hazo_auth 1.4.2 → 1.6.1

package/src/lib/services/profile_picture_service.ts

@@ -1,215 +0,0 @@
-// file_description: service for profile picture management including default photo logic, Gravatar, and library photos
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { createCrudService } from "hazo_connect/server";
-import gravatarUrl from "gravatar-url";
-import { get_profile_picture_config } from "../profile_picture_config.server";
-import { get_ui_sizes_config } from "../ui_sizes_config.server";
-import { get_file_types_config } from "../file_types_config.server";
-import { create_app_logger } from "../app_logger";
-import path from "path";
-import fs from "fs";
-import { map_ui_source_to_db, type ProfilePictureSourceUI } from "./profile_picture_source_mapper";
-
-// section: types
-export type ProfilePictureSource = ProfilePictureSourceUI;
-
-export type DefaultProfilePictureResult = {
-  profile_picture_url: string;
-  profile_source: ProfilePictureSource;
-};
-
-// section: helpers
-/**
- * Generates Gravatar URL from email address
- * @param email - User's email address
- * @param size - Image size in pixels (defaults to config value)
- * @returns Gravatar URL
- */
-export function get_gravatar_url(email: string, size?: number): string {
-  const uiSizes = get_ui_sizes_config();
-  const gravatarSize = size || uiSizes.gravatar_size;
-  return gravatarUrl(email, {
-    size: gravatarSize,
-    default: "identicon",
-  });
-}
-
-/**
- * Gets library photo categories by reading subdirectories
- * @returns Array of category names
- */
-export function get_library_categories(): string[] {
-  const config = get_profile_picture_config();
-  const library_path = path.resolve(process.cwd(), "public", config.library_photo_path.replace(/^\//, ""));
-  
-  if (!fs.existsSync(library_path)) {
-    return [];
-  }
-
-  try {
-    const entries = fs.readdirSync(library_path, { withFileTypes: true });
-    return entries
-      .filter((entry) => entry.isDirectory())
-      .map((entry) => entry.name)
-      .sort();
-  } catch (error) {
-    const logger = create_app_logger();
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    logger.warn("profile_picture_service_read_categories_failed", {
-      filename: "profile_picture_service.ts",
-      line_number: 0,
-      library_path,
-      error: error_message,
-    });
-    return [];
-  }
-}
-
-/**
- * Gets photos in a specific library category
- * @param category - Category name
- * @returns Array of photo URLs (relative to public directory)
- */
-export function get_library_photos(category: string): string[] {
-  const config = get_profile_picture_config();
-  const category_path = path.resolve(process.cwd(), "public", config.library_photo_path.replace(/^\//, ""), category);
-  
-  if (!fs.existsSync(category_path)) {
-    return [];
-  }
-
-  try {
-    const fileTypes = get_file_types_config();
-    const allowedExtensions = fileTypes.allowed_image_extensions.map(ext => `.${ext.toLowerCase()}`);
-    const entries = fs.readdirSync(category_path, { withFileTypes: true });
-    const photos = entries
-      .filter((entry) => {
-        if (!entry.isFile()) return false;
-        const ext = path.extname(entry.name).toLowerCase();
-        return allowedExtensions.includes(ext);
-      })
-      .map((entry) => `${config.library_photo_path}/${category}/${entry.name}`)
-      .sort();
-    return photos;
-  } catch (error) {
-    const logger = create_app_logger();
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    logger.warn("profile_picture_service_read_photos_failed", {
-      filename: "profile_picture_service.ts",
-      line_number: 0,
-      category,
-      category_path,
-      error: error_message,
-    });
-    return [];
-  }
-}
-
-/**
- * Gets default profile picture based on configuration priority
- * @param user_email - User's email address
- * @param user_name - User's name (optional)
- * @returns Default profile picture URL and source, or null if no default available
- */
-export function get_default_profile_picture(
-  user_email: string,
-  user_name?: string,
-): DefaultProfilePictureResult | null {
-  const config = get_profile_picture_config();
-
-  if (!config.user_photo_default) {
-    return null;
-  }
-
-  const uiSizes = get_ui_sizes_config();
-  
-  // Try priority 1
-  if (config.user_photo_default_priority1 === "gravatar") {
-    const gravatar_url = get_gravatar_url(user_email, uiSizes.gravatar_size);
-    // Note: We can't check if Gravatar actually exists without making a request
-    // For now, we'll always return Gravatar URL and let the browser handle 404
-    return {
-      profile_picture_url: gravatar_url,
-      profile_source: "gravatar",
-    };
-  } else if (config.user_photo_default_priority1 === "library") {
-    const categories = get_library_categories();
-    if (categories.length > 0) {
-      // Use first category, first photo as default
-      const photos = get_library_photos(categories[0]);
-      if (photos.length > 0) {
-        return {
-          profile_picture_url: photos[0],
-          profile_source: "library",
-        };
-      }
-    }
-  }
-
-  // Try priority 2 if priority 1 didn't work (only if priority2 is different from priority1)
-  const priority1 = config.user_photo_default_priority1;
-  const priority2 = config.user_photo_default_priority2;
-  
-  if (priority2 && priority2 !== priority1) {
-    if (priority2 === "gravatar") {
-      const gravatar_url = get_gravatar_url(user_email, uiSizes.gravatar_size);
-      return {
-        profile_picture_url: gravatar_url,
-        profile_source: "gravatar",
-      };
-    } else if (priority2 === "library") {
-      const categories = get_library_categories();
-      if (categories.length > 0) {
-        const photos = get_library_photos(categories[0]);
-        if (photos.length > 0) {
-          return {
-            profile_picture_url: photos[0],
-            profile_source: "library",
-          };
-        }
-      }
-    }
-  }
-
-  // No default photo available
-  return null;
-}
-
-/**
- * Updates user profile picture in database
- * @param adapter - The hazo_connect adapter instance
- * @param user_id - User ID
- * @param profile_picture_url - Profile picture URL
- * @param profile_source - Profile picture source type
- * @returns Success status
- */
-export async function update_user_profile_picture(
-  adapter: HazoConnectAdapter,
-  user_id: string,
-  profile_picture_url: string,
-  profile_source: ProfilePictureSource,
-): Promise<{ success: boolean; error?: string }> {
-  try {
-    const users_service = createCrudService(adapter, "hazo_users");
-    const now = new Date().toISOString();
-
-    // Map UI source value to database enum value
-    const db_profile_source = map_ui_source_to_db(profile_source);
-
-    await users_service.updateById(user_id, {
-      profile_picture_url,
-      profile_source: db_profile_source,
-      changed_at: now,
-    });
-
-    return { success: true };
-  } catch (error) {
-    const error_message = error instanceof Error ? error.message : "Unknown error";
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}
-

package/src/lib/services/profile_picture_source_mapper.ts

@@ -1,62 +0,0 @@
-// file_description: helper to map between UI profile picture source values and database enum values
-// section: types
-/**
- * UI representation of profile picture source
- * Used in components and API interfaces
- */
-export type ProfilePictureSourceUI = "upload" | "library" | "gravatar" | "custom";
-
-/**
- * Database enum values for profile_source
- * Must match the CHECK constraint in the database
- */
-export type ProfilePictureSourceDB = "gravatar" | "custom" | "predefined";
-
-// section: helpers
-/**
- * Maps UI profile picture source to database enum value
- * @param uiSource - UI representation of source ("upload", "library", "gravatar", "custom")
- * @returns Database enum value ("gravatar", "custom", "predefined")
- */
-export function map_ui_source_to_db(uiSource: ProfilePictureSourceUI): ProfilePictureSourceDB {
-  switch (uiSource) {
-    case "upload":
-      return "custom"; // User uploaded their own photo
-    case "library":
-      return "predefined"; // User selected from predefined library
-    case "gravatar":
-      return "gravatar"; // User's Gravatar
-    case "custom":
-      return "custom"; // Already in database format
-    default:
-      // Fallback to custom for unknown values
-      return "custom";
-  }
-}
-
-/**
- * Maps database enum value to UI representation
- * @param dbSource - Database enum value ("gravatar", "custom", "predefined")
- * @returns UI representation ("upload", "library", "gravatar", "custom")
- */
-export function map_db_source_to_ui(dbSource: ProfilePictureSourceDB | string | null | undefined): ProfilePictureSourceUI {
-  if (!dbSource) {
-    return "custom"; // Default fallback
-  }
-
-  switch (dbSource) {
-    case "gravatar":
-      return "gravatar";
-    case "custom":
-      return "upload"; // Map custom to upload in UI (user uploaded their own)
-    case "predefined":
-      return "library"; // Map predefined to library in UI (user selected from library)
-    default:
-      // For unknown values, try to return as-is if it matches UI format
-      if (dbSource === "upload" || dbSource === "library") {
-        return dbSource as ProfilePictureSourceUI;
-      }
-      return "custom"; // Fallback
-  }
-}
-

package/src/lib/services/registration_service.ts

@@ -1,184 +0,0 @@
-// file_description: service for user registration operations using hazo_connect
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { createCrudService } from "hazo_connect/server";
-import argon2 from "argon2";
-import { randomUUID } from "crypto";
-import { create_token } from "./token_service";
-import { get_default_profile_picture } from "./profile_picture_service";
-import { get_profile_picture_config } from "../profile_picture_config.server";
-import { map_ui_source_to_db } from "./profile_picture_source_mapper";
-import { create_app_logger } from "../app_logger";
-import { send_template_email } from "./email_service";
-import { sanitize_error_for_user } from "../utils/error_sanitizer";
-import { get_filename, get_line_number } from "../utils/api_route_helpers";
-
-// section: types
-export type RegistrationData = {
-  email: string;
-  password: string;
-  name?: string;
-  url_on_logon?: string;
-};
-
-export type RegistrationResult = {
-  success: boolean;
-  user_id?: string;
-  error?: string;
-};
-
-// section: helpers
-/**
- * Registers a new user in the database using hazo_connect
- * @param adapter - The hazo_connect adapter instance
- * @param data - Registration data (email, password, optional name)
- * @returns Registration result with success status and user_id or error
- */
-export async function register_user(
-  adapter: HazoConnectAdapter,
-  data: RegistrationData,
-): Promise<RegistrationResult> {
-  try {
-    const { email, password, name, url_on_logon } = data;
-
-    // Create CRUD service for hazo_users table
-    const users_service = createCrudService(adapter, "hazo_users");
-
-    // Check if user already exists
-    const existing_users = await users_service.findBy({
-      email_address: email,
-    });
-
-    if (Array.isArray(existing_users) && existing_users.length > 0) {
-      return {
-        success: false,
-        error: "Email address already registered",
-      };
-    }
-
-    // Hash password using argon2
-    const password_hash = await argon2.hash(password);
-
-    // Generate user ID
-    const user_id = randomUUID();
-    const now = new Date().toISOString();
-
-    // Insert user into database using CRUD service
-    const insert_data: Record<string, unknown> = {
-      id: user_id,
-      email_address: email,
-      password_hash: password_hash,
-      email_verified: false,
-      is_active: true,
-      login_attempts: 0,
-      created_at: now,
-      changed_at: now,
-    };
-
-    // Include name if provided
-    if (name) {
-      insert_data.name = name;
-    }
-
-    // Validate and include url_on_logon if provided
-    if (url_on_logon) {
-      // Ensure it's a relative path starting with / but not //
-      if (url_on_logon.startsWith("/") && !url_on_logon.startsWith("//")) {
-        insert_data.url_on_logon = url_on_logon;
-      }
-    }
-
-    // Set default profile picture if enabled
-    const profile_picture_config = get_profile_picture_config();
-    if (profile_picture_config.user_photo_default) {
-      const default_photo = get_default_profile_picture(email, name);
-      if (default_photo) {
-        insert_data.profile_picture_url = default_photo.profile_picture_url;
-        // Map UI source value to database enum value
-        insert_data.profile_source = map_ui_source_to_db(default_photo.profile_source);
-      }
-    }
-
-    const inserted_users = await users_service.insert(insert_data);
-
-    // Verify insertion was successful
-    if (!Array.isArray(inserted_users) || inserted_users.length === 0) {
-      return {
-        success: false,
-        error: "Failed to create user account",
-      };
-    }
-
-    // Create email verification token for the new user
-    const token_result = await create_token({
-      adapter,
-      user_id,
-      token_type: "email_verification",
-    });
-
-    if (!token_result.success) {
-      // Log error but don't fail registration - token can be resent later
-      const logger = create_app_logger();
-      const error_message = token_result.error || "Unknown error";
-      logger.error("registration_service_token_creation_failed", {
-        filename: "registration_service.ts",
-        line_number: 0,
-        user_id,
-        error: error_message,
-        note: "This may be due to missing token_type column in hazo_refresh_tokens table. Please ensure migration 001_add_token_type_to_refresh_tokens.sql has been applied.",
-      });
-    } else {
-      const logger = create_app_logger();
-      logger.info("registration_service_token_created", {
-        filename: "registration_service.ts",
-        line_number: 0,
-        user_id,
-      });
-    }
-
-    // Send verification email if token was created successfully
-    if (token_result.success && token_result.raw_token) {
-      const email_result = await send_template_email("email_verification", email, {
-        token: token_result.raw_token,
-        user_email: email,
-        user_name: name,
-      });
-      
-      if (!email_result.success) {
-        const logger = create_app_logger();
-        logger.error("registration_service_email_send_failed", {
-          filename: "registration_service.ts",
-          line_number: 0,
-          user_id,
-          email,
-          error: email_result.error,
-          note: "User registration succeeded but verification email failed to send",
-        });
-      }
-    }
-
-    return {
-      success: true,
-      user_id,
-    };
-  } catch (error) {
-    const logger = create_app_logger();
-    const user_friendly_error = sanitize_error_for_user(error, {
-      logToConsole: true,
-      logToLogger: true,
-      logger,
-      context: {
-        filename: "registration_service.ts",
-        line_number: get_line_number(),
-        email: data.email,
-        operation: "register_user",
-      },
-    });
-
-    return {
-      success: false,
-      error: user_friendly_error,
-    };
-  }
-}
-

package/src/lib/services/token_service.ts

@@ -1,240 +0,0 @@
-// file_description: shared service for creating and managing tokens in hazo_refresh_tokens table
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { createCrudService } from "hazo_connect/server";
-import { randomBytes, randomUUID } from "crypto";
-import argon2 from "argon2";
-import { read_config_section } from "../config/config_loader.server";
-import { create_app_logger } from "../app_logger";
-
-// section: types
-export type TokenType = "refresh" | "password_reset" | "email_verification";
-
-export type CreateTokenParams = {
-  adapter: HazoConnectAdapter;
-  user_id: string;
-  token_type: TokenType;
-};
-
-export type CreateTokenResult = {
-  success: boolean;
-  raw_token?: string;
-  error?: string;
-};
-
-// section: helpers
-/**
- * Gets token expiry hours from hazo_auth_config.ini for a specific token type
- * Falls back to defaults if config is not found
- * @param token_type - The type of token (refresh, password_reset, email_verification)
- * @returns Number of hours until token expires
- */
-function get_token_expiry_hours(token_type: TokenType): number {
-  const default_expiries: Record<TokenType, number> = {
-    refresh: 720, // 30 days
-    password_reset: 0.167, // 10 minutes
-    email_verification: 48, // 48 hours
-  };
-
-  const logger = create_app_logger();
-  const token_config_section = read_config_section("hazo_auth__tokens");
-
-  // Get expiry from config or environment variable or default
-  const config_key = `${token_type}_expiry_hours`;
-  const env_key = `HAZO_AUTH_${token_type.toUpperCase()}_TOKEN_EXPIRY_HOURS`;
-
-  const expiry_hours =
-    token_config_section?.[config_key] ||
-    process.env[env_key] ||
-    default_expiries[token_type];
-
-  return parseFloat(String(expiry_hours)) || default_expiries[token_type];
-}
-
-/**
- * Creates a token for a user and stores it in hazo_refresh_tokens table
- * Invalidates any existing tokens of the same type for the user before creating a new one
- * @param params - Token creation parameters (adapter, user_id, token_type)
- * @returns Token creation result with raw_token (for sending to user) or error
- */
-export async function create_token(
-  params: CreateTokenParams,
-): Promise<CreateTokenResult> {
-  try {
-    const { adapter, user_id, token_type } = params;
-
-    // Create CRUD service for hazo_refresh_tokens table
-    const tokens_service = createCrudService(adapter, "hazo_refresh_tokens");
-
-    // Invalidate any existing tokens of this type for this user
-    // If token_type column doesn't exist, this will fail - catch and continue
-    let existing_tokens: unknown[] = [];
-    try {
-      existing_tokens = (await tokens_service.findBy({
-        user_id: user_id,
-        token_type: token_type,
-      })) as unknown[];
-    } catch (error) {
-      // If token_type column doesn't exist, try without it
-      // This is a fallback for databases that haven't had the migration applied
-      const logger = create_app_logger();
-      const error_message = error instanceof Error ? error.message : "Unknown error";
-      logger.warn("token_service_token_type_column_missing", {
-        filename: "token_service.ts",
-        line_number: 0,
-        user_id,
-        token_type,
-        error: error_message,
-        note: "token_type column may not exist, trying without filter",
-      });
-      // Try to find tokens by user_id only (less precise but works without migration)
-      try {
-        existing_tokens = (await tokens_service.findBy({
-          user_id: user_id,
-        })) as unknown[];
-      } catch (fallbackError) {
-        // If that also fails, log and continue (will just create new token)
-        const fallback_error_message = fallbackError instanceof Error ? fallbackError.message : "Unknown error";
-        logger.warn("token_service_query_existing_tokens_failed", {
-          filename: "token_service.ts",
-          line_number: 0,
-          user_id,
-          error: fallback_error_message,
-          note: "Could not query existing tokens, will create new token anyway",
-        });
-      }
-    }
-
-    if (Array.isArray(existing_tokens) && existing_tokens.length > 0) {
-      // Delete existing tokens (of this type if token_type exists, or all for user if not)
-      for (const token of existing_tokens) {
-        try {
-          await tokens_service.deleteById((token as { id: unknown }).id);
-        } catch (deleteError) {
-          const logger = create_app_logger();
-          const error_message = deleteError instanceof Error ? deleteError.message : "Unknown error";
-          logger.warn("token_service_delete_existing_token_failed", {
-            filename: "token_service.ts",
-            line_number: 0,
-            user_id,
-            token_id: (token as { id: unknown }).id,
-            error: error_message,
-          });
-        }
-      }
-    }
-
-    // Generate a secure random token
-    const raw_token = randomBytes(32).toString("hex");
-
-    // Hash the token before storing
-    const token_hash = await argon2.hash(raw_token);
-
-    // Get expiry hours from config
-    const expiry_hours = get_token_expiry_hours(token_type);
-
-    // Calculate expiration time (convert hours to milliseconds)
-    const expires_at = new Date();
-    expires_at.setTime(expires_at.getTime() + expiry_hours * 60 * 60 * 1000);
-
-    const now = new Date().toISOString();
-
-    // Insert the token into the database
-    // Try with token_type first, fallback to without if column doesn't exist
-    let inserted_tokens: unknown[];
-    try {
-      inserted_tokens = (await tokens_service.insert({
-        id: randomUUID(),
-        user_id: user_id,
-        token_hash: token_hash,
-        token_type: token_type,
-        expires_at: expires_at.toISOString(),
-        created_at: now,
-      })) as unknown[];
-    } catch (error) {
-      // If token_type column doesn't exist, try without it
-      const logger = create_app_logger();
-      const error_message = error instanceof Error ? error.message : "Unknown error";
-      logger.warn("token_service_insert_with_token_type_failed", {
-        filename: "token_service.ts",
-        line_number: 0,
-        user_id,
-        token_type,
-        error: error_message,
-        note: "token_type column may not exist, inserting without it",
-      });
-      // Fallback: insert without token_type (will use default if column exists with default)
-      inserted_tokens = (await tokens_service.insert({
-        id: randomUUID(),
-        user_id: user_id,
-        token_hash: token_hash,
-        expires_at: expires_at.toISOString(),
-        created_at: now,
-      })) as unknown[];
-    }
-
-    // Verify insertion was successful
-    if (!Array.isArray(inserted_tokens) || inserted_tokens.length === 0) {
-      const logger = create_app_logger();
-      const error_msg = `Failed to create ${token_type} token - no rows inserted`;
-      logger.error("token_service_insertion_failed", {
-        filename: "token_service.ts",
-        line_number: 0,
-        user_id,
-        token_type,
-        error: error_msg,
-      });
-      return {
-        success: false,
-        error: error_msg,
-      };
-    }
-
-    const logger = create_app_logger();
-    logger.info("token_service_token_created", {
-      filename: "token_service.ts",
-      line_number: 0,
-      user_id,
-      token_type,
-    });
-    
-    // Log raw token and test URLs in debug mode (logger handles dev mode)
-    logger.debug("token_service_raw_token", {
-      filename: "token_service.ts",
-      line_number: 0,
-      user_id,
-      token_type,
-      raw_token,
-      test_url: token_type === "email_verification" 
-        ? `/hazo_auth/verify_email?token=${raw_token}`
-        : token_type === "password_reset"
-        ? `/hazo_auth/reset_password?token=${raw_token}`
-        : undefined,
-    });
-
-    return {
-      success: true,
-      raw_token,
-    };
-  } catch (error) {
-    const logger = create_app_logger();
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    const error_stack = error instanceof Error ? error.stack : undefined;
-
-    logger.error("token_service_create_token_error", {
-      filename: "token_service.ts",
-      line_number: 0,
-      user_id: params.user_id,
-      token_type: params.token_type,
-      error: error_message,
-      error_stack,
-    });
-
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}
-