hazo_auth 5.1.33 → 5.1.34

package/cli-src/lib/utils/proxy_request.ts

@@ -0,0 +1,81 @@
+// file_description: Shared utility for rewriting request.url behind reverse proxies (Cloudflare Tunnel, nginx, AWS ALB)
+import { NextRequest } from "next/server";
+
+/**
+ * Detects the public-facing origin from proxy headers.
+ * Returns null if not behind a proxy (origins match).
+ */
+function detect_public_origin(request_url: URL, headers: Headers): string | null {
+  // Priority 1: NEXTAUTH_URL env var (explicitly configured)
+  const nextauth_url = process.env.NEXTAUTH_URL;
+  if (nextauth_url) {
+    try {
+      const public_origin = new URL(nextauth_url).origin;
+      if (public_origin !== request_url.origin) {
+        return public_origin;
+      }
+    } catch {
+      // Invalid NEXTAUTH_URL, fall through
+    }
+  }
+
+  // Priority 2: x-forwarded-host header (set by Cloudflare Tunnel, nginx, etc.)
+  const forwarded_host = headers.get("x-forwarded-host");
+  if (forwarded_host && forwarded_host !== request_url.hostname) {
+    const proto = headers.get("x-forwarded-proto") || "https";
+    return `${proto}://${forwarded_host}`;
+  }
+
+  // Priority 3: host header (Cloudflare Tunnel also sets this)
+  const host_header = headers.get("host");
+  if (host_header && host_header !== request_url.host) {
+    const proto = headers.get("x-forwarded-proto") || "https";
+    return `${proto}://${host_header}`;
+  }
+
+  return null;
+}
+
+/**
+ * Rewrites request.url to use the public-facing origin when behind a reverse proxy.
+ *
+ * Behind proxies like Cloudflare Tunnel, Next.js sets request.url to the internal
+ * address (e.g., https://localhost:3000). This causes NextResponse.redirect() to
+ * resolve Location headers against the internal origin instead of the public domain.
+ *
+ * Apply this at the TOP of any route handler that uses NextResponse.redirect().
+ *
+ * @param request - The incoming NextRequest
+ * @returns A new NextRequest with corrected URL, or the original if no proxy detected
+ */
+export function rewrite_request_for_proxy(request: NextRequest): NextRequest {
+  try {
+    const request_url = new URL(request.url);
+    const public_origin = detect_public_origin(request_url, request.headers);
+
+    if (!public_origin) {
+      return request; // Not behind a proxy, no rewriting needed
+    }
+
+    // Construct corrected URL: public origin + original path + query
+    const corrected_url = `${public_origin}${request_url.pathname}${request_url.search}`;
+
+    // Create new NextRequest with corrected URL, preserving everything else
+    return new NextRequest(corrected_url, {
+      method: request.method,
+      headers: request.headers,
+      body: request.body,
+    });
+  } catch {
+    return request;
+  }
+}
+
+/**
+ * Gets the public-facing origin for constructing redirect URLs.
+ * Use this when you need the origin string but don't need to rewrite the request.
+ */
+export function get_public_origin(request: NextRequest): string {
+  const request_url = new URL(request.url);
+  return detect_public_origin(request_url, request.headers) || request_url.origin;
+}

package/dist/components/ui/button.d.ts

@@ -1,7 +1,7 @@
 import * as React from "react";
 import { type VariantProps } from "class-variance-authority";
 declare const buttonVariants: (props?: ({
-    variant?: "link" | "default" | "destructive" | "outline" | "secondary" | "ghost" | null | undefined;
+    variant?: "default" | "destructive" | "outline" | "secondary" | "ghost" | "link" | null | undefined;
     size?: "default" | "sm" | "lg" | "icon" | null | undefined;
 } & import("class-variance-authority/types").ClassProp) | undefined) => string;
 export interface ButtonProps extends React.ButtonHTMLAttributes<HTMLButtonElement>, VariantProps<typeof buttonVariants> {

package/dist/lib/utils/proxy_request.d.ts

@@ -0,0 +1,20 @@
+import { NextRequest } from "next/server";
+/**
+ * Rewrites request.url to use the public-facing origin when behind a reverse proxy.
+ *
+ * Behind proxies like Cloudflare Tunnel, Next.js sets request.url to the internal
+ * address (e.g., https://localhost:3000). This causes NextResponse.redirect() to
+ * resolve Location headers against the internal origin instead of the public domain.
+ *
+ * Apply this at the TOP of any route handler that uses NextResponse.redirect().
+ *
+ * @param request - The incoming NextRequest
+ * @returns A new NextRequest with corrected URL, or the original if no proxy detected
+ */
+export declare function rewrite_request_for_proxy(request: NextRequest): NextRequest;
+/**
+ * Gets the public-facing origin for constructing redirect URLs.
+ * Use this when you need the origin string but don't need to rewrite the request.
+ */
+export declare function get_public_origin(request: NextRequest): string;
+//# sourceMappingURL=proxy_request.d.ts.map

package/dist/lib/utils/proxy_request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy_request.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/proxy_request.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAqC1C;;;;;;;;;;;GAWG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,WAAW,GAAG,WAAW,CAqB3E;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAG9D"}

package/dist/lib/utils/proxy_request.js

@@ -0,0 +1,74 @@
+// file_description: Shared utility for rewriting request.url behind reverse proxies (Cloudflare Tunnel, nginx, AWS ALB)
+import { NextRequest } from "next/server";
+/**
+ * Detects the public-facing origin from proxy headers.
+ * Returns null if not behind a proxy (origins match).
+ */
+function detect_public_origin(request_url, headers) {
+    // Priority 1: NEXTAUTH_URL env var (explicitly configured)
+    const nextauth_url = process.env.NEXTAUTH_URL;
+    if (nextauth_url) {
+        try {
+            const public_origin = new URL(nextauth_url).origin;
+            if (public_origin !== request_url.origin) {
+                return public_origin;
+            }
+        }
+        catch (_a) {
+            // Invalid NEXTAUTH_URL, fall through
+        }
+    }
+    // Priority 2: x-forwarded-host header (set by Cloudflare Tunnel, nginx, etc.)
+    const forwarded_host = headers.get("x-forwarded-host");
+    if (forwarded_host && forwarded_host !== request_url.hostname) {
+        const proto = headers.get("x-forwarded-proto") || "https";
+        return `${proto}://${forwarded_host}`;
+    }
+    // Priority 3: host header (Cloudflare Tunnel also sets this)
+    const host_header = headers.get("host");
+    if (host_header && host_header !== request_url.host) {
+        const proto = headers.get("x-forwarded-proto") || "https";
+        return `${proto}://${host_header}`;
+    }
+    return null;
+}
+/**
+ * Rewrites request.url to use the public-facing origin when behind a reverse proxy.
+ *
+ * Behind proxies like Cloudflare Tunnel, Next.js sets request.url to the internal
+ * address (e.g., https://localhost:3000). This causes NextResponse.redirect() to
+ * resolve Location headers against the internal origin instead of the public domain.
+ *
+ * Apply this at the TOP of any route handler that uses NextResponse.redirect().
+ *
+ * @param request - The incoming NextRequest
+ * @returns A new NextRequest with corrected URL, or the original if no proxy detected
+ */
+export function rewrite_request_for_proxy(request) {
+    try {
+        const request_url = new URL(request.url);
+        const public_origin = detect_public_origin(request_url, request.headers);
+        if (!public_origin) {
+            return request; // Not behind a proxy, no rewriting needed
+        }
+        // Construct corrected URL: public origin + original path + query
+        const corrected_url = `${public_origin}${request_url.pathname}${request_url.search}`;
+        // Create new NextRequest with corrected URL, preserving everything else
+        return new NextRequest(corrected_url, {
+            method: request.method,
+            headers: request.headers,
+            body: request.body,
+        });
+    }
+    catch (_a) {
+        return request;
+    }
+}
+/**
+ * Gets the public-facing origin for constructing redirect URLs.
+ * Use this when you need the origin string but don't need to rewrite the request.
+ */
+export function get_public_origin(request) {
+    const request_url = new URL(request.url);
+    return detect_public_origin(request_url, request.headers) || request_url.origin;
+}

package/dist/server/routes/nextauth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"nextauth.d.ts","sourceRoot":"","sources":["../../../src/server/routes/nextauth.ts"],"names":[],"mappings":"AAQA,KAAK,eAAe,GAAG;IACrB,MAAM,EAAE,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;CACzC,CAAC;AA0DF,wBAAsB,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,eAAe,gBAGnE;AAED,wBAAsB,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,eAAe,gBAGpE"}
+{"version":3,"file":"nextauth.d.ts","sourceRoot":"","sources":["../../../src/server/routes/nextauth.ts"],"names":[],"mappings":"AAQA,KAAK,eAAe,GAAG;IACrB,MAAM,EAAE,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;CACzC,CAAC;AAyGF,wBAAsB,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,eAAe,gBAEnE;AAED,wBAAsB,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,eAAe,gBAEpE"}

package/dist/server/routes/nextauth.js

@@ -4,60 +4,106 @@
 import NextAuthImport from "next-auth";
 const NextAuth = NextAuthImport.default || NextAuthImport;
 import { get_nextauth_config } from "../../lib/auth/nextauth_config.js";
-// section: handler
-// Get config lazily to ensure environment variables are available
-function getHandler() {
-    const config = get_nextauth_config();
-    return NextAuth(config);
-}
-// Create handler lazily
-let cachedHandler = null;
-function getOrCreateHandler() {
-    if (!cachedHandler) {
-        cachedHandler = getHandler();
+// section: proxy_detection
+/**
+ * Detects the public-facing origin from request headers.
+ * Cloudflare tunnel sends: x-forwarded-host, x-forwarded-proto, cf-visitor, host
+ */
+function detect_proxy_origin(request) {
+    try {
+        const request_url = new URL(request.url);
+        const forwarded_host = request.headers.get("x-forwarded-host");
+        const host_header = request.headers.get("host");
+        const forwarded_proto = request.headers.get("x-forwarded-proto") || "https";
+        // Debug logging in development
+        if (process.env.NODE_ENV === "development") {
+            console.log("[NextAuth Proxy] request.url:", request.url);
+            console.log("[NextAuth Proxy] request_url.hostname:", request_url.hostname, "request_url.host:", request_url.host);
+            console.log("[NextAuth Proxy] x-forwarded-host:", forwarded_host);
+            console.log("[NextAuth Proxy] host header:", host_header);
+            console.log("[NextAuth Proxy] x-forwarded-proto:", forwarded_proto);
+        }
+        // Check x-forwarded-host first (set by Cloudflare tunnel, nginx, etc.)
+        if (forwarded_host && forwarded_host !== request_url.hostname) {
+            const origin = `${forwarded_proto}://${forwarded_host}`;
+            if (process.env.NODE_ENV === "development") {
+                console.log("[NextAuth Proxy] Detected proxy via x-forwarded-host:", origin);
+            }
+            return origin;
+        }
+        // Check host header (Cloudflare tunnel also sets this to the tunnel domain)
+        if (host_header && host_header !== request_url.host) {
+            const origin = `${forwarded_proto}://${host_header}`;
+            if (process.env.NODE_ENV === "development") {
+                console.log("[NextAuth Proxy] Detected proxy via host header:", origin);
+            }
+            return origin;
+        }
+        if (process.env.NODE_ENV === "development") {
+            console.log("[NextAuth Proxy] No proxy detected");
+        }
     }
-    return cachedHandler;
+    catch (e) {
+        console.error("[NextAuth Proxy] Error:", e);
+    }
+    return null;
 }
-// section: url_rewriting
+// section: handler
 /**
- * Rewrites request.url to use the public-facing origin when behind a reverse proxy.
- * NextAuth uses request.url to construct the OAuth redirect_uri parameter.
- * Without this, redirect_uri points to the internal address (e.g. https://localhost:3000),
- * which is unreachable from the user's browser.
+ * Handles NextAuth requests with proxy/tunnel support.
+ *
+ * When behind a proxy (Cloudflare tunnel, nginx, etc.), temporarily sets
+ * NEXTAUTH_URL to the proxy origin so next-auth uses the correct baseUrl
+ * for cookies, CSRF, and OAuth callback URLs.
+ *
+ * IMPORTANT: NEXTAUTH_URL must remain overridden for the entire duration of
+ * the handler execution, because next-auth reads it lazily during request
+ * processing (not just at handler creation time). We restore it after the
+ * handler completes.
  */
-function rewrite_request_for_proxy(request) {
-    const nextauth_url = process.env.NEXTAUTH_URL;
-    if (!nextauth_url) {
-        return request;
+async function handle_request(request, context) {
+    const proxy_origin = detect_proxy_origin(request);
+    const original_nextauth_url = process.env.NEXTAUTH_URL;
+    // If behind a proxy, override NEXTAUTH_URL for the entire request lifecycle
+    if (proxy_origin) {
+        let auth_path = "/api/auth";
+        if (original_nextauth_url) {
+            try {
+                const parsed = new URL(original_nextauth_url);
+                auth_path = parsed.pathname;
+            }
+            catch (_a) {
+                // ignore
+            }
+        }
+        process.env.NEXTAUTH_URL = `${proxy_origin}${auth_path}`;
     }
     try {
-        const public_origin = nextauth_url.replace(/\/$/, "");
-        const request_url = new URL(request.url);
-        // If origins already match, no rewriting needed (direct dev mode)
-        if (request_url.origin === public_origin) {
-            return request;
-        }
-        // Construct the corrected URL: public origin + original path + query
-        const corrected_url = `${public_origin}${request_url.pathname}${request_url.search}`;
-        // Create a new Request with the corrected URL, preserving everything else
-        return new Request(corrected_url, {
-            method: request.method,
-            headers: request.headers,
-            body: request.body,
-            // @ts-expect-error - duplex is required for streaming bodies in Node.js
-            duplex: "half",
-        });
+        const config = get_nextauth_config();
+        const handler = NextAuth(config);
+        // Next.js 16 passes params as a Promise, but next-auth v4 expects it resolved
+        const resolved_params = await context.params;
+        const resolved_context = { params: resolved_params };
+        // Await the handler response before restoring NEXTAUTH_URL
+        const response = await handler(request, resolved_context);
+        return response;
     }
-    catch (_a) {
-        return request;
+    finally {
+        // Restore original NEXTAUTH_URL after handler completes
+        if (proxy_origin) {
+            if (original_nextauth_url) {
+                process.env.NEXTAUTH_URL = original_nextauth_url;
+            }
+            else {
+                delete process.env.NEXTAUTH_URL;
+            }
+        }
     }
 }
 // section: exports
 export async function GET(request, context) {
-    const handler = getOrCreateHandler();
-    return handler(rewrite_request_for_proxy(request), context);
+    return handle_request(request, context);
 }
 export async function POST(request, context) {
-    const handler = getOrCreateHandler();
-    return handler(rewrite_request_for_proxy(request), context);
+    return handle_request(request, context);
 }

package/dist/server/routes/oauth_google_callback.d.ts

@@ -4,5 +4,5 @@ import { NextRequest, NextResponse } from "next/server";
  * The user creation/linking is done in NextAuth signIn callback
  * This route just sets the hazo_auth session cookies
  */
-export declare function GET(request: NextRequest): Promise<NextResponse<unknown>>;
+export declare function GET(original_request: NextRequest): Promise<NextResponse<unknown>>;
 //# sourceMappingURL=oauth_google_callback.d.ts.map

package/dist/server/routes/oauth_google_callback.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth_google_callback.d.ts","sourceRoot":"","sources":["../../../src/server/routes/oauth_google_callback.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAwBxD;;;;GAIG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW,kCAgJ7C"}
+{"version":3,"file":"oauth_google_callback.d.ts","sourceRoot":"","sources":["../../../src/server/routes/oauth_google_callback.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAwBxD;;;;GAIG;AACH,wBAAsB,GAAG,CAAC,gBAAgB,EAAE,WAAW,kCA6JtD"}

package/dist/server/routes/oauth_google_callback.js

@@ -10,18 +10,28 @@ import { get_cookie_name, get_cookie_options, BASE_COOKIE_NAMES } from "../../li
 import { get_hazo_connect_instance } from "../../lib/hazo_connect_instance.server.js";
 import { get_post_login_redirect } from "../../lib/services/post_verification_service.js";
 import { get_oauth_config } from "../../lib/oauth_config.server.js";
-import { create_redirect_url } from "../../lib/utils/get_origin_url.js";
+import { rewrite_request_for_proxy } from "../../lib/utils/proxy_request.js";
 // section: api_handler
 /**
  * Handles the OAuth callback after Google sign-in
  * The user creation/linking is done in NextAuth signIn callback
  * This route just sets the hazo_auth session cookies
  */
-export async function GET(request) {
+export async function GET(original_request) {
+    // Rewrite request.url to public origin when behind a reverse proxy.
+    // This ensures all NextResponse.redirect() calls produce correct Location headers.
+    const request = rewrite_request_for_proxy(original_request);
     const logger = create_app_logger();
+    // Detect if request came through HTTPS proxy (Cloudflare tunnel, etc.)
+    const is_secure = original_request.headers.get("x-forwarded-proto") === "https" ||
+        request.url.startsWith("https://");
     try {
         // Get the NextAuth token from the session
-        const token = (await getToken({ req: request }));
+        // When behind HTTPS proxy, next-auth uses __Secure- cookie prefix
+        const token = (await getToken({
+            req: request,
+            secureCookie: is_secure,
+        }));
         logger.debug("google_callback_token_received", {
             filename: get_filename(),
             line_number: get_line_number(),
@@ -37,7 +47,7 @@ export async function GET(request) {
                 note: "No NextAuth token found - user may not have completed Google sign-in",
             });
             // Redirect to login with error — use .toString() to ensure absolute URL
-            const login_url = create_redirect_url("/hazo_auth/login", request.url);
+            const login_url = new URL("/hazo_auth/login", request.url);
             login_url.searchParams.set("error", "oauth_failed");
             return NextResponse.redirect(login_url.toString());
         }
@@ -50,7 +60,7 @@ export async function GET(request) {
                 has_hazo_user_id: !!token.hazo_user_id,
                 has_google_id: !!token.google_id,
             });
-            const login_url = create_redirect_url("/hazo_auth/login", request.url);
+            const login_url = new URL("/hazo_auth/login", request.url);
             login_url.searchParams.set("error", "oauth_incomplete");
             return NextResponse.redirect(login_url.toString());
         }
@@ -94,12 +104,13 @@ export async function GET(request) {
             invitation_table_error,
         });
         // Create redirect response — use .toString() to ensure absolute public-facing URL
-        const redirect_url = create_redirect_url(determined_redirect, request.url);
+        const redirect_url = new URL(determined_redirect, request.url);
         const response = NextResponse.redirect(redirect_url.toString());
         // Set authentication cookies (same as login route, with configurable prefix and domain)
+        // secure=true when in production OR when accessed via HTTPS proxy (Cloudflare tunnel, etc.)
         const base_cookie_options = {
             httpOnly: true,
-            secure: process.env.NODE_ENV === "production",
+            secure: process.env.NODE_ENV === "production" || is_secure,
             sameSite: "lax",
             path: "/",
             maxAge: 60 * 60 * 24 * 30, // 30 days
@@ -134,7 +145,7 @@ export async function GET(request) {
             error_message,
             error_stack,
         });
-        const login_url = create_redirect_url("/hazo_auth/login", request.url);
+        const login_url = new URL("/hazo_auth/login", request.url);
         login_url.searchParams.set("error", "oauth_error");
         return NextResponse.redirect(login_url.toString());
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hazo_auth",
-  "version": "5.1.33",
+  "version": "5.1.34",
   "description": "Zero-config authentication UI components for Next.js with RBAC, OAuth, scope-based multi-tenancy, and invitations",
   "keywords": [
     "authentication",
@@ -188,7 +188,7 @@
   "scripts": {
     "dev": "next dev",
     "build": "next build",
-    "build:pkg": "tsc -p tsconfig.build.json && tsx scripts/copy_assets.ts",
+    "build:pkg": "tsc --jsx react-jsx --skipLibCheck -p tsconfig.build.json && tsx scripts/copy_assets.ts",
     "prepublishOnly": "npm run build:pkg",
     "validate": "tsx scripts/validate_setup.ts",
     "generate-routes": "tsx scripts/generate_routes.ts",

package/dist/lib/index.d.ts

@@ -1,32 +0,0 @@
-export * from "./auth/index.js";
-export * from "./services/index.js";
-export { cn, merge_class_names } from "./utils.js";
-export { get_config_value, get_config_number, get_config_boolean, get_config_array, read_config_section } from "./config/config_loader.server.js";
-export { create_sqlite_hazo_connect } from "./hazo_connect_setup.js";
-export { get_hazo_connect_instance } from "./hazo_connect_instance.server.js";
-export { create_app_logger } from "./app_logger.js";
-export { get_login_config } from "./login_config.server.js";
-export { get_register_config } from "./register_config.server.js";
-export { get_forgot_password_config } from "./forgot_password_config.server.js";
-export { get_reset_password_config } from "./reset_password_config.server.js";
-export { get_email_verification_config } from "./email_verification_config.server.js";
-export { get_my_settings_config } from "./my_settings_config.server.js";
-export { get_user_management_config } from "./user_management_config.server.js";
-export { get_profile_picture_config } from "./profile_picture_config.server.js";
-export { get_profile_pic_menu_config } from "./profile_pic_menu_config.server.js";
-export { get_already_logged_in_config } from "./already_logged_in_config.server.js";
-export { get_ui_shell_config } from "./ui_shell_config.server.js";
-export { get_ui_sizes_config } from "./ui_sizes_config.server.js";
-export { get_auth_utility_config } from "./auth_utility_config.server.js";
-export { get_password_requirements_config } from "./password_requirements_config.server.js";
-export { get_messages_config } from "./messages_config.server.js";
-export { get_user_fields_config } from "./user_fields_config.server.js";
-export { get_file_types_config } from "./file_types_config.server.js";
-export { get_oauth_config, is_google_oauth_enabled, is_email_password_enabled } from "./oauth_config.server.js";
-export type { OAuthConfig } from "./oauth_config.server";
-export { get_branding_config, is_branding_enabled, is_allowed_logo_format, get_max_logo_size_bytes } from "./branding_config.server.js";
-export type { FirmBrandingConfig } from "./branding_config.server";
-export { sanitize_error_for_user } from "./utils/error_sanitizer.js";
-export type { ErrorSanitizationOptions } from "./utils/error_sanitizer";
-export * from "./utils/api_route_helpers.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/lib/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAGhD,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAG/I,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAG3E,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAGjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACzF,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAC7G,YAAY,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AACrI,YAAY,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAGnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,YAAY,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACxE,cAAc,2BAA2B,CAAC"}

package/dist/lib/index.js

@@ -1,37 +0,0 @@
-// file_description: barrel export for lib utilities
-// section: auth_exports
-export * from "./auth/index.js";
-// section: service_exports
-export * from "./services/index.js";
-// section: utility_exports
-export { cn, merge_class_names } from "./utils.js";
-// section: config_exports
-export { get_config_value, get_config_number, get_config_boolean, get_config_array, read_config_section } from "./config/config_loader.server.js";
-// section: hazo_connect_exports
-export { create_sqlite_hazo_connect } from "./hazo_connect_setup.js";
-export { get_hazo_connect_instance } from "./hazo_connect_instance.server.js";
-// section: logger_exports
-export { create_app_logger } from "./app_logger.js";
-// section: config_server_exports
-export { get_login_config } from "./login_config.server.js";
-export { get_register_config } from "./register_config.server.js";
-export { get_forgot_password_config } from "./forgot_password_config.server.js";
-export { get_reset_password_config } from "./reset_password_config.server.js";
-export { get_email_verification_config } from "./email_verification_config.server.js";
-export { get_my_settings_config } from "./my_settings_config.server.js";
-export { get_user_management_config } from "./user_management_config.server.js";
-export { get_profile_picture_config } from "./profile_picture_config.server.js";
-export { get_profile_pic_menu_config } from "./profile_pic_menu_config.server.js";
-export { get_already_logged_in_config } from "./already_logged_in_config.server.js";
-export { get_ui_shell_config } from "./ui_shell_config.server.js";
-export { get_ui_sizes_config } from "./ui_sizes_config.server.js";
-export { get_auth_utility_config } from "./auth_utility_config.server.js";
-export { get_password_requirements_config } from "./password_requirements_config.server.js";
-export { get_messages_config } from "./messages_config.server.js";
-export { get_user_fields_config } from "./user_fields_config.server.js";
-export { get_file_types_config } from "./file_types_config.server.js";
-export { get_oauth_config, is_google_oauth_enabled, is_email_password_enabled } from "./oauth_config.server.js";
-export { get_branding_config, is_branding_enabled, is_allowed_logo_format, get_max_logo_size_bytes } from "./branding_config.server.js";
-// section: util_exports
-export { sanitize_error_for_user } from "./utils/error_sanitizer.js";
-export * from "./utils/api_route_helpers.js";