hazo_auth 0.1.0

package/src/lib/services/user_update_service.ts

@@ -0,0 +1,128 @@
+// file_description: service for updating user profile information using hazo_connect
+// section: imports
+import type { HazoConnectAdapter } from "hazo_connect";
+import { createCrudService } from "hazo_connect/server";
+import { map_ui_source_to_db, type ProfilePictureSourceUI } from "./profile_picture_source_mapper";
+
+// section: types
+export type UserUpdateData = {
+  name?: string;
+  email?: string;
+  profile_picture_url?: string;
+  profile_source?: ProfilePictureSourceUI;
+};
+
+export type UserUpdateResult = {
+  success: boolean;
+  email_changed?: boolean;
+  error?: string;
+};
+
+// section: helpers
+/**
+ * Updates user profile information (name, email)
+ * If email is changed, sets email_verified to false
+ * @param adapter - The hazo_connect adapter instance
+ * @param user_id - The user ID to update
+ * @param data - User update data (name, email)
+ * @returns User update result with success status, email_changed flag, or error
+ */
+export async function update_user_profile(
+  adapter: HazoConnectAdapter,
+  user_id: string,
+  data: UserUpdateData,
+): Promise<UserUpdateResult> {
+  try {
+    const { name, email } = data;
+
+    // Create CRUD service for hazo_users table
+    const users_service = createCrudService(adapter, "hazo_users");
+
+    // Get current user data
+    const users = await users_service.findBy({
+      id: user_id,
+    });
+
+    if (!Array.isArray(users) || users.length === 0) {
+      return {
+        success: false,
+        error: "User not found",
+      };
+    }
+
+    const current_user = users[0];
+    const current_email = current_user.email_address as string;
+    const email_changed = email !== undefined && email !== current_email;
+
+    // If email is being changed, check if new email already exists
+    if (email_changed) {
+      const existing_users = await users_service.findBy({
+        email_address: email,
+      });
+
+      if (Array.isArray(existing_users) && existing_users.length > 0) {
+        // Check if it's the same user
+        const existing_user = existing_users[0];
+        if (existing_user.id !== user_id) {
+          return {
+            success: false,
+            error: "Email address already registered",
+          };
+        }
+      }
+
+      // Validate email format
+      const email_regex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+      if (!email_regex.test(email)) {
+        return {
+          success: false,
+          error: "Invalid email address format",
+        };
+      }
+    }
+
+    // Prepare update data
+    const update_data: Record<string, unknown> = {
+      changed_at: new Date().toISOString(),
+    };
+
+    if (name !== undefined) {
+      update_data.name = name;
+    }
+
+    if (email !== undefined) {
+      update_data.email_address = email;
+    }
+
+    if (data.profile_picture_url !== undefined) {
+      update_data.profile_picture_url = data.profile_picture_url;
+    }
+
+    if (data.profile_source !== undefined) {
+      // Map UI source value to database enum value
+      update_data.profile_source = map_ui_source_to_db(data.profile_source);
+    }
+
+    // If email changed, set email_verified to false
+    if (email_changed) {
+      update_data.email_verified = false;
+    }
+
+    // Update user in database
+    await users_service.updateById(user_id, update_data);
+
+    return {
+      success: true,
+      email_changed,
+    };
+  } catch (error) {
+    const error_message =
+      error instanceof Error ? error.message : "Unknown error";
+
+    return {
+      success: false,
+      error: error_message,
+    };
+  }
+}
+

package/src/lib/ui_sizes_config.server.ts

@@ -0,0 +1,37 @@
+// file_description: server-only helper to read UI size configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_number } from "./config/config_loader.server";
+
+// section: types
+export type UISizesConfig = {
+  gravatar_size: number;
+  profile_picture_size: number;
+  tooltip_icon_size_default: number;
+  tooltip_icon_size_small: number;
+  library_photo_grid_columns: number;
+  library_photo_preview_size: number;
+  image_compression_max_dimension: number;
+  upload_file_hard_limit_bytes: number;
+};
+
+// section: helpers
+/**
+ * Reads UI size configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns UI sizes configuration options
+ */
+export function get_ui_sizes_config(): UISizesConfig {
+  const section = "hazo_auth__ui_sizes";
+
+  return {
+    gravatar_size: get_config_number(section, "gravatar_size", 200),
+    profile_picture_size: get_config_number(section, "profile_picture_size", 200),
+    tooltip_icon_size_default: get_config_number(section, "tooltip_icon_size_default", 16),
+    tooltip_icon_size_small: get_config_number(section, "tooltip_icon_size_small", 14),
+    library_photo_grid_columns: get_config_number(section, "library_photo_grid_columns", 4),
+    library_photo_preview_size: get_config_number(section, "library_photo_preview_size", 200),
+    image_compression_max_dimension: get_config_number(section, "image_compression_max_dimension", 200),
+    upload_file_hard_limit_bytes: get_config_number(section, "upload_file_hard_limit_bytes", 10485760), // 10MB
+  };
+}
+

package/src/lib/user_fields_config.server.ts

@@ -0,0 +1,31 @@
+// file_description: server-only helper to read shared user fields configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_boolean } from "./config/config_loader.server";
+
+// section: types
+export type UserFieldsConfig = {
+  show_name_field: boolean;
+  show_email_field: boolean;
+  show_password_field: boolean;
+};
+
+// section: helpers
+/**
+ * Reads shared user fields configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * This configuration is used by register and my_settings layouts
+ * @returns User fields configuration options
+ */
+export function get_user_fields_config(): UserFieldsConfig {
+  // Read field visibility with defaults (all true by default)
+  const show_name_field = get_config_boolean("hazo_auth__user_fields", "show_name_field", true);
+  const show_email_field = get_config_boolean("hazo_auth__user_fields", "show_email_field", true);
+  const show_password_field = get_config_boolean("hazo_auth__user_fields", "show_password_field", true);
+
+  return {
+    show_name_field,
+    show_email_field,
+    show_password_field,
+  };
+}
+

package/src/lib/utils/api_route_helpers.ts

@@ -0,0 +1,60 @@
+// file_description: shared helper functions for API routes to get filename and line number
+// section: helpers
+/**
+ * Gets the filename from the call stack
+ * This is a simplified version that extracts the filename from the error stack
+ * @returns Filename or "route.ts" as default
+ */
+export function get_filename(): string {
+  try {
+    const stack = new Error().stack;
+    if (!stack) {
+      return "route.ts";
+    }
+
+    // Parse stack trace to find the caller's file
+    const lines = stack.split("\n");
+    // Skip Error line and get_filename line, get the actual caller
+    for (let i = 2; i < lines.length; i++) {
+      const line = lines[i];
+      // Match file paths in stack trace (e.g., "at /path/to/file.ts:123:45")
+      const match = line.match(/([^/\\]+\.tsx?):(\d+):(\d+)/);
+      if (match) {
+        return match[1];
+      }
+    }
+    return "route.ts";
+  } catch {
+    return "route.ts";
+  }
+}
+
+/**
+ * Gets the line number from the call stack
+ * This is a simplified version that extracts the line number from the error stack
+ * @returns Line number or 0
+ */
+export function get_line_number(): number {
+  try {
+    const stack = new Error().stack;
+    if (!stack) {
+      return 0;
+    }
+
+    // Parse stack trace to find the caller's line number
+    const lines = stack.split("\n");
+    // Skip Error line and get_line_number line, get the actual caller
+    for (let i = 2; i < lines.length; i++) {
+      const line = lines[i];
+      // Match line numbers in stack trace (e.g., "at /path/to/file.ts:123:45")
+      const match = line.match(/([^/\\]+\.tsx?):(\d+):(\d+)/);
+      if (match) {
+        return parseInt(match[2], 10) || 0;
+      }
+    }
+    return 0;
+  } catch {
+    return 0;
+  }
+}
+

package/src/lib/utils.ts

@@ -0,0 +1,11 @@
+// file_description: provide shared utility helpers for the ui_component project
+import { clsx, type ClassValue } from "clsx";
+import { twMerge } from "tailwind-merge";
+
+// section: tailwind_merge_helper
+export function merge_class_names(...inputs: ClassValue[]) {
+  return twMerge(clsx(inputs));
+}
+
+// section: shadcn_compatibility_helper
+export const cn = (...inputs: ClassValue[]) => merge_class_names(...inputs);

package/src/middleware.ts

@@ -0,0 +1,91 @@
+// file_description: Next.js middleware for protecting routes based on authentication
+// Note: Middleware runs in Edge Runtime, so it cannot use Node.js APIs (like SQLite)
+// This middleware only checks for cookies - actual database validation happens in API routes
+// section: imports
+import { NextResponse } from "next/server";
+import type { NextRequest } from "next/server";
+
+// section: helpers
+/**
+ * Checks if authentication cookies exist (lightweight check for Edge Runtime)
+ * Does not validate against database - that happens in API routes
+ * @param request - NextRequest object
+ * @returns true if cookies exist, false otherwise
+ */
+function has_auth_cookies(request: NextRequest): boolean {
+  const user_id = request.cookies.get("hazo_auth_user_id")?.value;
+  const user_email = request.cookies.get("hazo_auth_user_email")?.value;
+  
+  return !!(user_id && user_email);
+}
+
+// section: middleware
+/**
+ * Next.js middleware function that runs on every request
+ * Protects routes by checking for authentication cookies
+ * 
+ * Note: This middleware runs in Edge Runtime and cannot access Node.js APIs (like SQLite)
+ * It only checks if cookies exist - actual database validation happens in API routes
+ * 
+ * Public routes (login, register, etc.) are allowed without authentication
+ * Protected routes require authentication cookies and redirect to login if not present
+ */
+export async function middleware(request: NextRequest) {
+  const pathname = request.nextUrl.pathname;
+
+  // Public routes that don't require authentication
+  const public_routes = [
+    "/login",
+    "/register",
+    "/forgot_password",
+    "/reset_password",
+    "/verify_email",
+    "/api/auth/login",
+    "/api/auth/register",
+    "/api/auth/forgot_password",
+    "/api/auth/reset_password",
+    "/api/auth/verify_email",
+    "/api/auth/validate_reset_token",
+    "/api/auth/me", // Allow /api/auth/me to be public (returns authenticated: false if not logged in)
+  ];
+
+  // Check if route is public
+  const is_public_route = public_routes.some((route) => 
+    pathname.startsWith(route)
+  );
+
+  // Allow public routes
+  if (is_public_route) {
+    return NextResponse.next();
+  }
+
+  // Check if authentication cookies exist (lightweight check)
+  // Note: This doesn't validate against database - API routes will do that
+  const has_cookies = has_auth_cookies(request);
+
+  if (!has_cookies) {
+    // Redirect to login if no cookies (not authenticated)
+    const login_url = new URL("/login", request.url);
+    login_url.searchParams.set("redirect", pathname);
+    return NextResponse.redirect(login_url);
+  }
+
+  // Allow requests with cookies (actual validation happens in API routes)
+  return NextResponse.next();
+}
+
+// section: config
+export const config = {
+  matcher: [
+    /*
+     * Match all request paths except for the ones starting with:
+     * - _next/static (static files)
+     * - _next/image (image optimization files)
+     * - favicon.ico (favicon file)
+     * - public (public files)
+     * - api/auth/me (public endpoint)
+     */
+    "/((?!_next/static|_next/image|favicon.ico|public).*)",
+  ],
+};
+