hazo_auth 1.4.2 → 1.6.0

package/src/app/api/hazo_auth/user_management/users/roles/route.ts

@@ -1,367 +0,0 @@
-// file_description: API route for managing user roles (assigning roles to users)
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../../../lib/hazo_connect_instance.server";
-import { createCrudService, getSqliteAdminService } from "hazo_connect/server";
-import { create_app_logger } from "../../../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../../../lib/utils/api_route_helpers";
-import { get_auth_cache } from "../../../../../../lib/auth/auth_cache";
-import { get_auth_utility_config } from "../../../../../../lib/auth_utility_config.server";
-
-// section: route_config
-export const dynamic = 'force-dynamic';
-
-// section: api_handler
-/**
- * GET - Get roles assigned to a user
- * Query params: user_id (string)
- */
-export async function GET(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const { searchParams } = new URL(request.url);
-    const user_id = searchParams.get("user_id");
-
-    if (!user_id || typeof user_id !== "string") {
-      return NextResponse.json(
-        { error: "user_id is required as a query parameter" },
-        { status: 400 }
-      );
-    }
-
-    const hazoConnect = get_hazo_connect_instance();
-    const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
-
-    // Get all roles assigned to this user
-    const user_roles = await user_roles_service.findBy({
-      user_id,
-    });
-
-    if (!Array.isArray(user_roles)) {
-      return NextResponse.json(
-        { error: "Failed to fetch user roles" },
-        { status: 500 }
-      );
-    }
-
-    // Extract role IDs
-    const role_ids = user_roles.map((ur) => ur.role_id as number).filter((id) => id !== undefined);
-
-    return NextResponse.json(
-      {
-        success: true,
-        role_ids,
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    logger.error("user_management_user_roles_fetch_failed", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error: error_message,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to fetch user roles" },
-      { status: 500 }
-    );
-  }
-}
-
-/**
- * POST - Assign a role to a user
- * Body: { user_id: string, role_id: number }
- */
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { user_id, role_id } = body;
-
-    if (!user_id || typeof user_id !== "string") {
-      return NextResponse.json(
-        { error: "user_id is required and must be a string" },
-        { status: 400 }
-      );
-    }
-
-    if (!role_id || typeof role_id !== "number") {
-      return NextResponse.json(
-        { error: "role_id is required and must be a number" },
-        { status: 400 }
-      );
-    }
-
-    const hazoConnect = get_hazo_connect_instance();
-    const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
-
-    // Check if user exists
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-    const users = await users_service.findBy({ id: user_id });
-    if (!Array.isArray(users) || users.length === 0) {
-      return NextResponse.json(
-        { error: "User not found" },
-        { status: 404 }
-      );
-    }
-
-    // Check if role exists
-    const roles_service = createCrudService(hazoConnect, "hazo_roles");
-    const roles = await roles_service.findBy({ id: role_id });
-    if (!Array.isArray(roles) || roles.length === 0) {
-      return NextResponse.json(
-        { error: "Role not found" },
-        { status: 404 }
-      );
-    }
-
-    // Check if role is already assigned to user
-    const existing_assignments = await user_roles_service.findBy({
-      user_id,
-      role_id,
-    });
-
-    if (Array.isArray(existing_assignments) && existing_assignments.length > 0) {
-      return NextResponse.json(
-        { error: "Role is already assigned to this user" },
-        { status: 409 }
-      );
-    }
-
-    // Assign role to user
-    const now = new Date().toISOString();
-    const new_assignment = await user_roles_service.insert({
-      user_id,
-      role_id,
-      created_at: now,
-      changed_at: now,
-    });
-
-    logger.info("user_management_user_role_assigned", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id,
-      role_id,
-      assignment_id: (new_assignment as { user_id?: string; role_id?: number }).user_id,
-    });
-
-    return NextResponse.json(
-      {
-        success: true,
-        assignment: {
-          user_id,
-          role_id,
-        },
-      },
-      { status: 201 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    logger.error("user_management_user_role_assign_failed", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error: error_message,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to assign role to user" },
-      { status: 500 }
-    );
-  }
-}
-
-/**
- * PUT - Update user roles (bulk assignment/removal)
- * Body: { user_id: string, role_ids: number[] }
- */
-export async function PUT(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { user_id, role_ids } = body;
-
-    if (!user_id || typeof user_id !== "string") {
-      return NextResponse.json(
-        { error: "user_id is required and must be a string" },
-        { status: 400 }
-      );
-    }
-
-    if (!Array.isArray(role_ids)) {
-      return NextResponse.json(
-        { error: "role_ids is required and must be an array" },
-        { status: 400 }
-      );
-    }
-
-    const hazoConnect = get_hazo_connect_instance();
-    const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
-
-    // Check if user exists
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-    const users = await users_service.findBy({ id: user_id });
-    if (!Array.isArray(users) || users.length === 0) {
-      return NextResponse.json(
-        { error: "User not found" },
-        { status: 404 }
-      );
-    }
-
-    // Get current user roles
-    const current_user_roles = await user_roles_service.findBy({
-      user_id,
-    });
-
-    if (!Array.isArray(current_user_roles)) {
-      return NextResponse.json(
-        { error: "Failed to fetch current user roles" },
-        { status: 500 }
-      );
-    }
-
-    const current_role_ids = current_user_roles.map((ur) => ur.role_id as number).filter((id) => id !== undefined);
-    const target_role_ids = role_ids.filter((id) => typeof id === "number");
-
-    // Find roles to add and remove
-    const to_add = target_role_ids.filter((id) => !current_role_ids.includes(id));
-    const to_remove = current_role_ids.filter((id) => !target_role_ids.includes(id));
-
-    const now = new Date().toISOString();
-
-    // Add new roles
-    for (const role_id of to_add) {
-      // Check if role exists
-      const roles_service = createCrudService(hazoConnect, "hazo_roles");
-      const roles = await roles_service.findBy({ id: role_id });
-      if (Array.isArray(roles) && roles.length > 0) {
-        await user_roles_service.insert({
-          user_id,
-          role_id,
-          created_at: now,
-          changed_at: now,
-        });
-      }
-    }
-
-    // Remove roles
-    // Note: hazo_user_roles is a junction table without an id column
-    // We need to use SQLite admin service to delete by composite key (user_id, role_id)
-    if (to_remove.length > 0) {
-      try {
-        const admin_service = getSqliteAdminService();
-        
-        for (const role_id of to_remove) {
-          // Delete using SQLite admin service with criteria (user_id and role_id)
-          await admin_service.deleteRows("hazo_user_roles", {
-            user_id,
-            role_id,
-          });
-        }
-      } catch (adminError) {
-        // Fallback: try using createCrudService deleteById if rowid exists
-        // SQLite tables have a hidden rowid column that can be used
-        const error_message = adminError instanceof Error ? adminError.message : "Unknown error";
-        logger.warn("user_management_user_role_delete_admin_failed", {
-          filename: get_filename(),
-          line_number: get_line_number(),
-          error: error_message,
-          note: "Trying fallback method",
-        });
-        
-        // Fallback: try to find and delete using rowid if available
-        for (const role_id of to_remove) {
-          const assignments_to_remove = await user_roles_service.findBy({
-            user_id,
-            role_id,
-          });
-          
-          if (Array.isArray(assignments_to_remove) && assignments_to_remove.length > 0) {
-            for (const assignment of assignments_to_remove) {
-              // Try deleteById with rowid (SQLite has hidden rowid)
-              try {
-                // Check if assignment has an id field (could be rowid)
-                if ((assignment as { id?: number }).id !== undefined) {
-                  await user_roles_service.deleteById((assignment as { id: number }).id);
-                } else if ((assignment as { rowid?: number }).rowid !== undefined) {
-                  await user_roles_service.deleteById((assignment as { rowid: number }).rowid);
-                } else {
-                  // Last resort: log error
-                  logger.error("user_management_user_role_delete_no_id", {
-                    filename: get_filename(),
-                    line_number: get_line_number(),
-                    user_id,
-                    role_id,
-                    assignment,
-                  });
-                }
-              } catch (deleteError) {
-                const delete_error_message = deleteError instanceof Error ? deleteError.message : "Unknown error";
-                logger.error("user_management_user_role_delete_failed", {
-                  filename: get_filename(),
-                  line_number: get_line_number(),
-                  user_id,
-                  role_id,
-                  error: delete_error_message,
-                });
-              }
-            }
-          }
-        }
-      }
-    }
-
-    // Invalidate user cache after role assignment changes
-    try {
-      const config = get_auth_utility_config();
-      const cache = get_auth_cache(
-        config.cache_max_users,
-        config.cache_ttl_minutes,
-        config.cache_max_age_minutes,
-      );
-      cache.invalidate_user(user_id);
-    } catch (cache_error) {
-      // Log but don't fail role update if cache invalidation fails
-      const cache_error_message =
-        cache_error instanceof Error ? cache_error.message : "Unknown error";
-      logger.warn("user_management_user_roles_cache_invalidation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        error: cache_error_message,
-      });
-    }
-
-    logger.info("user_management_user_roles_updated", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id,
-      added: to_add.length,
-      removed: to_remove.length,
-    });
-
-    return NextResponse.json(
-      {
-        success: true,
-        added: to_add.length,
-        removed: to_remove.length,
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    logger.error("user_management_user_roles_update_failed", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error: error_message,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to update user roles" },
-      { status: 500 }
-    );
-  }
-}

package/src/app/api/hazo_auth/user_management/users/route.ts

@@ -1,239 +0,0 @@
-// file_description: API route for user management operations (list users, deactivate, reset password)
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../../lib/hazo_connect_instance.server";
-import { createCrudService } from "hazo_connect/server";
-import { create_app_logger } from "../../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../../lib/utils/api_route_helpers";
-import { request_password_reset } from "../../../../../lib/services/password_reset_service";
-import { get_auth_cache } from "../../../../../lib/auth/auth_cache";
-import { get_auth_utility_config } from "../../../../../lib/auth_utility_config.server";
-
-// section: route_config
-export const dynamic = 'force-dynamic';
-
-// section: api_handler
-/**
- * GET - Fetch all users with details or a specific user by id
- * Query params: id (optional) - if provided, returns only that user
- */
-export async function GET(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const { searchParams } = new URL(request.url);
-    const user_id = searchParams.get("id");
-
-    const hazoConnect = get_hazo_connect_instance();
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-
-    // Fetch users - filter by id if provided, otherwise get all
-    const users = await users_service.findBy(user_id ? { id: user_id } : {});
-
-    if (!Array.isArray(users)) {
-      return NextResponse.json(
-        { error: "Failed to fetch users" },
-        { status: 500 }
-      );
-    }
-
-    logger.info("user_management_users_fetched", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_count: users.length,
-    });
-
-    return NextResponse.json(
-      {
-        success: true,
-        users: users.map((user) => ({
-          id: user.id,
-          name: user.name || null,
-          email_address: user.email_address,
-          email_verified: user.email_verified || false,
-          is_active: user.is_active !== false,
-          last_logon: user.last_logon || null,
-          created_at: user.created_at || null,
-          profile_picture_url: user.profile_picture_url || null,
-          profile_source: user.profile_source || null,
-        })),
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("user_management_users_fetch_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to fetch users" },
-      { status: 500 }
-    );
-  }
-}
-
-/**
- * PATCH - Update user (deactivate: set is_active to false)
- */
-export async function PATCH(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { user_id, is_active } = body;
-
-    if (!user_id || typeof is_active !== "boolean") {
-      return NextResponse.json(
-        { error: "user_id and is_active (boolean) are required" },
-        { status: 400 }
-      );
-    }
-
-    const hazoConnect = get_hazo_connect_instance();
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-
-    // Update user with changed_at timestamp
-    const now = new Date().toISOString();
-    await users_service.updateById(user_id, {
-      is_active,
-      changed_at: now,
-    });
-
-    // Invalidate user cache after deactivation
-    if (is_active === false) {
-      try {
-        const config = get_auth_utility_config();
-        const cache = get_auth_cache(
-          config.cache_max_users,
-          config.cache_ttl_minutes,
-          config.cache_max_age_minutes,
-        );
-        cache.invalidate_user(user_id);
-      } catch (cache_error) {
-        // Log but don't fail user update if cache invalidation fails
-        const cache_error_message =
-          cache_error instanceof Error ? cache_error.message : "Unknown error";
-        logger.warn("user_management_user_cache_invalidation_failed", {
-          filename: get_filename(),
-          line_number: get_line_number(),
-          user_id,
-          error: cache_error_message,
-        });
-      }
-    }
-
-    logger.info("user_management_user_updated", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id,
-      is_active,
-    });
-
-    return NextResponse.json(
-      { success: true },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("user_management_user_update_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to update user" },
-      { status: 500 }
-    );
-  }
-}
-
-/**
- * POST - Send password reset email to user
- */
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { user_id } = body;
-
-    if (!user_id) {
-      return NextResponse.json(
-        { error: "user_id is required" },
-        { status: 400 }
-      );
-    }
-
-    const hazoConnect = get_hazo_connect_instance();
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-
-    // Get user by ID
-    const users = await users_service.findBy({ id: user_id });
-
-    if (!Array.isArray(users) || users.length === 0) {
-      return NextResponse.json(
-        { error: "User not found" },
-        { status: 404 }
-      );
-    }
-
-    const user = users[0];
-    const email = user.email_address as string;
-
-    // Request password reset using existing service
-    const result = await request_password_reset(hazoConnect, { email });
-
-    if (!result.success) {
-      logger.warn("user_management_password_reset_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        email,
-        error: result.error,
-      });
-
-      return NextResponse.json(
-        { error: result.error || "Failed to send password reset email" },
-        { status: 500 }
-      );
-    }
-
-    logger.info("user_management_password_reset_sent", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id,
-      email,
-    });
-
-    return NextResponse.json(
-      { success: true },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("user_management_password_reset_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to send password reset email" },
-      { status: 500 }
-    );
-  }
-}
-

package/src/app/api/hazo_auth/validate_reset_token/route.ts

@@ -1,83 +0,0 @@
-// file_description: API route for validating password reset token without resetting password
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance.server";
-import { validate_password_reset_token } from "../../../../lib/services/password_reset_service";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-
-// section: route_config
-export const dynamic = 'force-dynamic';
-
-// section: api_handler
-export async function GET(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const { searchParams } = new URL(request.url);
-    const token = searchParams.get("token");
-
-    // Validate input
-    if (!token) {
-      logger.warn("password_reset_token_validation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        error: "Token is required",
-      });
-
-      return NextResponse.json(
-        { success: false, error: "Token is required" },
-        { status: 400 }
-      );
-    }
-
-    // Get singleton hazo_connect instance (reuses same connection across all routes)
-    const hazoConnect = get_hazo_connect_instance();
-
-    // Validate token using the password reset service
-    const result = await validate_password_reset_token(hazoConnect, {
-      token,
-    });
-
-    if (!result.success) {
-      logger.warn("password_reset_token_validation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        error: result.error,
-      });
-
-      return NextResponse.json(
-        {
-          success: false,
-          error: result.error || "Invalid or expired reset token",
-        },
-        { status: 400 }
-      );
-    }
-
-    return NextResponse.json(
-      {
-        success: true,
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-
-    logger.error("password_reset_token_validation_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error: error_message,
-    });
-
-    return NextResponse.json(
-      {
-        success: false,
-        error: "An error occurred while validating the reset token",
-      },
-      { status: 500 }
-    );
-  }
-}
-