hazo_auth 4.1.0 → 4.3.0

package/dist/lib/services/oauth_service.js

@@ -0,0 +1,376 @@
+import { createCrudService } from "hazo_connect/server";
+import { randomUUID } from "crypto";
+import { create_app_logger } from "../app_logger";
+import { sanitize_error_for_user } from "../utils/error_sanitizer";
+import { get_line_number } from "../utils/api_route_helpers";
+import { get_oauth_config } from "../oauth_config.server";
+// section: helpers
+/**
+ * Handles Google OAuth login/registration flow
+ * 1. Check if user exists with google_id -> login
+ * 2. Check if user exists with email -> link Google account
+ * 3. Create new user with Google data
+ *
+ * @param adapter - The hazo_connect adapter instance
+ * @param data - Google OAuth user data
+ * @returns OAuth login result with user_id and status flags
+ */
+export async function handle_google_oauth_login(adapter, data) {
+    const logger = create_app_logger();
+    try {
+        const { google_id, email, name, profile_picture_url, email_verified } = data;
+        const oauth_config = get_oauth_config();
+        const users_service = createCrudService(adapter, "hazo_users");
+        const now = new Date().toISOString();
+        // Step 1: Check if user exists with this google_id
+        const users_by_google_id = await users_service.findBy({ google_id });
+        if (Array.isArray(users_by_google_id) && users_by_google_id.length > 0) {
+            const user = users_by_google_id[0];
+            // Update last_logon timestamp
+            await users_service.updateById(user.id, {
+                last_logon: now,
+                changed_at: now,
+            });
+            logger.info("oauth_service_google_login_existing_google_user", {
+                filename: "oauth_service.ts",
+                line_number: get_line_number(),
+                user_id: user.id,
+                email: user.email_address,
+            });
+            return {
+                success: true,
+                user_id: user.id,
+                is_new_user: false,
+                was_linked: false,
+                email: user.email_address,
+                name: user.name,
+            };
+        }
+        // Step 2: Check if user exists with this email
+        const users_by_email = await users_service.findBy({ email_address: email });
+        if (Array.isArray(users_by_email) && users_by_email.length > 0) {
+            const user = users_by_email[0];
+            const user_email_verified = user.email_verified;
+            // Check if auto-linking is enabled for unverified accounts
+            if (!user_email_verified && !oauth_config.auto_link_unverified_accounts) {
+                return {
+                    success: false,
+                    error: "An account with this email exists but is not verified. Please verify your email first.",
+                };
+            }
+            // Link Google account to existing user
+            const current_auth_providers = user.auth_providers || "email";
+            const new_auth_providers = current_auth_providers.includes("google")
+                ? current_auth_providers
+                : `${current_auth_providers},google`;
+            const update_data = {
+                google_id,
+                auth_providers: new_auth_providers,
+                last_logon: now,
+                changed_at: now,
+            };
+            // If user was unverified and Google verified the email, mark as verified
+            if (!user_email_verified && email_verified) {
+                update_data.email_verified = true;
+                logger.info("oauth_service_auto_verified_email", {
+                    filename: "oauth_service.ts",
+                    line_number: get_line_number(),
+                    user_id: user.id,
+                    email,
+                });
+            }
+            // Update name if not set and Google provides one
+            if (!user.name && name) {
+                update_data.name = name;
+            }
+            // Update profile picture if not set and Google provides one
+            if (!user.profile_picture_url && profile_picture_url) {
+                update_data.profile_picture_url = profile_picture_url;
+                update_data.profile_source = "custom"; // Use 'custom' for external URLs (Google profile pics)
+            }
+            await users_service.updateById(user.id, update_data);
+            logger.info("oauth_service_google_linked_to_existing", {
+                filename: "oauth_service.ts",
+                line_number: get_line_number(),
+                user_id: user.id,
+                email,
+                was_unverified: !user_email_verified,
+            });
+            return {
+                success: true,
+                user_id: user.id,
+                is_new_user: false,
+                was_linked: true,
+                email: user.email_address,
+                name: update_data.name || user.name,
+            };
+        }
+        // Step 3: Create new user with Google data
+        const user_id = randomUUID();
+        const insert_data = {
+            id: user_id,
+            email_address: email,
+            password_hash: "", // Empty string for Google-only users
+            email_verified: email_verified, // Trust Google's verification
+            is_active: true,
+            login_attempts: 0,
+            google_id,
+            auth_providers: "google",
+            created_at: now,
+            changed_at: now,
+            last_logon: now,
+        };
+        if (name) {
+            insert_data.name = name;
+        }
+        if (profile_picture_url) {
+            insert_data.profile_picture_url = profile_picture_url;
+            insert_data.profile_source = "custom"; // Use 'custom' for external URLs (Google profile pics)
+        }
+        const inserted_users = await users_service.insert(insert_data);
+        if (!Array.isArray(inserted_users) || inserted_users.length === 0) {
+            return {
+                success: false,
+                error: "Failed to create user account",
+            };
+        }
+        logger.info("oauth_service_google_new_user_created", {
+            filename: "oauth_service.ts",
+            line_number: get_line_number(),
+            user_id,
+            email,
+        });
+        return {
+            success: true,
+            user_id,
+            is_new_user: true,
+            was_linked: false,
+            email,
+            name,
+        };
+    }
+    catch (error) {
+        const user_friendly_error = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "oauth_service.ts",
+                line_number: get_line_number(),
+                email: data.email,
+                operation: "handle_google_oauth_login",
+            },
+        });
+        return {
+            success: false,
+            error: user_friendly_error,
+        };
+    }
+}
+/**
+ * Links a Google account to an existing user
+ * @param adapter - The hazo_connect adapter instance
+ * @param user_id - The user's ID
+ * @param google_id - Google's unique user ID
+ * @returns Result indicating success or failure
+ */
+export async function link_google_account(adapter, user_id, google_id) {
+    const logger = create_app_logger();
+    try {
+        const users_service = createCrudService(adapter, "hazo_users");
+        const now = new Date().toISOString();
+        // Get current user
+        const users = await users_service.findBy({ id: user_id });
+        if (!Array.isArray(users) || users.length === 0) {
+            return {
+                success: false,
+                error: "User not found",
+            };
+        }
+        const user = users[0];
+        // Check if Google is already linked
+        if (user.google_id) {
+            return {
+                success: false,
+                error: "Google account is already linked",
+            };
+        }
+        // Update auth_providers
+        const current_auth_providers = user.auth_providers || "email";
+        const new_auth_providers = current_auth_providers.includes("google")
+            ? current_auth_providers
+            : `${current_auth_providers},google`;
+        await users_service.updateById(user_id, {
+            google_id,
+            auth_providers: new_auth_providers,
+            changed_at: now,
+        });
+        logger.info("oauth_service_google_account_linked", {
+            filename: "oauth_service.ts",
+            line_number: get_line_number(),
+            user_id,
+        });
+        return { success: true };
+    }
+    catch (error) {
+        const user_friendly_error = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "oauth_service.ts",
+                line_number: get_line_number(),
+                user_id,
+                operation: "link_google_account",
+            },
+        });
+        return {
+            success: false,
+            error: user_friendly_error,
+        };
+    }
+}
+/**
+ * Checks if a user has a password set (non-empty password_hash)
+ * @param adapter - The hazo_connect adapter instance
+ * @param user_id - The user's ID
+ * @returns True if user has a password set
+ */
+export async function user_has_password(adapter, user_id) {
+    try {
+        const users_service = createCrudService(adapter, "hazo_users");
+        const users = await users_service.findBy({ id: user_id });
+        if (!Array.isArray(users) || users.length === 0) {
+            return false;
+        }
+        const password_hash = users[0].password_hash;
+        return password_hash !== null && password_hash !== undefined && password_hash !== "";
+    }
+    catch (_a) {
+        return false;
+    }
+}
+/**
+ * Checks if a user has a password set by email
+ * @param adapter - The hazo_connect adapter instance
+ * @param email - The user's email address
+ * @returns True if user has a password set
+ */
+export async function user_has_password_by_email(adapter, email) {
+    try {
+        const users_service = createCrudService(adapter, "hazo_users");
+        const users = await users_service.findBy({ email_address: email });
+        if (!Array.isArray(users) || users.length === 0) {
+            return false;
+        }
+        const password_hash = users[0].password_hash;
+        return password_hash !== null && password_hash !== undefined && password_hash !== "";
+    }
+    catch (_a) {
+        return false;
+    }
+}
+/**
+ * Gets a user's authentication providers and password status
+ * @param adapter - The hazo_connect adapter instance
+ * @param user_id - The user's ID
+ * @returns Auth providers array and has_password flag
+ */
+export async function get_user_auth_providers(adapter, user_id) {
+    try {
+        const users_service = createCrudService(adapter, "hazo_users");
+        const users = await users_service.findBy({ id: user_id });
+        if (!Array.isArray(users) || users.length === 0) {
+            return {
+                success: false,
+                error: "User not found",
+            };
+        }
+        const user = users[0];
+        const auth_providers_str = user.auth_providers || "email";
+        const auth_providers = auth_providers_str.split(",").map((p) => p.trim());
+        const password_hash = user.password_hash;
+        const has_password = password_hash !== null && password_hash !== undefined && password_hash !== "";
+        return {
+            success: true,
+            auth_providers,
+            has_password,
+        };
+    }
+    catch (error) {
+        const logger = create_app_logger();
+        const user_friendly_error = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "oauth_service.ts",
+                line_number: get_line_number(),
+                user_id,
+                operation: "get_user_auth_providers",
+            },
+        });
+        return {
+            success: false,
+            error: user_friendly_error,
+        };
+    }
+}
+/**
+ * Sets a password for a user who doesn't have one (e.g., Google-only users)
+ * @param adapter - The hazo_connect adapter instance
+ * @param user_id - The user's ID
+ * @param password_hash - The hashed password to set
+ * @returns Result indicating success or failure
+ */
+export async function set_user_password(adapter, user_id, password_hash) {
+    const logger = create_app_logger();
+    try {
+        const users_service = createCrudService(adapter, "hazo_users");
+        const now = new Date().toISOString();
+        // Get current user
+        const users = await users_service.findBy({ id: user_id });
+        if (!Array.isArray(users) || users.length === 0) {
+            return {
+                success: false,
+                error: "User not found",
+            };
+        }
+        const user = users[0];
+        // Update password and auth_providers
+        const current_auth_providers = user.auth_providers || "";
+        const new_auth_providers = current_auth_providers.includes("email")
+            ? current_auth_providers
+            : current_auth_providers
+                ? `${current_auth_providers},email`
+                : "email";
+        await users_service.updateById(user_id, {
+            password_hash,
+            auth_providers: new_auth_providers,
+            changed_at: now,
+        });
+        logger.info("oauth_service_password_set", {
+            filename: "oauth_service.ts",
+            line_number: get_line_number(),
+            user_id,
+        });
+        return { success: true };
+    }
+    catch (error) {
+        const user_friendly_error = sanitize_error_for_user(error, {
+            logToConsole: true,
+            logToLogger: true,
+            logger,
+            context: {
+                filename: "oauth_service.ts",
+                line_number: get_line_number(),
+                user_id,
+                operation: "set_user_password",
+            },
+        });
+        return {
+            success: false,
+            error: user_friendly_error,
+        };
+    }
+}

package/dist/lib/services/password_reset_service.d.ts

@@ -5,6 +5,8 @@ export type PasswordResetRequestData = {
 export type PasswordResetRequestResult = {
     success: boolean;
     error?: string;
+    /** True if the user doesn't have a password set (Google-only user) */
+    no_password_set?: boolean;
 };
 export type PasswordResetData = {
     token: string;

package/dist/lib/services/password_reset_service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"password_reset_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/password_reset_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAQvD,MAAM,MAAM,wBAAwB,GAAG;IACrC,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,gCAAgC,GAAG;IAC7C,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,kCAAkC,GAAG;IAC/C,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,wBAAwB,GAC7B,OAAO,CAAC,0BAA0B,CAAC,CAqErC;AAED;;;;;;GAMG;AACH,wBAAsB,6BAA6B,CACjD,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,gCAAgC,GACrC,OAAO,CAAC,kCAAkC,CAAC,CAgG7C;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC,mBAAmB,CAAC,CAiK9B"}
+{"version":3,"file":"password_reset_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/password_reset_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAQvD,MAAM,MAAM,wBAAwB,GAAG;IACrC,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sEAAsE;IACtE,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,gCAAgC,GAAG;IAC7C,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,kCAAkC,GAAG;IAC/C,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,wBAAwB,GAC7B,OAAO,CAAC,0BAA0B,CAAC,CAgFrC;AAED;;;;;;GAMG;AACH,wBAAsB,6BAA6B,CACjD,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,gCAAgC,GACrC,OAAO,CAAC,kCAAkC,CAAC,CAgG7C;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC,mBAAmB,CAAC,CAiK9B"}

package/dist/lib/services/password_reset_service.js

@@ -29,6 +29,16 @@ export async function request_password_reset(adapter, data) {
         }
         const user = users[0];
         const user_id = user.id;
+        // Check if user has a password set (Google-only users don't have a password)
+        const password_hash = user.password_hash;
+        if (!password_hash || password_hash === "") {
+            // User doesn't have a password - they need to set one via My Settings after logging in with Google
+            // Return success to prevent email enumeration, but include flag for UI handling
+            return {
+                success: true,
+                no_password_set: true,
+            };
+        }
         // Create password reset token using shared token service
         const token_result = await create_token({
             adapter,

package/dist/lib/services/registration_service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"registration_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/registration_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAcvD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,gBAAgB,GACrB,OAAO,CAAC,kBAAkB,CAAC,CA+I7B"}
+{"version":3,"file":"registration_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/registration_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAcvD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,gBAAgB,GACrB,OAAO,CAAC,kBAAkB,CAAC,CAgJ7B"}

package/dist/lib/services/registration_service.js

@@ -44,6 +44,7 @@ export async function register_user(adapter, data) {
             email_verified: false,
             is_active: true,
             login_attempts: 0,
+            auth_providers: "email", // Track that this user registered with email/password
             created_at: now,
             changed_at: now,
         };

package/dist/lib/utils/password_validator.d.ts

@@ -0,0 +1,19 @@
+export type PasswordRequirementOptions = {
+    minimum_length: number;
+    require_uppercase: boolean;
+    require_lowercase: boolean;
+    require_number: boolean;
+    require_special: boolean;
+};
+export type PasswordValidationResult = {
+    valid: boolean;
+    errors: string[];
+};
+/**
+ * Validates a password against specified requirements (server-side version)
+ * @param password - The password to validate
+ * @param requirements - Password requirement options
+ * @returns Validation result with valid flag and error messages
+ */
+export declare function validate_password(password: string, requirements: PasswordRequirementOptions): PasswordValidationResult;
+//# sourceMappingURL=password_validator.d.ts.map

package/dist/lib/utils/password_validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password_validator.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/password_validator.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,0BAA0B,GAAG;IACvC,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB,CAAC;AAGF;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,0BAA0B,GACvC,wBAAwB,CAuC1B"}

package/dist/lib/utils/password_validator.js

@@ -0,0 +1,36 @@
+// section: helpers
+/**
+ * Validates a password against specified requirements (server-side version)
+ * @param password - The password to validate
+ * @param requirements - Password requirement options
+ * @returns Validation result with valid flag and error messages
+ */
+export function validate_password(password, requirements) {
+    const errors = [];
+    if (!password || password.trim().length === 0) {
+        return {
+            valid: false,
+            errors: ["Password is required"],
+        };
+    }
+    if (password.length < requirements.minimum_length) {
+        errors.push(`Password must be at least ${requirements.minimum_length} characters`);
+    }
+    if (requirements.require_uppercase && !/[A-Z]/.test(password)) {
+        errors.push("Password must include at least one uppercase letter");
+    }
+    if (requirements.require_lowercase && !/[a-z]/.test(password)) {
+        errors.push("Password must include at least one lowercase letter");
+    }
+    if (requirements.require_number && !/\d/.test(password)) {
+        errors.push("Password must include at least one number");
+    }
+    if (requirements.require_special &&
+        !/[!@#$%^&*(),.?":{}|<>\-_+=\[\];'/\\]/.test(password)) {
+        errors.push("Password must include at least one special character");
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+    };
+}

package/dist/server_pages/login.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/server_pages/login.tsx"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,cAAc,GAAG;IAC3B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,EAChC,SAAS,EACT,SAAS,EACT,sBAAsB,GACvB,GAAE,cAAmB,2CA4BrB;AAGD,OAAO,EAAE,SAAS,EAAE,CAAC"}
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/server_pages/login.tsx"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,cAAc,GAAG;IAC3B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,EAChC,SAAS,EACT,SAAS,EACT,sBAAsB,GACvB,GAAE,cAAmB,2CAkCrB;AAGD,OAAO,EAAE,SAAS,EAAE,CAAC"}

package/dist/server_pages/login.js

@@ -35,7 +35,12 @@ export default function LoginPage({ image_src, image_alt, image_background_color
     const finalImageAlt = image_alt || config.imageAlt;
     const finalImageBackgroundColor = image_background_color || config.imageBackgroundColor;
     // Pass serializable config to client wrapper
-    return (_jsx(LoginClientWrapper, { image_src: finalImageSrc, image_alt: finalImageAlt, image_background_color: finalImageBackgroundColor, redirectRoute: config.redirectRoute, successMessage: config.successMessage, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, forgotPasswordPath: config.forgotPasswordPath, forgotPasswordLabel: config.forgotPasswordLabel, createAccountPath: config.createAccountPath, createAccountLabel: config.createAccountLabel }));
+    return (_jsx(LoginClientWrapper, { image_src: finalImageSrc, image_alt: finalImageAlt, image_background_color: finalImageBackgroundColor, redirectRoute: config.redirectRoute, successMessage: config.successMessage, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, forgotPasswordPath: config.forgotPasswordPath, forgotPasswordLabel: config.forgotPasswordLabel, createAccountPath: config.createAccountPath, createAccountLabel: config.createAccountLabel, oauth: {
+            enable_google: config.oauth.enable_google,
+            enable_email_password: config.oauth.enable_email_password,
+            google_button_text: config.oauth.google_button_text,
+            oauth_divider_text: config.oauth.oauth_divider_text,
+        } }));
 }
 // Named export for direct imports
 export { LoginPage };

package/dist/server_pages/login_client_wrapper.d.ts

@@ -1,13 +1,16 @@
 import type { LoginConfig } from "../lib/login_config.server";
+import type { OAuthLayoutConfig } from "../components/layouts/login";
 import type { StaticImageData } from "next/image";
-export type LoginClientWrapperProps = Omit<LoginConfig, 'imageSrc' | 'imageAlt' | 'imageBackgroundColor'> & {
+export type LoginClientWrapperProps = Omit<LoginConfig, 'imageSrc' | 'imageAlt' | 'imageBackgroundColor' | 'oauth'> & {
     image_src: string | StaticImageData;
     image_alt: string;
     image_background_color: string;
+    /** OAuth configuration */
+    oauth?: OAuthLayoutConfig;
 };
 /**
  * Client wrapper for LoginLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export declare function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, }: LoginClientWrapperProps): import("react/jsx-runtime").JSX.Element;
+export declare function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, oauth, }: LoginClientWrapperProps): import("react/jsx-runtime").JSX.Element;
 //# sourceMappingURL=login_client_wrapper.d.ts.map

package/dist/server_pages/login_client_wrapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/login_client_wrapper.tsx"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAG9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,CAAC,GAAG;IAC1G,SAAS,EAAE,MAAM,GAAG,eAAe,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB,EAAE,MAAM,CAAC;CAChC,CAAC;AAGF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EACjC,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,aAAa,EACb,cAAc,EACd,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,GACnB,EAAE,uBAAuB,2CA0CzB"}
+{"version":3,"file":"login_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/login_client_wrapper.tsx"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAGrE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,GAAG,OAAO,CAAC,GAAG;IACpH,SAAS,EAAE,MAAM,GAAG,eAAe,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,0BAA0B;IAC1B,KAAK,CAAC,EAAE,iBAAiB,CAAC;CAC3B,CAAC;AAGF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EACjC,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,aAAa,EACb,cAAc,EACd,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,KAAK,GACN,EAAE,uBAAuB,2CA2CzB"}

package/dist/server_pages/login_client_wrapper.js

@@ -12,7 +12,7 @@ import { create_app_logger } from "../lib/app_logger";
  * Client wrapper for LoginLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, }) {
+export function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, oauth, }) {
     const [dataClient, setDataClient] = useState(null);
     useEffect(() => {
         // Initialize hazo_connect on client side
@@ -25,5 +25,5 @@ export function LoginClientWrapper({ image_src, image_alt, image_background_colo
         return (_jsx("div", { className: "cls_login_page_loading flex items-center justify-center min-h-screen", children: _jsx("div", { className: "text-slate-600 animate-pulse", children: "Loading..." }) }));
     }
     const logger = create_app_logger();
-    return (_jsx(LoginLayout, { image_src: image_src, image_alt: image_alt, image_background_color: image_background_color, data_client: dataClient, logger: logger, redirectRoute: redirectRoute, successMessage: successMessage, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, forgot_password_path: forgotPasswordPath, forgot_password_label: forgotPasswordLabel, create_account_path: createAccountPath, create_account_label: createAccountLabel }));
+    return (_jsx(LoginLayout, { image_src: image_src, image_alt: image_alt, image_background_color: image_background_color, data_client: dataClient, logger: logger, redirectRoute: redirectRoute, successMessage: successMessage, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, forgot_password_path: forgotPasswordPath, forgot_password_label: forgotPasswordLabel, create_account_path: createAccountPath, create_account_label: createAccountLabel, oauth: oauth }));
 }

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "hazo_auth",
-  "version": "4.1.0",
+  "version": "4.3.0",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "type": "module",
   "bin": {
-    "hazo_auth": "./dist/cli/index.js"
+    "hazo_auth": "./bin/hazo_auth.mjs"
   },
   "exports": {
     ".": {
@@ -119,6 +119,8 @@
   },
   "files": [
     "dist/**/*",
+    "bin/**/*",
+    "cli-src/**/*",
     "public/profile_pictures/library/**/*",
     "hazo_auth_config.example.ini",
     "hazo_notify_config.example.ini",
@@ -183,12 +185,14 @@
     "morgan": "^1.10.1",
     "multer": "^2.0.2",
     "next": "^16.0.7",
+    "next-auth": "^4.24.13",
     "next-themes": "^0.4.6",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "sonner": "^2.0.7",
     "tailwind-merge": "^3.4.0",
     "tailwindcss-animate": "^1.0.7",
+    "tsx": "^4.20.6",
     "zod": "^4.1.12"
   },
   "devDependencies": {