hazo_auth 1.4.2 → 1.6.0

package/src/app/api/hazo_auth/login/route.ts

@@ -1,181 +0,0 @@
-// file_description: API route for user login authentication using hazo_connect
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { authenticate_user } from "../../../../lib/services/login_service";
-import { createCrudService } from "hazo_connect/server";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-import { get_login_config } from "../../../../lib/login_config.server";
-
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { email, password, url_on_logon } = body;
-
-    // Validate input
-    if (!email || !password) {
-      logger.warn("login_validation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email: email || "missing",
-        has_password: !!password,
-      });
-
-      return NextResponse.json(
-        { error: "Email and password are required" },
-        { status: 400 }
-      );
-    }
-
-    // Validate email format
-    const email_pattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-    if (!email_pattern.test(email)) {
-      logger.warn("login_invalid_email", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-      });
-
-      return NextResponse.json(
-        { error: "Invalid email address format" },
-        { status: 400 }
-      );
-    }
-
-    // Get singleton hazo_connect instance (reuses same connection across all routes)
-    const hazoConnect = get_hazo_connect_instance();
-
-    // Authenticate user using the login service
-    const result = await authenticate_user(hazoConnect, {
-      email,
-      password,
-    });
-
-    if (!result.success) {
-      const status_code = result.error === "Invalid email or password" ? 401 : 500;
-
-      logger.warn("login_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-        error: result.error,
-        email_not_verified: result.email_not_verified || false,
-      });
-
-      return NextResponse.json(
-        {
-          error: result.error || "Login failed",
-          email_not_verified: result.email_not_verified || false,
-        },
-        { status: status_code }
-      );
-    }
-
-    // TypeScript assertion: user_id is guaranteed to be present when success is true
-    // However, we need to check it to satisfy TypeScript's type checking
-    if (!result.user_id) {
-      logger.error("login_user_id_missing", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-        note: "Login succeeded but user_id is missing - this should not happen",
-      });
-      return NextResponse.json(
-        { error: "Login failed - user ID not found" },
-        { status: 500 }
-      );
-    }
-
-    const user_id = result.user_id;
-
-    logger.info("login_successful", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id: user_id,
-      email,
-    });
-
-    // Reuse the existing hazoConnect instance from above
-    const users_service = createCrudService(hazoConnect, "hazo_users");
-    const users = await users_service.findBy({
-      id: user_id,
-    });
-    const user = users && users.length > 0 ? users[0] : null;
-    const user_name = user?.name as string | undefined;
-
-    // Determine redirect URL priority:
-    // 1. url_on_logon from request body (if valid)
-    // 2. stored_url_on_logon from database (if available)
-    // 3. redirect_route_on_successful_login from config
-    // 4. Default to "/"
-
-    let redirectUrl = "/";
-
-    // Check priority 1: Request body
-    if (url_on_logon && typeof url_on_logon === "string" && url_on_logon.startsWith("/") && !url_on_logon.startsWith("//")) {
-      redirectUrl = url_on_logon;
-    } 
-    // Check priority 2: Stored URL from DB
-    else if (result.stored_url_on_logon && typeof result.stored_url_on_logon === "string") {
-      redirectUrl = result.stored_url_on_logon;
-    } 
-    // Check priority 3: Config
-    else {
-      const loginConfig = get_login_config();
-      if (loginConfig.redirectRoute) {
-        redirectUrl = loginConfig.redirectRoute;
-      }
-    }
-
-    // Create response with cookies
-    const response = NextResponse.json(
-      {
-        success: true,
-        message: "Login successful",
-        user_id: user_id,
-        email,
-        name: user_name,
-        redirectUrl,
-      },
-      { status: 200 }
-    );
-
-    // Set authentication cookies
-    response.cookies.set("hazo_auth_user_id", user_id, {
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      sameSite: "lax",
-      path: "/",
-      maxAge: 60 * 60 * 24 * 30, // 30 days
-    });
-    response.cookies.set("hazo_auth_user_email", email, {
-      httpOnly: true,
-      secure: process.env.NODE_ENV === "production",
-      sameSite: "lax",
-      path: "/",
-      maxAge: 60 * 60 * 24 * 30, // 30 days
-    });
-
-    return response;
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("login_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Login failed. Please try again." },
-      { status: 500 }
-    );
-  }
-}
-

package/src/app/api/hazo_auth/logout/route.ts

@@ -1,89 +0,0 @@
-// file_description: API route for user logout
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-import { get_auth_cache } from "../../../../lib/auth/auth_cache";
-import { get_auth_utility_config } from "../../../../lib/auth_utility_config.server";
-
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    // Get user info from cookie before clearing
-    const user_email = request.cookies.get("hazo_auth_user_email")?.value;
-    const user_id = request.cookies.get("hazo_auth_user_id")?.value;
-
-    // Clear authentication cookies
-    const response = NextResponse.json(
-      {
-        success: true,
-        message: "Logout successful",
-      },
-      { status: 200 }
-    );
-
-    // Clear cookies by setting them to expire in the past
-    response.cookies.set("hazo_auth_user_email", "", {
-      expires: new Date(0),
-      path: "/",
-    });
-    response.cookies.set("hazo_auth_user_id", "", {
-      expires: new Date(0),
-      path: "/",
-    });
-
-    // Invalidate user cache
-    if (user_id) {
-      try {
-        const config = get_auth_utility_config();
-        const cache = get_auth_cache(
-          config.cache_max_users,
-          config.cache_ttl_minutes,
-          config.cache_max_age_minutes,
-        );
-        cache.invalidate_user(user_id);
-      } catch (cache_error) {
-        // Log but don't fail logout if cache invalidation fails
-        const cache_error_message =
-          cache_error instanceof Error
-            ? cache_error.message
-            : "Unknown error";
-        logger.warn("logout_cache_invalidation_failed", {
-          filename: get_filename(),
-          line_number: get_line_number(),
-          user_id,
-          error: cache_error_message,
-        });
-      }
-    }
-
-    if (user_email || user_id) {
-      logger.info("logout_successful", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id: user_id || "unknown",
-        email: user_email || "unknown",
-      });
-    }
-
-    return response;
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("logout_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Logout failed. Please try again." },
-      { status: 500 }
-    );
-  }
-}
-

package/src/app/api/hazo_auth/me/route.ts

@@ -1,47 +0,0 @@
-// file_description: API route to get current authenticated user information
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_authenticated_user_with_response } from "../../../../lib/auth/auth_utils.server";
-
-// section: api_handler
-export async function GET(request: NextRequest) {
-  try {
-    // Use centralized auth utility
-    const { auth_result, response } = await get_authenticated_user_with_response(request);
-
-    // If response is provided, it means cookies were cleared (invalid auth)
-    if (response) {
-      return response;
-    }
-
-    // If not authenticated, return false
-    if (!auth_result.authenticated) {
-      return NextResponse.json(
-        { authenticated: false },
-        { status: 200 }
-      );
-    }
-
-    // Return user info
-    return NextResponse.json(
-      {
-        authenticated: true,
-        user_id: auth_result.user_id,
-        email: auth_result.email,
-        name: auth_result.name,
-        email_verified: auth_result.email_verified,
-        last_logon: auth_result.last_logon,
-        profile_picture_url: auth_result.profile_picture_url,
-        profile_source: auth_result.profile_source,
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    // On error, assume not authenticated
-    return NextResponse.json(
-      { authenticated: false },
-      { status: 200 }
-    );
-  }
-}
-

package/src/app/api/hazo_auth/profile_picture/[filename]/route.ts

@@ -1,67 +0,0 @@
-// file_description: API route to serve uploaded profile pictures
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_profile_picture_config } from "../../../../../lib/profile_picture_config.server";
-import fs from "fs";
-import path from "path";
-
-// section: api_handler
-export async function GET(
-  request: NextRequest,
-  { params }: { params: { filename: string } }
-) {
-  try {
-    const config = get_profile_picture_config();
-
-    if (!config.allow_photo_upload || !config.upload_photo_path) {
-      return NextResponse.json(
-        { error: "Profile picture upload is not enabled" },
-        { status: 404 }
-      );
-    }
-
-    const filename = params.filename;
-
-    // Validate filename (prevent path traversal)
-    if (filename.includes("..") || filename.includes("/") || filename.includes("\\")) {
-      return NextResponse.json(
-        { error: "Invalid filename" },
-        { status: 400 }
-      );
-    }
-
-    // Resolve upload path
-    const uploadPath = path.isAbsolute(config.upload_photo_path)
-      ? config.upload_photo_path
-      : path.resolve(process.cwd(), config.upload_photo_path);
-
-    const filePath = path.join(uploadPath, filename);
-
-    // Check if file exists
-    if (!fs.existsSync(filePath)) {
-      return NextResponse.json(
-        { error: "File not found" },
-        { status: 404 }
-      );
-    }
-
-    // Read file
-    const fileBuffer = fs.readFileSync(filePath);
-    const fileExt = path.extname(filename).toLowerCase();
-    const contentType = fileExt === ".png" ? "image/png" : "image/jpeg";
-
-    // Return file with appropriate content type
-    return new NextResponse(fileBuffer, {
-      headers: {
-        "Content-Type": contentType,
-        "Cache-Control": "public, max-age=31536000, immutable",
-      },
-    });
-  } catch (error) {
-    return NextResponse.json(
-      { error: "Failed to serve profile picture" },
-      { status: 500 }
-    );
-  }
-}
-

package/src/app/api/hazo_auth/register/route.ts

@@ -1,109 +0,0 @@
-// file_description: API route for user registration using hazo_connect to insert into hazo_users table
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { register_user } from "../../../../lib/services/registration_service";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-import { sanitize_error_for_user } from "../../../../lib/utils/error_sanitizer";
-
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { name, email, password, url_on_logon } = body;
-
-    // Validate input
-    if (!email || !password) {
-      logger.warn("registration_validation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email: email || "missing",
-        has_password: !!password,
-      });
-
-      return NextResponse.json(
-        { error: "Email and password are required" },
-        { status: 400 }
-      );
-    }
-
-    // Validate email format
-    const email_pattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-    if (!email_pattern.test(email)) {
-      logger.warn("registration_invalid_email", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-      });
-
-      return NextResponse.json(
-        { error: "Invalid email address format" },
-        { status: 400 }
-      );
-    }
-
-    // Get singleton hazo_connect instance (reuses same connection across all routes)
-    const hazoConnect = get_hazo_connect_instance();
-
-    // Register user using the registration service
-    const result = await register_user(hazoConnect, {
-      email,
-      password,
-      name,
-      url_on_logon,
-    });
-
-    if (!result.success) {
-      const status_code = result.error === "Email address already registered" ? 409 : 500;
-
-      logger.warn("registration_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-        error: result.error,
-      });
-
-      return NextResponse.json(
-        { error: result.error || "Registration failed" },
-        { status: status_code }
-      );
-    }
-
-    logger.info("registration_successful", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id: result.user_id,
-      email,
-      has_name: !!name,
-    });
-
-    return NextResponse.json(
-      {
-        success: true,
-        message: "Registration successful",
-        user_id: result.user_id,
-      },
-      { status: 201 }
-    );
-  } catch (error) {
-    const user_friendly_error = sanitize_error_for_user(error, {
-      logToConsole: true,
-      logToLogger: true,
-      logger,
-      context: {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        operation: "register_api_route",
-      },
-    });
-
-    return NextResponse.json(
-      { error: user_friendly_error },
-      { status: 500 }
-    );
-  }
-}
-

package/src/app/api/hazo_auth/remove_profile_picture/route.ts

@@ -1,86 +0,0 @@
-// file_description: API route for removing profile pictures
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { remove_user_profile_picture } from "../../../../lib/services/profile_picture_remove_service";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-
-// section: api_handler
-export async function DELETE(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    // Use centralized auth check
-    let user_id: string;
-    try {
-      const { require_auth } = await import("../../../../lib/auth/auth_utils.server");
-      const user = await require_auth(request);
-      user_id = user.user_id;
-    } catch (error) {
-      if (error instanceof Error && error.message === "Authentication required") {
-        logger.warn("profile_picture_remove_authentication_failed", {
-          filename: get_filename(),
-          line_number: get_line_number(),
-          error: "User not authenticated",
-        });
-
-        return NextResponse.json(
-          { error: "Authentication required" },
-          { status: 401 }
-        );
-      }
-      throw error;
-    }
-
-    // Get singleton hazo_connect instance
-    const hazoConnect = get_hazo_connect_instance();
-
-    // Remove profile picture
-    const result = await remove_user_profile_picture(hazoConnect, user_id);
-
-    if (!result.success) {
-      logger.warn("profile_picture_remove_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        user_id,
-        error: result.error,
-      });
-
-      return NextResponse.json(
-        { error: result.error || "Failed to remove profile picture" },
-        { status: 400 }
-      );
-    }
-
-    logger.info("profile_picture_remove_successful", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      user_id,
-    });
-
-    return NextResponse.json(
-      {
-        success: true,
-        message: "Profile picture removed successfully",
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("profile_picture_remove_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    return NextResponse.json(
-      { error: "Failed to remove profile picture. Please try again." },
-      { status: 500 }
-    );
-  }
-}
-

package/src/app/api/hazo_auth/resend_verification/route.ts

@@ -1,108 +0,0 @@
-// file_description: API route for resending email verification using hazo_connect
-// section: imports
-import { NextRequest, NextResponse } from "next/server";
-import { get_hazo_connect_instance } from "../../../../lib/hazo_connect_instance.server";
-import { create_app_logger } from "../../../../lib/app_logger";
-import { resend_verification_email } from "../../../../lib/services/email_verification_service";
-import { get_filename, get_line_number } from "../../../../lib/utils/api_route_helpers";
-
-// section: api_handler
-export async function POST(request: NextRequest) {
-  const logger = create_app_logger();
-
-  try {
-    const body = await request.json();
-    const { email } = body;
-
-    // Validate input
-    if (!email) {
-      logger.warn("resend_verification_validation_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email: email || "missing",
-      });
-
-      return NextResponse.json(
-        { error: "Email is required" },
-        { status: 400 }
-      );
-    }
-
-    // Validate email format
-    const email_pattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-    if (!email_pattern.test(email)) {
-      logger.warn("resend_verification_invalid_email", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-      });
-
-      return NextResponse.json(
-        { error: "Invalid email address format" },
-        { status: 400 }
-      );
-    }
-
-    // Get singleton hazo_connect instance (reuses same connection across all routes)
-    const hazoConnect = get_hazo_connect_instance();
-
-    // Resend verification email using the email verification service
-    const result = await resend_verification_email(hazoConnect, {
-      email,
-    });
-
-    if (!result.success) {
-      logger.error("resend_verification_failed", {
-        filename: get_filename(),
-        line_number: get_line_number(),
-        email,
-        error: result.error,
-      });
-
-      // Return error response (500) when email sending fails
-      // This is a technical error, not a security issue, so we can reveal it
-      return NextResponse.json(
-        {
-          success: false,
-          error: result.error || "Failed to resend verification email",
-        },
-        { status: 500 }
-      );
-    }
-
-    logger.info("resend_verification_requested", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      email,
-    });
-
-    // Always return success to prevent email enumeration attacks
-    return NextResponse.json(
-      {
-        success: true,
-        message: "If an account with that email exists and is not verified, a verification link has been sent.",
-      },
-      { status: 200 }
-    );
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("resend_verification_error", {
-      filename: get_filename(),
-      line_number: get_line_number(),
-      error_message,
-      error_stack,
-    });
-
-    // Still return 200 OK to prevent email enumeration attacks
-    return NextResponse.json(
-      {
-        success: true,
-        message: "If an account with that email exists and is not verified, a verification link has been sent.",
-      },
-      { status: 200 }
-    );
-  }
-}
-