hazo_auth 5.2.0 → 5.3.1

package/README.md

@@ -2,6 +2,19 @@
 
 A reusable authentication UI component package powered by Next.js, TailwindCSS, and shadcn. It integrates `hazo_config` for configuration management and `hazo_connect` for data access, enabling future components to stay aligned with platform conventions.
 
+### What's New in v5.3.1 🔧
+
+**`get_client_ip(request)` exported from `hazo_auth/server-lib`** — extracts the client IP from `x-forwarded-for` (first element), falling back to `x-real-ip`, then `"unknown"`. Previously private to `hazo_get_auth.server.ts`. Useful for consumers that need consistent IP extraction across handlers (e.g., `hazo_feedback` audit logging).
+
+```ts
+import { get_client_ip } from "hazo_auth/server-lib";
+
+export async function POST(request: NextRequest) {
+  const ip = get_client_ip(request);
+  // ...
+}
+```
+
 ### What's New in v5.1.39 🔧
 
 **Postgres-Compatibility Schema Alignment** — fixes two long-standing drifts between the canonical SQLite schema and what the runtime actually writes. SQLite consumers see no behaviour change; Postgres + PostgREST consumers can now sign-up users without bespoke schema patches.

package/SETUP_CHECKLIST.md

@@ -2,6 +2,52 @@
 
 This checklist provides step-by-step instructions for setting up the `hazo_auth` package in your Next.js project. AI assistants can follow this guide to ensure complete and correct setup.
 
+## v5.3.0 Migration (from v5.2.x)
+
+If you are already on hazo_auth `5.2.x`, the only mandatory work is wiring up hazo_notify's template manager at boot. Apps that don't use the templated email path (only the plain `send_email`) keep working unchanged after bumping the peer dep.
+
+**1. Bump the peer dep.** Update your app's `package.json`:
+
+```diff
+- "hazo_notify": "^1.1.0",
++ "hazo_notify": "^3.0.0",
+```
+
+Then `npm install`.
+
+**2. Apply the hazo_notify template-manager migration.** hazo_notify 3.0.0 introduces two new tables (`hazo_notify_template_cat`, `hazo_notify_templates`). If you are using SQLite via the existing schema seed, the tables are created on first connect when `initial_sql` is provided to the adapter (see step 4 below). If you are on PostgREST or you manage migrations explicitly, run `migrations/002_template_manager.sql` from hazo_notify.
+
+**3. Register the `notify_templates_admin` permission (optional).** Users with this permission can edit auth email templates via the hazo_notify admin UI. Grant `notify_templates_super_admin` to also allow deleting system templates. These are hazo_notify permissions, declared in your app's permission set; hazo_auth does not grant them itself.
+
+**4. Wire up `init_template_manager` and `set_hazo_notify_connect` at boot.** In your Next.js `instrumentation.ts` (or equivalent), feed hazo_auth's manifest into hazo_notify and register the connect instance with hazo_auth:
+
+```ts
+// instrumentation.ts
+import { init_template_manager } from "hazo_notify/template_manager";
+import { hazo_auth_template_manifest } from "hazo_auth/server-lib";
+import { set_hazo_notify_connect } from "hazo_auth/server-lib"; // re-exported from email_service
+import { build_my_hazo_notify_connect } from "./lib/hazo_notify_connect";
+
+export async function register() {
+  if (process.env.NEXT_RUNTIME !== "nodejs") return;
+
+  const notify_connect = build_my_hazo_notify_connect();
+
+  await init_template_manager({
+    hazo_connect_factory: () => notify_connect,
+    manifests: [...hazo_auth_template_manifest],
+  });
+
+  set_hazo_notify_connect(notify_connect);
+}
+```
+
+`build_my_hazo_notify_connect()` is consuming-app code that wraps your `hazo_connect` adapter into the `HazoConnectInstance` shape hazo_notify expects (`list`/`findById`/`findBy`/`insert`/`updateById`/`deleteById`/`query`). hazo_auth's own test-app ships an example wrapper at `instrumentation_hazo_notify_connect.ts` you can copy.
+
+**5. Migrate any custom templates.** The `[hazo_auth__email] email_template_main_directory` config key is deprecated and no longer overrides anything — a one-time `warn` log will fire on first send if it is set. Move any custom HTML/text into the admin UI as scope-specific (or super-admin-edited global) templates before `hazo_auth@6.0.0` removes the key.
+
+**6. (Optional) Mount the template admin UI.** Use `<TemplateManagerAdmin />` from `hazo_notify/template_manager_admin` to give your admins a UI for managing the auth templates. See hazo_notify's docs for routing and permission-gating.
+
 ## Quick Start (Recommended)
 
 The fastest way to set up hazo_auth:

package/cli-src/lib/auth/hazo_get_auth.server.ts

@@ -64,7 +64,7 @@ function parse_app_user_data(
  * @param request - NextRequest object
  * @returns IP address string
  */
-function get_client_ip(request: NextRequest): string {
+export function get_client_ip(request: NextRequest): string {
   const forwarded = request.headers.get("x-forwarded-for");
   if (forwarded) {
     return forwarded.split(",")[0].trim();

package/cli-src/lib/auth/index.ts

@@ -3,7 +3,7 @@
 export * from "./auth_types.js";
 
 // section: server_exports
-export { hazo_get_auth } from "./hazo_get_auth.server.js";
+export { hazo_get_auth, get_client_ip } from "./hazo_get_auth.server.js";
 export {
   get_authenticated_user,
   require_auth,