hazo_auth 6.0.0 → 7.0.1

package/dist/server/routes/otp/verify.js

@@ -0,0 +1,58 @@
+// file_description: API route handler for OTP verify (validates code and issues session cookies)
+// section: imports
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { verify_email_otp } from "../../../lib/services/otp_service.js";
+import { hazo_auth_otp_session_ttl_seconds } from "../../../lib/otp_config.server.js";
+import { get_cookie_name, get_cookie_options, BASE_COOKIE_NAMES, } from "../../../lib/cookies_config.server.js";
+import { get_client_ip } from "../../../lib/auth/hazo_get_auth.server.js";
+import { create_app_logger } from "../../../lib/app_logger.js";
+// section: validation
+const VerifySchema = z.object({
+    email: z.string().email().max(254),
+    code: z.string().regex(/^\d{6}$/),
+});
+// section: api_handler
+export async function otpVerifyPOST(request) {
+    const logger = create_app_logger();
+    try {
+        const body_raw = await request.json().catch(() => ({}));
+        const parsed = VerifySchema.safeParse(body_raw);
+        if (!parsed.success) {
+            return NextResponse.json({ ok: false, error: "invalid_or_expired" }, { status: 400 });
+        }
+        const ip = get_client_ip(request);
+        const result = await verify_email_otp({
+            email: parsed.data.email,
+            code: parsed.data.code,
+            ip,
+        });
+        if (result.ok === false) {
+            return NextResponse.json({ ok: false, error: "invalid_or_expired" }, { status: 400 });
+        }
+        const ttl_seconds = hazo_auth_otp_session_ttl_seconds();
+        const base_cookie_options = {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === "production",
+            sameSite: "lax",
+            path: "/",
+            maxAge: ttl_seconds,
+        };
+        const cookie_options = get_cookie_options(base_cookie_options);
+        const response = NextResponse.json({
+            ok: true,
+            user_id: result.user_id,
+            email: result.email,
+        });
+        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.SESSION), result.session_token, cookie_options);
+        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.USER_ID), result.user_id, cookie_options);
+        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.USER_EMAIL), result.email, cookie_options);
+        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.SESSION_KIND), "otp", cookie_options);
+        return response;
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        logger.error("otp_verify_route_error", { error: msg });
+        return NextResponse.json({ ok: false, error: "invalid_or_expired" }, { status: 400 });
+    }
+}

package/dist/server-lib.d.ts

@@ -24,6 +24,9 @@ export { get_oauth_config, is_google_oauth_enabled, is_email_password_enabled, }
 export type { OAuthConfig } from "./lib/oauth_config.server";
 export { get_branding_config, is_branding_enabled, is_allowed_logo_format, get_max_logo_size_bytes, } from "./lib/branding_config.server.js";
 export type { FirmBrandingConfig } from "./lib/branding_config.server";
+export { get_otp_config, hazo_auth_otp_session_ttl_seconds, OTP_CONFIG_DEFAULTS } from "./lib/otp_config.server.js";
+export type { OtpConfig } from "./lib/otp_config.server";
+export { request_email_otp, verify_email_otp } from "./lib/services/otp_service.js";
 export { create_sqlite_hazo_connect } from "./lib/hazo_connect_setup.js";
 export { get_hazo_connect_instance } from "./lib/hazo_connect_instance.server.js";
 export { create_app_logger } from "./lib/app_logger.js";

package/dist/server-lib.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server-lib.d.ts","sourceRoot":"","sources":["../src/server-lib.ts"],"names":[],"mappings":"AAYA,OAAO,aAAa,CAAC;AAGrB,cAAc,kBAAkB,CAAC;AAGjC,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AAGrF,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,OAAO,EAAE,6BAA6B,EAAE,MAAM,wCAAwC,CAAC;AACvF,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AACnF,OAAO,EAAE,4BAA4B,EAAE,MAAM,uCAAuC,CAAC;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,gCAAgC,EAAE,MAAM,2CAA2C,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGvE,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAG/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AAC5E,cAAc,+BAA+B,CAAC"}
+{"version":3,"file":"server-lib.d.ts","sourceRoot":"","sources":["../src/server-lib.ts"],"names":[],"mappings":"AAYA,OAAO,aAAa,CAAC;AAGrB,cAAc,kBAAkB,CAAC;AAGjC,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AAGrF,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,OAAO,EAAE,6BAA6B,EAAE,MAAM,wCAAwC,CAAC;AACvF,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AACnF,OAAO,EAAE,4BAA4B,EAAE,MAAM,uCAAuC,CAAC;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,gCAAgC,EAAE,MAAM,2CAA2C,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,iCAAiC,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACjH,YAAY,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAGjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAG/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AAC5E,cAAc,+BAA+B,CAAC"}

package/dist/server-lib.js

@@ -37,6 +37,8 @@ export { get_user_fields_config } from "./lib/user_fields_config.server.js";
 export { get_file_types_config } from "./lib/file_types_config.server.js";
 export { get_oauth_config, is_google_oauth_enabled, is_email_password_enabled, } from "./lib/oauth_config.server.js";
 export { get_branding_config, is_branding_enabled, is_allowed_logo_format, get_max_logo_size_bytes, } from "./lib/branding_config.server.js";
+export { get_otp_config, hazo_auth_otp_session_ttl_seconds, OTP_CONFIG_DEFAULTS } from "./lib/otp_config.server.js";
+export { request_email_otp, verify_email_otp } from "./lib/services/otp_service.js";
 // section: hazo_connect_exports
 export { create_sqlite_hazo_connect } from "./lib/hazo_connect_setup.js";
 export { get_hazo_connect_instance } from "./lib/hazo_connect_instance.server.js";

package/dist/server_pages/forgot_password.d.ts

@@ -1,21 +1,5 @@
 import "server-only";
-import type { StaticImageData } from "next/image";
 export type ForgotPasswordPageProps = {
-    /**
-     * Optional image source for the visual panel
-     * Defaults from hazo_auth_config.ini or package default image
-     */
-    image_src?: string | StaticImageData;
-    /**
-     * Optional image alt text
-     * Defaults to "Password recovery illustration"
-     */
-    image_alt?: string;
-    /**
-     * Optional image background color
-     * Defaults to "#f1f5f9"
-     */
-    image_background_color?: string;
     /**
      * Optional sign in path
      * Defaults from DEFAULT_FORGOT_PASSWORD.loginPath
@@ -26,6 +10,18 @@ export type ForgotPasswordPageProps = {
      * Defaults from DEFAULT_FORGOT_PASSWORD.loginLabel
      */
     sign_in_label?: string;
+    /**
+     * Optional theme that controls visual appearance and layout mode.
+     * When `theme.layout` is `"split"`, activates the two-column split layout
+     * with the brand panel on the left.
+     */
+    theme?: import("../theme/theme_types").HazoAuthTheme;
+    /** Override the page heading. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    title?: string;
+    /** Override the page subtitle. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    subtitle?: string;
+    /** Override the submit button label. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    ctaText?: string;
 };
 /**
  * Zero-config ForgotPasswordPage server component
@@ -47,7 +43,7 @@ export type ForgotPasswordPageProps = {
  *
  * Zero configuration required - works out of the box!
  *
- * @param props - Optional visual and navigation customization props
+ * @param props - Optional navigation customization props
  * @returns Server-rendered forgot password page
  */
 export default function ForgotPasswordPage(props: ForgotPasswordPageProps): import("react/jsx-runtime").JSX.Element;

package/dist/server_pages/forgot_password.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAQrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG;IACpC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,kBAAkB,CAAC,KAAK,EAAE,uBAAuB,2CAiCxE;AAGD,OAAO,EAAE,kBAAkB,EAAE,CAAC"}
+{"version":3,"file":"forgot_password.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAUrB,MAAM,MAAM,uBAAuB,GAAG;IACpC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,sBAAsB,EAAE,aAAa,CAAC;IACrD,0FAA0F;IAC1F,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2FAA2F;IAC3F,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iGAAiG;IACjG,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,kBAAkB,CAAC,KAAK,EAAE,uBAAuB,2CAoCxE;AAGD,OAAO,EAAE,kBAAkB,EAAE,CAAC"}

package/dist/server_pages/forgot_password.js

@@ -7,6 +7,7 @@ import { get_forgot_password_config } from "../lib/forgot_password_config.server
 import { ForgotPasswordClientWrapper } from "./forgot_password_client_wrapper.js";
 import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
 import { DEFAULT_FORGOT_PASSWORD } from "../lib/config/default_config.js";
+import { DEFAULT_STRINGS, readStrings } from "../strings.js";
 // section: component
 /**
  * Zero-config ForgotPasswordPage server component
@@ -28,19 +29,22 @@ import { DEFAULT_FORGOT_PASSWORD } from "../lib/config/default_config.js";
  *
  * Zero configuration required - works out of the box!
  *
- * @param props - Optional visual and navigation customization props
+ * @param props - Optional navigation customization props
  * @returns Server-rendered forgot password page
  */
 export default function ForgotPasswordPage(props) {
-    const { image_src, image_alt, image_background_color, sign_in_path = DEFAULT_FORGOT_PASSWORD.loginPath, sign_in_label = DEFAULT_FORGOT_PASSWORD.loginLabel, } = props !== null && props !== void 0 ? props : {};
-    // Load configuration from INI file (with defaults including asset images)
+    var _a, _b, _c;
+    const { sign_in_path = DEFAULT_FORGOT_PASSWORD.loginPath, sign_in_label = DEFAULT_FORGOT_PASSWORD.loginLabel, theme, title, subtitle, ctaText, } = props !== null && props !== void 0 ? props : {};
+    // Resolve strings: prop > HazoAuthStringsProvider > DEFAULT_STRINGS
+    const strings = readStrings();
+    const fp_strings = strings.forgot_password;
+    const resolved_title = (_a = title !== null && title !== void 0 ? title : fp_strings.title) !== null && _a !== void 0 ? _a : DEFAULT_STRINGS.forgot_password.title;
+    const resolved_subtitle = (_b = subtitle !== null && subtitle !== void 0 ? subtitle : fp_strings.subtitle) !== null && _b !== void 0 ? _b : DEFAULT_STRINGS.forgot_password.subtitle;
+    const resolved_cta = (_c = ctaText !== null && ctaText !== void 0 ? ctaText : fp_strings.ctaText) !== null && _c !== void 0 ? _c : DEFAULT_STRINGS.forgot_password.ctaText;
+    // Load configuration from INI file (with defaults)
     const config = get_forgot_password_config();
-    // Use props if provided, otherwise fall back to config (which includes default asset image)
-    const finalImageSrc = image_src || config.imageSrc;
-    const finalImageAlt = image_alt || config.imageAlt;
-    const finalImageBackgroundColor = image_background_color || config.imageBackgroundColor;
     // Pass serializable config to client wrapper, wrapped in AuthPageShell for navbar support
-    return (_jsx(AuthPageShell, { children: _jsx(ForgotPasswordClientWrapper, { image_src: finalImageSrc, image_alt: finalImageAlt, image_background_color: finalImageBackgroundColor, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath }) }));
+    return (_jsx(AuthPageShell, { children: _jsx(ForgotPasswordClientWrapper, { sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, theme: theme, labels: { heading: resolved_title, subHeading: resolved_subtitle, submitButton: resolved_cta } }) }));
 }
 // Named export for direct imports
 export { ForgotPasswordPage };

package/dist/server_pages/forgot_password_client_wrapper.d.ts

@@ -1,15 +1,16 @@
 import type { ForgotPasswordConfig } from "../lib/forgot_password_config.server";
-import type { StaticImageData } from "next/image";
-export type ForgotPasswordClientWrapperProps = Omit<ForgotPasswordConfig, 'imageSrc' | 'imageAlt' | 'imageBackgroundColor'> & {
-    image_src: string | StaticImageData;
-    image_alt: string;
-    image_background_color: string;
+import type { HazoAuthTheme } from "../theme/theme_types";
+export type ForgotPasswordClientWrapperProps = ForgotPasswordConfig & {
     sign_in_path: string;
     sign_in_label: string;
+    /** Optional theme passed through to ForgotPasswordLayout → TwoColumnAuthLayout. */
+    theme?: HazoAuthTheme;
+    /** Optional label overrides (heading, subHeading, submitButton) */
+    labels?: import("../components/layouts/shared/config/layout_customization").LayoutLabelOverrides;
 };
 /**
  * Client wrapper for ForgotPasswordLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export declare function ForgotPasswordClientWrapper({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, }: ForgotPasswordClientWrapperProps): import("react/jsx-runtime").JSX.Element;
+export declare function ForgotPasswordClientWrapper({ sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, theme, labels, }: ForgotPasswordClientWrapperProps): import("react/jsx-runtime").JSX.Element;
 //# sourceMappingURL=forgot_password_client_wrapper.d.ts.map

package/dist/server_pages/forgot_password_client_wrapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAGjF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,gCAAgC,GAAG,IAAI,CAAC,oBAAoB,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,CAAC,GAAG;IAC5H,SAAS,EAAE,MAAM,GAAG,eAAe,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAGF;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,GACf,EAAE,gCAAgC,2CAmClC"}
+{"version":3,"file":"forgot_password_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAG1D,MAAM,MAAM,gCAAgC,GAAG,oBAAoB,GAAG;IACpE,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,mFAAmF;IACnF,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,mEAAmE;IACnE,MAAM,CAAC,EAAE,OAAO,0DAA0D,EAAE,oBAAoB,CAAC;CAClG,CAAC;AAGF;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,YAAY,EACZ,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,KAAK,EACL,MAAM,GACP,EAAE,gCAAgC,2CAkClC"}

package/dist/server_pages/forgot_password_client_wrapper.js

@@ -11,7 +11,7 @@ import { create_sqlite_hazo_connect } from "../lib/hazo_connect_setup.js";
  * Client wrapper for ForgotPasswordLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export function ForgotPasswordClientWrapper({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, }) {
+export function ForgotPasswordClientWrapper({ sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, theme, labels, }) {
     const [dataClient, setDataClient] = useState(null);
     useEffect(() => {
         // Initialize hazo_connect on client side
@@ -23,5 +23,5 @@ export function ForgotPasswordClientWrapper({ image_src, image_alt, image_backgr
     if (!dataClient) {
         return (_jsx("div", { className: "cls_forgot_password_page_loading flex items-center justify-center min-h-screen", children: _jsx("div", { className: "text-slate-600 animate-pulse", children: "Loading..." }) }));
     }
-    return (_jsx(ForgotPasswordLayout, { image_src: image_src, image_alt: image_alt, image_background_color: image_background_color, data_client: dataClient, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath }));
+    return (_jsx(ForgotPasswordLayout, { data_client: dataClient, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, theme: theme, labels: labels }));
 }

package/dist/server_pages/login.d.ts

@@ -1,33 +1,34 @@
 import "server-only";
-import type { StaticImageData } from "next/image";
+import type React from "react";
 export type LoginPageProps = {
-    /**
-     * Optional image source for the visual panel
-     * Defaults from hazo_auth_config.ini or package default image
-     */
-    image_src?: string | StaticImageData;
-    /**
-     * Optional image alt text
-     * Defaults to "Secure login illustration"
-     */
-    image_alt?: string;
-    /**
-     * Optional image background color
-     * Defaults to "#f1f5f9"
-     */
-    image_background_color?: string;
     /**
      * Layout mode (default: `"two_column"`).
      * - `"two_column"` — full server-rendered page with the package's
-     *   TwoColumnAuthLayout (image on the left, form on the right) wrapped in
-     *   the standalone AuthPageShell. Backwards-compatible.
+     *   TwoColumnAuthLayout wrapped in the standalone AuthPageShell.
+     *   Layout appearance is now controlled by the theme (split or centered).
      * - `"form_only"` — emits just the form content (no AuthPageShell, no
      *   TwoColumnAuthLayout). Use when wrapping the form in your own brand
-     *   chrome (e.g. a custom split-panel layout or an existing app shell).
-     *   `image_src` / `image_alt` / `image_background_color` are ignored in
-     *   this mode.
+     *   chrome.
      */
     layout?: "two_column" | "form_only";
+    /**
+     * Optional theme that controls visual appearance and layout mode.
+     * When `theme.layout` is `"split"`, activates the two-column split layout
+     * with the brand panel on the left.
+     */
+    theme?: import("../theme/theme_types").HazoAuthTheme;
+    /** Override the page heading. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    title?: string;
+    /** Override the page subtitle. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    subtitle?: string;
+    /** Override the submit button label. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    ctaText?: string;
+    /**
+     * Optional legal text rendered below the form.
+     * Accepts a string or JSX (e.g. `<a href="/tos">Terms of Service</a>`).
+     * Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
+     */
+    legalText?: React.ReactNode;
 };
 /**
  * Zero-config LoginPage server component

package/dist/server_pages/login.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/server_pages/login.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AASrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,cAAc,GAAG;IAC3B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC;;;;;;;;;;OAUG;IACH,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;CACrC,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,KAAK,EAAE,cAAc,2CAiEtD;AAGD,OAAO,EAAE,SAAS,EAAE,CAAC"}
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/server_pages/login.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAIrB,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAQ/B,MAAM,MAAM,cAAc,GAAG;IAC3B;;;;;;;;OAQG;IACH,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;IACpC;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,sBAAsB,EAAE,aAAa,CAAC;IACrD,0FAA0F;IAC1F,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2FAA2F;IAC3F,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iGAAiG;IACjG,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,SAAS,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC7B,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,KAAK,EAAE,cAAc,2CAkEtD;AAGD,OAAO,EAAE,SAAS,EAAE,CAAC"}

package/dist/server_pages/login.js

@@ -2,12 +2,12 @@ import { jsx as _jsx, Fragment as _Fragment, jsxs as _jsxs } from "react/jsx-run
 // file_description: Zero-config LoginPage server component - drop in and use with no configuration required
 // section: server-only-guard
 import "server-only";
-// section: imports
 import { get_login_config } from "../lib/login_config.server.js";
 import { get_navbar_config } from "../lib/navbar_config.server.js";
 import { LoginClientWrapper } from "./login_client_wrapper.js";
 import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
 import { FloatingHomeLink } from "../components/layouts/shared/components/floating_home_link.js";
+import { DEFAULT_STRINGS, readStrings } from "../strings.js";
 // section: component
 /**
  * Zero-config LoginPage server component
@@ -33,29 +33,25 @@ import { FloatingHomeLink } from "../components/layouts/shared/components/floati
  * @returns Server-rendered login page
  */
 export default function LoginPage(props) {
-    const { image_src, image_alt, image_background_color, layout = "two_column", } = props !== null && props !== void 0 ? props : {};
-    // Load configuration from INI file (with defaults including asset images)
+    var _a, _b, _c;
+    const { layout = "two_column", theme, title, subtitle, ctaText, legalText, } = props !== null && props !== void 0 ? props : {};
+    // Resolve strings: prop > HazoAuthStringsProvider > DEFAULT_STRINGS
+    const strings = readStrings();
+    const login_strings = strings.login;
+    const resolved_title = (_a = title !== null && title !== void 0 ? title : login_strings.title) !== null && _a !== void 0 ? _a : DEFAULT_STRINGS.login.title;
+    const resolved_subtitle = (_b = subtitle !== null && subtitle !== void 0 ? subtitle : login_strings.subtitle) !== null && _b !== void 0 ? _b : DEFAULT_STRINGS.login.subtitle;
+    const resolved_cta = (_c = ctaText !== null && ctaText !== void 0 ? ctaText : login_strings.ctaText) !== null && _c !== void 0 ? _c : DEFAULT_STRINGS.login.ctaText;
+    const resolved_legal = legalText !== undefined ? legalText : (login_strings.legalText || undefined);
+    // Load configuration from INI file (with defaults)
     const config = get_login_config();
-    // Use props if provided, otherwise fall back to config (which includes default asset image)
-    const finalImageSrc = image_src || config.imageSrc;
-    const finalImageAlt = image_alt || config.imageAlt;
-    const finalImageBackgroundColor = image_background_color || config.imageBackgroundColor;
-    const wrapper = (_jsx(LoginClientWrapper, { image_src: finalImageSrc, image_alt: finalImageAlt, image_background_color: finalImageBackgroundColor, redirectRoute: config.redirectRoute, successMessage: config.successMessage, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, forgotPasswordPath: config.forgotPasswordPath, forgotPasswordLabel: config.forgotPasswordLabel, createAccountPath: config.createAccountPath, createAccountLabel: config.createAccountLabel, showCreateAccountLink: config.showCreateAccountLink, oauth: {
+    const wrapper = (_jsx(LoginClientWrapper, { redirectRoute: config.redirectRoute, successMessage: config.successMessage, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, forgotPasswordPath: config.forgotPasswordPath, forgotPasswordLabel: config.forgotPasswordLabel, createAccountPath: config.createAccountPath, createAccountLabel: config.createAccountLabel, showCreateAccountLink: config.showCreateAccountLink, oauth: {
             enable_google: config.oauth.enable_google,
             enable_email_password: config.oauth.enable_email_password,
             google_button_text: config.oauth.google_button_text,
             oauth_divider_text: config.oauth.oauth_divider_text,
-        }, layout: layout }));
-    // form_only mode: skip AuthPageShell so the consumer's own page chrome
-    // (e.g. a split-panel AuthLayout) hosts the form without our standalone
-    // wrapper interfering. Two-column mode keeps the existing AuthPageShell
-    // wrap for navbar/centering support.
-    //
-    // The navbar config's home_link is also surfaced here in form_only mode
-    // so users mid-auth-flow always have a way out — without this, the only
-    // exit is the browser back button. Rendered as a fixed-position "Back to
-    // home" pill (top-left). Disabled by setting `[hazo_auth__navbar]
-    // show_home_link = false` or by hiding it CSS-side at the consumer.
+            enable_facebook: config.oauth.enable_facebook,
+            facebook_button_text: config.oauth.facebook_button_text,
+        }, otpSigninEnabled: config.otpSigninEnabled, otpSigninLabel: config.otpSigninLabel, otpSigninHref: config.otpSigninHref, layout: layout, theme: theme, labels: { heading: resolved_title, subHeading: resolved_subtitle, submitButton: resolved_cta }, legalText: resolved_legal }));
     if (layout === "form_only") {
         const navbar = get_navbar_config();
         return (_jsxs(_Fragment, { children: [navbar.show_home_link && (_jsx(FloatingHomeLink, { path: navbar.home_path, label: navbar.home_label })), wrapper] }));

package/dist/server_pages/login_client_wrapper.d.ts

@@ -1,20 +1,24 @@
+import React from "react";
 import type { LoginConfig } from "../lib/login_config.server";
 import type { OAuthLayoutConfig } from "../components/layouts/login/index";
-import type { StaticImageData } from "next/image";
-export type LoginClientWrapperProps = Omit<LoginConfig, 'imageSrc' | 'imageAlt' | 'imageBackgroundColor' | 'oauth' | 'showCreateAccountLink'> & {
-    image_src?: string | StaticImageData;
-    image_alt?: string;
-    image_background_color?: string;
+import type { HazoAuthTheme } from "../theme/theme_types";
+export type LoginClientWrapperProps = Omit<LoginConfig, 'oauth' | 'showCreateAccountLink'> & {
     /** Show/hide "Create account" link (default: true) */
     showCreateAccountLink?: boolean;
     /** OAuth configuration */
     oauth?: OAuthLayoutConfig;
     /** Layout mode — see LoginLayoutProps.layout. Default `"two_column"`. */
     layout?: "two_column" | "form_only";
+    /** Optional theme passed through to LoginLayout → TwoColumnAuthLayout. */
+    theme?: HazoAuthTheme;
+    /** Optional label overrides (heading, subHeading, submitButton) */
+    labels?: import("../components/layouts/shared/config/layout_customization").LayoutLabelOverrides;
+    /** Optional legal text rendered below the form (accepts ReactNode for links/JSX) */
+    legalText?: React.ReactNode;
 };
 /**
  * Client wrapper for LoginLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export declare function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink, oauth, layout, }: LoginClientWrapperProps): import("react/jsx-runtime").JSX.Element;
+export declare function LoginClientWrapper({ redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink, oauth, otpSigninEnabled, otpSigninLabel, otpSigninHref, layout, theme, labels, legalText, }: LoginClientWrapperProps): import("react/jsx-runtime").JSX.Element;
 //# sourceMappingURL=login_client_wrapper.d.ts.map

package/dist/server_pages/login_client_wrapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/login_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAG3E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,GAAG,OAAO,GAAG,uBAAuB,CAAC,GAAG;IAC9I,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,0BAA0B;IAC1B,KAAK,CAAC,EAAE,iBAAiB,CAAC;IAC1B,yEAAyE;IACzE,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;CACrC,CAAC;AAGF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EACjC,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,aAAa,EACb,cAAc,EACd,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,qBAA4B,EAC5B,KAAK,EACL,MAAqB,GACtB,EAAE,uBAAuB,2CA0CzB"}
+{"version":3,"file":"login_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/login_client_wrapper.tsx"],"names":[],"mappings":"AAIA,OAAO,KAA8B,MAAM,OAAO,CAAC;AAKnD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAG1D,MAAM,MAAM,uBAAuB,GAAG,IAAI,CAAC,WAAW,EAAE,OAAO,GAAG,uBAAuB,CAAC,GAAG;IAC3F,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,0BAA0B;IAC1B,KAAK,CAAC,EAAE,iBAAiB,CAAC;IAC1B,yEAAyE;IACzE,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;IACpC,0EAA0E;IAC1E,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,mEAAmE;IACnE,MAAM,CAAC,EAAE,OAAO,0DAA0D,EAAE,oBAAoB,CAAC;IACjG,oFAAoF;IACpF,SAAS,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC7B,CAAC;AAGF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EACjC,aAAa,EACb,cAAc,EACd,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,qBAA4B,EAC5B,KAAK,EACL,gBAAwB,EACxB,cAA0C,EAC1C,aAAgC,EAChC,MAAqB,EACrB,KAAK,EACL,MAAM,EACN,SAAS,GACV,EAAE,uBAAuB,2CA6CzB"}

package/dist/server_pages/login_client_wrapper.js

@@ -11,7 +11,7 @@ import { create_sqlite_hazo_connect } from "../lib/hazo_connect_setup.js";
  * Client wrapper for LoginLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink = true, oauth, layout = "two_column", }) {
+export function LoginClientWrapper({ redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink = true, oauth, otpSigninEnabled = false, otpSigninLabel = "Sign in with email code", otpSigninHref = "/hazo_auth/otp", layout = "two_column", theme, labels, legalText, }) {
     const [dataClient, setDataClient] = useState(null);
     useEffect(() => {
         // Initialize hazo_connect on client side
@@ -23,5 +23,5 @@ export function LoginClientWrapper({ image_src, image_alt, image_background_colo
     if (!dataClient) {
         return (_jsx("div", { className: "cls_login_page_loading flex items-center justify-center min-h-screen", children: _jsx("div", { className: "text-slate-600 animate-pulse", children: "Loading..." }) }));
     }
-    return (_jsx(LoginLayout, { image_src: image_src, image_alt: image_alt, image_background_color: image_background_color, data_client: dataClient, redirectRoute: redirectRoute, successMessage: successMessage, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, forgot_password_path: forgotPasswordPath, forgot_password_label: forgotPasswordLabel, create_account_path: createAccountPath, create_account_label: createAccountLabel, show_create_account_link: showCreateAccountLink, oauth: oauth, layout: layout }));
+    return (_jsx(LoginLayout, { data_client: dataClient, redirectRoute: redirectRoute, successMessage: successMessage, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, forgot_password_path: forgotPasswordPath, forgot_password_label: forgotPasswordLabel, create_account_path: createAccountPath, create_account_label: createAccountLabel, show_create_account_link: showCreateAccountLink, oauth: oauth, otp_signin_enabled: otpSigninEnabled, otp_signin_label: otpSigninLabel, otp_signin_href: otpSigninHref, layout: layout, theme: theme, labels: labels, legalText: legalText }));
 }

package/dist/server_pages/my_settings.d.ts

@@ -4,6 +4,8 @@ export type MySettingsPageProps = {
      * Optional className for custom styling
      */
     className?: string;
+    /** Override the page heading. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
+    title?: string;
 };
 /**
  * Zero-config MySettingsPage server component

package/dist/server_pages/my_settings.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"my_settings.d.ts","sourceRoot":"","sources":["../../src/server_pages/my_settings.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAQrB,MAAM,MAAM,mBAAmB,GAAG;IAChC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AACH,MAAM,CAAC,OAAO,UAAU,cAAc,CAAC,KAAK,EAAE,mBAAmB,2CAiChE;AAGD,OAAO,EAAE,cAAc,EAAE,CAAC"}
+{"version":3,"file":"my_settings.d.ts","sourceRoot":"","sources":["../../src/server_pages/my_settings.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AASrB,MAAM,MAAM,mBAAmB,GAAG;IAChC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0FAA0F;IAC1F,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AACH,MAAM,CAAC,OAAO,UAAU,cAAc,CAAC,KAAK,EAAE,mBAAmB,2CAuChE;AAGD,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/server_pages/my_settings.js

@@ -6,6 +6,7 @@ import "server-only";
 import { get_my_settings_config } from "../lib/my_settings_config.server.js";
 import MySettingsLayout from "../components/layouts/my_settings/index.js";
 import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
+import { DEFAULT_STRINGS, readStrings } from "../strings.js";
 // section: component
 /**
  * Zero-config MySettingsPage server component
@@ -53,11 +54,16 @@ import { AuthPageShell } from "../components/layouts/shared/components/auth_page
  * @returns Server-rendered my settings component
  */
 export default function MySettingsPage(props) {
-    const { className } = props !== null && props !== void 0 ? props : {};
+    var _a;
+    const { className, title } = props !== null && props !== void 0 ? props : {};
+    // Resolve strings: prop > HazoAuthStringsProvider > DEFAULT_STRINGS
+    const strings = readStrings();
+    const ms_strings = strings.my_settings;
+    const resolved_title = (_a = title !== null && title !== void 0 ? title : ms_strings.title) !== null && _a !== void 0 ? _a : DEFAULT_STRINGS.my_settings.title;
     // Load configuration from INI file (with defaults)
     const config = get_my_settings_config();
     // Render layout with all server-initialized configuration, wrapped in AuthPageShell for navbar support
-    return (_jsx(AuthPageShell, { children: _jsx(MySettingsLayout, { className: className, password_requirements: config.passwordRequirements, profilePicture: config.profilePicture, userFields: config.userFields, unauthorizedMessage: config.unauthorizedMessage, loginButtonLabel: config.loginButtonLabel, loginPath: config.loginPath, heading: config.heading, subHeading: config.subHeading, profilePhotoLabel: config.profilePhotoLabel, profilePhotoRecommendation: config.profilePhotoRecommendation, uploadPhotoButtonLabel: config.uploadPhotoButtonLabel, removePhotoButtonLabel: config.removePhotoButtonLabel, profileInformationLabel: config.profileInformationLabel, passwordLabel: config.passwordLabel, currentPasswordLabel: config.currentPasswordLabel, newPasswordLabel: config.newPasswordLabel, confirmPasswordLabel: config.confirmPasswordLabel, messages: config.messages, uiSizes: config.uiSizes, fileTypes: config.fileTypes }) }));
+    return (_jsx(AuthPageShell, { children: _jsx(MySettingsLayout, { className: className, password_requirements: config.passwordRequirements, profilePicture: config.profilePicture, userFields: config.userFields, unauthorizedMessage: config.unauthorizedMessage, loginButtonLabel: config.loginButtonLabel, loginPath: config.loginPath, heading: resolved_title, subHeading: config.subHeading, profilePhotoLabel: config.profilePhotoLabel, profilePhotoRecommendation: config.profilePhotoRecommendation, uploadPhotoButtonLabel: config.uploadPhotoButtonLabel, removePhotoButtonLabel: config.removePhotoButtonLabel, profileInformationLabel: config.profileInformationLabel, passwordLabel: config.passwordLabel, currentPasswordLabel: config.currentPasswordLabel, newPasswordLabel: config.newPasswordLabel, confirmPasswordLabel: config.confirmPasswordLabel, messages: config.messages, uiSizes: config.uiSizes, fileTypes: config.fileTypes }) }));
 }
 // Named export for direct imports
 export { MySettingsPage };

package/dist/server_pages/otp.d.ts

@@ -0,0 +1,56 @@
+import "server-only";
+import * as React from "react";
+export type OTPPageProps = {
+    /**
+     * searchParams from Next.js page props — supports both sync and async forms.
+     * Reads `redirect` param to set the post-sign-in redirect URL.
+     */
+    searchParams?: Promise<{
+        redirect?: string;
+    }> | {
+        redirect?: string;
+    };
+    /**
+     * Page heading passed through to OTPLayout.
+     * Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
+     */
+    title?: string;
+    /**
+     * Page subtitle. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
+     */
+    subtitle?: string;
+    /**
+     * Submit button label. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
+     */
+    ctaText?: string;
+    /**
+     * Optional theme that controls visual appearance and layout mode.
+     * When `theme.layout` is `"split"`, activates the two-column split layout
+     * with the brand panel on the left.
+     */
+    theme?: import("../theme/theme_types").HazoAuthTheme;
+};
+/**
+ * Zero-config OTPPage server component
+ *
+ * Renders an email OTP sign-in flow: the user enters their email, receives a
+ * 6-digit code, and is redirected after successful verification.
+ *
+ * Usage in consuming apps:
+ * ```tsx
+ * // app/otp/page.tsx
+ * import { OTPPage } from "hazo_auth/pages/otp";
+ *
+ * export default function Page(props) {
+ *   return <OTPPage {...props} />;
+ * }
+ * ```
+ *
+ * Pass `?redirect=/dashboard` in the URL to control the post-sign-in destination.
+ *
+ * @param props - Optional searchParams and title
+ * @returns Server-rendered OTP sign-in page
+ */
+export default function OTPPage({ searchParams, title, subtitle, ctaText, theme, }?: OTPPageProps): Promise<React.ReactElement>;
+export { OTPPage };
+//# sourceMappingURL=otp.d.ts.map

package/dist/server_pages/otp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"otp.d.ts","sourceRoot":"","sources":["../../src/server_pages/otp.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAM/B,MAAM,MAAM,YAAY,GAAG;IACzB;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAEtE;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,sBAAsB,EAAE,aAAa,CAAC;CACtD,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAA8B,OAAO,CAAC,EACpC,YAAY,EACZ,KAAK,EACL,QAAQ,EACR,OAAO,EACP,KAAK,GACN,GAAE,YAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAyBjD;AAGD,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/server_pages/otp.js

@@ -0,0 +1,45 @@
+import { jsx as _jsx } from "react/jsx-runtime";
+// file_description: Zero-config OTPPage server component - drop in and use with no configuration required
+// section: server-only-guard
+import "server-only";
+import { OTPLayout } from "../components/layouts/otp.js";
+import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
+import { DEFAULT_STRINGS, readStrings } from "../strings.js";
+// section: component
+/**
+ * Zero-config OTPPage server component
+ *
+ * Renders an email OTP sign-in flow: the user enters their email, receives a
+ * 6-digit code, and is redirected after successful verification.
+ *
+ * Usage in consuming apps:
+ * ```tsx
+ * // app/otp/page.tsx
+ * import { OTPPage } from "hazo_auth/pages/otp";
+ *
+ * export default function Page(props) {
+ *   return <OTPPage {...props} />;
+ * }
+ * ```
+ *
+ * Pass `?redirect=/dashboard` in the URL to control the post-sign-in destination.
+ *
+ * @param props - Optional searchParams and title
+ * @returns Server-rendered OTP sign-in page
+ */
+export default async function OTPPage({ searchParams, title, subtitle, ctaText, theme, } = {}) {
+    var _a, _b, _c, _d;
+    const params = searchParams instanceof Promise
+        ? await searchParams
+        : (searchParams !== null && searchParams !== void 0 ? searchParams : {});
+    const redirect_url = (_a = params.redirect) !== null && _a !== void 0 ? _a : "/";
+    // Resolve strings: prop > HazoAuthStringsProvider > DEFAULT_STRINGS
+    const strings = readStrings();
+    const otp_strings = strings.otp;
+    const resolved_title = (_b = title !== null && title !== void 0 ? title : otp_strings.title) !== null && _b !== void 0 ? _b : DEFAULT_STRINGS.otp.title;
+    const resolved_subtitle = (_c = subtitle !== null && subtitle !== void 0 ? subtitle : otp_strings.subtitle) !== null && _c !== void 0 ? _c : DEFAULT_STRINGS.otp.subtitle;
+    const resolved_cta = (_d = ctaText !== null && ctaText !== void 0 ? ctaText : otp_strings.ctaText) !== null && _d !== void 0 ? _d : DEFAULT_STRINGS.otp.ctaText;
+    return (_jsx(AuthPageShell, { children: _jsx(OTPLayout, { redirect_url: redirect_url, title: resolved_title, subtitle: resolved_subtitle, ctaText: resolved_cta, theme: theme }) }));
+}
+// Named export for direct imports
+export { OTPPage };