hazo_auth 4.2.0 → 4.3.0

package/cli-src/lib/my_settings_config.server.ts

@@ -0,0 +1,135 @@
+// file_description: server-only helper to read my settings layout configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_value } from "./config/config_loader.server";
+import { get_user_fields_config } from "./user_fields_config.server";
+import { get_password_requirements_config } from "./password_requirements_config.server";
+import { get_profile_picture_config } from "./profile_picture_config.server";
+import { get_messages_config } from "./messages_config.server";
+import { get_ui_sizes_config } from "./ui_sizes_config.server";
+import { get_file_types_config } from "./file_types_config.server";
+
+// section: types
+export type MySettingsConfig = {
+  userFields: {
+    show_name_field: boolean;
+    show_email_field: boolean;
+    show_password_field: boolean;
+  };
+  passwordRequirements: {
+    minimum_length: number;
+    require_uppercase: boolean;
+    require_lowercase: boolean;
+    require_number: boolean;
+    require_special: boolean;
+  };
+  profilePicture: {
+    allow_photo_upload: boolean;
+    upload_photo_path?: string;
+    max_photo_size: number;
+    user_photo_default: boolean;
+    user_photo_default_priority1: "gravatar" | "library";
+    user_photo_default_priority2?: "library" | "gravatar";
+    library_photo_path: string;
+  };
+  heading?: string;
+  subHeading?: string;
+  profilePhotoLabel?: string;
+  profilePhotoRecommendation?: string;
+  uploadPhotoButtonLabel?: string;
+  removePhotoButtonLabel?: string;
+  profileInformationLabel?: string;
+  passwordLabel?: string;
+  currentPasswordLabel?: string;
+  newPasswordLabel?: string;
+  confirmPasswordLabel?: string;
+  savePasswordButtonLabel?: string;
+  unauthorizedMessage?: string;
+  loginButtonLabel?: string;
+  loginPath?: string;
+  messages: {
+    photo_upload_disabled_message: string;
+    gravatar_setup_message: string;
+    gravatar_no_account_message: string;
+    library_tooltip_message: string;
+  };
+  uiSizes: {
+    gravatar_size: number;
+    profile_picture_size: number;
+    tooltip_icon_size_default: number;
+    tooltip_icon_size_small: number;
+    library_photo_grid_columns: number;
+    library_photo_preview_size: number;
+    image_compression_max_dimension: number;
+    upload_file_hard_limit_bytes: number;
+  };
+  fileTypes: {
+    allowed_image_extensions: string[];
+    allowed_image_mime_types: string[];
+  };
+};
+
+// section: helpers
+/**
+ * Reads my settings layout configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns My settings configuration options
+ */
+export function get_my_settings_config(): MySettingsConfig {
+  const section = "hazo_auth__my_settings_layout";
+
+  // Get shared user fields config
+  const userFields = get_user_fields_config();
+
+  // Get shared password requirements
+  const passwordRequirements = get_password_requirements_config();
+
+  // Get profile picture configuration
+  const profilePicture = get_profile_picture_config();
+
+  // Get messages, UI sizes, and file types configuration
+  const messages = get_messages_config();
+  const uiSizes = get_ui_sizes_config();
+  const fileTypes = get_file_types_config();
+
+  // Read optional labels with defaults
+  const heading = get_config_value(section, "heading", "Account Settings");
+  const subHeading = get_config_value(section, "sub_heading", "Manage your profile, password, and email preferences.");
+  const profilePhotoLabel = get_config_value(section, "profile_photo_label", "Profile Photo");
+  const profilePhotoRecommendation = get_config_value(section, "profile_photo_recommendation", "Recommended size: 200x200px. JPG, PNG.");
+  const uploadPhotoButtonLabel = get_config_value(section, "upload_photo_button_label", "Upload New Photo");
+  const removePhotoButtonLabel = get_config_value(section, "remove_photo_button_label", "Remove");
+  const profileInformationLabel = get_config_value(section, "profile_information_label", "Profile Information");
+  const passwordLabel = get_config_value(section, "password_label", "Password");
+  const currentPasswordLabel = get_config_value(section, "current_password_label", "Current Password");
+  const newPasswordLabel = get_config_value(section, "new_password_label", "New Password");
+  const confirmPasswordLabel = get_config_value(section, "confirm_password_label", "Confirm Password");
+  const savePasswordButtonLabel = get_config_value(section, "save_password_button_label", "Save Password");
+  const unauthorizedMessage = get_config_value(section, "unauthorized_message", "You must be logged in to access this page.");
+  const loginButtonLabel = get_config_value(section, "login_button_label", "Go to login");
+  const loginPath = get_config_value(section, "login_path", "/hazo_auth/login");
+
+  return {
+    userFields,
+    passwordRequirements,
+    profilePicture,
+    heading,
+    subHeading,
+    profilePhotoLabel,
+    profilePhotoRecommendation,
+    uploadPhotoButtonLabel,
+    removePhotoButtonLabel,
+    profileInformationLabel,
+    passwordLabel,
+    currentPasswordLabel,
+    newPasswordLabel,
+    confirmPasswordLabel,
+    savePasswordButtonLabel,
+    unauthorizedMessage,
+    loginButtonLabel,
+    loginPath,
+    messages,
+    uiSizes,
+    fileTypes,
+  };
+}
+

package/cli-src/lib/oauth_config.server.ts

@@ -0,0 +1,87 @@
+// file_description: server-only helper to read OAuth configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_value, get_config_boolean } from "./config/config_loader.server";
+import { DEFAULT_OAUTH } from "./config/default_config";
+
+// section: types
+export type OAuthConfig = {
+  /** Enable Google OAuth login */
+  enable_google: boolean;
+  /** Enable traditional email/password login */
+  enable_email_password: boolean;
+  /** Auto-link Google login to existing unverified email/password accounts */
+  auto_link_unverified_accounts: boolean;
+  /** Text displayed on the Google sign-in button */
+  google_button_text: string;
+  /** Text displayed on the divider between OAuth and email/password form */
+  oauth_divider_text: string;
+};
+
+// section: constants
+const SECTION_NAME = "hazo_auth__oauth";
+
+// section: helpers
+/**
+ * Reads OAuth configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns OAuth configuration options
+ */
+export function get_oauth_config(): OAuthConfig {
+  const enable_google = get_config_boolean(
+    SECTION_NAME,
+    "enable_google",
+    DEFAULT_OAUTH.enable_google
+  );
+
+  const enable_email_password = get_config_boolean(
+    SECTION_NAME,
+    "enable_email_password",
+    DEFAULT_OAUTH.enable_email_password
+  );
+
+  const auto_link_unverified_accounts = get_config_boolean(
+    SECTION_NAME,
+    "auto_link_unverified_accounts",
+    DEFAULT_OAUTH.auto_link_unverified_accounts
+  );
+
+  const google_button_text = get_config_value(
+    SECTION_NAME,
+    "google_button_text",
+    DEFAULT_OAUTH.google_button_text
+  );
+
+  const oauth_divider_text = get_config_value(
+    SECTION_NAME,
+    "oauth_divider_text",
+    DEFAULT_OAUTH.oauth_divider_text
+  );
+
+  return {
+    enable_google,
+    enable_email_password,
+    auto_link_unverified_accounts,
+    google_button_text,
+    oauth_divider_text,
+  };
+}
+
+/**
+ * Helper to check if Google OAuth is enabled
+ * @returns true if Google OAuth is enabled in config
+ */
+export function is_google_oauth_enabled(): boolean {
+  return get_config_boolean(SECTION_NAME, "enable_google", DEFAULT_OAUTH.enable_google);
+}
+
+/**
+ * Helper to check if email/password login is enabled
+ * @returns true if email/password login is enabled in config
+ */
+export function is_email_password_enabled(): boolean {
+  return get_config_boolean(
+    SECTION_NAME,
+    "enable_email_password",
+    DEFAULT_OAUTH.enable_email_password
+  );
+}

package/cli-src/lib/password_requirements_config.server.ts

@@ -0,0 +1,40 @@
+// file_description: server-only helper to read shared password requirements configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_number, get_config_boolean } from "./config/config_loader.server";
+import { DEFAULT_PASSWORD_REQUIREMENTS } from "./config/default_config";
+
+// section: types
+export type PasswordRequirementsConfig = {
+  minimum_length: number;
+  require_uppercase: boolean;
+  require_lowercase: boolean;
+  require_number: boolean;
+  require_special: boolean;
+};
+
+// section: helpers
+/**
+ * Reads shared password requirements configuration from hazo_auth_config.ini file
+ * Falls back to centralized defaults if hazo_auth_config.ini is not found or section is missing
+ * This configuration is used by both register and reset password layouts
+ * @returns Password requirements configuration options
+ */
+export function get_password_requirements_config(): PasswordRequirementsConfig {
+  const section = "hazo_auth__password_requirements";
+
+  // Read password requirements with centralized defaults
+  const minimum_length = get_config_number(section, "minimum_length", DEFAULT_PASSWORD_REQUIREMENTS.minimum_length);
+  const require_uppercase = get_config_boolean(section, "require_uppercase", DEFAULT_PASSWORD_REQUIREMENTS.require_uppercase);
+  const require_lowercase = get_config_boolean(section, "require_lowercase", DEFAULT_PASSWORD_REQUIREMENTS.require_lowercase);
+  const require_number = get_config_boolean(section, "require_number", DEFAULT_PASSWORD_REQUIREMENTS.require_number);
+  const require_special = get_config_boolean(section, "require_special", DEFAULT_PASSWORD_REQUIREMENTS.require_special);
+
+  return {
+    minimum_length,
+    require_uppercase,
+    require_lowercase,
+    require_number,
+    require_special,
+  };
+}
+

package/cli-src/lib/profile_pic_menu_config.server.ts

@@ -0,0 +1,138 @@
+// file_description: server-only helper to read profile picture menu configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_value, get_config_boolean, get_config_array } from "./config/config_loader.server";
+
+// section: types
+// Note: These types are also used in client components, but TypeScript types are erased at runtime
+// so importing from a server file is safe for type-only imports
+export type MenuItemType = "info" | "link" | "separator";
+
+export type ProfilePicMenuMenuItem = {
+  type: MenuItemType;
+  label?: string; // For info and link types
+  value?: string; // For info type (e.g., user name, email)
+  href?: string; // For link type
+  order: number; // Ordering within type group
+  id: string; // Unique identifier for the item
+};
+
+export type ProfilePicMenuConfig = {
+  show_single_button: boolean;
+  sign_up_label: string;
+  sign_in_label: string;
+  register_path: string;
+  login_path: string;
+  settings_path: string;
+  logout_path: string;
+  custom_menu_items: ProfilePicMenuMenuItem[];
+};
+
+// section: helpers
+/**
+ * Parses custom menu items from config string
+ * Format: "type:label:order" or "type:label:href:order" for links
+ * Example: "link:My Custom Link:/custom:3"
+ * @param items_string - Comma-separated string of menu items
+ * @returns Array of parsed menu items
+ */
+function parse_custom_menu_items(items_string: string[]): ProfilePicMenuMenuItem[] {
+  const items: ProfilePicMenuMenuItem[] = [];
+  
+  items_string.forEach((item_string, index) => {
+    const parts = item_string.split(":").map((p) => p.trim());
+    
+    if (parts.length < 3) {
+      return; // Invalid format, skip
+    }
+    
+    const type = parts[0] as MenuItemType;
+    if (type !== "info" && type !== "link" && type !== "separator") {
+      return; // Invalid type, skip
+    }
+    
+    if (type === "separator") {
+      const order = parseInt(parts[1] || "1", 10);
+      items.push({
+        type: "separator",
+        order: isNaN(order) ? 1 : order,
+        id: `custom_separator_${index}`,
+      });
+      return;
+    }
+    
+    if (type === "info") {
+      const label = parts[1] || "";
+      const value = parts[2] || "";
+      const order = parseInt(parts[3] || "1", 10);
+      
+      if (!label || !value) {
+        return; // Invalid format, skip
+      }
+      
+      items.push({
+        type: "info",
+        label,
+        value,
+        order: isNaN(order) ? 1 : order,
+        id: `custom_info_${index}`,
+      });
+      return;
+    }
+    
+    if (type === "link") {
+      const label = parts[1] || "";
+      const href = parts[2] || "";
+      const order = parseInt(parts[3] || "1", 10);
+      
+      if (!label || !href) {
+        return; // Invalid format, skip
+      }
+      
+      items.push({
+        type: "link",
+        label,
+        href,
+        order: isNaN(order) ? 1 : order,
+        id: `custom_link_${index}`,
+      });
+    }
+  });
+  
+  return items;
+}
+
+/**
+ * Reads profile picture menu configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns Profile picture menu configuration options
+ */
+export function get_profile_pic_menu_config(): ProfilePicMenuConfig {
+  const section = "hazo_auth__profile_pic_menu";
+
+  // Read button configuration
+  const show_single_button = get_config_boolean(section, "show_single_button", false);
+  const sign_up_label = get_config_value(section, "sign_up_label", "Sign Up");
+  const sign_in_label = get_config_value(section, "sign_in_label", "Sign In");
+  const register_path = get_config_value(section, "register_path", "/hazo_auth/register");
+  const login_path = get_config_value(section, "login_path", "/hazo_auth/login");
+
+  // Read menu paths
+  const settings_path = get_config_value(section, "settings_path", "/hazo_auth/my_settings");
+  const logout_path = get_config_value(section, "logout_path", "/api/hazo_auth/logout");
+
+  // Read custom menu items
+  const custom_items_string = get_config_array(section, "custom_menu_items", []);
+  const custom_menu_items = parse_custom_menu_items(custom_items_string);
+
+  return {
+    show_single_button,
+    sign_up_label,
+    sign_in_label,
+    register_path,
+    login_path,
+    settings_path,
+    logout_path,
+    custom_menu_items,
+  };
+}
+

package/cli-src/lib/profile_picture_config.server.ts

@@ -0,0 +1,56 @@
+// file_description: server-only helper to read profile picture configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_boolean, get_config_value, get_config_number, read_config_section } from "./config/config_loader.server";
+import { create_app_logger } from "./app_logger";
+
+// section: types
+export type ProfilePictureConfig = {
+  allow_photo_upload: boolean;
+  upload_photo_path?: string;
+  max_photo_size: number; // in bytes
+  user_photo_default: boolean;
+  user_photo_default_priority1: "gravatar" | "library";
+  user_photo_default_priority2?: "library" | "gravatar";
+  library_photo_path: string; // relative to public directory
+};
+
+// section: helpers
+/**
+ * Reads profile picture configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns Profile picture configuration options
+ */
+export function get_profile_picture_config(): ProfilePictureConfig {
+  const logger = create_app_logger();
+  const section = "hazo_auth__profile_picture";
+
+  // Read configuration with defaults
+  const allow_photo_upload = get_config_boolean(section, "allow_photo_upload", false);
+  const upload_photo_path = get_config_value(section, "upload_photo_path", "");
+  const max_photo_size = get_config_number(section, "max_photo_size", 51200); // Default: 50kb
+  const user_photo_default = get_config_boolean(section, "user_photo_default", true);
+  const user_photo_default_priority1 = (get_config_value(section, "user_photo_default_priority1", "gravatar") as "gravatar" | "library");
+  const priority2_value = get_config_value(section, "user_photo_default_priority2", "");
+  const user_photo_default_priority2 = priority2_value ? (priority2_value as "library" | "gravatar") : undefined;
+  const library_photo_path = get_config_value(section, "library_photo_path", "/profile_pictures/library");
+
+  // Validate upload_photo_path if allow_photo_upload is true
+  if (allow_photo_upload && !upload_photo_path) {
+    logger.warn("profile_picture_config_validation_failed", {
+      filename: "profile_picture_config.server.ts",
+      line_number: 0,
+      message: "allow_photo_upload is true but upload_photo_path is not set",
+    });
+  }
+
+  return {
+    allow_photo_upload,
+    upload_photo_path: upload_photo_path || undefined,
+    max_photo_size,
+    user_photo_default,
+    user_photo_default_priority1,
+    user_photo_default_priority2,
+    library_photo_path,
+  };
+}
+

package/cli-src/lib/register_config.server.ts

@@ -0,0 +1,101 @@
+// file_description: server-only helper to read register layout configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_boolean, get_config_value, read_config_section } from "./config/config_loader.server";
+import { get_password_requirements_config } from "./password_requirements_config.server";
+import { get_already_logged_in_config } from "./already_logged_in_config.server";
+import { get_user_fields_config } from "./user_fields_config.server";
+import registerDefaultImage from "../assets/images/register_default.jpg";
+
+// section: types
+import type { StaticImageData } from "next/image";
+
+export type RegisterConfig = {
+  showNameField: boolean;
+  passwordRequirements: {
+    minimum_length: number;
+    require_uppercase: boolean;
+    require_lowercase: boolean;
+    require_number: boolean;
+    require_special: boolean;
+  };
+  alreadyLoggedInMessage: string;
+  showLogoutButton: boolean;
+  showReturnHomeButton: boolean;
+  returnHomeButtonLabel: string;
+  returnHomePath: string;
+  signInPath: string;
+  signInLabel: string;
+  imageSrc: string | StaticImageData;
+  imageAlt: string;
+  imageBackgroundColor: string;
+};
+
+// section: helpers
+/**
+ * Reads register layout configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns Register configuration options
+ */
+export function get_register_config(): RegisterConfig {
+  // Get shared user fields config (preferred) or fall back to register section for backwards compatibility
+  const userFieldsConfig = get_user_fields_config();
+  const register_section = read_config_section("hazo_auth__register_layout");
+  
+  // Use register section if explicitly set, otherwise use shared config
+  const showNameField = register_section?.show_name_field !== undefined
+    ? get_config_boolean("hazo_auth__register_layout", "show_name_field", true)
+    : userFieldsConfig.show_name_field;
+
+  // Get shared password requirements
+  const passwordRequirements = get_password_requirements_config();
+
+  // Get shared already logged in config
+  const alreadyLoggedInConfig = get_already_logged_in_config();
+
+  // Read sign in link configuration
+  const signInPath = get_config_value(
+    "hazo_auth__register_layout",
+    "sign_in_path",
+    "/hazo_auth/login"
+  );
+  const signInLabel = get_config_value(
+    "hazo_auth__register_layout",
+    "sign_in_label",
+    "Sign in"
+  );
+
+  // Read image configuration
+  // If not set in config, falls back to default image from assets
+  const imageSrc = get_config_value(
+    "hazo_auth__register_layout",
+    "image_src",
+    "" // Empty string means not set in config
+  ) || registerDefaultImage;
+
+  const imageAlt = get_config_value(
+    "hazo_auth__register_layout",
+    "image_alt",
+    "Modern building representing user registration"
+  );
+  const imageBackgroundColor = get_config_value(
+    "hazo_auth__register_layout",
+    "image_background_color",
+    "#e2e8f0"
+  );
+
+  return {
+    showNameField,
+    passwordRequirements,
+    alreadyLoggedInMessage: alreadyLoggedInConfig.message,
+    showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
+    showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
+    returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
+    returnHomePath: alreadyLoggedInConfig.returnHomePath,
+    signInPath,
+    signInLabel,
+    imageSrc,
+    imageAlt,
+    imageBackgroundColor,
+  };
+}
+

package/cli-src/lib/reset_password_config.server.ts

@@ -0,0 +1,103 @@
+// file_description: server-only helper to read reset password layout configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_value } from "./config/config_loader.server";
+import { get_already_logged_in_config } from "./already_logged_in_config.server";
+import { get_password_requirements_config } from "./password_requirements_config.server";
+import resetPasswordDefaultImage from "../assets/images/reset_password_default.jpg";
+
+// section: types
+import type { StaticImageData } from "next/image";
+
+export type ResetPasswordConfig = {
+  errorMessage: string;
+  successMessage: string;
+  loginPath: string;
+  forgotPasswordPath: string;
+  alreadyLoggedInMessage: string;
+  showLogoutButton: boolean;
+  showReturnHomeButton: boolean;
+  returnHomeButtonLabel: string;
+  returnHomePath: string;
+  passwordRequirements: {
+    minimum_length: number;
+    require_uppercase: boolean;
+    require_lowercase: boolean;
+    require_number: boolean;
+    require_special: boolean;
+  };
+  imageSrc: string | StaticImageData;
+  imageAlt: string;
+  imageBackgroundColor: string;
+};
+
+// section: helpers
+/**
+ * Reads reset password layout configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns Reset password configuration options
+ */
+export function get_reset_password_config(): ResetPasswordConfig {
+  const section = "hazo_auth__reset_password_layout";
+
+  // Get shared already logged in config
+  const alreadyLoggedInConfig = get_already_logged_in_config();
+
+  // Read error message (defaults to standard message)
+  const errorMessage = get_config_value(
+    section,
+    "error_message",
+    "Reset password link invalid or has expired. Please go to Reset Password page to get a new link."
+  );
+
+  // Read success message (defaults to standard message)
+  const successMessage = get_config_value(
+    section,
+    "success_message",
+    "Password reset successfully. Redirecting to login..."
+  );
+
+  // Read login path (defaults to "/hazo_auth/login")
+  const loginPath = get_config_value(section, "login_path", "/hazo_auth/login");
+  
+  // Read forgot password path (defaults to "/hazo_auth/forgot_password")
+  const forgotPasswordPath = get_config_value(section, "forgot_password_path", "/hazo_auth/forgot_password");
+
+  // Get shared password requirements
+  const passwordRequirements = get_password_requirements_config();
+
+  // Read image configuration
+  // If not set in config, falls back to default image from assets
+  const imageSrc = get_config_value(
+    section,
+    "image_src",
+    "" // Empty string means not set in config
+  ) || resetPasswordDefaultImage;
+
+  const imageAlt = get_config_value(
+    section,
+    "image_alt",
+    "Reset password illustration"
+  );
+  const imageBackgroundColor = get_config_value(
+    section,
+    "image_background_color",
+    "#f1f5f9"
+  );
+
+  return {
+    errorMessage,
+    successMessage,
+    loginPath,
+    forgotPasswordPath,
+    alreadyLoggedInMessage: alreadyLoggedInConfig.message,
+    showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
+    showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
+    returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
+    returnHomePath: alreadyLoggedInConfig.returnHomePath,
+    passwordRequirements,
+    imageSrc,
+    imageAlt,
+    imageBackgroundColor,
+  };
+}
+