hazo_auth 1.4.2 → 1.6.0

package/src/app/api/hazo_auth/change_password/route.ts

@@ -1,132 +0,0 @@
-// file_description: API route for changing user password
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { change_password } from "../../../../lib/services/password_change_service";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-import { require_auth } from "../../../../lib/auth/auth_utils.server";
-import { get_auth_cache } from "../../../../lib/auth/auth_cache";
-import { get_auth_utility_config } from "../../../../lib/auth_utility_config.server";
-
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    // Use centralized auth check
-    let user_id: string;
-    try {
-      const user = await require_auth(request);
-      user_id = user.user_id;
-    } catch (error) {
-      if (error instanceof Error && error.message === "Authentication required") {
-        logger.warn("password_change_authentication_failed", {
-          filename: get_filename(),
-          line_number: get_line_number(),
-          error: "User not authenticated",
-        });
-
-        return NextResponse.json(
-          { error: "Authentication required" },
-          { status: 401 }
-        );
-      }
-      throw error;
-    }
-
-    const body = await request.json();
-    const { current_password, new_password } = body;
-
-    // Validate input
-    if (!current_password || !new_password) {
-      logger.warn("password_change_validation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        error: "Missing required fields",
-        has_current_password: !!current_password,
-        has_new_password: !!new_password,
-      });
-
-      return NextResponse.json(
-        { error: "Current password and new password are required" },
-        { status: 400 }
-      );
-    }
-
-    // Get singleton hazo_connect instance
-    const hazoConnect = get_hazo_connect_instance();
-
-    // Change password
-    const result = await change_password(hazoConnect, user_id, {
-      current_password,
-      new_password,
-    });
-
-    if (!result.success) {
-      logger.warn("password_change_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        error: result.error,
-        user_id,
-      });
-
-      return NextResponse.json(
-        { error: result.error || "Failed to change password" },
-        { status: 400 }
-      );
-    }
-
-    // Invalidate user cache after password change
-    try {
-      const config = get_auth_utility_config();
-      const cache = get_auth_cache(
-        config.cache_max_users,
-        config.cache_ttl_minutes,
-        config.cache_max_age_minutes,
-      );
-      cache.invalidate_user(user_id);
-    } catch (cache_error) {
-      // Log but don't fail password change if cache invalidation fails
-      const cache_error_message =
-        cache_error instanceof Error ? cache_error.message : "Unknown error";
-      logger.warn("password_change_cache_invalidation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        error: cache_error_message,
-      });
-    }
-
-    logger.info("password_change_successful", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id,
-    });
-
-    return NextResponse.json(
-      {
-        success: true,
-        message: "Password changed successfully",
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("password_change_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to change password. Please try again." },
-      { status: 500 }
-    );
-  }
-}
-

package/src/app/api/hazo_auth/forgot_password/route.ts

@@ -1,107 +0,0 @@
-// file_description: API route for password reset requests using hazo_connect
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { request_password_reset } from "../../../../lib/services/password_reset_service";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { email } = body;
-
-    // Validate input
-    if (!email) {
-      logger.warn("password_reset_validation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email: email || "missing",
-      });
-
-      return NextResponse.json(
-        { error: "Email is required" },
-        { status: 400 }
-      );
-    }
-
-    // Validate email format
-    const email_pattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-    if (!email_pattern.test(email)) {
-      logger.warn("password_reset_invalid_email", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-      });
-
-      return NextResponse.json(
-        { error: "Invalid email address format" },
-        { status: 400 }
-      );
-    }
-
-    // Get singleton hazo_connect instance (reuses same connection across all routes)
-    const hazoConnect = get_hazo_connect_instance();
-
-    // Request password reset using the password reset service
-    const result = await request_password_reset(hazoConnect, {
-      email,
-    });
-
-    if (!result.success) {
-      logger.warn("password_reset_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-        error: result.error,
-      });
-
-      // Still return 200 OK to prevent email enumeration attacks
-      return NextResponse.json(
-        {
-          success: true,
-          message: "If an account with that email exists, a password reset link has been sent.",
-        },
-        { status: 200 }
-      );
-    }
-
-    logger.info("password_reset_requested", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      email,
-    });
-
-    // Always return success to prevent email enumeration attacks
-    return NextResponse.json(
-      {
-        success: true,
-        message: "If an account with that email exists, a password reset link has been sent.",
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("password_reset_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    // Still return 200 OK to prevent email enumeration attacks
-    return NextResponse.json(
-      {
-        success: true,
-        message: "If an account with that email exists, a password reset link has been sent.",
-      },
-      { status: 200 }
-    );
-  }
-}
-

package/src/app/api/hazo_auth/get_auth/route.ts

@@ -1,89 +0,0 @@
-// file_description: API route for hazo_get_auth utility (client-side calls)
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { hazo_get_auth } from "../../../../lib/auth/hazo_get_auth.server";
-import { PermissionError } from "../../../../lib/auth/auth_types";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-
-// section: route_config
-export const dynamic = "force-dynamic";
-
-// section: api_handler
-/**
- * POST - Get authentication status and permissions
- * Body: { required_permissions?: string[], strict?: boolean }
- */
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { required_permissions, strict } = body;
-
-    // Validate required_permissions if provided
-    if (
-      required_permissions !== undefined &&
-      (!Array.isArray(required_permissions) ||
-        !required_permissions.every((p) => typeof p === "string"))
-    ) {
-      return NextResponse.json(
-        { error: "required_permissions must be an array of strings" },
-        { status: 400 },
-      );
-    }
-
-    // Validate strict if provided
-    if (strict !== undefined && typeof strict !== "boolean") {
-      return NextResponse.json(
-        { error: "strict must be a boolean" },
-        { status: 400 },
-      );
-    }
-
-    // Call hazo_get_auth
-    const result = await hazo_get_auth(request, {
-      required_permissions,
-      strict,
-    });
-
-    return NextResponse.json(result, { status: 200 });
-  } catch (error) {
-    // Handle PermissionError (strict mode)
-    if (error instanceof PermissionError) {
-      logger.warn("auth_utility_permission_error", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        missing_permissions: error.missing_permissions,
-        required_permissions: error.required_permissions,
-      });
-
-      return NextResponse.json(
-        {
-          error: "Permission denied",
-          missing_permissions: error.missing_permissions,
-          user_friendly_message: error.user_friendly_message,
-        },
-        { status: 403 },
-      );
-    }
-
-    // Handle other errors
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("auth_utility_api_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: error_message },
-      { status: 500 },
-    );
-  }
-}
-

package/src/app/api/hazo_auth/invalidate_cache/route.ts

@@ -1,139 +0,0 @@
-// file_description: API route for manual cache invalidation (admin endpoint)
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_auth_cache } from "../../../../lib/auth/auth_cache";
-import { get_auth_utility_config } from "../../../../lib/auth_utility_config.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-import { hazo_get_auth } from "../../../../lib/auth/hazo_get_auth.server";
-
-// section: route_config
-export const dynamic = "force-dynamic";
-
-// section: api_handler
-/**
- * POST - Manually invalidate auth cache
- * Body: { user_id?: string, role_ids?: number[], invalidate_all?: boolean }
- * Requires admin permission (checked via hazo_get_auth)
- */
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    // Check authentication and admin permission
-    const auth_result = await hazo_get_auth(request, {
-      required_permissions: ["admin_user_management"], // Require admin permission
-      strict: true, // Throw error if not authorized
-    });
-
-    if (!auth_result.authenticated) {
-      return NextResponse.json(
-        { error: "Authentication required" },
-        { status: 401 },
-      );
-    }
-
-    const body = await request.json();
-    const { user_id, role_ids, invalidate_all } = body;
-
-    // Validate input
-    if (invalidate_all !== undefined && typeof invalidate_all !== "boolean") {
-      return NextResponse.json(
-        { error: "invalidate_all must be a boolean" },
-        { status: 400 },
-      );
-    }
-
-    if (user_id !== undefined && typeof user_id !== "string") {
-      return NextResponse.json(
-        { error: "user_id must be a string" },
-        { status: 400 },
-      );
-    }
-
-    if (
-      role_ids !== undefined &&
-      (!Array.isArray(role_ids) ||
-        !role_ids.every((id) => typeof id === "number"))
-    ) {
-      return NextResponse.json(
-        { error: "role_ids must be an array of numbers" },
-        { status: 400 },
-      );
-    }
-
-    const config = get_auth_utility_config();
-    const cache = get_auth_cache(
-      config.cache_max_users,
-      config.cache_ttl_minutes,
-      config.cache_max_age_minutes,
-    );
-
-    // Perform invalidation
-    if (invalidate_all === true) {
-      cache.invalidate_all();
-      logger.info("auth_cache_invalidated_all", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id: auth_result.user.id,
-      });
-    } else if (user_id) {
-      cache.invalidate_user(user_id);
-      logger.info("auth_cache_invalidated_user", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        invalidated_user_id: user_id,
-        admin_user_id: auth_result.user.id,
-      });
-    } else if (role_ids && role_ids.length > 0) {
-      cache.invalidate_by_roles(role_ids);
-      logger.info("auth_cache_invalidated_roles", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        role_ids,
-        admin_user_id: auth_result.user.id,
-      });
-    } else {
-      return NextResponse.json(
-        {
-          error:
-            "Must provide user_id, role_ids, or invalidate_all=true",
-        },
-        { status: 400 },
-      );
-    }
-
-    return NextResponse.json(
-      {
-        success: true,
-        message: "Cache invalidated successfully",
-      },
-      { status: 200 },
-    );
-  } catch (error) {
-    // Handle PermissionError (strict mode)
-    if (error instanceof Error && error.name === "PermissionError") {
-      return NextResponse.json(
-        { error: "Permission denied. Admin access required." },
-        { status: 403 },
-      );
-    }
-
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("auth_cache_invalidation_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to invalidate cache" },
-      { status: 500 },
-    );
-  }
-}
-

package/src/app/api/hazo_auth/library_photos/route.ts

@@ -1,73 +0,0 @@
-// file_description: API route for listing library photo categories and photos in categories
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_library_categories, get_library_photos } from "../../../../lib/services/profile_picture_service";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-
-// section: route_config
-export const dynamic = 'force-dynamic';
-
-// section: api_handler
-export async function GET(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const { searchParams } = new URL(request.url);
-    const category = searchParams.get("category");
-
-    if (category) {
-      // Return photos in the specified category
-      const photos = get_library_photos(category);
-
-      logger.info("library_photos_category_requested", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        category,
-        photoCount: photos.length,
-      });
-
-      return NextResponse.json(
-        {
-          success: true,
-          category,
-          photos,
-        },
-        { status: 200 }
-      );
-    } else {
-      // Return list of categories
-      const categories = get_library_categories();
-
-      logger.info("library_categories_requested", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        categoryCount: categories.length,
-      });
-
-      return NextResponse.json(
-        {
-          success: true,
-          categories,
-        },
-        { status: 200 }
-      );
-    }
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("library_photos_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to fetch library photos" },
-      { status: 500 }
-    );
-  }
-}
-