hazo_auth 5.3.1 → 6.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +167 -17
- package/SETUP_CHECKLIST.md +99 -7
- package/cli-src/cli/generate.ts +10 -1
- package/cli-src/cli/validate.ts +4 -0
- package/cli-src/lib/auth/auth_types.ts +21 -12
- package/cli-src/lib/auth/hazo_get_tenant_auth.server.ts +25 -24
- package/cli-src/lib/auth/index.ts +2 -2
- package/cli-src/lib/auth/with_auth.server.ts +15 -15
- package/cli-src/lib/cookies_config.server.ts +1 -0
- package/cli-src/lib/login_config.server.ts +14 -0
- package/cli-src/lib/otp_config.server.ts +91 -0
- package/cli-src/lib/services/email_service.ts +3 -1
- package/cli-src/lib/services/email_template_manifest.ts +17 -0
- package/cli-src/lib/services/email_templates/otp_signin_code.html +13 -0
- package/cli-src/lib/services/email_templates/otp_signin_code.txt +5 -0
- package/cli-src/lib/services/index.ts +8 -2
- package/cli-src/lib/services/otp_service.ts +295 -0
- package/cli-src/lib/services/session_token_service.ts +4 -1
- package/config/hazo_auth_config.example.ini +38 -0
- package/dist/cli/generate.d.ts.map +1 -1
- package/dist/cli/generate.js +10 -1
- package/dist/cli/validate.d.ts.map +1 -1
- package/dist/cli/validate.js +4 -0
- package/dist/client.d.ts +2 -0
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +1 -0
- package/dist/components/layouts/login/index.d.ts +7 -1
- package/dist/components/layouts/login/index.d.ts.map +1 -1
- package/dist/components/layouts/login/index.js +2 -2
- package/dist/components/layouts/otp/index.d.ts +10 -0
- package/dist/components/layouts/otp/index.d.ts.map +1 -0
- package/dist/components/layouts/otp/index.js +14 -0
- package/dist/components/layouts/shared/components/sidebar_layout_wrapper.d.ts.map +1 -1
- package/dist/components/layouts/shared/components/sidebar_layout_wrapper.js +8 -3
- package/dist/components/otp/OTPRequestForm.d.ts +11 -0
- package/dist/components/otp/OTPRequestForm.d.ts.map +1 -0
- package/dist/components/otp/OTPRequestForm.js +42 -0
- package/dist/components/otp/OTPVerifyForm.d.ts +16 -0
- package/dist/components/otp/OTPVerifyForm.d.ts.map +1 -0
- package/dist/components/otp/OTPVerifyForm.js +75 -0
- package/dist/components/otp/index.d.ts +5 -0
- package/dist/components/otp/index.d.ts.map +1 -0
- package/dist/components/otp/index.js +2 -0
- package/dist/components/ui/input-otp.d.ts +35 -0
- package/dist/components/ui/input-otp.d.ts.map +1 -0
- package/dist/components/ui/input-otp.js +44 -0
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/lib/auth/auth_types.d.ts +13 -12
- package/dist/lib/auth/auth_types.d.ts.map +1 -1
- package/dist/lib/auth/auth_types.js +8 -0
- package/dist/lib/auth/hazo_get_tenant_auth.server.d.ts +8 -7
- package/dist/lib/auth/hazo_get_tenant_auth.server.d.ts.map +1 -1
- package/dist/lib/auth/hazo_get_tenant_auth.server.js +23 -22
- package/dist/lib/auth/index.d.ts +2 -2
- package/dist/lib/auth/index.d.ts.map +1 -1
- package/dist/lib/auth/with_auth.server.d.ts +13 -13
- package/dist/lib/auth/with_auth.server.d.ts.map +1 -1
- package/dist/lib/auth/with_auth.server.js +2 -2
- package/dist/lib/cookies_config.server.d.ts +1 -0
- package/dist/lib/cookies_config.server.d.ts.map +1 -1
- package/dist/lib/cookies_config.server.js +1 -0
- package/dist/lib/login_config.server.d.ts +6 -0
- package/dist/lib/login_config.server.d.ts.map +1 -1
- package/dist/lib/login_config.server.js +7 -0
- package/dist/lib/otp_config.server.d.ts +49 -0
- package/dist/lib/otp_config.server.d.ts.map +1 -0
- package/dist/lib/otp_config.server.js +48 -0
- package/dist/lib/services/email_service.d.ts +1 -1
- package/dist/lib/services/email_service.d.ts.map +1 -1
- package/dist/lib/services/email_service.js +2 -0
- package/dist/lib/services/email_template_manifest.d.ts.map +1 -1
- package/dist/lib/services/email_template_manifest.js +17 -0
- package/dist/lib/services/email_templates/otp_signin_code.html +13 -0
- package/dist/lib/services/email_templates/otp_signin_code.txt +5 -0
- package/dist/lib/services/index.d.ts +2 -0
- package/dist/lib/services/index.d.ts.map +1 -1
- package/dist/lib/services/index.js +1 -0
- package/dist/lib/services/otp_service.d.ts +46 -0
- package/dist/lib/services/otp_service.d.ts.map +1 -0
- package/dist/lib/services/otp_service.js +238 -0
- package/dist/lib/services/session_token_service.d.ts +3 -1
- package/dist/lib/services/session_token_service.d.ts.map +1 -1
- package/dist/lib/services/session_token_service.js +4 -2
- package/dist/page_components/otp.d.ts +4 -0
- package/dist/page_components/otp.d.ts.map +1 -0
- package/dist/page_components/otp.js +5 -0
- package/dist/server/routes/index.d.ts +2 -0
- package/dist/server/routes/index.d.ts.map +1 -1
- package/dist/server/routes/index.js +3 -0
- package/dist/server/routes/me.d.ts.map +1 -1
- package/dist/server/routes/me.js +43 -1
- package/dist/server/routes/otp/request.d.ts +3 -0
- package/dist/server/routes/otp/request.d.ts.map +1 -0
- package/dist/server/routes/otp/request.js +33 -0
- package/dist/server/routes/otp/verify.d.ts +3 -0
- package/dist/server/routes/otp/verify.d.ts.map +1 -0
- package/dist/server/routes/otp/verify.js +58 -0
- package/dist/server-lib.d.ts +3 -0
- package/dist/server-lib.d.ts.map +1 -1
- package/dist/server-lib.js +2 -0
- package/dist/server_pages/forgot_password.d.ts +1 -1
- package/dist/server_pages/forgot_password.d.ts.map +1 -1
- package/dist/server_pages/forgot_password.js +2 -1
- package/dist/server_pages/login.d.ts +1 -1
- package/dist/server_pages/login.d.ts.map +1 -1
- package/dist/server_pages/login.js +3 -2
- package/dist/server_pages/login_client_wrapper.d.ts +1 -1
- package/dist/server_pages/login_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/login_client_wrapper.js +2 -2
- package/dist/server_pages/my_settings.d.ts +1 -1
- package/dist/server_pages/my_settings.d.ts.map +1 -1
- package/dist/server_pages/my_settings.js +2 -1
- package/dist/server_pages/otp.d.ts +42 -0
- package/dist/server_pages/otp.d.ts.map +1 -0
- package/dist/server_pages/otp.js +38 -0
- package/dist/server_pages/register.d.ts +1 -1
- package/dist/server_pages/register.d.ts.map +1 -1
- package/dist/server_pages/register.js +2 -1
- package/dist/server_pages/reset_password.d.ts +1 -1
- package/dist/server_pages/reset_password.d.ts.map +1 -1
- package/dist/server_pages/reset_password.js +2 -1
- package/dist/server_pages/verify_email.d.ts +1 -1
- package/dist/server_pages/verify_email.d.ts.map +1 -1
- package/dist/server_pages/verify_email.js +2 -1
- package/package.json +20 -3
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth_types.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth_types.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth_types.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth_types.ts"],"names":[],"mappings":"AAWA;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEnC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC/C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,cAAc,GACtB;IACE,aAAa,EAAE,IAAI,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE/B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC,GACD;IACE,aAAa,EAAE,KAAK,CAAC;IACrB,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,EAAE,CAAC;IAChB,aAAa,EAAE,KAAK,CAAC;IACrB,QAAQ,CAAC,EAAE,KAAK,CAAC;CAClB,CAAC;AAEN;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;GAIG;AACH,qBAAa,eAAgB,SAAQ,KAAK;IAE/B,mBAAmB,EAAE,MAAM,EAAE;IAC7B,gBAAgB,EAAE,MAAM,EAAE;IAC1B,oBAAoB,EAAE,MAAM,EAAE;IAC9B,qBAAqB,CAAC,EAAE,MAAM;IAC9B,uBAAuB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC;gBAJ7C,mBAAmB,EAAE,MAAM,EAAE,EAC7B,gBAAgB,EAAE,MAAM,EAAE,EAC1B,oBAAoB,EAAE,MAAM,EAAE,EAC9B,qBAAqB,CAAC,EAAE,MAAM,YAAA,EAC9B,uBAAuB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,YAAA;CAKvD;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IAEhC,QAAQ,EAAE,MAAM;IAChB,WAAW,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;gBAD7D,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAKvE;AAID;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;IAEhB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE;QACT,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;QAC/B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,CAAC;CACH,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,eAAe,GAAG;IAChD;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GACxB;IACE,aAAa,EAAE,IAAI,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,cAAc,EAAE,aAAa,GAAG,IAAI,CAAC;IACrC,6EAA6E;IAC7E,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,WAAW,EAAE,YAAY,EAAE,CAAC;IAC5B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC,GACD;IACE,aAAa,EAAE,KAAK,CAAC;IACrB,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,EAAE,CAAC;IAChB,aAAa,EAAE,KAAK,CAAC;IACrB,cAAc,EAAE,IAAI,CAAC;IACrB,6EAA6E;IAC7E,iBAAiB,EAAE,IAAI,CAAC;IACxB,WAAW,EAAE,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,KAAK,CAAC;CAClB,CAAC;AAEN;;;GAGG;AACH,MAAM,MAAM,wBAAwB,GAAG,gBAAgB,GAAG;IACxD,aAAa,EAAE,IAAI,CAAC;IACpB,cAAc,EAAE,aAAa,CAAC;CAC/B,CAAC;AAIF;;;GAGG;AACH,qBAAa,aAAc,SAAQ,KAAK;aAGpB,IAAI,EAAE,MAAM;aACZ,WAAW,EAAE,MAAM;gBAFnC,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM;CAKtC;AAED;;GAEG;AACH,qBAAa,2BAA4B,SAAQ,aAAa;gBAChD,OAAO,GAAE,MAAkC;CAIxD;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,aAAa;aAGlC,WAAW,EAAE,YAAY,EAAE;gBAD3C,OAAO,GAAE,MAAkC,EAC3B,WAAW,GAAE,YAAY,EAAO;CAKnD;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,aAAa;aAEtC,QAAQ,EAAE,MAAM;aAChB,WAAW,EAAE,YAAY,EAAE;gBAD3B,QAAQ,EAAE,MAAM,EAChB,WAAW,GAAE,YAAY,EAAO;CAKnD"}
|
|
@@ -1,4 +1,12 @@
|
|
|
1
1
|
// file_description: Type definitions and error classes for hazo_get_auth utility
|
|
2
|
+
//
|
|
3
|
+
// Naming note (v6.0.0): the field previously called `organization` (and
|
|
4
|
+
// `organization_id`) on `TenantAuthResult` was renamed to `selected_scope`
|
|
5
|
+
// (and `selected_scope_id`), and the type `TenantOrganization` was renamed
|
|
6
|
+
// to `SelectedScope`. The multi-tenancy model is scopes throughout; the
|
|
7
|
+
// old name was a legacy synonym for "the currently selected scope" derived
|
|
8
|
+
// from the scope-selection cookie/header. No deprecation shim is provided.
|
|
9
|
+
//
|
|
2
10
|
// section: types
|
|
3
11
|
/**
|
|
4
12
|
* Custom error class for permission denials
|
|
@@ -13,20 +13,21 @@ export declare function extract_scope_id_from_request(request: NextRequest, opti
|
|
|
13
13
|
* Tenant-aware authentication function
|
|
14
14
|
*
|
|
15
15
|
* Extracts tenant/scope context from request headers or cookies,
|
|
16
|
-
* validates access, and returns enriched result
|
|
16
|
+
* validates access, and returns enriched result including the currently
|
|
17
|
+
* selected scope.
|
|
17
18
|
*
|
|
18
19
|
* Header priority: X-Hazo-Scope-Id > Cookie
|
|
19
20
|
*
|
|
20
21
|
* @param request - NextRequest object
|
|
21
22
|
* @param options - TenantAuthOptions for customization
|
|
22
|
-
* @returns TenantAuthResult with user, permissions,
|
|
23
|
+
* @returns TenantAuthResult with user, permissions, selected_scope, and user_scopes
|
|
23
24
|
*
|
|
24
25
|
* @example
|
|
25
26
|
* ```typescript
|
|
26
27
|
* const auth = await hazo_get_tenant_auth(request);
|
|
27
|
-
* if (auth.authenticated && auth.
|
|
28
|
+
* if (auth.authenticated && auth.selected_scope) {
|
|
28
29
|
* // Access tenant-specific data
|
|
29
|
-
* const data = await getData(auth.
|
|
30
|
+
* const data = await getData(auth.selected_scope.id);
|
|
30
31
|
* }
|
|
31
32
|
* ```
|
|
32
33
|
*/
|
|
@@ -41,15 +42,15 @@ export declare function hazo_get_tenant_auth(request: NextRequest, options?: Ten
|
|
|
41
42
|
*
|
|
42
43
|
* @param request - NextRequest object
|
|
43
44
|
* @param options - TenantAuthOptions for customization
|
|
44
|
-
* @returns RequiredTenantAuthResult with guaranteed non-null
|
|
45
|
+
* @returns RequiredTenantAuthResult with guaranteed non-null selected_scope
|
|
45
46
|
* @throws AuthenticationRequiredError, TenantRequiredError, TenantAccessDeniedError
|
|
46
47
|
*
|
|
47
48
|
* @example
|
|
48
49
|
* ```typescript
|
|
49
50
|
* try {
|
|
50
51
|
* const auth = await require_tenant_auth(request);
|
|
51
|
-
* // auth.
|
|
52
|
-
* const data = await getData(auth.
|
|
52
|
+
* // auth.selected_scope is guaranteed non-null here
|
|
53
|
+
* const data = await getData(auth.selected_scope.id);
|
|
53
54
|
* } catch (error) {
|
|
54
55
|
* if (error instanceof HazoAuthError) {
|
|
55
56
|
* return NextResponse.json(
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hazo_get_tenant_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/hazo_get_tenant_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAO1C,OAAO,KAAK,EACV,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,EAGzB,MAAM,cAAc,CAAC;AAqBtB;;;;;;GAMG;AACH,wBAAgB,6BAA6B,CAC3C,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,iBAAiB,GACzB,MAAM,GAAG,SAAS,CAYpB;AAiCD
|
|
1
|
+
{"version":3,"file":"hazo_get_tenant_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/hazo_get_tenant_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAO1C,OAAO,KAAK,EACV,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,EAGzB,MAAM,cAAc,CAAC;AAqBtB;;;;;;GAMG;AACH,wBAAgB,6BAA6B,CAC3C,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,iBAAiB,GACzB,MAAM,GAAG,SAAS,CAYpB;AAiCD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,WAAW,EACpB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,gBAAgB,CAAC,CA0F3B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,WAAW,EACpB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,wBAAwB,CAAC,CA0BnC"}
|
|
@@ -39,12 +39,12 @@ export function extract_scope_id_from_request(request, options) {
|
|
|
39
39
|
return cookie_value;
|
|
40
40
|
}
|
|
41
41
|
/**
|
|
42
|
-
* Builds
|
|
42
|
+
* Builds SelectedScope from scope details and access info.
|
|
43
43
|
* @param scope_details - Full scope details from cache
|
|
44
44
|
* @param is_super_admin - Whether user is accessing as super admin
|
|
45
|
-
* @returns
|
|
45
|
+
* @returns SelectedScope object
|
|
46
46
|
*/
|
|
47
|
-
function
|
|
47
|
+
function build_selected_scope(scope_details, is_super_admin) {
|
|
48
48
|
return {
|
|
49
49
|
id: scope_details.id,
|
|
50
50
|
name: scope_details.name,
|
|
@@ -67,20 +67,21 @@ function build_tenant_organization(scope_details, is_super_admin) {
|
|
|
67
67
|
* Tenant-aware authentication function
|
|
68
68
|
*
|
|
69
69
|
* Extracts tenant/scope context from request headers or cookies,
|
|
70
|
-
* validates access, and returns enriched result
|
|
70
|
+
* validates access, and returns enriched result including the currently
|
|
71
|
+
* selected scope.
|
|
71
72
|
*
|
|
72
73
|
* Header priority: X-Hazo-Scope-Id > Cookie
|
|
73
74
|
*
|
|
74
75
|
* @param request - NextRequest object
|
|
75
76
|
* @param options - TenantAuthOptions for customization
|
|
76
|
-
* @returns TenantAuthResult with user, permissions,
|
|
77
|
+
* @returns TenantAuthResult with user, permissions, selected_scope, and user_scopes
|
|
77
78
|
*
|
|
78
79
|
* @example
|
|
79
80
|
* ```typescript
|
|
80
81
|
* const auth = await hazo_get_tenant_auth(request);
|
|
81
|
-
* if (auth.authenticated && auth.
|
|
82
|
+
* if (auth.authenticated && auth.selected_scope) {
|
|
82
83
|
* // Access tenant-specific data
|
|
83
|
-
* const data = await getData(auth.
|
|
84
|
+
* const data = await getData(auth.selected_scope.id);
|
|
84
85
|
* }
|
|
85
86
|
* ```
|
|
86
87
|
*/
|
|
@@ -98,8 +99,8 @@ export async function hazo_get_tenant_auth(request, options = {}) {
|
|
|
98
99
|
user: null,
|
|
99
100
|
permissions: [],
|
|
100
101
|
permission_ok: false,
|
|
101
|
-
|
|
102
|
-
|
|
102
|
+
selected_scope: null,
|
|
103
|
+
selected_scope_id: null,
|
|
103
104
|
user_scopes: [],
|
|
104
105
|
scope_ok: false,
|
|
105
106
|
};
|
|
@@ -110,20 +111,20 @@ export async function hazo_get_tenant_auth(request, options = {}) {
|
|
|
110
111
|
const cached = cache.get(auth_result.user.id);
|
|
111
112
|
// User scopes from cache or empty array
|
|
112
113
|
const user_scopes = (cached === null || cached === void 0 ? void 0 : cached.scopes) || [];
|
|
113
|
-
// Build
|
|
114
|
-
let
|
|
114
|
+
// Build selected_scope info if scope access was successful
|
|
115
|
+
let selected_scope = null;
|
|
115
116
|
if (scope_id && auth_result.scope_ok && auth_result.scope_access_via) {
|
|
116
117
|
// Find the scope in user's scopes that matches the access_via scope
|
|
117
118
|
const access_scope = user_scopes.find((s) => { var _a; return s.id === ((_a = auth_result.scope_access_via) === null || _a === void 0 ? void 0 : _a.scope_id); });
|
|
118
119
|
if (access_scope) {
|
|
119
|
-
|
|
120
|
+
selected_scope = build_selected_scope(access_scope, auth_result.scope_access_via.is_super_admin || false);
|
|
120
121
|
}
|
|
121
122
|
else if (auth_result.scope_access_via.is_super_admin) {
|
|
122
123
|
// Super admin accessing scope they're not assigned to - fetch scope details
|
|
123
124
|
const hazoConnect = get_hazo_connect_instance();
|
|
124
125
|
const scope_result = await get_scope_by_id(hazoConnect, scope_id);
|
|
125
126
|
if (scope_result.success && scope_result.scope) {
|
|
126
|
-
|
|
127
|
+
selected_scope = {
|
|
127
128
|
id: scope_result.scope.id,
|
|
128
129
|
name: scope_result.scope.name,
|
|
129
130
|
slug: null, // Could fetch from scope if slug column exists
|
|
@@ -148,8 +149,8 @@ export async function hazo_get_tenant_auth(request, options = {}) {
|
|
|
148
149
|
permissions: auth_result.permissions,
|
|
149
150
|
permission_ok: auth_result.permission_ok,
|
|
150
151
|
missing_permissions: auth_result.missing_permissions,
|
|
151
|
-
|
|
152
|
-
|
|
152
|
+
selected_scope,
|
|
153
|
+
selected_scope_id: (selected_scope === null || selected_scope === void 0 ? void 0 : selected_scope.id) || null,
|
|
153
154
|
user_scopes,
|
|
154
155
|
scope_ok: auth_result.scope_ok,
|
|
155
156
|
scope_access_via: auth_result.scope_access_via,
|
|
@@ -165,15 +166,15 @@ export async function hazo_get_tenant_auth(request, options = {}) {
|
|
|
165
166
|
*
|
|
166
167
|
* @param request - NextRequest object
|
|
167
168
|
* @param options - TenantAuthOptions for customization
|
|
168
|
-
* @returns RequiredTenantAuthResult with guaranteed non-null
|
|
169
|
+
* @returns RequiredTenantAuthResult with guaranteed non-null selected_scope
|
|
169
170
|
* @throws AuthenticationRequiredError, TenantRequiredError, TenantAccessDeniedError
|
|
170
171
|
*
|
|
171
172
|
* @example
|
|
172
173
|
* ```typescript
|
|
173
174
|
* try {
|
|
174
175
|
* const auth = await require_tenant_auth(request);
|
|
175
|
-
* // auth.
|
|
176
|
-
* const data = await getData(auth.
|
|
176
|
+
* // auth.selected_scope is guaranteed non-null here
|
|
177
|
+
* const data = await getData(auth.selected_scope.id);
|
|
177
178
|
* } catch (error) {
|
|
178
179
|
* if (error instanceof HazoAuthError) {
|
|
179
180
|
* return NextResponse.json(
|
|
@@ -197,10 +198,10 @@ export async function require_tenant_auth(request, options = {}) {
|
|
|
197
198
|
if (scope_id && !result.scope_ok) {
|
|
198
199
|
throw new TenantAccessDeniedError(scope_id, result.user_scopes);
|
|
199
200
|
}
|
|
200
|
-
// Check if
|
|
201
|
-
if (!result.
|
|
202
|
-
throw new TenantRequiredError("No
|
|
201
|
+
// Check if scope context is required but missing
|
|
202
|
+
if (!result.selected_scope) {
|
|
203
|
+
throw new TenantRequiredError("No tenant scope context provided. Include X-Hazo-Scope-Id header or scope cookie.", result.user_scopes);
|
|
203
204
|
}
|
|
204
|
-
// Type assertion: at this point we know
|
|
205
|
+
// Type assertion: at this point we know selected_scope is non-null
|
|
205
206
|
return result;
|
|
206
207
|
}
|
package/dist/lib/auth/index.d.ts
CHANGED
|
@@ -4,12 +4,12 @@ export { get_authenticated_user, require_auth, is_authenticated, } from "./auth_
|
|
|
4
4
|
export type { AuthResult, AuthUser } from "./auth_utils.server";
|
|
5
5
|
export { ensure_anon_id } from "./ensure_anon_id.server.js";
|
|
6
6
|
export { hazo_get_tenant_auth, require_tenant_auth, extract_scope_id_from_request, } from "./hazo_get_tenant_auth.server.js";
|
|
7
|
-
export type { ScopeDetails,
|
|
7
|
+
export type { ScopeDetails, SelectedScope, TenantAuthOptions, TenantAuthResult, RequiredTenantAuthResult, } from "./auth_types";
|
|
8
8
|
export { HazoAuthError, AuthenticationRequiredError, TenantRequiredError, TenantAccessDeniedError, } from "./auth_types.js";
|
|
9
9
|
export { get_server_auth_user } from "./server_auth.js";
|
|
10
10
|
export type { ServerAuthResult } from "./server_auth";
|
|
11
11
|
export { withAuth, withOptionalAuth, hasPermission, hasAllPermissions, hasAnyPermission, requirePermission, requireAllPermissions, } from "./with_auth.server.js";
|
|
12
|
-
export type { AuthenticatedTenantAuth,
|
|
12
|
+
export type { AuthenticatedTenantAuth, AuthenticatedTenantAuthWithSelectedScope, WithAuthOptions, } from "./with_auth.server";
|
|
13
13
|
export { get_auth_cache, reset_auth_cache } from "./auth_cache.js";
|
|
14
14
|
export { get_rate_limiter, reset_rate_limiter } from "./auth_rate_limiter.js";
|
|
15
15
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAGtD,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,uBAAuB,EACvB,wCAAwC,EACxC,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import "server-only";
|
|
2
2
|
import { NextRequest, NextResponse } from "next/server";
|
|
3
|
-
import { type TenantAuthOptions, type TenantAuthResult, type
|
|
3
|
+
import { type TenantAuthOptions, type TenantAuthResult, type SelectedScope, type HazoAuthUser, type ScopeDetails, type ScopeAccessInfo } from "./auth_types.js";
|
|
4
4
|
/**
|
|
5
5
|
* Authenticated branch of TenantAuthResult - guaranteed authenticated: true
|
|
6
6
|
*/
|
|
@@ -10,18 +10,18 @@ export type AuthenticatedTenantAuth = {
|
|
|
10
10
|
permissions: string[];
|
|
11
11
|
permission_ok: boolean;
|
|
12
12
|
missing_permissions?: string[];
|
|
13
|
-
|
|
14
|
-
|
|
13
|
+
selected_scope: SelectedScope | null;
|
|
14
|
+
selected_scope_id: string | null;
|
|
15
15
|
user_scopes: ScopeDetails[];
|
|
16
16
|
scope_ok?: boolean;
|
|
17
17
|
scope_access_via?: ScopeAccessInfo;
|
|
18
18
|
};
|
|
19
19
|
/**
|
|
20
|
-
* Authenticated branch with guaranteed non-null
|
|
20
|
+
* Authenticated branch with guaranteed non-null selected_scope
|
|
21
21
|
*/
|
|
22
|
-
export type
|
|
23
|
-
|
|
24
|
-
|
|
22
|
+
export type AuthenticatedTenantAuthWithSelectedScope = AuthenticatedTenantAuth & {
|
|
23
|
+
selected_scope: SelectedScope;
|
|
24
|
+
selected_scope_id: string;
|
|
25
25
|
};
|
|
26
26
|
/**
|
|
27
27
|
* Options for withAuth/withOptionalAuth wrappers
|
|
@@ -29,8 +29,8 @@ export type AuthenticatedTenantAuthWithOrg = AuthenticatedTenantAuth & {
|
|
|
29
29
|
*/
|
|
30
30
|
export type WithAuthOptions = TenantAuthOptions & {
|
|
31
31
|
/**
|
|
32
|
-
* If true, requires
|
|
33
|
-
* Narrows auth type to
|
|
32
|
+
* If true, requires tenant/scope context (403 if missing)
|
|
33
|
+
* Narrows auth type to AuthenticatedTenantAuthWithSelectedScope
|
|
34
34
|
*/
|
|
35
35
|
require_tenant?: boolean;
|
|
36
36
|
};
|
|
@@ -47,7 +47,7 @@ type AuthenticatedHandler<TParams> = (request: NextRequest, auth: AuthenticatedT
|
|
|
47
47
|
/**
|
|
48
48
|
* Handler function signature for withAuth with require_tenant
|
|
49
49
|
*/
|
|
50
|
-
type AuthenticatedTenantHandler<TParams> = (request: NextRequest, auth:
|
|
50
|
+
type AuthenticatedTenantHandler<TParams> = (request: NextRequest, auth: AuthenticatedTenantAuthWithSelectedScope, params: TParams) => Promise<NextResponse> | NextResponse;
|
|
51
51
|
/**
|
|
52
52
|
* Handler function signature for withOptionalAuth
|
|
53
53
|
*/
|
|
@@ -57,7 +57,7 @@ type OptionalAuthHandler<TParams> = (request: NextRequest, auth: TenantAuthResul
|
|
|
57
57
|
*
|
|
58
58
|
* - Calls `hazo_get_tenant_auth` and returns 401 if not authenticated
|
|
59
59
|
* - Returns 403 if `required_permissions` are specified and not satisfied
|
|
60
|
-
* - Returns 403 if `require_tenant: true` and no
|
|
60
|
+
* - Returns 403 if `require_tenant: true` and no tenant/scope context
|
|
61
61
|
* - Resolves `await context.params` (Next.js 15 pattern)
|
|
62
62
|
* - Catches HazoAuthError, PermissionError, and unexpected errors
|
|
63
63
|
*
|
|
@@ -80,8 +80,8 @@ type OptionalAuthHandler<TParams> = (request: NextRequest, auth: TenantAuthResul
|
|
|
80
80
|
* // With tenant requirement
|
|
81
81
|
* export const GET = withAuth<{ id: string }>(
|
|
82
82
|
* async (request, auth, { id }) => {
|
|
83
|
-
* // auth.
|
|
84
|
-
* const data = await getData(auth.
|
|
83
|
+
* // auth.selected_scope is guaranteed non-null
|
|
84
|
+
* const data = await getData(auth.selected_scope.id, id);
|
|
85
85
|
* return NextResponse.json(data);
|
|
86
86
|
* },
|
|
87
87
|
* { require_tenant: true }
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"with_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/with_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,EAGL,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,
|
|
1
|
+
{"version":3,"file":"with_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/with_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,EAGL,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,eAAe,EACrB,MAAM,cAAc,CAAC;AAItB;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,aAAa,EAAE,IAAI,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,cAAc,EAAE,aAAa,GAAG,IAAI,CAAC;IACrC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,WAAW,EAAE,YAAY,EAAE,CAAC;IAC5B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,wCAAwC,GAAG,uBAAuB,GAAG;IAC/E,cAAc,EAAE,aAAa,CAAC;IAC9B,iBAAiB,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,iBAAiB,GAAG;IAChD;;;OAGG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,KAAK,YAAY,CAAC,OAAO,IAAI;IAC3B,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,KAAK,oBAAoB,CAAC,OAAO,IAAI,CACnC,OAAO,EAAE,WAAW,EACpB,IAAI,EAAE,uBAAuB,EAC7B,MAAM,EAAE,OAAO,KACZ,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AAE1C;;GAEG;AACH,KAAK,0BAA0B,CAAC,OAAO,IAAI,CACzC,OAAO,EAAE,WAAW,EACpB,IAAI,EAAE,wCAAwC,EAC9C,MAAM,EAAE,OAAO,KACZ,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AAE1C;;GAEG;AACH,KAAK,mBAAmB,CAAC,OAAO,IAAI,CAClC,OAAO,EAAE,WAAW,EACpB,IAAI,EAAE,gBAAgB,EACtB,MAAM,EAAE,OAAO,KACZ,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AA+C1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,wBAAgB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EACtD,OAAO,EAAE,0BAA0B,CAAC,OAAO,CAAC,EAC5C,OAAO,EAAE,eAAe,GAAG;IAAE,cAAc,EAAE,IAAI,CAAA;CAAE,GAClD,CACD,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,YAAY,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,YAAY,CAAC,CAAC;AAE3B,wBAAgB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EACtD,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,EACtC,OAAO,CAAC,EAAE,eAAe,GACxB,CACD,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,YAAY,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,YAAY,CAAC,CAAC;AAsE3B;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAC9D,OAAO,EAAE,mBAAmB,CAAC,OAAO,CAAC,EACrC,OAAO,GAAE,iBAAsB,GAC9B,CACD,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,YAAY,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,YAAY,CAAC,CAazB;AAID;;GAEG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,uBAAuB,EAC7B,UAAU,EAAE,MAAM,GACjB,OAAO,CAET;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,uBAAuB,EAC7B,WAAW,EAAE,MAAM,EAAE,GACpB,OAAO,CAET;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,uBAAuB,EAC7B,WAAW,EAAE,MAAM,EAAE,GACpB,OAAO,CAET;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,uBAAuB,EAC7B,UAAU,EAAE,MAAM,GACjB,IAAI,CAQN;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,uBAAuB,EAC7B,WAAW,EAAE,MAAM,EAAE,GACpB,IAAI,CASN"}
|
|
@@ -50,9 +50,9 @@ export function withAuth(handler, options = {}) {
|
|
|
50
50
|
})), { status: 403 });
|
|
51
51
|
}
|
|
52
52
|
// Check tenant requirement
|
|
53
|
-
if (options.require_tenant && !auth.
|
|
53
|
+
if (options.require_tenant && !auth.selected_scope) {
|
|
54
54
|
return NextResponse.json({
|
|
55
|
-
error: "
|
|
55
|
+
error: "Tenant scope context required",
|
|
56
56
|
code: "TENANT_REQUIRED",
|
|
57
57
|
}, { status: 403 });
|
|
58
58
|
}
|
|
@@ -9,6 +9,7 @@ export declare const BASE_COOKIE_NAMES: {
|
|
|
9
9
|
readonly USER_ID: "hazo_auth_user_id";
|
|
10
10
|
readonly USER_EMAIL: "hazo_auth_user_email";
|
|
11
11
|
readonly SESSION: "hazo_auth_session";
|
|
12
|
+
readonly SESSION_KIND: "hazo_auth_session_kind";
|
|
12
13
|
readonly DEV_LOCK: "hazo_auth_dev_lock";
|
|
13
14
|
readonly SCOPE_ID: "hazo_auth_scope_id";
|
|
14
15
|
readonly ANON_ID: "hazo_auth_anon_id";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookies_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/cookies_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,aAAa,GAAG;IAC1B,6FAA6F;IAC7F,aAAa,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAYF,eAAO,MAAM,iBAAiB
|
|
1
|
+
{"version":3,"file":"cookies_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/cookies_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,aAAa,GAAG;IAC1B,6FAA6F;IAC7F,aAAa,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAYF,eAAO,MAAM,iBAAiB;;;;;;;;CAQpB,CAAC;AAGX;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,aAAa,CAoBlD;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAGzD;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAQzG;AAKD;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,aAAa,CAKzD;AAED;;GAEG;AACH,wBAAgB,0BAA0B,IAAI,IAAI,CAEjD"}
|
|
@@ -14,6 +14,7 @@ export const BASE_COOKIE_NAMES = {
|
|
|
14
14
|
USER_ID: "hazo_auth_user_id",
|
|
15
15
|
USER_EMAIL: "hazo_auth_user_email",
|
|
16
16
|
SESSION: "hazo_auth_session",
|
|
17
|
+
SESSION_KIND: "hazo_auth_session_kind", // v6.1: marks OTP-issued sessions so /me can apply sliding expiry
|
|
17
18
|
DEV_LOCK: "hazo_auth_dev_lock",
|
|
18
19
|
SCOPE_ID: "hazo_auth_scope_id", // v5.2: Tenant context cookie for multi-tenancy
|
|
19
20
|
ANON_ID: "hazo_auth_anon_id", // v5.2: Stable opaque per-visitor ID for anonymous flows (e.g. hazo_feedback)
|
|
@@ -18,6 +18,12 @@ export type LoginConfig = {
|
|
|
18
18
|
imageBackgroundColor: string;
|
|
19
19
|
/** OAuth configuration */
|
|
20
20
|
oauth: OAuthConfig;
|
|
21
|
+
/** Whether the OTP sign-in link is shown below the login form */
|
|
22
|
+
otpSigninEnabled: boolean;
|
|
23
|
+
/** Label for the OTP sign-in link */
|
|
24
|
+
otpSigninLabel: string;
|
|
25
|
+
/** href for the OTP sign-in link */
|
|
26
|
+
otpSigninHref: string;
|
|
21
27
|
};
|
|
22
28
|
/**
|
|
23
29
|
* Reads login layout configuration from hazo_auth_config.ini file
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAQ3E,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAQ3E,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;IACnB,iEAAiE;IACjE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAiF9C"}
|
|
@@ -38,6 +38,10 @@ export function get_login_config() {
|
|
|
38
38
|
const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
|
|
39
39
|
// Get OAuth configuration
|
|
40
40
|
const oauth = get_oauth_config();
|
|
41
|
+
// OTP sign-in link
|
|
42
|
+
const otpSigninEnabled = get_config_value(section, "otp_signin_enabled", "false") === "true";
|
|
43
|
+
const otpSigninLabel = get_config_value(section, "otp_signin_label", "Sign in with email code");
|
|
44
|
+
const otpSigninHref = get_config_value(section, "otp_signin_href", "/hazo_auth/otp");
|
|
41
45
|
return {
|
|
42
46
|
redirectRoute,
|
|
43
47
|
successMessage,
|
|
@@ -55,5 +59,8 @@ export function get_login_config() {
|
|
|
55
59
|
imageAlt,
|
|
56
60
|
imageBackgroundColor,
|
|
57
61
|
oauth,
|
|
62
|
+
otpSigninEnabled,
|
|
63
|
+
otpSigninLabel,
|
|
64
|
+
otpSigninHref,
|
|
58
65
|
};
|
|
59
66
|
}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
import "server-only";
|
|
2
|
+
export declare const OTP_CONFIG_DEFAULTS: {
|
|
3
|
+
readonly auto_register: false;
|
|
4
|
+
readonly code_ttl_seconds: 600;
|
|
5
|
+
readonly session_ttl_seconds: 604800;
|
|
6
|
+
readonly slide_when_within_seconds: 86400;
|
|
7
|
+
readonly email_rate_limit_max: 3;
|
|
8
|
+
readonly email_rate_limit_window_seconds: 900;
|
|
9
|
+
readonly ip_rate_limit_max: 20;
|
|
10
|
+
readonly ip_rate_limit_window_seconds: 3600;
|
|
11
|
+
readonly max_verify_attempts: 5;
|
|
12
|
+
readonly auto_assign_scope_id: "00000000-0000-0000-0000-000000000001";
|
|
13
|
+
readonly auto_assign_role_name: "member";
|
|
14
|
+
};
|
|
15
|
+
export type OtpConfig = {
|
|
16
|
+
/** Whether to automatically register a new user when an unrecognised email requests an OTP */
|
|
17
|
+
auto_register: boolean;
|
|
18
|
+
/** How long (seconds) a generated OTP code is valid */
|
|
19
|
+
code_ttl_seconds: number;
|
|
20
|
+
/** How long (seconds) the session created after successful OTP verification lasts */
|
|
21
|
+
session_ttl_seconds: number;
|
|
22
|
+
/** Slide the session expiry when the remaining TTL falls below this many seconds */
|
|
23
|
+
slide_when_within_seconds: number;
|
|
24
|
+
/** Maximum OTP requests allowed per email address within the rate-limit window */
|
|
25
|
+
email_rate_limit_max: number;
|
|
26
|
+
/** Rate-limit window (seconds) for per-email OTP requests */
|
|
27
|
+
email_rate_limit_window_seconds: number;
|
|
28
|
+
/** Maximum OTP requests allowed per IP address within the rate-limit window */
|
|
29
|
+
ip_rate_limit_max: number;
|
|
30
|
+
/** Rate-limit window (seconds) for per-IP OTP requests */
|
|
31
|
+
ip_rate_limit_window_seconds: number;
|
|
32
|
+
/** Maximum failed verify attempts before the OTP code is invalidated */
|
|
33
|
+
max_verify_attempts: number;
|
|
34
|
+
/** Scope ID to auto-assign a newly registered OTP user to */
|
|
35
|
+
auto_assign_scope_id: string;
|
|
36
|
+
/** Role name to assign within the auto-assign scope */
|
|
37
|
+
auto_assign_role_name: string;
|
|
38
|
+
};
|
|
39
|
+
/**
|
|
40
|
+
* Reads OTP configuration from hazo_auth_config.ini [hazo_auth__otp] section.
|
|
41
|
+
* Falls back to defaults if the config file or section is missing.
|
|
42
|
+
*/
|
|
43
|
+
export declare function get_otp_config(): OtpConfig;
|
|
44
|
+
/**
|
|
45
|
+
* Convenience accessor — returns just the session TTL seconds from OTP config.
|
|
46
|
+
* Suitable for passing to token-creation utilities.
|
|
47
|
+
*/
|
|
48
|
+
export declare function hazo_auth_otp_session_ttl_seconds(): number;
|
|
49
|
+
//# sourceMappingURL=otp_config.server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"otp_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/otp_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,eAAO,MAAM,mBAAmB;;;;;;;;;;;;CAYtB,CAAC;AAGX,MAAM,MAAM,SAAS,GAAG;IACtB,8FAA8F;IAC9F,aAAa,EAAE,OAAO,CAAC;IACvB,uDAAuD;IACvD,gBAAgB,EAAE,MAAM,CAAC;IACzB,qFAAqF;IACrF,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oFAAoF;IACpF,yBAAyB,EAAE,MAAM,CAAC;IAClC,kFAAkF;IAClF,oBAAoB,EAAE,MAAM,CAAC;IAC7B,6DAA6D;IAC7D,+BAA+B,EAAE,MAAM,CAAC;IACxC,+EAA+E;IAC/E,iBAAiB,EAAE,MAAM,CAAC;IAC1B,0DAA0D;IAC1D,4BAA4B,EAAE,MAAM,CAAC;IACrC,wEAAwE;IACxE,mBAAmB,EAAE,MAAM,CAAC;IAC5B,6DAA6D;IAC7D,oBAAoB,EAAE,MAAM,CAAC;IAC7B,uDAAuD;IACvD,qBAAqB,EAAE,MAAM,CAAC;CAC/B,CAAC;AAGF;;;GAGG;AACH,wBAAgB,cAAc,IAAI,SAAS,CA6B1C;AAED;;;GAGG;AACH,wBAAgB,iCAAiC,IAAI,MAAM,CAE1D"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
// file_description: server-only helper to read OTP sign-in configuration from hazo_auth_config.ini
|
|
2
|
+
// section: server-only-guard
|
|
3
|
+
import "server-only";
|
|
4
|
+
// section: imports
|
|
5
|
+
import { get_config_value, get_config_boolean, get_config_number } from "./config/config_loader.server.js";
|
|
6
|
+
// section: defaults
|
|
7
|
+
export const OTP_CONFIG_DEFAULTS = {
|
|
8
|
+
auto_register: false,
|
|
9
|
+
code_ttl_seconds: 600,
|
|
10
|
+
session_ttl_seconds: 604800,
|
|
11
|
+
slide_when_within_seconds: 86400,
|
|
12
|
+
email_rate_limit_max: 3,
|
|
13
|
+
email_rate_limit_window_seconds: 900,
|
|
14
|
+
ip_rate_limit_max: 20,
|
|
15
|
+
ip_rate_limit_window_seconds: 3600,
|
|
16
|
+
max_verify_attempts: 5,
|
|
17
|
+
auto_assign_scope_id: "00000000-0000-0000-0000-000000000001",
|
|
18
|
+
auto_assign_role_name: "member",
|
|
19
|
+
};
|
|
20
|
+
// section: helpers
|
|
21
|
+
/**
|
|
22
|
+
* Reads OTP configuration from hazo_auth_config.ini [hazo_auth__otp] section.
|
|
23
|
+
* Falls back to defaults if the config file or section is missing.
|
|
24
|
+
*/
|
|
25
|
+
export function get_otp_config() {
|
|
26
|
+
const section = "hazo_auth__otp";
|
|
27
|
+
const d = OTP_CONFIG_DEFAULTS;
|
|
28
|
+
return {
|
|
29
|
+
auto_register: get_config_boolean(section, "otp_auto_register", d.auto_register),
|
|
30
|
+
code_ttl_seconds: get_config_number(section, "otp_code_ttl_seconds", d.code_ttl_seconds),
|
|
31
|
+
session_ttl_seconds: get_config_number(section, "otp_session_ttl_seconds", d.session_ttl_seconds),
|
|
32
|
+
slide_when_within_seconds: get_config_number(section, "otp_slide_when_within_seconds", d.slide_when_within_seconds),
|
|
33
|
+
email_rate_limit_max: get_config_number(section, "otp_email_rate_limit_max", d.email_rate_limit_max),
|
|
34
|
+
email_rate_limit_window_seconds: get_config_number(section, "otp_email_rate_limit_window_seconds", d.email_rate_limit_window_seconds),
|
|
35
|
+
ip_rate_limit_max: get_config_number(section, "otp_ip_rate_limit_max", d.ip_rate_limit_max),
|
|
36
|
+
ip_rate_limit_window_seconds: get_config_number(section, "otp_ip_rate_limit_window_seconds", d.ip_rate_limit_window_seconds),
|
|
37
|
+
max_verify_attempts: get_config_number(section, "otp_max_verify_attempts", d.max_verify_attempts),
|
|
38
|
+
auto_assign_scope_id: get_config_value(section, "otp_auto_assign_scope_id", d.auto_assign_scope_id),
|
|
39
|
+
auto_assign_role_name: get_config_value(section, "otp_auto_assign_role_name", d.auto_assign_role_name),
|
|
40
|
+
};
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Convenience accessor — returns just the session TTL seconds from OTP config.
|
|
44
|
+
* Suitable for passing to token-creation utilities.
|
|
45
|
+
*/
|
|
46
|
+
export function hazo_auth_otp_session_ttl_seconds() {
|
|
47
|
+
return get_otp_config().session_ttl_seconds;
|
|
48
|
+
}
|
|
@@ -7,7 +7,7 @@ export type EmailOptions = {
|
|
|
7
7
|
html_body?: string;
|
|
8
8
|
text_body?: string;
|
|
9
9
|
};
|
|
10
|
-
export type EmailTemplateType = "forgot_password" | "email_verification" | "password_changed";
|
|
10
|
+
export type EmailTemplateType = "forgot_password" | "email_verification" | "password_changed" | "otp_signin_code";
|
|
11
11
|
export type EmailTemplateData = {
|
|
12
12
|
token?: string;
|
|
13
13
|
verification_url?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"email_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_service.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAoB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAGxE,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"email_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_service.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAoB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAGxE,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,kBAAkB,GAAG,iBAAiB,CAAC;AAElH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC,CAAC;AAiBF;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAEpE;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAE3E;AAgMD;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwErG;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,mBAAmB,CACvC,aAAa,EAAE,iBAAiB,EAChC,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAyF/C"}
|
|
@@ -200,6 +200,8 @@ function get_email_subject(template_type) {
|
|
|
200
200
|
return "Reset Your Password";
|
|
201
201
|
case "password_changed":
|
|
202
202
|
return "Password Changed Successfully";
|
|
203
|
+
case "otp_signin_code":
|
|
204
|
+
return "Your sign-in code";
|
|
203
205
|
default:
|
|
204
206
|
return "Email from hazo_auth";
|
|
205
207
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"email_template_manifest.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_template_manifest.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAiB3E;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,EAAE,sBAAsB,
|
|
1
|
+
{"version":3,"file":"email_template_manifest.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_template_manifest.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAiB3E;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,EAAE,sBAAsB,EAwF/D,CAAC"}
|
|
@@ -92,4 +92,21 @@ export const hazo_auth_template_manifest = [
|
|
|
92
92
|
},
|
|
93
93
|
],
|
|
94
94
|
},
|
|
95
|
+
{
|
|
96
|
+
template_name: "otp_signin_code",
|
|
97
|
+
template_label: "OTP sign-in code",
|
|
98
|
+
category: SYSTEM_CATEGORY,
|
|
99
|
+
html: read_template("otp_signin_code", "html"),
|
|
100
|
+
text: read_template("otp_signin_code", "txt"),
|
|
101
|
+
variables: [
|
|
102
|
+
{
|
|
103
|
+
variable_name: "otp_code",
|
|
104
|
+
variable_description: "6-digit OTP code for email sign-in (v6.1.0+)",
|
|
105
|
+
},
|
|
106
|
+
{
|
|
107
|
+
variable_name: "expires_in_minutes",
|
|
108
|
+
variable_description: "Number of minutes until the OTP code expires",
|
|
109
|
+
},
|
|
110
|
+
],
|
|
111
|
+
},
|
|
95
112
|
];
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html>
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="UTF-8">
|
|
5
|
+
<title>Your sign-in code</title>
|
|
6
|
+
</head>
|
|
7
|
+
<body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
|
|
8
|
+
<p>Your sign-in code is:</p>
|
|
9
|
+
<p style="font-size: 28px; font-weight: bold; letter-spacing: 0.2em; font-family: monospace; margin: 16px 0;">{{otp_code}}</p>
|
|
10
|
+
<p>This code expires in {{expires_in_minutes}} minutes.</p>
|
|
11
|
+
<p style="color: #666; font-size: 12px;">If you didn't request this code, you can safely ignore this email.</p>
|
|
12
|
+
</body>
|
|
13
|
+
</html>
|
|
@@ -18,4 +18,6 @@ export * from "./scope_service.js";
|
|
|
18
18
|
export * from "./user_scope_service.js";
|
|
19
19
|
export * from "./oauth_service.js";
|
|
20
20
|
export * from "./branding_service.js";
|
|
21
|
+
export { request_email_otp, verify_email_otp, generate_otp_code, hash_otp_code, verify_otp_code, } from "./otp_service.js";
|
|
22
|
+
export type { RequestEmailOTPResult, VerifyEmailOTPResult } from "./otp_service";
|
|
21
23
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/services/index.ts"],"names":[],"mappings":"AAEA,cAAc,iBAAiB,CAAC;AAChC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,iBAAiB,CAAC;AAChC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/services/index.ts"],"names":[],"mappings":"AAEA,cAAc,iBAAiB,CAAC;AAChC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,iBAAiB,CAAC;AAChC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,eAAe,GAChB,MAAM,eAAe,CAAC;AACvB,YAAY,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC"}
|
|
@@ -20,3 +20,4 @@ export * from "./scope_service.js";
|
|
|
20
20
|
export * from "./user_scope_service.js";
|
|
21
21
|
export * from "./oauth_service.js";
|
|
22
22
|
export * from "./branding_service.js";
|
|
23
|
+
export { request_email_otp, verify_email_otp, generate_otp_code, hash_otp_code, verify_otp_code, } from "./otp_service.js";
|