hazo_auth 1.6.2 → 1.6.5

package/dist/app/api/hazo_auth/user_management/users/roles/route.d.ts

@@ -0,0 +1,37 @@
+import { NextRequest, NextResponse } from "next/server";
+export declare const dynamic = "force-dynamic";
+/**
+ * GET - Get roles assigned to a user
+ * Query params: user_id (string)
+ */
+export declare function GET(request: NextRequest): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+    role_ids: number[];
+}>>;
+/**
+ * POST - Assign a role to a user
+ * Body: { user_id: string, role_id: number }
+ */
+export declare function POST(request: NextRequest): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+    assignment: {
+        user_id: string;
+        role_id: number;
+    };
+}>>;
+/**
+ * PUT - Update user roles (bulk assignment/removal)
+ * Body: { user_id: string, role_ids: number[] }
+ */
+export declare function PUT(request: NextRequest): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+    added: number;
+    removed: number;
+}>>;
+//# sourceMappingURL=route.d.ts.map

package/dist/app/api/hazo_auth/user_management/users/roles/route.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../../src/app/api/hazo_auth/user_management/users/roles/route.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AASxD,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAGvC;;;GAGG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;IAoD7C;AAED;;;GAGG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;;;;;IAiG9C;AAED;;;GAGG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;IA2L7C"}

package/dist/app/api/hazo_auth/user_management/users/roles/route.js

@@ -0,0 +1,276 @@
+// file_description: API route for managing user roles (assigning roles to users)
+// section: imports
+import { NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "../../../../../../lib/hazo_connect_instance.server";
+import { createCrudService, getSqliteAdminService } from "hazo_connect/server";
+import { create_app_logger } from "../../../../../../lib/app_logger";
+import { get_filename, get_line_number } from "../../../../../../lib/utils/api_route_helpers";
+import { get_auth_cache } from "../../../../../../lib/auth/auth_cache";
+import { get_auth_utility_config } from "../../../../../../lib/auth_utility_config.server";
+// section: route_config
+export const dynamic = 'force-dynamic';
+// section: api_handler
+/**
+ * GET - Get roles assigned to a user
+ * Query params: user_id (string)
+ */
+export async function GET(request) {
+    const logger = create_app_logger();
+    try {
+        const { searchParams } = new URL(request.url);
+        const user_id = searchParams.get("user_id");
+        if (!user_id || typeof user_id !== "string") {
+            return NextResponse.json({ error: "user_id is required as a query parameter" }, { status: 400 });
+        }
+        const hazoConnect = get_hazo_connect_instance();
+        const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+        // Get all roles assigned to this user
+        const user_roles = await user_roles_service.findBy({
+            user_id,
+        });
+        if (!Array.isArray(user_roles)) {
+            return NextResponse.json({ error: "Failed to fetch user roles" }, { status: 500 });
+        }
+        // Extract role IDs
+        const role_ids = user_roles.map((ur) => ur.role_id).filter((id) => id !== undefined);
+        return NextResponse.json({
+            success: true,
+            role_ids,
+        }, { status: 200 });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        logger.error("user_management_user_roles_fetch_failed", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error: error_message,
+        });
+        return NextResponse.json({ error: "Failed to fetch user roles" }, { status: 500 });
+    }
+}
+/**
+ * POST - Assign a role to a user
+ * Body: { user_id: string, role_id: number }
+ */
+export async function POST(request) {
+    const logger = create_app_logger();
+    try {
+        const body = await request.json();
+        const { user_id, role_id } = body;
+        if (!user_id || typeof user_id !== "string") {
+            return NextResponse.json({ error: "user_id is required and must be a string" }, { status: 400 });
+        }
+        if (!role_id || typeof role_id !== "number") {
+            return NextResponse.json({ error: "role_id is required and must be a number" }, { status: 400 });
+        }
+        const hazoConnect = get_hazo_connect_instance();
+        const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+        // Check if user exists
+        const users_service = createCrudService(hazoConnect, "hazo_users");
+        const users = await users_service.findBy({ id: user_id });
+        if (!Array.isArray(users) || users.length === 0) {
+            return NextResponse.json({ error: "User not found" }, { status: 404 });
+        }
+        // Check if role exists
+        const roles_service = createCrudService(hazoConnect, "hazo_roles");
+        const roles = await roles_service.findBy({ id: role_id });
+        if (!Array.isArray(roles) || roles.length === 0) {
+            return NextResponse.json({ error: "Role not found" }, { status: 404 });
+        }
+        // Check if role is already assigned to user
+        const existing_assignments = await user_roles_service.findBy({
+            user_id,
+            role_id,
+        });
+        if (Array.isArray(existing_assignments) && existing_assignments.length > 0) {
+            return NextResponse.json({ error: "Role is already assigned to this user" }, { status: 409 });
+        }
+        // Assign role to user
+        const now = new Date().toISOString();
+        const new_assignment = await user_roles_service.insert({
+            user_id,
+            role_id,
+            created_at: now,
+            changed_at: now,
+        });
+        logger.info("user_management_user_role_assigned", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+            role_id,
+            assignment_id: new_assignment.user_id,
+        });
+        return NextResponse.json({
+            success: true,
+            assignment: {
+                user_id,
+                role_id,
+            },
+        }, { status: 201 });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        logger.error("user_management_user_role_assign_failed", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error: error_message,
+        });
+        return NextResponse.json({ error: "Failed to assign role to user" }, { status: 500 });
+    }
+}
+/**
+ * PUT - Update user roles (bulk assignment/removal)
+ * Body: { user_id: string, role_ids: number[] }
+ */
+export async function PUT(request) {
+    const logger = create_app_logger();
+    try {
+        const body = await request.json();
+        const { user_id, role_ids } = body;
+        if (!user_id || typeof user_id !== "string") {
+            return NextResponse.json({ error: "user_id is required and must be a string" }, { status: 400 });
+        }
+        if (!Array.isArray(role_ids)) {
+            return NextResponse.json({ error: "role_ids is required and must be an array" }, { status: 400 });
+        }
+        const hazoConnect = get_hazo_connect_instance();
+        const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+        // Check if user exists
+        const users_service = createCrudService(hazoConnect, "hazo_users");
+        const users = await users_service.findBy({ id: user_id });
+        if (!Array.isArray(users) || users.length === 0) {
+            return NextResponse.json({ error: "User not found" }, { status: 404 });
+        }
+        // Get current user roles
+        const current_user_roles = await user_roles_service.findBy({
+            user_id,
+        });
+        if (!Array.isArray(current_user_roles)) {
+            return NextResponse.json({ error: "Failed to fetch current user roles" }, { status: 500 });
+        }
+        const current_role_ids = current_user_roles.map((ur) => ur.role_id).filter((id) => id !== undefined);
+        const target_role_ids = role_ids.filter((id) => typeof id === "number");
+        // Find roles to add and remove
+        const to_add = target_role_ids.filter((id) => !current_role_ids.includes(id));
+        const to_remove = current_role_ids.filter((id) => !target_role_ids.includes(id));
+        const now = new Date().toISOString();
+        // Add new roles
+        for (const role_id of to_add) {
+            // Check if role exists
+            const roles_service = createCrudService(hazoConnect, "hazo_roles");
+            const roles = await roles_service.findBy({ id: role_id });
+            if (Array.isArray(roles) && roles.length > 0) {
+                await user_roles_service.insert({
+                    user_id,
+                    role_id,
+                    created_at: now,
+                    changed_at: now,
+                });
+            }
+        }
+        // Remove roles
+        // Note: hazo_user_roles is a junction table without an id column
+        // We need to use SQLite admin service to delete by composite key (user_id, role_id)
+        if (to_remove.length > 0) {
+            try {
+                const admin_service = getSqliteAdminService();
+                for (const role_id of to_remove) {
+                    // Delete using SQLite admin service with criteria (user_id and role_id)
+                    await admin_service.deleteRows("hazo_user_roles", {
+                        user_id,
+                        role_id,
+                    });
+                }
+            }
+            catch (adminError) {
+                // Fallback: try using createCrudService deleteById if rowid exists
+                // SQLite tables have a hidden rowid column that can be used
+                const error_message = adminError instanceof Error ? adminError.message : "Unknown error";
+                logger.warn("user_management_user_role_delete_admin_failed", {
+                    filename: get_filename(),
+                    line_number: get_line_number(),
+                    error: error_message,
+                    note: "Trying fallback method",
+                });
+                // Fallback: try to find and delete using rowid if available
+                for (const role_id of to_remove) {
+                    const assignments_to_remove = await user_roles_service.findBy({
+                        user_id,
+                        role_id,
+                    });
+                    if (Array.isArray(assignments_to_remove) && assignments_to_remove.length > 0) {
+                        for (const assignment of assignments_to_remove) {
+                            // Try deleteById with rowid (SQLite has hidden rowid)
+                            try {
+                                // Check if assignment has an id field (could be rowid)
+                                if (assignment.id !== undefined) {
+                                    await user_roles_service.deleteById(assignment.id);
+                                }
+                                else if (assignment.rowid !== undefined) {
+                                    await user_roles_service.deleteById(assignment.rowid);
+                                }
+                                else {
+                                    // Last resort: log error
+                                    logger.error("user_management_user_role_delete_no_id", {
+                                        filename: get_filename(),
+                                        line_number: get_line_number(),
+                                        user_id,
+                                        role_id,
+                                        assignment,
+                                    });
+                                }
+                            }
+                            catch (deleteError) {
+                                const delete_error_message = deleteError instanceof Error ? deleteError.message : "Unknown error";
+                                logger.error("user_management_user_role_delete_failed", {
+                                    filename: get_filename(),
+                                    line_number: get_line_number(),
+                                    user_id,
+                                    role_id,
+                                    error: delete_error_message,
+                                });
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        // Invalidate user cache after role assignment changes
+        try {
+            const config = get_auth_utility_config();
+            const cache = get_auth_cache(config.cache_max_users, config.cache_ttl_minutes, config.cache_max_age_minutes);
+            cache.invalidate_user(user_id);
+        }
+        catch (cache_error) {
+            // Log but don't fail role update if cache invalidation fails
+            const cache_error_message = cache_error instanceof Error ? cache_error.message : "Unknown error";
+            logger.warn("user_management_user_roles_cache_invalidation_failed", {
+                filename: get_filename(),
+                line_number: get_line_number(),
+                user_id,
+                error: cache_error_message,
+            });
+        }
+        logger.info("user_management_user_roles_updated", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+            added: to_add.length,
+            removed: to_remove.length,
+        });
+        return NextResponse.json({
+            success: true,
+            added: to_add.length,
+            removed: to_remove.length,
+        }, { status: 200 });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        logger.error("user_management_user_roles_update_failed", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error: error_message,
+        });
+        return NextResponse.json({ error: "Failed to update user roles" }, { status: 500 });
+    }
+}

package/dist/app/api/hazo_auth/user_management/users/route.d.ts

@@ -0,0 +1,39 @@
+import { NextRequest, NextResponse } from "next/server";
+export declare const dynamic = "force-dynamic";
+/**
+ * GET - Fetch all users with details or a specific user by id
+ * Query params: id (optional) - if provided, returns only that user
+ */
+export declare function GET(request: NextRequest): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+    users: {
+        id: unknown;
+        name: {} | null;
+        email_address: unknown;
+        email_verified: {};
+        is_active: boolean;
+        last_logon: {} | null;
+        created_at: {} | null;
+        profile_picture_url: {} | null;
+        profile_source: {} | null;
+    }[];
+}>>;
+/**
+ * PATCH - Update user (deactivate: set is_active to false)
+ */
+export declare function PATCH(request: NextRequest): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+}>>;
+/**
+ * POST - Send password reset email to user
+ */
+export declare function POST(request: NextRequest): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+}>>;
+//# sourceMappingURL=route.d.ts.map

package/dist/app/api/hazo_auth/user_management/users/route.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../src/app/api/hazo_auth/user_management/users/route.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAUxD,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAGvC;;;GAGG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;;;;;;;;;;IA2D7C;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,WAAW;;;;IA0E/C;AAED;;GAEG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;IA2E9C"}

package/dist/app/api/hazo_auth/user_management/users/route.js

@@ -0,0 +1,170 @@
+// file_description: API route for user management operations (list users, deactivate, reset password)
+// section: imports
+import { NextResponse } from "next/server";
+import { get_hazo_connect_instance } from "../../../../../lib/hazo_connect_instance.server";
+import { createCrudService } from "hazo_connect/server";
+import { create_app_logger } from "../../../../../lib/app_logger";
+import { get_filename, get_line_number } from "../../../../../lib/utils/api_route_helpers";
+import { request_password_reset } from "../../../../../lib/services/password_reset_service";
+import { get_auth_cache } from "../../../../../lib/auth/auth_cache";
+import { get_auth_utility_config } from "../../../../../lib/auth_utility_config.server";
+// section: route_config
+export const dynamic = 'force-dynamic';
+// section: api_handler
+/**
+ * GET - Fetch all users with details or a specific user by id
+ * Query params: id (optional) - if provided, returns only that user
+ */
+export async function GET(request) {
+    const logger = create_app_logger();
+    try {
+        const { searchParams } = new URL(request.url);
+        const user_id = searchParams.get("id");
+        const hazoConnect = get_hazo_connect_instance();
+        const users_service = createCrudService(hazoConnect, "hazo_users");
+        // Fetch users - filter by id if provided, otherwise get all
+        const users = await users_service.findBy(user_id ? { id: user_id } : {});
+        if (!Array.isArray(users)) {
+            return NextResponse.json({ error: "Failed to fetch users" }, { status: 500 });
+        }
+        logger.info("user_management_users_fetched", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_count: users.length,
+        });
+        return NextResponse.json({
+            success: true,
+            users: users.map((user) => ({
+                id: user.id,
+                name: user.name || null,
+                email_address: user.email_address,
+                email_verified: user.email_verified || false,
+                is_active: user.is_active !== false,
+                last_logon: user.last_logon || null,
+                created_at: user.created_at || null,
+                profile_picture_url: user.profile_picture_url || null,
+                profile_source: user.profile_source || null,
+            })),
+        }, { status: 200 });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        const error_stack = error instanceof Error ? error.stack : undefined;
+        logger.error("user_management_users_fetch_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+            error_stack,
+        });
+        return NextResponse.json({ error: "Failed to fetch users" }, { status: 500 });
+    }
+}
+/**
+ * PATCH - Update user (deactivate: set is_active to false)
+ */
+export async function PATCH(request) {
+    const logger = create_app_logger();
+    try {
+        const body = await request.json();
+        const { user_id, is_active } = body;
+        if (!user_id || typeof is_active !== "boolean") {
+            return NextResponse.json({ error: "user_id and is_active (boolean) are required" }, { status: 400 });
+        }
+        const hazoConnect = get_hazo_connect_instance();
+        const users_service = createCrudService(hazoConnect, "hazo_users");
+        // Update user with changed_at timestamp
+        const now = new Date().toISOString();
+        await users_service.updateById(user_id, {
+            is_active,
+            changed_at: now,
+        });
+        // Invalidate user cache after deactivation
+        if (is_active === false) {
+            try {
+                const config = get_auth_utility_config();
+                const cache = get_auth_cache(config.cache_max_users, config.cache_ttl_minutes, config.cache_max_age_minutes);
+                cache.invalidate_user(user_id);
+            }
+            catch (cache_error) {
+                // Log but don't fail user update if cache invalidation fails
+                const cache_error_message = cache_error instanceof Error ? cache_error.message : "Unknown error";
+                logger.warn("user_management_user_cache_invalidation_failed", {
+                    filename: get_filename(),
+                    line_number: get_line_number(),
+                    user_id,
+                    error: cache_error_message,
+                });
+            }
+        }
+        logger.info("user_management_user_updated", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+            is_active,
+        });
+        return NextResponse.json({ success: true }, { status: 200 });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        const error_stack = error instanceof Error ? error.stack : undefined;
+        logger.error("user_management_user_update_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+            error_stack,
+        });
+        return NextResponse.json({ error: "Failed to update user" }, { status: 500 });
+    }
+}
+/**
+ * POST - Send password reset email to user
+ */
+export async function POST(request) {
+    const logger = create_app_logger();
+    try {
+        const body = await request.json();
+        const { user_id } = body;
+        if (!user_id) {
+            return NextResponse.json({ error: "user_id is required" }, { status: 400 });
+        }
+        const hazoConnect = get_hazo_connect_instance();
+        const users_service = createCrudService(hazoConnect, "hazo_users");
+        // Get user by ID
+        const users = await users_service.findBy({ id: user_id });
+        if (!Array.isArray(users) || users.length === 0) {
+            return NextResponse.json({ error: "User not found" }, { status: 404 });
+        }
+        const user = users[0];
+        const email = user.email_address;
+        // Request password reset using existing service
+        const result = await request_password_reset(hazoConnect, { email });
+        if (!result.success) {
+            logger.warn("user_management_password_reset_failed", {
+                filename: get_filename(),
+                line_number: get_line_number(),
+                user_id,
+                email,
+                error: result.error,
+            });
+            return NextResponse.json({ error: result.error || "Failed to send password reset email" }, { status: 500 });
+        }
+        logger.info("user_management_password_reset_sent", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+            email,
+        });
+        return NextResponse.json({ success: true }, { status: 200 });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        const error_stack = error instanceof Error ? error.stack : undefined;
+        logger.error("user_management_password_reset_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+            error_stack,
+        });
+        return NextResponse.json({ error: "Failed to send password reset email" }, { status: 500 });
+    }
+}

package/dist/cli/generate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"generate.d.ts","sourceRoot":"","sources":["../../src/cli/generate.ts"],"names":[],"mappings":"AAqBA,MAAM,MAAM,eAAe,GAAG;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,CAAC;AAwJF,wBAAgB,eAAe,CAAC,OAAO,GAAE,eAAoB,GAAG,IAAI,CA8DnE"}
+{"version":3,"file":"generate.d.ts","sourceRoot":"","sources":["../../src/cli/generate.ts"],"names":[],"mappings":"AAqBA,MAAM,MAAM,eAAe,GAAG;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,CAAC;AA4LF,wBAAgB,eAAe,CAAC,OAAO,GAAE,eAAoB,GAAG,IAAI,CA8DnE"}

package/dist/cli/generate.js

@@ -22,6 +22,20 @@ const ROUTES = [
     { name: "validate_reset_token", path: "api/hazo_auth/validate_reset_token", method: "GET", export_name: "validateResetTokenGET" },
     { name: "profile_picture_filename", path: "api/hazo_auth/profile_picture/[filename]", method: "GET", export_name: "profilePictureFilenameGET" },
     { name: "invalidate_cache", path: "api/hazo_auth/invalidate_cache", method: "POST", export_name: "invalidateCachePOST" },
+    // User management routes
+    { name: "user_management_users", path: "api/hazo_auth/user_management/users", method: "GET", export_name: "userManagementUsersGET" },
+    { name: "user_management_users_patch", path: "api/hazo_auth/user_management/users", method: "PATCH", export_name: "userManagementUsersPATCH" },
+    { name: "user_management_users_post", path: "api/hazo_auth/user_management/users", method: "POST", export_name: "userManagementUsersPOST" },
+    { name: "user_management_permissions", path: "api/hazo_auth/user_management/permissions", method: "GET", export_name: "userManagementPermissionsGET" },
+    { name: "user_management_permissions_post", path: "api/hazo_auth/user_management/permissions", method: "POST", export_name: "userManagementPermissionsPOST" },
+    { name: "user_management_permissions_put", path: "api/hazo_auth/user_management/permissions", method: "PUT", export_name: "userManagementPermissionsPUT" },
+    { name: "user_management_permissions_delete", path: "api/hazo_auth/user_management/permissions", method: "DELETE", export_name: "userManagementPermissionsDELETE" },
+    { name: "user_management_roles", path: "api/hazo_auth/user_management/roles", method: "GET", export_name: "userManagementRolesGET" },
+    { name: "user_management_roles_post", path: "api/hazo_auth/user_management/roles", method: "POST", export_name: "userManagementRolesPOST" },
+    { name: "user_management_roles_put", path: "api/hazo_auth/user_management/roles", method: "PUT", export_name: "userManagementRolesPUT" },
+    { name: "user_management_users_roles", path: "api/hazo_auth/user_management/users/roles", method: "GET", export_name: "userManagementUsersRolesGET" },
+    { name: "user_management_users_roles_post", path: "api/hazo_auth/user_management/users/roles", method: "POST", export_name: "userManagementUsersRolesPOST" },
+    { name: "user_management_users_roles_put", path: "api/hazo_auth/user_management/users/roles", method: "PUT", export_name: "userManagementUsersRolesPUT" },
 ];
 const PAGES = [
     { name: "login", path: "hazo_auth/login", component_name: "LoginPage", import_path: "hazo_auth/pages/login" },
@@ -63,6 +77,16 @@ function generate_route_content(route) {
 export { ${route.export_name} as ${route.method} } from "hazo_auth/server/routes";
 `;
 }
+function generate_route_content_multi(routes) {
+    const path = routes[0].path;
+    const exports = routes.map(r => `export { ${r.export_name} as ${r.method} } from "hazo_auth/server/routes";`).join("\n");
+    const methods = routes.map(r => r.method).join(", ");
+    return `// Generated by hazo_auth - do not edit manually
+// Route: /${path}
+// Methods: ${methods}
+${exports}
+`;
+}
 function generate_page_content(page) {
     return `// Generated by hazo_auth - do not edit manually
 // Page: /${page.path}
@@ -77,23 +101,32 @@ function generate_api_routes(app_dir, project_root) {
     let skipped = 0;
     let errors = 0;
     console.log("\x1b[1m📡 Generating API routes...\x1b[0m\n");
+    // Group routes by path to handle multiple methods per path
+    const routes_by_path = new Map();
     for (const route of ROUTES) {
-        const route_dir = path.join(app_dir, route.path);
+        const existing = routes_by_path.get(route.path) || [];
+        existing.push(route);
+        routes_by_path.set(route.path, existing);
+    }
+    for (const [route_path, routes_for_path] of routes_by_path) {
+        const route_dir = path.join(app_dir, route_path);
         const route_file = path.join(route_dir, "route.ts");
         if (file_exists(route_file)) {
-            console.log(`\x1b[33m[SKIP]\x1b[0m ${route.path}/route.ts (already exists)`);
+            console.log(`\x1b[33m[SKIP]\x1b[0m ${route_path}/route.ts (already exists)`);
             skipped++;
             continue;
         }
         try {
             ensure_dir(route_dir);
-            const content = generate_route_content(route);
+            // Generate content with all methods for this path
+            const content = generate_route_content_multi(routes_for_path);
             fs.writeFileSync(route_file, content, "utf-8");
-            console.log(`\x1b[32m[CREATE]\x1b[0m ${route.path}/route.ts`);
+            const methods = routes_for_path.map(r => r.method).join(", ");
+            console.log(`\x1b[32m[CREATE]\x1b[0m ${route_path}/route.ts (${methods})`);
             created++;
         }
         catch (err) {
-            console.log(`\x1b[31m[ERROR]\x1b[0m ${route.path}/route.ts - ${err instanceof Error ? err.message : "Unknown error"}`);
+            console.log(`\x1b[31m[ERROR]\x1b[0m ${route_path}/route.ts - ${err instanceof Error ? err.message : "Unknown error"}`);
             errors++;
         }
     }

package/dist/cli/validate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../src/cli/validate.ts"],"names":[],"mappings":"AAOA,KAAK,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAE5C,KAAK,WAAW,GAAG;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,WAAW,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB,CAAC;AA4dF,wBAAgB,cAAc,IAAI,iBAAiB,CAqElD"}
+{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../src/cli/validate.ts"],"names":[],"mappings":"AAOA,KAAK,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAE5C,KAAK,WAAW,GAAG;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,WAAW,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB,CAAC;AA0eF,wBAAgB,cAAc,IAAI,iBAAiB,CAqElD"}

package/dist/cli/validate.js

@@ -29,6 +29,20 @@ const REQUIRED_API_ROUTES = [
     { path: "api/hazo_auth/get_auth", method: "POST" },
     { path: "api/hazo_auth/validate_reset_token", method: "POST" },
     { path: "api/hazo_auth/profile_picture/[filename]", method: "GET" },
+    // User management routes
+    { path: "api/hazo_auth/user_management/users", method: "GET" },
+    { path: "api/hazo_auth/user_management/users", method: "PATCH" },
+    { path: "api/hazo_auth/user_management/users", method: "POST" },
+    { path: "api/hazo_auth/user_management/permissions", method: "GET" },
+    { path: "api/hazo_auth/user_management/permissions", method: "POST" },
+    { path: "api/hazo_auth/user_management/permissions", method: "PUT" },
+    { path: "api/hazo_auth/user_management/permissions", method: "DELETE" },
+    { path: "api/hazo_auth/user_management/roles", method: "GET" },
+    { path: "api/hazo_auth/user_management/roles", method: "POST" },
+    { path: "api/hazo_auth/user_management/roles", method: "PUT" },
+    { path: "api/hazo_auth/user_management/users/roles", method: "GET" },
+    { path: "api/hazo_auth/user_management/users/roles", method: "POST" },
+    { path: "api/hazo_auth/user_management/users/roles", method: "PUT" },
 ];
 // section: helpers
 function get_project_root() {

package/dist/components/layouts/shared/components/profile_pic_menu.d.ts

@@ -10,13 +10,17 @@ export type ProfilePicMenuProps = {
     custom_menu_items?: ProfilePicMenuMenuItem[];
     className?: string;
     avatar_size?: "default" | "sm" | "lg";
+    variant?: "dropdown" | "sidebar";
+    sidebar_group_label?: string;
 };
 /**
  * Profile picture menu component
  * Shows user profile picture when authenticated, or sign up/sign in buttons when not authenticated
- * Clicking profile picture opens dropdown menu with user info and actions
+ * Supports two variants:
+ * - "dropdown" (default): Clicking profile picture opens dropdown menu (for navbar/header)
+ * - "sidebar": Shows profile picture and name in sidebar, clicking opens dropdown menu (for sidebar navigation)
  * @param props - Component props including configuration options
  * @returns Profile picture menu component
  */
-export declare function ProfilePicMenu({ show_single_button, sign_up_label, sign_in_label, register_path, login_path, settings_path, logout_path, custom_menu_items, className, avatar_size, }: ProfilePicMenuProps): import("react/jsx-runtime").JSX.Element;
+export declare function ProfilePicMenu({ show_single_button, sign_up_label, sign_in_label, register_path, login_path, settings_path, logout_path, custom_menu_items, className, avatar_size, variant, sidebar_group_label, }: ProfilePicMenuProps): import("react/jsx-runtime").JSX.Element;
 //# sourceMappingURL=profile_pic_menu.d.ts.map