npm - hazo_auth - Versions diffs - 1.4.1 → 1.6.0 - Mend

hazo_auth 1.4.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (478) hide show

package/src/app/api/hazo_auth/invalidate_cache/route.ts DELETED Viewed

@@ -1,139 +0,0 @@
-// file_description: API route for manual cache invalidation (admin endpoint)
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_auth_cache } from "../../../../lib/auth/auth_cache";
-import { get_auth_utility_config } from "../../../../lib/auth_utility_config.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-import { hazo_get_auth } from "../../../../lib/auth/hazo_get_auth.server";
-// section: route_config
-export const dynamic = "force-dynamic";
-// section: api_handler
-/**
- * POST - Manually invalidate auth cache
- * Body: { user_id?: string, role_ids?: number[], invalidate_all?: boolean }
- * Requires admin permission (checked via hazo_get_auth)
- */
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-  try {
-    // Check authentication and admin permission
-    const auth_result = await hazo_get_auth(request, {
-      required_permissions: ["admin_user_management"], // Require admin permission
-      strict: true, // Throw error if not authorized
-    });
-    if (!auth_result.authenticated) {
-      return NextResponse.json(
-        { error: "Authentication required" },
-        { status: 401 },
-      );
-    }
-    const body = await request.json();
-    const { user_id, role_ids, invalidate_all } = body;
-    // Validate input
-    if (invalidate_all !== undefined && typeof invalidate_all !== "boolean") {
-      return NextResponse.json(
-        { error: "invalidate_all must be a boolean" },
-        { status: 400 },
-      );
-    }
-    if (user_id !== undefined && typeof user_id !== "string") {
-      return NextResponse.json(
-        { error: "user_id must be a string" },
-        { status: 400 },
-      );
-    }
-    if (
-      role_ids !== undefined &&
-      (!Array.isArray(role_ids) ||
-        !role_ids.every((id) => typeof id === "number"))
-    ) {
-      return NextResponse.json(
-        { error: "role_ids must be an array of numbers" },
-        { status: 400 },
-      );
-    }
-    const config = get_auth_utility_config();
-    const cache = get_auth_cache(
-      config.cache_max_users,
-      config.cache_ttl_minutes,
-      config.cache_max_age_minutes,
-    );
-    // Perform invalidation
-    if (invalidate_all === true) {
-      cache.invalidate_all();
-      logger.info("auth_cache_invalidated_all", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id: auth_result.user.id,
-      });
-    } else if (user_id) {
-      cache.invalidate_user(user_id);
-      logger.info("auth_cache_invalidated_user", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        invalidated_user_id: user_id,
-        admin_user_id: auth_result.user.id,
-      });
-    } else if (role_ids && role_ids.length > 0) {
-      cache.invalidate_by_roles(role_ids);
-      logger.info("auth_cache_invalidated_roles", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        role_ids,
-        admin_user_id: auth_result.user.id,
-      });
-    } else {
-      return NextResponse.json(
-        {
-          error:
-            "Must provide user_id, role_ids, or invalidate_all=true",
-        },
-        { status: 400 },
-      );
-    }
-    return NextResponse.json(
-      {
-        success: true,
-        message: "Cache invalidated successfully",
-      },
-      { status: 200 },
-    );
-  } catch (error) {
-    // Handle PermissionError (strict mode)
-    if (error instanceof Error && error.name === "PermissionError") {
-      return NextResponse.json(
-        { error: "Permission denied. Admin access required." },
-        { status: 403 },
-      );
-    }
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-    logger.error("auth_cache_invalidation_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-    return NextResponse.json(
-      { error: "Failed to invalidate cache" },
-      { status: 500 },
-    );
-  }
-}

package/src/app/api/hazo_auth/library_photos/route.ts DELETED Viewed

@@ -1,73 +0,0 @@
-// file_description: API route for listing library photo categories and photos in categories
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_library_categories, get_library_photos } from "../../../../lib/services/profile_picture_service";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-// section: route_config
-export const dynamic = 'force-dynamic';
-// section: api_handler
-export async function GET(request: NextRequest) {
-  const logger = create_app_logger();
-  try {
-    const { searchParams } = new URL(request.url);
-    const category = searchParams.get("category");
-    if (category) {
-      // Return photos in the specified category
-      const photos = get_library_photos(category);
-      logger.info("library_photos_category_requested", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        category,
-        photoCount: photos.length,
-      });
-      return NextResponse.json(
-        {
-          success: true,
-          category,
-          photos,
-        },
-        { status: 200 }
-      );
-    } else {
-      // Return list of categories
-      const categories = get_library_categories();
-      logger.info("library_categories_requested", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        categoryCount: categories.length,
-      });
-      return NextResponse.json(
-        {
-          success: true,
-          categories,
-        },
-        { status: 200 }
-      );
-    }
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-    logger.error("library_photos_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-    return NextResponse.json(
-      { error: "Failed to fetch library photos" },
-      { status: 500 }
-    );
-  }
-}

package/src/app/api/hazo_auth/login/route.ts DELETED Viewed

@@ -1,181 +0,0 @@
-// file_description: API route for user login authentication using hazo_connect
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { authenticate_user } from "../../../../lib/services/login_service";
-import { createCrudService } from "hazo_connect/server";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-import { get_login_config } from "../../../../lib/login_config.server";
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-  try {
-    const body = await request.json();
-    const { email, password, url_on_logon } = body;
-    // Validate input
-    if (!email || !password) {
-      logger.warn("login_validation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email: email || "missing",
-        has_password: !!password,
-      });
-      return NextResponse.json(
-        { error: "Email and password are required" },
-        { status: 400 }
-      );
-    }
-    // Validate email format
-    const email_pattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-    if (!email_pattern.test(email)) {
-      logger.warn("login_invalid_email", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-      });
-      return NextResponse.json(
-        { error: "Invalid email address format" },
-        { status: 400 }
-      );
-    }
-    // Get singleton hazo_connect instance (reuses same connection across all routes)
-    const hazoConnect = get_hazo_connect_instance();
-    // Authenticate user using the login service
-    const result = await authenticate_user(hazoConnect, {
-      email,
-      password,
-    });
-    if (!result.success) {
-      const status_code = result.error === "Invalid email or password" ? 401 : 500;
-      logger.warn("login_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-        error: result.error,
-        email_not_verified: result.email_not_verified || false,
-      });
-      return NextResponse.json(
-        {
-          error: result.error || "Login failed",
-          email_not_verified: result.email_not_verified || false,
-        },
-        { status: status_code }
-      );
-    }
-    // TypeScript assertion: user_id is guaranteed to be present when success is true
-    // However, we need to check it to satisfy TypeScript's type checking
-    if (!result.user_id) {
-      logger.error("login_user_id_missing", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-        note: "Login succeeded but user_id is missing - this should not happen",
-      });
-      return NextResponse.json(
-        { error: "Login failed - user ID not found" },
-        { status: 500 }
-      );
-    }
-    const user_id = result.user_id;
-    logger.info("login_successful", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id: user_id,
-      email,
-    });
-    // Reuse the existing hazoConnect instance from above
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-    const users = await users_service.findBy({
-      id: user_id,
-    });
-    const user = users && users.length > 0 ? users[0] : null;
-    const user_name = user?.name as string | undefined;
-    // Determine redirect URL priority:
-    // 1. url_on_logon from request body (if valid)
-    // 2. stored_url_on_logon from database (if available)
-    // 3. redirect_route_on_successful_login from config
-    // 4. Default to "/"
-    let redirectUrl = "/";
-    // Check priority 1: Request body
-    if (url_on_logon && typeof url_on_logon === "string" && url_on_logon.startsWith("/") && !url_on_logon.startsWith("//")) {
-      redirectUrl = url_on_logon;
-    }
-    // Check priority 2: Stored URL from DB
-    else if (result.stored_url_on_logon && typeof result.stored_url_on_logon === "string") {
-      redirectUrl = result.stored_url_on_logon;
-    }
-    // Check priority 3: Config
-    else {
-      const loginConfig = get_login_config();
-      if (loginConfig.redirectRoute) {
-        redirectUrl = loginConfig.redirectRoute;
-      }
-    }
-    // Create response with cookies
-    const response = NextResponse.json(
-      {
-        success: true,
-        message: "Login successful",
-        user_id: user_id,
-        email,
-        name: user_name,
-        redirectUrl,
-      },
-      { status: 200 }
-    );
-    // Set authentication cookies
-    response.cookies.set("hazo_auth_user_id", user_id, {
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      sameSite: "lax",
-      path: "/",
-      maxAge: 60 * 60 * 24 * 30, // 30 days
-    });
-    response.cookies.set("hazo_auth_user_email", email, {
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      sameSite: "lax",
-      path: "/",
-      maxAge: 60 * 60 * 24 * 30, // 30 days
-    });
-    return response;
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-    logger.error("login_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-    return NextResponse.json(
-      { error: "Login failed. Please try again." },
-      { status: 500 }
-    );
-  }
-}

package/src/app/api/hazo_auth/logout/route.ts DELETED Viewed

@@ -1,89 +0,0 @@
-// file_description: API route for user logout
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-import { get_auth_cache } from "../../../../lib/auth/auth_cache";
-import { get_auth_utility_config } from "../../../../lib/auth_utility_config.server";
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-  try {
-    // Get user info from cookie before clearing
-    const user_email = request.cookies.get("hazo_auth_user_email")?.value;
-    const user_id = request.cookies.get("hazo_auth_user_id")?.value;
-    // Clear authentication cookies
-    const response = NextResponse.json(
-      {
-        success: true,
-        message: "Logout successful",
-      },
-      { status: 200 }
-    );
-    // Clear cookies by setting them to expire in the past
-    response.cookies.set("hazo_auth_user_email", "", {
-      expires: new Date(0),
-      path: "/",
-    });
-    response.cookies.set("hazo_auth_user_id", "", {
-      expires: new Date(0),
-      path: "/",
-    });
-    // Invalidate user cache
-    if (user_id) {
-      try {
-        const config = get_auth_utility_config();
-        const cache = get_auth_cache(
-          config.cache_max_users,
-          config.cache_ttl_minutes,
-          config.cache_max_age_minutes,
-        );
-        cache.invalidate_user(user_id);
-      } catch (cache_error) {
-        // Log but don't fail logout if cache invalidation fails
-        const cache_error_message =
-          cache_error instanceof Error
-            ? cache_error.message
-            : "Unknown error";
-        logger.warn("logout_cache_invalidation_failed", {
-          filename: get_filename(),
-          line_number: get_line_number(),
-          user_id,
-          error: cache_error_message,
-        });
-      }
-    }
-    if (user_email || user_id) {
-      logger.info("logout_successful", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id: user_id || "unknown",
-        email: user_email || "unknown",
-      });
-    }
-    return response;
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-    logger.error("logout_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-    return NextResponse.json(
-      { error: "Logout failed. Please try again." },
-      { status: 500 }
-    );
-  }
-}

package/src/app/api/hazo_auth/me/route.ts DELETED Viewed

@@ -1,47 +0,0 @@
-// file_description: API route to get current authenticated user information
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_authenticated_user_with_response } from "../../../../lib/auth/auth_utils.server";
-// section: api_handler
-export async function GET(request: NextRequest) {
-  try {
-    // Use centralized auth utility
-    const { auth_result, response } = await get_authenticated_user_with_response(request);
-    // If response is provided, it means cookies were cleared (invalid auth)
-    if (response) {
-      return response;
-    }
-    // If not authenticated, return false
-    if (!auth_result.authenticated) {
-      return NextResponse.json(
-        { authenticated: false },
-        { status: 200 }
-      );
-    }
-    // Return user info
-    return NextResponse.json(
-      {
-        authenticated: true,
-        user_id: auth_result.user_id,
-        email: auth_result.email,
-        name: auth_result.name,
-        email_verified: auth_result.email_verified,
-        last_logon: auth_result.last_logon,
-        profile_picture_url: auth_result.profile_picture_url,
-        profile_source: auth_result.profile_source,
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    // On error, assume not authenticated
-    return NextResponse.json(
-      { authenticated: false },
-      { status: 200 }
-    );
-  }
-}

package/src/app/api/hazo_auth/profile_picture/[filename]/route.ts DELETED Viewed

@@ -1,67 +0,0 @@
-// file_description: API route to serve uploaded profile pictures
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_profile_picture_config } from "../../../../../lib/profile_picture_config.server";
-import fs from "fs";
-import path from "path";
-// section: api_handler
-export async function GET(
-  request: NextRequest,
-  { params }: { params: { filename: string } }
-) {
-  try {
-    const config = get_profile_picture_config();
-    if (!config.allow_photo_upload || !config.upload_photo_path) {
-      return NextResponse.json(
-        { error: "Profile picture upload is not enabled" },
-        { status: 404 }
-      );
-    }
-    const filename = params.filename;
-    // Validate filename (prevent path traversal)
-    if (filename.includes("..") || filename.includes("/") || filename.includes("\\")) {
-      return NextResponse.json(
-        { error: "Invalid filename" },
-        { status: 400 }
-      );
-    }
-    // Resolve upload path
-    const uploadPath = path.isAbsolute(config.upload_photo_path)
-      ? config.upload_photo_path
-      : path.resolve(process.cwd(), config.upload_photo_path);
-    const filePath = path.join(uploadPath, filename);
-    // Check if file exists
-    if (!fs.existsSync(filePath)) {
-      return NextResponse.json(
-        { error: "File not found" },
-        { status: 404 }
-      );
-    }
-    // Read file
-    const fileBuffer = fs.readFileSync(filePath);
-    const fileExt = path.extname(filename).toLowerCase();
-    const contentType = fileExt === ".png" ? "image/png" : "image/jpeg";
-    // Return file with appropriate content type
-    return new NextResponse(fileBuffer, {
-      headers: {
-        "Content-Type": contentType,
-        "Cache-Control": "public, max-age=31536000, immutable",
-      },
-    });
-  } catch (error) {
-    return NextResponse.json(
-      { error: "Failed to serve profile picture" },
-      { status: 500 }
-    );
-  }
-}