hazo_auth 1.4.2 → 1.6.0

package/src/lib/services/password_reset_service.ts

@@ -1,405 +0,0 @@
-// file_description: service for password reset operations using hazo_connect
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { createCrudService } from "hazo_connect/server";
-import { create_token } from "./token_service";
-import argon2 from "argon2";
-import { create_app_logger } from "../app_logger";
-import { send_template_email } from "./email_service";
-
-// section: types
-export type PasswordResetRequestData = {
-  email: string;
-};
-
-export type PasswordResetRequestResult = {
-  success: boolean;
-  error?: string;
-};
-
-export type PasswordResetData = {
-  token: string;
-  new_password: string;
-  minimum_length?: number; // Optional: if not provided, defaults to 8
-};
-
-export type PasswordResetResult = {
-  success: boolean;
-  user_id?: string;
-  email?: string;
-  error?: string;
-};
-
-export type PasswordResetTokenValidationData = {
-  token: string;
-};
-
-export type PasswordResetTokenValidationResult = {
-  success: boolean;
-  error?: string;
-};
-
-// section: helpers
-/**
- * Requests a password reset for a user by email
- * Generates a secure token, hashes it, and stores it in hazo_refresh_tokens with token_type = 'password_reset'
- * Invalidates any existing password reset tokens for the user before creating a new one
- * @param adapter - The hazo_connect adapter instance
- * @param data - Password reset request data (email)
- * @returns Password reset request result with success status or error
- */
-export async function request_password_reset(
-  adapter: HazoConnectAdapter,
-  data: PasswordResetRequestData,
-): Promise<PasswordResetRequestResult> {
-  try {
-    const { email } = data;
-
-    // Create CRUD service for hazo_users table
-    const users_service = createCrudService(adapter, "hazo_users");
-
-    // Find user by email
-    const users = await users_service.findBy({
-      email_address: email,
-    });
-
-    // If user not found, return success anyway (to prevent email enumeration)
-    if (!Array.isArray(users) || users.length === 0) {
-      return {
-        success: true,
-      };
-    }
-
-    const user = users[0];
-    const user_id = user.id as string;
-
-    // Create password reset token using shared token service
-    const token_result = await create_token({
-      adapter,
-      user_id,
-      token_type: "password_reset",
-    });
-
-    if (!token_result.success) {
-      return {
-        success: false,
-        error: token_result.error || "Failed to create password reset token",
-      };
-    }
-
-    // Send password reset email if token was created successfully
-    if (token_result.raw_token) {
-      const email_result = await send_template_email("forgot_password", email, {
-        token: token_result.raw_token,
-        user_email: email,
-        user_name: user.name as string | undefined,
-      });
-      
-      if (!email_result.success) {
-        const logger = create_app_logger();
-        logger.error("password_reset_service_email_send_failed", {
-          filename: "password_reset_service.ts",
-          line_number: 0,
-          user_id,
-          email,
-          error: email_result.error,
-          note: "Password reset token created but email failed to send",
-        });
-      }
-    }
-
-    return {
-      success: true,
-    };
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}
-
-/**
- * Validates a password reset token without resetting the password
- * Verifies the token exists and checks if it has expired
- * @param adapter - The hazo_connect adapter instance
- * @param data - Token validation data (token)
- * @returns Token validation result with success status or error
- */
-export async function validate_password_reset_token(
-  adapter: HazoConnectAdapter,
-  data: PasswordResetTokenValidationData,
-): Promise<PasswordResetTokenValidationResult> {
-  try {
-    const { token } = data;
-
-    // Create CRUD service for hazo_refresh_tokens table
-    const tokens_service = createCrudService(adapter, "hazo_refresh_tokens");
-
-    // Find all password reset tokens
-    // If token_type column doesn't exist, query all tokens and filter manually
-    let all_tokens: unknown[] = [];
-    try {
-      all_tokens = (await tokens_service.findBy({
-        token_type: "password_reset",
-      })) as unknown[];
-    } catch (error) {
-      // If token_type column doesn't exist, get all tokens and we'll verify each one
-      const logger = create_app_logger();
-      const error_message = error instanceof Error ? error.message : "Unknown error";
-      logger.warn("password_reset_service_token_type_column_missing", {
-        filename: "password_reset_service.ts",
-        line_number: 0,
-        error: error_message,
-        note: "token_type column may not exist, querying all tokens",
-      });
-      try {
-        // Query all tokens (will need to verify each one)
-        all_tokens = (await tokens_service.findBy({})) as unknown[];
-      } catch (fallbackError) {
-        const fallback_error_message = fallbackError instanceof Error ? fallbackError.message : "Unknown error";
-        logger.error("password_reset_service_query_tokens_failed", {
-          filename: "password_reset_service.ts",
-          line_number: 0,
-          error: fallback_error_message,
-        });
-        return {
-          success: false,
-          error: "Invalid or expired reset token",
-        };
-      }
-    }
-
-    if (!Array.isArray(all_tokens) || all_tokens.length === 0) {
-      return {
-        success: false,
-        error: "Invalid or expired reset token",
-      };
-    }
-
-    // Find the matching token by verifying the hash
-    let matching_token = null;
-
-    for (const stored_token of all_tokens) {
-      try {
-        const token_hash = (stored_token as { token_hash: string }).token_hash;
-        const is_valid = await argon2.verify(token_hash, token);
-
-        if (is_valid) {
-          matching_token = stored_token;
-          break;
-        }
-      } catch {
-        // Continue to next token if verification fails
-        continue;
-      }
-    }
-
-    if (!matching_token) {
-      return {
-        success: false,
-        error: "Invalid or expired reset token",
-      };
-    }
-
-    // Check if token has expired
-    const expires_at = new Date((matching_token as { expires_at: string }).expires_at);
-    const now = new Date();
-
-    if (expires_at < now) {
-      return {
-        success: false,
-        error: "Reset token has expired",
-      };
-    }
-
-    return {
-      success: true,
-    };
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}
-
-/**
- * Resets a user's password using a password reset token
- * Verifies the token, checks expiration, updates password, and deletes the token
- * @param adapter - The hazo_connect adapter instance
- * @param data - Password reset data (token, new_password)
- * @returns Password reset result with success status, user_id, email, or error
- */
-export async function reset_password(
-  adapter: HazoConnectAdapter,
-  data: PasswordResetData,
-): Promise<PasswordResetResult> {
-  try {
-    const { token, new_password, minimum_length = 8 } = data;
-
-    // Validate password
-    if (!new_password || new_password.length < minimum_length) {
-      return {
-        success: false,
-        error: `Password must be at least ${minimum_length} character${minimum_length === 1 ? "" : "s"} long`,
-      };
-    }
-
-    // Create CRUD service for hazo_refresh_tokens table
-    const tokens_service = createCrudService(adapter, "hazo_refresh_tokens");
-
-    // Find all password reset tokens
-    // If token_type column doesn't exist, query all tokens and filter manually
-    let all_tokens: unknown[] = [];
-    try {
-      all_tokens = (await tokens_service.findBy({
-        token_type: "password_reset",
-      })) as unknown[];
-    } catch (error) {
-      // If token_type column doesn't exist, get all tokens and we'll verify each one
-      const logger = create_app_logger();
-      const error_message = error instanceof Error ? error.message : "Unknown error";
-      logger.warn("password_reset_service_token_type_column_missing", {
-        filename: "password_reset_service.ts",
-        line_number: 0,
-        error: error_message,
-        note: "token_type column may not exist, querying all tokens",
-      });
-      try {
-        // Query all tokens (will need to verify each one)
-        all_tokens = (await tokens_service.findBy({})) as unknown[];
-      } catch (fallbackError) {
-        const fallback_error_message = fallbackError instanceof Error ? fallbackError.message : "Unknown error";
-        logger.error("password_reset_service_query_tokens_failed", {
-          filename: "password_reset_service.ts",
-          line_number: 0,
-          error: fallback_error_message,
-        });
-        return {
-          success: false,
-          error: "Invalid or expired reset token",
-        };
-      }
-    }
-
-    if (!Array.isArray(all_tokens) || all_tokens.length === 0) {
-      return {
-        success: false,
-        error: "Invalid or expired reset token",
-      };
-    }
-
-    // Find the matching token by verifying the hash
-    let matching_token = null;
-    let user_id: string | null = null;
-
-    for (const stored_token of all_tokens) {
-      try {
-        const token_hash = (stored_token as { token_hash: string }).token_hash;
-        const is_valid = await argon2.verify(token_hash, token);
-
-        if (is_valid) {
-          matching_token = stored_token;
-          user_id = (stored_token as { user_id: string }).user_id;
-          break;
-        }
-      } catch {
-        // Continue to next token if verification fails
-        continue;
-      }
-    }
-
-    if (!matching_token || !user_id) {
-      return {
-        success: false,
-        error: "Invalid or expired reset token",
-      };
-    }
-
-    // Check if token has expired
-    const expires_at = new Date((matching_token as { expires_at: string }).expires_at);
-    const now = new Date();
-
-    if (expires_at < now) {
-      // Delete expired token
-      await tokens_service.deleteById((matching_token as { id: unknown }).id);
-
-      return {
-        success: false,
-        error: "Reset token has expired",
-      };
-    }
-
-    // Get user email before updating
-    const users_service = createCrudService(adapter, "hazo_users");
-    const users = await users_service.findBy({
-      id: user_id,
-    });
-
-    if (!Array.isArray(users) || users.length === 0) {
-      return {
-        success: false,
-        error: "User not found",
-      };
-    }
-
-    const user = users[0];
-    const email = user.email_address as string;
-
-    // Hash the new password
-    const password_hash = await argon2.hash(new_password);
-
-    // Update user's password
-    const now_iso = new Date().toISOString();
-    await users_service.updateById(
-      user_id,
-      {
-        password_hash: password_hash,
-        changed_at: now_iso,
-      },
-    );
-
-    // Delete the used token
-    await tokens_service.deleteById((matching_token as { id: unknown }).id);
-
-    // Send password changed notification email
-    const email_result = await send_template_email("password_changed", email, {
-      user_email: email,
-      user_name: user.name as string | undefined,
-    });
-    
-    if (!email_result.success) {
-      const logger = create_app_logger();
-      logger.error("password_reset_service_password_changed_email_failed", {
-        filename: "password_reset_service.ts",
-        line_number: 0,
-        user_id,
-        email,
-        error: email_result.error,
-        note: "Password was reset successfully but notification email failed to send",
-      });
-    }
-
-    return {
-      success: true,
-      user_id,
-      email,
-    };
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}
-

package/src/lib/services/profile_picture_remove_service.ts

@@ -1,120 +0,0 @@
-// file_description: service for removing profile pictures (deleting files and clearing database)
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { createCrudService } from "hazo_connect/server";
-import { map_db_source_to_ui } from "./profile_picture_source_mapper";
-import { get_profile_picture_config } from "../profile_picture_config.server";
-import { create_app_logger } from "../app_logger";
-import fs from "fs";
-import path from "path";
-
-// section: types
-export type RemoveProfilePictureResult = {
-  success: boolean;
-  error?: string;
-};
-
-// section: helpers
-/**
- * Removes user profile picture
- * - If source is "upload": deletes the uploaded file and clears profile_picture_url and profile_source
- * - If source is "gravatar" or "library": clears profile_picture_url and profile_source
- * @param adapter - The hazo_connect adapter instance
- * @param user_id - User ID
- * @returns Remove result with success status or error
- */
-export async function remove_user_profile_picture(
-  adapter: HazoConnectAdapter,
-  user_id: string,
-): Promise<RemoveProfilePictureResult> {
-  try {
-    const users_service = createCrudService(adapter, "hazo_users");
-
-    // Get current user data
-    const users = await users_service.findBy({
-      id: user_id,
-    });
-
-    if (!Array.isArray(users) || users.length === 0) {
-      return {
-        success: false,
-        error: "User not found",
-      };
-    }
-
-    const current_user = users[0];
-    const profile_picture_url = (current_user.profile_picture_url as string) || null;
-    const profile_source_db = (current_user.profile_source as string) || null;
-
-    if (!profile_picture_url || !profile_source_db) {
-      // No profile picture to remove
-      return {
-        success: true,
-      };
-    }
-
-    // Map database source to UI source
-    const profile_source_ui = map_db_source_to_ui(profile_source_db);
-
-    // If source is "upload", delete the file
-    if (profile_source_ui === "upload") {
-      try {
-        const config = get_profile_picture_config();
-
-        if (config.upload_photo_path) {
-          // Extract filename from URL (e.g., /api/hazo_auth/profile_picture/user_id.jpg)
-          const fileName = profile_picture_url.split("/").pop();
-
-          if (fileName && fileName.startsWith(user_id)) {
-            // Resolve upload path
-            const uploadPath = path.isAbsolute(config.upload_photo_path)
-              ? config.upload_photo_path
-              : path.resolve(process.cwd(), config.upload_photo_path);
-
-            const filePath = path.join(uploadPath, fileName);
-
-            // Delete file if it exists
-            if (fs.existsSync(filePath)) {
-              fs.unlinkSync(filePath);
-            }
-          }
-        }
-      } catch (error) {
-        // Log error but continue with database update
-        const logger = create_app_logger();
-        const error_message = error instanceof Error ? error.message : "Unknown error";
-        logger.warn("profile_picture_remove_file_delete_failed", {
-          filename: "profile_picture_remove_service.ts",
-          line_number: 0,
-          user_id,
-          profile_picture_url,
-          error: error_message,
-        });
-        // Don't fail the request if file deletion fails - still clear the database
-      }
-    }
-
-    // Clear profile picture URL and source in database
-    // Note: profile_source has a CHECK constraint, so we'll set it to null
-    // If the database doesn't allow null, we may need to handle it differently
-    const update_data: Record<string, unknown> = {
-      changed_at: new Date().toISOString(),
-      profile_picture_url: null,
-      profile_source: null,
-    };
-
-    await users_service.updateById(user_id, update_data);
-
-    return {
-      success: true,
-    };
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}
-