npm - hazo_auth - Versions diffs - 0.1.2 → 1.0.0 - Mend

hazo_auth 0.1.2 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

package/src/app/api/hazo_auth/user_management/users/roles/route.ts ADDED Viewed

@@ -0,0 +1,367 @@
+// file_description: API route for managing user roles (assigning roles to users)
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { createCrudService, getSqliteAdminService } from "hazo_connect/server";
+import { create_app_logger } from "@/lib/app_logger";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+import { get_auth_cache } from "@/lib/auth/auth_cache";
+import { get_auth_utility_config } from "@/lib/auth_utility_config.server";
+// section: route_config
+export const dynamic = 'force-dynamic';
+// section: api_handler
+/**
+ * GET - Get roles assigned to a user
+ * Query params: user_id (string)
+ */
+export async function GET(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const { searchParams } = new URL(request.url);
+    const user_id = searchParams.get("user_id");
+    if (!user_id || typeof user_id !== "string") {
+      return NextResponse.json(
+        { error: "user_id is required as a query parameter" },
+        { status: 400 }
+      );
+    }
+    const hazoConnect = get_hazo_connect_instance();
+    const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+    // Get all roles assigned to this user
+    const user_roles = await user_roles_service.findBy({
+      user_id,
+    });
+    if (!Array.isArray(user_roles)) {
+      return NextResponse.json(
+        { error: "Failed to fetch user roles" },
+        { status: 500 }
+      );
+    }
+    // Extract role IDs
+    const role_ids = user_roles.map((ur) => ur.role_id as number).filter((id) => id !== undefined);
+    return NextResponse.json(
+      {
+        success: true,
+        role_ids,
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    logger.error("user_management_user_roles_fetch_failed", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error: error_message,
+    });
+    return NextResponse.json(
+      { error: "Failed to fetch user roles" },
+      { status: 500 }
+    );
+  }
+}
+/**
+ * POST - Assign a role to a user
+ * Body: { user_id: string, role_id: number }
+ */
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const body = await request.json();
+    const { user_id, role_id } = body;
+    if (!user_id || typeof user_id !== "string") {
+      return NextResponse.json(
+        { error: "user_id is required and must be a string" },
+        { status: 400 }
+      );
+    }
+    if (!role_id || typeof role_id !== "number") {
+      return NextResponse.json(
+        { error: "role_id is required and must be a number" },
+        { status: 400 }
+      );
+    }
+    const hazoConnect = get_hazo_connect_instance();
+    const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+    // Check if user exists
+    const users_service = createCrudService(hazoConnect, "hazo_users");
+    const users = await users_service.findBy({ id: user_id });
+    if (!Array.isArray(users) || users.length === 0) {
+      return NextResponse.json(
+        { error: "User not found" },
+        { status: 404 }
+      );
+    }
+    // Check if role exists
+    const roles_service = createCrudService(hazoConnect, "hazo_roles");
+    const roles = await roles_service.findBy({ id: role_id });
+    if (!Array.isArray(roles) || roles.length === 0) {
+      return NextResponse.json(
+        { error: "Role not found" },
+        { status: 404 }
+      );
+    }
+    // Check if role is already assigned to user
+    const existing_assignments = await user_roles_service.findBy({
+      user_id,
+      role_id,
+    });
+    if (Array.isArray(existing_assignments) && existing_assignments.length > 0) {
+      return NextResponse.json(
+        { error: "Role is already assigned to this user" },
+        { status: 409 }
+      );
+    }
+    // Assign role to user
+    const now = new Date().toISOString();
+    const new_assignment = await user_roles_service.insert({
+      user_id,
+      role_id,
+      created_at: now,
+      changed_at: now,
+    });
+    logger.info("user_management_user_role_assigned", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id,
+      role_id,
+      assignment_id: (new_assignment as { user_id?: string; role_id?: number }).user_id,
+    });
+    return NextResponse.json(
+      {
+        success: true,
+        assignment: {
+          user_id,
+          role_id,
+        },
+      },
+      { status: 201 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    logger.error("user_management_user_role_assign_failed", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error: error_message,
+    });
+    return NextResponse.json(
+      { error: "Failed to assign role to user" },
+      { status: 500 }
+    );
+  }
+}
+/**
+ * PUT - Update user roles (bulk assignment/removal)
+ * Body: { user_id: string, role_ids: number[] }
+ */
+export async function PUT(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const body = await request.json();
+    const { user_id, role_ids } = body;
+    if (!user_id || typeof user_id !== "string") {
+      return NextResponse.json(
+        { error: "user_id is required and must be a string" },
+        { status: 400 }
+      );
+    }
+    if (!Array.isArray(role_ids)) {
+      return NextResponse.json(
+        { error: "role_ids is required and must be an array" },
+        { status: 400 }
+      );
+    }
+    const hazoConnect = get_hazo_connect_instance();
+    const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+    // Check if user exists
+    const users_service = createCrudService(hazoConnect, "hazo_users");
+    const users = await users_service.findBy({ id: user_id });
+    if (!Array.isArray(users) || users.length === 0) {
+      return NextResponse.json(
+        { error: "User not found" },
+        { status: 404 }
+      );
+    }
+    // Get current user roles
+    const current_user_roles = await user_roles_service.findBy({
+      user_id,
+    });
+    if (!Array.isArray(current_user_roles)) {
+      return NextResponse.json(
+        { error: "Failed to fetch current user roles" },
+        { status: 500 }
+      );
+    }
+    const current_role_ids = current_user_roles.map((ur) => ur.role_id as number).filter((id) => id !== undefined);
+    const target_role_ids = role_ids.filter((id) => typeof id === "number");
+    // Find roles to add and remove
+    const to_add = target_role_ids.filter((id) => !current_role_ids.includes(id));
+    const to_remove = current_role_ids.filter((id) => !target_role_ids.includes(id));
+    const now = new Date().toISOString();
+    // Add new roles
+    for (const role_id of to_add) {
+      // Check if role exists
+      const roles_service = createCrudService(hazoConnect, "hazo_roles");
+      const roles = await roles_service.findBy({ id: role_id });
+      if (Array.isArray(roles) && roles.length > 0) {
+        await user_roles_service.insert({
+          user_id,
+          role_id,
+          created_at: now,
+          changed_at: now,
+        });
+      }
+    }
+    // Remove roles
+    // Note: hazo_user_roles is a junction table without an id column
+    // We need to use SQLite admin service to delete by composite key (user_id, role_id)
+    if (to_remove.length > 0) {
+      try {
+        const admin_service = getSqliteAdminService();
+        for (const role_id of to_remove) {
+          // Delete using SQLite admin service with criteria (user_id and role_id)
+          await admin_service.deleteRows("hazo_user_roles", {
+            user_id,
+            role_id,
+          });
+        }
+      } catch (adminError) {
+        // Fallback: try using createCrudService deleteById if rowid exists
+        // SQLite tables have a hidden rowid column that can be used
+        const error_message = adminError instanceof Error ? adminError.message : "Unknown error";
+        logger.warn("user_management_user_role_delete_admin_failed", {
+          filename: get_filename(),
+          line_number: get_line_number(),
+          error: error_message,
+          note: "Trying fallback method",
+        });
+        // Fallback: try to find and delete using rowid if available
+        for (const role_id of to_remove) {
+          const assignments_to_remove = await user_roles_service.findBy({
+            user_id,
+            role_id,
+          });
+          if (Array.isArray(assignments_to_remove) && assignments_to_remove.length > 0) {
+            for (const assignment of assignments_to_remove) {
+              // Try deleteById with rowid (SQLite has hidden rowid)
+              try {
+                // Check if assignment has an id field (could be rowid)
+                if ((assignment as { id?: number }).id !== undefined) {
+                  await user_roles_service.deleteById((assignment as { id: number }).id);
+                } else if ((assignment as { rowid?: number }).rowid !== undefined) {
+                  await user_roles_service.deleteById((assignment as { rowid: number }).rowid);
+                } else {
+                  // Last resort: log error
+                  logger.error("user_management_user_role_delete_no_id", {
+                    filename: get_filename(),
+                    line_number: get_line_number(),
+                    user_id,
+                    role_id,
+                    assignment,
+                  });
+                }
+              } catch (deleteError) {
+                const delete_error_message = deleteError instanceof Error ? deleteError.message : "Unknown error";
+                logger.error("user_management_user_role_delete_failed", {
+                  filename: get_filename(),
+                  line_number: get_line_number(),
+                  user_id,
+                  role_id,
+                  error: delete_error_message,
+                });
+              }
+            }
+          }
+        }
+      }
+    }
+    // Invalidate user cache after role assignment changes
+    try {
+      const config = get_auth_utility_config();
+      const cache = get_auth_cache(
+        config.cache_max_users,
+        config.cache_ttl_minutes,
+        config.cache_max_age_minutes,
+      );
+      cache.invalidate_user(user_id);
+    } catch (cache_error) {
+      // Log but don't fail role update if cache invalidation fails
+      const cache_error_message =
+        cache_error instanceof Error ? cache_error.message : "Unknown error";
+      logger.warn("user_management_user_roles_cache_invalidation_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+        error: cache_error_message,
+      });
+    }
+    logger.info("user_management_user_roles_updated", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id,
+      added: to_add.length,
+      removed: to_remove.length,
+    });
+    return NextResponse.json(
+      {
+        success: true,
+        added: to_add.length,
+        removed: to_remove.length,
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    logger.error("user_management_user_roles_update_failed", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error: error_message,
+    });
+    return NextResponse.json(
+      { error: "Failed to update user roles" },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/hazo_auth/user_management/users/route.ts ADDED Viewed

@@ -0,0 +1,239 @@
+// file_description: API route for user management operations (list users, deactivate, reset password)
+// section: imports
+import { NextRequest, NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "@/lib/hazo_connect_instance.server";
+import { createCrudService } from "hazo_connect/server";
+import { create_app_logger } from "@/lib/app_logger";
+import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+import { request_password_reset } from "@/lib/services/password_reset_service";
+import { get_auth_cache } from "@/lib/auth/auth_cache";
+import { get_auth_utility_config } from "@/lib/auth_utility_config.server";
+// section: route_config
+export const dynamic = 'force-dynamic';
+// section: api_handler
+/**
+ * GET - Fetch all users with details or a specific user by id
+ * Query params: id (optional) - if provided, returns only that user
+ */
+export async function GET(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const { searchParams } = new URL(request.url);
+    const user_id = searchParams.get("id");
+    const hazoConnect = get_hazo_connect_instance();
+    const users_service = createCrudService(hazoConnect, "hazo_users");
+    // Fetch users - filter by id if provided, otherwise get all
+    const users = await users_service.findBy(user_id ? { id: user_id } : {});
+    if (!Array.isArray(users)) {
+      return NextResponse.json(
+        { error: "Failed to fetch users" },
+        { status: 500 }
+      );
+    }
+    logger.info("user_management_users_fetched", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_count: users.length,
+    });
+    return NextResponse.json(
+      {
+        success: true,
+        users: users.map((user) => ({
+          id: user.id,
+          name: user.name || null,
+          email_address: user.email_address,
+          email_verified: user.email_verified || false,
+          is_active: user.is_active !== false,
+          last_logon: user.last_logon || null,
+          created_at: user.created_at || null,
+          profile_picture_url: user.profile_picture_url || null,
+          profile_source: user.profile_source || null,
+        })),
+      },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("user_management_users_fetch_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Failed to fetch users" },
+      { status: 500 }
+    );
+  }
+}
+/**
+ * PATCH - Update user (deactivate: set is_active to false)
+ */
+export async function PATCH(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const body = await request.json();
+    const { user_id, is_active } = body;
+    if (!user_id || typeof is_active !== "boolean") {
+      return NextResponse.json(
+        { error: "user_id and is_active (boolean) are required" },
+        { status: 400 }
+      );
+    }
+    const hazoConnect = get_hazo_connect_instance();
+    const users_service = createCrudService(hazoConnect, "hazo_users");
+    // Update user with changed_at timestamp
+    const now = new Date().toISOString();
+    await users_service.updateById(user_id, {
+      is_active,
+      changed_at: now,
+    });
+    // Invalidate user cache after deactivation
+    if (is_active === false) {
+      try {
+        const config = get_auth_utility_config();
+        const cache = get_auth_cache(
+          config.cache_max_users,
+          config.cache_ttl_minutes,
+          config.cache_max_age_minutes,
+        );
+        cache.invalidate_user(user_id);
+      } catch (cache_error) {
+        // Log but don't fail user update if cache invalidation fails
+        const cache_error_message =
+          cache_error instanceof Error ? cache_error.message : "Unknown error";
+        logger.warn("user_management_user_cache_invalidation_failed", {
+          filename: get_filename(),
+          line_number: get_line_number(),
+          user_id,
+          error: cache_error_message,
+        });
+      }
+    }
+    logger.info("user_management_user_updated", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id,
+      is_active,
+    });
+    return NextResponse.json(
+      { success: true },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("user_management_user_update_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Failed to update user" },
+      { status: 500 }
+    );
+  }
+}
+/**
+ * POST - Send password reset email to user
+ */
+export async function POST(request: NextRequest) {
+  const logger = create_app_logger();
+  try {
+    const body = await request.json();
+    const { user_id } = body;
+    if (!user_id) {
+      return NextResponse.json(
+        { error: "user_id is required" },
+        { status: 400 }
+      );
+    }
+    const hazoConnect = get_hazo_connect_instance();
+    const users_service = createCrudService(hazoConnect, "hazo_users");
+    // Get user by ID
+    const users = await users_service.findBy({ id: user_id });
+    if (!Array.isArray(users) || users.length === 0) {
+      return NextResponse.json(
+        { error: "User not found" },
+        { status: 404 }
+      );
+    }
+    const user = users[0];
+    const email = user.email_address as string;
+    // Request password reset using existing service
+    const result = await request_password_reset(hazoConnect, { email });
+    if (!result.success) {
+      logger.warn("user_management_password_reset_failed", {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        user_id,
+        email,
+        error: result.error,
+      });
+      return NextResponse.json(
+        { error: result.error || "Failed to send password reset email" },
+        { status: 500 }
+      );
+    }
+    logger.info("user_management_password_reset_sent", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      user_id,
+      email,
+    });
+    return NextResponse.json(
+      { success: true },
+      { status: 200 }
+    );
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+    logger.error("user_management_password_reset_error", {
+      filename: get_filename(),
+      line_number: get_line_number(),
+      error_message,
+      error_stack,
+    });
+    return NextResponse.json(
+      { error: "Failed to send password reset email" },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/{auth → hazo_auth}/validate_reset_token/route.ts RENAMED Viewed

@@ -6,6 +6,9 @@ import { validate_password_reset_token } from "@/lib/services/password_reset_ser
 import { create_app_logger } from "@/lib/app_logger";
 import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+// section: route_config
+export const dynamic = 'force-dynamic';
 // section: api_handler
 export async function GET(request: NextRequest) {
   const logger = create_app_logger();

package/src/app/api/{auth → hazo_auth}/verify_email/route.ts RENAMED Viewed

@@ -6,6 +6,9 @@ import { create_app_logger } from "@/lib/app_logger";
 import { verify_email_token } from "@/lib/services/email_verification_service";
 import { get_filename, get_line_number } from "@/lib/utils/api_route_helpers";
+// section: route_config
+export const dynamic = 'force-dynamic';
 // section: api_handler
 export async function GET(request: NextRequest) {
   const logger = create_app_logger();

package/src/app/globals.css CHANGED Viewed

@@ -1,4 +1,4 @@
-/* file_description: define global tailwind layers and theme tokens for ui_component */
+/* file_description: define global tailwind layers and theme tokens for hazo_auth */
 @tailwind base;
 @tailwind components;
 @tailwind utilities;

package/src/app/hazo_auth/user_management/page.tsx ADDED Viewed

@@ -0,0 +1,14 @@
+// file_description: render the user management page shell and mount the user management layout component within sidebar
+// section: imports
+import { SidebarLayoutWrapper } from "@/components/layouts/shared/components/sidebar_layout_wrapper";
+import { UserManagementPageClient } from "./user_management_page_client";
+// section: component
+export default function user_management_page() {
+  return (
+    <SidebarLayoutWrapper>
+      <UserManagementPageClient />
+    </SidebarLayoutWrapper>
+  );
+}

package/src/app/hazo_auth/user_management/user_management_page_client.tsx ADDED Viewed

@@ -0,0 +1,16 @@
+// file_description: client component for user management page
+// section: client_directive
+"use client";
+// section: imports
+import { UserManagementLayout } from "@/components/layouts/user_management";
+// section: component
+/**
+ * Client component for user management page
+ * @returns User Management layout component
+ */
+export function UserManagementPageClient() {
+  return <UserManagementLayout className="w-full" />;
+}

package/src/app/hazo_connect/api/sqlite/data/route.ts CHANGED Viewed

@@ -25,7 +25,13 @@ const allowedOperators: SqliteFilterOperator[] = [
 function ensureAdminServiceInitialized() {
   // Get singleton hazo_connect instance (initializes admin service if needed)
   get_hazo_connect_instance();
-  return getSqliteAdminService();
+  try {
+    return getSqliteAdminService();
+  } catch (serviceError) {
+    const errorMessage = serviceError instanceof Error ? serviceError.message : "Unknown error";
+    throw new Error(`SQLite Admin Service not available: ${errorMessage}. Make sure enable_admin_ui is set to true in hazo_auth_config.ini.`);
+  }
 }
 export async function GET(request: NextRequest) {