hazo_auth 1.4.2 → 1.6.0

package/scripts/init_users.ts

@@ -1,378 +0,0 @@
-// file_description: script to initialize users, roles, and permissions from configuration
-// Run with: npx tsx scripts/init_users.ts init_users
-// section: imports
-import { get_hazo_connect_instance } from "../src/lib/hazo_connect_instance.server";
-import { createCrudService } from "hazo_connect/server";
-import { get_user_management_config } from "../src/lib/user_management_config.server";
-import { get_config_value } from "../src/lib/config/config_loader.server";
-import { create_app_logger } from "../src/lib/app_logger";
-
-// section: types
-type InitSummary = {
-  permissions: {
-    inserted: string[];
-    existing: string[];
-  };
-  role: {
-    inserted: boolean;
-    existing: boolean;
-    role_id: string | null;
-  };
-  role_permissions: {
-    inserted: number;
-    existing: number;
-  };
-  user_role: {
-    inserted: boolean;
-    existing: boolean;
-  };
-};
-
-// section: helpers
-/**
- * Displays help information for available commands
- */
-function show_help(): void {
-  console.log(`
-hazo_auth CLI - User and Permission Management
-
-Usage: npx tsx scripts/init_users.ts <command>
-
-Available Commands:
-  init_users    Initialize users, roles, and permissions from configuration
-                - Reads permissions from hazo_auth_config.ini [hazo_auth__user_management] application_permission_list_defaults
-                - Creates default_super_user_role in hazo_roles
-                - Assigns all permissions to the super user role
-                - Finds user by email from hazo_auth_config.ini [hazo_auth__initial_setup] default_super_user_email
-                - Assigns super user role to the user
-                - Provides summary of what was inserted vs what already existed
-
-  help          Show this help message
-
-Configuration:
-  Add the following to hazo_auth_config.ini:
-
-  [hazo_auth__user_management]
-  application_permission_list_defaults = admin_user_management,admin_role_management,admin_permission_management
-
-  [hazo_auth__initial_setup]
-  default_super_user_email = admin@example.com
-
-Examples:
-  npx tsx scripts/init_users.ts init_users
-  npx tsx scripts/init_users.ts help
-`);
-}
-
-/**
- * Initializes users, roles, and permissions from configuration
- */
-async function init_users(): Promise<void> {
-  const logger = create_app_logger();
-  const summary: InitSummary = {
-    permissions: {
-      inserted: [],
-      existing: [],
-    },
-    role: {
-      inserted: false,
-      existing: false,
-      role_id: null,
-    },
-    role_permissions: {
-      inserted: 0,
-      existing: 0,
-    },
-    user_role: {
-      inserted: false,
-      existing: false,
-    },
-  };
-
-  try {
-    console.log("Initializing users, roles, and permissions from configuration...\n");
-
-    // Get hazo_connect instance
-    const hazoConnect = get_hazo_connect_instance();
-    const permissions_service = createCrudService(hazoConnect, "hazo_permissions");
-    const roles_service = createCrudService(hazoConnect, "hazo_roles");
-    const role_permissions_service = createCrudService(hazoConnect, "hazo_role_permissions");
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-    const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
-
-    // 1. Get permissions from config
-    const config = get_user_management_config();
-    const permission_names = config.application_permission_list_defaults || [];
-
-    if (permission_names.length === 0) {
-      console.log("⚠ No permissions found in configuration.");
-      console.log("  Add permissions to [hazo_auth__user_management] application_permission_list_defaults\n");
-      return;
-    }
-
-    console.log(`Found ${permission_names.length} permission(s) in configuration:`);
-    permission_names.forEach((name) => console.log(`  - ${name}`));
-    console.log();
-
-    // 2. Add permissions to hazo_permissions table
-    const permission_id_map: Record<string, string> = {};
-    const now = new Date().toISOString();
-
-    for (const permission_name of permission_names) {
-      const trimmed_name = permission_name.trim();
-      if (!trimmed_name) continue;
-
-      // Check if permission already exists
-      const existing_permissions = await permissions_service.findBy({
-        permission_name: trimmed_name,
-      });
-
-      if (Array.isArray(existing_permissions) && existing_permissions.length > 0) {
-        const existing_permission = existing_permissions[0];
-        const perm_id = existing_permission.id as string;
-        permission_id_map[trimmed_name] = perm_id;
-        summary.permissions.existing.push(trimmed_name);
-        console.log(`✓ Permission already exists: ${trimmed_name} (ID: ${perm_id})`);
-      } else {
-        // Insert new permission
-        const new_permission = await permissions_service.insert({
-          permission_name: trimmed_name,
-          description: `Permission for ${trimmed_name}`,
-          created_at: now,
-          changed_at: now,
-        });
-
-        const perm_id = Array.isArray(new_permission)
-          ? (new_permission[0] as { id: string }).id
-          : (new_permission as { id: string }).id;
-        permission_id_map[trimmed_name] = perm_id;
-        summary.permissions.inserted.push(trimmed_name);
-        console.log(`✓ Inserted permission: ${trimmed_name} (ID: ${perm_id})`);
-      }
-    }
-
-    console.log();
-
-    // 3. Create or get default_super_user_role
-    const role_name = "default_super_user_role";
-    const existing_roles = await roles_service.findBy({
-      role_name,
-    });
-
-    let role_id: string;
-    if (Array.isArray(existing_roles) && existing_roles.length > 0) {
-      role_id = existing_roles[0].id as string;
-      summary.role.existing = true;
-      summary.role.role_id = role_id;
-      console.log(`✓ Role already exists: ${role_name} (ID: ${role_id})`);
-    } else {
-      const new_role = await roles_service.insert({
-        role_name,
-        created_at: now,
-        changed_at: now,
-      });
-
-      role_id = Array.isArray(new_role)
-        ? (new_role[0] as { id: string }).id
-        : (new_role as { id: string }).id;
-      summary.role.inserted = true;
-      summary.role.role_id = role_id;
-      console.log(`✓ Created role: ${role_name} (ID: ${role_id})`);
-    }
-
-    console.log();
-
-    // 4. Assign all permissions to the role
-    const permission_ids = Object.values(permission_id_map);
-
-    for (const permission_id of permission_ids) {
-      // Check if role-permission assignment already exists
-      const existing_assignments = await role_permissions_service.findBy({
-        role_id,
-        permission_id,
-      });
-
-      if (Array.isArray(existing_assignments) && existing_assignments.length > 0) {
-        summary.role_permissions.existing++;
-        const perm_name = Object.keys(permission_id_map).find(
-          (key) => permission_id_map[key] === permission_id,
-        );
-        console.log(`✓ Role-permission already exists: ${role_name} -> ${perm_name}`);
-      } else {
-        await role_permissions_service.insert({
-          role_id,
-          permission_id,
-          created_at: now,
-          changed_at: now,
-        });
-        summary.role_permissions.inserted++;
-        const perm_name = Object.keys(permission_id_map).find(
-          (key) => permission_id_map[key] === permission_id,
-        );
-        console.log(`✓ Assigned permission to role: ${role_name} -> ${perm_name}`);
-      }
-    }
-
-    console.log();
-
-    // 5. Get super user email from config
-    const super_user_email = get_config_value(
-      "hazo_auth__initial_setup",
-      "default_super_user_email",
-      "",
-    ).trim();
-
-    if (!super_user_email) {
-      console.log("⚠ No super user email found in configuration.");
-      console.log("  Add [hazo_auth__initial_setup] default_super_user_email to config\n");
-      print_summary(summary);
-      return;
-    }
-
-    console.log(`Looking up user with email: ${super_user_email}`);
-
-    // 6. Find user by email
-    const users = await users_service.findBy({
-      email_address: super_user_email,
-    });
-
-    if (!Array.isArray(users) || users.length === 0) {
-      console.log(`✗ User not found with email: ${super_user_email}`);
-      console.log("  Please ensure the user exists in the database before running this script.\n");
-      print_summary(summary);
-      return;
-    }
-
-    const user = users[0];
-    const user_id = user.id as string;
-    console.log(`✓ Found user: ${super_user_email} (ID: ${user_id})`);
-    console.log();
-
-    // 7. Assign role to user
-    const existing_user_roles = await user_roles_service.findBy({
-      user_id,
-      role_id,
-    });
-
-    if (Array.isArray(existing_user_roles) && existing_user_roles.length > 0) {
-      summary.user_role.existing = true;
-      console.log(`✓ User already has role assigned: ${user_id} -> ${role_name}`);
-    } else {
-      await user_roles_service.insert({
-        user_id,
-        role_id,
-        created_at: now,
-        changed_at: now,
-      });
-      summary.user_role.inserted = true;
-      console.log(`✓ Assigned role to user: ${user_id} -> ${role_name}`);
-    }
-
-    console.log();
-
-    // 8. Print summary
-    print_summary(summary);
-
-    logger.info("init_users_completed", {
-      filename: "init_users.ts",
-      line_number: 0,
-      summary,
-    });
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    console.error("\n✗ Error initializing users:");
-    console.error(`  ${error_message}`);
-    if (error_stack) {
-      console.error("\nStack trace:");
-      console.error(error_stack);
-    }
-
-    const logger = create_app_logger();
-    logger.error("init_users_failed", {
-      filename: "init_users.ts",
-      line_number: 0,
-      error_message,
-      error_stack,
-    });
-
-    process.exit(1);
-  }
-}
-
-/**
- * Prints a summary of what was inserted vs what already existed
- */
-function print_summary(summary: InitSummary): void {
-  console.log("=".repeat(60));
-  console.log("INITIALIZATION SUMMARY");
-  console.log("=".repeat(60));
-  console.log();
-
-  // Permissions summary
-  console.log("Permissions:");
-  if (summary.permissions.inserted.length > 0) {
-    console.log(`  ✓ Inserted (${summary.permissions.inserted.length}):`);
-    summary.permissions.inserted.forEach((name) => console.log(`    - ${name}`));
-  }
-  if (summary.permissions.existing.length > 0) {
-    console.log(`  ⊙ Already existed (${summary.permissions.existing.length}):`);
-    summary.permissions.existing.forEach((name) => console.log(`    - ${name}`));
-  }
-  console.log();
-
-  // Role summary
-  console.log("Role:");
-  if (summary.role.inserted) {
-    console.log(`  ✓ Inserted: default_super_user_role (ID: ${summary.role.role_id})`);
-  }
-  if (summary.role.existing) {
-    console.log(`  ⊙ Already existed: default_super_user_role (ID: ${summary.role.role_id})`);
-  }
-  console.log();
-
-  // Role permissions summary
-  console.log("Role-Permission Assignments:");
-  if (summary.role_permissions.inserted > 0) {
-    console.log(`  ✓ Inserted: ${summary.role_permissions.inserted} assignment(s)`);
-  }
-  if (summary.role_permissions.existing > 0) {
-    console.log(`  ⊙ Already existed: ${summary.role_permissions.existing} assignment(s)`);
-  }
-  console.log();
-
-  // User role summary
-  console.log("User-Role Assignment:");
-  if (summary.user_role.inserted) {
-    console.log(`  ✓ Inserted: Super user role assigned to user`);
-  }
-  if (summary.user_role.existing) {
-    console.log(`  ⊙ Already existed: User already has super user role`);
-  }
-  console.log();
-
-  console.log("=".repeat(60));
-}
-
-// section: main
-function main(): void {
-  const command = process.argv[2];
-
-  if (!command || command === "help" || command === "--help" || command === "-h") {
-    show_help();
-    return;
-  }
-
-  if (command === "init_users") {
-    void init_users();
-  } else {
-    console.error(`Unknown command: ${command}\n`);
-    show_help();
-    process.exit(1);
-  }
-}
-
-main();
-
-

package/src/app/api/hazo_auth/auth/upload_profile_picture/route.ts

@@ -1,268 +0,0 @@
-// file_description: API route for uploading profile pictures
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../../lib/app_logger";
-import { get_profile_picture_config } from "../../../../../lib/profile_picture_config.server";
-import { get_file_types_config } from "../../../../../lib/file_types_config.server";
-import { update_user_profile_picture } from "../../../../../lib/services/profile_picture_service";
-import { createCrudService } from "hazo_connect/server";
-import { map_db_source_to_ui } from "../../../../../lib/services/profile_picture_source_mapper";
-import { get_filename, get_line_number } from "../../../../../lib/utils/api_route_helpers";
-import fs from "fs";
-import path from "path";
-
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    // Use centralized auth check
-    let user_id: string;
-    try {
-      const { require_auth } = await import("../../../../../lib/auth/auth_utils.server");
-      const user = await require_auth(request);
-      user_id = user.user_id;
-    } catch (error) {
-      if (error instanceof Error && error.message === "Authentication required") {
-        logger.warn("profile_picture_upload_authentication_failed", {
-          filename: get_filename(),
-          line_number: get_line_number(),
-          error: "User not authenticated",
-        });
-
-        return NextResponse.json(
-          { error: "Authentication required" },
-          { status: 401 }
-        );
-      }
-      throw error;
-    }
-
-    // Check if upload is enabled
-    const config = get_profile_picture_config();
-    if (!config.allow_photo_upload) {
-      logger.warn("profile_picture_upload_disabled", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-      });
-
-      return NextResponse.json(
-        { error: "Photo upload is not enabled" },
-        { status: 403 }
-      );
-    }
-
-    if (!config.upload_photo_path) {
-      logger.warn("profile_picture_upload_path_not_configured", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-      });
-
-      return NextResponse.json(
-        { error: "Upload path is not configured" },
-        { status: 500 }
-      );
-    }
-
-    // Get FormData
-    const formData = await request.formData();
-    const file = formData.get("file") as File | null;
-
-    if (!file) {
-      logger.warn("profile_picture_upload_no_file", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-      });
-
-      return NextResponse.json(
-        { error: "No file provided" },
-        { status: 400 }
-      );
-    }
-
-    // Validate file type
-    const fileTypes = get_file_types_config();
-    const fileType = file.type;
-    if (!fileTypes.allowed_image_mime_types.includes(fileType)) {
-      logger.warn("profile_picture_upload_invalid_type", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        fileType,
-      });
-
-      return NextResponse.json(
-        { error: "Invalid file type. Only JPG and PNG files are allowed." },
-        { status: 400 }
-      );
-    }
-
-    // Validate file size (should already be compressed client-side, but check server-side too)
-    const fileSize = file.size;
-    if (fileSize > config.max_photo_size) {
-      logger.warn("profile_picture_upload_too_large", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        fileSize,
-        maxSize: config.max_photo_size,
-      });
-
-      return NextResponse.json(
-        { error: `File size exceeds maximum allowed size of ${config.max_photo_size} bytes` },
-        { status: 400 }
-      );
-    }
-
-    // Get current user profile picture info before updating
-    const hazoConnect = get_hazo_connect_instance();
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-    const current_users = await users_service.findBy({ id: user_id });
-
-    let oldProfilePictureUrl: string | null = null;
-    let oldProfileSource: string | null = null;
-
-    if (Array.isArray(current_users) && current_users.length > 0) {
-      const current_user = current_users[0];
-      oldProfilePictureUrl = (current_user.profile_picture_url as string) || null;
-      oldProfileSource = (current_user.profile_source as string) || null;
-    }
-
-    // Determine file extension from MIME type
-    const mimeToExt: Record<string, string> = {
-      "image/jpeg": "jpg",
-      "image/jpg": "jpg",
-      "image/png": "png",
-    };
-    const fileExtension = mimeToExt[fileType] || "jpg";
-    const fileName = `${user_id}.${fileExtension}`;
-
-    // Resolve upload path
-    const uploadPath = path.isAbsolute(config.upload_photo_path)
-      ? config.upload_photo_path
-      : path.resolve(process.cwd(), config.upload_photo_path);
-
-    // Create upload directory if it doesn't exist
-    if (!fs.existsSync(uploadPath)) {
-      fs.mkdirSync(uploadPath, { recursive: true });
-    }
-
-    // Save file
-    const filePath = path.join(uploadPath, fileName);
-    const arrayBuffer = await file.arrayBuffer();
-    const buffer = Buffer.from(arrayBuffer);
-    fs.writeFileSync(filePath, buffer);
-
-    // Generate URL (relative to public or absolute)
-    // For Next.js, we'll serve from a public route or use absolute path
-    // For now, use a relative path that can be served via API or static file serving
-    const profilePictureUrl = `/api/hazo_auth/profile_picture/${fileName}`;
-
-    // Update user record
-    const updateResult = await update_user_profile_picture(
-      hazoConnect,
-      user_id,
-      profilePictureUrl,
-      "upload",
-    );
-
-    if (!updateResult.success) {
-      // Clean up uploaded file
-      try {
-        fs.unlinkSync(filePath);
-      } catch (error) {
-        // Ignore cleanup errors
-      }
-
-      logger.warn("profile_picture_upload_update_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        error: updateResult.error,
-      });
-
-      return NextResponse.json(
-        { error: updateResult.error || "Failed to update profile picture" },
-        { status: 500 }
-      );
-    }
-
-    // Delete old profile picture file if it exists and was an uploaded file
-    if (oldProfilePictureUrl && oldProfileSource) {
-      const oldSourceUI = map_db_source_to_ui(oldProfileSource);
-      
-      // Only delete if the old profile picture was an uploaded file
-      if (oldSourceUI === "upload") {
-        try {
-          // Extract filename from URL (e.g., /api/hazo_auth/profile_picture/user_id.jpg)
-          const oldFileName = oldProfilePictureUrl.split("/").pop();
-          
-          if (oldFileName) {
-            // Check if it's a user-specific file (starts with user_id)
-            if (oldFileName.startsWith(user_id)) {
-              const oldFilePath = path.join(uploadPath, oldFileName);
-              
-              // Only delete if it's a different file (different extension)
-              if (oldFilePath !== filePath && fs.existsSync(oldFilePath)) {
-                fs.unlinkSync(oldFilePath);
-                
-                logger.info("profile_picture_old_file_deleted", {
-                  filename: get_filename(),
-                  line_number: get_line_number(),
-                  user_id,
-                  oldFileName,
-                });
-              }
-            }
-          }
-        } catch (error) {
-          // Log error but don't fail the request
-          logger.warn("profile_picture_old_file_delete_failed", {
-            filename: get_filename(),
-            line_number: get_line_number(),
-            user_id,
-            oldProfilePictureUrl,
-            error: error instanceof Error ? error.message : "Unknown error",
-          });
-        }
-      }
-    }
-
-    logger.info("profile_picture_upload_successful", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id,
-      fileName,
-      fileSize,
-    });
-
-    return NextResponse.json(
-      {
-        success: true,
-        profile_picture_url: profilePictureUrl,
-        message: "Profile picture uploaded successfully",
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("profile_picture_upload_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to upload profile picture. Please try again." },
-      { status: 500 }
-    );
-  }
-}
-