npm - hazo_auth - Versions diffs - 1.4.1 → 1.6.0 - Mend

hazo_auth 1.4.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (478) hide show

package/src/app/api/hazo_auth/auth/upload_profile_picture/route.ts DELETED Viewed

@@ -1,268 +0,0 @@
-// file_description: API route for uploading profile pictures
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../../lib/app_logger";
-import { get_profile_picture_config } from "../../../../../lib/profile_picture_config.server";
-import { get_file_types_config } from "../../../../../lib/file_types_config.server";
-import { update_user_profile_picture } from "../../../../../lib/services/profile_picture_service";
-import { createCrudService } from "hazo_connect/server";
-import { map_db_source_to_ui } from "../../../../../lib/services/profile_picture_source_mapper";
-import { get_filename, get_line_number } from "../../../../../lib/utils/api_route_helpers";
-import fs from "fs";
-import path from "path";
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-  try {
-    // Use centralized auth check
-    let user_id: string;
-    try {
-      const { require_auth } = await import("../../../../../lib/auth/auth_utils.server");
-      const user = await require_auth(request);
-      user_id = user.user_id;
-    } catch (error) {
-      if (error instanceof Error && error.message === "Authentication required") {
-        logger.warn("profile_picture_upload_authentication_failed", {
-          filename: get_filename(),
-          line_number: get_line_number(),
-          error: "User not authenticated",
-        });
-        return NextResponse.json(
-          { error: "Authentication required" },
-          { status: 401 }
-        );
-      }
-      throw error;
-    }
-    // Check if upload is enabled
-    const config = get_profile_picture_config();
-    if (!config.allow_photo_upload) {
-      logger.warn("profile_picture_upload_disabled", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-      });
-      return NextResponse.json(
-        { error: "Photo upload is not enabled" },
-        { status: 403 }
-      );
-    }
-    if (!config.upload_photo_path) {
-      logger.warn("profile_picture_upload_path_not_configured", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-      });
-      return NextResponse.json(
-        { error: "Upload path is not configured" },
-        { status: 500 }
-      );
-    }
-    // Get FormData
-    const formData = await request.formData();
-    const file = formData.get("file") as File | null;
-    if (!file) {
-      logger.warn("profile_picture_upload_no_file", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-      });
-      return NextResponse.json(
-        { error: "No file provided" },
-        { status: 400 }
-      );
-    }
-    // Validate file type
-    const fileTypes = get_file_types_config();
-    const fileType = file.type;
-    if (!fileTypes.allowed_image_mime_types.includes(fileType)) {
-      logger.warn("profile_picture_upload_invalid_type", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        fileType,
-      });
-      return NextResponse.json(
-        { error: "Invalid file type. Only JPG and PNG files are allowed." },
-        { status: 400 }
-      );
-    }
-    // Validate file size (should already be compressed client-side, but check server-side too)
-    const fileSize = file.size;
-    if (fileSize > config.max_photo_size) {
-      logger.warn("profile_picture_upload_too_large", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        fileSize,
-        maxSize: config.max_photo_size,
-      });
-      return NextResponse.json(
-        { error: `File size exceeds maximum allowed size of ${config.max_photo_size} bytes` },
-        { status: 400 }
-      );
-    }
-    // Get current user profile picture info before updating
-    const hazoConnect = get_hazo_connect_instance();
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-    const current_users = await users_service.findBy({ id: user_id });
-    let oldProfilePictureUrl: string | null = null;
-    let oldProfileSource: string | null = null;
-    if (Array.isArray(current_users) && current_users.length > 0) {
-      const current_user = current_users[0];
-      oldProfilePictureUrl = (current_user.profile_picture_url as string) || null;
-      oldProfileSource = (current_user.profile_source as string) || null;
-    }
-    // Determine file extension from MIME type
-    const mimeToExt: Record<string, string> = {
-      "image/jpeg": "jpg",
-      "image/jpg": "jpg",
-      "image/png": "png",
-    };
-    const fileExtension = mimeToExt[fileType] || "jpg";
-    const fileName = `${user_id}.${fileExtension}`;
-    // Resolve upload path
-    const uploadPath = path.isAbsolute(config.upload_photo_path)
-      ? config.upload_photo_path
-      : path.resolve(process.cwd(), config.upload_photo_path);
-    // Create upload directory if it doesn't exist
-    if (!fs.existsSync(uploadPath)) {
-      fs.mkdirSync(uploadPath, { recursive: true });
-    }
-    // Save file
-    const filePath = path.join(uploadPath, fileName);
-    const arrayBuffer = await file.arrayBuffer();
-    const buffer = Buffer.from(arrayBuffer);
-    fs.writeFileSync(filePath, buffer);
-    // Generate URL (relative to public or absolute)
-    // For Next.js, we'll serve from a public route or use absolute path
-    // For now, use a relative path that can be served via API or static file serving
-    const profilePictureUrl = `/api/hazo_auth/profile_picture/${fileName}`;
-    // Update user record
-    const updateResult = await update_user_profile_picture(
-      hazoConnect,
-      user_id,
-      profilePictureUrl,
-      "upload",
-    );
-    if (!updateResult.success) {
-      // Clean up uploaded file
-      try {
-        fs.unlinkSync(filePath);
-      } catch (error) {
-        // Ignore cleanup errors
-      }
-      logger.warn("profile_picture_upload_update_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        error: updateResult.error,
-      });
-      return NextResponse.json(
-        { error: updateResult.error || "Failed to update profile picture" },
-        { status: 500 }
-      );
-    }
-    // Delete old profile picture file if it exists and was an uploaded file
-    if (oldProfilePictureUrl && oldProfileSource) {
-      const oldSourceUI = map_db_source_to_ui(oldProfileSource);
-      // Only delete if the old profile picture was an uploaded file
-      if (oldSourceUI === "upload") {
-        try {
-          // Extract filename from URL (e.g., /api/hazo_auth/profile_picture/user_id.jpg)
-          const oldFileName = oldProfilePictureUrl.split("/").pop();
-          if (oldFileName) {
-            // Check if it's a user-specific file (starts with user_id)
-            if (oldFileName.startsWith(user_id)) {
-              const oldFilePath = path.join(uploadPath, oldFileName);
-              // Only delete if it's a different file (different extension)
-              if (oldFilePath !== filePath && fs.existsSync(oldFilePath)) {
-                fs.unlinkSync(oldFilePath);
-                logger.info("profile_picture_old_file_deleted", {
-                  filename: get_filename(),
-                  line_number: get_line_number(),
-                  user_id,
-                  oldFileName,
-                });
-              }
-            }
-          }
-        } catch (error) {
-          // Log error but don't fail the request
-          logger.warn("profile_picture_old_file_delete_failed", {
-            filename: get_filename(),
-            line_number: get_line_number(),
-            user_id,
-            oldProfilePictureUrl,
-            error: error instanceof Error ? error.message : "Unknown error",
-          });
-        }
-      }
-    }
-    logger.info("profile_picture_upload_successful", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id,
-      fileName,
-      fileSize,
-    });
-    return NextResponse.json(
-      {
-        success: true,
-        profile_picture_url: profilePictureUrl,
-        message: "Profile picture uploaded successfully",
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-    logger.error("profile_picture_upload_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-    return NextResponse.json(
-      { error: "Failed to upload profile picture. Please try again." },
-      { status: 500 }
-    );
-  }
-}

package/src/app/api/hazo_auth/change_password/route.ts DELETED Viewed

@@ -1,132 +0,0 @@
-// file_description: API route for changing user password
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { change_password } from "../../../../lib/services/password_change_service";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-import { require_auth } from "../../../../lib/auth/auth_utils.server";
-import { get_auth_cache } from "../../../../lib/auth/auth_cache";
-import { get_auth_utility_config } from "../../../../lib/auth_utility_config.server";
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-  try {
-    // Use centralized auth check
-    let user_id: string;
-    try {
-      const user = await require_auth(request);
-      user_id = user.user_id;
-    } catch (error) {
-      if (error instanceof Error && error.message === "Authentication required") {
-        logger.warn("password_change_authentication_failed", {
-          filename: get_filename(),
-          line_number: get_line_number(),
-          error: "User not authenticated",
-        });
-        return NextResponse.json(
-          { error: "Authentication required" },
-          { status: 401 }
-        );
-      }
-      throw error;
-    }
-    const body = await request.json();
-    const { current_password, new_password } = body;
-    // Validate input
-    if (!current_password || !new_password) {
-      logger.warn("password_change_validation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        error: "Missing required fields",
-        has_current_password: !!current_password,
-        has_new_password: !!new_password,
-      });
-      return NextResponse.json(
-        { error: "Current password and new password are required" },
-        { status: 400 }
-      );
-    }
-    // Get singleton hazo_connect instance
-    const hazoConnect = get_hazo_connect_instance();
-    // Change password
-    const result = await change_password(hazoConnect, user_id, {
-      current_password,
-      new_password,
-    });
-    if (!result.success) {
-      logger.warn("password_change_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        error: result.error,
-        user_id,
-      });
-      return NextResponse.json(
-        { error: result.error || "Failed to change password" },
-        { status: 400 }
-      );
-    }
-    // Invalidate user cache after password change
-    try {
-      const config = get_auth_utility_config();
-      const cache = get_auth_cache(
-        config.cache_max_users,
-        config.cache_ttl_minutes,
-        config.cache_max_age_minutes,
-      );
-      cache.invalidate_user(user_id);
-    } catch (cache_error) {
-      // Log but don't fail password change if cache invalidation fails
-      const cache_error_message =
-        cache_error instanceof Error ? cache_error.message : "Unknown error";
-      logger.warn("password_change_cache_invalidation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        error: cache_error_message,
-      });
-    }
-    logger.info("password_change_successful", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id,
-    });
-    return NextResponse.json(
-      {
-        success: true,
-        message: "Password changed successfully",
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-    logger.error("password_change_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-    return NextResponse.json(
-      { error: "Failed to change password. Please try again." },
-      { status: 500 }
-    );
-  }
-}

package/src/app/api/hazo_auth/forgot_password/route.ts DELETED Viewed

@@ -1,107 +0,0 @@
-// file_description: API route for password reset requests using hazo_connect
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { request_password_reset } from "../../../../lib/services/password_reset_service";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-  try {
-    const body = await request.json();
-    const { email } = body;
-    // Validate input
-    if (!email) {
-      logger.warn("password_reset_validation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email: email || "missing",
-      });
-      return NextResponse.json(
-        { error: "Email is required" },
-        { status: 400 }
-      );
-    }
-    // Validate email format
-    const email_pattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-    if (!email_pattern.test(email)) {
-      logger.warn("password_reset_invalid_email", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-      });
-      return NextResponse.json(
-        { error: "Invalid email address format" },
-        { status: 400 }
-      );
-    }
-    // Get singleton hazo_connect instance (reuses same connection across all routes)
-    const hazoConnect = get_hazo_connect_instance();
-    // Request password reset using the password reset service
-    const result = await request_password_reset(hazoConnect, {
-      email,
-    });
-    if (!result.success) {
-      logger.warn("password_reset_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-        error: result.error,
-      });
-      // Still return 200 OK to prevent email enumeration attacks
-      return NextResponse.json(
-        {
-          success: true,
-          message: "If an account with that email exists, a password reset link has been sent.",
-        },
-        { status: 200 }
-      );
-    }
-    logger.info("password_reset_requested", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      email,
-    });
-    // Always return success to prevent email enumeration attacks
-    return NextResponse.json(
-      {
-        success: true,
-        message: "If an account with that email exists, a password reset link has been sent.",
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-    logger.error("password_reset_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-    // Still return 200 OK to prevent email enumeration attacks
-    return NextResponse.json(
-      {
-        success: true,
-        message: "If an account with that email exists, a password reset link has been sent.",
-      },
-      { status: 200 }
-    );
-  }
-}

package/src/app/api/hazo_auth/get_auth/route.ts DELETED Viewed

@@ -1,89 +0,0 @@
-// file_description: API route for hazo_get_auth utility (client-side calls)
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { hazo_get_auth } from "../../../../lib/auth/hazo_get_auth.server";
-import { PermissionError } from "../../../../lib/auth/auth_types";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-// section: route_config
-export const dynamic = "force-dynamic";
-// section: api_handler
-/**
- * POST - Get authentication status and permissions
- * Body: { required_permissions?: string[], strict?: boolean }
- */
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-  try {
-    const body = await request.json();
-    const { required_permissions, strict } = body;
-    // Validate required_permissions if provided
-    if (
-      required_permissions !== undefined &&
-      (!Array.isArray(required_permissions) ||
-        !required_permissions.every((p) => typeof p === "string"))
-    ) {
-      return NextResponse.json(
-        { error: "required_permissions must be an array of strings" },
-        { status: 400 },
-      );
-    }
-    // Validate strict if provided
-    if (strict !== undefined && typeof strict !== "boolean") {
-      return NextResponse.json(
-        { error: "strict must be a boolean" },
-        { status: 400 },
-      );
-    }
-    // Call hazo_get_auth
-    const result = await hazo_get_auth(request, {
-      required_permissions,
-      strict,
-    });
-    return NextResponse.json(result, { status: 200 });
-  } catch (error) {
-    // Handle PermissionError (strict mode)
-    if (error instanceof PermissionError) {
-      logger.warn("auth_utility_permission_error", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        missing_permissions: error.missing_permissions,
-        required_permissions: error.required_permissions,
-      });
-      return NextResponse.json(
-        {
-          error: "Permission denied",
-          missing_permissions: error.missing_permissions,
-          user_friendly_message: error.user_friendly_message,
-        },
-        { status: 403 },
-      );
-    }
-    // Handle other errors
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-    logger.error("auth_utility_api_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-    return NextResponse.json(
-      { error: error_message },
-      { status: 500 },
-    );
-  }
-}