hazo_auth 6.1.1 → 7.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +65 -167
- package/SETUP_CHECKLIST.md +28 -100
- package/cli-src/cli/generate.ts +1 -10
- package/cli-src/cli/validate.ts +0 -4
- package/cli-src/lib/auth/auth_types.ts +12 -21
- package/cli-src/lib/auth/hazo_get_tenant_auth.server.ts +24 -25
- package/cli-src/lib/auth/index.ts +2 -2
- package/cli-src/lib/auth/nextauth_config.ts +61 -1
- package/cli-src/lib/auth/with_auth.server.ts +15 -15
- package/cli-src/lib/config/default_config.ts +8 -0
- package/cli-src/lib/cookies_config.server.ts +1 -1
- package/cli-src/lib/login_config.server.ts +2 -18
- package/cli-src/lib/oauth_config.server.ts +32 -0
- package/cli-src/lib/register_config.server.ts +4 -0
- package/cli-src/lib/services/email_template_manifest.ts +0 -17
- package/cli-src/lib/services/index.ts +2 -8
- package/cli-src/lib/services/oauth_service.ts +143 -0
- package/cli-src/lib/services/otp_service.ts +7 -2
- package/cli-src/lib/services/session_token_service.ts +0 -2
- package/config/hazo_auth_config.example.ini +0 -38
- package/dist/cli/generate.d.ts.map +1 -1
- package/dist/cli/generate.js +1 -10
- package/dist/cli/validate.d.ts.map +1 -1
- package/dist/cli/validate.js +0 -4
- package/dist/client.d.ts +0 -2
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +0 -1
- package/dist/components/layouts/login/index.d.ts +5 -7
- package/dist/components/layouts/login/index.d.ts.map +1 -1
- package/dist/components/layouts/login/index.js +5 -2
- package/dist/components/layouts/otp/index.d.ts +12 -1
- package/dist/components/layouts/otp/index.d.ts.map +1 -1
- package/dist/components/layouts/otp/index.js +4 -2
- package/dist/components/layouts/register/index.d.ts +4 -0
- package/dist/components/layouts/register/index.d.ts.map +1 -1
- package/dist/components/layouts/register/index.js +4 -1
- package/dist/components/layouts/shared/components/facebook_sign_in_button.d.ts +21 -0
- package/dist/components/layouts/shared/components/facebook_sign_in_button.d.ts.map +1 -0
- package/dist/components/layouts/shared/components/facebook_sign_in_button.js +47 -0
- package/dist/components/layouts/shared/components/sidebar_layout_wrapper.d.ts.map +1 -1
- package/dist/components/layouts/shared/components/sidebar_layout_wrapper.js +3 -8
- package/dist/components/layouts/shared/index.d.ts +2 -0
- package/dist/components/layouts/shared/index.d.ts.map +1 -1
- package/dist/components/layouts/shared/index.js +1 -0
- package/dist/components/layouts/user_management/index.d.ts.map +1 -1
- package/dist/components/layouts/user_management/index.js +39 -2
- package/dist/consent/consent_state.d.ts +18 -0
- package/dist/consent/consent_state.d.ts.map +1 -0
- package/dist/consent/consent_state.js +29 -0
- package/dist/consent/cookie_consent_banner.d.ts +11 -0
- package/dist/consent/cookie_consent_banner.d.ts.map +1 -0
- package/dist/consent/cookie_consent_banner.js +40 -0
- package/dist/consent/gtm_mapping.d.ts +13 -0
- package/dist/consent/gtm_mapping.d.ts.map +1 -0
- package/dist/consent/gtm_mapping.js +30 -0
- package/dist/consent/index.d.ts +7 -0
- package/dist/consent/index.d.ts.map +1 -0
- package/dist/consent/index.js +7 -0
- package/dist/consent/manage_modal.d.ts +2 -0
- package/dist/consent/manage_modal.d.ts.map +1 -0
- package/dist/consent/manage_modal.js +33 -0
- package/dist/consent/read_consent.d.ts +15 -0
- package/dist/consent/read_consent.d.ts.map +1 -0
- package/dist/consent/read_consent.js +23 -0
- package/dist/consent/use_consent.d.ts +7 -0
- package/dist/consent/use_consent.d.ts.map +1 -0
- package/dist/consent/use_consent.js +55 -0
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/lib/auth/auth_types.d.ts +12 -13
- package/dist/lib/auth/auth_types.d.ts.map +1 -1
- package/dist/lib/auth/auth_types.js +0 -8
- package/dist/lib/auth/hazo_get_tenant_auth.server.d.ts +7 -8
- package/dist/lib/auth/hazo_get_tenant_auth.server.d.ts.map +1 -1
- package/dist/lib/auth/hazo_get_tenant_auth.server.js +22 -23
- package/dist/lib/auth/index.d.ts +2 -2
- package/dist/lib/auth/index.d.ts.map +1 -1
- package/dist/lib/auth/nextauth_config.d.ts.map +1 -1
- package/dist/lib/auth/nextauth_config.js +50 -1
- package/dist/lib/auth/with_auth.server.d.ts +13 -13
- package/dist/lib/auth/with_auth.server.d.ts.map +1 -1
- package/dist/lib/auth/with_auth.server.js +2 -2
- package/dist/lib/config/default_config.d.ts +16 -0
- package/dist/lib/config/default_config.d.ts.map +1 -1
- package/dist/lib/config/default_config.js +8 -0
- package/dist/lib/cookies_config.server.d.ts +1 -1
- package/dist/lib/cookies_config.server.js +1 -1
- package/dist/lib/login_config.server.d.ts +0 -6
- package/dist/lib/login_config.server.d.ts.map +1 -1
- package/dist/lib/login_config.server.js +2 -11
- package/dist/lib/oauth_config.server.d.ts +8 -0
- package/dist/lib/oauth_config.server.d.ts.map +1 -1
- package/dist/lib/oauth_config.server.js +10 -0
- package/dist/lib/register_config.server.d.ts +2 -0
- package/dist/lib/register_config.server.d.ts.map +1 -1
- package/dist/lib/register_config.server.js +2 -0
- package/dist/lib/services/email_template_manifest.d.ts.map +1 -1
- package/dist/lib/services/email_template_manifest.js +0 -17
- package/dist/lib/services/index.d.ts +0 -2
- package/dist/lib/services/index.d.ts.map +1 -1
- package/dist/lib/services/index.js +0 -1
- package/dist/lib/services/oauth_service.d.ts +13 -0
- package/dist/lib/services/oauth_service.d.ts.map +1 -1
- package/dist/lib/services/oauth_service.js +122 -0
- package/dist/lib/services/otp_service.d.ts +1 -1
- package/dist/lib/services/otp_service.d.ts.map +1 -1
- package/dist/lib/services/otp_service.js +6 -1
- package/dist/lib/services/session_token_service.d.ts +0 -2
- package/dist/lib/services/session_token_service.d.ts.map +1 -1
- package/dist/lib/services/session_token_service.js +0 -2
- package/dist/server/routes/assets.d.ts +8 -0
- package/dist/server/routes/assets.d.ts.map +1 -0
- package/dist/server/routes/assets.js +38 -0
- package/dist/server/routes/consent_me.d.ts +4 -0
- package/dist/server/routes/consent_me.d.ts.map +1 -0
- package/dist/server/routes/consent_me.js +15 -0
- package/dist/server/routes/index.d.ts +6 -3
- package/dist/server/routes/index.d.ts.map +1 -1
- package/dist/server/routes/index.js +9 -4
- package/dist/server/routes/me.d.ts.map +1 -1
- package/dist/server/routes/me.js +1 -43
- package/dist/server/routes/oauth_facebook_callback.d.ts +8 -0
- package/dist/server/routes/oauth_facebook_callback.d.ts.map +1 -0
- package/dist/server/routes/oauth_facebook_callback.js +164 -0
- package/dist/server/routes/otp/verify.js +2 -2
- package/dist/server/routes/strings_defaults.d.ts +4 -0
- package/dist/server/routes/strings_defaults.d.ts.map +1 -0
- package/dist/server/routes/strings_defaults.js +7 -0
- package/dist/server/routes/user_management_users.d.ts +11 -0
- package/dist/server/routes/user_management_users.d.ts.map +1 -1
- package/dist/server/routes/user_management_users.js +50 -0
- package/dist/server-lib.d.ts +0 -3
- package/dist/server-lib.d.ts.map +1 -1
- package/dist/server-lib.js +0 -2
- package/dist/server_pages/forgot_password.d.ts +1 -1
- package/dist/server_pages/forgot_password.d.ts.map +1 -1
- package/dist/server_pages/forgot_password.js +9 -3
- package/dist/server_pages/forgot_password_client_wrapper.d.ts +3 -1
- package/dist/server_pages/forgot_password_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/forgot_password_client_wrapper.js +2 -2
- package/dist/server_pages/index.d.ts +2 -0
- package/dist/server_pages/index.d.ts.map +1 -1
- package/dist/server_pages/index.js +1 -0
- package/dist/server_pages/login.d.ts +1 -1
- package/dist/server_pages/login.d.ts.map +1 -1
- package/dist/server_pages/login.js +12 -3
- package/dist/server_pages/login_client_wrapper.d.ts +4 -1
- package/dist/server_pages/login_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/login_client_wrapper.js +2 -2
- package/dist/server_pages/my_settings.d.ts +1 -1
- package/dist/server_pages/my_settings.d.ts.map +1 -1
- package/dist/server_pages/my_settings.js +1 -2
- package/dist/server_pages/otp.d.ts +16 -2
- package/dist/server_pages/otp.d.ts.map +1 -1
- package/dist/server_pages/otp.js +10 -3
- package/dist/server_pages/register.d.ts +1 -1
- package/dist/server_pages/register.d.ts.map +1 -1
- package/dist/server_pages/register.js +11 -3
- package/dist/server_pages/register_client_wrapper.d.ts +3 -1
- package/dist/server_pages/register_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/register_client_wrapper.js +2 -2
- package/dist/server_pages/reset_password.d.ts +1 -1
- package/dist/server_pages/reset_password.d.ts.map +1 -1
- package/dist/server_pages/reset_password.js +9 -3
- package/dist/server_pages/reset_password_client_wrapper.d.ts +3 -1
- package/dist/server_pages/reset_password_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/reset_password_client_wrapper.js +2 -2
- package/dist/server_pages/verify_email.d.ts +1 -1
- package/dist/server_pages/verify_email.d.ts.map +1 -1
- package/dist/server_pages/verify_email.js +8 -3
- package/dist/server_pages/verify_email_client_wrapper.d.ts +3 -1
- package/dist/server_pages/verify_email_client_wrapper.d.ts.map +1 -1
- package/dist/server_pages/verify_email_client_wrapper.js +2 -2
- package/dist/strings/default_strings.d.ts +47 -0
- package/dist/strings/default_strings.d.ts.map +1 -0
- package/dist/strings/default_strings.js +18 -0
- package/dist/strings/index.d.ts +4 -0
- package/dist/strings/index.d.ts.map +1 -0
- package/dist/strings/index.js +3 -0
- package/dist/strings/strings_context.d.ts +12 -0
- package/dist/strings/strings_context.d.ts.map +1 -0
- package/dist/strings/strings_context.js +23 -0
- package/dist/strings/strings_provider.d.ts +26 -0
- package/dist/strings/strings_provider.d.ts.map +1 -0
- package/dist/strings/strings_provider.js +45 -0
- package/dist/theme/create_theme.d.ts +7 -0
- package/dist/theme/create_theme.d.ts.map +1 -0
- package/dist/theme/create_theme.js +97 -0
- package/dist/theme/hex_to_hsl.d.ts +16 -0
- package/dist/theme/hex_to_hsl.d.ts.map +1 -0
- package/dist/theme/hex_to_hsl.js +110 -0
- package/dist/theme/index.d.ts +4 -0
- package/dist/theme/index.d.ts.map +1 -0
- package/dist/theme/index.js +3 -0
- package/dist/theme/luminance.d.ts +11 -0
- package/dist/theme/luminance.d.ts.map +1 -0
- package/dist/theme/luminance.js +45 -0
- package/dist/theme/theme_provider.d.ts +14 -0
- package/dist/theme/theme_provider.d.ts.map +1 -0
- package/dist/theme/theme_provider.js +23 -0
- package/dist/theme/theme_types.d.ts +36 -0
- package/dist/theme/theme_types.d.ts.map +1 -0
- package/dist/theme/theme_types.js +1 -0
- package/dist/themes/index.d.ts +2 -0
- package/dist/themes/index.d.ts.map +1 -0
- package/dist/themes/index.js +2 -0
- package/dist/themes/preset_neutral.d.ts +3 -0
- package/dist/themes/preset_neutral.d.ts.map +1 -0
- package/dist/themes/preset_neutral.js +14 -0
- package/package.json +25 -22
|
@@ -39,12 +39,12 @@ export function extract_scope_id_from_request(request, options) {
|
|
|
39
39
|
return cookie_value;
|
|
40
40
|
}
|
|
41
41
|
/**
|
|
42
|
-
* Builds
|
|
42
|
+
* Builds TenantOrganization from scope details and access info
|
|
43
43
|
* @param scope_details - Full scope details from cache
|
|
44
44
|
* @param is_super_admin - Whether user is accessing as super admin
|
|
45
|
-
* @returns
|
|
45
|
+
* @returns TenantOrganization object
|
|
46
46
|
*/
|
|
47
|
-
function
|
|
47
|
+
function build_tenant_organization(scope_details, is_super_admin) {
|
|
48
48
|
return {
|
|
49
49
|
id: scope_details.id,
|
|
50
50
|
name: scope_details.name,
|
|
@@ -67,21 +67,20 @@ function build_selected_scope(scope_details, is_super_admin) {
|
|
|
67
67
|
* Tenant-aware authentication function
|
|
68
68
|
*
|
|
69
69
|
* Extracts tenant/scope context from request headers or cookies,
|
|
70
|
-
* validates access, and returns enriched result
|
|
71
|
-
* selected scope.
|
|
70
|
+
* validates access, and returns enriched result with organization info.
|
|
72
71
|
*
|
|
73
72
|
* Header priority: X-Hazo-Scope-Id > Cookie
|
|
74
73
|
*
|
|
75
74
|
* @param request - NextRequest object
|
|
76
75
|
* @param options - TenantAuthOptions for customization
|
|
77
|
-
* @returns TenantAuthResult with user, permissions,
|
|
76
|
+
* @returns TenantAuthResult with user, permissions, organization, and user_scopes
|
|
78
77
|
*
|
|
79
78
|
* @example
|
|
80
79
|
* ```typescript
|
|
81
80
|
* const auth = await hazo_get_tenant_auth(request);
|
|
82
|
-
* if (auth.authenticated && auth.
|
|
81
|
+
* if (auth.authenticated && auth.organization) {
|
|
83
82
|
* // Access tenant-specific data
|
|
84
|
-
* const data = await getData(auth.
|
|
83
|
+
* const data = await getData(auth.organization.id);
|
|
85
84
|
* }
|
|
86
85
|
* ```
|
|
87
86
|
*/
|
|
@@ -99,8 +98,8 @@ export async function hazo_get_tenant_auth(request, options = {}) {
|
|
|
99
98
|
user: null,
|
|
100
99
|
permissions: [],
|
|
101
100
|
permission_ok: false,
|
|
102
|
-
|
|
103
|
-
|
|
101
|
+
organization: null,
|
|
102
|
+
organization_id: null,
|
|
104
103
|
user_scopes: [],
|
|
105
104
|
scope_ok: false,
|
|
106
105
|
};
|
|
@@ -111,20 +110,20 @@ export async function hazo_get_tenant_auth(request, options = {}) {
|
|
|
111
110
|
const cached = cache.get(auth_result.user.id);
|
|
112
111
|
// User scopes from cache or empty array
|
|
113
112
|
const user_scopes = (cached === null || cached === void 0 ? void 0 : cached.scopes) || [];
|
|
114
|
-
// Build
|
|
115
|
-
let
|
|
113
|
+
// Build organization info if scope access was successful
|
|
114
|
+
let organization = null;
|
|
116
115
|
if (scope_id && auth_result.scope_ok && auth_result.scope_access_via) {
|
|
117
116
|
// Find the scope in user's scopes that matches the access_via scope
|
|
118
117
|
const access_scope = user_scopes.find((s) => { var _a; return s.id === ((_a = auth_result.scope_access_via) === null || _a === void 0 ? void 0 : _a.scope_id); });
|
|
119
118
|
if (access_scope) {
|
|
120
|
-
|
|
119
|
+
organization = build_tenant_organization(access_scope, auth_result.scope_access_via.is_super_admin || false);
|
|
121
120
|
}
|
|
122
121
|
else if (auth_result.scope_access_via.is_super_admin) {
|
|
123
122
|
// Super admin accessing scope they're not assigned to - fetch scope details
|
|
124
123
|
const hazoConnect = get_hazo_connect_instance();
|
|
125
124
|
const scope_result = await get_scope_by_id(hazoConnect, scope_id);
|
|
126
125
|
if (scope_result.success && scope_result.scope) {
|
|
127
|
-
|
|
126
|
+
organization = {
|
|
128
127
|
id: scope_result.scope.id,
|
|
129
128
|
name: scope_result.scope.name,
|
|
130
129
|
slug: null, // Could fetch from scope if slug column exists
|
|
@@ -149,8 +148,8 @@ export async function hazo_get_tenant_auth(request, options = {}) {
|
|
|
149
148
|
permissions: auth_result.permissions,
|
|
150
149
|
permission_ok: auth_result.permission_ok,
|
|
151
150
|
missing_permissions: auth_result.missing_permissions,
|
|
152
|
-
|
|
153
|
-
|
|
151
|
+
organization,
|
|
152
|
+
organization_id: (organization === null || organization === void 0 ? void 0 : organization.id) || null,
|
|
154
153
|
user_scopes,
|
|
155
154
|
scope_ok: auth_result.scope_ok,
|
|
156
155
|
scope_access_via: auth_result.scope_access_via,
|
|
@@ -166,15 +165,15 @@ export async function hazo_get_tenant_auth(request, options = {}) {
|
|
|
166
165
|
*
|
|
167
166
|
* @param request - NextRequest object
|
|
168
167
|
* @param options - TenantAuthOptions for customization
|
|
169
|
-
* @returns RequiredTenantAuthResult with guaranteed non-null
|
|
168
|
+
* @returns RequiredTenantAuthResult with guaranteed non-null organization
|
|
170
169
|
* @throws AuthenticationRequiredError, TenantRequiredError, TenantAccessDeniedError
|
|
171
170
|
*
|
|
172
171
|
* @example
|
|
173
172
|
* ```typescript
|
|
174
173
|
* try {
|
|
175
174
|
* const auth = await require_tenant_auth(request);
|
|
176
|
-
* // auth.
|
|
177
|
-
* const data = await getData(auth.
|
|
175
|
+
* // auth.organization is guaranteed non-null here
|
|
176
|
+
* const data = await getData(auth.organization.id);
|
|
178
177
|
* } catch (error) {
|
|
179
178
|
* if (error instanceof HazoAuthError) {
|
|
180
179
|
* return NextResponse.json(
|
|
@@ -198,10 +197,10 @@ export async function require_tenant_auth(request, options = {}) {
|
|
|
198
197
|
if (scope_id && !result.scope_ok) {
|
|
199
198
|
throw new TenantAccessDeniedError(scope_id, result.user_scopes);
|
|
200
199
|
}
|
|
201
|
-
// Check if
|
|
202
|
-
if (!result.
|
|
203
|
-
throw new TenantRequiredError("No
|
|
200
|
+
// Check if organization context is required but missing
|
|
201
|
+
if (!result.organization) {
|
|
202
|
+
throw new TenantRequiredError("No organization context provided. Include X-Hazo-Scope-Id header or scope cookie.", result.user_scopes);
|
|
204
203
|
}
|
|
205
|
-
// Type assertion: at this point we know
|
|
204
|
+
// Type assertion: at this point we know organization is non-null
|
|
206
205
|
return result;
|
|
207
206
|
}
|
package/dist/lib/auth/index.d.ts
CHANGED
|
@@ -4,12 +4,12 @@ export { get_authenticated_user, require_auth, is_authenticated, } from "./auth_
|
|
|
4
4
|
export type { AuthResult, AuthUser } from "./auth_utils.server";
|
|
5
5
|
export { ensure_anon_id } from "./ensure_anon_id.server.js";
|
|
6
6
|
export { hazo_get_tenant_auth, require_tenant_auth, extract_scope_id_from_request, } from "./hazo_get_tenant_auth.server.js";
|
|
7
|
-
export type { ScopeDetails,
|
|
7
|
+
export type { ScopeDetails, TenantOrganization, TenantAuthOptions, TenantAuthResult, RequiredTenantAuthResult, } from "./auth_types";
|
|
8
8
|
export { HazoAuthError, AuthenticationRequiredError, TenantRequiredError, TenantAccessDeniedError, } from "./auth_types.js";
|
|
9
9
|
export { get_server_auth_user } from "./server_auth.js";
|
|
10
10
|
export type { ServerAuthResult } from "./server_auth";
|
|
11
11
|
export { withAuth, withOptionalAuth, hasPermission, hasAllPermissions, hasAnyPermission, requirePermission, requireAllPermissions, } from "./with_auth.server.js";
|
|
12
|
-
export type { AuthenticatedTenantAuth,
|
|
12
|
+
export type { AuthenticatedTenantAuth, AuthenticatedTenantAuthWithOrg, WithAuthOptions, } from "./with_auth.server";
|
|
13
13
|
export { get_auth_cache, reset_auth_cache } from "./auth_cache.js";
|
|
14
14
|
export { get_rate_limiter, reset_rate_limiter } from "./auth_rate_limiter.js";
|
|
15
15
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAC;AAG7B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAGzD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,6BAA6B,GAC9B,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAGtD,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,uBAAuB,EACvB,8BAA8B,EAC9B,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nextauth_config.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/nextauth_config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAW,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"nextauth_config.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/nextauth_config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAW,MAAM,WAAW,CAAC;AAatD,MAAM,MAAM,oBAAoB,GAAG;IACjC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,WAAW,CAkOjD;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,CAW7C"}
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
// ESM/CJS interop: next-auth providers are CommonJS, handle both export scenarios
|
|
2
2
|
import GoogleProviderImport from "next-auth/providers/google";
|
|
3
3
|
const GoogleProvider = GoogleProviderImport.default || GoogleProviderImport;
|
|
4
|
+
import FacebookProviderImport from "next-auth/providers/facebook";
|
|
5
|
+
const FacebookProvider = FacebookProviderImport.default || FacebookProviderImport;
|
|
4
6
|
import { get_oauth_config } from "../oauth_config.server.js";
|
|
5
7
|
import { handle_google_oauth_login } from "../services/oauth_service.js";
|
|
6
8
|
import { get_hazo_connect_instance } from "../hazo_connect_instance.server.js";
|
|
@@ -32,6 +34,13 @@ export function get_nextauth_config() {
|
|
|
32
34
|
}));
|
|
33
35
|
}
|
|
34
36
|
}
|
|
37
|
+
// Add Facebook provider if enabled
|
|
38
|
+
if (oauth_config.enable_facebook_oauth && oauth_config.facebook_app_id) {
|
|
39
|
+
providers.push(FacebookProvider({
|
|
40
|
+
clientId: oauth_config.facebook_app_id,
|
|
41
|
+
clientSecret: oauth_config.facebook_app_secret,
|
|
42
|
+
}));
|
|
43
|
+
}
|
|
35
44
|
return {
|
|
36
45
|
providers,
|
|
37
46
|
pages: {
|
|
@@ -49,7 +58,8 @@ export function get_nextauth_config() {
|
|
|
49
58
|
console.log("[NextAuth redirect callback]", { url, baseUrl });
|
|
50
59
|
// Always redirect to our custom callback after sign-in to set hazo_auth cookies
|
|
51
60
|
// The callbackUrl from signIn() comes through as `url`
|
|
52
|
-
if (url.includes("/api/hazo_auth/oauth/google/callback")
|
|
61
|
+
if (url.includes("/api/hazo_auth/oauth/google/callback") ||
|
|
62
|
+
url.includes("/api/hazo_auth/oauth/facebook/callback")) {
|
|
53
63
|
return url;
|
|
54
64
|
}
|
|
55
65
|
// If URL is relative or same origin, allow it
|
|
@@ -60,6 +70,9 @@ export function get_nextauth_config() {
|
|
|
60
70
|
return url;
|
|
61
71
|
}
|
|
62
72
|
// Default: redirect to our custom OAuth callback to set cookies
|
|
73
|
+
if (url.includes("facebook")) {
|
|
74
|
+
return `${baseUrl}/api/hazo_auth/oauth/facebook/callback`;
|
|
75
|
+
}
|
|
63
76
|
return `${baseUrl}/api/hazo_auth/oauth/google/callback`;
|
|
64
77
|
},
|
|
65
78
|
/**
|
|
@@ -111,6 +124,42 @@ export function get_nextauth_config() {
|
|
|
111
124
|
return false;
|
|
112
125
|
}
|
|
113
126
|
}
|
|
127
|
+
if ((account === null || account === void 0 ? void 0 : account.provider) === "facebook" && profile) {
|
|
128
|
+
try {
|
|
129
|
+
const fbProfile = profile;
|
|
130
|
+
const hazoConnect = get_hazo_connect_instance();
|
|
131
|
+
const { handle_facebook_oauth_login } = await import("../services/oauth_service");
|
|
132
|
+
logger.info("nextauth_facebook_signin_attempt", {
|
|
133
|
+
email: user.email,
|
|
134
|
+
facebook_id: account.providerAccountId,
|
|
135
|
+
});
|
|
136
|
+
const result = await handle_facebook_oauth_login(hazoConnect, {
|
|
137
|
+
facebook_id: account.providerAccountId,
|
|
138
|
+
email: user.email || fbProfile.email || "",
|
|
139
|
+
name: user.name || fbProfile.name || undefined,
|
|
140
|
+
profile_picture_url: user.image || undefined,
|
|
141
|
+
// Facebook's email_verified is not exposed in the profile; default to false
|
|
142
|
+
// for safety — the user will be auto-verified if email matches a verified hazo user.
|
|
143
|
+
email_verified: false,
|
|
144
|
+
});
|
|
145
|
+
if (!result.success) {
|
|
146
|
+
logger.error("nextauth_facebook_signin_failed", { email: user.email, error: result.error });
|
|
147
|
+
return false;
|
|
148
|
+
}
|
|
149
|
+
logger.info("nextauth_facebook_signin_success", {
|
|
150
|
+
user_id: result.user_id,
|
|
151
|
+
email: result.email,
|
|
152
|
+
is_new_user: result.is_new_user,
|
|
153
|
+
was_linked: result.was_linked,
|
|
154
|
+
});
|
|
155
|
+
account.hazo_user_id = result.user_id;
|
|
156
|
+
return true;
|
|
157
|
+
}
|
|
158
|
+
catch (err) {
|
|
159
|
+
logger.error("nextauth_facebook_signin_exception", { error: String(err) });
|
|
160
|
+
return false;
|
|
161
|
+
}
|
|
162
|
+
}
|
|
114
163
|
return true;
|
|
115
164
|
},
|
|
116
165
|
/**
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import "server-only";
|
|
2
2
|
import { NextRequest, NextResponse } from "next/server";
|
|
3
|
-
import { type TenantAuthOptions, type TenantAuthResult, type
|
|
3
|
+
import { type TenantAuthOptions, type TenantAuthResult, type TenantOrganization, type HazoAuthUser, type ScopeDetails, type ScopeAccessInfo } from "./auth_types.js";
|
|
4
4
|
/**
|
|
5
5
|
* Authenticated branch of TenantAuthResult - guaranteed authenticated: true
|
|
6
6
|
*/
|
|
@@ -10,18 +10,18 @@ export type AuthenticatedTenantAuth = {
|
|
|
10
10
|
permissions: string[];
|
|
11
11
|
permission_ok: boolean;
|
|
12
12
|
missing_permissions?: string[];
|
|
13
|
-
|
|
14
|
-
|
|
13
|
+
organization: TenantOrganization | null;
|
|
14
|
+
organization_id: string | null;
|
|
15
15
|
user_scopes: ScopeDetails[];
|
|
16
16
|
scope_ok?: boolean;
|
|
17
17
|
scope_access_via?: ScopeAccessInfo;
|
|
18
18
|
};
|
|
19
19
|
/**
|
|
20
|
-
* Authenticated branch with guaranteed non-null
|
|
20
|
+
* Authenticated branch with guaranteed non-null organization
|
|
21
21
|
*/
|
|
22
|
-
export type
|
|
23
|
-
|
|
24
|
-
|
|
22
|
+
export type AuthenticatedTenantAuthWithOrg = AuthenticatedTenantAuth & {
|
|
23
|
+
organization: TenantOrganization;
|
|
24
|
+
organization_id: string;
|
|
25
25
|
};
|
|
26
26
|
/**
|
|
27
27
|
* Options for withAuth/withOptionalAuth wrappers
|
|
@@ -29,8 +29,8 @@ export type AuthenticatedTenantAuthWithSelectedScope = AuthenticatedTenantAuth &
|
|
|
29
29
|
*/
|
|
30
30
|
export type WithAuthOptions = TenantAuthOptions & {
|
|
31
31
|
/**
|
|
32
|
-
* If true, requires
|
|
33
|
-
* Narrows auth type to
|
|
32
|
+
* If true, requires organization context (403 if missing)
|
|
33
|
+
* Narrows auth type to AuthenticatedTenantAuthWithOrg
|
|
34
34
|
*/
|
|
35
35
|
require_tenant?: boolean;
|
|
36
36
|
};
|
|
@@ -47,7 +47,7 @@ type AuthenticatedHandler<TParams> = (request: NextRequest, auth: AuthenticatedT
|
|
|
47
47
|
/**
|
|
48
48
|
* Handler function signature for withAuth with require_tenant
|
|
49
49
|
*/
|
|
50
|
-
type AuthenticatedTenantHandler<TParams> = (request: NextRequest, auth:
|
|
50
|
+
type AuthenticatedTenantHandler<TParams> = (request: NextRequest, auth: AuthenticatedTenantAuthWithOrg, params: TParams) => Promise<NextResponse> | NextResponse;
|
|
51
51
|
/**
|
|
52
52
|
* Handler function signature for withOptionalAuth
|
|
53
53
|
*/
|
|
@@ -57,7 +57,7 @@ type OptionalAuthHandler<TParams> = (request: NextRequest, auth: TenantAuthResul
|
|
|
57
57
|
*
|
|
58
58
|
* - Calls `hazo_get_tenant_auth` and returns 401 if not authenticated
|
|
59
59
|
* - Returns 403 if `required_permissions` are specified and not satisfied
|
|
60
|
-
* - Returns 403 if `require_tenant: true` and no
|
|
60
|
+
* - Returns 403 if `require_tenant: true` and no organization context
|
|
61
61
|
* - Resolves `await context.params` (Next.js 15 pattern)
|
|
62
62
|
* - Catches HazoAuthError, PermissionError, and unexpected errors
|
|
63
63
|
*
|
|
@@ -80,8 +80,8 @@ type OptionalAuthHandler<TParams> = (request: NextRequest, auth: TenantAuthResul
|
|
|
80
80
|
* // With tenant requirement
|
|
81
81
|
* export const GET = withAuth<{ id: string }>(
|
|
82
82
|
* async (request, auth, { id }) => {
|
|
83
|
-
* // auth.
|
|
84
|
-
* const data = await getData(auth.
|
|
83
|
+
* // auth.organization is guaranteed non-null
|
|
84
|
+
* const data = await getData(auth.organization.id, id);
|
|
85
85
|
* return NextResponse.json(data);
|
|
86
86
|
* },
|
|
87
87
|
* { require_tenant: true }
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"with_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/with_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,EAGL,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,
|
|
1
|
+
{"version":3,"file":"with_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/with_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,EAGL,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,eAAe,EACrB,MAAM,cAAc,CAAC;AAItB;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,aAAa,EAAE,IAAI,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,YAAY,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACxC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,WAAW,EAAE,YAAY,EAAE,CAAC;IAC5B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,8BAA8B,GAAG,uBAAuB,GAAG;IACrE,YAAY,EAAE,kBAAkB,CAAC;IACjC,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,iBAAiB,GAAG;IAChD;;;OAGG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,KAAK,YAAY,CAAC,OAAO,IAAI;IAC3B,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,KAAK,oBAAoB,CAAC,OAAO,IAAI,CACnC,OAAO,EAAE,WAAW,EACpB,IAAI,EAAE,uBAAuB,EAC7B,MAAM,EAAE,OAAO,KACZ,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AAE1C;;GAEG;AACH,KAAK,0BAA0B,CAAC,OAAO,IAAI,CACzC,OAAO,EAAE,WAAW,EACpB,IAAI,EAAE,8BAA8B,EACpC,MAAM,EAAE,OAAO,KACZ,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AAE1C;;GAEG;AACH,KAAK,mBAAmB,CAAC,OAAO,IAAI,CAClC,OAAO,EAAE,WAAW,EACpB,IAAI,EAAE,gBAAgB,EACtB,MAAM,EAAE,OAAO,KACZ,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AA+C1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,wBAAgB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EACtD,OAAO,EAAE,0BAA0B,CAAC,OAAO,CAAC,EAC5C,OAAO,EAAE,eAAe,GAAG;IAAE,cAAc,EAAE,IAAI,CAAA;CAAE,GAClD,CACD,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,YAAY,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,YAAY,CAAC,CAAC;AAE3B,wBAAgB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EACtD,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,EACtC,OAAO,CAAC,EAAE,eAAe,GACxB,CACD,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,YAAY,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,YAAY,CAAC,CAAC;AAsE3B;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAC9D,OAAO,EAAE,mBAAmB,CAAC,OAAO,CAAC,EACrC,OAAO,GAAE,iBAAsB,GAC9B,CACD,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,YAAY,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,YAAY,CAAC,CAazB;AAID;;GAEG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,uBAAuB,EAC7B,UAAU,EAAE,MAAM,GACjB,OAAO,CAET;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,uBAAuB,EAC7B,WAAW,EAAE,MAAM,EAAE,GACpB,OAAO,CAET;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,uBAAuB,EAC7B,WAAW,EAAE,MAAM,EAAE,GACpB,OAAO,CAET;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,uBAAuB,EAC7B,UAAU,EAAE,MAAM,GACjB,IAAI,CAQN;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,uBAAuB,EAC7B,WAAW,EAAE,MAAM,EAAE,GACpB,IAAI,CASN"}
|
|
@@ -50,9 +50,9 @@ export function withAuth(handler, options = {}) {
|
|
|
50
50
|
})), { status: 403 });
|
|
51
51
|
}
|
|
52
52
|
// Check tenant requirement
|
|
53
|
-
if (options.require_tenant && !auth.
|
|
53
|
+
if (options.require_tenant && !auth.organization) {
|
|
54
54
|
return NextResponse.json({
|
|
55
|
-
error: "
|
|
55
|
+
error: "Organization context required",
|
|
56
56
|
code: "TENANT_REQUIRED",
|
|
57
57
|
}, { status: 403 });
|
|
58
58
|
}
|
|
@@ -136,6 +136,14 @@ export declare const DEFAULT_OAUTH: {
|
|
|
136
136
|
readonly skip_invitation_check: false;
|
|
137
137
|
/** Redirect when skip_invitation_check=true and user has no scope */
|
|
138
138
|
readonly no_scope_redirect: "/";
|
|
139
|
+
/** Enable Facebook OAuth login (requires HAZO_AUTH_FACEBOOK_APP_ID and HAZO_AUTH_FACEBOOK_APP_SECRET env vars) */
|
|
140
|
+
readonly enable_facebook_oauth: false;
|
|
141
|
+
/** Facebook App ID — set via env var HAZO_AUTH_FACEBOOK_APP_ID or config */
|
|
142
|
+
readonly facebook_app_id: "";
|
|
143
|
+
/** Facebook App Secret — set via env var HAZO_AUTH_FACEBOOK_APP_SECRET or config */
|
|
144
|
+
readonly facebook_app_secret: "";
|
|
145
|
+
/** Text displayed on the Facebook sign-in button */
|
|
146
|
+
readonly facebook_button_text: "Continue with Facebook";
|
|
139
147
|
};
|
|
140
148
|
export declare const DEFAULT_NAVBAR: {
|
|
141
149
|
/** Enable navbar on auth pages */
|
|
@@ -362,6 +370,14 @@ export declare const HAZO_AUTH_DEFAULTS: {
|
|
|
362
370
|
readonly skip_invitation_check: false;
|
|
363
371
|
/** Redirect when skip_invitation_check=true and user has no scope */
|
|
364
372
|
readonly no_scope_redirect: "/";
|
|
373
|
+
/** Enable Facebook OAuth login (requires HAZO_AUTH_FACEBOOK_APP_ID and HAZO_AUTH_FACEBOOK_APP_SECRET env vars) */
|
|
374
|
+
readonly enable_facebook_oauth: false;
|
|
375
|
+
/** Facebook App ID — set via env var HAZO_AUTH_FACEBOOK_APP_ID or config */
|
|
376
|
+
readonly facebook_app_id: "";
|
|
377
|
+
/** Facebook App Secret — set via env var HAZO_AUTH_FACEBOOK_APP_SECRET or config */
|
|
378
|
+
readonly facebook_app_secret: "";
|
|
379
|
+
/** Text displayed on the Facebook sign-in button */
|
|
380
|
+
readonly facebook_button_text: "Continue with Facebook";
|
|
365
381
|
};
|
|
366
382
|
readonly devLock: {
|
|
367
383
|
/** Enable the development lock screen (also requires HAZO_AUTH_DEV_LOCK_ENABLED env var) */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"default_config.d.ts","sourceRoot":"","sources":["../../../src/lib/config/default_config.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,6BAA6B;;;;;;CAMhC,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;CAItB,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;;;;CAO1B,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;;;;;CASnB,CAAC;AAGX,eAAO,MAAM,kBAAkB;;;CAGrB,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;CAKnB,CAAC;AAGX,eAAO,MAAM,yBAAyB;;;;;;CAM5B,CAAC;AAGX,eAAO,MAAM,aAAa;4BACI,MAAM,GAAG,SAAS;;;;;;CAMtC,CAAC;AAGX,eAAO,MAAM,gBAAgB;4BACC,MAAM,GAAG,SAAS;;;;;CAKtC,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC;AAGX,eAAO,MAAM,sBAAsB;;;;CAIzB,CAAC;AAGX,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC;AAGX,eAAO,MAAM,oBAAoB;;;;CAIvB,CAAC;AAGX,eAAO,MAAM,gBAAgB;0BACE,YAAY,GAAG,cAAc;;;;;IAK1D,2DAA2D;;CAEnD,CAAC;AAGX,eAAO,MAAM,wBAAwB;;;;;;;;CAQ3B,CAAC;AAGX,eAAO,MAAM,iBAAiB;;CAEpB,CAAC;AAGX,eAAO,MAAM,aAAa;IACxB,kHAAkH;;IAElH,8CAA8C;;IAE9C,iGAAiG;;IAEjG,kDAAkD;;IAElD,0EAA0E;;IAE1E,4DAA4D;;IAE5D,2DAA2D;;IAE3D,gFAAgF;;IAEhF,+DAA+D;;IAE/D,sEAAsE;;IAEtE,qEAAqE;;
|
|
1
|
+
{"version":3,"file":"default_config.d.ts","sourceRoot":"","sources":["../../../src/lib/config/default_config.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,6BAA6B;;;;;;CAMhC,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;CAItB,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;;;;CAO1B,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;;;;;CASnB,CAAC;AAGX,eAAO,MAAM,kBAAkB;;;CAGrB,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;CAKnB,CAAC;AAGX,eAAO,MAAM,yBAAyB;;;;;;CAM5B,CAAC;AAGX,eAAO,MAAM,aAAa;4BACI,MAAM,GAAG,SAAS;;;;;;CAMtC,CAAC;AAGX,eAAO,MAAM,gBAAgB;4BACC,MAAM,GAAG,SAAS;;;;;CAKtC,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC;AAGX,eAAO,MAAM,sBAAsB;;;;CAIzB,CAAC;AAGX,eAAO,MAAM,0BAA0B;;;;;CAK7B,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AAGX,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC;AAGX,eAAO,MAAM,oBAAoB;;;;CAIvB,CAAC;AAGX,eAAO,MAAM,gBAAgB;0BACE,YAAY,GAAG,cAAc;;;;;IAK1D,2DAA2D;;CAEnD,CAAC;AAGX,eAAO,MAAM,wBAAwB;;;;;;;;CAQ3B,CAAC;AAGX,eAAO,MAAM,iBAAiB;;CAEpB,CAAC;AAGX,eAAO,MAAM,aAAa;IACxB,kHAAkH;;IAElH,8CAA8C;;IAE9C,iGAAiG;;IAEjG,kDAAkD;;IAElD,0EAA0E;;IAE1E,4DAA4D;;IAE5D,2DAA2D;;IAE3D,gFAAgF;;IAEhF,+DAA+D;;IAE/D,sEAAsE;;IAEtE,qEAAqE;;IAErE,kHAAkH;;IAElH,4EAA4E;;IAE5E,oFAAoF;;IAEpF,oDAAoD;;CAE5C,CAAC;AAGX,eAAO,MAAM,cAAc;IACzB,kCAAkC;;IAElC,iEAAiE;;IAEjE,2BAA2B;;IAE3B,4BAA4B;;IAE5B,sDAAsD;;IAEtD,qBAAqB;;IAErB,sBAAsB;;IAEtB,qBAAqB;;IAErB,4DAA4D;;IAE5D,0CAA0C;;IAE1C,kEAAkE;;CAE1D,CAAC;AAGX,eAAO,MAAM,kBAAkB;IAC7B,iDAAiD;;IAEjD,2DAA2D;;CAEnD,CAAC;AAGX,eAAO,MAAM,qBAAqB;IAChC,wDAAwD;;IAExD,yDAAyD;;IAEzD,mDAAmD;;IAEnD,0DAA0D;;CAElD,CAAC;AAGX,eAAO,MAAM,qBAAqB;IAChC,qFAAqF;;IAErF,mEAAmE;;IAEnE,qEAAqE;;IAErE,gEAAgE;;IAEhE,+DAA+D;;IAE/D,+DAA+D;;CAEvD,CAAC;AAGX,eAAO,MAAM,gBAAgB;IAC3B,4FAA4F;;IAE5F,+BAA+B;;IAE/B,wCAAwC;;IAExC,iEAAiE;;IAEjE,2BAA2B;;IAE3B,4BAA4B;;IAE5B,4CAA4C;;IAE5C,mDAAmD;;IAEnD,sCAAsC;;IAEtC,yBAAyB;;IAEzB,2CAA2C;;IAE3C,6CAA6C;;IAE7C,8CAA8C;;CAEtC,CAAC;AAGX;;;GAGG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCA3ND,MAAM,GAAG,SAAS;;;;;;;;gCAUlB,MAAM,GAAG,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAqDjB,YAAY,GAAG,cAAc;;;;;QAK1D,2DAA2D;;;;;;;;;;;;;;;;QAsB3D,kHAAkH;;QAElH,8CAA8C;;QAE9C,iGAAiG;;QAEjG,kDAAkD;;QAElD,0EAA0E;;QAE1E,4DAA4D;;QAE5D,2DAA2D;;QAE3D,gFAAgF;;QAEhF,+DAA+D;;QAE/D,sEAAsE;;QAEtE,qEAAqE;;QAErE,kHAAkH;;QAElH,4EAA4E;;QAE5E,oFAAoF;;QAEpF,oDAAoD;;;;QAoEpD,4FAA4F;;QAE5F,+BAA+B;;QAE/B,wCAAwC;;QAExC,iEAAiE;;QAEjE,2BAA2B;;QAE3B,4BAA4B;;QAE5B,4CAA4C;;QAE5C,mDAAmD;;QAEnD,sCAAsC;;QAEtC,yBAAyB;;QAEzB,2CAA2C;;QAE3C,6CAA6C;;QAE7C,8CAA8C;;;;QAtF9C,kCAAkC;;QAElC,iEAAiE;;QAEjE,2BAA2B;;QAE3B,4BAA4B;;QAE5B,sDAAsD;;QAEtD,qBAAqB;;QAErB,sBAAsB;;QAEtB,qBAAqB;;QAErB,4DAA4D;;QAE5D,0CAA0C;;QAE1C,kEAAkE;;;;QAMlE,iDAAiD;;QAEjD,2DAA2D;;;;QAM3D,wDAAwD;;QAExD,yDAAyD;;QAEzD,mDAAmD;;QAEnD,0DAA0D;;;;QAM1D,qFAAqF;;QAErF,mEAAmE;;QAEnE,qEAAqE;;QAErE,gEAAgE;;QAEhE,+DAA+D;;QAE/D,+DAA+D;;;CAgEvD,CAAC;AAGX;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,OAAO,kBAAkB,CAAC"}
|
|
@@ -158,6 +158,14 @@ export const DEFAULT_OAUTH = {
|
|
|
158
158
|
skip_invitation_check: false,
|
|
159
159
|
/** Redirect when skip_invitation_check=true and user has no scope */
|
|
160
160
|
no_scope_redirect: "/",
|
|
161
|
+
/** Enable Facebook OAuth login (requires HAZO_AUTH_FACEBOOK_APP_ID and HAZO_AUTH_FACEBOOK_APP_SECRET env vars) */
|
|
162
|
+
enable_facebook_oauth: false,
|
|
163
|
+
/** Facebook App ID — set via env var HAZO_AUTH_FACEBOOK_APP_ID or config */
|
|
164
|
+
facebook_app_id: "",
|
|
165
|
+
/** Facebook App Secret — set via env var HAZO_AUTH_FACEBOOK_APP_SECRET or config */
|
|
166
|
+
facebook_app_secret: "",
|
|
167
|
+
/** Text displayed on the Facebook sign-in button */
|
|
168
|
+
facebook_button_text: "Continue with Facebook",
|
|
161
169
|
};
|
|
162
170
|
// section: navbar
|
|
163
171
|
export const DEFAULT_NAVBAR = {
|
|
@@ -9,10 +9,10 @@ export declare const BASE_COOKIE_NAMES: {
|
|
|
9
9
|
readonly USER_ID: "hazo_auth_user_id";
|
|
10
10
|
readonly USER_EMAIL: "hazo_auth_user_email";
|
|
11
11
|
readonly SESSION: "hazo_auth_session";
|
|
12
|
-
readonly SESSION_KIND: "hazo_auth_session_kind";
|
|
13
12
|
readonly DEV_LOCK: "hazo_auth_dev_lock";
|
|
14
13
|
readonly SCOPE_ID: "hazo_auth_scope_id";
|
|
15
14
|
readonly ANON_ID: "hazo_auth_anon_id";
|
|
15
|
+
readonly SESSION_KIND: "hazo_auth_session_kind";
|
|
16
16
|
};
|
|
17
17
|
/**
|
|
18
18
|
* Reads cookie configuration from hazo_auth_config.ini file
|
|
@@ -14,10 +14,10 @@ export const BASE_COOKIE_NAMES = {
|
|
|
14
14
|
USER_ID: "hazo_auth_user_id",
|
|
15
15
|
USER_EMAIL: "hazo_auth_user_email",
|
|
16
16
|
SESSION: "hazo_auth_session",
|
|
17
|
-
SESSION_KIND: "hazo_auth_session_kind", // v6.1: marks OTP-issued sessions so /me can apply sliding expiry
|
|
18
17
|
DEV_LOCK: "hazo_auth_dev_lock",
|
|
19
18
|
SCOPE_ID: "hazo_auth_scope_id", // v5.2: Tenant context cookie for multi-tenancy
|
|
20
19
|
ANON_ID: "hazo_auth_anon_id", // v5.2: Stable opaque per-visitor ID for anonymous flows (e.g. hazo_feedback)
|
|
20
|
+
SESSION_KIND: "hazo_auth_session_kind", // v5.4: Sign-in method identifier (e.g. "otp", "google", "password")
|
|
21
21
|
};
|
|
22
22
|
// section: main_function
|
|
23
23
|
/**
|
|
@@ -18,12 +18,6 @@ export type LoginConfig = {
|
|
|
18
18
|
imageBackgroundColor: string;
|
|
19
19
|
/** OAuth configuration */
|
|
20
20
|
oauth: OAuthConfig;
|
|
21
|
-
/** Whether the OTP sign-in link is shown below the login form */
|
|
22
|
-
otpSigninEnabled: boolean;
|
|
23
|
-
/** Label for the OTP sign-in link */
|
|
24
|
-
otpSigninLabel: string;
|
|
25
|
-
/** href for the OTP sign-in link */
|
|
26
|
-
otpSigninHref: string;
|
|
27
21
|
};
|
|
28
22
|
/**
|
|
29
23
|
* Reads login layout configuration from hazo_auth_config.ini file
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAM3E,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;CACpB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAyE9C"}
|
|
@@ -5,10 +5,8 @@ import "server-only";
|
|
|
5
5
|
import { get_config_value, get_config_value_allow_empty } from "./config/config_loader.server.js";
|
|
6
6
|
import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
|
|
7
7
|
import { get_oauth_config } from "./oauth_config.server.js";
|
|
8
|
-
//
|
|
9
|
-
|
|
10
|
-
// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
|
|
11
|
-
const DEFAULT_LOGIN_IMAGE_PATH = "/hazo_auth/images/login_default.jpg";
|
|
8
|
+
// Assets served via the package's own API route — no manual copy needed.
|
|
9
|
+
const DEFAULT_LOGIN_IMAGE_PATH = "/api/hazo_auth/assets/login_default.jpg";
|
|
12
10
|
// section: helpers
|
|
13
11
|
/**
|
|
14
12
|
* Reads login layout configuration from hazo_auth_config.ini file
|
|
@@ -38,10 +36,6 @@ export function get_login_config() {
|
|
|
38
36
|
const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
|
|
39
37
|
// Get OAuth configuration
|
|
40
38
|
const oauth = get_oauth_config();
|
|
41
|
-
// OTP sign-in link
|
|
42
|
-
const otpSigninEnabled = get_config_value(section, "otp_signin_enabled", "false") === "true";
|
|
43
|
-
const otpSigninLabel = get_config_value(section, "otp_signin_label", "Sign in with email code");
|
|
44
|
-
const otpSigninHref = get_config_value(section, "otp_signin_href", "/hazo_auth/otp");
|
|
45
39
|
return {
|
|
46
40
|
redirectRoute,
|
|
47
41
|
successMessage,
|
|
@@ -59,8 +53,5 @@ export function get_login_config() {
|
|
|
59
53
|
imageAlt,
|
|
60
54
|
imageBackgroundColor,
|
|
61
55
|
oauth,
|
|
62
|
-
otpSigninEnabled,
|
|
63
|
-
otpSigninLabel,
|
|
64
|
-
otpSigninHref,
|
|
65
56
|
};
|
|
66
57
|
}
|
|
@@ -22,6 +22,14 @@ export type OAuthConfig = {
|
|
|
22
22
|
skip_invitation_check: boolean;
|
|
23
23
|
/** Redirect when skip_invitation_check=true and user has no scope */
|
|
24
24
|
no_scope_redirect: string;
|
|
25
|
+
/** Enable Facebook OAuth login */
|
|
26
|
+
enable_facebook_oauth: boolean;
|
|
27
|
+
/** Facebook App ID (env: HAZO_AUTH_FACEBOOK_APP_ID overrides config) */
|
|
28
|
+
facebook_app_id: string;
|
|
29
|
+
/** Facebook App Secret (env: HAZO_AUTH_FACEBOOK_APP_SECRET overrides config) */
|
|
30
|
+
facebook_app_secret: string;
|
|
31
|
+
/** Text displayed on the Facebook sign-in button */
|
|
32
|
+
facebook_button_text: string;
|
|
25
33
|
};
|
|
26
34
|
/**
|
|
27
35
|
* Reads OAuth configuration from hazo_auth_config.ini file
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/oauth_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GAAG;IACxB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,8CAA8C;IAC9C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,4EAA4E;IAC5E,6BAA6B,EAAE,OAAO,CAAC;IACvC,kDAAkD;IAClD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,0EAA0E;IAC1E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,MAAM,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,qBAAqB,EAAE,OAAO,CAAC;IAC/B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"oauth_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/oauth_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GAAG;IACxB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,8CAA8C;IAC9C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,4EAA4E;IAC5E,6BAA6B,EAAE,OAAO,CAAC;IACvC,kDAAkD;IAClD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,0EAA0E;IAC1E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,MAAM,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,qBAAqB,EAAE,OAAO,CAAC;IAC/B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kCAAkC;IAClC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,wEAAwE;IACxE,eAAe,EAAE,MAAM,CAAC;IACxB,gFAAgF;IAChF,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oDAAoD;IACpD,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAMF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAwG9C;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAEjD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAMnD"}
|
|
@@ -24,6 +24,12 @@ export function get_oauth_config() {
|
|
|
24
24
|
const default_redirect = get_config_value(SECTION_NAME, "default_redirect", DEFAULT_OAUTH.default_redirect);
|
|
25
25
|
const skip_invitation_check = get_config_boolean(SECTION_NAME, "skip_invitation_check", DEFAULT_OAUTH.skip_invitation_check);
|
|
26
26
|
const no_scope_redirect = get_config_value(SECTION_NAME, "no_scope_redirect", DEFAULT_OAUTH.no_scope_redirect);
|
|
27
|
+
const enable_facebook_oauth = get_config_boolean(SECTION_NAME, "enable_facebook_oauth", false);
|
|
28
|
+
const facebook_app_id = process.env.HAZO_AUTH_FACEBOOK_APP_ID ||
|
|
29
|
+
get_config_value(SECTION_NAME, "facebook_app_id", "");
|
|
30
|
+
const facebook_app_secret = process.env.HAZO_AUTH_FACEBOOK_APP_SECRET ||
|
|
31
|
+
get_config_value(SECTION_NAME, "facebook_app_secret", "");
|
|
32
|
+
const facebook_button_text = get_config_value(SECTION_NAME, "facebook_button_text", "Continue with Facebook");
|
|
27
33
|
return {
|
|
28
34
|
enable_google,
|
|
29
35
|
enable_email_password,
|
|
@@ -36,6 +42,10 @@ export function get_oauth_config() {
|
|
|
36
42
|
default_redirect,
|
|
37
43
|
skip_invitation_check,
|
|
38
44
|
no_scope_redirect,
|
|
45
|
+
enable_facebook_oauth,
|
|
46
|
+
facebook_app_id,
|
|
47
|
+
facebook_app_secret,
|
|
48
|
+
facebook_button_text,
|
|
39
49
|
};
|
|
40
50
|
}
|
|
41
51
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/register_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAerB,MAAM,MAAM,cAAc,GAAG;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0BAA0B;IAC1B,KAAK,EAAE;QACL,aAAa,EAAE,OAAO,CAAC;QACvB,qBAAqB,EAAE,OAAO,CAAC;QAC/B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,kBAAkB,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"register_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/register_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAerB,MAAM,MAAM,cAAc,GAAG;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0BAA0B;IAC1B,KAAK,EAAE;QACL,aAAa,EAAE,OAAO,CAAC;QACvB,qBAAqB,EAAE,OAAO,CAAC;QAC/B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,kBAAkB,EAAE,MAAM,CAAC;QAC3B,qBAAqB,EAAE,OAAO,CAAC;QAC/B,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,cAAc,CAgFpD"}
|
|
@@ -60,6 +60,8 @@ export function get_register_config() {
|
|
|
60
60
|
enable_email_password: oauthConfig.enable_email_password,
|
|
61
61
|
google_button_text: registerGoogleButtonText,
|
|
62
62
|
oauth_divider_text: oauthConfig.oauth_divider_text,
|
|
63
|
+
enable_facebook_oauth: oauthConfig.enable_facebook_oauth,
|
|
64
|
+
facebook_button_text: oauthConfig.facebook_button_text,
|
|
63
65
|
},
|
|
64
66
|
};
|
|
65
67
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"email_template_manifest.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_template_manifest.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAiB3E;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,EAAE,sBAAsB,
|
|
1
|
+
{"version":3,"file":"email_template_manifest.d.ts","sourceRoot":"","sources":["../../../src/lib/services/email_template_manifest.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAiB3E;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,EAAE,sBAAsB,EAuE/D,CAAC"}
|
|
@@ -92,21 +92,4 @@ export const hazo_auth_template_manifest = [
|
|
|
92
92
|
},
|
|
93
93
|
],
|
|
94
94
|
},
|
|
95
|
-
{
|
|
96
|
-
template_name: "otp_signin_code",
|
|
97
|
-
template_label: "OTP sign-in code",
|
|
98
|
-
category: SYSTEM_CATEGORY,
|
|
99
|
-
html: read_template("otp_signin_code", "html"),
|
|
100
|
-
text: read_template("otp_signin_code", "txt"),
|
|
101
|
-
variables: [
|
|
102
|
-
{
|
|
103
|
-
variable_name: "otp_code",
|
|
104
|
-
variable_description: "6-digit OTP code for email sign-in (v6.1.0+)",
|
|
105
|
-
},
|
|
106
|
-
{
|
|
107
|
-
variable_name: "expires_in_minutes",
|
|
108
|
-
variable_description: "Number of minutes until the OTP code expires",
|
|
109
|
-
},
|
|
110
|
-
],
|
|
111
|
-
},
|
|
112
95
|
];
|
|
@@ -18,6 +18,4 @@ export * from "./scope_service.js";
|
|
|
18
18
|
export * from "./user_scope_service.js";
|
|
19
19
|
export * from "./oauth_service.js";
|
|
20
20
|
export * from "./branding_service.js";
|
|
21
|
-
export { request_email_otp, verify_email_otp, generate_otp_code, hash_otp_code, verify_otp_code, } from "./otp_service.js";
|
|
22
|
-
export type { RequestEmailOTPResult, VerifyEmailOTPResult } from "./otp_service";
|
|
23
21
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/services/index.ts"],"names":[],"mappings":"AAEA,cAAc,iBAAiB,CAAC;AAChC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,iBAAiB,CAAC;AAChC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/services/index.ts"],"names":[],"mappings":"AAEA,cAAc,iBAAiB,CAAC;AAChC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,iBAAiB,CAAC;AAChC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,0BAA0B,CAAC;AACzC,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,iCAAiC,CAAC;AAChD,cAAc,wBAAwB,CAAC;AACvC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,6BAA6B,CAAC;AAC5C,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC"}
|
|
@@ -20,4 +20,3 @@ export * from "./scope_service.js";
|
|
|
20
20
|
export * from "./user_scope_service.js";
|
|
21
21
|
export * from "./oauth_service.js";
|
|
22
22
|
export * from "./branding_service.js";
|
|
23
|
-
export { request_email_otp, verify_email_otp, generate_otp_code, hash_otp_code, verify_otp_code, } from "./otp_service.js";
|