hazo_auth 4.2.0 → 4.4.0

package/cli-src/lib/profile_pic_menu_config.server.ts

@@ -0,0 +1,138 @@
+// file_description: server-only helper to read profile picture menu configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_value, get_config_boolean, get_config_array } from "./config/config_loader.server.js";
+
+// section: types
+// Note: These types are also used in client components, but TypeScript types are erased at runtime
+// so importing from a server file is safe for type-only imports
+export type MenuItemType = "info" | "link" | "separator";
+
+export type ProfilePicMenuMenuItem = {
+  type: MenuItemType;
+  label?: string; // For info and link types
+  value?: string; // For info type (e.g., user name, email)
+  href?: string; // For link type
+  order: number; // Ordering within type group
+  id: string; // Unique identifier for the item
+};
+
+export type ProfilePicMenuConfig = {
+  show_single_button: boolean;
+  sign_up_label: string;
+  sign_in_label: string;
+  register_path: string;
+  login_path: string;
+  settings_path: string;
+  logout_path: string;
+  custom_menu_items: ProfilePicMenuMenuItem[];
+};
+
+// section: helpers
+/**
+ * Parses custom menu items from config string
+ * Format: "type:label:order" or "type:label:href:order" for links
+ * Example: "link:My Custom Link:/custom:3"
+ * @param items_string - Comma-separated string of menu items
+ * @returns Array of parsed menu items
+ */
+function parse_custom_menu_items(items_string: string[]): ProfilePicMenuMenuItem[] {
+  const items: ProfilePicMenuMenuItem[] = [];
+  
+  items_string.forEach((item_string, index) => {
+    const parts = item_string.split(":").map((p) => p.trim());
+    
+    if (parts.length < 3) {
+      return; // Invalid format, skip
+    }
+    
+    const type = parts[0] as MenuItemType;
+    if (type !== "info" && type !== "link" && type !== "separator") {
+      return; // Invalid type, skip
+    }
+    
+    if (type === "separator") {
+      const order = parseInt(parts[1] || "1", 10);
+      items.push({
+        type: "separator",
+        order: isNaN(order) ? 1 : order,
+        id: `custom_separator_${index}`,
+      });
+      return;
+    }
+    
+    if (type === "info") {
+      const label = parts[1] || "";
+      const value = parts[2] || "";
+      const order = parseInt(parts[3] || "1", 10);
+      
+      if (!label || !value) {
+        return; // Invalid format, skip
+      }
+      
+      items.push({
+        type: "info",
+        label,
+        value,
+        order: isNaN(order) ? 1 : order,
+        id: `custom_info_${index}`,
+      });
+      return;
+    }
+    
+    if (type === "link") {
+      const label = parts[1] || "";
+      const href = parts[2] || "";
+      const order = parseInt(parts[3] || "1", 10);
+      
+      if (!label || !href) {
+        return; // Invalid format, skip
+      }
+      
+      items.push({
+        type: "link",
+        label,
+        href,
+        order: isNaN(order) ? 1 : order,
+        id: `custom_link_${index}`,
+      });
+    }
+  });
+  
+  return items;
+}
+
+/**
+ * Reads profile picture menu configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns Profile picture menu configuration options
+ */
+export function get_profile_pic_menu_config(): ProfilePicMenuConfig {
+  const section = "hazo_auth__profile_pic_menu";
+
+  // Read button configuration
+  const show_single_button = get_config_boolean(section, "show_single_button", false);
+  const sign_up_label = get_config_value(section, "sign_up_label", "Sign Up");
+  const sign_in_label = get_config_value(section, "sign_in_label", "Sign In");
+  const register_path = get_config_value(section, "register_path", "/hazo_auth/register");
+  const login_path = get_config_value(section, "login_path", "/hazo_auth/login");
+
+  // Read menu paths
+  const settings_path = get_config_value(section, "settings_path", "/hazo_auth/my_settings");
+  const logout_path = get_config_value(section, "logout_path", "/api/hazo_auth/logout");
+
+  // Read custom menu items
+  const custom_items_string = get_config_array(section, "custom_menu_items", []);
+  const custom_menu_items = parse_custom_menu_items(custom_items_string);
+
+  return {
+    show_single_button,
+    sign_up_label,
+    sign_in_label,
+    register_path,
+    login_path,
+    settings_path,
+    logout_path,
+    custom_menu_items,
+  };
+}
+

package/cli-src/lib/profile_picture_config.server.ts

@@ -0,0 +1,56 @@
+// file_description: server-only helper to read profile picture configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_boolean, get_config_value, get_config_number, read_config_section } from "./config/config_loader.server.js";
+import { create_app_logger } from "./app_logger.js";
+
+// section: types
+export type ProfilePictureConfig = {
+  allow_photo_upload: boolean;
+  upload_photo_path?: string;
+  max_photo_size: number; // in bytes
+  user_photo_default: boolean;
+  user_photo_default_priority1: "gravatar" | "library";
+  user_photo_default_priority2?: "library" | "gravatar";
+  library_photo_path: string; // relative to public directory
+};
+
+// section: helpers
+/**
+ * Reads profile picture configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns Profile picture configuration options
+ */
+export function get_profile_picture_config(): ProfilePictureConfig {
+  const logger = create_app_logger();
+  const section = "hazo_auth__profile_picture";
+
+  // Read configuration with defaults
+  const allow_photo_upload = get_config_boolean(section, "allow_photo_upload", false);
+  const upload_photo_path = get_config_value(section, "upload_photo_path", "");
+  const max_photo_size = get_config_number(section, "max_photo_size", 51200); // Default: 50kb
+  const user_photo_default = get_config_boolean(section, "user_photo_default", true);
+  const user_photo_default_priority1 = (get_config_value(section, "user_photo_default_priority1", "gravatar") as "gravatar" | "library");
+  const priority2_value = get_config_value(section, "user_photo_default_priority2", "");
+  const user_photo_default_priority2 = priority2_value ? (priority2_value as "library" | "gravatar") : undefined;
+  const library_photo_path = get_config_value(section, "library_photo_path", "/profile_pictures/library");
+
+  // Validate upload_photo_path if allow_photo_upload is true
+  if (allow_photo_upload && !upload_photo_path) {
+    logger.warn("profile_picture_config_validation_failed", {
+      filename: "profile_picture_config.server.ts",
+      line_number: 0,
+      message: "allow_photo_upload is true but upload_photo_path is not set",
+    });
+  }
+
+  return {
+    allow_photo_upload,
+    upload_photo_path: upload_photo_path || undefined,
+    max_photo_size,
+    user_photo_default,
+    user_photo_default_priority1,
+    user_photo_default_priority2,
+    library_photo_path,
+  };
+}
+

package/cli-src/lib/register_config.server.ts

@@ -0,0 +1,101 @@
+// file_description: server-only helper to read register layout configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_boolean, get_config_value, read_config_section } from "./config/config_loader.server.js";
+import { get_password_requirements_config } from "./password_requirements_config.server.js";
+import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
+import { get_user_fields_config } from "./user_fields_config.server.js";
+import registerDefaultImage from "../assets/images/register_default.jpg.js";
+
+// section: types
+import type { StaticImageData } from "next/image";
+
+export type RegisterConfig = {
+  showNameField: boolean;
+  passwordRequirements: {
+    minimum_length: number;
+    require_uppercase: boolean;
+    require_lowercase: boolean;
+    require_number: boolean;
+    require_special: boolean;
+  };
+  alreadyLoggedInMessage: string;
+  showLogoutButton: boolean;
+  showReturnHomeButton: boolean;
+  returnHomeButtonLabel: string;
+  returnHomePath: string;
+  signInPath: string;
+  signInLabel: string;
+  imageSrc: string | StaticImageData;
+  imageAlt: string;
+  imageBackgroundColor: string;
+};
+
+// section: helpers
+/**
+ * Reads register layout configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns Register configuration options
+ */
+export function get_register_config(): RegisterConfig {
+  // Get shared user fields config (preferred) or fall back to register section for backwards compatibility
+  const userFieldsConfig = get_user_fields_config();
+  const register_section = read_config_section("hazo_auth__register_layout");
+  
+  // Use register section if explicitly set, otherwise use shared config
+  const showNameField = register_section?.show_name_field !== undefined
+    ? get_config_boolean("hazo_auth__register_layout", "show_name_field", true)
+    : userFieldsConfig.show_name_field;
+
+  // Get shared password requirements
+  const passwordRequirements = get_password_requirements_config();
+
+  // Get shared already logged in config
+  const alreadyLoggedInConfig = get_already_logged_in_config();
+
+  // Read sign in link configuration
+  const signInPath = get_config_value(
+    "hazo_auth__register_layout",
+    "sign_in_path",
+    "/hazo_auth/login"
+  );
+  const signInLabel = get_config_value(
+    "hazo_auth__register_layout",
+    "sign_in_label",
+    "Sign in"
+  );
+
+  // Read image configuration
+  // If not set in config, falls back to default image from assets
+  const imageSrc = get_config_value(
+    "hazo_auth__register_layout",
+    "image_src",
+    "" // Empty string means not set in config
+  ) || registerDefaultImage;
+
+  const imageAlt = get_config_value(
+    "hazo_auth__register_layout",
+    "image_alt",
+    "Modern building representing user registration"
+  );
+  const imageBackgroundColor = get_config_value(
+    "hazo_auth__register_layout",
+    "image_background_color",
+    "#e2e8f0"
+  );
+
+  return {
+    showNameField,
+    passwordRequirements,
+    alreadyLoggedInMessage: alreadyLoggedInConfig.message,
+    showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
+    showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
+    returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
+    returnHomePath: alreadyLoggedInConfig.returnHomePath,
+    signInPath,
+    signInLabel,
+    imageSrc,
+    imageAlt,
+    imageBackgroundColor,
+  };
+}
+

package/cli-src/lib/reset_password_config.server.ts

@@ -0,0 +1,103 @@
+// file_description: server-only helper to read reset password layout configuration from hazo_auth_config.ini
+// section: imports
+import { get_config_value } from "./config/config_loader.server.js";
+import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
+import { get_password_requirements_config } from "./password_requirements_config.server.js";
+import resetPasswordDefaultImage from "../assets/images/reset_password_default.jpg.js";
+
+// section: types
+import type { StaticImageData } from "next/image";
+
+export type ResetPasswordConfig = {
+  errorMessage: string;
+  successMessage: string;
+  loginPath: string;
+  forgotPasswordPath: string;
+  alreadyLoggedInMessage: string;
+  showLogoutButton: boolean;
+  showReturnHomeButton: boolean;
+  returnHomeButtonLabel: string;
+  returnHomePath: string;
+  passwordRequirements: {
+    minimum_length: number;
+    require_uppercase: boolean;
+    require_lowercase: boolean;
+    require_number: boolean;
+    require_special: boolean;
+  };
+  imageSrc: string | StaticImageData;
+  imageAlt: string;
+  imageBackgroundColor: string;
+};
+
+// section: helpers
+/**
+ * Reads reset password layout configuration from hazo_auth_config.ini file
+ * Falls back to defaults if hazo_auth_config.ini is not found or section is missing
+ * @returns Reset password configuration options
+ */
+export function get_reset_password_config(): ResetPasswordConfig {
+  const section = "hazo_auth__reset_password_layout";
+
+  // Get shared already logged in config
+  const alreadyLoggedInConfig = get_already_logged_in_config();
+
+  // Read error message (defaults to standard message)
+  const errorMessage = get_config_value(
+    section,
+    "error_message",
+    "Reset password link invalid or has expired. Please go to Reset Password page to get a new link."
+  );
+
+  // Read success message (defaults to standard message)
+  const successMessage = get_config_value(
+    section,
+    "success_message",
+    "Password reset successfully. Redirecting to login..."
+  );
+
+  // Read login path (defaults to "/hazo_auth/login")
+  const loginPath = get_config_value(section, "login_path", "/hazo_auth/login");
+  
+  // Read forgot password path (defaults to "/hazo_auth/forgot_password")
+  const forgotPasswordPath = get_config_value(section, "forgot_password_path", "/hazo_auth/forgot_password");
+
+  // Get shared password requirements
+  const passwordRequirements = get_password_requirements_config();
+
+  // Read image configuration
+  // If not set in config, falls back to default image from assets
+  const imageSrc = get_config_value(
+    section,
+    "image_src",
+    "" // Empty string means not set in config
+  ) || resetPasswordDefaultImage;
+
+  const imageAlt = get_config_value(
+    section,
+    "image_alt",
+    "Reset password illustration"
+  );
+  const imageBackgroundColor = get_config_value(
+    section,
+    "image_background_color",
+    "#f1f5f9"
+  );
+
+  return {
+    errorMessage,
+    successMessage,
+    loginPath,
+    forgotPasswordPath,
+    alreadyLoggedInMessage: alreadyLoggedInConfig.message,
+    showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
+    showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
+    returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
+    returnHomePath: alreadyLoggedInConfig.returnHomePath,
+    passwordRequirements,
+    imageSrc,
+    imageAlt,
+    imageBackgroundColor,
+  };
+}
+

package/cli-src/lib/scope_hierarchy_config.server.ts

@@ -0,0 +1,151 @@
+// file_description: server-only helper to read HRBAC scope hierarchy configuration from hazo_auth_config.ini
+// section: imports
+import {
+  get_config_value,
+  get_config_number,
+  get_config_boolean,
+  get_config_array,
+} from "./config/config_loader.server.js";
+import type { ScopeLevel } from "./services/scope_service";
+import { SCOPE_LEVELS } from "./services/scope_service.js";
+
+// section: types
+
+/**
+ * Scope hierarchy configuration options for HRBAC
+ */
+export type ScopeHierarchyConfig = {
+  /** Whether HRBAC is enabled (default: false) */
+  enable_hrbac: boolean;
+  /** Default organization for single-tenant apps (optional) */
+  default_org: string;
+  /** Cache TTL in minutes for scope lookups (default: 15) */
+  scope_cache_ttl_minutes: number;
+  /** Maximum entries in scope cache (default: 5000) */
+  scope_cache_max_entries: number;
+  /** Which scope levels are active/enabled */
+  active_levels: ScopeLevel[];
+  /** Default labels for each scope level */
+  default_labels: Record<ScopeLevel, string>;
+};
+
+// section: constants
+
+const SECTION_NAME = "hazo_auth__scope_hierarchy";
+
+const DEFAULT_LABELS: Record<ScopeLevel, string> = {
+  hazo_scopes_l1: "Level 1",
+  hazo_scopes_l2: "Level 2",
+  hazo_scopes_l3: "Level 3",
+  hazo_scopes_l4: "Level 4",
+  hazo_scopes_l5: "Level 5",
+  hazo_scopes_l6: "Level 6",
+  hazo_scopes_l7: "Level 7",
+};
+
+// section: helpers
+
+/**
+ * Parses the active_levels config value into an array of ScopeLevel
+ * If not configured, returns all levels
+ */
+function parse_active_levels(config_value: string): ScopeLevel[] {
+  if (!config_value || config_value.trim().length === 0) {
+    return [...SCOPE_LEVELS]; // All levels active by default
+  }
+
+  const levels = config_value.split(",").map((s) => s.trim());
+  const valid_levels: ScopeLevel[] = [];
+
+  for (const level of levels) {
+    if (SCOPE_LEVELS.includes(level as ScopeLevel)) {
+      valid_levels.push(level as ScopeLevel);
+    }
+  }
+
+  return valid_levels.length > 0 ? valid_levels : [...SCOPE_LEVELS];
+}
+
+/**
+ * Reads default labels from config, falling back to defaults
+ */
+function get_default_labels(): Record<ScopeLevel, string> {
+  const labels = { ...DEFAULT_LABELS };
+
+  for (let i = 1; i <= 7; i++) {
+    const level = `hazo_scopes_l${i}` as ScopeLevel;
+    const config_key = `default_label_l${i}`;
+    const config_value = get_config_value(SECTION_NAME, config_key, "");
+
+    if (config_value && config_value.trim().length > 0) {
+      labels[level] = config_value.trim();
+    }
+  }
+
+  return labels;
+}
+
+/**
+ * Reads HRBAC scope hierarchy configuration from hazo_auth_config.ini file
+ * Falls back to defaults if config file is not found or section is missing
+ * @returns Scope hierarchy configuration options
+ */
+export function get_scope_hierarchy_config(): ScopeHierarchyConfig {
+  // Core HRBAC enablement
+  const enable_hrbac = get_config_boolean(SECTION_NAME, "enable_hrbac", false);
+
+  // Default organization for single-tenant apps
+  const default_org = get_config_value(SECTION_NAME, "default_org", "");
+
+  // Cache settings
+  const scope_cache_ttl_minutes = get_config_number(
+    SECTION_NAME,
+    "scope_cache_ttl_minutes",
+    15,
+  );
+  const scope_cache_max_entries = get_config_number(
+    SECTION_NAME,
+    "scope_cache_max_entries",
+    5000,
+  );
+
+  // Active levels
+  const active_levels_str = get_config_value(SECTION_NAME, "active_levels", "");
+  const active_levels = parse_active_levels(active_levels_str);
+
+  // Default labels
+  const default_labels = get_default_labels();
+
+  return {
+    enable_hrbac,
+    default_org,
+    scope_cache_ttl_minutes,
+    scope_cache_max_entries,
+    active_levels,
+    default_labels,
+  };
+}
+
+/**
+ * Checks if HRBAC is enabled in the configuration
+ * Convenience function for quick checks
+ */
+export function is_hrbac_enabled(): boolean {
+  return get_config_boolean(SECTION_NAME, "enable_hrbac", false);
+}
+
+/**
+ * Gets the default organization from config
+ * Returns empty string if not configured (multi-tenant mode)
+ */
+export function get_default_org(): string {
+  return get_config_value(SECTION_NAME, "default_org", "");
+}
+
+/**
+ * Gets the default label for a scope level
+ */
+export function get_default_label(level: ScopeLevel): string {
+  const config_key = `default_label_l${level.charAt(level.length - 1)}`;
+  return get_config_value(SECTION_NAME, config_key, DEFAULT_LABELS[level]);
+}