npm - hazo_auth - Versions diffs - 0.1.2 → 1.0.0 - Mend

hazo_auth 0.1.2 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

package/src/app/api/hazo_auth/upload_profile_picture/route.ts ADDED Viewed

@@ -0,0 +1,268 @@
+// file_description: API route for uploading profile pictures
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { create_app_logger } from "@/lib/app_logger";
+import { get_profile_picture_config } from "@/lib/profile_picture_config.server";
+import { get_file_types_config } from "@/lib/file_types_config.server";
+import { update_user_profile_picture } from "@/lib/services/profile_picture_service";
+import { createCrudService } from "hazo_connect/server";
+import { map_db_source_to_ui } from "@/lib/services/profile_picture_source_mapper";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+import fs from "fs";
+import path from "path";
+// section: api_handler
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    // Use centralized auth check
+    let user_id: string;
+    try {
+      const { require_auth } = await import("@/lib/auth/auth_utils.server");
+      const user = await require_auth(request);
+      user_id = user.user_id;
+    } catch (error) {
+      if (error instanceof Error && error.message === "Authentication required") {
+        logger.warn("profile_picture_upload_authentication_failed", {
+          filename: get_filename(),
+          line_number: get_line_number(),
+          error: "User not authenticated",
+        });
+        return NextResponse.json(
+          { error: "Authentication required" },
+          { status: 401 }
+        );
+      }
+      throw error;
+    }
+    // Check if upload is enabled
+    const config = get_profile_picture_config();
+    if (!config.allow_photo_upload) {
+      logger.warn("profile_picture_upload_disabled", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+      });
+      return NextResponse.json(
+        { error: "Photo upload is not enabled" },
+        { status: 403 }
+      );
+    }
+    if (!config.upload_photo_path) {
+      logger.warn("profile_picture_upload_path_not_configured", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+      });
+      return NextResponse.json(
+        { error: "Upload path is not configured" },
+        { status: 500 }
+      );
+    }
+    // Get FormData
+    const formData = await request.formData();
+    const file = formData.get("file") as File | null;
+    if (!file) {
+      logger.warn("profile_picture_upload_no_file", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+      });
+      return NextResponse.json(
+        { error: "No file provided" },
+        { status: 400 }
+      );
+    }
+    // Validate file type
+    const fileTypes = get_file_types_config();
+    const fileType = file.type;
+    if (!fileTypes.allowed_image_mime_types.includes(fileType)) {
+      logger.warn("profile_picture_upload_invalid_type", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+        fileType,
+      });
+      return NextResponse.json(
+        { error: "Invalid file type. Only JPG and PNG files are allowed." },
+        { status: 400 }
+      );
+    }
+    // Validate file size (should already be compressed client-side, but check server-side too)
+    const fileSize = file.size;
+    if (fileSize > config.max_photo_size) {
+      logger.warn("profile_picture_upload_too_large", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+        fileSize,
+        maxSize: config.max_photo_size,
+      });
+      return NextResponse.json(
+        { error: `File size exceeds maximum allowed size of ${config.max_photo_size} bytes` },
+        { status: 400 }
+      );
+    }
+    // Get current user profile picture info before updating
+    const hazoConnect = get_hazo_connect_instance();
+    const users_service = createCrudService(hazoConnect, "hazo_users");
+    const current_users = await users_service.findBy({ id: user_id });
+    let oldProfilePictureUrl: string | null = null;
+    let oldProfileSource: string | null = null;
+    if (Array.isArray(current_users) && current_users.length > 0) {
+      const current_user = current_users[0];
+      oldProfilePictureUrl = (current_user.profile_picture_url as string) || null;
+      oldProfileSource = (current_user.profile_source as string) || null;
+    }
+    // Determine file extension from MIME type
+    const mimeToExt: Record<string, string> = {
+      "image/jpeg": "jpg",
+      "image/jpg": "jpg",
+      "image/png": "png",
+    };
+    const fileExtension = mimeToExt[fileType] || "jpg";
+    const fileName = `${user_id}.${fileExtension}`;
+    // Resolve upload path
+    const uploadPath = path.isAbsolute(config.upload_photo_path)
+      ? config.upload_photo_path
+      : path.resolve(process.cwd(), config.upload_photo_path);
+    // Create upload directory if it doesn't exist
+    if (!fs.existsSync(uploadPath)) {
+      fs.mkdirSync(uploadPath, { recursive: true });
+    }
+    // Save file
+    const filePath = path.join(uploadPath, fileName);
+    const arrayBuffer = await file.arrayBuffer();
+    const buffer = Buffer.from(arrayBuffer);
+    fs.writeFileSync(filePath, buffer);
+    // Generate URL (relative to public or absolute)
+    // For Next.js, we'll serve from a public route or use absolute path
+    // For now, use a relative path that can be served via API or static file serving
+    const profilePictureUrl = `/api/hazo_auth/profile_picture/${fileName}`;
+    // Update user record
+    const updateResult = await update_user_profile_picture(
+      hazoConnect,
+      user_id,
+      profilePictureUrl,
+      "upload",
+    );
+    if (!updateResult.success) {
+      // Clean up uploaded file
+      try {
+        fs.unlinkSync(filePath);
+      } catch (error) {
+        // Ignore cleanup errors
+      }
+      logger.warn("profile_picture_upload_update_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+        error: updateResult.error,
+      });
+      return NextResponse.json(
+        { error: updateResult.error || "Failed to update profile picture" },
+        { status: 500 }
+      );
+    }
+    // Delete old profile picture file if it exists and was an uploaded file
+    if (oldProfilePictureUrl && oldProfileSource) {
+      const oldSourceUI = map_db_source_to_ui(oldProfileSource);
+      // Only delete if the old profile picture was an uploaded file
+      if (oldSourceUI === "upload") {
+        try {
+          // Extract filename from URL (e.g., /api/hazo_auth/profile_picture/user_id.jpg)
+          const oldFileName = oldProfilePictureUrl.split("/").pop();
+          if (oldFileName) {
+            // Check if it's a user-specific file (starts with user_id)
+            if (oldFileName.startsWith(user_id)) {
+              const oldFilePath = path.join(uploadPath, oldFileName);
+              // Only delete if it's a different file (different extension)
+              if (oldFilePath !== filePath && fs.existsSync(oldFilePath)) {
+                fs.unlinkSync(oldFilePath);
+                logger.info("profile_picture_old_file_deleted", {
+                  filename: get_filename(),
+                  line_number: get_line_number(),
+                  user_id,
+                  oldFileName,
+                });
+              }
+            }
+          }
+        } catch (error) {
+          // Log error but don't fail the request
+          logger.warn("profile_picture_old_file_delete_failed", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+            oldProfilePictureUrl,
+            error: error instanceof Error ? error.message : "Unknown error",
+          });
+        }
+      }
+    }
+    logger.info("profile_picture_upload_successful", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id,
+      fileName,
+      fileSize,
+    });
+    return NextResponse.json(
+      {
+        success: true,
+        profile_picture_url: profilePictureUrl,
+        message: "Profile picture uploaded successfully",
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("profile_picture_upload_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Failed to upload profile picture. Please try again." },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/hazo_auth/user_management/permissions/route.ts ADDED Viewed

@@ -0,0 +1,367 @@
+// file_description: API route for permissions management operations (list, migrate from config, update, delete)
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { createCrudService } from "hazo_connect/server";
+import { create_app_logger } from "@/lib/app_logger";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+import { get_user_management_config } from "@/lib/user_management_config.server";
+// section: route_config
+export const dynamic = 'force-dynamic';
+// section: api_handler
+/**
+ * GET - Fetch all permissions from database and config
+ */
+export async function GET(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const hazoConnect = get_hazo_connect_instance();
+    const permissions_service = createCrudService(hazoConnect, "hazo_permissions");
+    // Fetch all permissions from database (empty object means no filter - get all records)
+    const db_permissions = await permissions_service.findBy({});
+    if (!Array.isArray(db_permissions)) {
+      return NextResponse.json(
+        { error: "Failed to fetch permissions" },
+        { status: 500 }
+      );
+    }
+    // Get config permissions
+    const config = get_user_management_config();
+    const config_permission_names = config.application_permission_list_defaults || [];
+    // Get DB permission names
+    const db_permission_names = db_permissions.map((p) => p.permission_name as string);
+    // Find config permissions not in DB
+    const config_only_permissions = config_permission_names.filter(
+      (name) => !db_permission_names.includes(name)
+    );
+    logger.info("user_management_permissions_fetched", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      db_count: db_permissions.length,
+      config_count: config_permission_names.length,
+    });
+    return NextResponse.json(
+      {
+        success: true,
+        db_permissions: db_permissions.map((p) => ({
+          id: p.id,
+          permission_name: p.permission_name,
+          description: p.description || "",
+        })),
+        config_permissions: config_only_permissions,
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("user_management_permissions_fetch_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Failed to fetch permissions" },
+      { status: 500 }
+    );
+  }
+}
+/**
+ * POST - Create new permission or migrate config permissions to database
+ */
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const { searchParams } = new URL(request.url);
+    const action = searchParams.get("action");
+    // Handle migrate action
+    if (action === "migrate") {
+      const hazoConnect = get_hazo_connect_instance();
+      const permissions_service = createCrudService(hazoConnect, "hazo_permissions");
+      // Get config permissions
+      const config = get_user_management_config();
+      const config_permission_names = config.application_permission_list_defaults || [];
+      if (config_permission_names.length === 0) {
+        return NextResponse.json(
+          {
+            success: true,
+            message: "No permissions to migrate",
+            created: [],
+            skipped: [],
+          },
+          { status: 200 }
+        );
+      }
+      // Get existing permissions from DB (empty object means no filter - get all records)
+      const db_permissions = await permissions_service.findBy({});
+      const db_permission_names = Array.isArray(db_permissions)
+        ? db_permissions.map((p) => p.permission_name as string)
+        : [];
+      const now = new Date().toISOString();
+      const created: string[] = [];
+      const skipped: string[] = [];
+      // Migrate each config permission
+      for (const permission_name of config_permission_names) {
+        if (db_permission_names.includes(permission_name)) {
+          // Skip if already exists
+          skipped.push(permission_name);
+          continue;
+        }
+        // Create new permission
+        await permissions_service.insert({
+          permission_name: permission_name.trim(),
+          description: "",
+          created_at: now,
+          changed_at: now,
+        });
+        created.push(permission_name);
+      }
+      logger.info("user_management_permissions_migrated", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        created_count: created.length,
+        skipped_count: skipped.length,
+      });
+      return NextResponse.json(
+        {
+          success: true,
+          created,
+          skipped,
+        },
+        { status: 200 }
+      );
+    }
+    // Handle create new permission
+    const body = await request.json();
+    const { permission_name, description } = body;
+    if (!permission_name || typeof permission_name !== "string" || permission_name.trim().length === 0) {
+      return NextResponse.json(
+        { error: "permission_name is required and must be a non-empty string" },
+        { status: 400 }
+      );
+    }
+    const hazoConnect = get_hazo_connect_instance();
+    const permissions_service = createCrudService(hazoConnect, "hazo_permissions");
+    // Check if permission already exists
+    const existing_permissions = await permissions_service.findBy({
+      permission_name: permission_name.trim(),
+    });
+    if (Array.isArray(existing_permissions) && existing_permissions.length > 0) {
+      return NextResponse.json(
+        { error: "Permission with this name already exists" },
+        { status: 409 }
+      );
+    }
+    // Create new permission
+    const now = new Date().toISOString();
+    const new_permission_result = await permissions_service.insert({
+      permission_name: permission_name.trim(),
+      description: (description || "").trim(),
+      created_at: now,
+      changed_at: now,
+    });
+    // insert() returns an array, get the first element
+    if (!Array.isArray(new_permission_result) || new_permission_result.length === 0) {
+      return NextResponse.json(
+        { error: "Failed to create permission - no record returned" },
+        { status: 500 }
+      );
+    }
+    const new_permission = new_permission_result[0] as { id: number; permission_name: string; description: string };
+    logger.info("user_management_permission_created", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      permission_id: new_permission.id,
+      permission_name: permission_name.trim(),
+    });
+    return NextResponse.json(
+      {
+        success: true,
+        permission: {
+          id: new_permission.id,
+          permission_name: permission_name.trim(),
+          description: (description || "").trim(),
+        },
+      },
+      { status: 201 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("user_management_permissions_post_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Failed to create permission" },
+      { status: 500 }
+    );
+  }
+}
+/**
+ * PUT - Update permission description
+ */
+export async function PUT(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const body = await request.json();
+    const { permission_id, description } = body;
+    if (!permission_id || typeof description !== "string") {
+      return NextResponse.json(
+        { error: "permission_id and description are required" },
+        { status: 400 }
+      );
+    }
+    const hazoConnect = get_hazo_connect_instance();
+    const permissions_service = createCrudService(hazoConnect, "hazo_permissions");
+    // Update permission with changed_at timestamp
+    const now = new Date().toISOString();
+    await permissions_service.updateById(permission_id, {
+      description: description.trim(),
+      changed_at: now,
+    });
+    logger.info("user_management_permission_updated", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      permission_id,
+    });
+    return NextResponse.json(
+      { success: true },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("user_management_permission_update_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Failed to update permission" },
+      { status: 500 }
+    );
+  }
+}
+/**
+ * DELETE - Delete permission from database
+ */
+export async function DELETE(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const { searchParams } = new URL(request.url);
+    const permission_id = searchParams.get("permission_id");
+    if (!permission_id) {
+      return NextResponse.json(
+        { error: "permission_id is required" },
+        { status: 400 }
+      );
+    }
+    const permission_id_num = parseInt(permission_id, 10);
+    if (isNaN(permission_id_num)) {
+      return NextResponse.json(
+        { error: "permission_id must be a number" },
+        { status: 400 }
+      );
+    }
+    const hazoConnect = get_hazo_connect_instance();
+    const permissions_service = createCrudService(hazoConnect, "hazo_permissions");
+    const role_permissions_service = createCrudService(hazoConnect, "hazo_role_permissions");
+    // Check if permission is used in any role
+    const role_permissions = await role_permissions_service.findBy({
+      permission_id: permission_id_num,
+    });
+    if (Array.isArray(role_permissions) && role_permissions.length > 0) {
+      return NextResponse.json(
+        { error: "Cannot delete permission that is assigned to roles" },
+        { status: 409 }
+      );
+    }
+    // Delete permission
+    await permissions_service.deleteById(permission_id_num);
+    logger.info("user_management_permission_deleted", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      permission_id: permission_id_num,
+    });
+    return NextResponse.json(
+      { success: true },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("user_management_permission_delete_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Failed to delete permission" },
+      { status: 500 }
+    );
+  }
+}