hazo_auth 6.1.1 → 7.0.2

package/dist/server/routes/oauth_facebook_callback.js

@@ -0,0 +1,164 @@
+// file_description: Custom OAuth callback handler that creates hazo_auth session after Facebook sign-in
+// section: imports
+import { NextResponse } from "next/server";
+import { getToken } from "next-auth/jwt";
+import { create_app_logger } from "../../lib/app_logger.js";
+import { create_session_token } from "../../lib/services/session_token_service.js";
+import { get_filename, get_line_number } from "../../lib/utils/api_route_helpers.js";
+import { get_login_config } from "../../lib/login_config.server.js";
+import { get_cookie_name, get_cookie_options, BASE_COOKIE_NAMES } from "../../lib/cookies_config.server.js";
+import { get_hazo_connect_instance } from "../../lib/hazo_connect_instance.server.js";
+import { get_post_login_redirect } from "../../lib/services/post_verification_service.js";
+import { get_oauth_config } from "../../lib/oauth_config.server.js";
+import { rewrite_request_for_proxy } from "../../lib/utils/proxy_request.js";
+// section: api_handler
+/**
+ * Handles the OAuth callback after Facebook sign-in
+ * The user creation/linking is done in NextAuth signIn callback
+ * This route just sets the hazo_auth session cookies
+ */
+export async function GET(original_request) {
+    // Rewrite request.url to public origin when behind a reverse proxy.
+    const request = rewrite_request_for_proxy(original_request);
+    const logger = create_app_logger();
+    // Detect if request came through HTTPS proxy (Cloudflare tunnel, etc.)
+    const is_secure = original_request.headers.get("x-forwarded-proto") === "https" ||
+        request.url.startsWith("https://");
+    // Resolve the configured sign-in page up-front so early error redirects
+    // honour [hazo_auth__oauth] sign_in_page just like the success path.
+    const sign_in_page = get_oauth_config().sign_in_page;
+    try {
+        // Get the NextAuth token from the session
+        const token = (await getToken({
+            req: request,
+            secureCookie: is_secure,
+        }));
+        logger.debug("facebook_callback_token_received", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            has_token: !!token,
+            has_email: !!(token === null || token === void 0 ? void 0 : token.email),
+            has_hazo_user_id: !!(token === null || token === void 0 ? void 0 : token.hazo_user_id),
+        });
+        if (!token) {
+            logger.warn("facebook_callback_no_token", {
+                filename: get_filename(),
+                line_number: get_line_number(),
+                note: "No NextAuth token found - user may not have completed Facebook sign-in",
+            });
+            const login_url = new URL(sign_in_page, request.url);
+            login_url.searchParams.set("error", "oauth_failed");
+            return NextResponse.redirect(login_url.toString());
+        }
+        // Validate we have the required data
+        if (!token.email || !token.hazo_user_id) {
+            logger.warn("facebook_callback_missing_data", {
+                filename: get_filename(),
+                line_number: get_line_number(),
+                has_email: !!token.email,
+                has_hazo_user_id: !!token.hazo_user_id,
+            });
+            const login_url = new URL(sign_in_page, request.url);
+            login_url.searchParams.set("error", "oauth_incomplete");
+            return NextResponse.redirect(login_url.toString());
+        }
+        const user_id = token.hazo_user_id;
+        const email = token.email;
+        logger.debug("facebook_callback_success", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+            email,
+        });
+        // Get redirect URL based on user's scope/invitation status
+        const loginConfig = get_login_config();
+        const oauthConfig = get_oauth_config();
+        // Per-request override: same `?next=` pattern as Google callback.
+        const raw_next = request.nextUrl.searchParams.get("next");
+        const safe_next = raw_next &&
+            raw_next.startsWith("/") &&
+            !raw_next.startsWith("//") &&
+            !/^[a-z][a-z0-9+.\-]*:/i.test(raw_next)
+            ? raw_next
+            : null;
+        // Check if user needs onboarding
+        const hazoConnect = get_hazo_connect_instance();
+        const { redirect_url: determined_redirect, needs_onboarding, invitation_check_skipped, invitation_table_error, } = await get_post_login_redirect(hazoConnect, user_id, email, {
+            default_redirect: safe_next || oauthConfig.default_redirect || loginConfig.redirectRoute || "/",
+            create_firm_url: oauthConfig.create_firm_url,
+            skip_invitation_check: oauthConfig.skip_invitation_check,
+            no_scope_redirect: safe_next || oauthConfig.no_scope_redirect,
+        });
+        // Log warning if invitation table is missing
+        if (invitation_table_error) {
+            logger.warn("invitation_table_missing", {
+                filename: get_filename(),
+                line_number: get_line_number(),
+                user_id,
+                email,
+                note: "hazo_invitations table does not exist - run migration or set skip_invitation_check=true in [hazo_auth__oauth]",
+            });
+        }
+        logger.debug("facebook_callback_post_login_redirect", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+            email,
+            redirect_url: determined_redirect,
+            needs_onboarding,
+            invitation_check_skipped,
+            invitation_table_error,
+        });
+        // Create redirect response
+        const redirect_url = new URL(determined_redirect, request.url);
+        const response = NextResponse.redirect(redirect_url.toString());
+        // Set authentication cookies
+        const base_cookie_options = {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === "production" || is_secure,
+            sameSite: "lax",
+            path: "/",
+            maxAge: 60 * 60 * 24 * 30, // 30 days
+        };
+        const cookie_options = get_cookie_options(base_cookie_options);
+        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.USER_ID), user_id, cookie_options);
+        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.USER_EMAIL), email, cookie_options);
+        // Create and set JWT session token
+        try {
+            const session_token = await create_session_token(user_id, email);
+            response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.SESSION), session_token, cookie_options);
+        }
+        catch (token_error) {
+            const token_error_message = token_error instanceof Error ? token_error.message : "Unknown error";
+            logger.warn("facebook_callback_session_token_creation_failed", {
+                filename: get_filename(),
+                line_number: get_line_number(),
+                user_id,
+                email,
+                error: token_error_message,
+                note: "OAuth login succeeded but session token creation failed - using legacy cookies",
+            });
+        }
+        // Set session kind cookie so downstream can identify sign-in method
+        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.SESSION_KIND), "facebook", cookie_options);
+        logger.info("facebook_callback_session_created", {
+            filename: get_filename(),
+            user_id,
+            email,
+        });
+        return response;
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        const error_stack = error instanceof Error ? error.stack : undefined;
+        logger.error("facebook_callback_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+            error_stack,
+        });
+        const login_url = new URL(sign_in_page, request.url);
+        login_url.searchParams.set("error", "oauth_error");
+        return NextResponse.redirect(login_url.toString());
+    }
+}

package/dist/server/routes/otp/verify.js

@@ -28,7 +28,7 @@ export async function otpVerifyPOST(request) {
             ip,
         });
         if (result.ok === false) {
-            return NextResponse.json({ ok: false, error: "invalid_or_expired" }, { status: 400 });
+            return NextResponse.json({ ok: false, error: result.error }, { status: 401 });
         }
         const ttl_seconds = hazo_auth_otp_session_ttl_seconds();
         const base_cookie_options = {
@@ -53,6 +53,6 @@ export async function otpVerifyPOST(request) {
     catch (err) {
         const msg = err instanceof Error ? err.message : String(err);
         logger.error("otp_verify_route_error", { error: msg });
-        return NextResponse.json({ ok: false, error: "invalid_or_expired" }, { status: 400 });
+        return NextResponse.json({ ok: false, error: "invalid_or_expired" }, { status: 401 });
     }
 }

package/dist/server/routes/strings_defaults.d.ts

@@ -0,0 +1,4 @@
+import "server-only";
+import { NextResponse } from "next/server";
+export declare function stringsDefaultsGET(): Promise<NextResponse>;
+//# sourceMappingURL=strings_defaults.d.ts.map

package/dist/server/routes/strings_defaults.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"strings_defaults.d.ts","sourceRoot":"","sources":["../../../src/server/routes/strings_defaults.ts"],"names":[],"mappings":"AACA,OAAO,aAAa,CAAC;AACrB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,YAAY,CAAC,CAEhE"}

package/dist/server/routes/strings_defaults.js

@@ -0,0 +1,7 @@
+// file_description: Route handler returning the DEFAULT_STRINGS object for introspection and testing
+import "server-only";
+import { NextResponse } from "next/server";
+import { DEFAULT_STRINGS } from "../../strings/default_strings.js";
+export async function stringsDefaultsGET() {
+    return NextResponse.json(DEFAULT_STRINGS, { status: 200 });
+}

package/dist/server/routes/user_management_users.d.ts

@@ -44,4 +44,15 @@ export declare function POST(request: NextRequest): Promise<NextResponse<{
 }> | NextResponse<{
     success: boolean;
 }>>;
+/**
+ * DELETE - Hard-delete a user from hazo_users (cascades to all related rows).
+ * Body: { user_id: string }
+ * Requires: admin_user_management permission (enforced by UI, not here — same
+ * pattern as PATCH/POST in this file which also don't re-auth).
+ */
+export declare function DELETE(request: NextRequest): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+}>>;
 //# sourceMappingURL=user_management_users.d.ts.map

package/dist/server/routes/user_management_users.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user_management_users.d.ts","sourceRoot":"","sources":["../../../src/server/routes/user_management_users.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAexD,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAGvC;;;GAGG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;;;;;;;;;;;;;;;;;;IAyF7C;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,WAAW;;;;IAgI/C;AAED;;GAEG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;IA2E9C"}
+{"version":3,"file":"user_management_users.d.ts","sourceRoot":"","sources":["../../../src/server/routes/user_management_users.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAexD,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAGvC;;;GAGG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;;;;;;;;;;;;;;;;;;IAyF7C;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,WAAW;;;;IAgI/C;AAED;;GAEG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;IA2E9C;AAED;;;;;GAKG;AACH,wBAAsB,MAAM,CAAC,OAAO,EAAE,WAAW;;;;IAuDhD"}

package/dist/server/routes/user_management_users.js

@@ -241,3 +241,53 @@ export async function POST(request) {
         return NextResponse.json({ error: "Failed to send password reset email" }, { status: 500 });
     }
 }
+/**
+ * DELETE - Hard-delete a user from hazo_users (cascades to all related rows).
+ * Body: { user_id: string }
+ * Requires: admin_user_management permission (enforced by UI, not here — same
+ * pattern as PATCH/POST in this file which also don't re-auth).
+ */
+export async function DELETE(request) {
+    const logger = create_app_logger();
+    try {
+        const body = await request.json();
+        const { user_id } = body;
+        if (!user_id) {
+            return NextResponse.json({ error: "user_id is required" }, { status: 400 });
+        }
+        const hazoConnect = get_hazo_connect_instance();
+        const users_service = createCrudService(hazoConnect, "hazo_users");
+        // Verify user exists before deleting
+        const users = await users_service.findBy({ id: user_id });
+        if (!Array.isArray(users) || users.length === 0) {
+            return NextResponse.json({ error: "User not found" }, { status: 404 });
+        }
+        // Invalidate auth cache first
+        try {
+            const auth_config = get_auth_utility_config();
+            const auth_cache = get_auth_cache(auth_config.cache_max_users, auth_config.cache_ttl_minutes, auth_config.cache_max_age_minutes);
+            auth_cache.invalidate_user(user_id);
+        }
+        catch (_a) {
+            // Non-fatal
+        }
+        await users_service.deleteById(user_id);
+        logger.info("user_management_user_deleted", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+        });
+        return NextResponse.json({ success: true }, { status: 200 });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        const error_stack = error instanceof Error ? error.stack : undefined;
+        logger.error("user_management_user_delete_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+            error_stack,
+        });
+        return NextResponse.json({ error: "Failed to delete user" }, { status: 500 });
+    }
+}

package/dist/server-lib.d.ts

@@ -24,9 +24,6 @@ export { get_oauth_config, is_google_oauth_enabled, is_email_password_enabled, }
 export type { OAuthConfig } from "./lib/oauth_config.server";
 export { get_branding_config, is_branding_enabled, is_allowed_logo_format, get_max_logo_size_bytes, } from "./lib/branding_config.server.js";
 export type { FirmBrandingConfig } from "./lib/branding_config.server";
-export { get_otp_config, hazo_auth_otp_session_ttl_seconds, OTP_CONFIG_DEFAULTS } from "./lib/otp_config.server.js";
-export type { OtpConfig } from "./lib/otp_config.server";
-export { request_email_otp, verify_email_otp } from "./lib/services/otp_service.js";
 export { create_sqlite_hazo_connect } from "./lib/hazo_connect_setup.js";
 export { get_hazo_connect_instance } from "./lib/hazo_connect_instance.server.js";
 export { create_app_logger } from "./lib/app_logger.js";

package/dist/server-lib.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server-lib.d.ts","sourceRoot":"","sources":["../src/server-lib.ts"],"names":[],"mappings":"AAYA,OAAO,aAAa,CAAC;AAGrB,cAAc,kBAAkB,CAAC;AAGjC,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AAGrF,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,OAAO,EAAE,6BAA6B,EAAE,MAAM,wCAAwC,CAAC;AACvF,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AACnF,OAAO,EAAE,4BAA4B,EAAE,MAAM,uCAAuC,CAAC;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,gCAAgC,EAAE,MAAM,2CAA2C,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,iCAAiC,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACjH,YAAY,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAGjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAG/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AAC5E,cAAc,+BAA+B,CAAC"}
+{"version":3,"file":"server-lib.d.ts","sourceRoot":"","sources":["../src/server-lib.ts"],"names":[],"mappings":"AAYA,OAAO,aAAa,CAAC;AAGrB,cAAc,kBAAkB,CAAC;AAGjC,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AAGrF,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,OAAO,EAAE,6BAA6B,EAAE,MAAM,wCAAwC,CAAC;AACvF,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AACnF,OAAO,EAAE,4BAA4B,EAAE,MAAM,uCAAuC,CAAC;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,gCAAgC,EAAE,MAAM,2CAA2C,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGvE,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAG/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AAC5E,cAAc,+BAA+B,CAAC"}

package/dist/server-lib.js

@@ -37,8 +37,6 @@ export { get_user_fields_config } from "./lib/user_fields_config.server.js";
 export { get_file_types_config } from "./lib/file_types_config.server.js";
 export { get_oauth_config, is_google_oauth_enabled, is_email_password_enabled, } from "./lib/oauth_config.server.js";
 export { get_branding_config, is_branding_enabled, is_allowed_logo_format, get_max_logo_size_bytes, } from "./lib/branding_config.server.js";
-export { get_otp_config, hazo_auth_otp_session_ttl_seconds, OTP_CONFIG_DEFAULTS } from "./lib/otp_config.server.js";
-export { request_email_otp, verify_email_otp } from "./lib/services/otp_service.js";
 // section: hazo_connect_exports
 export { create_sqlite_hazo_connect } from "./lib/hazo_connect_setup.js";
 export { get_hazo_connect_instance } from "./lib/hazo_connect_instance.server.js";

package/dist/server_pages/forgot_password.d.ts

@@ -50,6 +50,6 @@ export type ForgotPasswordPageProps = {
  * @param props - Optional visual and navigation customization props
  * @returns Server-rendered forgot password page
  */
-export default function ForgotPasswordPage(props: ForgotPasswordPageProps): import("react/jsx-runtime").JSX.Element;
+export default function ForgotPasswordPage({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, }?: ForgotPasswordPageProps): import("react/jsx-runtime").JSX.Element;
 export { ForgotPasswordPage };
 //# sourceMappingURL=forgot_password.d.ts.map

package/dist/server_pages/forgot_password.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAQrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG;IACpC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,kBAAkB,CAAC,KAAK,EAAE,uBAAuB,2CAiCxE;AAGD,OAAO,EAAE,kBAAkB,EAAE,CAAC"}
+{"version":3,"file":"forgot_password.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AASrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG;IACpC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,kBAAkB,CAAC,EACzC,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,YAAgD,EAChD,aAAkD,GACnD,GAAE,uBAA4B,2CAkC9B;AAGD,OAAO,EAAE,kBAAkB,EAAE,CAAC"}

package/dist/server_pages/forgot_password.js

@@ -5,6 +5,7 @@ import "server-only";
 // section: imports
 import { get_forgot_password_config } from "../lib/forgot_password_config.server.js";
 import { ForgotPasswordClientWrapper } from "./forgot_password_client_wrapper.js";
+import { readStrings } from "../strings.js";
 import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
 import { DEFAULT_FORGOT_PASSWORD } from "../lib/config/default_config.js";
 // section: component
@@ -31,16 +32,21 @@ import { DEFAULT_FORGOT_PASSWORD } from "../lib/config/default_config.js";
  * @param props - Optional visual and navigation customization props
  * @returns Server-rendered forgot password page
  */
-export default function ForgotPasswordPage(props) {
-    const { image_src, image_alt, image_background_color, sign_in_path = DEFAULT_FORGOT_PASSWORD.loginPath, sign_in_label = DEFAULT_FORGOT_PASSWORD.loginLabel, } = props !== null && props !== void 0 ? props : {};
+export default function ForgotPasswordPage({ image_src, image_alt, image_background_color, sign_in_path = DEFAULT_FORGOT_PASSWORD.loginPath, sign_in_label = DEFAULT_FORGOT_PASSWORD.loginLabel, } = {}) {
     // Load configuration from INI file (with defaults including asset images)
     const config = get_forgot_password_config();
+    const strings = readStrings();
+    const fp_strings = strings.forgot_password;
     // Use props if provided, otherwise fall back to config (which includes default asset image)
     const finalImageSrc = image_src || config.imageSrc;
     const finalImageAlt = image_alt || config.imageAlt;
     const finalImageBackgroundColor = image_background_color || config.imageBackgroundColor;
     // Pass serializable config to client wrapper, wrapped in AuthPageShell for navbar support
-    return (_jsx(AuthPageShell, { children: _jsx(ForgotPasswordClientWrapper, { image_src: finalImageSrc, image_alt: finalImageAlt, image_background_color: finalImageBackgroundColor, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath }) }));
+    return (_jsx(AuthPageShell, { children: _jsx(ForgotPasswordClientWrapper, { image_src: finalImageSrc, image_alt: finalImageAlt, image_background_color: finalImageBackgroundColor, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, labels: {
+                heading: fp_strings.title,
+                subHeading: fp_strings.subtitle,
+                submitButton: fp_strings.ctaText,
+            } }) }));
 }
 // Named export for direct imports
 export { ForgotPasswordPage };

package/dist/server_pages/forgot_password_client_wrapper.d.ts

@@ -1,4 +1,5 @@
 import type { ForgotPasswordConfig } from "../lib/forgot_password_config.server";
+import type { LayoutLabelOverrides } from "../components/layouts/shared/config/layout_customization";
 import type { StaticImageData } from "next/image";
 export type ForgotPasswordClientWrapperProps = Omit<ForgotPasswordConfig, 'imageSrc' | 'imageAlt' | 'imageBackgroundColor'> & {
     image_src: string | StaticImageData;
@@ -6,10 +7,11 @@ export type ForgotPasswordClientWrapperProps = Omit<ForgotPasswordConfig, 'image
     image_background_color: string;
     sign_in_path: string;
     sign_in_label: string;
+    labels?: LayoutLabelOverrides;
 };
 /**
  * Client wrapper for ForgotPasswordLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export declare function ForgotPasswordClientWrapper({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, }: ForgotPasswordClientWrapperProps): import("react/jsx-runtime").JSX.Element;
+export declare function ForgotPasswordClientWrapper({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, labels, }: ForgotPasswordClientWrapperProps): import("react/jsx-runtime").JSX.Element;
 //# sourceMappingURL=forgot_password_client_wrapper.d.ts.map

package/dist/server_pages/forgot_password_client_wrapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAGjF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,gCAAgC,GAAG,IAAI,CAAC,oBAAoB,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,CAAC,GAAG;IAC5H,SAAS,EAAE,MAAM,GAAG,eAAe,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAGF;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,GACf,EAAE,gCAAgC,2CAmClC"}
+{"version":3,"file":"forgot_password_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0DAA0D,CAAC;AAGrG,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,gCAAgC,GAAG,IAAI,CAAC,oBAAoB,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,CAAC,GAAG;IAC5H,SAAS,EAAE,MAAM,GAAG,eAAe,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,oBAAoB,CAAC;CAC/B,CAAC;AAGF;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,MAAM,GACP,EAAE,gCAAgC,2CAoClC"}

package/dist/server_pages/forgot_password_client_wrapper.js

@@ -11,7 +11,7 @@ import { create_sqlite_hazo_connect } from "../lib/hazo_connect_setup.js";
  * Client wrapper for ForgotPasswordLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export function ForgotPasswordClientWrapper({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, }) {
+export function ForgotPasswordClientWrapper({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, labels, }) {
     const [dataClient, setDataClient] = useState(null);
     useEffect(() => {
         // Initialize hazo_connect on client side
@@ -23,5 +23,5 @@ export function ForgotPasswordClientWrapper({ image_src, image_alt, image_backgr
     if (!dataClient) {
         return (_jsx("div", { className: "cls_forgot_password_page_loading flex items-center justify-center min-h-screen", children: _jsx("div", { className: "text-slate-600 animate-pulse", children: "Loading..." }) }));
     }
-    return (_jsx(ForgotPasswordLayout, { image_src: image_src, image_alt: image_alt, image_background_color: image_background_color, data_client: dataClient, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath }));
+    return (_jsx(ForgotPasswordLayout, { image_src: image_src, image_alt: image_alt, image_background_color: image_background_color, data_client: dataClient, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, labels: labels }));
 }

package/dist/server_pages/index.d.ts

@@ -10,4 +10,6 @@ export type { ForgotPasswordPageProps } from "./forgot_password";
 export type { ResetPasswordPageProps } from "./reset_password";
 export type { VerifyEmailPageProps } from "./verify_email";
 export type { MySettingsPageProps } from "./my_settings";
+export { default as OTPPage } from "./otp.js";
+export type { OTPPageProps } from "./otp";
 //# sourceMappingURL=index.d.ts.map

package/dist/server_pages/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server_pages/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AACrD,OAAO,EAAE,OAAO,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAClE,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,eAAe,CAAC;AAG1D,YAAY,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAC9C,YAAY,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AACpD,YAAY,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AACjE,YAAY,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC/D,YAAY,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAC3D,YAAY,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server_pages/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AACrD,OAAO,EAAE,OAAO,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAClE,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,eAAe,CAAC;AAG1D,YAAY,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAC9C,YAAY,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AACpD,YAAY,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AACjE,YAAY,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC/D,YAAY,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAC3D,YAAY,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,OAAO,CAAC;AAC3C,YAAY,EAAE,YAAY,EAAE,MAAM,OAAO,CAAC"}

package/dist/server_pages/index.js

@@ -5,3 +5,4 @@ export { default as ForgotPasswordPage } from "./forgot_password.js";
 export { default as ResetPasswordPage } from "./reset_password.js";
 export { default as VerifyEmailPage } from "./verify_email.js";
 export { default as MySettingsPage } from "./my_settings.js";
+export { default as OTPPage } from "./otp.js";

package/dist/server_pages/login.d.ts

@@ -52,6 +52,6 @@ export type LoginPageProps = {
  * @param props - Optional visual customization props
  * @returns Server-rendered login page
  */
-export default function LoginPage(props: LoginPageProps): import("react/jsx-runtime").JSX.Element;
+export default function LoginPage({ image_src, image_alt, image_background_color, layout, }?: LoginPageProps): import("react/jsx-runtime").JSX.Element;
 export { LoginPage };
 //# sourceMappingURL=login.d.ts.map

package/dist/server_pages/login.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/server_pages/login.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AASrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,cAAc,GAAG;IAC3B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC;;;;;;;;;;OAUG;IACH,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;CACrC,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,KAAK,EAAE,cAAc,2CAoEtD;AAGD,OAAO,EAAE,SAAS,EAAE,CAAC"}
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/server_pages/login.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAUrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,cAAc,GAAG;IAC3B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC;;;;;;;;;;OAUG;IACH,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;CACrC,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,EAChC,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,MAAqB,GACtB,GAAE,cAAmB,2CAsErB;AAGD,OAAO,EAAE,SAAS,EAAE,CAAC"}

package/dist/server_pages/login.js

@@ -6,6 +6,7 @@ import "server-only";
 import { get_login_config } from "../lib/login_config.server.js";
 import { get_navbar_config } from "../lib/navbar_config.server.js";
 import { LoginClientWrapper } from "./login_client_wrapper.js";
+import { readStrings } from "../strings.js";
 import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
 import { FloatingHomeLink } from "../components/layouts/shared/components/floating_home_link.js";
 // section: component
@@ -32,10 +33,12 @@ import { FloatingHomeLink } from "../components/layouts/shared/components/floati
  * @param props - Optional visual customization props
  * @returns Server-rendered login page
  */
-export default function LoginPage(props) {
-    const { image_src, image_alt, image_background_color, layout = "two_column", } = props !== null && props !== void 0 ? props : {};
+export default function LoginPage({ image_src, image_alt, image_background_color, layout = "two_column", } = {}) {
     // Load configuration from INI file (with defaults including asset images)
     const config = get_login_config();
+    // Resolve strings for heading/subheading/ctaText
+    const strings = readStrings();
+    const login_strings = strings.login;
     // Use props if provided, otherwise fall back to config (which includes default asset image)
     const finalImageSrc = image_src || config.imageSrc;
     const finalImageAlt = image_alt || config.imageAlt;
@@ -45,7 +48,13 @@ export default function LoginPage(props) {
             enable_email_password: config.oauth.enable_email_password,
             google_button_text: config.oauth.google_button_text,
             oauth_divider_text: config.oauth.oauth_divider_text,
-        }, otpSigninEnabled: config.otpSigninEnabled, otpSigninLabel: config.otpSigninLabel, otpSigninHref: config.otpSigninHref, layout: layout }));
+            enable_facebook_oauth: config.oauth.enable_facebook_oauth,
+            facebook_button_text: config.oauth.facebook_button_text,
+        }, layout: layout, labels: {
+            heading: login_strings.title,
+            subHeading: login_strings.subtitle,
+            submitButton: login_strings.ctaText,
+        } }));
     // form_only mode: skip AuthPageShell so the consumer's own page chrome
     // (e.g. a split-panel AuthLayout) hosts the form without our standalone
     // wrapper interfering. Two-column mode keeps the existing AuthPageShell

package/dist/server_pages/login_client_wrapper.d.ts

@@ -1,5 +1,6 @@
 import type { LoginConfig } from "../lib/login_config.server";
 import type { OAuthLayoutConfig } from "../components/layouts/login/index";
+import type { LayoutLabelOverrides } from "../components/layouts/shared/config/layout_customization";
 import type { StaticImageData } from "next/image";
 export type LoginClientWrapperProps = Omit<LoginConfig, 'imageSrc' | 'imageAlt' | 'imageBackgroundColor' | 'oauth' | 'showCreateAccountLink'> & {
     image_src?: string | StaticImageData;
@@ -11,10 +12,12 @@ export type LoginClientWrapperProps = Omit<LoginConfig, 'imageSrc' | 'imageAlt'
     oauth?: OAuthLayoutConfig;
     /** Layout mode — see LoginLayoutProps.layout. Default `"two_column"`. */
     layout?: "two_column" | "form_only";
+    /** String overrides for page heading, subheading, and submit button. */
+    labels?: LayoutLabelOverrides;
 };
 /**
  * Client wrapper for LoginLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export declare function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink, oauth, otpSigninEnabled, otpSigninLabel, otpSigninHref, layout, }: LoginClientWrapperProps): import("react/jsx-runtime").JSX.Element;
+export declare function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink, oauth, layout, labels, }: LoginClientWrapperProps): import("react/jsx-runtime").JSX.Element;
 //# sourceMappingURL=login_client_wrapper.d.ts.map

package/dist/server_pages/login_client_wrapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/login_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAG3E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,GAAG,OAAO,GAAG,uBAAuB,CAAC,GAAG;IAC9I,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,0BAA0B;IAC1B,KAAK,CAAC,EAAE,iBAAiB,CAAC;IAC1B,yEAAyE;IACzE,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;CACrC,CAAC;AAGF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EACjC,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,aAAa,EACb,cAAc,EACd,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,qBAA4B,EAC5B,KAAK,EACL,gBAAwB,EACxB,cAA0C,EAC1C,aAAgC,EAChC,MAAqB,GACtB,EAAE,uBAAuB,2CA6CzB"}
+{"version":3,"file":"login_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/login_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0DAA0D,CAAC;AAGrG,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,GAAG,OAAO,GAAG,uBAAuB,CAAC,GAAG;IAC9I,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,0BAA0B;IAC1B,KAAK,CAAC,EAAE,iBAAiB,CAAC;IAC1B,yEAAyE;IACzE,MAAM,CAAC,EAAE,YAAY,GAAG,WAAW,CAAC;IACpC,wEAAwE;IACxE,MAAM,CAAC,EAAE,oBAAoB,CAAC;CAC/B,CAAC;AAGF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EACjC,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,aAAa,EACb,cAAc,EACd,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,qBAA4B,EAC5B,KAAK,EACL,MAAqB,EACrB,MAAM,GACP,EAAE,uBAAuB,2CA2CzB"}

package/dist/server_pages/login_client_wrapper.js

@@ -11,7 +11,7 @@ import { create_sqlite_hazo_connect } from "../lib/hazo_connect_setup.js";
  * Client wrapper for LoginLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink = true, oauth, otpSigninEnabled = false, otpSigninLabel = "Sign in with email code", otpSigninHref = "/hazo_auth/otp", layout = "two_column", }) {
+export function LoginClientWrapper({ image_src, image_alt, image_background_color, redirectRoute, successMessage, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, forgotPasswordPath, forgotPasswordLabel, createAccountPath, createAccountLabel, showCreateAccountLink = true, oauth, layout = "two_column", labels, }) {
     const [dataClient, setDataClient] = useState(null);
     useEffect(() => {
         // Initialize hazo_connect on client side
@@ -23,5 +23,5 @@ export function LoginClientWrapper({ image_src, image_alt, image_background_colo
     if (!dataClient) {
         return (_jsx("div", { className: "cls_login_page_loading flex items-center justify-center min-h-screen", children: _jsx("div", { className: "text-slate-600 animate-pulse", children: "Loading..." }) }));
     }
-    return (_jsx(LoginLayout, { image_src: image_src, image_alt: image_alt, image_background_color: image_background_color, data_client: dataClient, redirectRoute: redirectRoute, successMessage: successMessage, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, forgot_password_path: forgotPasswordPath, forgot_password_label: forgotPasswordLabel, create_account_path: createAccountPath, create_account_label: createAccountLabel, show_create_account_link: showCreateAccountLink, oauth: oauth, otp_signin_enabled: otpSigninEnabled, otp_signin_label: otpSigninLabel, otp_signin_href: otpSigninHref, layout: layout }));
+    return (_jsx(LoginLayout, { image_src: image_src, image_alt: image_alt, image_background_color: image_background_color, data_client: dataClient, redirectRoute: redirectRoute, successMessage: successMessage, alreadyLoggedInMessage: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, forgot_password_path: forgotPasswordPath, forgot_password_label: forgotPasswordLabel, create_account_path: createAccountPath, create_account_label: createAccountLabel, show_create_account_link: showCreateAccountLink, oauth: oauth, layout: layout, labels: labels }));
 }

package/dist/server_pages/my_settings.d.ts

@@ -50,6 +50,6 @@ export type MySettingsPageProps = {
  * @param props - Optional className for custom styling
  * @returns Server-rendered my settings component
  */
-export default function MySettingsPage(props: MySettingsPageProps): import("react/jsx-runtime").JSX.Element;
+export default function MySettingsPage({ className, }?: MySettingsPageProps): import("react/jsx-runtime").JSX.Element;
 export { MySettingsPage };
 //# sourceMappingURL=my_settings.d.ts.map

package/dist/server_pages/my_settings.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"my_settings.d.ts","sourceRoot":"","sources":["../../src/server_pages/my_settings.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAQrB,MAAM,MAAM,mBAAmB,GAAG;IAChC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AACH,MAAM,CAAC,OAAO,UAAU,cAAc,CAAC,KAAK,EAAE,mBAAmB,2CAiChE;AAGD,OAAO,EAAE,cAAc,EAAE,CAAC"}
+{"version":3,"file":"my_settings.d.ts","sourceRoot":"","sources":["../../src/server_pages/my_settings.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAQrB,MAAM,MAAM,mBAAmB,GAAG;IAChC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AACH,MAAM,CAAC,OAAO,UAAU,cAAc,CAAC,EACrC,SAAS,GACV,GAAE,mBAAwB,2CAgC1B;AAGD,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/server_pages/my_settings.js

@@ -52,8 +52,7 @@ import { AuthPageShell } from "../components/layouts/shared/components/auth_page
  * @param props - Optional className for custom styling
  * @returns Server-rendered my settings component
  */
-export default function MySettingsPage(props) {
-    const { className } = props !== null && props !== void 0 ? props : {};
+export default function MySettingsPage({ className, } = {}) {
     // Load configuration from INI file (with defaults)
     const config = get_my_settings_config();
     // Render layout with all server-initialized configuration, wrapped in AuthPageShell for navbar support

package/dist/server_pages/otp.d.ts

@@ -12,9 +12,23 @@ export type OTPPageProps = {
     };
     /**
      * Page heading passed through to OTPLayout.
-     * Defaults to "Sign in with email code".
+     * Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
      */
     title?: string;
+    /**
+     * Page subtitle. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
+     */
+    subtitle?: string;
+    /**
+     * Submit button label. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS.
+     */
+    ctaText?: string;
+    /**
+     * Optional theme that controls visual appearance and layout mode.
+     * When `theme.layout` is `"split"`, activates the two-column split layout
+     * with the brand panel on the left.
+     */
+    theme?: import("../theme/theme_types").HazoAuthTheme;
 };
 /**
  * Zero-config OTPPage server component
@@ -37,6 +51,6 @@ export type OTPPageProps = {
  * @param props - Optional searchParams and title
  * @returns Server-rendered OTP sign-in page
  */
-export default function OTPPage({ searchParams, title, }?: OTPPageProps): Promise<React.ReactElement>;
+export default function OTPPage({ searchParams, title, subtitle, ctaText, theme, }?: OTPPageProps): Promise<React.ReactElement>;
 export { OTPPage };
 //# sourceMappingURL=otp.d.ts.map

package/dist/server_pages/otp.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"otp.d.ts","sourceRoot":"","sources":["../../src/server_pages/otp.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAK/B,MAAM,MAAM,YAAY,GAAG;IACzB;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAEtE;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAA8B,OAAO,CAAC,EACpC,YAAY,EACZ,KAAK,GACN,GAAE,YAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAYjD;AAGD,OAAO,EAAE,OAAO,EAAE,CAAC"}
+{"version":3,"file":"otp.d.ts","sourceRoot":"","sources":["../../src/server_pages/otp.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAM/B,MAAM,MAAM,YAAY,GAAG;IACzB;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAEtE;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,sBAAsB,EAAE,aAAa,CAAC;CACtD,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAA8B,OAAO,CAAC,EACpC,YAAY,EACZ,KAAK,EACL,QAAQ,EACR,OAAO,EACP,KAAK,GACN,GAAE,YAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAyBjD;AAGD,OAAO,EAAE,OAAO,EAAE,CAAC"}