ * })
+ * ```
+ */
+export declare function withAuth<P extends object>(Component: React.ComponentType<P>, options?: Omit<AuthGuardProps, 'children'>): {
+    (props: P): import("react/jsx-runtime").JSX.Element;
+    displayName: string;
+};
+//# sourceMappingURL=AuthGuard.d.ts.map