hazo_auth 10.0.0 → 10.2.0

package/cli-src/lib/services/google_token_service.ts

@@ -0,0 +1,408 @@
+// file_description: stores, retrieves, refreshes, and revokes Google OAuth tokens with encrypted persistence
+// section: imports
+import { createCrudService } from "hazo_connect/server";
+import { get_hazo_connect_instance } from "../hazo_connect_instance.server.js";
+import { create_app_logger } from "../app_logger.js";
+import { optional_import } from "hazo_core";
+import { randomUUID } from "crypto";
+
+// section: errors
+
+export class GoogleTokenStorageUnconfigured extends Error {
+  constructor() {
+    super(
+      "Google token storage is not configured. Set HAZO_AUTH_OAUTH_KEY_CURRENT and HAZO_AUTH_OAUTH_KEY_<ID> env vars."
+    );
+    this.name = "GoogleTokenStorageUnconfigured";
+  }
+}
+
+// section: types
+
+export type StoreGoogleOAuthTokenParams = {
+  user_id: string;
+  refresh_token: string;
+  access_token?: string;
+  scopes: string; // space-delimited
+  expires_at?: string; // ISO string for access token expiry
+};
+
+export type GoogleTokenResult =
+  | { ok: true; access_token: string; scopes: string }
+  | { ok: false; error: "not_connected" | "reconsent_required" | "refresh_failed" | "unconfigured" };
+
+export type GoogleTokenStatus = {
+  connected: boolean;
+  scopes: string;
+  expires_at: string | null;
+};
+
+// section: internal-types
+
+type GoogleOAuthRow = {
+  id: string;
+  user_id: string;
+  provider: string;
+  refresh_token_enc: string;
+  access_token_enc: string | null;
+  scopes: string;
+  expires_at: string | null;
+  created_at: string;
+  changed_at: string;
+};
+
+// section: cache
+
+const access_token_cache = new Map<string, { token: string; expires_at: string }>();
+
+// section: helpers
+
+function makeKeyProvider(
+  LookupKeyProvider: new (lookup: (name: string) => string | undefined) => unknown
+) {
+  return new LookupKeyProvider((name: string) => {
+    if (name === "current") return process.env.HAZO_AUTH_OAUTH_KEY_CURRENT;
+    if (name.startsWith("key_")) {
+      const keyId = name.slice(4).toUpperCase();
+      return process.env[`HAZO_AUTH_OAUTH_KEY_${keyId}`];
+    }
+    return undefined;
+  });
+}
+
+async function load_crypto_module() {
+  const cryptoModule = await optional_import<typeof import("hazo_secure/crypto")>(
+    "hazo_secure/crypto"
+  );
+  if (!cryptoModule) throw new GoogleTokenStorageUnconfigured();
+  return cryptoModule;
+}
+
+// section: store
+
+/**
+ * Stores (inserts or updates) Google OAuth tokens for a user, encrypting sensitive fields.
+ * Throws GoogleTokenStorageUnconfigured if hazo_secure/crypto is unavailable or keys are missing.
+ */
+export async function store_google_oauth_token(
+  params: StoreGoogleOAuthTokenParams
+): Promise<void> {
+  const logger = create_app_logger();
+
+  const { encryptField, decryptField: _decryptField, aadFor, LookupKeyProvider } = await load_crypto_module();
+
+  const keys = makeKeyProvider(LookupKeyProvider as new (lookup: (name: string) => string | undefined) => unknown) as Parameters<typeof encryptField>[1]["keys"];
+
+  // Force-fail early if no key is configured
+  try {
+    await (keys as unknown as { current(): Promise<unknown> }).current();
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    logger.error("google_token_service_key_provider_failed", {
+      filename: "google_token_service.ts",
+      error: msg,
+    });
+    throw new GoogleTokenStorageUnconfigured();
+  }
+
+  const refresh_enc = await encryptField(params.refresh_token, {
+    keys,
+    aad: aadFor("hazo_google_oauth_tokens", params.user_id, "refresh_token"),
+  });
+  const refresh_token_enc = JSON.stringify(refresh_enc);
+
+  let access_token_enc: string | null = null;
+  if (params.access_token) {
+    const access_enc = await encryptField(params.access_token, {
+      keys,
+      aad: aadFor("hazo_google_oauth_tokens", params.user_id, "access_token"),
+    });
+    access_token_enc = JSON.stringify(access_enc);
+  }
+
+  const adapter = get_hazo_connect_instance();
+  const service = createCrudService(adapter, "hazo_google_oauth_tokens");
+
+  const existing_rows = (await service.findBy({
+    user_id: params.user_id,
+    provider: "google",
+  })) as GoogleOAuthRow[];
+
+  const now = new Date().toISOString();
+
+  if (existing_rows.length > 0) {
+    const existing = existing_rows[0];
+    await service.updateById(existing.id, {
+      refresh_token_enc,
+      access_token_enc,
+      scopes: params.scopes,
+      expires_at: params.expires_at ?? null,
+      changed_at: now,
+    });
+    logger.info("google_token_service_token_updated", {
+      filename: "google_token_service.ts",
+      user_id: params.user_id,
+    });
+  } else {
+    await service.insert({
+      id: randomUUID(),
+      user_id: params.user_id,
+      provider: "google",
+      refresh_token_enc,
+      access_token_enc,
+      scopes: params.scopes,
+      expires_at: params.expires_at ?? null,
+      created_at: now,
+      changed_at: now,
+    });
+    logger.info("google_token_service_token_stored", {
+      filename: "google_token_service.ts",
+      user_id: params.user_id,
+    });
+  }
+}
+
+// section: get
+
+/**
+ * Returns a valid access token for the user, refreshing via Google if needed.
+ * Returns a typed error result instead of throwing for expected failure modes.
+ */
+export async function getGoogleToken(
+  userId: string,
+  opts?: { scopes?: string[] }
+): Promise<GoogleTokenResult> {
+  const logger = create_app_logger();
+
+  // Check in-memory cache first
+  const cached = access_token_cache.get(userId);
+  if (cached) {
+    const still_valid = new Date(cached.expires_at).getTime() - 60000 > Date.now();
+    if (still_valid) {
+      logger.info("google_token_service_cache_hit", {
+        filename: "google_token_service.ts",
+        user_id: userId,
+      });
+      // We need scopes from DB even on cache hit when scope check is requested
+      if (!opts?.scopes?.length) {
+        // No scope check needed — return cached token (scopes unknown from cache alone)
+        // Fall through to DB to get scopes for the result shape
+      }
+    }
+  }
+
+  const adapter = get_hazo_connect_instance();
+  const service = createCrudService(adapter, "hazo_google_oauth_tokens");
+
+  const rows = (await service.findBy({ user_id: userId, provider: "google" })) as GoogleOAuthRow[];
+  if (rows.length === 0) {
+    return { ok: false, error: "not_connected" };
+  }
+
+  const row = rows[0];
+
+  // Scope check
+  if (opts?.scopes?.length) {
+    const stored_scopes = row.scopes.split(" ").filter(Boolean);
+    const missing = opts.scopes.some((s) => !stored_scopes.includes(s));
+    if (missing) {
+      return { ok: false, error: "reconsent_required" };
+    }
+  }
+
+  // Return cached token now that we have the row (scope check passed)
+  if (cached) {
+    const still_valid = new Date(cached.expires_at).getTime() - 60000 > Date.now();
+    if (still_valid) {
+      return { ok: true, access_token: cached.token, scopes: row.scopes };
+    }
+  }
+
+  // Need to refresh — load crypto
+  let cryptoModule: Awaited<ReturnType<typeof load_crypto_module>>;
+  try {
+    cryptoModule = await load_crypto_module();
+  } catch {
+    return { ok: false, error: "unconfigured" };
+  }
+
+  const { decryptField, aadFor, LookupKeyProvider } = cryptoModule;
+  const keys = makeKeyProvider(LookupKeyProvider as new (lookup: (name: string) => string | undefined) => unknown) as Parameters<typeof cryptoModule.encryptField>[1]["keys"];
+
+  let decrypted_refresh: string;
+  try {
+    decrypted_refresh = await decryptField(JSON.parse(row.refresh_token_enc), {
+      keys,
+      aad: aadFor("hazo_google_oauth_tokens", userId, "refresh_token"),
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    logger.error("google_token_service_decrypt_failed", {
+      filename: "google_token_service.ts",
+      user_id: userId,
+      error: msg,
+    });
+    return { ok: false, error: "refresh_failed" };
+  }
+
+  // Call Google token refresh endpoint
+  let resp: Response;
+  try {
+    resp = await fetch("https://oauth2.googleapis.com/token", {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "refresh_token",
+        refresh_token: decrypted_refresh,
+        client_id: process.env.HAZO_AUTH_GOOGLE_CLIENT_ID!,
+        client_secret: process.env.HAZO_AUTH_GOOGLE_CLIENT_SECRET!,
+      }),
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    logger.error("google_token_service_refresh_fetch_failed", {
+      filename: "google_token_service.ts",
+      user_id: userId,
+      error: msg,
+    });
+    return { ok: false, error: "refresh_failed" };
+  }
+
+  if (!resp.ok) {
+    logger.warn("google_token_service_refresh_rejected", {
+      filename: "google_token_service.ts",
+      user_id: userId,
+      status: resp.status,
+    });
+    return { ok: false, error: "refresh_failed" };
+  }
+
+  const data = await resp.json() as { access_token: string; expires_in: number };
+
+  // Persist new access token (encrypted)
+  const new_expires_at = new Date(Date.now() + data.expires_in * 1000).toISOString();
+  try {
+    const { encryptField } = cryptoModule;
+    const access_enc = await encryptField(data.access_token, {
+      keys,
+      aad: aadFor("hazo_google_oauth_tokens", userId, "access_token"),
+    });
+    const access_token_enc = JSON.stringify(access_enc);
+    await service.updateById(row.id, {
+      access_token_enc,
+      expires_at: new_expires_at,
+      changed_at: new Date().toISOString(),
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    logger.warn("google_token_service_persist_access_token_failed", {
+      filename: "google_token_service.ts",
+      user_id: userId,
+      error: msg,
+      note: "Access token refreshed successfully but could not be persisted",
+    });
+  }
+
+  // Update in-memory cache
+  access_token_cache.set(userId, { token: data.access_token, expires_at: new_expires_at });
+
+  logger.info("google_token_service_token_refreshed", {
+    filename: "google_token_service.ts",
+    user_id: userId,
+  });
+
+  return { ok: true, access_token: data.access_token, scopes: row.scopes };
+}
+
+// section: revoke
+
+/**
+ * Revokes the user's Google OAuth tokens — best-effort remote revocation, then deletes DB row.
+ */
+export async function revoke_google_oauth_token(
+  userId: string
+): Promise<{ ok: boolean; error?: string }> {
+  const logger = create_app_logger();
+
+  const adapter = get_hazo_connect_instance();
+  const service = createCrudService(adapter, "hazo_google_oauth_tokens");
+
+  const rows = (await service.findBy({ user_id: userId, provider: "google" })) as GoogleOAuthRow[];
+  if (rows.length === 0) {
+    return { ok: false, error: "not_connected" };
+  }
+
+  const row = rows[0];
+
+  // Attempt remote revocation — best effort
+  try {
+    const { decryptField, aadFor, LookupKeyProvider } = await load_crypto_module();
+    const keys = makeKeyProvider(LookupKeyProvider as new (lookup: (name: string) => string | undefined) => unknown) as Parameters<typeof decryptField>[1]["keys"];
+
+    const decrypted_refresh = await decryptField(JSON.parse(row.refresh_token_enc), {
+      keys,
+      aad: aadFor("hazo_google_oauth_tokens", userId, "refresh_token"),
+    });
+
+    const revoke_resp = await fetch(
+      `https://oauth2.googleapis.com/revoke?token=${encodeURIComponent(decrypted_refresh)}`,
+      { method: "POST" }
+    );
+
+    if (!revoke_resp.ok) {
+      logger.warn("google_token_service_revoke_remote_failed", {
+        filename: "google_token_service.ts",
+        user_id: userId,
+        status: revoke_resp.status,
+        note: "Google revocation returned non-OK status; proceeding to delete local record",
+      });
+    } else {
+      logger.info("google_token_service_revoke_remote_ok", {
+        filename: "google_token_service.ts",
+        user_id: userId,
+      });
+    }
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    logger.warn("google_token_service_revoke_remote_error", {
+      filename: "google_token_service.ts",
+      user_id: userId,
+      error: msg,
+      note: "Remote revocation failed; proceeding to delete local record",
+    });
+  }
+
+  // Always delete the local row
+  await service.deleteById(row.id);
+  access_token_cache.delete(userId);
+
+  logger.info("google_token_service_revoked", {
+    filename: "google_token_service.ts",
+    user_id: userId,
+  });
+
+  return { ok: true };
+}
+
+// section: status
+
+/**
+ * Returns connection status and scope information for a user's Google OAuth connection.
+ * Does not decrypt or refresh tokens.
+ */
+export async function get_google_token_status(userId: string): Promise<GoogleTokenStatus> {
+  const adapter = get_hazo_connect_instance();
+  const service = createCrudService(adapter, "hazo_google_oauth_tokens");
+
+  const rows = (await service.findBy({ user_id: userId, provider: "google" })) as GoogleOAuthRow[];
+  if (rows.length === 0) {
+    return { connected: false, scopes: "", expires_at: null };
+  }
+
+  const row = rows[0];
+  return {
+    connected: true,
+    scopes: row.scopes,
+    expires_at: row.expires_at ?? null,
+  };
+}

package/cli-src/lib/services/index.ts

@@ -20,5 +20,5 @@ export * from "./scope_service.js";
 export * from "./user_scope_service.js";
 export * from "./oauth_service.js";
 export * from "./branding_service.js";
-
+export * from "./google_token_service.js";
 

package/dist/client.d.ts

@@ -9,4 +9,5 @@ export { use_firm_branding, use_current_user_branding } from "./components/layou
 export type { FirmBranding, UseFirmBrandingOptions, UseFirmBrandingResult } from "./components/layouts/shared/hooks/use_firm_branding";
 export { HAZO_AUTH_PERMISSIONS, ALL_ADMIN_PERMISSIONS, GLOBAL_ADMIN_PERMISSION } from "./lib/constants.js";
 export * from "./components/layouts/shared/utils/validation.js";
+export { requestGoogleScopes } from "./lib/auth/request_google_scopes.js";
 //# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAYA,cAAc,oBAAoB,CAAC;AAInC,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AAInI,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAIpD,cAAc,uBAAuB,CAAC;AAItC,OAAO,EAAE,eAAe,EAAE,2BAA2B,EAAE,MAAM,mDAAmD,CAAC;AACjH,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,MAAM,iDAAiD,CAAC;AAC3G,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,iDAAiD,CAAC;AAC7G,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,qDAAqD,CAAC;AACnH,YAAY,EAAE,YAAY,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,qDAAqD,CAAC;AAGvI,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAIxG,cAAc,8CAA8C,CAAC"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAYA,cAAc,oBAAoB,CAAC;AAInC,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AAInI,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAIpD,cAAc,uBAAuB,CAAC;AAItC,OAAO,EAAE,eAAe,EAAE,2BAA2B,EAAE,MAAM,mDAAmD,CAAC;AACjH,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,MAAM,iDAAiD,CAAC;AAC3G,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,iDAAiD,CAAC;AAC7G,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,qDAAqD,CAAC;AACnH,YAAY,EAAE,YAAY,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,qDAAqD,CAAC;AAGvI,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAIxG,cAAc,8CAA8C,CAAC;AAG7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC"}

package/dist/client.js

@@ -29,3 +29,5 @@ export { HAZO_AUTH_PERMISSIONS, ALL_ADMIN_PERMISSIONS, GLOBAL_ADMIN_PERMISSION }
 // section: validation_exports
 // Client-side validation utilities
 export * from "./components/layouts/shared/utils/validation.js";
+// section: google_oauth_exports
+export { requestGoogleScopes } from "./lib/auth/request_google_scopes.js";

package/dist/components/layouts/google_token_test/index.d.ts

@@ -0,0 +1,6 @@
+type GoogleTokenTestLayoutProps = {
+    className?: string;
+};
+export declare function GoogleTokenTestLayout({ className }: GoogleTokenTestLayoutProps): import("react/jsx-runtime").JSX.Element;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/components/layouts/google_token_test/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/components/layouts/google_token_test/index.tsx"],"names":[],"mappings":"AAeA,KAAK,0BAA0B,GAAG;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wBAAgB,qBAAqB,CAAC,EAAE,SAAS,EAAE,EAAE,0BAA0B,2CAsL9E"}

package/dist/components/layouts/google_token_test/index.js

@@ -0,0 +1,74 @@
+// file_description: Test layout for Google OAuth token functionality
+"use client";
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { useState, useEffect } from "react";
+import { Button } from "../../ui/button.js";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "../../ui/card.js";
+import { cn } from "../../../lib/utils.js";
+import { requestGoogleScopes } from "../../../lib/auth/request_google_scopes.js";
+export function GoogleTokenTestLayout({ className }) {
+    const [loading, setLoading] = useState(false);
+    const [error, setError] = useState(null);
+    const [success, setSuccess] = useState(null);
+    const [authenticated, setAuthenticated] = useState(null);
+    const [tokenStatus, setTokenStatus] = useState(null);
+    useEffect(() => {
+        loadStatus();
+    }, []);
+    const loadStatus = async () => {
+        setLoading(true);
+        setError(null);
+        try {
+            const response = await fetch("/api/hazo_auth/google/token");
+            const body = await response.json();
+            if (response.status === 401) {
+                setAuthenticated(false);
+                return;
+            }
+            setAuthenticated(true);
+            if (body.ok) {
+                setTokenStatus(body.data);
+            }
+            else {
+                setError(body.error || "Failed to load token status");
+            }
+        }
+        catch (err) {
+            setError("Failed to load token status");
+        }
+        finally {
+            setLoading(false);
+        }
+    };
+    const handleConnect = () => {
+        requestGoogleScopes(["https://www.googleapis.com/auth/analytics.readonly"]);
+    };
+    const handleRevoke = async () => {
+        setLoading(true);
+        setError(null);
+        setSuccess(null);
+        try {
+            const response = await fetch("/api/hazo_auth/google/token", {
+                method: "DELETE",
+            });
+            const body = await response.json();
+            if (body.ok) {
+                setSuccess("Google token revoked successfully!");
+                await loadStatus();
+            }
+            else {
+                setError(body.error || "Failed to revoke token");
+            }
+        }
+        catch (err) {
+            setError("Failed to revoke token");
+        }
+        finally {
+            setLoading(false);
+        }
+    };
+    if (authenticated === false) {
+        return (_jsx("div", { className: cn("w-full max-w-2xl mx-auto p-6", className), children: _jsx("div", { className: "p-4 border rounded-md bg-muted", children: "Please log in to test the Google OAuth token functionality." }) }));
+    }
+    return (_jsxs("div", { className: cn("w-full max-w-2xl mx-auto p-6 space-y-6", className), children: [_jsxs(Card, { children: [_jsxs(CardHeader, { children: [_jsx(CardTitle, { children: "Google OAuth Token Status" }), _jsx(CardDescription, { children: "Test Google OAuth token storage, status retrieval, and revocation." })] }), _jsxs(CardContent, { className: "space-y-4", children: [error && (_jsx("div", { className: "p-4 border border-red-500 rounded-md bg-red-50 text-red-700", children: error })), success && (_jsx("div", { className: "p-4 border border-green-500 rounded-md bg-green-50 text-green-700", children: success })), _jsxs("div", { className: "pt-2", children: [_jsx("h4", { className: "text-sm font-medium mb-3", children: "Current Token Status:" }), tokenStatus === null ? (_jsx("p", { className: "text-sm text-muted-foreground", children: "Loading..." })) : (_jsxs("div", { className: "space-y-3", children: [_jsxs("div", { className: "flex items-center gap-2", children: [_jsx("span", { className: "text-sm font-medium", children: "Connected:" }), tokenStatus.connected ? (_jsx("span", { className: "inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-green-100 text-green-800", children: "Connected" })) : (_jsx("span", { className: "inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-gray-100 text-gray-600", children: "Not Connected" }))] }), tokenStatus.connected && tokenStatus.scopes.length > 0 && (_jsxs("div", { children: [_jsx("span", { className: "text-sm font-medium", children: "Granted Scopes:" }), _jsx("ul", { className: "mt-1 ml-4 list-disc space-y-1", children: tokenStatus.scopes.map((scope) => (_jsx("li", { className: "text-sm text-muted-foreground font-mono", children: scope }, scope))) })] })), tokenStatus.connected && tokenStatus.expires_at && (_jsxs("div", { className: "flex items-center gap-2", children: [_jsx("span", { className: "text-sm font-medium", children: "Expires:" }), _jsx("span", { className: "text-sm text-muted-foreground", children: new Date(tokenStatus.expires_at).toLocaleString() })] }))] }))] }), _jsxs("div", { className: "flex flex-wrap gap-2 pt-2", children: [_jsx(Button, { onClick: handleConnect, disabled: loading, children: "Connect Google Account" }), _jsx(Button, { onClick: handleRevoke, variant: "destructive", disabled: loading || !(tokenStatus === null || tokenStatus === void 0 ? void 0 : tokenStatus.connected), children: "Revoke Google Token" }), _jsx(Button, { onClick: loadStatus, variant: "outline", disabled: loading, children: "Refresh Status" })] }), _jsx("p", { className: "text-xs text-muted-foreground", children: "Note: triggers a real Google consent redirect. Requires HAZO_AUTH_GOOGLE_CLIENT_ID / SECRET and HAZO_AUTH_OAUTH_KEY_CURRENT to be configured." })] })] }), _jsxs(Card, { children: [_jsx(CardHeader, { children: _jsx(CardTitle, { children: "API Reference" }) }), _jsxs(CardContent, { className: "space-y-3 text-sm", children: [_jsxs("div", { children: [_jsx("code", { className: "bg-muted px-2 py-1 rounded", children: "GET /api/hazo_auth/google/token" }), _jsx("p", { className: "text-muted-foreground mt-1", children: "Returns current Google OAuth token status" })] }), _jsxs("div", { children: [_jsx("code", { className: "bg-muted px-2 py-1 rounded", children: "DELETE /api/hazo_auth/google/token" }), _jsx("p", { className: "text-muted-foreground mt-1", children: "Revokes stored Google OAuth token (does not sign out)" })] })] })] })] }));
+}

package/dist/components/layouts/shared/components/sidebar_layout_wrapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sidebar_layout_wrapper.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/shared/components/sidebar_layout_wrapper.tsx"],"names":[],"mappings":"AAwBA,KAAK,yBAAyB,GAAG;IAC/B,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;CAC3B,CAAC;AAGF,wBAAgB,oBAAoB,CAAC,EAAE,QAAQ,EAAE,EAAE,yBAAyB,2CA+Q3E"}
+{"version":3,"file":"sidebar_layout_wrapper.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/shared/components/sidebar_layout_wrapper.tsx"],"names":[],"mappings":"AAwBA,KAAK,yBAAyB,GAAG;IAC/B,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;CAC3B,CAAC;AAGF,wBAAgB,oBAAoB,CAAC,EAAE,QAAQ,EAAE,EAAE,yBAAyB,2CA2R3E"}

package/dist/components/layouts/shared/components/sidebar_layout_wrapper.js

@@ -5,11 +5,11 @@ import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
 // section: imports
 import Link from "next/link";
 import { Sidebar, SidebarContent, SidebarGroup, SidebarGroupLabel, SidebarHeader, SidebarMenu, SidebarMenuButton, SidebarMenuItem, SidebarProvider, SidebarTrigger, SidebarInset, } from "../../../ui/sidebar.js";
-import { LogIn, UserPlus, BookOpen, ExternalLink, Database, KeyRound, MailCheck, Key, User, ShieldCheck, CircleUserRound, FileJson, Building2, Palette, Settings2, Play } from "lucide-react";
+import { LogIn, UserPlus, BookOpen, ExternalLink, Database, KeyRound, MailCheck, Key, User, ShieldCheck, CircleUserRound, FileJson, Building2, Palette, Settings2, Globe, Play } from "lucide-react";
 import { use_auth_status } from "../hooks/use_auth_status.js";
 import { ProfilePicMenu } from "./profile_pic_menu.js";
 // section: component
 export function SidebarLayoutWrapper({ children }) {
     const authStatus = use_auth_status();
-    return (_jsx(SidebarProvider, { children: _jsxs("div", { className: "cls_sidebar_layout_wrapper flex min-h-screen w-full", children: [_jsxs(Sidebar, { children: [_jsx(SidebarHeader, { className: "cls_sidebar_layout_header", children: _jsx("div", { className: "cls_sidebar_layout_title flex items-center gap-2 px-2 py-4", children: _jsx("h1", { className: "cls_sidebar_layout_title_text text-lg font-semibold text-sidebar-foreground", children: "hazo auth" }) }) }), _jsxs(SidebarContent, { className: "cls_sidebar_layout_content", children: [_jsxs(SidebarGroup, { className: "cls_sidebar_layout_test_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Test components" }), _jsxs(SidebarMenu, { className: "cls_sidebar_layout_test_menu", children: [_jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_login_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/login", className: "cls_sidebar_layout_test_login_link flex items-center gap-2", "aria-label": "Test login layout component", children: [_jsx(LogIn, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test login" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_register_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/register", className: "cls_sidebar_layout_test_register_link flex items-center gap-2", "aria-label": "Test register layout component", children: [_jsx(UserPlus, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test register" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_forgot_password_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/forgot_password", className: "cls_sidebar_layout_test_forgot_password_link flex items-center gap-2", "aria-label": "Test forgot password layout component", children: [_jsx(KeyRound, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test forgot password" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_reset_password_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/reset_password", className: "cls_sidebar_layout_test_reset_password_link flex items-center gap-2", "aria-label": "Test reset password layout component", children: [_jsx(Key, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test reset password" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_email_verification_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/verify_email", className: "cls_sidebar_layout_test_email_verification_link flex items-center gap-2", "aria-label": "Test email verification layout component", children: [_jsx(MailCheck, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test email verification" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_sqlite_admin_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_connect/sqlite_admin", className: "cls_sidebar_layout_sqlite_admin_link flex items-center gap-2", "aria-label": "Open SQLite admin UI to browse and edit database", children: [_jsx(Database, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "SQLite Admin" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_user_management_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/user_management", className: "cls_sidebar_layout_user_management_link flex items-center gap-2", "aria-label": "Open User Management to manage users, roles, and permissions", children: [_jsx(User, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "User Management" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_rbac_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/rbac_test", className: "cls_sidebar_layout_rbac_test_link flex items-center gap-2", "aria-label": "Test RBAC and HRBAC access control", children: [_jsx(ShieldCheck, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "RBAC/HRBAC Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_profile_stamp_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/profile_stamp_test", className: "cls_sidebar_layout_profile_stamp_test_link flex items-center gap-2", "aria-label": "Test ProfileStamp component", children: [_jsx(CircleUserRound, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "ProfileStamp Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_app_user_data_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/app_user_data_test", className: "cls_sidebar_layout_app_user_data_test_link flex items-center gap-2", "aria-label": "Test app_user_data JSON storage", children: [_jsx(FileJson, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "App User Data Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_create_firm_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/create_firm", className: "cls_sidebar_layout_create_firm_link flex items-center gap-2", "aria-label": "Test create firm flow", children: [_jsx(Building2, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Create Firm" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_edit_firm_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/edit_firm", className: "cls_sidebar_layout_edit_firm_link flex items-center gap-2", "aria-label": "Test branding editor for firm", children: [_jsx(Palette, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Edit Firm" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_relationships_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/relationships", className: "cls_sidebar_layout_relationships_link flex items-center gap-2", "aria-label": "Test relationship accounts", children: [_jsx(User, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Relationships" })] }) }) })] })] }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_testing_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Testing" }), _jsx(SidebarMenu, { className: "cls_sidebar_layout_testing_menu", children: _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_scenarios_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/test_scenarios", className: "cls_sidebar_layout_test_scenarios_link flex items-center gap-2", "aria-label": "Test scenarios", children: [_jsx(Settings2, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test Scenarios" })] }) }) }) })] }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_auto_test_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Auto Tests" }), _jsx(SidebarMenu, { className: "cls_sidebar_layout_auto_test_menu", children: _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_auto_test_runner_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/auto_test", className: "cls_sidebar_layout_auto_test_runner_link flex items-center gap-2", "aria-label": "Run automated tests", children: [_jsx(Play, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Auto Test Runner" })] }) }) }) })] }), _jsx(ProfilePicMenu, { variant: "sidebar", avatar_size: "sm", className: "cls_sidebar_layout_profile_menu", sidebar_group_label: "Account" }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_resources_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Resources" }), _jsxs(SidebarMenu, { className: "cls_sidebar_layout_resources_menu", children: [_jsx(SidebarMenuItem, { className: "cls_sidebar_layout_storybook_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs("a", { href: "http://localhost:6006", target: "_blank", rel: "noopener noreferrer", className: "cls_sidebar_layout_storybook_link flex items-center gap-2", "aria-label": "Open Storybook preview for reusable components", children: [_jsx(BookOpen, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Storybook" }), _jsx(ExternalLink, { className: "ml-auto h-3 w-3", "aria-hidden": "true" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_docs_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs("a", { href: "https://ui.shadcn.com/docs", target: "_blank", rel: "noopener noreferrer", className: "cls_sidebar_layout_docs_link flex items-center gap-2", "aria-label": "Review shadcn documentation for styling guidance", children: [_jsx(BookOpen, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Shadcn docs" }), _jsx(ExternalLink, { className: "ml-auto h-3 w-3", "aria-hidden": "true" })] }) }) })] })] })] })] }), _jsxs(SidebarInset, { className: "cls_sidebar_layout_inset", children: [_jsxs("header", { className: "cls_sidebar_layout_main_header flex h-16 shrink-0 items-center gap-2 border-b px-4", children: [_jsx(SidebarTrigger, { className: "cls_sidebar_layout_trigger" }), _jsx("div", { className: "cls_sidebar_layout_main_header_content flex flex-1 items-center gap-2", children: _jsx("h2", { className: "cls_sidebar_layout_main_title text-lg font-semibold text-foreground", children: "hazo reusable ui library workspace" }) }), _jsx(ProfilePicMenu, { className: "cls_sidebar_layout_auth_status", avatar_size: "sm" })] }), _jsx("main", { className: "cls_sidebar_layout_main_content flex flex-1 items-center justify-center p-6", children: children })] })] }) }));
+    return (_jsx(SidebarProvider, { children: _jsxs("div", { className: "cls_sidebar_layout_wrapper flex min-h-screen w-full", children: [_jsxs(Sidebar, { children: [_jsx(SidebarHeader, { className: "cls_sidebar_layout_header", children: _jsx("div", { className: "cls_sidebar_layout_title flex items-center gap-2 px-2 py-4", children: _jsx("h1", { className: "cls_sidebar_layout_title_text text-lg font-semibold text-sidebar-foreground", children: "hazo auth" }) }) }), _jsxs(SidebarContent, { className: "cls_sidebar_layout_content", children: [_jsxs(SidebarGroup, { className: "cls_sidebar_layout_test_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Test components" }), _jsxs(SidebarMenu, { className: "cls_sidebar_layout_test_menu", children: [_jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_login_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/login", className: "cls_sidebar_layout_test_login_link flex items-center gap-2", "aria-label": "Test login layout component", children: [_jsx(LogIn, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test login" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_register_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/register", className: "cls_sidebar_layout_test_register_link flex items-center gap-2", "aria-label": "Test register layout component", children: [_jsx(UserPlus, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test register" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_forgot_password_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/forgot_password", className: "cls_sidebar_layout_test_forgot_password_link flex items-center gap-2", "aria-label": "Test forgot password layout component", children: [_jsx(KeyRound, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test forgot password" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_reset_password_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/reset_password", className: "cls_sidebar_layout_test_reset_password_link flex items-center gap-2", "aria-label": "Test reset password layout component", children: [_jsx(Key, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test reset password" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_email_verification_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/verify_email", className: "cls_sidebar_layout_test_email_verification_link flex items-center gap-2", "aria-label": "Test email verification layout component", children: [_jsx(MailCheck, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test email verification" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_sqlite_admin_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_connect/sqlite_admin", className: "cls_sidebar_layout_sqlite_admin_link flex items-center gap-2", "aria-label": "Open SQLite admin UI to browse and edit database", children: [_jsx(Database, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "SQLite Admin" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_user_management_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/user_management", className: "cls_sidebar_layout_user_management_link flex items-center gap-2", "aria-label": "Open User Management to manage users, roles, and permissions", children: [_jsx(User, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "User Management" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_rbac_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/rbac_test", className: "cls_sidebar_layout_rbac_test_link flex items-center gap-2", "aria-label": "Test RBAC and HRBAC access control", children: [_jsx(ShieldCheck, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "RBAC/HRBAC Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_profile_stamp_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/profile_stamp_test", className: "cls_sidebar_layout_profile_stamp_test_link flex items-center gap-2", "aria-label": "Test ProfileStamp component", children: [_jsx(CircleUserRound, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "ProfileStamp Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_app_user_data_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/app_user_data_test", className: "cls_sidebar_layout_app_user_data_test_link flex items-center gap-2", "aria-label": "Test app_user_data JSON storage", children: [_jsx(FileJson, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "App User Data Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_google_token_test_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/google_token_test", className: "cls_sidebar_layout_google_token_test_link flex items-center gap-2", "aria-label": "Test Google OAuth token storage and revocation", children: [_jsx(Globe, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Google Token Test" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_create_firm_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/create_firm", className: "cls_sidebar_layout_create_firm_link flex items-center gap-2", "aria-label": "Test create firm flow", children: [_jsx(Building2, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Create Firm" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_edit_firm_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/edit_firm", className: "cls_sidebar_layout_edit_firm_link flex items-center gap-2", "aria-label": "Test branding editor for firm", children: [_jsx(Palette, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Edit Firm" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_relationships_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/relationships", className: "cls_sidebar_layout_relationships_link flex items-center gap-2", "aria-label": "Test relationship accounts", children: [_jsx(User, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Relationships" })] }) }) })] })] }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_testing_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Testing" }), _jsx(SidebarMenu, { className: "cls_sidebar_layout_testing_menu", children: _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_test_scenarios_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/test_scenarios", className: "cls_sidebar_layout_test_scenarios_link flex items-center gap-2", "aria-label": "Test scenarios", children: [_jsx(Settings2, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Test Scenarios" })] }) }) }) })] }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_auto_test_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Auto Tests" }), _jsx(SidebarMenu, { className: "cls_sidebar_layout_auto_test_menu", children: _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_auto_test_runner_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs(Link, { href: "/hazo_auth/autotest", className: "cls_sidebar_layout_auto_test_runner_link flex items-center gap-2", "aria-label": "Run browser autotests", children: [_jsx(Play, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Browser Autotest" })] }) }) }) })] }), _jsx(ProfilePicMenu, { variant: "sidebar", avatar_size: "sm", className: "cls_sidebar_layout_profile_menu", sidebar_group_label: "Account" }), _jsxs(SidebarGroup, { className: "cls_sidebar_layout_resources_group", children: [_jsx(SidebarGroupLabel, { className: "cls_sidebar_layout_group_label", children: "Resources" }), _jsxs(SidebarMenu, { className: "cls_sidebar_layout_resources_menu", children: [_jsx(SidebarMenuItem, { className: "cls_sidebar_layout_storybook_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs("a", { href: "http://localhost:6006", target: "_blank", rel: "noopener noreferrer", className: "cls_sidebar_layout_storybook_link flex items-center gap-2", "aria-label": "Open Storybook preview for reusable components", children: [_jsx(BookOpen, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Storybook" }), _jsx(ExternalLink, { className: "ml-auto h-3 w-3", "aria-hidden": "true" })] }) }) }), _jsx(SidebarMenuItem, { className: "cls_sidebar_layout_docs_item", children: _jsx(SidebarMenuButton, { asChild: true, children: _jsxs("a", { href: "https://ui.shadcn.com/docs", target: "_blank", rel: "noopener noreferrer", className: "cls_sidebar_layout_docs_link flex items-center gap-2", "aria-label": "Review shadcn documentation for styling guidance", children: [_jsx(BookOpen, { className: "h-4 w-4", "aria-hidden": "true" }), _jsx("span", { children: "Shadcn docs" }), _jsx(ExternalLink, { className: "ml-auto h-3 w-3", "aria-hidden": "true" })] }) }) })] })] })] })] }), _jsxs(SidebarInset, { className: "cls_sidebar_layout_inset", children: [_jsxs("header", { className: "cls_sidebar_layout_main_header flex h-16 shrink-0 items-center gap-2 border-b px-4", children: [_jsx(SidebarTrigger, { className: "cls_sidebar_layout_trigger" }), _jsx("div", { className: "cls_sidebar_layout_main_header_content flex flex-1 items-center gap-2", children: _jsx("h2", { className: "cls_sidebar_layout_main_title text-lg font-semibold text-foreground", children: "hazo reusable ui library workspace" }) }), _jsx(ProfilePicMenu, { className: "cls_sidebar_layout_auth_status", avatar_size: "sm" })] }), _jsx("main", { className: "cls_sidebar_layout_main_content flex flex-1 items-center justify-center p-6", children: children })] })] }) }));
 }

package/dist/components/ui/button.d.ts

@@ -1,7 +1,7 @@
 import * as React from "react";
 import { type VariantProps } from "class-variance-authority";
 declare const buttonVariants: (props?: ({
-    variant?: "link" | "default" | "destructive" | "outline" | "secondary" | "ghost" | null | undefined;
+    variant?: "default" | "destructive" | "outline" | "secondary" | "ghost" | "link" | null | undefined;
     size?: "default" | "sm" | "lg" | "icon" | null | undefined;
 } & import("class-variance-authority/types").ClassProp) | undefined) => string;
 export interface ButtonProps extends React.ButtonHTMLAttributes<HTMLButtonElement>, VariantProps<typeof buttonVariants> {

package/dist/components/ui/input-otp.d.ts

@@ -1,5 +1,5 @@
 import * as React from "react";
-declare const InputOTP: React.ForwardRefExoticComponent<(Omit<Omit<React.InputHTMLAttributes<HTMLInputElement>, "onChange" | "value" | "maxLength" | "textAlign" | "onComplete" | "pushPasswordManagerStrategy" | "pasteTransformer" | "containerClassName" | "noScriptCSSFallback"> & {
+declare const InputOTP: React.ForwardRefExoticComponent<(Omit<Omit<React.InputHTMLAttributes<HTMLInputElement>, "value" | "onChange" | "maxLength" | "textAlign" | "onComplete" | "pushPasswordManagerStrategy" | "pasteTransformer" | "containerClassName" | "noScriptCSSFallback"> & {
     value?: string;
     onChange?: (newValue: string) => unknown;
     maxLength: number;
@@ -12,7 +12,7 @@ declare const InputOTP: React.ForwardRefExoticComponent<(Omit<Omit<React.InputHT
 } & {
     render: (props: import("input-otp").RenderProps) => React.ReactNode;
     children?: never;
-} & React.RefAttributes<HTMLInputElement>, "ref"> | Omit<Omit<React.InputHTMLAttributes<HTMLInputElement>, "onChange" | "value" | "maxLength" | "textAlign" | "onComplete" | "pushPasswordManagerStrategy" | "pasteTransformer" | "containerClassName" | "noScriptCSSFallback"> & {
+} & React.RefAttributes<HTMLInputElement>, "ref"> | Omit<Omit<React.InputHTMLAttributes<HTMLInputElement>, "value" | "onChange" | "maxLength" | "textAlign" | "onComplete" | "pushPasswordManagerStrategy" | "pasteTransformer" | "containerClassName" | "noScriptCSSFallback"> & {
     value?: string;
     onChange?: (newValue: string) => unknown;
     maxLength: number;

package/dist/index.d.ts

@@ -6,4 +6,5 @@ export { AuthenticationRequiredError, TenantRequiredError, TenantAccessDeniedErr
 export type { LegalDoc, LegalAcceptanceRecord, LegalAcceptanceMap } from './lib/legal/legal_docs_types';
 export { cn, merge_class_names } from "./lib/utils.js";
 export { HAZO_AUTH_PERMISSIONS, ALL_ADMIN_PERMISSIONS, GLOBAL_ADMIN_PERMISSION } from "./lib/constants.js";
+export { requestGoogleScopes } from "./lib/auth/request_google_scopes.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAQA,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC;AAG5C,cAAc,oBAAoB,CAAC;AAGnC,YAAY,EACV,YAAY,EACZ,cAAc,EACd,aAAa,EACb,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,uBAAuB,CAAC;AAG/B,YAAY,EAAE,QAAQ,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGxG,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGpD,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAQA,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC;AAG5C,cAAc,oBAAoB,CAAC;AAGnC,YAAY,EACV,YAAY,EACZ,cAAc,EACd,aAAa,EACb,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,uBAAuB,CAAC;AAG/B,YAAY,EAAE,QAAQ,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGxG,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGpD,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAGxG,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC"}

package/dist/index.js

@@ -14,3 +14,5 @@ export { AuthenticationRequiredError, TenantRequiredError, TenantAccessDeniedErr
 export { cn, merge_class_names } from "./lib/utils.js";
 // section: constant_exports
 export { HAZO_AUTH_PERMISSIONS, ALL_ADMIN_PERMISSIONS, GLOBAL_ADMIN_PERMISSION } from "./lib/constants.js";
+// section: google_oauth_exports
+export { requestGoogleScopes } from "./lib/auth/request_google_scopes.js";