hazo_auth 5.2.0 → 5.3.0

package/dist/lib/services/email_template_manifest.js

@@ -0,0 +1,95 @@
+// file_description: manifest of system email templates shipped by hazo_auth
+// section: server_only_guard
+import "server-only";
+// section: imports
+import fs from "fs";
+import path from "path";
+import { fileURLToPath } from "url";
+// section: constants
+const TEMPLATE_DIR = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "email_templates");
+const SYSTEM_CATEGORY = "Auth";
+// section: helpers
+function read_template(template_name, extension) {
+    const file_path = path.join(TEMPLATE_DIR, `${template_name}.${extension}`);
+    return fs.readFileSync(file_path, "utf-8");
+}
+// section: manifest
+/**
+ * System email templates shipped by hazo_auth.
+ *
+ * Consumers feed this into `init_template_manager({ manifests: [...hazo_auth_template_manifest] })`
+ * at boot. hazo_notify seeds/syncs the templates into its scope-aware database.
+ * Per-scope overrides are managed through the hazo_notify admin UI.
+ */
+export const hazo_auth_template_manifest = [
+    {
+        template_name: "email_verification",
+        template_label: "Email verification",
+        category: SYSTEM_CATEGORY,
+        html: read_template("email_verification", "html"),
+        text: read_template("email_verification", "txt"),
+        variables: [
+            {
+                variable_name: "user_name",
+                variable_description: "Recipient display name",
+                default_value: "",
+            },
+            {
+                variable_name: "user_email",
+                variable_description: "Recipient email",
+            },
+            {
+                variable_name: "verification_url",
+                variable_description: "Verification link with embedded token",
+            },
+            {
+                variable_name: "token",
+                variable_description: "Raw verification token",
+            },
+        ],
+    },
+    {
+        template_name: "forgot_password",
+        template_label: "Forgot password",
+        category: SYSTEM_CATEGORY,
+        html: read_template("forgot_password", "html"),
+        text: read_template("forgot_password", "txt"),
+        variables: [
+            {
+                variable_name: "user_name",
+                variable_description: "Recipient display name",
+                default_value: "",
+            },
+            {
+                variable_name: "user_email",
+                variable_description: "Recipient email",
+            },
+            {
+                variable_name: "reset_url",
+                variable_description: "Password reset link",
+            },
+            {
+                variable_name: "token",
+                variable_description: "Raw reset token",
+            },
+        ],
+    },
+    {
+        template_name: "password_changed",
+        template_label: "Password changed",
+        category: SYSTEM_CATEGORY,
+        html: read_template("password_changed", "html"),
+        text: read_template("password_changed", "txt"),
+        variables: [
+            {
+                variable_name: "user_name",
+                variable_description: "Recipient display name",
+                default_value: "",
+            },
+            {
+                variable_name: "user_email",
+                variable_description: "Recipient email",
+            },
+        ],
+    },
+];

package/dist/lib/services/email_templates/email_verification.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>Verify Your Email</title>
+</head>
+<body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
+  <h1 style="color: #0f172a;">Verify Your Email Address</h1>
+  <p>Thank you for registering! Please click the link below to verify your email address:</p>
+  <p style="margin: 20px 0;">
+    <a href="{{verification_url}}" style="display: inline-block; padding: 12px 24px; background-color: #0f172a; color: #ffffff; text-decoration: none; border-radius: 4px;">Verify Email Address</a>
+  </p>
+  <p>Or copy and paste this link into your browser:</p>
+  <p style="word-break: break-all; color: #666;">{{verification_url}}</p>
+  <p>This link will expire in 48 hours.</p>
+  <p style="margin-top: 30px; color: #666; font-size: 12px;">If you didn't create an account, you can safely ignore this email.</p>
+</body>
+</html>

package/dist/lib/services/email_templates/email_verification.txt

@@ -0,0 +1,9 @@
+Verify Your Email Address
+
+Thank you for registering! Please click the link below to verify your email address:
+
+{{verification_url}}
+
+This link will expire in 48 hours.
+
+If you didn't create an account, you can safely ignore this email.

package/dist/lib/services/email_templates/forgot_password.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>Reset Your Password</title>
+</head>
+<body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
+  <h1 style="color: #0f172a;">Reset Your Password</h1>
+  <p>We received a request to reset your password. Click the link below to reset it:</p>
+  <p style="margin: 20px 0;">
+    <a href="{{reset_url}}" style="display: inline-block; padding: 12px 24px; background-color: #0f172a; color: #ffffff; text-decoration: none; border-radius: 4px;">Reset Password</a>
+  </p>
+  <p>Or copy and paste this link into your browser:</p>
+  <p style="word-break: break-all; color: #666;">{{reset_url}}</p>
+  <p>This link will expire in 10 minutes.</p>
+  <p style="margin-top: 30px; color: #666; font-size: 12px;">If you didn't request a password reset, you can safely ignore this email.</p>
+</body>
+</html>

package/dist/lib/services/email_templates/forgot_password.txt

@@ -0,0 +1,9 @@
+Reset Your Password
+
+We received a request to reset your password. Click the link below to reset it:
+
+{{reset_url}}
+
+This link will expire in 10 minutes.
+
+If you didn't request a password reset, you can safely ignore this email.

package/dist/lib/services/email_templates/password_changed.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>Password Changed</title>
+</head>
+<body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
+  <h1 style="color: #0f172a;">Password Changed Successfully</h1>
+  <p>Hello {{user_name}},</p>
+  <p>This email confirms that your password has been changed successfully.</p>
+  <p>If you did not make this change, please contact support immediately to secure your account.</p>
+  <p style="margin-top: 30px; color: #666; font-size: 12px;">This is an automated notification. Please do not reply to this email.</p>
+</body>
+</html>

package/dist/lib/services/email_templates/password_changed.txt

@@ -0,0 +1,9 @@
+Password Changed Successfully
+
+Hello {{user_name}},
+
+This email confirms that your password has been changed successfully.
+
+If you did not make this change, please contact support immediately to secure your account.
+
+This is an automated notification. Please do not reply to this email.

package/dist/server-lib.d.ts

@@ -1,6 +1,7 @@
 import "server-only";
 export * from "./lib/auth/index.js";
 export * from "./lib/services/index.js";
+export { hazo_auth_template_manifest } from "./lib/services/email_template_manifest.js";
 export { get_config_value, get_config_number, get_config_boolean, get_config_array, read_config_section, } from "./lib/config/config_loader.server.js";
 export { get_login_config } from "./lib/login_config.server.js";
 export { get_register_config } from "./lib/register_config.server.js";

package/dist/server-lib.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server-lib.d.ts","sourceRoot":"","sources":["../src/server-lib.ts"],"names":[],"mappings":"AAYA,OAAO,aAAa,CAAC;AAGrB,cAAc,kBAAkB,CAAC;AAGjC,cAAc,sBAAsB,CAAC;AAGrC,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,OAAO,EAAE,6BAA6B,EAAE,MAAM,wCAAwC,CAAC;AACvF,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AACnF,OAAO,EAAE,4BAA4B,EAAE,MAAM,uCAAuC,CAAC;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,gCAAgC,EAAE,MAAM,2CAA2C,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGvE,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAG/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AAC5E,cAAc,+BAA+B,CAAC"}
+{"version":3,"file":"server-lib.d.ts","sourceRoot":"","sources":["../src/server-lib.ts"],"names":[],"mappings":"AAYA,OAAO,aAAa,CAAC;AAGrB,cAAc,kBAAkB,CAAC;AAGjC,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AAGrF,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,OAAO,EAAE,6BAA6B,EAAE,MAAM,wCAAwC,CAAC;AACvF,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AACnF,OAAO,EAAE,4BAA4B,EAAE,MAAM,uCAAuC,CAAC;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,gCAAgC,EAAE,MAAM,2CAA2C,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGvE,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAG/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AAC5E,cAAc,+BAA+B,CAAC"}

package/dist/server-lib.js

@@ -14,6 +14,7 @@ import "server-only";
 export * from "./lib/auth/index.js";
 // section: service_exports
 export * from "./lib/services/index.js";
+export { hazo_auth_template_manifest } from "./lib/services/email_template_manifest.js";
 // section: config_exports
 export { get_config_value, get_config_number, get_config_boolean, get_config_array, read_config_section, } from "./lib/config/config_loader.server.js";
 // section: config_server_exports

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hazo_auth",
-  "version": "5.2.0",
+  "version": "5.3.0",
   "description": "Zero-config authentication UI components for Next.js with RBAC, OAuth, scope-based multi-tenancy, and invitations",
   "keywords": [
     "authentication",
@@ -193,6 +193,7 @@
     "dev": "next dev",
     "build": "next build",
     "build:pkg": "tsc --jsx react-jsx --skipLibCheck -p tsconfig.build.json && tsx scripts/copy_assets.ts",
+    "prepare": "npm run build:pkg",
     "prepublishOnly": "npm run build:pkg",
     "validate": "tsx scripts/validate_setup.ts",
     "generate-routes": "tsx scripts/generate_routes.ts",
@@ -251,7 +252,7 @@
     "hazo_config": "^2.1.0",
     "hazo_connect": "^2.4.0",
     "hazo_logs": "^1.0.13",
-    "hazo_notify": "^1.1.0",
+    "hazo_notify": "^3.0.0",
     "hazo_ui": "^2.7.0",
     "lucide-react": "^0.553.0",
     "next": ">=14.0.0",
@@ -375,7 +376,7 @@
     "hazo_config": "^2.1.0",
     "hazo_connect": "^2.4.0",
     "hazo_logs": "^1.0.13",
-    "hazo_notify": "^1.1.0",
+    "hazo_notify": "^3.0.0",
     "hazo_ui": "^2.7.0",
     "jest": "^30.2.0",
     "jest-environment-jsdom": "^30.0.0",

package/cli-src/lib/auth/org_cache.ts

@@ -1,148 +0,0 @@
-// file_description: LRU cache implementation for organization lookups with TTL and size limits
-// section: types
-
-/**
- * Cached organization info for hazo_get_auth
- */
-export type OrgCacheEntry = {
-  org_id: string;
-  org_name: string;
-  parent_org_id: string | null;
-  parent_org_name: string | null;
-  root_org_id: string | null;
-  root_org_name: string | null;
-};
-
-/**
- * Internal cache entry with metadata
- */
-type CacheItem = {
-  entry: OrgCacheEntry;
-  timestamp: number; // Unix timestamp in milliseconds
-};
-
-/**
- * LRU cache implementation for organization lookups
- * Uses Map to maintain insertion order for LRU eviction
- */
-class OrgCache {
-  private cache: Map<string, CacheItem>;
-  private max_size: number;
-  private ttl_ms: number;
-
-  constructor(max_size: number, ttl_minutes: number) {
-    this.cache = new Map();
-    this.max_size = max_size;
-    this.ttl_ms = ttl_minutes * 60 * 1000;
-  }
-
-  /**
-   * Gets a cache entry for an organization
-   * Returns undefined if not found or expired
-   * @param org_id - Organization ID to look up
-   * @returns Cache entry or undefined
-   */
-  get(org_id: string): OrgCacheEntry | undefined {
-    const item = this.cache.get(org_id);
-
-    if (!item) {
-      return undefined;
-    }
-
-    const now = Date.now();
-    const age = now - item.timestamp;
-
-    // Check if entry is expired (TTL)
-    if (age > this.ttl_ms) {
-      this.cache.delete(org_id);
-      return undefined;
-    }
-
-    // Move to end (most recently used)
-    this.cache.delete(org_id);
-    this.cache.set(org_id, item);
-
-    return item.entry;
-  }
-
-  /**
-   * Sets a cache entry for an organization
-   * Evicts least recently used entries if cache is full
-   * @param org_id - Organization ID
-   * @param entry - Organization cache entry
-   */
-  set(org_id: string, entry: OrgCacheEntry): void {
-    // Evict LRU entries if cache is full
-    while (this.cache.size >= this.max_size) {
-      const first_key = this.cache.keys().next().value;
-      if (first_key) {
-        this.cache.delete(first_key);
-      } else {
-        break;
-      }
-    }
-
-    const item: CacheItem = {
-      entry,
-      timestamp: Date.now(),
-    };
-
-    this.cache.set(org_id, item);
-  }
-
-  /**
-   * Invalidates cache for a specific organization
-   * @param org_id - Organization ID to invalidate
-   */
-  invalidate(org_id: string): void {
-    this.cache.delete(org_id);
-  }
-
-  /**
-   * Invalidates all cache entries
-   */
-  invalidate_all(): void {
-    this.cache.clear();
-  }
-
-  /**
-   * Gets cache statistics
-   * @returns Object with cache size and max size
-   */
-  get_stats(): {
-    size: number;
-    max_size: number;
-  } {
-    return {
-      size: this.cache.size,
-      max_size: this.max_size,
-    };
-  }
-}
-
-// section: singleton
-// Global org cache instance (initialized with defaults, will be configured on first use)
-let org_cache_instance: OrgCache | null = null;
-
-/**
- * Gets or creates the global org cache instance
- * @param max_size - Maximum cache size (default: 1000)
- * @param ttl_minutes - TTL in minutes (default: 15)
- * @returns Org cache instance
- */
-export function get_org_cache(
-  max_size: number = 1000,
-  ttl_minutes: number = 15,
-): OrgCache {
-  if (!org_cache_instance) {
-    org_cache_instance = new OrgCache(max_size, ttl_minutes);
-  }
-  return org_cache_instance;
-}
-
-/**
- * Resets the global org cache instance (useful for testing)
- */
-export function reset_org_cache(): void {
-  org_cache_instance = null;
-}

package/cli-src/lib/index.ts

@@ -1,48 +0,0 @@
-// file_description: barrel export for lib utilities
-// section: auth_exports
-export * from "./auth/index.js";
-
-// section: service_exports
-export * from "./services/index.js";
-
-// section: utility_exports
-export { cn, merge_class_names } from "./utils.js";
-
-// section: config_exports
-export { get_config_value, get_config_number, get_config_boolean, get_config_array, read_config_section } from "./config/config_loader.server.js";
-
-// section: hazo_connect_exports
-export { create_sqlite_hazo_connect } from "./hazo_connect_setup.js";
-export { get_hazo_connect_instance } from "./hazo_connect_instance.server.js";
-
-// section: logger_exports
-export { create_app_logger } from "./app_logger.js";
-
-// section: config_server_exports
-export { get_login_config } from "./login_config.server.js";
-export { get_register_config } from "./register_config.server.js";
-export { get_forgot_password_config } from "./forgot_password_config.server.js";
-export { get_reset_password_config } from "./reset_password_config.server.js";
-export { get_email_verification_config } from "./email_verification_config.server.js";
-export { get_my_settings_config } from "./my_settings_config.server.js";
-export { get_user_management_config } from "./user_management_config.server.js";
-export { get_profile_picture_config } from "./profile_picture_config.server.js";
-export { get_profile_pic_menu_config } from "./profile_pic_menu_config.server.js";
-export { get_already_logged_in_config } from "./already_logged_in_config.server.js";
-export { get_ui_shell_config } from "./ui_shell_config.server.js";
-export { get_ui_sizes_config } from "./ui_sizes_config.server.js";
-export { get_auth_utility_config } from "./auth_utility_config.server.js";
-export { get_password_requirements_config } from "./password_requirements_config.server.js";
-export { get_messages_config } from "./messages_config.server.js";
-export { get_user_fields_config } from "./user_fields_config.server.js";
-export { get_file_types_config } from "./file_types_config.server.js";
-export { get_oauth_config, is_google_oauth_enabled, is_email_password_enabled } from "./oauth_config.server.js";
-export type { OAuthConfig } from "./oauth_config.server";
-export { get_branding_config, is_branding_enabled, is_allowed_logo_format, get_max_logo_size_bytes } from "./branding_config.server.js";
-export type { FirmBrandingConfig } from "./branding_config.server";
-
-// section: util_exports
-export { sanitize_error_for_user } from "./utils/error_sanitizer.js";
-export type { ErrorSanitizationOptions } from "./utils/error_sanitizer";
-export * from "./utils/api_route_helpers.js";
-