hazo_auth 1.4.2 → 1.6.0

package/src/lib/auth/index.ts

@@ -1,23 +0,0 @@
-// file_description: barrel export for auth utilities
-// section: type_exports
-export * from "./auth_types";
-
-// section: server_exports
-export { hazo_get_auth } from "./hazo_get_auth.server";
-export {
-  get_authenticated_user,
-  require_auth,
-  is_authenticated,
-} from "./auth_utils.server";
-export type { AuthResult, AuthUser } from "./auth_utils.server";
-
-// section: client_exports
-export { get_server_auth_user } from "./server_auth";
-export type { ServerAuthResult } from "./server_auth";
-
-// section: cache_exports
-export { get_auth_cache, reset_auth_cache } from "./auth_cache";
-
-// section: rate_limiter_exports
-export { get_rate_limiter, reset_rate_limiter } from "./auth_rate_limiter";
-

package/src/lib/auth/server_auth.ts

@@ -1,88 +0,0 @@
-// file_description: server-side auth utilities for server components and pages
-// section: imports
-import { cookies } from "next/headers";
-import { get_hazo_connect_instance } from "../hazo_connect_instance.server";
-import { createCrudService } from "hazo_connect/server";
-import { map_db_source_to_ui } from "../services/profile_picture_source_mapper";
-
-// section: types
-export type ServerAuthUser = {
-  authenticated: true;
-  user_id: string;
-  email: string;
-  name?: string;
-  email_verified: boolean;
-  is_active: boolean;
-  last_logon?: string;
-  profile_picture_url?: string;
-  profile_source?: "upload" | "library" | "gravatar" | "custom";
-};
-
-export type ServerAuthResult = 
-  | ServerAuthUser
-  | { authenticated: false };
-
-// section: functions
-/**
- * Gets authenticated user in server components/pages
- * Uses Next.js cookies() function to read authentication cookies
- * @returns ServerAuthResult with user info or authenticated: false
- */
-export async function get_server_auth_user(): Promise<ServerAuthResult> {
-  const cookie_store = await cookies();
-  const user_id = cookie_store.get("hazo_auth_user_id")?.value;
-  const user_email = cookie_store.get("hazo_auth_user_email")?.value;
-
-  if (!user_id || !user_email) {
-    return { authenticated: false };
-  }
-
-  try {
-    const hazoConnect = get_hazo_connect_instance();
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-    
-    const users = await users_service.findBy({
-      id: user_id,
-      email_address: user_email,
-    });
-
-    if (!Array.isArray(users) || users.length === 0) {
-      return { authenticated: false };
-    }
-
-    const user = users[0];
-
-    // Check if user is active
-    if (user.is_active === false) {
-      return { authenticated: false };
-    }
-
-    // Map database profile_source to UI representation
-    const profile_source_db = user.profile_source as string | null | undefined;
-    const profile_source_ui = profile_source_db ? map_db_source_to_ui(profile_source_db) : undefined;
-
-    return {
-      authenticated: true,
-      user_id: user.id as string,
-      email: user.email_address as string,
-      name: (user.name as string | null | undefined) || undefined,
-      email_verified: user.email_verified === true,
-      is_active: user.is_active === true,
-      last_logon: (user.last_logon as string | null | undefined) || undefined,
-      profile_picture_url: (user.profile_picture_url as string | null | undefined) || undefined,
-      profile_source: profile_source_ui,
-    };
-  } catch (error) {
-    return { authenticated: false };
-  }
-}
-
-/**
- * Checks if user is authenticated in server components/pages (simple boolean check)
- * @returns true if authenticated, false otherwise
- */
-export async function is_server_authenticated(): Promise<boolean> {
-  const result = await get_server_auth_user();
-  return result.authenticated;
-}
-

package/src/lib/auth_utility_config.server.ts

@@ -1,136 +0,0 @@
-// file_description: server-only helper to read auth utility configuration from hazo_auth_config.ini
-// section: imports
-import {
-  get_config_value,
-  get_config_number,
-  get_config_boolean,
-  get_config_array,
-} from "./config/config_loader.server";
-
-// section: types
-
-/**
- * Auth utility configuration options
- */
-export type AuthUtilityConfig = {
-  cache_max_users: number;
-  cache_ttl_minutes: number;
-  cache_max_age_minutes: number;
-  rate_limit_per_user: number;
-  rate_limit_per_ip: number;
-  log_permission_denials: boolean;
-  enable_friendly_error_messages: boolean;
-  permission_error_messages: Map<string, string>; // permission -> user-friendly message
-};
-
-// section: helpers
-
-/**
- * Parses permission error messages from config string
- * Format: "permission1:message1,permission2:message2"
- * @param config_value - Config string value
- * @returns Map of permission to user-friendly message
- */
-function parse_permission_messages(
-  config_value: string,
-): Map<string, string> {
-  const messages = new Map<string, string>();
-
-  if (!config_value || config_value.trim().length === 0) {
-    return messages;
-  }
-
-  const pairs = config_value.split(",");
-  for (const pair of pairs) {
-    const trimmed = pair.trim();
-    if (trimmed.length === 0) {
-      continue;
-    }
-
-    const colon_index = trimmed.indexOf(":");
-    if (colon_index === -1) {
-      continue; // Skip invalid format
-    }
-
-    const permission = trimmed.substring(0, colon_index).trim();
-    const message = trimmed.substring(colon_index + 1).trim();
-
-    if (permission.length > 0 && message.length > 0) {
-      messages.set(permission, message);
-    }
-  }
-
-  return messages;
-}
-
-/**
- * Reads auth utility configuration from hazo_auth_config.ini file
- * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
- * @returns Auth utility configuration options
- */
-export function get_auth_utility_config(): AuthUtilityConfig {
-  const section_name = "hazo_auth__auth_utility";
-
-  // Cache settings
-  const cache_max_users = get_config_number(
-    section_name,
-    "cache_max_users",
-    10000,
-  );
-  const cache_ttl_minutes = get_config_number(
-    section_name,
-    "cache_ttl_minutes",
-    15,
-  );
-  const cache_max_age_minutes = get_config_number(
-    section_name,
-    "cache_max_age_minutes",
-    30,
-  );
-
-  // Rate limiting
-  const rate_limit_per_user = get_config_number(
-    section_name,
-    "rate_limit_per_user",
-    100,
-  );
-  const rate_limit_per_ip = get_config_number(
-    section_name,
-    "rate_limit_per_ip",
-    200,
-  );
-
-  // Permission check behavior
-  const log_permission_denials = get_config_boolean(
-    section_name,
-    "log_permission_denials",
-    true,
-  );
-  const enable_friendly_error_messages = get_config_boolean(
-    section_name,
-    "enable_friendly_error_messages",
-    true,
-  );
-
-  // Permission message mappings
-  const permission_messages_str = get_config_value(
-    section_name,
-    "permission_error_messages",
-    "",
-  );
-  const permission_error_messages = parse_permission_messages(
-    permission_messages_str,
-  );
-
-  return {
-    cache_max_users,
-    cache_ttl_minutes,
-    cache_max_age_minutes,
-    rate_limit_per_user,
-    rate_limit_per_ip,
-    log_permission_denials,
-    enable_friendly_error_messages,
-    permission_error_messages,
-  };
-}
-

package/src/lib/config/config_loader.server.ts

@@ -1,164 +0,0 @@
-// file_description: shared utility for reading configuration from hazo_auth_config.ini using hazo_config
-// section: imports
-import { HazoConfig } from "hazo_config/dist/lib";
-import path from "path";
-import fs from "fs";
-import { create_app_logger } from "../app_logger";
-
-// section: constants
-const DEFAULT_CONFIG_FILE = "hazo_auth_config.ini";
-
-// section: helpers
-/**
- * Gets the default config file path
- * @param custom_path - Optional custom config file path
- * @returns Resolved config file path
- */
-function get_config_file_path(custom_path?: string): string {
-  if (custom_path) {
-    return path.isAbsolute(custom_path) ? custom_path : path.resolve(process.cwd(), custom_path);
-  }
-  return path.resolve(process.cwd(), DEFAULT_CONFIG_FILE);
-}
-
-/**
- * Reads a section from the config file
- * @param section_name - Name of the section to read (e.g., "hazo_auth__register_layout")
- * @param file_path - Optional custom config file path (defaults to hazo_auth_config.ini)
- * @returns Section data as Record<string, string> or undefined if not found
- */
-export function read_config_section(
-  section_name: string,
-  file_path?: string,
-): Record<string, string> | undefined {
-  const config_path = get_config_file_path(file_path);
-  const logger = create_app_logger();
-
-  if (!fs.existsSync(config_path)) {
-    return undefined;
-  }
-
-  try {
-    const hazo_config = new HazoConfig({
-      filePath: config_path,
-    });
-    return hazo_config.getSection(section_name);
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    logger.warn("config_loader_read_section_failed", {
-      filename: "config_loader.server.ts",
-      line_number: 0,
-      section_name,
-      config_path,
-      error: error_message,
-    });
-    return undefined;
-  }
-}
-
-/**
- * Gets a single config value from a section
- * @param section_name - Name of the section
- * @param key - Key name within the section
- * @param default_value - Default value if key is not found
- * @param file_path - Optional custom config file path
- * @returns Config value as string or default value
- */
-export function get_config_value(
-  section_name: string,
-  key: string,
-  default_value: string,
-  file_path?: string,
-): string {
-  const section = read_config_section(section_name, file_path);
-  // Optional chaining on section and section[key]
-  // If section is undefined, or key is undefined, fall back to default
-  if (!section || section[key] === undefined) {
-    return default_value;
-  }
-  return section[key].trim() || default_value;
-}
-
-/**
- * Gets a boolean config value from a section
- * @param section_name - Name of the section
- * @param key - Key name within the section
- * @param default_value - Default boolean value if key is not found
- * @param file_path - Optional custom config file path
- * @returns Config value as boolean
- */
-export function get_config_boolean(
-  section_name: string,
-  key: string,
-  default_value: boolean,
-  file_path?: string,
-): boolean {
-  const section = read_config_section(section_name, file_path);
-  
-  if (!section || section[key] === undefined) {
-    return default_value;
-  }
-  
-  const value = section[key].trim().toLowerCase();
-  return value !== "false" && value !== "0" && value !== "";
-}
-
-/**
- * Gets a number config value from a section
- * @param section_name - Name of the section
- * @param key - Key name within the section
- * @param default_value - Default number value if key is not found or invalid
- * @param file_path - Optional custom config file path
- * @returns Config value as number
- */
-export function get_config_number(
-  section_name: string,
-  key: string,
-  default_value: number,
-  file_path?: string,
-): number {
-  const section = read_config_section(section_name, file_path);
-  
-  if (!section || section[key] === undefined) {
-    return default_value;
-  }
-  
-  const value = section[key].trim();
-  
-  if (!value) {
-    return default_value;
-  }
-  
-  const parsed = parseFloat(value);
-  return isNaN(parsed) ? default_value : parsed;
-}
-
-/**
- * Gets a comma-separated list config value from a section
- * @param section_name - Name of the section
- * @param key - Key name within the section
- * @param default_value - Default array value if key is not found
- * @param file_path - Optional custom config file path
- * @returns Config value as array of strings
- */
-export function get_config_array(
-  section_name: string,
-  key: string,
-  default_value: string[],
-  file_path?: string,
-): string[] {
-  const section = read_config_section(section_name, file_path);
-  
-  if (!section || section[key] === undefined) {
-    return default_value;
-  }
-  
-  const value = section[key].trim();
-  
-  if (!value) {
-    return default_value;
-  }
-  
-  return value.split(",").map((item) => item.trim()).filter((item) => item.length > 0);
-}
-

package/src/lib/email_verification_config.server.ts

@@ -1,32 +0,0 @@
-// file_description: server-only helper to read email verification layout configuration from hazo_auth_config.ini
-// section: imports
-import { get_already_logged_in_config } from "./already_logged_in_config.server";
-
-// section: types
-export type EmailVerificationConfig = {
-  alreadyLoggedInMessage: string;
-  showLogoutButton: boolean;
-  showReturnHomeButton: boolean;
-  returnHomeButtonLabel: string;
-  returnHomePath: string;
-};
-
-// section: helpers
-/**
- * Reads email verification layout configuration from hazo_auth_config.ini file
- * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
- * @returns Email verification configuration options
- */
-export function get_email_verification_config(): EmailVerificationConfig {
-  // Get shared already logged in config
-  const alreadyLoggedInConfig = get_already_logged_in_config();
-
-  return {
-    alreadyLoggedInMessage: alreadyLoggedInConfig.message,
-    showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
-    showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
-    returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
-    returnHomePath: alreadyLoggedInConfig.returnHomePath,
-  };
-}
-

package/src/lib/file_types_config.server.ts

@@ -1,25 +0,0 @@
-// file_description: server-only helper to read file type configuration from hazo_auth_config.ini
-// section: imports
-import { get_config_array } from "./config/config_loader.server";
-
-// section: types
-export type FileTypesConfig = {
-  allowed_image_extensions: string[];
-  allowed_image_mime_types: string[];
-};
-
-// section: helpers
-/**
- * Reads file type configuration from hazo_auth_config.ini file
- * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
- * @returns File types configuration options
- */
-export function get_file_types_config(): FileTypesConfig {
-  const section = "hazo_auth__file_types";
-
-  return {
-    allowed_image_extensions: get_config_array(section, "allowed_image_extensions", ["jpg", "jpeg", "png"]),
-    allowed_image_mime_types: get_config_array(section, "allowed_image_mime_types", ["image/jpeg", "image/jpg", "image/png"]),
-  };
-}
-

package/src/lib/forgot_password_config.server.ts

@@ -1,32 +0,0 @@
-// file_description: server-only helper to read forgot password layout configuration from hazo_auth_config.ini
-// section: imports
-import { get_already_logged_in_config } from "./already_logged_in_config.server";
-
-// section: types
-export type ForgotPasswordConfig = {
-  alreadyLoggedInMessage: string;
-  showLogoutButton: boolean;
-  showReturnHomeButton: boolean;
-  returnHomeButtonLabel: string;
-  returnHomePath: string;
-};
-
-// section: helpers
-/**
- * Reads forgot password layout configuration from hazo_auth_config.ini file
- * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
- * @returns Forgot password configuration options
- */
-export function get_forgot_password_config(): ForgotPasswordConfig {
-  // Get shared already logged in config
-  const alreadyLoggedInConfig = get_already_logged_in_config();
-
-  return {
-    alreadyLoggedInMessage: alreadyLoggedInConfig.message,
-    showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
-    showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
-    returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
-    returnHomePath: alreadyLoggedInConfig.returnHomePath,
-  };
-}
-

package/src/lib/hazo_connect_instance.server.ts

@@ -1,101 +0,0 @@
-// file_description: singleton instance of hazo_connect adapter - initialized once and reused across all routes
-// This ensures all routes/components use the same database connection
-// Uses the new hazo_connect singleton API from hazo_connect/nextjs/setup
-// Reads configuration from hazo_auth_config.ini using hazo_config
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { getHazoConnectSingleton } from "hazo_connect/nextjs/setup";
-import { create_sqlite_hazo_connect_server, get_hazo_connect_config_options } from "./hazo_connect_setup.server";
-import { initializeAdminService, getSqliteAdminService } from "hazo_connect/server";
-import { create_app_logger } from "./app_logger";
-
-// section: singleton_state
-let hazoConnectInstance: HazoConnectAdapter | null = null;
-let isInitialized = false;
-
-// section: helpers
-/**
- * Gets or creates the singleton hazo_connect adapter instance
- * This ensures all routes/components use the same database connection
- * 
- * Uses the new hazo_connect singleton API which:
- * - Automatically reuses the adapter instance
- * - Automatically registers SQLite adapters with the admin service
- * - Is thread-safe for Next.js serverless environments
- * - Reads configuration from hazo_auth_config.ini using hazo_config (falls back to environment variables)
- * 
- * Falls back to manual singleton if the new API is not available
- * 
- * @returns The singleton HazoConnectAdapter instance
- */
-export function get_hazo_connect_instance(): HazoConnectAdapter {
-  // Use the new singleton API from hazo_connect
-  // This automatically handles:
-  // - Instance reuse
-  // - Admin service registration (via registerSqliteAdapter)
-  // - Thread-safety for Next.js serverless
-  // - Configuration from hazo_auth_config.ini (via hazo_config) or environment variables
-  try {
-    // Get configuration from hazo_auth_config.ini (falls back to environment variables)
-    const config_options = get_hazo_connect_config_options();
-    const logger = create_app_logger();
-    logger.debug("hazo_connect_singleton_attempt", {
-      filename: "hazo_connect_instance.server.ts",
-      line_number: 38,
-      config_options,
-      note: "Attempting to get singleton with these options",
-    });
-    return getHazoConnectSingleton(config_options);
-  } catch (error) {
-    const logger = create_app_logger();
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    logger.error("hazo_connect_singleton_failed", {
-      filename: "hazo_connect_instance.server.ts",
-      line_number: 45,
-      error: error_message,
-      error_stack: error instanceof Error ? error.stack : undefined,
-      note: "Falling back to manual singleton implementation",
-    });
-    
-    // Fallback: Manual singleton implementation if new API fails
-    // This should not happen with the updated package, but kept for safety
-    if (!hazoConnectInstance) {
-      // Get config options to determine database type
-      const config_options = get_hazo_connect_config_options();
-      const db_type = config_options.type;
-      
-      // Only initialize SQLite admin service for SQLite databases
-      if (db_type === "sqlite" && !isInitialized) {
-        initializeAdminService({ enable_admin_ui: true });
-        isInitialized = true;
-      }
-      
-      // Create the adapter instance (reads from hazo_auth_config.ini)
-      // Note: Despite the name, this function supports both SQLite and PostgREST
-      hazoConnectInstance = create_sqlite_hazo_connect_server();
-
-      // Note: Database migrations should be applied manually via SQLite Admin UI
-      // or through a separate migration script. The token_service has fallback
-      // logic to work without the token_type column if migration hasn't been applied.
-
-      // Finalize initialization by getting the admin service (only for SQLite)
-      if (db_type === "sqlite") {
-        try {
-          getSqliteAdminService();
-        } catch (adminError) {
-          const logger = create_app_logger();
-          const error_message = adminError instanceof Error ? adminError.message : "Unknown error";
-          logger.warn("hazo_connect_instance_admin_service_init_failed", {
-            filename: "hazo_connect_instance.server.ts",
-            line_number: 0,
-            error: error_message,
-            note: "Could not get SqliteAdminService during initialization, continuing...",
-          });
-        }
-      }
-    }
-    
-    return hazoConnectInstance;
-  }
-}
-