hazo_auth 1.0.5 → 1.2.0

package/scripts/init_users.ts

@@ -0,0 +1,378 @@
+// file_description: script to initialize users, roles, and permissions from configuration
+// Run with: npx tsx scripts/init_users.ts init_users
+// section: imports
+import { get_hazo_connect_instance } from "../src/lib/hazo_connect_instance.server";
+import { createCrudService } from "hazo_connect/server";
+import { get_user_management_config } from "../src/lib/user_management_config.server";
+import { get_config_value } from "../src/lib/config/config_loader.server";
+import { create_app_logger } from "../src/lib/app_logger";
+
+// section: types
+type InitSummary = {
+  permissions: {
+    inserted: string[];
+    existing: string[];
+  };
+  role: {
+    inserted: boolean;
+    existing: boolean;
+    role_id: number | null;
+  };
+  role_permissions: {
+    inserted: number;
+    existing: number;
+  };
+  user_role: {
+    inserted: boolean;
+    existing: boolean;
+  };
+};
+
+// section: helpers
+/**
+ * Displays help information for available commands
+ */
+function show_help(): void {
+  console.log(`
+hazo_auth CLI - User and Permission Management
+
+Usage: npx tsx scripts/init_users.ts <command>
+
+Available Commands:
+  init_users    Initialize users, roles, and permissions from configuration
+                - Reads permissions from hazo_auth_config.ini [hazo_auth__user_management] application_permission_list_defaults
+                - Creates default_super_user_role in hazo_roles
+                - Assigns all permissions to the super user role
+                - Finds user by email from hazo_auth_config.ini [hazo_auth__initial_setup] default_super_user_email
+                - Assigns super user role to the user
+                - Provides summary of what was inserted vs what already existed
+
+  help          Show this help message
+
+Configuration:
+  Add the following to hazo_auth_config.ini:
+
+  [hazo_auth__user_management]
+  application_permission_list_defaults = admin_user_management,admin_role_management,admin_permission_management
+
+  [hazo_auth__initial_setup]
+  default_super_user_email = admin@example.com
+
+Examples:
+  npx tsx scripts/init_users.ts init_users
+  npx tsx scripts/init_users.ts help
+`);
+}
+
+/**
+ * Initializes users, roles, and permissions from configuration
+ */
+async function init_users(): Promise<void> {
+  const logger = create_app_logger();
+  const summary: InitSummary = {
+    permissions: {
+      inserted: [],
+      existing: [],
+    },
+    role: {
+      inserted: false,
+      existing: false,
+      role_id: null,
+    },
+    role_permissions: {
+      inserted: 0,
+      existing: 0,
+    },
+    user_role: {
+      inserted: false,
+      existing: false,
+    },
+  };
+
+  try {
+    console.log("Initializing users, roles, and permissions from configuration...\n");
+
+    // Get hazo_connect instance
+    const hazoConnect = get_hazo_connect_instance();
+    const permissions_service = createCrudService(hazoConnect, "hazo_permissions");
+    const roles_service = createCrudService(hazoConnect, "hazo_roles");
+    const role_permissions_service = createCrudService(hazoConnect, "hazo_role_permissions");
+    const users_service = createCrudService(hazoConnect, "hazo_users");
+    const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+
+    // 1. Get permissions from config
+    const config = get_user_management_config();
+    const permission_names = config.application_permission_list_defaults || [];
+
+    if (permission_names.length === 0) {
+      console.log("⚠ No permissions found in configuration.");
+      console.log("  Add permissions to [hazo_auth__user_management] application_permission_list_defaults\n");
+      return;
+    }
+
+    console.log(`Found ${permission_names.length} permission(s) in configuration:`);
+    permission_names.forEach((name) => console.log(`  - ${name}`));
+    console.log();
+
+    // 2. Add permissions to hazo_permissions table
+    const permission_id_map: Record<string, number> = {};
+    const now = new Date().toISOString();
+
+    for (const permission_name of permission_names) {
+      const trimmed_name = permission_name.trim();
+      if (!trimmed_name) continue;
+
+      // Check if permission already exists
+      const existing_permissions = await permissions_service.findBy({
+        permission_name: trimmed_name,
+      });
+
+      if (Array.isArray(existing_permissions) && existing_permissions.length > 0) {
+        const existing_permission = existing_permissions[0];
+        const perm_id = existing_permission.id as number;
+        permission_id_map[trimmed_name] = perm_id;
+        summary.permissions.existing.push(trimmed_name);
+        console.log(`✓ Permission already exists: ${trimmed_name} (ID: ${perm_id})`);
+      } else {
+        // Insert new permission
+        const new_permission = await permissions_service.insert({
+          permission_name: trimmed_name,
+          description: `Permission for ${trimmed_name}`,
+          created_at: now,
+          changed_at: now,
+        });
+
+        const perm_id = Array.isArray(new_permission)
+          ? (new_permission[0] as { id: number }).id
+          : (new_permission as { id: number }).id;
+        permission_id_map[trimmed_name] = perm_id;
+        summary.permissions.inserted.push(trimmed_name);
+        console.log(`✓ Inserted permission: ${trimmed_name} (ID: ${perm_id})`);
+      }
+    }
+
+    console.log();
+
+    // 3. Create or get default_super_user_role
+    const role_name = "default_super_user_role";
+    const existing_roles = await roles_service.findBy({
+      role_name,
+    });
+
+    let role_id: number;
+    if (Array.isArray(existing_roles) && existing_roles.length > 0) {
+      role_id = existing_roles[0].id as number;
+      summary.role.existing = true;
+      summary.role.role_id = role_id;
+      console.log(`✓ Role already exists: ${role_name} (ID: ${role_id})`);
+    } else {
+      const new_role = await roles_service.insert({
+        role_name,
+        created_at: now,
+        changed_at: now,
+      });
+
+      role_id = Array.isArray(new_role)
+        ? (new_role[0] as { id: number }).id
+        : (new_role as { id: number }).id;
+      summary.role.inserted = true;
+      summary.role.role_id = role_id;
+      console.log(`✓ Created role: ${role_name} (ID: ${role_id})`);
+    }
+
+    console.log();
+
+    // 4. Assign all permissions to the role
+    const permission_ids = Object.values(permission_id_map);
+
+    for (const permission_id of permission_ids) {
+      // Check if role-permission assignment already exists
+      const existing_assignments = await role_permissions_service.findBy({
+        role_id,
+        permission_id,
+      });
+
+      if (Array.isArray(existing_assignments) && existing_assignments.length > 0) {
+        summary.role_permissions.existing++;
+        const perm_name = Object.keys(permission_id_map).find(
+          (key) => permission_id_map[key] === permission_id,
+        );
+        console.log(`✓ Role-permission already exists: ${role_name} -> ${perm_name}`);
+      } else {
+        await role_permissions_service.insert({
+          role_id,
+          permission_id,
+          created_at: now,
+          changed_at: now,
+        });
+        summary.role_permissions.inserted++;
+        const perm_name = Object.keys(permission_id_map).find(
+          (key) => permission_id_map[key] === permission_id,
+        );
+        console.log(`✓ Assigned permission to role: ${role_name} -> ${perm_name}`);
+      }
+    }
+
+    console.log();
+
+    // 5. Get super user email from config
+    const super_user_email = get_config_value(
+      "hazo_auth__initial_setup",
+      "default_super_user_email",
+      "",
+    ).trim();
+
+    if (!super_user_email) {
+      console.log("⚠ No super user email found in configuration.");
+      console.log("  Add [hazo_auth__initial_setup] default_super_user_email to config\n");
+      print_summary(summary);
+      return;
+    }
+
+    console.log(`Looking up user with email: ${super_user_email}`);
+
+    // 6. Find user by email
+    const users = await users_service.findBy({
+      email_address: super_user_email,
+    });
+
+    if (!Array.isArray(users) || users.length === 0) {
+      console.log(`✗ User not found with email: ${super_user_email}`);
+      console.log("  Please ensure the user exists in the database before running this script.\n");
+      print_summary(summary);
+      return;
+    }
+
+    const user = users[0];
+    const user_id = user.id as string;
+    console.log(`✓ Found user: ${super_user_email} (ID: ${user_id})`);
+    console.log();
+
+    // 7. Assign role to user
+    const existing_user_roles = await user_roles_service.findBy({
+      user_id,
+      role_id,
+    });
+
+    if (Array.isArray(existing_user_roles) && existing_user_roles.length > 0) {
+      summary.user_role.existing = true;
+      console.log(`✓ User already has role assigned: ${user_id} -> ${role_name}`);
+    } else {
+      await user_roles_service.insert({
+        user_id,
+        role_id,
+        created_at: now,
+        changed_at: now,
+      });
+      summary.user_role.inserted = true;
+      console.log(`✓ Assigned role to user: ${user_id} -> ${role_name}`);
+    }
+
+    console.log();
+
+    // 8. Print summary
+    print_summary(summary);
+
+    logger.info("init_users_completed", {
+      filename: "init_users.ts",
+      line_number: 0,
+      summary,
+    });
+  } catch (error) {
+    const error_message = error instanceof Error ? error.message : "Unknown error";
+    const error_stack = error instanceof Error ? error.stack : undefined;
+
+    console.error("\n✗ Error initializing users:");
+    console.error(`  ${error_message}`);
+    if (error_stack) {
+      console.error("\nStack trace:");
+      console.error(error_stack);
+    }
+
+    const logger = create_app_logger();
+    logger.error("init_users_failed", {
+      filename: "init_users.ts",
+      line_number: 0,
+      error_message,
+      error_stack,
+    });
+
+    process.exit(1);
+  }
+}
+
+/**
+ * Prints a summary of what was inserted vs what already existed
+ */
+function print_summary(summary: InitSummary): void {
+  console.log("=".repeat(60));
+  console.log("INITIALIZATION SUMMARY");
+  console.log("=".repeat(60));
+  console.log();
+
+  // Permissions summary
+  console.log("Permissions:");
+  if (summary.permissions.inserted.length > 0) {
+    console.log(`  ✓ Inserted (${summary.permissions.inserted.length}):`);
+    summary.permissions.inserted.forEach((name) => console.log(`    - ${name}`));
+  }
+  if (summary.permissions.existing.length > 0) {
+    console.log(`  ⊙ Already existed (${summary.permissions.existing.length}):`);
+    summary.permissions.existing.forEach((name) => console.log(`    - ${name}`));
+  }
+  console.log();
+
+  // Role summary
+  console.log("Role:");
+  if (summary.role.inserted) {
+    console.log(`  ✓ Inserted: default_super_user_role (ID: ${summary.role.role_id})`);
+  }
+  if (summary.role.existing) {
+    console.log(`  ⊙ Already existed: default_super_user_role (ID: ${summary.role.role_id})`);
+  }
+  console.log();
+
+  // Role permissions summary
+  console.log("Role-Permission Assignments:");
+  if (summary.role_permissions.inserted > 0) {
+    console.log(`  ✓ Inserted: ${summary.role_permissions.inserted} assignment(s)`);
+  }
+  if (summary.role_permissions.existing > 0) {
+    console.log(`  ⊙ Already existed: ${summary.role_permissions.existing} assignment(s)`);
+  }
+  console.log();
+
+  // User role summary
+  console.log("User-Role Assignment:");
+  if (summary.user_role.inserted) {
+    console.log(`  ✓ Inserted: Super user role assigned to user`);
+  }
+  if (summary.user_role.existing) {
+    console.log(`  ⊙ Already existed: User already has super user role`);
+  }
+  console.log();
+
+  console.log("=".repeat(60));
+}
+
+// section: main
+function main(): void {
+  const command = process.argv[2];
+
+  if (!command || command === "help" || command === "--help" || command === "-h") {
+    show_help();
+    return;
+  }
+
+  if (command === "init_users") {
+    void init_users();
+  } else {
+    console.error(`Unknown command: ${command}\n`);
+    show_help();
+    process.exit(1);
+  }
+}
+
+main();
+
+

package/src/app/api/hazo_auth/login/route.ts

@@ -6,6 +6,7 @@ import { create_app_logger } from "../../../../lib/app_logger";
 import { authenticate_user } from "../../../../lib/services/login_service";
 import { createCrudService } from "hazo_connect/server";
 import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
+import { get_login_config } from "../../../../lib/login_config.server";
 
 // section: api_handler
 export async function POST(request: NextRequest) {
@@ -13,7 +14,7 @@ export async function POST(request: NextRequest) {
 
   try {
     const body = await request.json();
-    const { email, password } = body;
+    const { email, password, url_on_logon } = body;
 
     // Validate input
     if (!email || !password) {
@@ -106,6 +107,30 @@ export async function POST(request: NextRequest) {
     const user = users && users.length > 0 ? users[0] : null;
     const user_name = user?.name as string | undefined;
 
+    // Determine redirect URL priority:
+    // 1. url_on_logon from request body (if valid)
+    // 2. stored_url_on_logon from database (if available)
+    // 3. redirect_route_on_successful_login from config
+    // 4. Default to "/"
+
+    let redirectUrl = "/";
+
+    // Check priority 1: Request body
+    if (url_on_logon && typeof url_on_logon === "string" && url_on_logon.startsWith("/") && !url_on_logon.startsWith("//")) {
+      redirectUrl = url_on_logon;
+    } 
+    // Check priority 2: Stored URL from DB
+    else if (result.stored_url_on_logon && typeof result.stored_url_on_logon === "string") {
+      redirectUrl = result.stored_url_on_logon;
+    } 
+    // Check priority 3: Config
+    else {
+      const loginConfig = get_login_config();
+      if (loginConfig.redirectRoute) {
+        redirectUrl = loginConfig.redirectRoute;
+      }
+    }
+
     // Create response with cookies
     const response = NextResponse.json(
       {
@@ -114,6 +139,7 @@ export async function POST(request: NextRequest) {
         user_id: user_id,
         email,
         name: user_name,
+        redirectUrl,
       },
       { status: 200 }
     );

package/src/app/api/hazo_auth/register/route.ts

@@ -5,6 +5,7 @@ import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance
 import { create_app_logger } from "../../../../lib/app_logger";
 import { register_user } from "../../../../lib/services/registration_service";
 import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
+import { sanitize_error_for_user } from "../../../../lib/utils/error_sanitizer";
 
 // section: api_handler
 export async function POST(request: NextRequest) {
@@ -12,7 +13,7 @@ export async function POST(request: NextRequest) {
 
   try {
     const body = await request.json();
-    const { name, email, password } = body;
+    const { name, email, password, url_on_logon } = body;
 
     // Validate input
     if (!email || !password) {
@@ -52,6 +53,7 @@ export async function POST(request: NextRequest) {
       email,
       password,
       name,
+      url_on_logon,
     });
 
     if (!result.success) {
@@ -87,18 +89,19 @@ export async function POST(request: NextRequest) {
       { status: 201 }
     );
   } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("registration_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
+    const user_friendly_error = sanitize_error_for_user(error, {
+      logToConsole: true,
+      logToLogger: true,
+      logger,
+      context: {
+        filename: get_filename(),
+        line_number: get_line_number(),
+        operation: "register_api_route",
+      },
     });
 
     return NextResponse.json(
-      { error: "Registration failed. Please try again." },
+      { error: user_friendly_error },
       { status: 500 }
     );
   }

package/src/app/hazo_auth/forgot_password/page.tsx

@@ -1,6 +1,6 @@
 // file_description: render the forgot password page shell and mount the forgot password layout component within sidebar
 // section: imports
-import { SidebarLayoutWrapper } from "../../../components/layouts/shared/components/sidebar_layout_wrapper";
+import { AuthPageShell } from "../../../components/layouts/shared/components/auth_page_shell";
 import { ForgotPasswordPageClient } from "./forgot_password_page_client";
 import { get_forgot_password_config } from "../../../lib/forgot_password_config.server";
 
@@ -10,7 +10,7 @@ export default function forgot_password_page() {
   const forgotPasswordConfig = get_forgot_password_config();
 
   return (
-    <SidebarLayoutWrapper>
+    <AuthPageShell>
       <ForgotPasswordPageClient
         alreadyLoggedInMessage={forgotPasswordConfig.alreadyLoggedInMessage}
         showLogoutButton={forgotPasswordConfig.showLogoutButton}
@@ -18,7 +18,7 @@ export default function forgot_password_page() {
         returnHomeButtonLabel={forgotPasswordConfig.returnHomeButtonLabel}
         returnHomePath={forgotPasswordConfig.returnHomePath}
       />
-    </SidebarLayoutWrapper>
+    </AuthPageShell>
   );
 }
 

package/src/app/hazo_auth/login/login_page_client.tsx

@@ -19,6 +19,11 @@ type LoginPageClientProps = {
   showReturnHomeButton?: boolean;
   returnHomeButtonLabel?: string;
   returnHomePath?: string;
+  forgotPasswordPath?: string;
+  forgotPasswordLabel?: string;
+  createAccountPath?: string;
+  createAccountLabel?: string;
+  urlOnLogon?: string;
 };
 
 // section: component
@@ -30,6 +35,11 @@ export function LoginPageClient({
   showReturnHomeButton,
   returnHomeButtonLabel,
   returnHomePath,
+  forgotPasswordPath,
+  forgotPasswordLabel,
+  createAccountPath,
+  createAccountLabel,
+  urlOnLogon,
 }: LoginPageClientProps) {
   const [dataClient, setDataClient] = useState<LayoutDataClient<unknown> | null>(null);
   const [logger, setLogger] = useState<ReturnType<typeof create_app_logger> | null>(null);
@@ -65,6 +75,11 @@ export function LoginPageClient({
       showReturnHomeButton={showReturnHomeButton}
       returnHomeButtonLabel={returnHomeButtonLabel}
       returnHomePath={returnHomePath}
+      forgot_password_path={forgotPasswordPath}
+      forgot_password_label={forgotPasswordLabel}
+      create_account_path={createAccountPath}
+      create_account_label={createAccountLabel}
+      urlOnLogon={urlOnLogon}
     />
   );
 }

package/src/app/hazo_auth/login/page.tsx

@@ -1,16 +1,23 @@
 // file_description: render the login page shell and mount the login layout component within sidebar
 // section: imports
-import { SidebarLayoutWrapper } from "../../../components/layouts/shared/components/sidebar_layout_wrapper";
+import { AuthPageShell } from "../../../components/layouts/shared/components/auth_page_shell";
 import { LoginPageClient } from "./login_page_client";
 import { get_login_config } from "../../../lib/login_config.server";
 
 // section: component
-export default function login_page() {
+export default function login_page({
+  searchParams,
+}: {
+  searchParams: { [key: string]: string | string[] | undefined };
+}) {
   // Read login configuration from hazo_auth_config.ini (server-side)
   const loginConfig = get_login_config();
 
+  // Get url_on_logon from query params (if any)
+  const urlOnLogon = typeof searchParams.url_on_logon === "string" ? searchParams.url_on_logon : undefined;
+
   return (
-    <SidebarLayoutWrapper>
+    <AuthPageShell>
       <LoginPageClient
         redirectRoute={loginConfig.redirectRoute}
         successMessage={loginConfig.successMessage}
@@ -19,8 +26,13 @@ export default function login_page() {
         showReturnHomeButton={loginConfig.showReturnHomeButton}
         returnHomeButtonLabel={loginConfig.returnHomeButtonLabel}
         returnHomePath={loginConfig.returnHomePath}
+        forgotPasswordPath={loginConfig.forgotPasswordPath}
+        forgotPasswordLabel={loginConfig.forgotPasswordLabel}
+        createAccountPath={loginConfig.createAccountPath}
+        createAccountLabel={loginConfig.createAccountLabel}
+        urlOnLogon={urlOnLogon}
       />
-    </SidebarLayoutWrapper>
+    </AuthPageShell>
   );
 }
 

package/src/app/hazo_auth/my_settings/page.tsx

@@ -1,6 +1,6 @@
 // file_description: render the my settings page shell and mount the my settings layout component within sidebar
 // section: imports
-import { SidebarLayoutWrapper } from "../../../components/layouts/shared/components/sidebar_layout_wrapper";
+import { AuthPageShell } from "../../../components/layouts/shared/components/auth_page_shell";
 import { MySettingsPageClient } from "./my_settings_page_client";
 import { get_my_settings_config } from "../../../lib/my_settings_config.server";
 
@@ -10,7 +10,7 @@ export default function my_settings_page() {
   const mySettingsConfig = get_my_settings_config();
 
   return (
-    <SidebarLayoutWrapper>
+    <AuthPageShell>
       <MySettingsPageClient
         userFields={mySettingsConfig.userFields}
         passwordRequirements={mySettingsConfig.passwordRequirements}
@@ -34,7 +34,7 @@ export default function my_settings_page() {
         uiSizes={mySettingsConfig.uiSizes}
         fileTypes={mySettingsConfig.fileTypes}
       />
-    </SidebarLayoutWrapper>
+    </AuthPageShell>
   );
 }
 

package/src/app/hazo_auth/register/page.tsx

@@ -1,16 +1,23 @@
 // file_description: render the register page shell and mount the register layout component within sidebar
 // section: imports
-import { SidebarLayoutWrapper } from "../../../components/layouts/shared/components/sidebar_layout_wrapper";
+import { AuthPageShell } from "../../../components/layouts/shared/components/auth_page_shell";
 import { RegisterPageClient } from "./register_page_client";
 import { get_register_config } from "../../../lib/register_config.server";
 
 // section: component
-export default function register_page() {
+export default function register_page({
+  searchParams,
+}: {
+  searchParams: { [key: string]: string | string[] | undefined };
+}) {
   // Read register configuration from hazo_auth_config.ini (server-side)
   const registerConfig = get_register_config();
 
+  // Get url_on_logon from query params (if any)
+  const urlOnLogon = typeof searchParams.url_on_logon === "string" ? searchParams.url_on_logon : undefined;
+
   return (
-    <SidebarLayoutWrapper>
+    <AuthPageShell>
       <RegisterPageClient
         showNameField={registerConfig.showNameField}
         passwordRequirements={registerConfig.passwordRequirements}
@@ -19,8 +26,11 @@ export default function register_page() {
         showReturnHomeButton={registerConfig.showReturnHomeButton}
         returnHomeButtonLabel={registerConfig.returnHomeButtonLabel}
         returnHomePath={registerConfig.returnHomePath}
+        signInPath={registerConfig.signInPath}
+        signInLabel={registerConfig.signInLabel}
+        urlOnLogon={urlOnLogon}
       />
-    </SidebarLayoutWrapper>
+    </AuthPageShell>
   );
 }
 

package/src/app/hazo_auth/register/register_page_client.tsx

@@ -24,6 +24,9 @@ type RegisterPageClientProps = {
   showReturnHomeButton?: boolean;
   returnHomeButtonLabel?: string;
   returnHomePath?: string;
+  signInPath?: string;
+  signInLabel?: string;
+  urlOnLogon?: string;
 };
 
 // section: component
@@ -35,6 +38,9 @@ export function RegisterPageClient({
   showReturnHomeButton,
   returnHomeButtonLabel,
   returnHomePath,
+  signInPath,
+  signInLabel,
+  urlOnLogon,
 }: RegisterPageClientProps) {
   const [dataClient, setDataClient] = useState<LayoutDataClient<unknown> | null>(null);
 
@@ -66,6 +72,9 @@ export function RegisterPageClient({
       showReturnHomeButton={showReturnHomeButton}
       returnHomeButtonLabel={returnHomeButtonLabel}
       returnHomePath={returnHomePath}
+      signInPath={signInPath}
+      signInLabel={signInLabel}
+      urlOnLogon={urlOnLogon}
     />
   );
 }