hazo_auth 0.1.0

package/src/app/api/auth/login/route.ts

@@ -0,0 +1,155 @@
+// file_description: API route for user login authentication using hazo_connect
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { create_app_logger } from "@/lib/app_logger";
+import { authenticate_user } from "@/lib/services/login_service";
+import { createCrudService } from "hazo_connect/server";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+
+// section: api_handler
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+
+  try {
+    const body = await request.json();
+    const { email, password } = body;
+
+    // Validate input
+    if (!email || !password) {
+      logger.warn("login_validation_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        email: email || "missing",
+        has_password: !!password,
+      });
+
+      return NextResponse.json(
+        { error: "Email and password are required" },
+        { status: 400 }
+      );
+    }
+
+    // Validate email format
+    const email_pattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    if (!email_pattern.test(email)) {
+      logger.warn("login_invalid_email", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        email,
+      });
+
+      return NextResponse.json(
+        { error: "Invalid email address format" },
+        { status: 400 }
+      );
+    }
+
+    // Get singleton hazo_connect instance (reuses same connection across all routes)
+    const hazoConnect = get_hazo_connect_instance();
+
+    // Authenticate user using the login service
+    const result = await authenticate_user(hazoConnect, {
+      email,
+      password,
+    });
+
+    if (!result.success) {
+      const status_code = result.error === "Invalid email or password" ? 401 : 500;
+
+      logger.warn("login_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        email,
+        error: result.error,
+        email_not_verified: result.email_not_verified || false,
+      });
+
+      return NextResponse.json(
+        {
+          error: result.error || "Login failed",
+          email_not_verified: result.email_not_verified || false,
+        },
+        { status: status_code }
+      );
+    }
+
+    // TypeScript assertion: user_id is guaranteed to be present when success is true
+    // However, we need to check it to satisfy TypeScript's type checking
+    if (!result.user_id) {
+      logger.error("login_user_id_missing", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        email,
+        note: "Login succeeded but user_id is missing - this should not happen",
+      });
+      return NextResponse.json(
+        { error: "Login failed - user ID not found" },
+        { status: 500 }
+      );
+    }
+
+    const user_id = result.user_id;
+
+    logger.info("login_successful", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id: user_id,
+      email,
+    });
+
+    // Reuse the existing hazoConnect instance from above
+    const users_service = createCrudService(hazoConnect, "hazo_users");
+    const users = await users_service.findBy({
+      id: user_id,
+    });
+    const user = users && users.length > 0 ? users[0] : null;
+    const user_name = user?.name as string | undefined;
+
+    // Create response with cookies
+    const response = NextResponse.json(
+      {
+        success: true,
+        message: "Login successful",
+        user_id: user_id,
+        email,
+        name: user_name,
+      },
+      { status: 200 }
+    );
+
+    // Set authentication cookies
+    response.cookies.set("hazo_auth_user_id", user_id, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "lax",
+      path: "/",
+      maxAge: 60 * 60 * 24 * 30, // 30 days
+    });
+    response.cookies.set("hazo_auth_user_email", email, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "lax",
+      path: "/",
+      maxAge: 60 * 60 * 24 * 30, // 30 days
+    });
+
+    return response;
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+
+    logger.error("login_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+
+    return NextResponse.json(
+      { error: "Login failed. Please try again." },
+      { status: 500 }
+    );
+  }
+}
+

package/src/app/api/auth/logout/route.ts

@@ -0,0 +1,62 @@
+// file_description: API route for user logout
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { create_app_logger } from "@/lib/app_logger";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+
+// section: api_handler
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+
+  try {
+    // Get user info from cookie before clearing
+    const user_email = request.cookies.get("hazo_auth_user_email")?.value;
+    const user_id = request.cookies.get("hazo_auth_user_id")?.value;
+
+    // Clear authentication cookies
+    const response = NextResponse.json(
+      {
+        success: true,
+        message: "Logout successful",
+      },
+      { status: 200 }
+    );
+
+    // Clear cookies by setting them to expire in the past
+    response.cookies.set("hazo_auth_user_email", "", {
+      expires: new Date(0),
+      path: "/",
+    });
+    response.cookies.set("hazo_auth_user_id", "", {
+      expires: new Date(0),
+      path: "/",
+    });
+
+    if (user_email || user_id) {
+      logger.info("logout_successful", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id: user_id || "unknown",
+        email: user_email || "unknown",
+      });
+    }
+
+    return response;
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+
+    logger.error("logout_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+
+    return NextResponse.json(
+      { error: "Logout failed. Please try again." },
+      { status: 500 }
+    );
+  }
+}
+

package/src/app/api/auth/me/route.ts

@@ -0,0 +1,47 @@
+// file_description: API route to get current authenticated user information
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_authenticated_user_with_response } from "@/lib/auth/auth_utils.server";
+
+// section: api_handler
+export async function GET(request: NextRequest) {
+  try {
+    // Use centralized auth utility
+    const { auth_result, response } = await get_authenticated_user_with_response(request);
+
+    // If response is provided, it means cookies were cleared (invalid auth)
+    if (response) {
+      return response;
+    }
+
+    // If not authenticated, return false
+    if (!auth_result.authenticated) {
+      return NextResponse.json(
+        { authenticated: false },
+        { status: 200 }
+      );
+    }
+
+    // Return user info
+    return NextResponse.json(
+      {
+        authenticated: true,
+        user_id: auth_result.user_id,
+        email: auth_result.email,
+        name: auth_result.name,
+        email_verified: auth_result.email_verified,
+        last_logon: auth_result.last_logon,
+        profile_picture_url: auth_result.profile_picture_url,
+        profile_source: auth_result.profile_source,
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    // On error, assume not authenticated
+    return NextResponse.json(
+      { authenticated: false },
+      { status: 200 }
+    );
+  }
+}
+

package/src/app/api/auth/profile_picture/[filename]/route.ts

@@ -0,0 +1,67 @@
+// file_description: API route to serve uploaded profile pictures
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_profile_picture_config } from "@/lib/profile_picture_config.server";
+import fs from "fs";
+import path from "path";
+
+// section: api_handler
+export async function GET(
+  request: NextRequest,
+  { params }: { params: { filename: string } }
+) {
+  try {
+    const config = get_profile_picture_config();
+
+    if (!config.allow_photo_upload || !config.upload_photo_path) {
+      return NextResponse.json(
+        { error: "Profile picture upload is not enabled" },
+        { status: 404 }
+      );
+    }
+
+    const filename = params.filename;
+
+    // Validate filename (prevent path traversal)
+    if (filename.includes("..") || filename.includes("/") || filename.includes("\\")) {
+      return NextResponse.json(
+        { error: "Invalid filename" },
+        { status: 400 }
+      );
+    }
+
+    // Resolve upload path
+    const uploadPath = path.isAbsolute(config.upload_photo_path)
+      ? config.upload_photo_path
+      : path.resolve(process.cwd(), config.upload_photo_path);
+
+    const filePath = path.join(uploadPath, filename);
+
+    // Check if file exists
+    if (!fs.existsSync(filePath)) {
+      return NextResponse.json(
+        { error: "File not found" },
+        { status: 404 }
+      );
+    }
+
+    // Read file
+    const fileBuffer = fs.readFileSync(filePath);
+    const fileExt = path.extname(filename).toLowerCase();
+    const contentType = fileExt === ".png" ? "image/png" : "image/jpeg";
+
+    // Return file with appropriate content type
+    return new NextResponse(fileBuffer, {
+      headers: {
+        "Content-Type": contentType,
+        "Cache-Control": "public, max-age=31536000, immutable",
+      },
+    });
+  } catch (error) {
+    return NextResponse.json(
+      { error: "Failed to serve profile picture" },
+      { status: 500 }
+    );
+  }
+}
+

package/src/app/api/auth/register/route.ts

@@ -0,0 +1,106 @@
+// file_description: API route for user registration using hazo_connect to insert into hazo_users table
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { create_app_logger } from "@/lib/app_logger";
+import { register_user } from "@/lib/services/registration_service";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+
+// section: api_handler
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+
+  try {
+    const body = await request.json();
+    const { name, email, password } = body;
+
+    // Validate input
+    if (!email || !password) {
+      logger.warn("registration_validation_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        email: email || "missing",
+        has_password: !!password,
+      });
+
+      return NextResponse.json(
+        { error: "Email and password are required" },
+        { status: 400 }
+      );
+    }
+
+    // Validate email format
+    const email_pattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    if (!email_pattern.test(email)) {
+      logger.warn("registration_invalid_email", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        email,
+      });
+
+      return NextResponse.json(
+        { error: "Invalid email address format" },
+        { status: 400 }
+      );
+    }
+
+    // Get singleton hazo_connect instance (reuses same connection across all routes)
+    const hazoConnect = get_hazo_connect_instance();
+
+    // Register user using the registration service
+    const result = await register_user(hazoConnect, {
+      email,
+      password,
+      name,
+    });
+
+    if (!result.success) {
+      const status_code = result.error === "Email address already registered" ? 409 : 500;
+
+      logger.warn("registration_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        email,
+        error: result.error,
+      });
+
+      return NextResponse.json(
+        { error: result.error || "Registration failed" },
+        { status: status_code }
+      );
+    }
+
+    logger.info("registration_successful", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id: result.user_id,
+      email,
+      has_name: !!name,
+    });
+
+    return NextResponse.json(
+      {
+        success: true,
+        message: "Registration successful",
+        user_id: result.user_id,
+      },
+      { status: 201 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+
+    logger.error("registration_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+
+    return NextResponse.json(
+      { error: "Registration failed. Please try again." },
+      { status: 500 }
+    );
+  }
+}
+

package/src/app/api/auth/remove_profile_picture/route.ts

@@ -0,0 +1,86 @@
+// file_description: API route for removing profile pictures
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { create_app_logger } from "@/lib/app_logger";
+import { remove_user_profile_picture } from "@/lib/services/profile_picture_remove_service";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+
+// section: api_handler
+export async function DELETE(request: NextRequest) {
+  const logger = create_app_logger();
+
+  try {
+    // Use centralized auth check
+    let user_id: string;
+    try {
+      const { require_auth } = await import("@/lib/auth/auth_utils.server");
+      const user = await require_auth(request);
+      user_id = user.user_id;
+    } catch (error) {
+      if (error instanceof Error && error.message === "Authentication required") {
+        logger.warn("profile_picture_remove_authentication_failed", {
+          filename: get_filename(),
+          line_number: get_line_number(),
+          error: "User not authenticated",
+        });
+
+        return NextResponse.json(
+          { error: "Authentication required" },
+          { status: 401 }
+        );
+      }
+      throw error;
+    }
+
+    // Get singleton hazo_connect instance
+    const hazoConnect = get_hazo_connect_instance();
+
+    // Remove profile picture
+    const result = await remove_user_profile_picture(hazoConnect, user_id);
+
+    if (!result.success) {
+      logger.warn("profile_picture_remove_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+        error: result.error,
+      });
+
+      return NextResponse.json(
+        { error: result.error || "Failed to remove profile picture" },
+        { status: 400 }
+      );
+    }
+
+    logger.info("profile_picture_remove_successful", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id,
+    });
+
+    return NextResponse.json(
+      {
+        success: true,
+        message: "Profile picture removed successfully",
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+
+    logger.error("profile_picture_remove_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+
+    return NextResponse.json(
+      { error: "Failed to remove profile picture. Please try again." },
+      { status: 500 }
+    );
+  }
+}
+

package/src/app/api/auth/resend_verification/route.ts

@@ -0,0 +1,107 @@
+// file_description: API route for resending email verification using hazo_connect
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { create_app_logger } from "@/lib/app_logger";
+import { resend_verification_email } from "@/lib/services/email_verification_service";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+
+// section: api_handler
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+
+  try {
+    const body = await request.json();
+    const { email } = body;
+
+    // Validate input
+    if (!email) {
+      logger.warn("resend_verification_validation_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        email: email || "missing",
+      });
+
+      return NextResponse.json(
+        { error: "Email is required" },
+        { status: 400 }
+      );
+    }
+
+    // Validate email format
+    const email_pattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    if (!email_pattern.test(email)) {
+      logger.warn("resend_verification_invalid_email", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        email,
+      });
+
+      return NextResponse.json(
+        { error: "Invalid email address format" },
+        { status: 400 }
+      );
+    }
+
+    // Get singleton hazo_connect instance (reuses same connection across all routes)
+    const hazoConnect = get_hazo_connect_instance();
+
+    // Resend verification email using the email verification service
+    const result = await resend_verification_email(hazoConnect, {
+      email,
+    });
+
+    if (!result.success) {
+      logger.warn("resend_verification_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        email,
+        error: result.error,
+      });
+
+      // Still return 200 OK to prevent email enumeration attacks
+      return NextResponse.json(
+        {
+          success: true,
+          message: "If an account with that email exists and is not verified, a verification link has been sent.",
+        },
+        { status: 200 }
+      );
+    }
+
+    logger.info("resend_verification_requested", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      email,
+    });
+
+    // Always return success to prevent email enumeration attacks
+    return NextResponse.json(
+      {
+        success: true,
+        message: "If an account with that email exists and is not verified, a verification link has been sent.",
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+
+    logger.error("resend_verification_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+
+    // Still return 200 OK to prevent email enumeration attacks
+    return NextResponse.json(
+      {
+        success: true,
+        message: "If an account with that email exists and is not verified, a verification link has been sent.",
+      },
+      { status: 200 }
+    );
+  }
+}
+