hazo_auth 1.6.6 → 3.0.0

package/dist/lib/auth/session_token_validator.edge.js

@@ -0,0 +1,64 @@
+// file_description: Edge-compatible JWT session token validator for Next.js proxy/middleware
+// Uses jose library which works in Edge Runtime
+// section: imports
+import { jwtVerify } from "jose";
+// section: helpers
+/**
+ * Gets JWT secret from environment variables
+ * Works in Edge Runtime (no Node.js APIs)
+ * @returns JWT secret as Uint8Array for jose library
+ */
+function get_jwt_secret() {
+    const jwt_secret = process.env.JWT_SECRET;
+    if (!jwt_secret) {
+        // In Edge Runtime, we can't use logger, so we just return null
+        // The validation will fail gracefully
+        return null;
+    }
+    // Convert string secret to Uint8Array for jose
+    return new TextEncoder().encode(jwt_secret);
+}
+// section: main_function
+/**
+ * Validates session cookie from NextRequest (Edge-compatible)
+ * Extracts hazo_auth_session cookie and validates JWT signature and expiry
+ * Works in Edge Runtime (Next.js proxy/middleware)
+ * @param request - NextRequest object
+ * @returns Validation result with user_id and email if valid
+ */
+export async function validate_session_cookie(request) {
+    var _a;
+    try {
+        // Extract session cookie
+        const session_cookie = (_a = request.cookies.get("hazo_auth_session")) === null || _a === void 0 ? void 0 : _a.value;
+        if (!session_cookie) {
+            return { valid: false };
+        }
+        // Get JWT secret
+        const secret = get_jwt_secret();
+        if (!secret) {
+            // JWT_SECRET not set - cannot validate
+            return { valid: false };
+        }
+        // Verify JWT signature and expiration
+        const { payload } = await jwtVerify(session_cookie, secret, {
+            algorithms: ["HS256"],
+        });
+        // Extract user_id and email from payload
+        const user_id = payload.user_id;
+        const email = payload.email;
+        if (!user_id || !email) {
+            return { valid: false };
+        }
+        return {
+            valid: true,
+            user_id,
+            email,
+        };
+    }
+    catch (error) {
+        // jose throws JWTExpired, JWTInvalid, etc. - these are expected for invalid tokens
+        // In Edge Runtime, we can't log, so we just return invalid
+        return { valid: false };
+    }
+}

package/dist/lib/config/default_config.d.ts

@@ -0,0 +1,237 @@
+export declare const DEFAULT_PASSWORD_REQUIREMENTS: {
+    readonly minimum_length: 8;
+    readonly require_uppercase: false;
+    readonly require_lowercase: false;
+    readonly require_number: false;
+    readonly require_special: false;
+};
+export declare const DEFAULT_USER_FIELDS: {
+    readonly show_name_field: true;
+    readonly show_email_field: true;
+    readonly show_password_field: true;
+};
+export declare const DEFAULT_PROFILE_PICTURE: {
+    readonly allow_photo_upload: true;
+    readonly max_photo_size: 5242880;
+    readonly user_photo_default: true;
+    readonly user_photo_default_priority1: "gravatar";
+    readonly user_photo_default_priority2: "library";
+    readonly library_photo_path: "/profile_pictures/library";
+};
+export declare const DEFAULT_UI_SIZES: {
+    readonly gravatar_size: 200;
+    readonly profile_picture_size: 128;
+    readonly tooltip_icon_size_default: 16;
+    readonly tooltip_icon_size_small: 14;
+    readonly library_photo_grid_columns: 4;
+    readonly library_photo_preview_size: 80;
+    readonly image_compression_max_dimension: 800;
+    readonly upload_file_hard_limit_bytes: 10485760;
+};
+export declare const DEFAULT_FILE_TYPES: {
+    readonly allowed_image_extensions: readonly [".jpg", ".jpeg", ".png", ".gif", ".webp"];
+    readonly allowed_image_mime_types: readonly ["image/jpeg", "image/png", "image/gif", "image/webp"];
+};
+export declare const DEFAULT_MESSAGES: {
+    readonly photo_upload_disabled_message: "Photo upload is currently disabled. Contact your administrator.";
+    readonly gravatar_setup_message: "To use Gravatar, create a free account at gravatar.com with the same email address you use here.";
+    readonly gravatar_no_account_message: "No Gravatar account found for your email. Using library photo instead.";
+    readonly library_tooltip_message: "Choose from our library of profile pictures";
+};
+export declare const DEFAULT_ALREADY_LOGGED_IN: {
+    readonly message: "You are already logged in";
+    readonly showLogoutButton: true;
+    readonly showReturnHomeButton: true;
+    readonly returnHomeButtonLabel: "Return Home";
+    readonly returnHomePath: "/";
+};
+export declare const DEFAULT_LOGIN: {
+    readonly redirectRoute: string | undefined;
+    readonly successMessage: "Successfully logged in";
+    readonly forgotPasswordPath: "/hazo_auth/forgot_password";
+    readonly forgotPasswordLabel: "Forgot password?";
+    readonly createAccountPath: "/hazo_auth/register";
+    readonly createAccountLabel: "Create account";
+};
+export declare const DEFAULT_REGISTER: {
+    readonly redirectRoute: string | undefined;
+    readonly successMessage: "Registration successful! Please check your email to verify your account.";
+    readonly loginPath: "/hazo_auth/login";
+    readonly loginLabel: "Already have an account? Sign in";
+    readonly requireEmailVerification: true;
+};
+export declare const DEFAULT_FORGOT_PASSWORD: {
+    readonly successMessage: "If an account with that email exists, a password reset link has been sent.";
+    readonly loginPath: "/hazo_auth/login";
+    readonly loginLabel: "Back to login";
+};
+export declare const DEFAULT_RESET_PASSWORD: {
+    readonly successMessage: "Password reset successfully. You can now log in with your new password.";
+    readonly loginPath: "/hazo_auth/login";
+    readonly redirectDelay: 2;
+};
+export declare const DEFAULT_EMAIL_VERIFICATION: {
+    readonly successMessage: "Email verified successfully! Redirecting to login...";
+    readonly errorMessage: "Email verification failed. The link may have expired.";
+    readonly loginPath: "/hazo_auth/login";
+    readonly redirectDelay: 5;
+};
+export declare const DEFAULT_MY_SETTINGS: {
+    readonly showNameField: true;
+    readonly showEmailField: true;
+    readonly showPasswordField: true;
+    readonly showProfilePicture: true;
+};
+export declare const DEFAULT_USER_MANAGEMENT: {
+    readonly enableUserManagement: true;
+    readonly enableRoleManagement: true;
+    readonly enablePermissionManagement: true;
+};
+export declare const DEFAULT_AUTH_UTILITY: {
+    readonly sessionCookieName: "hazo_session";
+    readonly sessionDuration: 86400;
+    readonly requireEmailVerification: true;
+};
+export declare const DEFAULT_UI_SHELL: {
+    readonly layout_mode: "standalone" | "test_sidebar";
+    readonly image_src: "/globe.svg";
+    readonly image_width: 400;
+    readonly image_height: 400;
+    readonly show_visual_panel: true;
+};
+export declare const DEFAULT_PROFILE_PIC_MENU: {
+    readonly show_single_button: false;
+    readonly sign_up_label: "Sign Up";
+    readonly sign_in_label: "Sign In";
+    readonly register_path: "/hazo_auth/register";
+    readonly login_path: "/hazo_auth/login";
+    readonly settings_path: "/hazo_auth/my_settings";
+    readonly logout_path: "/api/hazo_auth/logout";
+};
+export declare const DEFAULT_API_PATHS: {
+    readonly apiBasePath: "/api/hazo_auth";
+};
+/**
+ * All default configuration values combined in one object
+ * This makes it easy to see all defaults at a glance and export them as needed
+ */
+export declare const HAZO_AUTH_DEFAULTS: {
+    readonly passwordRequirements: {
+        readonly minimum_length: 8;
+        readonly require_uppercase: false;
+        readonly require_lowercase: false;
+        readonly require_number: false;
+        readonly require_special: false;
+    };
+    readonly userFields: {
+        readonly show_name_field: true;
+        readonly show_email_field: true;
+        readonly show_password_field: true;
+    };
+    readonly profilePicture: {
+        readonly allow_photo_upload: true;
+        readonly max_photo_size: 5242880;
+        readonly user_photo_default: true;
+        readonly user_photo_default_priority1: "gravatar";
+        readonly user_photo_default_priority2: "library";
+        readonly library_photo_path: "/profile_pictures/library";
+    };
+    readonly uiSizes: {
+        readonly gravatar_size: 200;
+        readonly profile_picture_size: 128;
+        readonly tooltip_icon_size_default: 16;
+        readonly tooltip_icon_size_small: 14;
+        readonly library_photo_grid_columns: 4;
+        readonly library_photo_preview_size: 80;
+        readonly image_compression_max_dimension: 800;
+        readonly upload_file_hard_limit_bytes: 10485760;
+    };
+    readonly fileTypes: {
+        readonly allowed_image_extensions: readonly [".jpg", ".jpeg", ".png", ".gif", ".webp"];
+        readonly allowed_image_mime_types: readonly ["image/jpeg", "image/png", "image/gif", "image/webp"];
+    };
+    readonly messages: {
+        readonly photo_upload_disabled_message: "Photo upload is currently disabled. Contact your administrator.";
+        readonly gravatar_setup_message: "To use Gravatar, create a free account at gravatar.com with the same email address you use here.";
+        readonly gravatar_no_account_message: "No Gravatar account found for your email. Using library photo instead.";
+        readonly library_tooltip_message: "Choose from our library of profile pictures";
+    };
+    readonly alreadyLoggedIn: {
+        readonly message: "You are already logged in";
+        readonly showLogoutButton: true;
+        readonly showReturnHomeButton: true;
+        readonly returnHomeButtonLabel: "Return Home";
+        readonly returnHomePath: "/";
+    };
+    readonly login: {
+        readonly redirectRoute: string | undefined;
+        readonly successMessage: "Successfully logged in";
+        readonly forgotPasswordPath: "/hazo_auth/forgot_password";
+        readonly forgotPasswordLabel: "Forgot password?";
+        readonly createAccountPath: "/hazo_auth/register";
+        readonly createAccountLabel: "Create account";
+    };
+    readonly register: {
+        readonly redirectRoute: string | undefined;
+        readonly successMessage: "Registration successful! Please check your email to verify your account.";
+        readonly loginPath: "/hazo_auth/login";
+        readonly loginLabel: "Already have an account? Sign in";
+        readonly requireEmailVerification: true;
+    };
+    readonly forgotPassword: {
+        readonly successMessage: "If an account with that email exists, a password reset link has been sent.";
+        readonly loginPath: "/hazo_auth/login";
+        readonly loginLabel: "Back to login";
+    };
+    readonly resetPassword: {
+        readonly successMessage: "Password reset successfully. You can now log in with your new password.";
+        readonly loginPath: "/hazo_auth/login";
+        readonly redirectDelay: 2;
+    };
+    readonly emailVerification: {
+        readonly successMessage: "Email verified successfully! Redirecting to login...";
+        readonly errorMessage: "Email verification failed. The link may have expired.";
+        readonly loginPath: "/hazo_auth/login";
+        readonly redirectDelay: 5;
+    };
+    readonly mySettings: {
+        readonly showNameField: true;
+        readonly showEmailField: true;
+        readonly showPasswordField: true;
+        readonly showProfilePicture: true;
+    };
+    readonly userManagement: {
+        readonly enableUserManagement: true;
+        readonly enableRoleManagement: true;
+        readonly enablePermissionManagement: true;
+    };
+    readonly authUtility: {
+        readonly sessionCookieName: "hazo_session";
+        readonly sessionDuration: 86400;
+        readonly requireEmailVerification: true;
+    };
+    readonly uiShell: {
+        readonly layout_mode: "standalone" | "test_sidebar";
+        readonly image_src: "/globe.svg";
+        readonly image_width: 400;
+        readonly image_height: 400;
+        readonly show_visual_panel: true;
+    };
+    readonly profilePicMenu: {
+        readonly show_single_button: false;
+        readonly sign_up_label: "Sign Up";
+        readonly sign_in_label: "Sign In";
+        readonly register_path: "/hazo_auth/register";
+        readonly login_path: "/hazo_auth/login";
+        readonly settings_path: "/hazo_auth/my_settings";
+        readonly logout_path: "/api/hazo_auth/logout";
+    };
+    readonly apiPaths: {
+        readonly apiBasePath: "/api/hazo_auth";
+    };
+};
+/**
+ * Type representing the complete default configuration structure
+ */
+export type HazoAuthDefaults = typeof HAZO_AUTH_DEFAULTS;
+//# sourceMappingURL=default_config.d.ts.map

package/dist/lib/config/default_config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"default_config.d.ts","sourceRoot":"","sources":["../../../src/lib/config/default_config.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,6BAA6B;;;;;;CAMhC,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;CAItB,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;;;;CAO1B,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;;;;;CASnB,CAAC;AAGX,eAAO,MAAM,kBAAkB;;;CAGrB,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;CAKnB,CAAC;AAGX,eAAO,MAAM,yBAAyB;;;;;;CAM5B,CAAC;AAGX,eAAO,MAAM,aAAa;4BACI,MAAM,GAAG,SAAS;;;;;;CAMtC,CAAC;AAGX,eAAO,MAAM,gBAAgB;4BACC,MAAM,GAAG,SAAS;;;;;CAKtC,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC;AAGX,eAAO,MAAM,sBAAsB;;;;CAIzB,CAAC;AAGX,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC;AAGX,eAAO,MAAM,oBAAoB;;;;CAIvB,CAAC;AAGX,eAAO,MAAM,gBAAgB;0BACE,YAAY,GAAG,cAAc;;;;;CAKlD,CAAC;AAGX,eAAO,MAAM,wBAAwB;;;;;;;;CAQ3B,CAAC;AAGX,eAAO,MAAM,iBAAiB;;CAEpB,CAAC;AAGX;;;GAGG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCA3FD,MAAM,GAAG,SAAS;;;;;;;;gCAUlB,MAAM,GAAG,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAqDjB,YAAY,GAAG,cAAc;;;;;;;;;;;;;;;;;;CA+ClD,CAAC;AAGX;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,OAAO,kBAAkB,CAAC"}

package/dist/lib/config/default_config.js

@@ -0,0 +1,159 @@
+// file_description: Centralized default configuration for hazo_auth
+// All default values in one place for easy reference and maintenance
+// These defaults are used when hazo_auth_config.ini is missing or incomplete
+// section: password_requirements
+export const DEFAULT_PASSWORD_REQUIREMENTS = {
+    minimum_length: 8,
+    require_uppercase: false,
+    require_lowercase: false,
+    require_number: false,
+    require_special: false,
+};
+// section: user_fields
+export const DEFAULT_USER_FIELDS = {
+    show_name_field: true,
+    show_email_field: true,
+    show_password_field: true,
+};
+// section: profile_picture
+export const DEFAULT_PROFILE_PICTURE = {
+    allow_photo_upload: true,
+    max_photo_size: 5242880, // 5MB in bytes
+    user_photo_default: true,
+    user_photo_default_priority1: "gravatar",
+    user_photo_default_priority2: "library",
+    library_photo_path: "/profile_pictures/library",
+};
+// section: ui_sizes
+export const DEFAULT_UI_SIZES = {
+    gravatar_size: 200,
+    profile_picture_size: 128,
+    tooltip_icon_size_default: 16,
+    tooltip_icon_size_small: 14,
+    library_photo_grid_columns: 4,
+    library_photo_preview_size: 80,
+    image_compression_max_dimension: 800,
+    upload_file_hard_limit_bytes: 10485760, // 10MB
+};
+// section: file_types
+export const DEFAULT_FILE_TYPES = {
+    allowed_image_extensions: [".jpg", ".jpeg", ".png", ".gif", ".webp"],
+    allowed_image_mime_types: ["image/jpeg", "image/png", "image/gif", "image/webp"],
+};
+// section: messages
+export const DEFAULT_MESSAGES = {
+    photo_upload_disabled_message: "Photo upload is currently disabled. Contact your administrator.",
+    gravatar_setup_message: "To use Gravatar, create a free account at gravatar.com with the same email address you use here.",
+    gravatar_no_account_message: "No Gravatar account found for your email. Using library photo instead.",
+    library_tooltip_message: "Choose from our library of profile pictures",
+};
+// section: already_logged_in
+export const DEFAULT_ALREADY_LOGGED_IN = {
+    message: "You are already logged in",
+    showLogoutButton: true,
+    showReturnHomeButton: true,
+    returnHomeButtonLabel: "Return Home",
+    returnHomePath: "/",
+};
+// section: login
+export const DEFAULT_LOGIN = {
+    redirectRoute: undefined,
+    successMessage: "Successfully logged in",
+    forgotPasswordPath: "/hazo_auth/forgot_password",
+    forgotPasswordLabel: "Forgot password?",
+    createAccountPath: "/hazo_auth/register",
+    createAccountLabel: "Create account",
+};
+// section: register
+export const DEFAULT_REGISTER = {
+    redirectRoute: undefined,
+    successMessage: "Registration successful! Please check your email to verify your account.",
+    loginPath: "/hazo_auth/login",
+    loginLabel: "Already have an account? Sign in",
+    requireEmailVerification: true,
+};
+// section: forgot_password
+export const DEFAULT_FORGOT_PASSWORD = {
+    successMessage: "If an account with that email exists, a password reset link has been sent.",
+    loginPath: "/hazo_auth/login",
+    loginLabel: "Back to login",
+};
+// section: reset_password
+export const DEFAULT_RESET_PASSWORD = {
+    successMessage: "Password reset successfully. You can now log in with your new password.",
+    loginPath: "/hazo_auth/login",
+    redirectDelay: 2, // seconds
+};
+// section: email_verification
+export const DEFAULT_EMAIL_VERIFICATION = {
+    successMessage: "Email verified successfully! Redirecting to login...",
+    errorMessage: "Email verification failed. The link may have expired.",
+    loginPath: "/hazo_auth/login",
+    redirectDelay: 5, // seconds
+};
+// section: my_settings
+export const DEFAULT_MY_SETTINGS = {
+    showNameField: true,
+    showEmailField: true,
+    showPasswordField: true,
+    showProfilePicture: true,
+};
+// section: user_management
+export const DEFAULT_USER_MANAGEMENT = {
+    enableUserManagement: true,
+    enableRoleManagement: true,
+    enablePermissionManagement: true,
+};
+// section: auth_utility
+export const DEFAULT_AUTH_UTILITY = {
+    sessionCookieName: "hazo_session",
+    sessionDuration: 86400, // 24 hours in seconds
+    requireEmailVerification: true,
+};
+// section: ui_shell
+export const DEFAULT_UI_SHELL = {
+    layout_mode: "standalone",
+    image_src: "/globe.svg",
+    image_width: 400,
+    image_height: 400,
+    show_visual_panel: true,
+};
+// section: profile_pic_menu
+export const DEFAULT_PROFILE_PIC_MENU = {
+    show_single_button: false,
+    sign_up_label: "Sign Up",
+    sign_in_label: "Sign In",
+    register_path: "/hazo_auth/register",
+    login_path: "/hazo_auth/login",
+    settings_path: "/hazo_auth/my_settings",
+    logout_path: "/api/hazo_auth/logout",
+};
+// section: api_paths
+export const DEFAULT_API_PATHS = {
+    apiBasePath: "/api/hazo_auth",
+};
+// section: combined_defaults
+/**
+ * All default configuration values combined in one object
+ * This makes it easy to see all defaults at a glance and export them as needed
+ */
+export const HAZO_AUTH_DEFAULTS = {
+    passwordRequirements: DEFAULT_PASSWORD_REQUIREMENTS,
+    userFields: DEFAULT_USER_FIELDS,
+    profilePicture: DEFAULT_PROFILE_PICTURE,
+    uiSizes: DEFAULT_UI_SIZES,
+    fileTypes: DEFAULT_FILE_TYPES,
+    messages: DEFAULT_MESSAGES,
+    alreadyLoggedIn: DEFAULT_ALREADY_LOGGED_IN,
+    login: DEFAULT_LOGIN,
+    register: DEFAULT_REGISTER,
+    forgotPassword: DEFAULT_FORGOT_PASSWORD,
+    resetPassword: DEFAULT_RESET_PASSWORD,
+    emailVerification: DEFAULT_EMAIL_VERIFICATION,
+    mySettings: DEFAULT_MY_SETTINGS,
+    userManagement: DEFAULT_USER_MANAGEMENT,
+    authUtility: DEFAULT_AUTH_UTILITY,
+    uiShell: DEFAULT_UI_SHELL,
+    profilePicMenu: DEFAULT_PROFILE_PIC_MENU,
+    apiPaths: DEFAULT_API_PATHS,
+};

package/dist/lib/email_verification_config.server.d.ts

@@ -1,9 +1,13 @@
+import type { StaticImageData } from "next/image";
 export type EmailVerificationConfig = {
     alreadyLoggedInMessage: string;
     showLogoutButton: boolean;
     showReturnHomeButton: boolean;
     returnHomeButtonLabel: string;
     returnHomePath: string;
+    imageSrc: string | StaticImageData;
+    imageAlt: string;
+    imageBackgroundColor: string;
 };
 /**
  * Reads email verification layout configuration from hazo_auth_config.ini file

package/dist/lib/email_verification_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"email_verification_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/email_verification_config.server.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,uBAAuB,GAAG;IACpC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,6BAA6B,IAAI,uBAAuB,CAWvE"}
+{"version":3,"file":"email_verification_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/email_verification_config.server.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG;IACpC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,GAAG,eAAe,CAAC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,6BAA6B,IAAI,uBAAuB,CAmCvE"}

package/dist/lib/email_verification_config.server.js

@@ -1,6 +1,8 @@
 // file_description: server-only helper to read email verification layout configuration from hazo_auth_config.ini
 // section: imports
 import { get_already_logged_in_config } from "./already_logged_in_config.server";
+import { get_config_value } from "./config/config_loader.server";
+import verifyEmailDefaultImage from "../assets/images/verify_email_default.jpg";
 // section: helpers
 /**
  * Reads email verification layout configuration from hazo_auth_config.ini file
@@ -8,13 +10,23 @@ import { get_already_logged_in_config } from "./already_logged_in_config.server"
  * @returns Email verification configuration options
  */
 export function get_email_verification_config() {
+    const section = "hazo_auth__email_verification_layout";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
+    // Read image configuration
+    // If not set in config, falls back to default image from assets
+    const imageSrc = get_config_value(section, "image_src", "" // Empty string means not set in config
+    ) || verifyEmailDefaultImage;
+    const imageAlt = get_config_value(section, "image_alt", "Email verification illustration");
+    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         alreadyLoggedInMessage: alreadyLoggedInConfig.message,
         showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
         showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
         returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
     };
 }

package/dist/lib/forgot_password_config.server.d.ts

@@ -1,9 +1,13 @@
+import type { StaticImageData } from "next/image";
 export type ForgotPasswordConfig = {
     alreadyLoggedInMessage: string;
     showLogoutButton: boolean;
     showReturnHomeButton: boolean;
     returnHomeButtonLabel: string;
     returnHomePath: string;
+    imageSrc: string | StaticImageData;
+    imageAlt: string;
+    imageBackgroundColor: string;
 };
 /**
  * Reads forgot password layout configuration from hazo_auth_config.ini file

package/dist/lib/forgot_password_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/forgot_password_config.server.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CAWjE"}
+{"version":3,"file":"forgot_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/forgot_password_config.server.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,GAAG,eAAe,CAAC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CAmCjE"}

package/dist/lib/forgot_password_config.server.js

@@ -1,6 +1,8 @@
 // file_description: server-only helper to read forgot password layout configuration from hazo_auth_config.ini
 // section: imports
 import { get_already_logged_in_config } from "./already_logged_in_config.server";
+import { get_config_value } from "./config/config_loader.server";
+import forgotPasswordDefaultImage from "../assets/images/forgot_password_default.jpg";
 // section: helpers
 /**
  * Reads forgot password layout configuration from hazo_auth_config.ini file
@@ -8,13 +10,23 @@ import { get_already_logged_in_config } from "./already_logged_in_config.server"
  * @returns Forgot password configuration options
  */
 export function get_forgot_password_config() {
+    const section = "hazo_auth__forgot_password_layout";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
+    // Read image configuration
+    // If not set in config, falls back to default image from assets
+    const imageSrc = get_config_value(section, "image_src", "" // Empty string means not set in config
+    ) || forgotPasswordDefaultImage;
+    const imageAlt = get_config_value(section, "image_alt", "Password recovery illustration");
+    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         alreadyLoggedInMessage: alreadyLoggedInConfig.message,
         showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
         showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
         returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
     };
 }

package/dist/lib/login_config.server.d.ts

@@ -1,3 +1,4 @@
+import type { StaticImageData } from "next/image";
 export type LoginConfig = {
     redirectRoute?: string;
     successMessage: string;
@@ -10,6 +11,9 @@ export type LoginConfig = {
     forgotPasswordLabel: string;
     createAccountPath: string;
     createAccountLabel: string;
+    imageSrc: string | StaticImageData;
+    imageAlt: string;
+    imageBackgroundColor: string;
 };
 /**
  * Reads login layout configuration from hazo_auth_config.ini file

package/dist/lib/login_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAMA,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CA2C9C"}
+{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,MAAM,GAAG,eAAe,CAAC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAiE9C"}

package/dist/lib/login_config.server.js

@@ -2,6 +2,7 @@
 // section: imports
 import { get_config_value } from "./config/config_loader.server";
 import { get_already_logged_in_config } from "./already_logged_in_config.server";
+import loginDefaultImage from "../assets/images/login_default.jpg";
 // section: helpers
 /**
  * Reads login layout configuration from hazo_auth_config.ini file
@@ -21,6 +22,12 @@ export function get_login_config() {
     const createAccountLabel = get_config_value(section, "create_account_label", "Create account");
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
+    // Read image configuration
+    // If not set in config, falls back to default image from assets
+    const imageSrc = get_config_value(section, "image_src", "" // Empty string means not set in config
+    ) || loginDefaultImage;
+    const imageAlt = get_config_value(section, "image_alt", "Secure login illustration");
+    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         redirectRoute,
         successMessage,
@@ -33,5 +40,8 @@ export function get_login_config() {
         forgotPasswordLabel,
         createAccountPath,
         createAccountLabel,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
     };
 }

package/dist/lib/password_requirements_config.server.d.ts

@@ -7,7 +7,7 @@ export type PasswordRequirementsConfig = {
 };
 /**
  * Reads shared password requirements configuration from hazo_auth_config.ini file
- * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * Falls back to centralized defaults if hazo_auth_config.ini is not found or section is missing
  * This configuration is used by both register and reset password layouts
  * @returns Password requirements configuration options
  */

package/dist/lib/password_requirements_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"password_requirements_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/password_requirements_config.server.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,0BAA0B,GAAG;IACvC,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAGF;;;;;GAKG;AACH,wBAAgB,gCAAgC,IAAI,0BAA0B,CAiB7E"}
+{"version":3,"file":"password_requirements_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/password_requirements_config.server.ts"],"names":[],"mappings":"AAMA,MAAM,MAAM,0BAA0B,GAAG;IACvC,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAGF;;;;;GAKG;AACH,wBAAgB,gCAAgC,IAAI,0BAA0B,CAiB7E"}