npm - hazo_auth - Versions diffs - 1.4.1 → 1.6.0 - Mend

hazo_auth 1.4.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (478) hide show

package/src/lib/services/password_reset_service.ts DELETED Viewed

@@ -1,405 +0,0 @@
-// file_description: service for password reset operations using hazo_connect
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { createCrudService } from "hazo_connect/server";
-import { create_token } from "hazo_auth/lib/services/token_service";
-import argon2 from "argon2";
-import { create_app_logger } from "hazo_auth/lib/app_logger";
-import { send_template_email } from "hazo_auth/lib/services/email_service";
-// section: types
-export type PasswordResetRequestData = {
-  email: string;
-};
-export type PasswordResetRequestResult = {
-  success: boolean;
-  error?: string;
-};
-export type PasswordResetData = {
-  token: string;
-  new_password: string;
-  minimum_length?: number; // Optional: if not provided, defaults to 8
-};
-export type PasswordResetResult = {
-  success: boolean;
-  user_id?: string;
-  email?: string;
-  error?: string;
-};
-export type PasswordResetTokenValidationData = {
-  token: string;
-};
-export type PasswordResetTokenValidationResult = {
-  success: boolean;
-  error?: string;
-};
-// section: helpers
-/**
- * Requests a password reset for a user by email
- * Generates a secure token, hashes it, and stores it in hazo_refresh_tokens with token_type = 'password_reset'
- * Invalidates any existing password reset tokens for the user before creating a new one
- * @param adapter - The hazo_connect adapter instance
- * @param data - Password reset request data (email)
- * @returns Password reset request result with success status or error
- */
-export async function request_password_reset(
-  adapter: HazoConnectAdapter,
-  data: PasswordResetRequestData,
-): Promise<PasswordResetRequestResult> {
-  try {
-    const { email } = data;
-    // Create CRUD service for hazo_users table
-    const users_service = createCrudService(adapter, "hazo_users");
-    // Find user by email
-    const users = await users_service.findBy({
-      email_address: email,
-    });
-    // If user not found, return success anyway (to prevent email enumeration)
-    if (!Array.isArray(users) || users.length === 0) {
-      return {
-        success: true,
-      };
-    }
-    const user = users[0];
-    const user_id = user.id as string;
-    // Create password reset token using shared token service
-    const token_result = await create_token({
-      adapter,
-      user_id,
-      token_type: "password_reset",
-    });
-    if (!token_result.success) {
-      return {
-        success: false,
-        error: token_result.error || "Failed to create password reset token",
-      };
-    }
-    // Send password reset email if token was created successfully
-    if (token_result.raw_token) {
-      const email_result = await send_template_email("forgot_password", email, {
-        token: token_result.raw_token,
-        user_email: email,
-        user_name: user.name as string | undefined,
-      });
-      if (!email_result.success) {
-        const logger = create_app_logger();
-        logger.error("password_reset_service_email_send_failed", {
-          filename: "password_reset_service.ts",
-          line_number: 0,
-          user_id,
-          email,
-          error: email_result.error,
-          note: "Password reset token created but email failed to send",
-        });
-      }
-    }
-    return {
-      success: true,
-    };
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}
-/**
- * Validates a password reset token without resetting the password
- * Verifies the token exists and checks if it has expired
- * @param adapter - The hazo_connect adapter instance
- * @param data - Token validation data (token)
- * @returns Token validation result with success status or error
- */
-export async function validate_password_reset_token(
-  adapter: HazoConnectAdapter,
-  data: PasswordResetTokenValidationData,
-): Promise<PasswordResetTokenValidationResult> {
-  try {
-    const { token } = data;
-    // Create CRUD service for hazo_refresh_tokens table
-    const tokens_service = createCrudService(adapter, "hazo_refresh_tokens");
-    // Find all password reset tokens
-    // If token_type column doesn't exist, query all tokens and filter manually
-    let all_tokens: unknown[] = [];
-    try {
-      all_tokens = (await tokens_service.findBy({
-        token_type: "password_reset",
-      })) as unknown[];
-    } catch (error) {
-      // If token_type column doesn't exist, get all tokens and we'll verify each one
-      const logger = create_app_logger();
-      const error_message = error instanceof Error ? error.message : "Unknown error";
-      logger.warn("password_reset_service_token_type_column_missing", {
-        filename: "password_reset_service.ts",
-        line_number: 0,
-        error: error_message,
-        note: "token_type column may not exist, querying all tokens",
-      });
-      try {
-        // Query all tokens (will need to verify each one)
-        all_tokens = (await tokens_service.findBy({})) as unknown[];
-      } catch (fallbackError) {
-        const fallback_error_message = fallbackError instanceof Error ? fallbackError.message : "Unknown error";
-        logger.error("password_reset_service_query_tokens_failed", {
-          filename: "password_reset_service.ts",
-          line_number: 0,
-          error: fallback_error_message,
-        });
-        return {
-          success: false,
-          error: "Invalid or expired reset token",
-        };
-      }
-    }
-    if (!Array.isArray(all_tokens) || all_tokens.length === 0) {
-      return {
-        success: false,
-        error: "Invalid or expired reset token",
-      };
-    }
-    // Find the matching token by verifying the hash
-    let matching_token = null;
-    for (const stored_token of all_tokens) {
-      try {
-        const token_hash = (stored_token as { token_hash: string }).token_hash;
-        const is_valid = await argon2.verify(token_hash, token);
-        if (is_valid) {
-          matching_token = stored_token;
-          break;
-        }
-      } catch {
-        // Continue to next token if verification fails
-        continue;
-      }
-    }
-    if (!matching_token) {
-      return {
-        success: false,
-        error: "Invalid or expired reset token",
-      };
-    }
-    // Check if token has expired
-    const expires_at = new Date((matching_token as { expires_at: string }).expires_at);
-    const now = new Date();
-    if (expires_at < now) {
-      return {
-        success: false,
-        error: "Reset token has expired",
-      };
-    }
-    return {
-      success: true,
-    };
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}
-/**
- * Resets a user's password using a password reset token
- * Verifies the token, checks expiration, updates password, and deletes the token
- * @param adapter - The hazo_connect adapter instance
- * @param data - Password reset data (token, new_password)
- * @returns Password reset result with success status, user_id, email, or error
- */
-export async function reset_password(
-  adapter: HazoConnectAdapter,
-  data: PasswordResetData,
-): Promise<PasswordResetResult> {
-  try {
-    const { token, new_password, minimum_length = 8 } = data;
-    // Validate password
-    if (!new_password || new_password.length < minimum_length) {
-      return {
-        success: false,
-        error: `Password must be at least ${minimum_length} character${minimum_length === 1 ? "" : "s"} long`,
-      };
-    }
-    // Create CRUD service for hazo_refresh_tokens table
-    const tokens_service = createCrudService(adapter, "hazo_refresh_tokens");
-    // Find all password reset tokens
-    // If token_type column doesn't exist, query all tokens and filter manually
-    let all_tokens: unknown[] = [];
-    try {
-      all_tokens = (await tokens_service.findBy({
-        token_type: "password_reset",
-      })) as unknown[];
-    } catch (error) {
-      // If token_type column doesn't exist, get all tokens and we'll verify each one
-      const logger = create_app_logger();
-      const error_message = error instanceof Error ? error.message : "Unknown error";
-      logger.warn("password_reset_service_token_type_column_missing", {
-        filename: "password_reset_service.ts",
-        line_number: 0,
-        error: error_message,
-        note: "token_type column may not exist, querying all tokens",
-      });
-      try {
-        // Query all tokens (will need to verify each one)
-        all_tokens = (await tokens_service.findBy({})) as unknown[];
-      } catch (fallbackError) {
-        const fallback_error_message = fallbackError instanceof Error ? fallbackError.message : "Unknown error";
-        logger.error("password_reset_service_query_tokens_failed", {
-          filename: "password_reset_service.ts",
-          line_number: 0,
-          error: fallback_error_message,
-        });
-        return {
-          success: false,
-          error: "Invalid or expired reset token",
-        };
-      }
-    }
-    if (!Array.isArray(all_tokens) || all_tokens.length === 0) {
-      return {
-        success: false,
-        error: "Invalid or expired reset token",
-      };
-    }
-    // Find the matching token by verifying the hash
-    let matching_token = null;
-    let user_id: string | null = null;
-    for (const stored_token of all_tokens) {
-      try {
-        const token_hash = (stored_token as { token_hash: string }).token_hash;
-        const is_valid = await argon2.verify(token_hash, token);
-        if (is_valid) {
-          matching_token = stored_token;
-          user_id = (stored_token as { user_id: string }).user_id;
-          break;
-        }
-      } catch {
-        // Continue to next token if verification fails
-        continue;
-      }
-    }
-    if (!matching_token || !user_id) {
-      return {
-        success: false,
-        error: "Invalid or expired reset token",
-      };
-    }
-    // Check if token has expired
-    const expires_at = new Date((matching_token as { expires_at: string }).expires_at);
-    const now = new Date();
-    if (expires_at < now) {
-      // Delete expired token
-      await tokens_service.deleteById((matching_token as { id: unknown }).id);
-      return {
-        success: false,
-        error: "Reset token has expired",
-      };
-    }
-    // Get user email before updating
-    const users_service = createCrudService(adapter, "hazo_users");
-    const users = await users_service.findBy({
-      id: user_id,
-    });
-    if (!Array.isArray(users) || users.length === 0) {
-      return {
-        success: false,
-        error: "User not found",
-      };
-    }
-    const user = users[0];
-    const email = user.email_address as string;
-    // Hash the new password
-    const password_hash = await argon2.hash(new_password);
-    // Update user's password
-    const now_iso = new Date().toISOString();
-    await users_service.updateById(
-      user_id,
-      {
-        password_hash: password_hash,
-        changed_at: now_iso,
-      },
-    );
-    // Delete the used token
-    await tokens_service.deleteById((matching_token as { id: unknown }).id);
-    // Send password changed notification email
-    const email_result = await send_template_email("password_changed", email, {
-      user_email: email,
-      user_name: user.name as string | undefined,
-    });
-    if (!email_result.success) {
-      const logger = create_app_logger();
-      logger.error("password_reset_service_password_changed_email_failed", {
-        filename: "password_reset_service.ts",
-        line_number: 0,
-        user_id,
-        email,
-        error: email_result.error,
-        note: "Password was reset successfully but notification email failed to send",
-      });
-    }
-    return {
-      success: true,
-      user_id,
-      email,
-    };
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}

package/src/lib/services/profile_picture_remove_service.ts DELETED Viewed

@@ -1,120 +0,0 @@
-// file_description: service for removing profile pictures (deleting files and clearing database)
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { createCrudService } from "hazo_connect/server";
-import { map_db_source_to_ui } from "hazo_auth/lib/services/profile_picture_source_mapper";
-import { get_profile_picture_config } from "hazo_auth/lib/profile_picture_config.server";
-import { create_app_logger } from "hazo_auth/lib/app_logger";
-import fs from "fs";
-import path from "path";
-// section: types
-export type RemoveProfilePictureResult = {
-  success: boolean;
-  error?: string;
-};
-// section: helpers
-/**
- * Removes user profile picture
- * - If source is "upload": deletes the uploaded file and clears profile_picture_url and profile_source
- * - If source is "gravatar" or "library": clears profile_picture_url and profile_source
- * @param adapter - The hazo_connect adapter instance
- * @param user_id - User ID
- * @returns Remove result with success status or error
- */
-export async function remove_user_profile_picture(
-  adapter: HazoConnectAdapter,
-  user_id: string,
-): Promise<RemoveProfilePictureResult> {
-  try {
-    const users_service = createCrudService(adapter, "hazo_users");
-    // Get current user data
-    const users = await users_service.findBy({
-      id: user_id,
-    });
-    if (!Array.isArray(users) || users.length === 0) {
-      return {
-        success: false,
-        error: "User not found",
-      };
-    }
-    const current_user = users[0];
-    const profile_picture_url = (current_user.profile_picture_url as string) || null;
-    const profile_source_db = (current_user.profile_source as string) || null;
-    if (!profile_picture_url || !profile_source_db) {
-      // No profile picture to remove
-      return {
-        success: true,
-      };
-    }
-    // Map database source to UI source
-    const profile_source_ui = map_db_source_to_ui(profile_source_db);
-    // If source is "upload", delete the file
-    if (profile_source_ui === "upload") {
-      try {
-        const config = get_profile_picture_config();
-        if (config.upload_photo_path) {
-          // Extract filename from URL (e.g., /api/hazo_auth/profile_picture/user_id.jpg)
-          const fileName = profile_picture_url.split("/").pop();
-          if (fileName && fileName.startsWith(user_id)) {
-            // Resolve upload path
-            const uploadPath = path.isAbsolute(config.upload_photo_path)
-              ? config.upload_photo_path
-              : path.resolve(process.cwd(), config.upload_photo_path);
-            const filePath = path.join(uploadPath, fileName);
-            // Delete file if it exists
-            if (fs.existsSync(filePath)) {
-              fs.unlinkSync(filePath);
-            }
-          }
-        }
-      } catch (error) {
-        // Log error but continue with database update
-        const logger = create_app_logger();
-        const error_message = error instanceof Error ? error.message : "Unknown error";
-        logger.warn("profile_picture_remove_file_delete_failed", {
-          filename: "profile_picture_remove_service.ts",
-          line_number: 0,
-          user_id,
-          profile_picture_url,
-          error: error_message,
-        });
-        // Don't fail the request if file deletion fails - still clear the database
-      }
-    }
-    // Clear profile picture URL and source in database
-    // Note: profile_source has a CHECK constraint, so we'll set it to null
-    // If the database doesn't allow null, we may need to handle it differently
-    const update_data: Record<string, unknown> = {
-      changed_at: new Date().toISOString(),
-      profile_picture_url: null,
-      profile_source: null,
-    };
-    await users_service.updateById(user_id, update_data);
-    return {
-      success: true,
-    };
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}