npm - hazo_auth - Versions diffs - 0.1.0 - Mend

hazo_auth 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (162) hide show

package/LICENSE +21 -0
package/README.md +48 -0
package/components.json +22 -0
package/hazo_auth_config.example.ini +414 -0
package/hazo_notify_config.example.ini +159 -0
package/instrumentation.ts +32 -0
package/migrations/001_add_token_type_to_refresh_tokens.sql +14 -0
package/migrations/002_add_name_to_hazo_users.sql +7 -0
package/next.config.mjs +55 -0
package/package.json +114 -0
package/postcss.config.mjs +8 -0
package/public/file.svg +1 -0
package/public/globe.svg +1 -0
package/public/next.svg +1 -0
package/public/vercel.svg +1 -0
package/public/window.svg +1 -0
package/scripts/apply_migration.ts +118 -0
package/src/app/api/auth/change_password/route.ts +109 -0
package/src/app/api/auth/forgot_password/route.ts +107 -0
package/src/app/api/auth/library_photos/route.ts +70 -0
package/src/app/api/auth/login/route.ts +155 -0
package/src/app/api/auth/logout/route.ts +62 -0
package/src/app/api/auth/me/route.ts +47 -0
package/src/app/api/auth/profile_picture/[filename]/route.ts +67 -0
package/src/app/api/auth/register/route.ts +106 -0
package/src/app/api/auth/remove_profile_picture/route.ts +86 -0
package/src/app/api/auth/resend_verification/route.ts +107 -0
package/src/app/api/auth/reset_password/route.ts +107 -0
package/src/app/api/auth/update_user/route.ts +126 -0
package/src/app/api/auth/upload_profile_picture/route.ts +268 -0
package/src/app/api/auth/validate_reset_token/route.ts +80 -0
package/src/app/api/auth/verify_email/route.ts +85 -0
package/src/app/api/migrations/apply/route.ts +91 -0
package/src/app/favicon.ico +0 -0
package/src/app/fonts/GeistMonoVF.woff +0 -0
package/src/app/fonts/GeistVF.woff +0 -0
package/src/app/forgot_password/forgot_password_page_client.tsx +60 -0
package/src/app/forgot_password/page.tsx +24 -0
package/src/app/globals.css +89 -0
package/src/app/hazo_connect/api/sqlite/data/route.ts +197 -0
package/src/app/hazo_connect/api/sqlite/schema/route.ts +35 -0
package/src/app/hazo_connect/api/sqlite/tables/route.ts +26 -0
package/src/app/hazo_connect/sqlite_admin/page.tsx +51 -0
package/src/app/hazo_connect/sqlite_admin/sqlite-admin-client.tsx +947 -0
package/src/app/layout.tsx +43 -0
package/src/app/login/login_page_client.tsx +71 -0
package/src/app/login/page.tsx +26 -0
package/src/app/my_settings/my_settings_page_client.tsx +120 -0
package/src/app/my_settings/page.tsx +40 -0
package/src/app/page.tsx +170 -0
package/src/app/register/page.tsx +26 -0
package/src/app/register/register_page_client.tsx +72 -0
package/src/app/reset_password/page.tsx +29 -0
package/src/app/reset_password/reset_password_page_client.tsx +81 -0
package/src/app/verify_email/page.tsx +24 -0
package/src/app/verify_email/verify_email_page_client.tsx +60 -0
package/src/components/layouts/email_verification/config/email_verification_field_config.ts +86 -0
package/src/components/layouts/email_verification/hooks/use_email_verification.ts +291 -0
package/src/components/layouts/email_verification/index.tsx +297 -0
package/src/components/layouts/forgot_password/config/forgot_password_field_config.ts +58 -0
package/src/components/layouts/forgot_password/hooks/use_forgot_password_form.ts +179 -0
package/src/components/layouts/forgot_password/index.tsx +168 -0
package/src/components/layouts/login/config/login_field_config.ts +67 -0
package/src/components/layouts/login/hooks/use_login_form.ts +281 -0
package/src/components/layouts/login/index.tsx +224 -0
package/src/components/layouts/my_settings/components/editable_field.tsx +177 -0
package/src/components/layouts/my_settings/components/password_change_dialog.tsx +301 -0
package/src/components/layouts/my_settings/components/profile_picture_dialog.tsx +385 -0
package/src/components/layouts/my_settings/components/profile_picture_display.tsx +66 -0
package/src/components/layouts/my_settings/components/profile_picture_gravatar_tab.tsx +143 -0
package/src/components/layouts/my_settings/components/profile_picture_library_tab.tsx +282 -0
package/src/components/layouts/my_settings/components/profile_picture_upload_tab.tsx +341 -0
package/src/components/layouts/my_settings/config/my_settings_field_config.ts +61 -0
package/src/components/layouts/my_settings/hooks/use_my_settings.ts +458 -0
package/src/components/layouts/my_settings/index.tsx +351 -0
package/src/components/layouts/register/config/register_field_config.ts +101 -0
package/src/components/layouts/register/hooks/use_register_form.ts +272 -0
package/src/components/layouts/register/index.tsx +208 -0
package/src/components/layouts/reset_password/config/reset_password_field_config.ts +86 -0
package/src/components/layouts/reset_password/hooks/use_reset_password_form.ts +276 -0
package/src/components/layouts/reset_password/index.tsx +294 -0
package/src/components/layouts/shared/components/already_logged_in_guard.tsx +95 -0
package/src/components/layouts/shared/components/field_error_message.tsx +29 -0
package/src/components/layouts/shared/components/form_action_buttons.tsx +64 -0
package/src/components/layouts/shared/components/form_field_wrapper.tsx +44 -0
package/src/components/layouts/shared/components/form_header.tsx +36 -0
package/src/components/layouts/shared/components/logout_button.tsx +76 -0
package/src/components/layouts/shared/components/password_field.tsx +72 -0
package/src/components/layouts/shared/components/sidebar_layout_wrapper.tsx +264 -0
package/src/components/layouts/shared/components/two_column_auth_layout.tsx +44 -0
package/src/components/layouts/shared/components/unauthorized_guard.tsx +78 -0
package/src/components/layouts/shared/components/visual_panel.tsx +41 -0
package/src/components/layouts/shared/config/layout_customization.ts +95 -0
package/src/components/layouts/shared/data/layout_data_client.ts +19 -0
package/src/components/layouts/shared/hooks/use_auth_status.ts +103 -0
package/src/components/layouts/shared/utils/ip_address.ts +37 -0
package/src/components/layouts/shared/utils/validation.ts +66 -0
package/src/components/ui/avatar.tsx +50 -0
package/src/components/ui/button.tsx +57 -0
package/src/components/ui/dialog.tsx +122 -0
package/src/components/ui/hazo_ui_tooltip.tsx +67 -0
package/src/components/ui/input.tsx +22 -0
package/src/components/ui/label.tsx +26 -0
package/src/components/ui/separator.tsx +31 -0
package/src/components/ui/sheet.tsx +139 -0
package/src/components/ui/sidebar.tsx +773 -0
package/src/components/ui/skeleton.tsx +15 -0
package/src/components/ui/sonner.tsx +31 -0
package/src/components/ui/switch.tsx +29 -0
package/src/components/ui/tabs.tsx +55 -0
package/src/components/ui/tooltip.tsx +32 -0
package/src/components/ui/vertical-tabs.tsx +59 -0
package/src/hooks/use-mobile.tsx +19 -0
package/src/lib/already_logged_in_config.server.ts +46 -0
package/src/lib/app_logger.ts +24 -0
package/src/lib/auth/auth_utils.server.ts +196 -0
package/src/lib/auth/server_auth.ts +88 -0
package/src/lib/config/config_loader.server.ts +149 -0
package/src/lib/email_verification_config.server.ts +32 -0
package/src/lib/file_types_config.server.ts +25 -0
package/src/lib/forgot_password_config.server.ts +32 -0
package/src/lib/hazo_connect_instance.server.ts +77 -0
package/src/lib/hazo_connect_setup.server.ts +181 -0
package/src/lib/hazo_connect_setup.ts +54 -0
package/src/lib/login_config.server.ts +46 -0
package/src/lib/messages_config.server.ts +45 -0
package/src/lib/migrations/apply_migration.ts +105 -0
package/src/lib/my_settings_config.server.ts +135 -0
package/src/lib/password_requirements_config.server.ts +39 -0
package/src/lib/profile_picture_config.server.ts +56 -0
package/src/lib/register_config.server.ts +57 -0
package/src/lib/reset_password_config.server.ts +75 -0
package/src/lib/services/email_service.ts +581 -0
package/src/lib/services/email_verification_service.ts +264 -0
package/src/lib/services/login_service.ts +118 -0
package/src/lib/services/password_change_service.ts +154 -0
package/src/lib/services/password_reset_service.ts +405 -0
package/src/lib/services/profile_picture_remove_service.ts +120 -0
package/src/lib/services/profile_picture_service.ts +215 -0
package/src/lib/services/profile_picture_source_mapper.ts +62 -0
package/src/lib/services/registration_service.ts +163 -0
package/src/lib/services/token_service.ts +240 -0
package/src/lib/services/user_update_service.ts +128 -0
package/src/lib/ui_sizes_config.server.ts +37 -0
package/src/lib/user_fields_config.server.ts +31 -0
package/src/lib/utils/api_route_helpers.ts +60 -0
package/src/lib/utils.ts +11 -0
package/src/middleware.ts +91 -0
package/src/server/config/config_loader.ts +496 -0
package/src/server/index.ts +38 -0
package/src/server/logging/logger_service.ts +56 -0
package/src/server/routes/root_router.ts +16 -0
package/src/server/server.ts +28 -0
package/src/server/types/app_types.ts +74 -0
package/src/server/types/express.d.ts +15 -0
package/src/stories/email_verification_layout.stories.tsx +137 -0
package/src/stories/forgot_password_layout.stories.tsx +85 -0
package/src/stories/login_layout.stories.tsx +85 -0
package/src/stories/project_overview.stories.tsx +33 -0
package/src/stories/register_layout.stories.tsx +107 -0
package/tailwind.config.ts +77 -0
package/tsconfig.json +27 -0

package/src/app/api/auth/reset_password/route.ts ADDED Viewed

@@ -0,0 +1,107 @@
+// file_description: API route for resetting user password using a reset token
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { reset_password } from "@/lib/services/password_reset_service";
+import { create_app_logger } from "@/lib/app_logger";
+import { get_password_requirements_config } from "@/lib/password_requirements_config.server";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+// section: api_handler
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const body = await request.json();
+    const { token, new_password } = body;
+    // Validate input
+    if (!token) {
+      logger.warn("password_reset_validation_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        error: "Token is required",
+      });
+      return NextResponse.json(
+        { error: "Token is required" },
+        { status: 400 }
+      );
+    }
+    if (!new_password) {
+      logger.warn("password_reset_validation_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        error: "New password is required",
+      });
+      return NextResponse.json(
+        { error: "New password is required" },
+        { status: 400 }
+      );
+    }
+    // Get singleton hazo_connect instance (reuses same connection across all routes)
+    const hazoConnect = get_hazo_connect_instance();
+    // Get password requirements from config
+    const passwordRequirements = get_password_requirements_config();
+    // Reset password using the password reset service
+    const result = await reset_password(hazoConnect, {
+      token,
+      new_password,
+      minimum_length: passwordRequirements.minimum_length,
+    });
+    if (!result.success) {
+      logger.warn("password_reset_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        error: result.error,
+      });
+      return NextResponse.json(
+        {
+          success: false,
+          error: result.error || "Failed to reset password",
+        },
+        { status: 400 }
+      );
+    }
+    logger.info("password_reset_successful", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id: result.user_id,
+      email: result.email,
+    });
+    return NextResponse.json(
+      {
+        success: true,
+        message: "Password has been reset successfully",
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message =
+      error instanceof Error ? error.message : "Unknown error";
+    logger.error("password_reset_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error: error_message,
+    });
+    return NextResponse.json(
+      {
+        success: false,
+        error: "An error occurred while resetting your password",
+      },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/auth/update_user/route.ts ADDED Viewed

@@ -0,0 +1,126 @@
+// file_description: API route for updating user profile information
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { create_app_logger } from "@/lib/app_logger";
+import { update_user_profile } from "@/lib/services/user_update_service";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+import { require_auth } from "@/lib/auth/auth_utils.server";
+// section: api_handler
+export async function PATCH(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    // Use centralized auth check
+    let user_id: string;
+    try {
+      const user = await require_auth(request);
+      user_id = user.user_id;
+    } catch (error) {
+      if (error instanceof Error && error.message === "Authentication required") {
+        logger.warn("user_update_authentication_failed", {
+          filename: get_filename(),
+          line_number: get_line_number(),
+          error: "User not authenticated",
+        });
+        return NextResponse.json(
+          { error: "Authentication required" },
+          { status: 401 }
+        );
+      }
+      throw error;
+    }
+    const body = await request.json();
+    const { name, email, profile_picture_url, profile_source } = body;
+    // Validate input (at least one field must be provided)
+    if (name === undefined && email === undefined && profile_picture_url === undefined) {
+      logger.warn("user_update_validation_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        error: "No fields to update",
+      });
+      return NextResponse.json(
+        { error: "At least one field (name, email, or profile_picture_url) must be provided" },
+        { status: 400 }
+      );
+    }
+    // Get singleton hazo_connect instance
+    const hazoConnect = get_hazo_connect_instance();
+    // Update user profile
+    const result = await update_user_profile(hazoConnect, user_id, {
+      name,
+      email,
+      profile_picture_url,
+      profile_source,
+    });
+    if (!result.success) {
+      logger.warn("user_update_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        error: result.error,
+        user_id,
+        email_changed: result.email_changed,
+      });
+      return NextResponse.json(
+        { error: result.error || "Failed to update user profile" },
+        { status: 400 }
+      );
+    }
+    logger.info("user_update_successful", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id,
+      email_changed: result.email_changed,
+    });
+    // Create response
+    const response = NextResponse.json(
+      {
+        success: true,
+        message: "Profile updated successfully",
+        email_changed: result.email_changed,
+      },
+      { status: 200 }
+    );
+    // If email changed, update the cookie (match login route cookie settings)
+    if (result.email_changed && email) {
+      response.cookies.set("hazo_auth_user_email", email, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        path: "/",
+        maxAge: 60 * 60 * 24 * 30, // 30 days
+      });
+    }
+    return response;
+  } catch (error) {
+    const error_message =
+      error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("user_update_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Failed to update user profile. Please try again." },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/auth/upload_profile_picture/route.ts ADDED Viewed

@@ -0,0 +1,268 @@
+// file_description: API route for uploading profile pictures
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { create_app_logger } from "@/lib/app_logger";
+import { get_profile_picture_config } from "@/lib/profile_picture_config.server";
+import { get_file_types_config } from "@/lib/file_types_config.server";
+import { update_user_profile_picture } from "@/lib/services/profile_picture_service";
+import { createCrudService } from "hazo_connect/server";
+import { map_db_source_to_ui } from "@/lib/services/profile_picture_source_mapper";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+import fs from "fs";
+import path from "path";
+// section: api_handler
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    // Use centralized auth check
+    let user_id: string;
+    try {
+      const { require_auth } = await import("@/lib/auth/auth_utils.server");
+      const user = await require_auth(request);
+      user_id = user.user_id;
+    } catch (error) {
+      if (error instanceof Error && error.message === "Authentication required") {
+        logger.warn("profile_picture_upload_authentication_failed", {
+          filename: get_filename(),
+          line_number: get_line_number(),
+          error: "User not authenticated",
+        });
+        return NextResponse.json(
+          { error: "Authentication required" },
+          { status: 401 }
+        );
+      }
+      throw error;
+    }
+    // Check if upload is enabled
+    const config = get_profile_picture_config();
+    if (!config.allow_photo_upload) {
+      logger.warn("profile_picture_upload_disabled", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+      });
+      return NextResponse.json(
+        { error: "Photo upload is not enabled" },
+        { status: 403 }
+      );
+    }
+    if (!config.upload_photo_path) {
+      logger.warn("profile_picture_upload_path_not_configured", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+      });
+      return NextResponse.json(
+        { error: "Upload path is not configured" },
+        { status: 500 }
+      );
+    }
+    // Get FormData
+    const formData = await request.formData();
+    const file = formData.get("file") as File | null;
+    if (!file) {
+      logger.warn("profile_picture_upload_no_file", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+      });
+      return NextResponse.json(
+        { error: "No file provided" },
+        { status: 400 }
+      );
+    }
+    // Validate file type
+    const fileTypes = get_file_types_config();
+    const fileType = file.type;
+    if (!fileTypes.allowed_image_mime_types.includes(fileType)) {
+      logger.warn("profile_picture_upload_invalid_type", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+        fileType,
+      });
+      return NextResponse.json(
+        { error: "Invalid file type. Only JPG and PNG files are allowed." },
+        { status: 400 }
+      );
+    }
+    // Validate file size (should already be compressed client-side, but check server-side too)
+    const fileSize = file.size;
+    if (fileSize > config.max_photo_size) {
+      logger.warn("profile_picture_upload_too_large", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+        fileSize,
+        maxSize: config.max_photo_size,
+      });
+      return NextResponse.json(
+        { error: `File size exceeds maximum allowed size of ${config.max_photo_size} bytes` },
+        { status: 400 }
+      );
+    }
+    // Get current user profile picture info before updating
+    const hazoConnect = get_hazo_connect_instance();
+    const users_service = createCrudService(hazoConnect, "hazo_users");
+    const current_users = await users_service.findBy({ id: user_id });
+    let oldProfilePictureUrl: string | null = null;
+    let oldProfileSource: string | null = null;
+    if (Array.isArray(current_users) && current_users.length > 0) {
+      const current_user = current_users[0];
+      oldProfilePictureUrl = (current_user.profile_picture_url as string) || null;
+      oldProfileSource = (current_user.profile_source as string) || null;
+    }
+    // Determine file extension from MIME type
+    const mimeToExt: Record<string, string> = {
+      "image/jpeg": "jpg",
+      "image/jpg": "jpg",
+      "image/png": "png",
+    };
+    const fileExtension = mimeToExt[fileType] || "jpg";
+    const fileName = `${user_id}.${fileExtension}`;
+    // Resolve upload path
+    const uploadPath = path.isAbsolute(config.upload_photo_path)
+      ? config.upload_photo_path
+      : path.resolve(process.cwd(), config.upload_photo_path);
+    // Create upload directory if it doesn't exist
+    if (!fs.existsSync(uploadPath)) {
+      fs.mkdirSync(uploadPath, { recursive: true });
+    }
+    // Save file
+    const filePath = path.join(uploadPath, fileName);
+    const arrayBuffer = await file.arrayBuffer();
+    const buffer = Buffer.from(arrayBuffer);
+    fs.writeFileSync(filePath, buffer);
+    // Generate URL (relative to public or absolute)
+    // For Next.js, we'll serve from a public route or use absolute path
+    // For now, use a relative path that can be served via API or static file serving
+    const profilePictureUrl = `/api/auth/profile_picture/${fileName}`;
+    // Update user record
+    const updateResult = await update_user_profile_picture(
+      hazoConnect,
+      user_id,
+      profilePictureUrl,
+      "upload",
+    );
+    if (!updateResult.success) {
+      // Clean up uploaded file
+      try {
+        fs.unlinkSync(filePath);
+      } catch (error) {
+        // Ignore cleanup errors
+      }
+      logger.warn("profile_picture_upload_update_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+        error: updateResult.error,
+      });
+      return NextResponse.json(
+        { error: updateResult.error || "Failed to update profile picture" },
+        { status: 500 }
+      );
+    }
+    // Delete old profile picture file if it exists and was an uploaded file
+    if (oldProfilePictureUrl && oldProfileSource) {
+      const oldSourceUI = map_db_source_to_ui(oldProfileSource);
+      // Only delete if the old profile picture was an uploaded file
+      if (oldSourceUI === "upload") {
+        try {
+          // Extract filename from URL (e.g., /api/auth/profile_picture/user_id.jpg)
+          const oldFileName = oldProfilePictureUrl.split("/").pop();
+          if (oldFileName) {
+            // Check if it's a user-specific file (starts with user_id)
+            if (oldFileName.startsWith(user_id)) {
+              const oldFilePath = path.join(uploadPath, oldFileName);
+              // Only delete if it's a different file (different extension)
+              if (oldFilePath !== filePath && fs.existsSync(oldFilePath)) {
+                fs.unlinkSync(oldFilePath);
+                logger.info("profile_picture_old_file_deleted", {
+                  filename: get_filename(),
+                  line_number: get_line_number(),
+                  user_id,
+                  oldFileName,
+                });
+              }
+            }
+          }
+        } catch (error) {
+          // Log error but don't fail the request
+          logger.warn("profile_picture_old_file_delete_failed", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+            oldProfilePictureUrl,
+            error: error instanceof Error ? error.message : "Unknown error",
+          });
+        }
+      }
+    }
+    logger.info("profile_picture_upload_successful", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id,
+      fileName,
+      fileSize,
+    });
+    return NextResponse.json(
+      {
+        success: true,
+        profile_picture_url: profilePictureUrl,
+        message: "Profile picture uploaded successfully",
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("profile_picture_upload_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Failed to upload profile picture. Please try again." },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/auth/validate_reset_token/route.ts ADDED Viewed

@@ -0,0 +1,80 @@
+// file_description: API route for validating password reset token without resetting password
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { validate_password_reset_token } from "@/lib/services/password_reset_service";
+import { create_app_logger } from "@/lib/app_logger";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+// section: api_handler
+export async function GET(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const { searchParams } = new URL(request.url);
+    const token = searchParams.get("token");
+    // Validate input
+    if (!token) {
+      logger.warn("password_reset_token_validation_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        error: "Token is required",
+      });
+      return NextResponse.json(
+        { success: false, error: "Token is required" },
+        { status: 400 }
+      );
+    }
+    // Get singleton hazo_connect instance (reuses same connection across all routes)
+    const hazoConnect = get_hazo_connect_instance();
+    // Validate token using the password reset service
+    const result = await validate_password_reset_token(hazoConnect, {
+      token,
+    });
+    if (!result.success) {
+      logger.warn("password_reset_token_validation_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        error: result.error,
+      });
+      return NextResponse.json(
+        {
+          success: false,
+          error: result.error || "Invalid or expired reset token",
+        },
+        { status: 400 }
+      );
+    }
+    return NextResponse.json(
+      {
+        success: true,
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message =
+      error instanceof Error ? error.message : "Unknown error";
+    logger.error("password_reset_token_validation_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error: error_message,
+    });
+    return NextResponse.json(
+      {
+        success: false,
+        error: "An error occurred while validating the reset token",
+      },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/auth/verify_email/route.ts ADDED Viewed

@@ -0,0 +1,85 @@
+// file_description: API route for email verification using hazo_connect
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { create_app_logger } from "@/lib/app_logger";
+import { verify_email_token } from "@/lib/services/email_verification_service";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+// section: api_handler
+export async function GET(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const { searchParams } = new URL(request.url);
+    const token = searchParams.get("token");
+    // Validate input
+    if (!token) {
+      logger.warn("email_verification_validation_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        has_token: false,
+      });
+      return NextResponse.json(
+        { error: "Verification token is required" },
+        { status: 400 }
+      );
+    }
+    // Get singleton hazo_connect instance (reuses same connection across all routes)
+    const hazoConnect = get_hazo_connect_instance();
+    // Verify email token using the email verification service
+    const result = await verify_email_token(hazoConnect, {
+      token,
+    });
+    if (!result.success) {
+      logger.warn("email_verification_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        error: result.error,
+      });
+      return NextResponse.json(
+        { error: result.error || "Email verification failed" },
+        { status: 400 }
+      );
+    }
+    logger.info("email_verification_successful", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id: result.user_id,
+      email: result.email,
+    });
+    return NextResponse.json(
+      {
+        success: true,
+        message: "Email verified successfully",
+        user_id: result.user_id,
+        email: result.email,
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("email_verification_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Email verification failed. Please try again." },
+      { status: 500 }
+    );
+  }
+}