hazo_auth 0.1.0

package/src/app/api/migrations/apply/route.ts

@@ -0,0 +1,91 @@
+// file_description: API route to manually apply database migrations
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { create_app_logger } from "@/lib/app_logger";
+import fs from "fs";
+import path from "path";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+
+// section: api_handler
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+
+  try {
+    const body = await request.json();
+    const { migration_file } = body;
+
+    if (!migration_file) {
+      return NextResponse.json(
+        { error: "migration_file parameter is required" },
+        { status: 400 }
+      );
+    }
+
+    const migrations_dir = path.resolve(process.cwd(), "migrations");
+    const migration_path = path.join(migrations_dir, migration_file);
+
+    // Security check: ensure file is in migrations directory
+    if (!migration_path.startsWith(migrations_dir)) {
+      return NextResponse.json(
+        { error: "Invalid migration file path" },
+        { status: 400 }
+      );
+    }
+
+    if (!fs.existsSync(migration_path)) {
+      return NextResponse.json(
+        { error: `Migration file not found: ${migration_file}` },
+        { status: 404 }
+      );
+    }
+
+    // Read the migration SQL
+    const migration_sql = fs.readFileSync(migration_path, "utf-8");
+
+    // Get hazo_connect instance
+    const hazoConnect = get_hazo_connect_instance();
+
+    // For SQLite, we need to execute raw SQL
+    // Since hazo_connect doesn't expose raw SQL execution directly,
+    // we'll need to use the SQLite admin API or a workaround
+    // For now, return instructions to apply manually
+
+    logger.info("migration_apply_requested", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      migration_file,
+    });
+
+    return NextResponse.json(
+      {
+        success: true,
+        message: "Migration file read successfully. Please apply manually via SQLite Admin UI.",
+        sql: migration_sql,
+        instructions: [
+          "1. Go to SQLite Admin UI at /hazo_connect/sqlite_admin",
+          "2. Select the hazo_refresh_tokens table",
+          "3. Use the SQL editor or execute the migration SQL manually",
+          `4. Migration SQL is provided in the 'sql' field of this response`,
+        ],
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+
+    logger.error("migration_apply_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+
+    return NextResponse.json(
+      { error: "Failed to process migration request" },
+      { status: 500 }
+    );
+  }
+}
+

package/src/app/forgot_password/forgot_password_page_client.tsx

@@ -0,0 +1,60 @@
+// file_description: client component for forgot password page that initializes hazo_connect and renders forgot password layout
+// section: client_directive
+"use client";
+
+// section: imports
+import { useEffect, useState } from "react";
+import forgot_password_layout from "@/components/layouts/forgot_password";
+import { createLayoutDataClient } from "@/components/layouts/shared/data/layout_data_client";
+import { create_sqlite_hazo_connect } from "@/lib/hazo_connect_setup";
+import type { LayoutDataClient } from "@/components/layouts/shared/data/layout_data_client";
+
+// section: types
+type ForgotPasswordPageClientProps = {
+  alreadyLoggedInMessage?: string;
+  showLogoutButton?: boolean;
+  showReturnHomeButton?: boolean;
+  returnHomeButtonLabel?: string;
+  returnHomePath?: string;
+};
+
+// section: component
+export function ForgotPasswordPageClient({
+  alreadyLoggedInMessage,
+  showLogoutButton,
+  showReturnHomeButton,
+  returnHomeButtonLabel,
+  returnHomePath,
+}: ForgotPasswordPageClientProps) {
+  const [dataClient, setDataClient] = useState<LayoutDataClient<unknown> | null>(null);
+
+  useEffect(() => {
+    // Initialize hazo_connect on client side
+    const hazoConnect = create_sqlite_hazo_connect();
+    const client = createLayoutDataClient(hazoConnect);
+    
+    setDataClient(client);
+  }, []);
+
+  // Show loading state while initializing
+  if (!dataClient) {
+    return <div className="cls_forgot_password_page_loading text-slate-600">Loading...</div>;
+  }
+
+  const ForgotPasswordLayout = forgot_password_layout;
+
+  return (
+    <ForgotPasswordLayout
+      image_src="/globe.svg"
+      image_alt="Illustration of a globe representing secure authentication workflows"
+      image_background_color="#e2e8f0"
+      data_client={dataClient}
+      alreadyLoggedInMessage={alreadyLoggedInMessage}
+      showLogoutButton={showLogoutButton}
+      showReturnHomeButton={showReturnHomeButton}
+      returnHomeButtonLabel={returnHomeButtonLabel}
+      returnHomePath={returnHomePath}
+    />
+  );
+}
+

package/src/app/forgot_password/page.tsx

@@ -0,0 +1,24 @@
+// file_description: render the forgot password page shell and mount the forgot password layout component within sidebar
+// section: imports
+import { SidebarLayoutWrapper } from "@/components/layouts/shared/components/sidebar_layout_wrapper";
+import { ForgotPasswordPageClient } from "./forgot_password_page_client";
+import { get_forgot_password_config } from "@/lib/forgot_password_config.server";
+
+// section: component
+export default function forgot_password_page() {
+  // Read forgot password configuration from hazo_auth_config.ini (server-side)
+  const forgotPasswordConfig = get_forgot_password_config();
+
+  return (
+    <SidebarLayoutWrapper>
+      <ForgotPasswordPageClient
+        alreadyLoggedInMessage={forgotPasswordConfig.alreadyLoggedInMessage}
+        showLogoutButton={forgotPasswordConfig.showLogoutButton}
+        showReturnHomeButton={forgotPasswordConfig.showReturnHomeButton}
+        returnHomeButtonLabel={forgotPasswordConfig.returnHomeButtonLabel}
+        returnHomePath={forgotPasswordConfig.returnHomePath}
+      />
+    </SidebarLayoutWrapper>
+  );
+}
+

package/src/app/globals.css

@@ -0,0 +1,89 @@
+/* file_description: define global tailwind layers and theme tokens for ui_component */
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+/* section: light_mode_tokens */
+@layer base {
+  :root {
+    --background: 0 0% 100%;
+    --foreground: 0 0% 3.9%;
+    --card: 0 0% 100%;
+    --card-foreground: 0 0% 3.9%;
+    --popover: 0 0% 100%;
+    --popover-foreground: 0 0% 3.9%;
+    --primary: 0 0% 9%;
+    --primary-foreground: 0 0% 98%;
+    --secondary: 0 0% 96.1%;
+    --secondary-foreground: 0 0% 9%;
+    --muted: 0 0% 96.1%;
+    --muted-foreground: 0 0% 45.1%;
+    --accent: 0 0% 96.1%;
+    --accent-foreground: 0 0% 9%;
+    --destructive: 0 84.2% 60.2%;
+    --destructive-foreground: 0 0% 98%;
+    --border: 0 0% 89.8%;
+    --input: 0 0% 89.8%;
+    --ring: 0 0% 3.9%;
+    --chart-1: 12 76% 61%;
+    --chart-2: 173 58% 39%;
+    --chart-3: 197 37% 24%;
+    --chart-4: 43 74% 66%;
+    --chart-5: 27 87% 67%;
+    --radius: 0.5rem;
+    --sidebar-background: 0 0% 98%;
+    --sidebar-foreground: 240 5.3% 26.1%;
+    --sidebar-primary: 240 5.9% 10%;
+    --sidebar-primary-foreground: 0 0% 98%;
+    --sidebar-accent: 240 4.8% 95.9%;
+    --sidebar-accent-foreground: 240 5.9% 10%;
+    --sidebar-border: 220 13% 91%;
+    --sidebar-ring: 217.2 91.2% 59.8%;
+  }
+
+  /* section: dark_mode_tokens */
+  .dark {
+    --background: 0 0% 3.9%;
+    --foreground: 0 0% 98%;
+    --card: 0 0% 3.9%;
+    --card-foreground: 0 0% 98%;
+    --popover: 0 0% 3.9%;
+    --popover-foreground: 0 0% 98%;
+    --primary: 0 0% 98%;
+    --primary-foreground: 0 0% 9%;
+    --secondary: 0 0% 14.9%;
+    --secondary-foreground: 0 0% 98%;
+    --muted: 0 0% 14.9%;
+    --muted-foreground: 0 0% 63.9%;
+    --accent: 0 0% 14.9%;
+    --accent-foreground: 0 0% 98%;
+    --destructive: 0 62.8% 30.6%;
+    --destructive-foreground: 0 0% 98%;
+    --border: 0 0% 14.9%;
+    --input: 0 0% 14.9%;
+    --ring: 0 0% 83.1%;
+    --chart-1: 220 70% 50%;
+    --chart-2: 160 60% 45%;
+    --chart-3: 30 80% 55%;
+    --chart-4: 280 65% 60%;
+    --chart-5: 340 75% 55%;
+    --sidebar-background: 240 5.9% 10%;
+    --sidebar-foreground: 240 4.8% 95.9%;
+    --sidebar-primary: 224.3 76.3% 48%;
+    --sidebar-primary-foreground: 0 0% 100%;
+    --sidebar-accent: 240 3.7% 15.9%;
+    --sidebar-accent-foreground: 240 4.8% 95.9%;
+    --sidebar-border: 240 3.7% 15.9%;
+    --sidebar-ring: 217.2 91.2% 59.8%;
+  }
+}
+
+/* section: element_defaults */
+@layer base {
+  * {
+    @apply border-border;
+  }
+  body {
+    @apply bg-background text-foreground;
+  }
+}

package/src/app/hazo_connect/api/sqlite/data/route.ts

@@ -0,0 +1,197 @@
+// file_description: API route to manage SQLite table data (CRUD operations) for admin UI
+import { NextRequest, NextResponse } from "next/server"
+import {
+  getSqliteAdminService,
+  type RowQueryOptions,
+  type SqliteFilterOperator,
+  type SqliteWhereFilter
+} from "hazo_connect/server"
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server"
+
+export const dynamic = "force-dynamic"
+const allowedOperators: SqliteFilterOperator[] = [
+  "eq",
+  "neq",
+  "gt",
+  "gte",
+  "lt",
+  "lte",
+  "like",
+  "ilike",
+  "is"
+]
+
+// Helper function to ensure admin service is initialized
+function ensureAdminServiceInitialized() {
+  // Get singleton hazo_connect instance (initializes admin service if needed)
+  get_hazo_connect_instance();
+  return getSqliteAdminService();
+}
+
+export async function GET(request: NextRequest) {
+  const url = new URL(request.url)
+  const table = url.searchParams.get("table")
+  if (!table) {
+    return NextResponse.json(
+      { error: "Query parameter 'table' is required." },
+      { status: 400 }
+    )
+  }
+
+  try {
+    const service = ensureAdminServiceInitialized()
+    const options = parseRowQueryOptions(url.searchParams)
+    const page = await service.getTableData(table, options)
+    return NextResponse.json({ data: page.rows, total: page.total })
+  } catch (error) {
+    return toErrorResponse(error, `Failed to fetch data for table '${table}'`)
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const service = ensureAdminServiceInitialized()
+    const payload = await request.json()
+    const table = payload?.table
+    const data = payload?.data
+
+    if (!table || typeof data !== "object" || Array.isArray(data)) {
+      return NextResponse.json(
+        { error: "Request body must include 'table' and a 'data' object." },
+        { status: 400 }
+      )
+    }
+
+    const inserted = await service.insertRow(table, data)
+    return NextResponse.json({ data: inserted })
+  } catch (error) {
+    return toErrorResponse(error, "Failed to insert row")
+  }
+}
+
+export async function PATCH(request: NextRequest) {
+  try {
+    const service = ensureAdminServiceInitialized()
+    const payload = await request.json()
+    const table = payload?.table
+    const data = payload?.data
+    const criteria = payload?.criteria
+
+    if (
+      !table ||
+      typeof data !== "object" ||
+      Array.isArray(data) ||
+      typeof criteria !== "object" ||
+      criteria === null ||
+      Array.isArray(criteria)
+    ) {
+      return NextResponse.json(
+        {
+          error:
+            "Request body must include 'table', 'data' object, and a 'criteria' object for the rows to update."
+        },
+        { status: 400 }
+      )
+    }
+
+    const rows = await service.updateRows(table, criteria, data)
+    return NextResponse.json({ data: rows, updated: rows.length })
+  } catch (error) {
+    return toErrorResponse(error, "Failed to update rows")
+  }
+}
+
+export async function DELETE(request: NextRequest) {
+  try {
+    const service = ensureAdminServiceInitialized()
+    const payload = await request.json()
+    const table = payload?.table
+    const criteria = payload?.criteria
+
+    if (
+      !table ||
+      typeof criteria !== "object" ||
+      criteria === null ||
+      Array.isArray(criteria)
+    ) {
+      return NextResponse.json(
+        {
+          error:
+            "Request body must include 'table' and a 'criteria' object for the rows to delete."
+        },
+        { status: 400 }
+      )
+    }
+
+    const rows = await service.deleteRows(table, criteria)
+    return NextResponse.json({ data: rows, deleted: rows.length })
+  } catch (error) {
+    return toErrorResponse(error, "Failed to delete rows")
+  }
+}
+
+function parseRowQueryOptions(params: URLSearchParams): RowQueryOptions {
+  const limitParam = params.get("limit")
+  const offsetParam = params.get("offset")
+  const orderBy = params.get("orderBy") ?? undefined
+  const orderDirection = parseOrderDirection(params.get("orderDirection"))
+  const filters = parseFilters(params)
+
+  const limit = limitParam ? Number.parseInt(limitParam, 10) : undefined
+  const offset = offsetParam ? Number.parseInt(offsetParam, 10) : undefined
+
+  return {
+    limit: Number.isNaN(limit) ? undefined : limit,
+    offset: Number.isNaN(offset) ? undefined : offset,
+    order_by: orderBy ?? undefined,
+    order_direction: orderDirection,
+    filters: filters.length ? filters : undefined
+  }
+}
+
+function parseFilters(params: URLSearchParams): SqliteWhereFilter[] {
+  const filters: SqliteWhereFilter[] = []
+
+  params.forEach((value, key) => {
+    const match = key.match(/^filter\[(.+?)\](?:\[(.+)\])?$/)
+    if (!match) {
+      return
+    }
+    const column = match[1]
+    const operatorValue = (match[2] ?? "eq").toLowerCase()
+    if (!isAllowedOperator(operatorValue)) {
+      throw new Error(`Unsupported filter operator '${operatorValue}'`)
+    }
+    filters.push({
+      column,
+      operator: operatorValue as SqliteFilterOperator,
+      value
+    })
+  })
+
+  return filters
+}
+
+function parseOrderDirection(
+  direction: string | null
+): "asc" | "desc" | undefined {
+  if (!direction) {
+    return undefined
+  }
+  const normalized = direction.toLowerCase()
+  if (normalized === "asc" || normalized === "desc") {
+    return normalized
+  }
+  throw new Error(`Unsupported order direction '${direction}'`)
+}
+
+function isAllowedOperator(value: string): value is SqliteFilterOperator {
+  return allowedOperators.includes(value as SqliteFilterOperator)
+}
+
+function toErrorResponse(error: unknown, fallback: string) {
+  const message = error instanceof Error ? error.message : fallback
+  const status = message.toLowerCase().includes("required") ? 400 : 500
+  return NextResponse.json({ error: message }, { status })
+}
+

package/src/app/hazo_connect/api/sqlite/schema/route.ts

@@ -0,0 +1,35 @@
+// file_description: API route to get SQLite table schema for admin UI
+import { NextRequest, NextResponse } from "next/server"
+import { getSqliteAdminService } from "hazo_connect/server"
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server"
+
+export const dynamic = "force-dynamic"
+
+export async function GET(request: NextRequest) {
+  const url = new URL(request.url)
+  const table = url.searchParams.get("table")
+  if (!table) {
+    return NextResponse.json(
+      { error: "Query parameter 'table' is required." },
+      { status: 400 }
+    )
+  }
+
+  try {
+    // Get singleton hazo_connect instance (initializes admin service if needed)
+    get_hazo_connect_instance();
+    
+    const service = getSqliteAdminService()
+    const schema = await service.getTableSchema(table)
+    return NextResponse.json({ data: schema })
+  } catch (error) {
+    return toErrorResponse(error, `Failed to fetch schema for table '${table}'`)
+  }
+}
+
+function toErrorResponse(error: unknown, fallback: string) {
+  const message = error instanceof Error ? error.message : fallback
+  const status = message.toLowerCase().includes("required") ? 400 : 500
+  return NextResponse.json({ error: message }, { status })
+}
+

package/src/app/hazo_connect/api/sqlite/tables/route.ts

@@ -0,0 +1,26 @@
+// file_description: API route to list SQLite tables for admin UI
+import { NextResponse } from "next/server"
+import { getSqliteAdminService } from "hazo_connect/server"
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server"
+
+export const dynamic = "force-dynamic"
+
+export async function GET() {
+  try {
+    // Get singleton hazo_connect instance (initializes admin service if needed)
+    get_hazo_connect_instance();
+    
+    const service = getSqliteAdminService()
+    const tables = await service.listTables()
+    return NextResponse.json({ data: tables })
+  } catch (error) {
+    return toErrorResponse(error, "Failed to list SQLite tables")
+  }
+}
+
+function toErrorResponse(error: unknown, fallback: string) {
+  const message = error instanceof Error ? error.message : fallback
+  const status = message.toLowerCase().includes("required") ? 400 : 500
+  return NextResponse.json({ error: message }, { status })
+}
+

package/src/app/hazo_connect/sqlite_admin/page.tsx

@@ -0,0 +1,51 @@
+// file_description: SQLite admin UI page that displays the admin client component
+// Note: This page fetches data from API routes instead of directly calling admin service
+// to avoid SQLite/WASM loading issues in React Server Component context
+import { headers } from "next/headers"
+import type { TableSummary } from "hazo_connect/ui"
+import SqliteAdminClient from "./sqlite-admin-client"
+
+export const dynamic = "force-dynamic"
+
+export default async function SqliteAdminPage() {
+  // Fetch initial tables from API route to avoid SQLite/WASM in RSC context
+  // API routes run in proper Node.js context where SQLite can work
+  try {
+    // Get the host from request headers to construct absolute URL
+    const headersList = await headers()
+    const host = headersList.get("host") || "localhost:3000"
+    const protocol = process.env.NODE_ENV === "production" ? "https" : "http"
+    const baseUrl = `${protocol}://${host}`
+    
+    // Use Next.js internal fetch with absolute URL
+    const response = await fetch(
+      `${baseUrl}/hazo_connect/api/sqlite/tables`,
+      { 
+        cache: "no-store"
+      }
+    );
+    
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      throw new Error(errorData.error || `Failed to fetch tables: ${response.statusText}`);
+    }
+    
+    const data = await response.json();
+    const tables: TableSummary[] = data.data || [];
+    
+    return <SqliteAdminClient initialTables={tables} />
+  } catch (error) {
+    const message =
+      error instanceof Error ? error.message : "Failed to initialise SQLite admin UI."
+
+    return (
+      <section className="mx-auto flex max-w-4xl flex-col gap-4 p-6">
+        <h1 className="text-2xl font-semibold text-slate-900">SQLite Admin</h1>
+        <p className="rounded-md border border-red-200 bg-red-50 p-4 text-sm text-red-700">
+          {message}
+        </p>
+      </section>
+    )
+  }
+}
+