hazo_auth 5.2.0 → 5.3.1

package/cli-src/lib/services/email_template_manifest.ts

@@ -0,0 +1,104 @@
+// file_description: manifest of system email templates shipped by hazo_auth
+// section: server_only_guard
+import "server-only";
+
+// section: imports
+import fs from "fs";
+import path from "path";
+import { fileURLToPath } from "url";
+import type { SystemTemplateManifest } from "hazo_notify/template_manager";
+
+// section: constants
+const TEMPLATE_DIR = path.resolve(
+  path.dirname(fileURLToPath(import.meta.url)),
+  "email_templates"
+);
+
+const SYSTEM_CATEGORY = "Auth";
+
+// section: helpers
+function read_template(template_name: string, extension: "html" | "txt"): string {
+  const file_path = path.join(TEMPLATE_DIR, `${template_name}.${extension}`);
+  return fs.readFileSync(file_path, "utf-8");
+}
+
+// section: manifest
+/**
+ * System email templates shipped by hazo_auth.
+ *
+ * Consumers feed this into `init_template_manager({ manifests: [...hazo_auth_template_manifest] })`
+ * at boot. hazo_notify seeds/syncs the templates into its scope-aware database.
+ * Per-scope overrides are managed through the hazo_notify admin UI.
+ */
+export const hazo_auth_template_manifest: SystemTemplateManifest[] = [
+  {
+    template_name: "email_verification",
+    template_label: "Email verification",
+    category: SYSTEM_CATEGORY,
+    html: read_template("email_verification", "html"),
+    text: read_template("email_verification", "txt"),
+    variables: [
+      {
+        variable_name: "user_name",
+        variable_description: "Recipient display name",
+        default_value: "",
+      },
+      {
+        variable_name: "user_email",
+        variable_description: "Recipient email",
+      },
+      {
+        variable_name: "verification_url",
+        variable_description: "Verification link with embedded token",
+      },
+      {
+        variable_name: "token",
+        variable_description: "Raw verification token",
+      },
+    ],
+  },
+  {
+    template_name: "forgot_password",
+    template_label: "Forgot password",
+    category: SYSTEM_CATEGORY,
+    html: read_template("forgot_password", "html"),
+    text: read_template("forgot_password", "txt"),
+    variables: [
+      {
+        variable_name: "user_name",
+        variable_description: "Recipient display name",
+        default_value: "",
+      },
+      {
+        variable_name: "user_email",
+        variable_description: "Recipient email",
+      },
+      {
+        variable_name: "reset_url",
+        variable_description: "Password reset link",
+      },
+      {
+        variable_name: "token",
+        variable_description: "Raw reset token",
+      },
+    ],
+  },
+  {
+    template_name: "password_changed",
+    template_label: "Password changed",
+    category: SYSTEM_CATEGORY,
+    html: read_template("password_changed", "html"),
+    text: read_template("password_changed", "txt"),
+    variables: [
+      {
+        variable_name: "user_name",
+        variable_description: "Recipient display name",
+        default_value: "",
+      },
+      {
+        variable_name: "user_email",
+        variable_description: "Recipient email",
+      },
+    ],
+  },
+];

package/cli-src/lib/services/email_templates/email_verification.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>Verify Your Email</title>
+</head>
+<body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
+  <h1 style="color: #0f172a;">Verify Your Email Address</h1>
+  <p>Thank you for registering! Please click the link below to verify your email address:</p>
+  <p style="margin: 20px 0;">
+    <a href="{{verification_url}}" style="display: inline-block; padding: 12px 24px; background-color: #0f172a; color: #ffffff; text-decoration: none; border-radius: 4px;">Verify Email Address</a>
+  </p>
+  <p>Or copy and paste this link into your browser:</p>
+  <p style="word-break: break-all; color: #666;">{{verification_url}}</p>
+  <p>This link will expire in 48 hours.</p>
+  <p style="margin-top: 30px; color: #666; font-size: 12px;">If you didn't create an account, you can safely ignore this email.</p>
+</body>
+</html>

package/cli-src/lib/services/email_templates/email_verification.txt

@@ -0,0 +1,9 @@
+Verify Your Email Address
+
+Thank you for registering! Please click the link below to verify your email address:
+
+{{verification_url}}
+
+This link will expire in 48 hours.
+
+If you didn't create an account, you can safely ignore this email.

package/cli-src/lib/services/email_templates/forgot_password.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>Reset Your Password</title>
+</head>
+<body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
+  <h1 style="color: #0f172a;">Reset Your Password</h1>
+  <p>We received a request to reset your password. Click the link below to reset it:</p>
+  <p style="margin: 20px 0;">
+    <a href="{{reset_url}}" style="display: inline-block; padding: 12px 24px; background-color: #0f172a; color: #ffffff; text-decoration: none; border-radius: 4px;">Reset Password</a>
+  </p>
+  <p>Or copy and paste this link into your browser:</p>
+  <p style="word-break: break-all; color: #666;">{{reset_url}}</p>
+  <p>This link will expire in 10 minutes.</p>
+  <p style="margin-top: 30px; color: #666; font-size: 12px;">If you didn't request a password reset, you can safely ignore this email.</p>
+</body>
+</html>

package/cli-src/lib/services/email_templates/forgot_password.txt

@@ -0,0 +1,9 @@
+Reset Your Password
+
+We received a request to reset your password. Click the link below to reset it:
+
+{{reset_url}}
+
+This link will expire in 10 minutes.
+
+If you didn't request a password reset, you can safely ignore this email.

package/cli-src/lib/services/email_templates/password_changed.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>Password Changed</title>
+</head>
+<body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
+  <h1 style="color: #0f172a;">Password Changed Successfully</h1>
+  <p>Hello {{user_name}},</p>
+  <p>This email confirms that your password has been changed successfully.</p>
+  <p>If you did not make this change, please contact support immediately to secure your account.</p>
+  <p style="margin-top: 30px; color: #666; font-size: 12px;">This is an automated notification. Please do not reply to this email.</p>
+</body>
+</html>

package/cli-src/lib/services/email_templates/password_changed.txt

@@ -0,0 +1,9 @@
+Password Changed Successfully
+
+Hello {{user_name}},
+
+This email confirms that your password has been changed successfully.
+
+If you did not make this change, please contact support immediately to secure your account.
+
+This is an automated notification. Please do not reply to this email.

package/dist/components/ui/button.d.ts

@@ -1,8 +1,8 @@
 import * as React from "react";
 import { type VariantProps } from "class-variance-authority";
 declare const buttonVariants: (props?: ({
-    variant?: "link" | "default" | "destructive" | "outline" | "secondary" | "ghost" | null | undefined;
-    size?: "default" | "icon" | "sm" | "lg" | null | undefined;
+    variant?: "default" | "destructive" | "outline" | "secondary" | "ghost" | "link" | null | undefined;
+    size?: "default" | "sm" | "lg" | "icon" | null | undefined;
 } & import("class-variance-authority/types").ClassProp) | undefined) => string;
 export interface ButtonProps extends React.ButtonHTMLAttributes<HTMLButtonElement>, VariantProps<typeof buttonVariants> {
     asChild?: boolean;

package/dist/lib/auth/hazo_get_auth.server.d.ts

@@ -1,6 +1,12 @@
 import "server-only";
 import { NextRequest } from "next/server";
 import type { HazoAuthResult, HazoAuthOptions } from "./auth_types";
+/**
+ * Gets client IP address from request
+ * @param request - NextRequest object
+ * @returns IP address string
+ */
+export declare function get_client_ip(request: NextRequest): string;
 /**
  * Main hazo_get_auth function for server-side use in API routes
  * Returns user details, permissions, and checks required permissions

package/dist/lib/auth/hazo_get_auth.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hazo_get_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/hazo_get_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK1C,OAAO,KAAK,EACV,cAAc,EAEd,eAAe,EAGhB,MAAM,cAAc,CAAC;AAwWtB;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,cAAc,CAAC,CAmNzB"}
+{"version":3,"file":"hazo_get_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/hazo_get_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAK1C,OAAO,KAAK,EACV,cAAc,EAEd,eAAe,EAGhB,MAAM,cAAc,CAAC;AA6CtB;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAU1D;AA4SD;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,cAAc,CAAC,CAmNzB"}

package/dist/lib/auth/hazo_get_auth.server.js

@@ -44,7 +44,7 @@ function parse_app_user_data(json_string) {
  * @param request - NextRequest object
  * @returns IP address string
  */
-function get_client_ip(request) {
+export function get_client_ip(request) {
     const forwarded = request.headers.get("x-forwarded-for");
     if (forwarded) {
         return forwarded.split(",")[0].trim();

package/dist/lib/auth/index.d.ts

@@ -1,5 +1,5 @@
 export * from "./auth_types.js";
-export { hazo_get_auth } from "./hazo_get_auth.server.js";
+export { hazo_get_auth, get_client_ip } from "./hazo_get_auth.server.js";
 export { get_authenticated_user, require_auth, is_authenticated, } from "./auth_utils.server.js";
 export type { AuthResult, AuthUser } from "./auth_utils.server";
 export { ensure_anon_id } from "./ensure_anon_id.server.js";

package/dist/lib/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAGtD,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,uBAAuB,EACvB,8BAA8B,EAC9B,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAGtD,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,uBAAuB,EACvB,8BAA8B,EAC9B,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/lib/auth/index.js

@@ -2,7 +2,7 @@
 // section: type_exports
 export * from "./auth_types.js";
 // section: server_exports
-export { hazo_get_auth } from "./hazo_get_auth.server.js";
+export { hazo_get_auth, get_client_ip } from "./hazo_get_auth.server.js";
 export { get_authenticated_user, require_auth, is_authenticated, } from "./auth_utils.server.js";
 // section: anon_id_exports (v5.2)
 export { ensure_anon_id } from "./ensure_anon_id.server.js";

package/dist/lib/services/email_service.d.ts

@@ -1,4 +1,5 @@
 import type { EmailerConfig } from "hazo_notify";
+import type { HazoConnectInstance } from "hazo_notify/template_manager";
 export type EmailOptions = {
     to: string;
     from: string;
@@ -21,6 +22,14 @@ export type EmailTemplateData = {
  * @param config - The hazo_notify emailer configuration instance
  */
 export declare function set_hazo_notify_instance(config: EmailerConfig): void;
+/**
+ * Registers the hazo_notify-compatible hazo_connect instance used by
+ * `send_template_email`. Call this from `instrumentation.ts` with the same
+ * instance you pass to `init_template_manager({ hazo_connect_factory })`.
+ *
+ * @param instance - hazo_notify-shaped database adapter
+ */
+export declare function set_hazo_notify_connect(instance: HazoConnectInstance): void;
 /**
  * Sends an email using hazo_notify
  * @param options - Email options (to, from, subject, html_body, text_body)
@@ -31,11 +40,15 @@ export declare function send_email(options: EmailOptions): Promise<{
     error?: string;
 }>;
 /**
- * Sends an email using a template
- * @param template_type - Type of email template
+ * Sends an email using a template, delegating rendering to hazo_notify's
+ * scope-aware template manager. Templates and per-scope overrides live in
+ * hazo_notify's database; hazo_auth ships the global defaults via
+ * `hazo_auth_template_manifest`.
+ *
+ * @param template_type - System template name (email_verification | forgot_password | password_changed)
  * @param to - Recipient email address
- * @param data - Template data for variable substitution
- * @returns Promise that resolves when email is sent
+ * @param data - Template data; `token` is auto-expanded into verification_url/reset_url
+ * @returns Promise that resolves with success status
  */
 export declare function send_template_email(template_type: EmailTemplateType, to: string, data: EmailTemplateData): Promise<{
     success: boolean;

package/dist/lib/services/email_service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"email_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_service.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,aAAa,EAAoB,MAAM,aAAa,CAAC;AAGnE,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,kBAAkB,CAAC;AAE9F,MAAM,MAAM,iBAAiB,GAAG;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC,CAAC;AAmBF;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAEpE;AA0YD;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwErG;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,aAAa,EAAE,iBAAiB,EAChC,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAiD/C"}
+{"version":3,"file":"email_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_service.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAoB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAGxE,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,kBAAkB,CAAC;AAE9F,MAAM,MAAM,iBAAiB,GAAG;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC,CAAC;AAiBF;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAEpE;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAE3E;AA8LD;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwErG;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,mBAAmB,CACvC,aAAa,EAAE,iBAAiB,EAChC,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAyF/C"}