hazo_auth 6.0.0 → 7.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +233 -8
- package/SETUP_CHECKLIST.md +240 -0
- package/cli-src/cli/validate.ts +4 -0
- package/cli-src/lib/auth/nextauth_config.ts +101 -1
- package/cli-src/lib/cookies_config.server.ts +1 -0
- package/cli-src/lib/email_verification_config.server.ts +0 -34
- package/cli-src/lib/forgot_password_config.server.ts +0 -34
- package/cli-src/lib/login_config.server.ts +14 -31
- package/cli-src/lib/my_settings_config.server.ts +0 -3
- package/cli-src/lib/oauth_config.server.ts +58 -0
- package/cli-src/lib/otp_config.server.ts +91 -0
- package/cli-src/lib/register_config.server.ts +11 -31
- package/cli-src/lib/reset_password_config.server.ts +0 -31
- package/cli-src/lib/services/email_service.ts +3 -1
- package/cli-src/lib/services/email_template_manifest.ts +17 -0
- package/cli-src/lib/services/email_templates/otp_signin_code.html +13 -0
- package/cli-src/lib/services/email_templates/otp_signin_code.txt +5 -0
- package/cli-src/lib/services/index.ts +8 -2
- package/cli-src/lib/services/oauth_service.ts +197 -0
- package/cli-src/lib/services/otp_service.ts +295 -0
- package/cli-src/lib/services/session_token_service.ts +4 -1
- package/config/hazo_auth_config.example.ini +76 -41
- package/dist/cli/validate.d.ts.map +1 -1
- package/dist/cli/validate.js +4 -0
- package/dist/client.d.ts +2 -0
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +1 -0
- package/dist/components/layouts/create_firm/index.d.ts +4 -8
- package/dist/components/layouts/create_firm/index.d.ts.map +1 -1
- package/dist/components/layouts/create_firm/index.js +3 -3
- package/dist/components/layouts/email_verification/index.d.ts +4 -5
- package/dist/components/layouts/email_verification/index.d.ts.map +1 -1
- package/dist/components/layouts/email_verification/index.js +4 -4
- package/dist/components/layouts/forgot_password/index.d.ts +4 -5
- package/dist/components/layouts/forgot_password/index.d.ts.map +1 -1
- package/dist/components/layouts/forgot_password/index.js +2 -2
- package/dist/components/layouts/login/index.d.ts +19 -9
- package/dist/components/layouts/login/index.d.ts.map +1 -1
- package/dist/components/layouts/login/index.js +12 -6
- package/dist/components/layouts/otp/index.d.ts +17 -0
- package/dist/components/layouts/otp/index.d.ts.map +1 -0
- package/dist/components/layouts/otp/index.js +16 -0
- package/dist/components/layouts/register/index.d.ts +11 -7
- package/dist/components/layouts/register/index.d.ts.map +1 -1
- package/dist/components/layouts/register/index.js +8 -4
- package/dist/components/layouts/reset_password/index.d.ts +4 -5
- package/dist/components/layouts/reset_password/index.d.ts.map +1 -1
- package/dist/components/layouts/reset_password/index.js +5 -5
- package/dist/components/layouts/shared/components/already_logged_in_guard.d.ts +3 -5
- package/dist/components/layouts/shared/components/already_logged_in_guard.d.ts.map +1 -1
- package/dist/components/layouts/shared/components/already_logged_in_guard.js +2 -2
- package/dist/components/layouts/shared/components/facebook_sign_in_button.d.ts +25 -0
- package/dist/components/layouts/shared/components/facebook_sign_in_button.d.ts.map +1 -0
- package/dist/components/layouts/shared/components/facebook_sign_in_button.js +49 -0
- package/dist/components/layouts/shared/components/sidebar_layout_wrapper.d.ts.map +1 -1
- package/dist/components/layouts/shared/components/sidebar_layout_wrapper.js +8 -3
- package/dist/components/layouts/shared/components/two_column_auth_layout.d.ts +3 -6
- package/dist/components/layouts/shared/components/two_column_auth_layout.d.ts.map +1 -1
- package/dist/components/layouts/shared/components/two_column_auth_layout.js +8 -5
- package/dist/components/otp/OTPRequestForm.d.ts +11 -0
- package/dist/components/otp/OTPRequestForm.d.ts.map +1 -0
- package/dist/components/otp/OTPRequestForm.js +42 -0
- package/dist/components/otp/OTPVerifyForm.d.ts +16 -0
- package/dist/components/otp/OTPVerifyForm.d.ts.map +1 -0
- package/dist/components/otp/OTPVerifyForm.js +75 -0
- package/dist/components/otp/index.d.ts +5 -0
- package/dist/components/otp/index.d.ts.map +1 -0
- package/dist/components/otp/index.js +2 -0
- package/dist/components/ui/input-otp.d.ts +35 -0
- package/dist/components/ui/input-otp.d.ts.map +1 -0
- package/dist/components/ui/input-otp.js +44 -0
- package/dist/consent/consent_state.d.ts +18 -0
- package/dist/consent/consent_state.d.ts.map +1 -0
- package/dist/consent/consent_state.js +29 -0
- package/dist/consent/cookie_consent_banner.d.ts +11 -0
- package/dist/consent/cookie_consent_banner.d.ts.map +1 -0
- package/dist/consent/cookie_consent_banner.js +40 -0
- package/dist/consent/gtm_mapping.d.ts +13 -0
- package/dist/consent/gtm_mapping.d.ts.map +1 -0
- package/dist/consent/gtm_mapping.js +30 -0
- package/dist/consent/index.d.ts +7 -0
- package/dist/consent/index.d.ts.map +1 -0
- package/dist/consent/index.js +7 -0
- package/dist/consent/manage_modal.d.ts +2 -0
- package/dist/consent/manage_modal.d.ts.map +1 -0
- package/dist/consent/manage_modal.js +33 -0
- package/dist/consent/read_consent.d.ts +15 -0
- package/dist/consent/read_consent.d.ts.map +1 -0
- package/dist/consent/read_consent.js +23 -0
- package/dist/consent/use_consent.d.ts +7 -0
- package/dist/consent/use_consent.d.ts.map +1 -0
- package/dist/consent/use_consent.js +55 -0
- package/dist/lib/auth/nextauth_config.d.ts +10 -0
- package/dist/lib/auth/nextauth_config.d.ts.map +1 -1
- package/dist/lib/auth/nextauth_config.js +80 -2
- package/dist/lib/cookies_config.server.d.ts +1 -0
- package/dist/lib/cookies_config.server.d.ts.map +1 -1
- package/dist/lib/cookies_config.server.js +1 -0
- package/dist/lib/email_verification_config.server.d.ts +0 -3
- package/dist/lib/email_verification_config.server.d.ts.map +1 -1
- package/dist/lib/email_verification_config.server.js +0 -15
- package/dist/lib/forgot_password_config.server.d.ts +0 -3
- package/dist/lib/forgot_password_config.server.d.ts.map +1 -1
- package/dist/lib/forgot_password_config.server.js +0 -15
- package/dist/lib/login_config.server.d.ts +6 -3
- package/dist/lib/login_config.server.d.ts.map +1 -1
- package/dist/lib/login_config.server.js +7 -13
- package/dist/lib/my_settings_config.server.d.ts +0 -1
- package/dist/lib/my_settings_config.server.d.ts.map +1 -1
- package/dist/lib/my_settings_config.server.js +0 -2
- package/dist/lib/oauth_config.server.d.ts +17 -0
- package/dist/lib/oauth_config.server.d.ts.map +1 -1
- package/dist/lib/oauth_config.server.js +25 -0
- package/dist/lib/otp_config.server.d.ts +49 -0
- package/dist/lib/otp_config.server.d.ts.map +1 -0
- package/dist/lib/otp_config.server.js +48 -0
- package/dist/lib/register_config.server.d.ts +2 -3
- package/dist/lib/register_config.server.d.ts.map +1 -1
- package/dist/lib/register_config.server.js +4 -13
- package/dist/lib/reset_password_config.server.d.ts +0 -3
- package/dist/lib/reset_password_config.server.d.ts.map +1 -1
- package/dist/lib/reset_password_config.server.js +0 -13
- package/dist/lib/services/email_service.d.ts +1 -1
- package/dist/lib/services/email_service.d.ts.map +1 -1
- package/dist/lib/services/email_service.js +2 -0
- package/dist/lib/services/email_template_manifest.d.ts.map +1 -1
- package/dist/lib/services/email_template_manifest.js +17 -0
- package/dist/lib/services/email_templates/otp_signin_code.html +13 -0
- package/dist/lib/services/email_templates/otp_signin_code.txt +5 -0
- package/dist/lib/services/index.d.ts +2 -0
- package/dist/lib/services/index.d.ts.map +1 -1
- package/dist/lib/services/index.js +1 -0
- package/dist/lib/services/oauth_service.d.ts +24 -0
- package/dist/lib/services/oauth_service.d.ts.map +1 -1
- package/dist/lib/services/oauth_service.js +155 -0
- package/dist/lib/services/otp_service.d.ts +46 -0
- package/dist/lib/services/otp_service.d.ts.map +1 -0
- package/dist/lib/services/otp_service.js +238 -0
- package/dist/lib/services/session_token_service.d.ts +3 -1
- package/dist/lib/services/session_token_service.d.ts.map +1 -1
- package/dist/lib/services/session_token_service.js +4 -2
- package/dist/page_components/create_firm.d.ts +13 -1
- package/dist/page_components/create_firm.d.ts.map +1 -1
- package/dist/page_components/create_firm.js +10 -6
- package/dist/page_components/forgot_password.d.ts +1 -4
- package/dist/page_components/forgot_password.d.ts.map +1 -1
- package/dist/page_components/forgot_password.js +2 -6
- package/dist/page_components/login.d.ts +1 -4
- package/dist/page_components/login.d.ts.map +1 -1
- package/dist/page_components/login.js +2 -6
- package/dist/page_components/otp.d.ts +4 -0
- package/dist/page_components/otp.d.ts.map +1 -0
- package/dist/page_components/otp.js +5 -0
- package/dist/page_components/register.d.ts +1 -4
- package/dist/page_components/register.d.ts.map +1 -1
- package/dist/page_components/register.js +2 -6
- package/dist/page_components/reset_password.d.ts +1 -4
- package/dist/page_components/reset_password.d.ts.map +1 -1
- package/dist/page_components/reset_password.js +2 -6
- package/dist/page_components/verify_email.d.ts +1 -4
- package/dist/page_components/verify_email.d.ts.map +1 -1
- package/dist/page_components/verify_email.js +2 -6
- package/dist/server/routes/index.d.ts +3 -0
- package/dist/server/routes/index.d.ts.map +1 -1
- package/dist/server/routes/index.js +4 -0
- package/dist/server/routes/me.d.ts.map +1 -1
- package/dist/server/routes/me.js +43 -1
- package/dist/server/routes/oauth_facebook_callback.d.ts +8 -0
- package/dist/server/routes/oauth_facebook_callback.d.ts.map +1 -0
- package/dist/server/routes/oauth_facebook_callback.js +157 -0
- package/dist/server/routes/oauth_google_callback.js +1 -1
- package/dist/server/routes/otp/request.d.ts +3 -0
- package/dist/server/routes/otp/request.d.ts.map +1 -0
- package/dist/server/routes/otp/request.js +33 -0
- package/dist/server/routes/otp/verify.d.ts +3 -0
- package/dist/server/routes/otp/verify.d.ts.map +1 -0
- package/dist/server/routes/otp/verify.js +58 -0
- package/dist/server-lib.d.ts +3 -0
- package/dist/server-lib.d.ts.map +1 -1
- package/dist/server-lib.js +2 -0
- package/dist/server_pages/forgot_password.d.ts +13 -17
- package/dist/server_pages/forgot_password.d.ts.map +1 -1
- package/dist/server_pages/forgot_password.js +12 -8
- package/dist/server_pages/forgot_password_client_wrapper.d.ts +7 -6
- package/dist/server_pages/forgot_password_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/forgot_password_client_wrapper.js +2 -2
- package/dist/server_pages/login.d.ts +22 -21
- package/dist/server_pages/login.d.ts.map +1 -1
- package/dist/server_pages/login.js +15 -19
- package/dist/server_pages/login_client_wrapper.d.ts +10 -6
- package/dist/server_pages/login_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/login_client_wrapper.js +2 -2
- package/dist/server_pages/my_settings.d.ts +2 -0
- package/dist/server_pages/my_settings.d.ts.map +1 -1
- package/dist/server_pages/my_settings.js +8 -2
- package/dist/server_pages/otp.d.ts +56 -0
- package/dist/server_pages/otp.d.ts.map +1 -0
- package/dist/server_pages/otp.js +45 -0
- package/dist/server_pages/register.d.ts +19 -16
- package/dist/server_pages/register.d.ts.map +1 -1
- package/dist/server_pages/register.js +15 -12
- package/dist/server_pages/register_client_wrapper.d.ts +10 -6
- package/dist/server_pages/register_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/register_client_wrapper.js +2 -2
- package/dist/server_pages/reset_password.d.ts +11 -16
- package/dist/server_pages/reset_password.d.ts.map +1 -1
- package/dist/server_pages/reset_password.js +11 -9
- package/dist/server_pages/reset_password_client_wrapper.d.ts +7 -6
- package/dist/server_pages/reset_password_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/reset_password_client_wrapper.js +2 -2
- package/dist/server_pages/verify_email.d.ts +11 -17
- package/dist/server_pages/verify_email.d.ts.map +1 -1
- package/dist/server_pages/verify_email.js +11 -8
- package/dist/server_pages/verify_email_client_wrapper.d.ts +7 -6
- package/dist/server_pages/verify_email_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/verify_email_client_wrapper.js +2 -2
- package/dist/strings/default_strings.d.ts +47 -0
- package/dist/strings/default_strings.d.ts.map +1 -0
- package/dist/strings/default_strings.js +18 -0
- package/dist/strings/index.d.ts +4 -0
- package/dist/strings/index.d.ts.map +1 -0
- package/dist/strings/index.js +3 -0
- package/dist/strings/strings_context.d.ts +12 -0
- package/dist/strings/strings_context.d.ts.map +1 -0
- package/dist/strings/strings_context.js +23 -0
- package/dist/strings/strings_provider.d.ts +26 -0
- package/dist/strings/strings_provider.d.ts.map +1 -0
- package/dist/strings/strings_provider.js +45 -0
- package/dist/theme/create_theme.d.ts +7 -0
- package/dist/theme/create_theme.d.ts.map +1 -0
- package/dist/theme/create_theme.js +97 -0
- package/dist/theme/hex_to_hsl.d.ts +16 -0
- package/dist/theme/hex_to_hsl.d.ts.map +1 -0
- package/dist/theme/hex_to_hsl.js +110 -0
- package/dist/theme/index.d.ts +4 -0
- package/dist/theme/index.d.ts.map +1 -0
- package/dist/theme/index.js +3 -0
- package/dist/theme/luminance.d.ts +11 -0
- package/dist/theme/luminance.d.ts.map +1 -0
- package/dist/theme/luminance.js +45 -0
- package/dist/theme/theme_provider.d.ts +14 -0
- package/dist/theme/theme_provider.d.ts.map +1 -0
- package/dist/theme/theme_provider.js +23 -0
- package/dist/theme/theme_types.d.ts +36 -0
- package/dist/theme/theme_types.d.ts.map +1 -0
- package/dist/theme/theme_types.js +1 -0
- package/dist/themes/index.d.ts +3 -0
- package/dist/themes/index.d.ts.map +1 -0
- package/dist/themes/index.js +2 -0
- package/dist/themes/preset_indigo_sunset.d.ts +3 -0
- package/dist/themes/preset_indigo_sunset.d.ts.map +1 -0
- package/dist/themes/preset_indigo_sunset.js +20 -0
- package/dist/themes/preset_neutral.d.ts +3 -0
- package/dist/themes/preset_neutral.d.ts.map +1 -0
- package/dist/themes/preset_neutral.js +14 -0
- package/package.json +36 -2
|
@@ -3,11 +3,6 @@
|
|
|
3
3
|
import "server-only";
|
|
4
4
|
// section: imports
|
|
5
5
|
import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
|
|
6
|
-
import { get_config_value } from "./config/config_loader.server.js";
|
|
7
|
-
// Default image path - consuming apps should either:
|
|
8
|
-
// 1. Configure their own image_src in hazo_auth_config.ini
|
|
9
|
-
// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
|
|
10
|
-
const DEFAULT_FORGOT_PASSWORD_IMAGE_PATH = "/hazo_auth/images/forgot_password_default.jpg";
|
|
11
6
|
// section: helpers
|
|
12
7
|
/**
|
|
13
8
|
* Reads forgot password layout configuration from hazo_auth_config.ini file
|
|
@@ -15,23 +10,13 @@ const DEFAULT_FORGOT_PASSWORD_IMAGE_PATH = "/hazo_auth/images/forgot_password_de
|
|
|
15
10
|
* @returns Forgot password configuration options
|
|
16
11
|
*/
|
|
17
12
|
export function get_forgot_password_config() {
|
|
18
|
-
const section = "hazo_auth__forgot_password_layout";
|
|
19
13
|
// Get shared already logged in config
|
|
20
14
|
const alreadyLoggedInConfig = get_already_logged_in_config();
|
|
21
|
-
// Read image configuration
|
|
22
|
-
// If not set in config, falls back to default path-based image
|
|
23
|
-
// Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
|
|
24
|
-
const imageSrc = get_config_value(section, "image_src", DEFAULT_FORGOT_PASSWORD_IMAGE_PATH);
|
|
25
|
-
const imageAlt = get_config_value(section, "image_alt", "Password recovery illustration");
|
|
26
|
-
const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
|
|
27
15
|
return {
|
|
28
16
|
alreadyLoggedInMessage: alreadyLoggedInConfig.message,
|
|
29
17
|
showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
|
|
30
18
|
showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
|
|
31
19
|
returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
|
|
32
20
|
returnHomePath: alreadyLoggedInConfig.returnHomePath,
|
|
33
|
-
imageSrc,
|
|
34
|
-
imageAlt,
|
|
35
|
-
imageBackgroundColor,
|
|
36
21
|
};
|
|
37
22
|
}
|
|
@@ -13,11 +13,14 @@ export type LoginConfig = {
|
|
|
13
13
|
createAccountPath: string;
|
|
14
14
|
createAccountLabel: string;
|
|
15
15
|
showCreateAccountLink: boolean;
|
|
16
|
-
imageSrc: string;
|
|
17
|
-
imageAlt: string;
|
|
18
|
-
imageBackgroundColor: string;
|
|
19
16
|
/** OAuth configuration */
|
|
20
17
|
oauth: OAuthConfig;
|
|
18
|
+
/** Whether the OTP sign-in link is shown below the login form */
|
|
19
|
+
otpSigninEnabled: boolean;
|
|
20
|
+
/** Label for the OTP sign-in link */
|
|
21
|
+
otpSigninLabel: string;
|
|
22
|
+
/** href for the OTP sign-in link */
|
|
23
|
+
otpSigninHref: string;
|
|
21
24
|
};
|
|
22
25
|
/**
|
|
23
26
|
* Reads login layout configuration from hazo_auth_config.ini file
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAG3E,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;IACnB,iEAAiE;IACjE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CA0D9C"}
|
|
@@ -5,10 +5,6 @@ import "server-only";
|
|
|
5
5
|
import { get_config_value, get_config_value_allow_empty } from "./config/config_loader.server.js";
|
|
6
6
|
import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
|
|
7
7
|
import { get_oauth_config } from "./oauth_config.server.js";
|
|
8
|
-
// Default image path - consuming apps should either:
|
|
9
|
-
// 1. Configure their own image_src in hazo_auth_config.ini
|
|
10
|
-
// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
|
|
11
|
-
const DEFAULT_LOGIN_IMAGE_PATH = "/hazo_auth/images/login_default.jpg";
|
|
12
8
|
// section: helpers
|
|
13
9
|
/**
|
|
14
10
|
* Reads login layout configuration from hazo_auth_config.ini file
|
|
@@ -30,14 +26,12 @@ export function get_login_config() {
|
|
|
30
26
|
const showCreateAccountLink = get_config_value(section, "show_create_account_link", "true") === "true";
|
|
31
27
|
// Get shared already logged in config
|
|
32
28
|
const alreadyLoggedInConfig = get_already_logged_in_config();
|
|
33
|
-
// Read image configuration
|
|
34
|
-
// If not set in config, falls back to default path-based image
|
|
35
|
-
// Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
|
|
36
|
-
const imageSrc = get_config_value(section, "image_src", DEFAULT_LOGIN_IMAGE_PATH);
|
|
37
|
-
const imageAlt = get_config_value(section, "image_alt", "Secure login illustration");
|
|
38
|
-
const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
|
|
39
29
|
// Get OAuth configuration
|
|
40
30
|
const oauth = get_oauth_config();
|
|
31
|
+
// OTP sign-in link
|
|
32
|
+
const otpSigninEnabled = get_config_value(section, "otp_signin_enabled", "false") === "true";
|
|
33
|
+
const otpSigninLabel = get_config_value(section, "otp_signin_label", "Sign in with email code");
|
|
34
|
+
const otpSigninHref = get_config_value(section, "otp_signin_href", "/hazo_auth/otp");
|
|
41
35
|
return {
|
|
42
36
|
redirectRoute,
|
|
43
37
|
successMessage,
|
|
@@ -51,9 +45,9 @@ export function get_login_config() {
|
|
|
51
45
|
createAccountPath,
|
|
52
46
|
createAccountLabel,
|
|
53
47
|
showCreateAccountLink,
|
|
54
|
-
imageSrc,
|
|
55
|
-
imageAlt,
|
|
56
|
-
imageBackgroundColor,
|
|
57
48
|
oauth,
|
|
49
|
+
otpSigninEnabled,
|
|
50
|
+
otpSigninLabel,
|
|
51
|
+
otpSigninHref,
|
|
58
52
|
};
|
|
59
53
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"my_settings_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/my_settings_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE;QACV,eAAe,EAAE,OAAO,CAAC;QACzB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;KAC9B,CAAC;IACF,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,cAAc,EAAE;QACd,kBAAkB,EAAE,OAAO,CAAC;QAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,4BAA4B,EAAE,UAAU,GAAG,SAAS,CAAC;QACrD,4BAA4B,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;QACtD,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,
|
|
1
|
+
{"version":3,"file":"my_settings_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/my_settings_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE;QACV,eAAe,EAAE,OAAO,CAAC;QACzB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;KAC9B,CAAC;IACF,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,cAAc,EAAE;QACd,kBAAkB,EAAE,OAAO,CAAC;QAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,4BAA4B,EAAE,UAAU,GAAG,SAAS,CAAC;QACrD,4BAA4B,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;QACtD,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE;QACR,6BAA6B,EAAE,MAAM,CAAC;QACtC,sBAAsB,EAAE,MAAM,CAAC;QAC/B,2BAA2B,EAAE,MAAM,CAAC;QACpC,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,yBAAyB,EAAE,MAAM,CAAC;QAClC,uBAAuB,EAAE,MAAM,CAAC;QAChC,0BAA0B,EAAE,MAAM,CAAC;QACnC,0BAA0B,EAAE,MAAM,CAAC;QACnC,+BAA+B,EAAE,MAAM,CAAC;QACxC,4BAA4B,EAAE,MAAM,CAAC;KACtC,CAAC;IACF,SAAS,EAAE;QACT,wBAAwB,EAAE,MAAM,EAAE,CAAC;QACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;KACpC,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,gBAAgB,CAuDzD"}
|
|
@@ -28,7 +28,6 @@ export function get_my_settings_config() {
|
|
|
28
28
|
const uiSizes = get_ui_sizes_config();
|
|
29
29
|
const fileTypes = get_file_types_config();
|
|
30
30
|
// Read optional labels with defaults
|
|
31
|
-
const heading = get_config_value(section, "heading", "Account Settings");
|
|
32
31
|
const subHeading = get_config_value(section, "sub_heading", "Manage your profile, password, and email preferences.");
|
|
33
32
|
const profilePhotoLabel = get_config_value(section, "profile_photo_label", "Profile Photo");
|
|
34
33
|
const profilePhotoRecommendation = get_config_value(section, "profile_photo_recommendation", "Recommended size: 200x200px. JPG, PNG.");
|
|
@@ -47,7 +46,6 @@ export function get_my_settings_config() {
|
|
|
47
46
|
userFields,
|
|
48
47
|
passwordRequirements,
|
|
49
48
|
profilePicture,
|
|
50
|
-
heading,
|
|
51
49
|
subHeading,
|
|
52
50
|
profilePhotoLabel,
|
|
53
51
|
profilePhotoRecommendation,
|
|
@@ -2,12 +2,20 @@ import "server-only";
|
|
|
2
2
|
export type OAuthConfig = {
|
|
3
3
|
/** Enable Google OAuth login */
|
|
4
4
|
enable_google: boolean;
|
|
5
|
+
/** Enable Facebook OAuth login */
|
|
6
|
+
enable_facebook: boolean;
|
|
5
7
|
/** Enable traditional email/password login */
|
|
6
8
|
enable_email_password: boolean;
|
|
7
9
|
/** Auto-link Google login to existing unverified email/password accounts */
|
|
8
10
|
auto_link_unverified_accounts: boolean;
|
|
11
|
+
/** Auto-link Google login to existing unverified email/password accounts (per-provider override) */
|
|
12
|
+
auto_link_unverified_accounts_google: boolean;
|
|
13
|
+
/** Auto-link Facebook login to existing unverified email/password accounts */
|
|
14
|
+
auto_link_unverified_accounts_facebook: boolean;
|
|
9
15
|
/** Text displayed on the Google sign-in button */
|
|
10
16
|
google_button_text: string;
|
|
17
|
+
/** Text displayed on the Facebook sign-in button */
|
|
18
|
+
facebook_button_text: string;
|
|
11
19
|
/** Text displayed on the divider between OAuth and email/password form */
|
|
12
20
|
oauth_divider_text: string;
|
|
13
21
|
/** NextAuth signIn page path */
|
|
@@ -22,6 +30,10 @@ export type OAuthConfig = {
|
|
|
22
30
|
skip_invitation_check: boolean;
|
|
23
31
|
/** Redirect when skip_invitation_check=true and user has no scope */
|
|
24
32
|
no_scope_redirect: string;
|
|
33
|
+
/** Facebook App ID from env HAZO_AUTH_FACEBOOK_APP_ID */
|
|
34
|
+
facebook_client_id: string | undefined;
|
|
35
|
+
/** Facebook App Secret from env HAZO_AUTH_FACEBOOK_APP_SECRET */
|
|
36
|
+
facebook_client_secret: string | undefined;
|
|
25
37
|
};
|
|
26
38
|
/**
|
|
27
39
|
* Reads OAuth configuration from hazo_auth_config.ini file
|
|
@@ -39,4 +51,9 @@ export declare function is_google_oauth_enabled(): boolean;
|
|
|
39
51
|
* @returns true if email/password login is enabled in config
|
|
40
52
|
*/
|
|
41
53
|
export declare function is_email_password_enabled(): boolean;
|
|
54
|
+
/**
|
|
55
|
+
* Helper to check if Facebook OAuth is enabled and credentials are present
|
|
56
|
+
* @returns true if Facebook OAuth is enabled and env vars are set
|
|
57
|
+
*/
|
|
58
|
+
export declare function is_facebook_oauth_enabled(): boolean;
|
|
42
59
|
//# sourceMappingURL=oauth_config.server.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/oauth_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GAAG;IACxB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,8CAA8C;IAC9C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,4EAA4E;IAC5E,6BAA6B,EAAE,OAAO,CAAC;IACvC,kDAAkD;IAClD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,0EAA0E;IAC1E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,MAAM,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,qBAAqB,EAAE,OAAO,CAAC;IAC/B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"oauth_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/oauth_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GAAG;IACxB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,kCAAkC;IAClC,eAAe,EAAE,OAAO,CAAC;IACzB,8CAA8C;IAC9C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,4EAA4E;IAC5E,6BAA6B,EAAE,OAAO,CAAC;IACvC,oGAAoG;IACpG,oCAAoC,EAAE,OAAO,CAAC;IAC9C,8EAA8E;IAC9E,sCAAsC,EAAE,OAAO,CAAC;IAChD,kDAAkD;IAClD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oDAAoD;IACpD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0EAA0E;IAC1E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,MAAM,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,qBAAqB,EAAE,OAAO,CAAC;IAC/B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,yDAAyD;IACzD,kBAAkB,EAAE,MAAM,GAAG,SAAS,CAAC;IACvC,iEAAiE;IACjE,sBAAsB,EAAE,MAAM,GAAG,SAAS,CAAC;CAC5C,CAAC;AAMF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAoH9C;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAEjD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAMnD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAInD"}
|
|
@@ -14,9 +14,16 @@ const SECTION_NAME = "hazo_auth__oauth";
|
|
|
14
14
|
*/
|
|
15
15
|
export function get_oauth_config() {
|
|
16
16
|
const enable_google = get_config_boolean(SECTION_NAME, "enable_google", DEFAULT_OAUTH.enable_google);
|
|
17
|
+
const enable_facebook = get_config_boolean(SECTION_NAME, "enable_facebook", false);
|
|
17
18
|
const enable_email_password = get_config_boolean(SECTION_NAME, "enable_email_password", DEFAULT_OAUTH.enable_email_password);
|
|
19
|
+
// Generic key (backward compat)
|
|
18
20
|
const auto_link_unverified_accounts = get_config_boolean(SECTION_NAME, "auto_link_unverified_accounts", DEFAULT_OAUTH.auto_link_unverified_accounts);
|
|
21
|
+
// Per-provider Google key (falls back to generic)
|
|
22
|
+
const auto_link_unverified_accounts_google = get_config_boolean(SECTION_NAME, "auto_link_unverified_accounts_google", auto_link_unverified_accounts);
|
|
23
|
+
// Per-provider Facebook key (defaults to false — don't auto-link Facebook unverified)
|
|
24
|
+
const auto_link_unverified_accounts_facebook = get_config_boolean(SECTION_NAME, "auto_link_unverified_accounts_facebook", false);
|
|
19
25
|
const google_button_text = get_config_value(SECTION_NAME, "google_button_text", DEFAULT_OAUTH.google_button_text);
|
|
26
|
+
const facebook_button_text = get_config_value(SECTION_NAME, "facebook_button_text", "Continue with Facebook");
|
|
20
27
|
const oauth_divider_text = get_config_value(SECTION_NAME, "oauth_divider_text", DEFAULT_OAUTH.oauth_divider_text);
|
|
21
28
|
const sign_in_page = get_config_value(SECTION_NAME, "sign_in_page", DEFAULT_OAUTH.sign_in_page);
|
|
22
29
|
const error_page = get_config_value(SECTION_NAME, "error_page", DEFAULT_OAUTH.error_page);
|
|
@@ -24,11 +31,17 @@ export function get_oauth_config() {
|
|
|
24
31
|
const default_redirect = get_config_value(SECTION_NAME, "default_redirect", DEFAULT_OAUTH.default_redirect);
|
|
25
32
|
const skip_invitation_check = get_config_boolean(SECTION_NAME, "skip_invitation_check", DEFAULT_OAUTH.skip_invitation_check);
|
|
26
33
|
const no_scope_redirect = get_config_value(SECTION_NAME, "no_scope_redirect", DEFAULT_OAUTH.no_scope_redirect);
|
|
34
|
+
const facebook_client_id = process.env.HAZO_AUTH_FACEBOOK_APP_ID;
|
|
35
|
+
const facebook_client_secret = process.env.HAZO_AUTH_FACEBOOK_APP_SECRET;
|
|
27
36
|
return {
|
|
28
37
|
enable_google,
|
|
38
|
+
enable_facebook,
|
|
29
39
|
enable_email_password,
|
|
30
40
|
auto_link_unverified_accounts,
|
|
41
|
+
auto_link_unverified_accounts_google,
|
|
42
|
+
auto_link_unverified_accounts_facebook,
|
|
31
43
|
google_button_text,
|
|
44
|
+
facebook_button_text,
|
|
32
45
|
oauth_divider_text,
|
|
33
46
|
sign_in_page,
|
|
34
47
|
error_page,
|
|
@@ -36,6 +49,8 @@ export function get_oauth_config() {
|
|
|
36
49
|
default_redirect,
|
|
37
50
|
skip_invitation_check,
|
|
38
51
|
no_scope_redirect,
|
|
52
|
+
facebook_client_id,
|
|
53
|
+
facebook_client_secret,
|
|
39
54
|
};
|
|
40
55
|
}
|
|
41
56
|
/**
|
|
@@ -52,3 +67,13 @@ export function is_google_oauth_enabled() {
|
|
|
52
67
|
export function is_email_password_enabled() {
|
|
53
68
|
return get_config_boolean(SECTION_NAME, "enable_email_password", DEFAULT_OAUTH.enable_email_password);
|
|
54
69
|
}
|
|
70
|
+
/**
|
|
71
|
+
* Helper to check if Facebook OAuth is enabled and credentials are present
|
|
72
|
+
* @returns true if Facebook OAuth is enabled and env vars are set
|
|
73
|
+
*/
|
|
74
|
+
export function is_facebook_oauth_enabled() {
|
|
75
|
+
const enabled = get_config_boolean(SECTION_NAME, "enable_facebook", false);
|
|
76
|
+
if (!enabled)
|
|
77
|
+
return false;
|
|
78
|
+
return !!(process.env.HAZO_AUTH_FACEBOOK_APP_ID && process.env.HAZO_AUTH_FACEBOOK_APP_SECRET);
|
|
79
|
+
}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
import "server-only";
|
|
2
|
+
export declare const OTP_CONFIG_DEFAULTS: {
|
|
3
|
+
readonly auto_register: false;
|
|
4
|
+
readonly code_ttl_seconds: 600;
|
|
5
|
+
readonly session_ttl_seconds: 604800;
|
|
6
|
+
readonly slide_when_within_seconds: 86400;
|
|
7
|
+
readonly email_rate_limit_max: 3;
|
|
8
|
+
readonly email_rate_limit_window_seconds: 900;
|
|
9
|
+
readonly ip_rate_limit_max: 20;
|
|
10
|
+
readonly ip_rate_limit_window_seconds: 3600;
|
|
11
|
+
readonly max_verify_attempts: 5;
|
|
12
|
+
readonly auto_assign_scope_id: "00000000-0000-0000-0000-000000000001";
|
|
13
|
+
readonly auto_assign_role_name: "member";
|
|
14
|
+
};
|
|
15
|
+
export type OtpConfig = {
|
|
16
|
+
/** Whether to automatically register a new user when an unrecognised email requests an OTP */
|
|
17
|
+
auto_register: boolean;
|
|
18
|
+
/** How long (seconds) a generated OTP code is valid */
|
|
19
|
+
code_ttl_seconds: number;
|
|
20
|
+
/** How long (seconds) the session created after successful OTP verification lasts */
|
|
21
|
+
session_ttl_seconds: number;
|
|
22
|
+
/** Slide the session expiry when the remaining TTL falls below this many seconds */
|
|
23
|
+
slide_when_within_seconds: number;
|
|
24
|
+
/** Maximum OTP requests allowed per email address within the rate-limit window */
|
|
25
|
+
email_rate_limit_max: number;
|
|
26
|
+
/** Rate-limit window (seconds) for per-email OTP requests */
|
|
27
|
+
email_rate_limit_window_seconds: number;
|
|
28
|
+
/** Maximum OTP requests allowed per IP address within the rate-limit window */
|
|
29
|
+
ip_rate_limit_max: number;
|
|
30
|
+
/** Rate-limit window (seconds) for per-IP OTP requests */
|
|
31
|
+
ip_rate_limit_window_seconds: number;
|
|
32
|
+
/** Maximum failed verify attempts before the OTP code is invalidated */
|
|
33
|
+
max_verify_attempts: number;
|
|
34
|
+
/** Scope ID to auto-assign a newly registered OTP user to */
|
|
35
|
+
auto_assign_scope_id: string;
|
|
36
|
+
/** Role name to assign within the auto-assign scope */
|
|
37
|
+
auto_assign_role_name: string;
|
|
38
|
+
};
|
|
39
|
+
/**
|
|
40
|
+
* Reads OTP configuration from hazo_auth_config.ini [hazo_auth__otp] section.
|
|
41
|
+
* Falls back to defaults if the config file or section is missing.
|
|
42
|
+
*/
|
|
43
|
+
export declare function get_otp_config(): OtpConfig;
|
|
44
|
+
/**
|
|
45
|
+
* Convenience accessor — returns just the session TTL seconds from OTP config.
|
|
46
|
+
* Suitable for passing to token-creation utilities.
|
|
47
|
+
*/
|
|
48
|
+
export declare function hazo_auth_otp_session_ttl_seconds(): number;
|
|
49
|
+
//# sourceMappingURL=otp_config.server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"otp_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/otp_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,eAAO,MAAM,mBAAmB;;;;;;;;;;;;CAYtB,CAAC;AAGX,MAAM,MAAM,SAAS,GAAG;IACtB,8FAA8F;IAC9F,aAAa,EAAE,OAAO,CAAC;IACvB,uDAAuD;IACvD,gBAAgB,EAAE,MAAM,CAAC;IACzB,qFAAqF;IACrF,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oFAAoF;IACpF,yBAAyB,EAAE,MAAM,CAAC;IAClC,kFAAkF;IAClF,oBAAoB,EAAE,MAAM,CAAC;IAC7B,6DAA6D;IAC7D,+BAA+B,EAAE,MAAM,CAAC;IACxC,+EAA+E;IAC/E,iBAAiB,EAAE,MAAM,CAAC;IAC1B,0DAA0D;IAC1D,4BAA4B,EAAE,MAAM,CAAC;IACrC,wEAAwE;IACxE,mBAAmB,EAAE,MAAM,CAAC;IAC5B,6DAA6D;IAC7D,oBAAoB,EAAE,MAAM,CAAC;IAC7B,uDAAuD;IACvD,qBAAqB,EAAE,MAAM,CAAC;CAC/B,CAAC;AAGF;;;GAGG;AACH,wBAAgB,cAAc,IAAI,SAAS,CA6B1C;AAED;;;GAGG;AACH,wBAAgB,iCAAiC,IAAI,MAAM,CAE1D"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
// file_description: server-only helper to read OTP sign-in configuration from hazo_auth_config.ini
|
|
2
|
+
// section: server-only-guard
|
|
3
|
+
import "server-only";
|
|
4
|
+
// section: imports
|
|
5
|
+
import { get_config_value, get_config_boolean, get_config_number } from "./config/config_loader.server.js";
|
|
6
|
+
// section: defaults
|
|
7
|
+
export const OTP_CONFIG_DEFAULTS = {
|
|
8
|
+
auto_register: false,
|
|
9
|
+
code_ttl_seconds: 600,
|
|
10
|
+
session_ttl_seconds: 604800,
|
|
11
|
+
slide_when_within_seconds: 86400,
|
|
12
|
+
email_rate_limit_max: 3,
|
|
13
|
+
email_rate_limit_window_seconds: 900,
|
|
14
|
+
ip_rate_limit_max: 20,
|
|
15
|
+
ip_rate_limit_window_seconds: 3600,
|
|
16
|
+
max_verify_attempts: 5,
|
|
17
|
+
auto_assign_scope_id: "00000000-0000-0000-0000-000000000001",
|
|
18
|
+
auto_assign_role_name: "member",
|
|
19
|
+
};
|
|
20
|
+
// section: helpers
|
|
21
|
+
/**
|
|
22
|
+
* Reads OTP configuration from hazo_auth_config.ini [hazo_auth__otp] section.
|
|
23
|
+
* Falls back to defaults if the config file or section is missing.
|
|
24
|
+
*/
|
|
25
|
+
export function get_otp_config() {
|
|
26
|
+
const section = "hazo_auth__otp";
|
|
27
|
+
const d = OTP_CONFIG_DEFAULTS;
|
|
28
|
+
return {
|
|
29
|
+
auto_register: get_config_boolean(section, "otp_auto_register", d.auto_register),
|
|
30
|
+
code_ttl_seconds: get_config_number(section, "otp_code_ttl_seconds", d.code_ttl_seconds),
|
|
31
|
+
session_ttl_seconds: get_config_number(section, "otp_session_ttl_seconds", d.session_ttl_seconds),
|
|
32
|
+
slide_when_within_seconds: get_config_number(section, "otp_slide_when_within_seconds", d.slide_when_within_seconds),
|
|
33
|
+
email_rate_limit_max: get_config_number(section, "otp_email_rate_limit_max", d.email_rate_limit_max),
|
|
34
|
+
email_rate_limit_window_seconds: get_config_number(section, "otp_email_rate_limit_window_seconds", d.email_rate_limit_window_seconds),
|
|
35
|
+
ip_rate_limit_max: get_config_number(section, "otp_ip_rate_limit_max", d.ip_rate_limit_max),
|
|
36
|
+
ip_rate_limit_window_seconds: get_config_number(section, "otp_ip_rate_limit_window_seconds", d.ip_rate_limit_window_seconds),
|
|
37
|
+
max_verify_attempts: get_config_number(section, "otp_max_verify_attempts", d.max_verify_attempts),
|
|
38
|
+
auto_assign_scope_id: get_config_value(section, "otp_auto_assign_scope_id", d.auto_assign_scope_id),
|
|
39
|
+
auto_assign_role_name: get_config_value(section, "otp_auto_assign_role_name", d.auto_assign_role_name),
|
|
40
|
+
};
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Convenience accessor — returns just the session TTL seconds from OTP config.
|
|
44
|
+
* Suitable for passing to token-creation utilities.
|
|
45
|
+
*/
|
|
46
|
+
export function hazo_auth_otp_session_ttl_seconds() {
|
|
47
|
+
return get_otp_config().session_ttl_seconds;
|
|
48
|
+
}
|
|
@@ -15,14 +15,13 @@ export type RegisterConfig = {
|
|
|
15
15
|
returnHomePath: string;
|
|
16
16
|
signInPath: string;
|
|
17
17
|
signInLabel: string;
|
|
18
|
-
imageSrc: string;
|
|
19
|
-
imageAlt: string;
|
|
20
|
-
imageBackgroundColor: string;
|
|
21
18
|
/** OAuth configuration */
|
|
22
19
|
oauth: {
|
|
23
20
|
enable_google: boolean;
|
|
21
|
+
enable_facebook: boolean;
|
|
24
22
|
enable_email_password: boolean;
|
|
25
23
|
google_button_text: string;
|
|
24
|
+
facebook_button_text: string;
|
|
26
25
|
oauth_divider_text: string;
|
|
27
26
|
};
|
|
28
27
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/register_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"register_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/register_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAUrB,MAAM,MAAM,cAAc,GAAG;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,KAAK,EAAE;QACL,aAAa,EAAE,OAAO,CAAC;QACvB,eAAe,EAAE,OAAO,CAAC;QACzB,qBAAqB,EAAE,OAAO,CAAC;QAC/B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,oBAAoB,EAAE,MAAM,CAAC;QAC7B,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,cAAc,CAgEpD"}
|
|
@@ -7,10 +7,6 @@ import { get_password_requirements_config } from "./password_requirements_config
|
|
|
7
7
|
import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
|
|
8
8
|
import { get_user_fields_config } from "./user_fields_config.server.js";
|
|
9
9
|
import { get_oauth_config } from "./oauth_config.server.js";
|
|
10
|
-
// Default image path - consuming apps should either:
|
|
11
|
-
// 1. Configure their own image_src in hazo_auth_config.ini
|
|
12
|
-
// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
|
|
13
|
-
const DEFAULT_REGISTER_IMAGE_PATH = "/hazo_auth/images/register_default.jpg";
|
|
14
10
|
// section: helpers
|
|
15
11
|
/**
|
|
16
12
|
* Reads register layout configuration from hazo_auth_config.ini file
|
|
@@ -32,16 +28,12 @@ export function get_register_config() {
|
|
|
32
28
|
// Read sign in link configuration
|
|
33
29
|
const signInPath = get_config_value("hazo_auth__register_layout", "sign_in_path", "/hazo_auth/login");
|
|
34
30
|
const signInLabel = get_config_value("hazo_auth__register_layout", "sign_in_label", "Sign in");
|
|
35
|
-
// Read image configuration
|
|
36
|
-
// If not set in config, falls back to default path-based image
|
|
37
|
-
// Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
|
|
38
|
-
const imageSrc = get_config_value("hazo_auth__register_layout", "image_src", DEFAULT_REGISTER_IMAGE_PATH);
|
|
39
|
-
const imageAlt = get_config_value("hazo_auth__register_layout", "image_alt", "Modern building representing user registration");
|
|
40
|
-
const imageBackgroundColor = get_config_value("hazo_auth__register_layout", "image_background_color", "#e2e8f0");
|
|
41
31
|
// Get OAuth configuration (shared with login)
|
|
42
32
|
const oauthConfig = get_oauth_config();
|
|
43
33
|
// For the register page, default button text to "Sign up with Google" unless overridden
|
|
44
34
|
const registerGoogleButtonText = get_config_value("hazo_auth__oauth", "google_button_text_register", "Sign up with Google");
|
|
35
|
+
// For the register page, default Facebook button text to "Sign up with Facebook" unless overridden
|
|
36
|
+
const registerFacebookButtonText = get_config_value("hazo_auth__oauth", "facebook_button_text_register", "Sign up with Facebook");
|
|
45
37
|
return {
|
|
46
38
|
showNameField,
|
|
47
39
|
passwordRequirements,
|
|
@@ -52,13 +44,12 @@ export function get_register_config() {
|
|
|
52
44
|
returnHomePath: alreadyLoggedInConfig.returnHomePath,
|
|
53
45
|
signInPath,
|
|
54
46
|
signInLabel,
|
|
55
|
-
imageSrc,
|
|
56
|
-
imageAlt,
|
|
57
|
-
imageBackgroundColor,
|
|
58
47
|
oauth: {
|
|
59
48
|
enable_google: oauthConfig.enable_google,
|
|
49
|
+
enable_facebook: oauthConfig.enable_facebook,
|
|
60
50
|
enable_email_password: oauthConfig.enable_email_password,
|
|
61
51
|
google_button_text: registerGoogleButtonText,
|
|
52
|
+
facebook_button_text: registerFacebookButtonText,
|
|
62
53
|
oauth_divider_text: oauthConfig.oauth_divider_text,
|
|
63
54
|
},
|
|
64
55
|
};
|
|
@@ -16,9 +16,6 @@ export type ResetPasswordConfig = {
|
|
|
16
16
|
require_number: boolean;
|
|
17
17
|
require_special: boolean;
|
|
18
18
|
};
|
|
19
|
-
imageSrc: string;
|
|
20
|
-
imageAlt: string;
|
|
21
|
-
imageBackgroundColor: string;
|
|
22
19
|
};
|
|
23
20
|
/**
|
|
24
21
|
* Reads reset password layout configuration from hazo_auth_config.ini file
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"reset_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/reset_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"reset_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/reset_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAQrB,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,yBAAyB,IAAI,mBAAmB,CAyC/D"}
|
|
@@ -5,10 +5,6 @@ import "server-only";
|
|
|
5
5
|
import { get_config_value } from "./config/config_loader.server.js";
|
|
6
6
|
import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
|
|
7
7
|
import { get_password_requirements_config } from "./password_requirements_config.server.js";
|
|
8
|
-
// Default image path - consuming apps should either:
|
|
9
|
-
// 1. Configure their own image_src in hazo_auth_config.ini
|
|
10
|
-
// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
|
|
11
|
-
const DEFAULT_RESET_PASSWORD_IMAGE_PATH = "/hazo_auth/images/reset_password_default.jpg";
|
|
12
8
|
// section: helpers
|
|
13
9
|
/**
|
|
14
10
|
* Reads reset password layout configuration from hazo_auth_config.ini file
|
|
@@ -29,12 +25,6 @@ export function get_reset_password_config() {
|
|
|
29
25
|
const forgotPasswordPath = get_config_value(section, "forgot_password_path", "/hazo_auth/forgot_password");
|
|
30
26
|
// Get shared password requirements
|
|
31
27
|
const passwordRequirements = get_password_requirements_config();
|
|
32
|
-
// Read image configuration
|
|
33
|
-
// If not set in config, falls back to default path-based image
|
|
34
|
-
// Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
|
|
35
|
-
const imageSrc = get_config_value(section, "image_src", DEFAULT_RESET_PASSWORD_IMAGE_PATH);
|
|
36
|
-
const imageAlt = get_config_value(section, "image_alt", "Reset password illustration");
|
|
37
|
-
const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
|
|
38
28
|
return {
|
|
39
29
|
errorMessage,
|
|
40
30
|
successMessage,
|
|
@@ -46,8 +36,5 @@ export function get_reset_password_config() {
|
|
|
46
36
|
returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
|
|
47
37
|
returnHomePath: alreadyLoggedInConfig.returnHomePath,
|
|
48
38
|
passwordRequirements,
|
|
49
|
-
imageSrc,
|
|
50
|
-
imageAlt,
|
|
51
|
-
imageBackgroundColor,
|
|
52
39
|
};
|
|
53
40
|
}
|
|
@@ -7,7 +7,7 @@ export type EmailOptions = {
|
|
|
7
7
|
html_body?: string;
|
|
8
8
|
text_body?: string;
|
|
9
9
|
};
|
|
10
|
-
export type EmailTemplateType = "forgot_password" | "email_verification" | "password_changed";
|
|
10
|
+
export type EmailTemplateType = "forgot_password" | "email_verification" | "password_changed" | "otp_signin_code";
|
|
11
11
|
export type EmailTemplateData = {
|
|
12
12
|
token?: string;
|
|
13
13
|
verification_url?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"email_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_service.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAoB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAGxE,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"email_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_service.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAoB,MAAM,aAAa,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAGxE,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,kBAAkB,GAAG,iBAAiB,CAAC;AAElH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACnC,CAAC;AAiBF;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,aAAa,GAAG,IAAI,CAEpE;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAE3E;AAgMD;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwErG;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,mBAAmB,CACvC,aAAa,EAAE,iBAAiB,EAChC,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,iBAAiB,GACtB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAyF/C"}
|
|
@@ -200,6 +200,8 @@ function get_email_subject(template_type) {
|
|
|
200
200
|
return "Reset Your Password";
|
|
201
201
|
case "password_changed":
|
|
202
202
|
return "Password Changed Successfully";
|
|
203
|
+
case "otp_signin_code":
|
|
204
|
+
return "Your sign-in code";
|
|
203
205
|
default:
|
|
204
206
|
return "Email from hazo_auth";
|
|
205
207
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"email_template_manifest.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_template_manifest.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAiB3E;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,EAAE,sBAAsB,
|
|
1
|
+
{"version":3,"file":"email_template_manifest.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_template_manifest.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAiB3E;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,EAAE,sBAAsB,EAwF/D,CAAC"}
|
|
@@ -92,4 +92,21 @@ export const hazo_auth_template_manifest = [
|
|
|
92
92
|
},
|
|
93
93
|
],
|
|
94
94
|
},
|
|
95
|
+
{
|
|
96
|
+
template_name: "otp_signin_code",
|
|
97
|
+
template_label: "OTP sign-in code",
|
|
98
|
+
category: SYSTEM_CATEGORY,
|
|
99
|
+
html: read_template("otp_signin_code", "html"),
|
|
100
|
+
text: read_template("otp_signin_code", "txt"),
|
|
101
|
+
variables: [
|
|
102
|
+
{
|
|
103
|
+
variable_name: "otp_code",
|
|
104
|
+
variable_description: "6-digit OTP code for email sign-in (v6.1.0+)",
|
|
105
|
+
},
|
|
106
|
+
{
|
|
107
|
+
variable_name: "expires_in_minutes",
|
|
108
|
+
variable_description: "Number of minutes until the OTP code expires",
|
|
109
|
+
},
|
|
110
|
+
],
|
|
111
|
+
},
|
|
95
112
|
];
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html>
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="UTF-8">
|
|
5
|
+
<title>Your sign-in code</title>
|
|
6
|
+
</head>
|
|
7
|
+
<body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
|
|
8
|
+
<p>Your sign-in code is:</p>
|
|
9
|
+
<p style="font-size: 28px; font-weight: bold; letter-spacing: 0.2em; font-family: monospace; margin: 16px 0;">{{otp_code}}</p>
|
|
10
|
+
<p>This code expires in {{expires_in_minutes}} minutes.</p>
|
|
11
|
+
<p style="color: #666; font-size: 12px;">If you didn't request this code, you can safely ignore this email.</p>
|
|
12
|
+
</body>
|
|
13
|
+
</html>
|
|
@@ -18,4 +18,6 @@ export * from "./scope_service.js";
|
|
|
18
18
|
export * from "./user_scope_service.js";
|
|
19
19
|
export * from "./oauth_service.js";
|
|
20
20
|
export * from "./branding_service.js";
|
|
21
|
+
export { request_email_otp, verify_email_otp, generate_otp_code, hash_otp_code, verify_otp_code, } from "./otp_service.js";
|
|
22
|
+
export type { RequestEmailOTPResult, VerifyEmailOTPResult } from "./otp_service";
|
|
21
23
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/services/index.ts"],"names":[],"mappings":"AAEA,cAAc,iBAAiB,CAAC;AAChC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,iBAAiB,CAAC;AAChC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/services/index.ts"],"names":[],"mappings":"AAEA,cAAc,iBAAiB,CAAC;AAChC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,iBAAiB,CAAC;AAChC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,eAAe,GAChB,MAAM,eAAe,CAAC;AACvB,YAAY,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC"}
|
|
@@ -20,3 +20,4 @@ export * from "./scope_service.js";
|
|
|
20
20
|
export * from "./user_scope_service.js";
|
|
21
21
|
export * from "./oauth_service.js";
|
|
22
22
|
export * from "./branding_service.js";
|
|
23
|
+
export { request_email_otp, verify_email_otp, generate_otp_code, hash_otp_code, verify_otp_code, } from "./otp_service.js";
|
|
@@ -24,6 +24,16 @@ export type OAuthLoginResult = {
|
|
|
24
24
|
name?: string;
|
|
25
25
|
error?: string;
|
|
26
26
|
};
|
|
27
|
+
export type FacebookOAuthData = {
|
|
28
|
+
/** Facebook's unique user ID */
|
|
29
|
+
facebook_id: string;
|
|
30
|
+
/** User's email address from Facebook (may be null if user denied email permission) */
|
|
31
|
+
email: string | null;
|
|
32
|
+
/** User's full name from Facebook profile */
|
|
33
|
+
name?: string;
|
|
34
|
+
/** User's profile picture URL from Facebook */
|
|
35
|
+
profile_picture_url?: string;
|
|
36
|
+
};
|
|
27
37
|
export type LinkGoogleResult = {
|
|
28
38
|
success: boolean;
|
|
29
39
|
error?: string;
|
|
@@ -45,6 +55,20 @@ export type AuthProvidersResult = {
|
|
|
45
55
|
* @returns OAuth login result with user_id and status flags
|
|
46
56
|
*/
|
|
47
57
|
export declare function handle_google_oauth_login(adapter: HazoConnectAdapter, data: GoogleOAuthData): Promise<OAuthLoginResult>;
|
|
58
|
+
/**
|
|
59
|
+
* Handles Facebook OAuth login/registration flow
|
|
60
|
+
* 1. Check if user exists with facebook_id -> login
|
|
61
|
+
* 2. Check if user exists with email -> link Facebook account (respects auto_link_unverified)
|
|
62
|
+
* 3. Create new user with Facebook data (email_verified always false — never trust Facebook)
|
|
63
|
+
*
|
|
64
|
+
* @param adapter - The hazo_connect adapter instance
|
|
65
|
+
* @param data - Facebook OAuth user data
|
|
66
|
+
* @param opts - Options (auto_link_unverified: whether to link unverified accounts)
|
|
67
|
+
* @returns OAuth login result with user_id and status flags
|
|
68
|
+
*/
|
|
69
|
+
export declare function handle_facebook_oauth_login(adapter: HazoConnectAdapter, data: FacebookOAuthData, opts?: {
|
|
70
|
+
auto_link_unverified?: boolean;
|
|
71
|
+
}): Promise<OAuthLoginResult>;
|
|
48
72
|
/**
|
|
49
73
|
* Links a Google account to an existing user
|
|
50
74
|
* @param adapter - The hazo_connect adapter instance
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/oauth_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AASvD,MAAM,MAAM,eAAe,GAAG;IAC5B,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6CAA6C;IAC7C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,6CAA6C;IAC7C,cAAc,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uDAAuD;IACvD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;;;GASG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,eAAe,GACpB,OAAO,CAAC,gBAAgB,CAAC,CAiL3B;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,CAAC,CAgE3B;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,kBAAkB,EAC3B,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CA2C9B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA0D/C"}
|
|
1
|
+
{"version":3,"file":"oauth_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/oauth_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AASvD,MAAM,MAAM,eAAe,GAAG;IAC5B,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6CAA6C;IAC7C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,6CAA6C;IAC7C,cAAc,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uDAAuD;IACvD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,uFAAuF;IACvF,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,6CAA6C;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAE9B,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;;;GASG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,eAAe,GACpB,OAAO,CAAC,gBAAgB,CAAC,CAiL3B;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,iBAAiB,EACvB,IAAI,CAAC,EAAE;IAAE,oBAAoB,CAAC,EAAE,OAAO,CAAA;CAAE,GACxC,OAAO,CAAC,gBAAgB,CAAC,CAwK3B;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,CAAC,CAgE3B;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,kBAAkB,EAC3B,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CA2C9B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA0D/C"}
|