@rpcbase/auth 0.59.0 → 0.60.0

package/dist/api/resend-otp/handler.d.ts

@@ -0,0 +1,5 @@
+import { Api } from '../../../../api/src';
+import { AuthSessionUser } from '../../types';
+declare const _default: (api: Api<AuthSessionUser>) => void;
+export default _default;
+//# sourceMappingURL=handler.d.ts.map

package/dist/api/resend-otp/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/resend-otp/handler.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;AAInD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;yBAqDlC,KAAK,GAAG,CAAC,eAAe,CAAC;AAAzC,wBAEC"}

package/dist/api/resend-otp/index.d.ts

@@ -0,0 +1,12 @@
+import { z } from '../../../../vite/node_modules/zod';
+export declare const Route = "/api/rb/auth/resend-otp";
+export declare const requestSchema: z.ZodObject<{
+    email: z.ZodString;
+}, z.core.$strip>;
+export type RequestPayload = z.infer<typeof requestSchema>;
+export declare const responseSchema: z.ZodObject<{
+    success: z.ZodBoolean;
+    error: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type ResponsePayload = z.infer<typeof responseSchema>;
+//# sourceMappingURL=index.d.ts.map

package/dist/api/resend-otp/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/resend-otp/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAGvB,eAAO,MAAM,KAAK,4BAA4B,CAAA;AAE9C,eAAO,MAAM,aAAa;;iBAExB,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAA;AAE1D,eAAO,MAAM,cAAc;;;iBAGzB,CAAA;AAEF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAA"}

package/dist/components/SignInForm/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/SignInForm/index.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAAY,MAAM,OAAO,CAAA;AAW1C,eAAO,MAAM,UAAU,GAAI,yBAGxB;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,4CA6CA,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/SignInForm/index.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,OAAO,CAAA;AA6CjC,eAAO,MAAM,UAAU,GAAI,yBAGxB;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,4CAuDA,CAAA"}

package/dist/components/SignUpForm/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/SignUpForm/index.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAAsB,MAAM,OAAO,CAAA;AAYpD,eAAO,MAAM,UAAU,GAAI,sCAIxB;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,4CA8EA,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/SignUpForm/index.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAAW,MAAM,OAAO,CAAA;AAYzC,eAAO,MAAM,UAAU,GAAI,sCAIxB;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,4CAuEA,CAAA"}

package/dist/handler-BxA7Jhrs.js

@@ -0,0 +1,51 @@
+import crypto from "crypto";
+import { loadModel } from "@rpcbase/db";
+import { sendEmail } from "@rpcbase/server";
+import { o as object, s as string, b as boolean } from "./schemas-KL7REOdt.js";
+const Route = "/api/rb/auth/resend-otp";
+const requestSchema = object({
+  email: string().email()
+});
+object({
+  success: boolean(),
+  error: string().optional()
+});
+const resendOtp = async (payload, ctx) => {
+  const User = await loadModel("RBUser", ctx);
+  const parsed = requestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return { success: false, error: "invalid_payload" };
+  }
+  const { email } = parsed.data;
+  const user = await User.findOne({ email });
+  if (!user) {
+    ctx.res.status(404);
+    return { success: false, error: "user_not_found" };
+  }
+  const emailVerificationCode = crypto.randomInt(0, 1e6).toString().padStart(6, "0");
+  const emailVerificationExpiresAt = new Date(Date.now() + 10 * 60 * 1e3);
+  user.email_verification_code = emailVerificationCode;
+  user.email_verification_expires_at = emailVerificationExpiresAt;
+  await user.save();
+  try {
+    await sendEmail({
+      to: email,
+      subject: `Your verification code: ${emailVerificationCode}`,
+      html: `
+        <p>Your verification code is <strong>${emailVerificationCode}</strong>. It expires in 10 minutes.</p>
+        <p>If you didn't request this, you can ignore this message.</p>
+      `,
+      text: `Your verification code is ${emailVerificationCode}. It expires in 10 minutes. If you didn't request this, you can ignore this message.`
+    });
+  } catch (err) {
+    console.warn("failed to resend otp email", err);
+  }
+  return { success: true };
+};
+const handler = (api) => {
+  api.post(Route, resendOtp);
+};
+export {
+  handler as default
+};

package/dist/index.js

@@ -1,10 +1,10 @@
 import { jsxs, jsx, Fragment } from "react/jsx-runtime";
-import { useLocation, Link, useNavigate } from "@rpcbase/router";
+import { useLocation, Link, useNavigate, useSearchParams } from "@rpcbase/router";
 import clsx from "clsx";
 import { useFormContext, useForm, zodResolver, FormProvider } from "@rpcbase/form";
-import * as React from "react";
-import { useEffect, useState, useCallback, useMemo } from "react";
 import { r as requestSchema } from "./index-Bdcryyvv.js";
+import * as React from "react";
+import { useState, useEffect, useCallback, useMemo } from "react";
 import { r as requestSchema$1 } from "./index-DwX0Y2YV.js";
 import { b, a, r } from "./middleware-BiMXO6Dq.js";
 const LINKS_REDIRECTION_MAP = {
@@ -108,10 +108,40 @@ const EmailInput = ({
     errorMessage ? /* @__PURE__ */ jsx("p", { className: "mt-1 -mb-2 text-sm/6 text-red-500", children: errorMessage }) : null
   ] });
 };
+const hasUnsafeNextPathChars = (value) => {
+  for (let i = 0; i < value.length; i++) {
+    const code = value.charCodeAt(i);
+    if (code === 92 || code <= 31 || code === 127) return true;
+  }
+  return false;
+};
+const sanitizeNextPath = (raw) => {
+  if (!raw) return null;
+  const nextPath = raw.trim();
+  if (!nextPath) return null;
+  if (!nextPath.startsWith("/") || nextPath.startsWith("//")) {
+    return null;
+  }
+  if (hasUnsafeNextPathChars(nextPath)) {
+    return null;
+  }
+  try {
+    const base = new URL("http://localhost");
+    const url = new URL(nextPath, base);
+    if (url.origin !== base.origin) {
+      return null;
+    }
+    return `${url.pathname}${url.search}${url.hash}`;
+  } catch {
+    return null;
+  }
+};
 const SignInForm = ({
   children,
   className
 }) => {
+  const navigate = useNavigate();
+  const [searchParams] = useSearchParams();
   const methods = useForm({
     defaultValues: {
       email: "",
@@ -121,28 +151,32 @@ const SignInForm = ({
     resolver: zodResolver(requestSchema)
   });
   const onSubmit = async (data) => {
-    console.log("SUBMIT SIGNIN", data);
+    methods.clearErrors("root");
     try {
       const res = await fetch("/api/rb/auth/sign-in", {
         method: "POST",
         headers: {
           "Content-Type": "application/json"
         },
-        body: JSON.stringify(data)
+        body: JSON.stringify(data),
+        credentials: "include"
       });
-      const json = await res.json();
-      console.log("SIGN IN RESPONSE", json);
-      if (!res.ok) {
-        console.error("Sign-in failed", json);
+      const json = await res.json().catch(() => null);
+      if (!res.ok || !json?.success) {
+        const message = json?.error === "invalid_credentials" ? "Invalid email or password." : "Sign-in failed. Please try again.";
+        methods.setError("root", { type: "server", message });
+        return;
       }
+      const nextPath = sanitizeNextPath(searchParams.get("next")) ?? "/";
+      navigate(nextPath, { replace: true });
     } catch (err) {
-      console.error("Sign-in request error", err);
+      methods.setError("root", { type: "server", message: "Network error. Please try again." });
     }
   };
-  useEffect(() => {
-    console.log(methods.formState.errors);
-  }, [methods.formState.errors]);
-  return /* @__PURE__ */ jsx(FormProvider, { ...methods, children: /* @__PURE__ */ jsx("form", { method: "post", noValidate: true, className, onSubmit: methods.handleSubmit(onSubmit), children }) });
+  return /* @__PURE__ */ jsx(FormProvider, { ...methods, children: /* @__PURE__ */ jsxs("form", { method: "post", noValidate: true, className, onSubmit: methods.handleSubmit(onSubmit), children: [
+    children,
+    methods.formState.errors.root?.message && /* @__PURE__ */ jsx("p", { className: "mt-2 text-sm text-red-600", role: "alert", children: methods.formState.errors.root.message })
+  ] }) });
 };
 const SignUpForm = ({
   children,
@@ -162,19 +196,17 @@ const SignUpForm = ({
   const onSubmit = async (data) => {
     setServerMessage(null);
     methods.clearErrors("root");
-    console.log("SUBMIT SIGNUp", data);
     try {
       const res = await fetch("/api/rb/auth/sign-up", {
         method: "POST",
         headers: {
           "Content-Type": "application/json"
         },
-        body: JSON.stringify(data)
+        body: JSON.stringify(data),
+        credentials: "include"
       });
       const json = await res.json();
-      console.log("SIGN UP RESPONSE", json);
       if (!res.ok) {
-        console.error("Sign-up failed", json);
         const message = json.error === "user_exists" ? "An account already exists with this email." : "Sign-up failed. Please try again.";
         methods.setError("root", { type: "server", message });
         return;
@@ -190,13 +222,9 @@ const SignUpForm = ({
       navigate(`/auth/sign-up-otp?${search.toString()}`);
       setServerMessage("Account created. Check your inbox to verify your email.");
     } catch (err) {
-      console.error("Sign-up request error", err);
       methods.setError("root", { type: "server", message: "Network error. Please try again." });
     }
   };
-  useEffect(() => {
-    console.log(methods.formState.errors);
-  }, [methods.formState.errors]);
   return /* @__PURE__ */ jsx(FormProvider, { ...methods, children: /* @__PURE__ */ jsxs("form", { method: "post", noValidate: true, className, onSubmit: methods.handleSubmit(onSubmit), children: [
     children,
     methods.formState.errors.root?.message && /* @__PURE__ */ jsx("p", { className: "mt-2 text-sm text-red-600", role: "alert", children: methods.formState.errors.root.message }),
@@ -326,13 +354,13 @@ const useResendCountdown = (seconds = 60) => {
       setRemaining((prev) => {
         if (prev <= 1) {
           setIsCountingDown(false);
-          return 0;
+          return seconds;
         }
         return prev - 1;
       });
     }, 1e3);
     return () => clearInterval(timer);
-  }, [isCountingDown]);
+  }, [isCountingDown, seconds]);
   const restart = useCallback((nextSeconds) => {
     const value = typeof nextSeconds === "number" ? nextSeconds : seconds;
     setRemaining(value);
@@ -343,7 +371,7 @@ const useResendCountdown = (seconds = 60) => {
     const secs = remaining % 60;
     return `${minutes}:${secs.toString().padStart(2, "0")}`;
   }, [remaining]);
-  const canResend = !isCountingDown && remaining === 0;
+  const canResend = !isCountingDown;
   return { remaining, formatted, isCountingDown, canResend, restart };
 };
 const ResendCodeButton = ({

package/dist/routes.js

@@ -1,5 +1,5 @@
 const routes = Object.entries({
-  .../* @__PURE__ */ Object.assign({ "./api/me/handler.ts": () => import("./handler-C9aNvw-Q.js"), "./api/sign-in/handler.ts": () => import("./handler-ByODvDJo.js"), "./api/sign-out/handler.ts": () => import("./handler-CNHucHrj.js"), "./api/sign-up/handler.ts": () => import("./handler-DgTUP3cD.js"), "./api/verify-otp/handler.ts": () => import("./handler-49961uAb.js") })
+  .../* @__PURE__ */ Object.assign({ "./api/me/handler.ts": () => import("./handler-C9aNvw-Q.js"), "./api/resend-otp/handler.ts": () => import("./handler-BxA7Jhrs.js"), "./api/sign-in/handler.ts": () => import("./handler-ByODvDJo.js"), "./api/sign-out/handler.ts": () => import("./handler-CNHucHrj.js"), "./api/sign-up/handler.ts": () => import("./handler-DgTUP3cD.js"), "./api/verify-otp/handler.ts": () => import("./handler-49961uAb.js") })
 }).reduce((acc, [path, mod]) => {
   acc[path.replace("./api/", "@rpcbase/auth/api/")] = mod;
   return acc;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rpcbase/auth",
-  "version": "0.59.0",
+  "version": "0.60.0",
   "type": "module",
   "files": [
     "dist",