hazo_auth 7.0.1 → 7.0.2

package/dist/page_components/verify_email.js

@@ -21,6 +21,10 @@ import { useEffect, useState } from "react";
 import email_verification_layout from "../components/layouts/email_verification/index.js";
 import { createLayoutDataClient } from "../components/layouts/shared/data/layout_data_client.js";
 import { create_sqlite_hazo_connect } from "../lib/hazo_connect_setup.js";
+// section: constants
+const DEFAULT_IMAGE_SRC = "/hazo_auth/images/verify_email_default.jpg";
+const DEFAULT_IMAGE_ALT = "Illustration of a globe representing secure authentication workflows";
+const DEFAULT_IMAGE_BG = "#f1f5f9";
 // section: component
 /**
  * Zero-config verify email page component
@@ -28,7 +32,7 @@ import { create_sqlite_hazo_connect } from "../lib/hazo_connect_setup.js";
  * @param props - Optional configuration overrides
  * @returns Verify email page component
  */
-export function VerifyEmailPage({ alreadyLoggedInMessage = "You are already logged in", showLogoutButton = true, showReturnHomeButton = false, returnHomeButtonLabel = "Return home", returnHomePath = "/", redirectDelay = 3000, loginPath = "/hazo_auth/login", } = {}) {
+export function VerifyEmailPage({ alreadyLoggedInMessage = "You are already logged in", showLogoutButton = true, showReturnHomeButton = false, returnHomeButtonLabel = "Return home", returnHomePath = "/", redirectDelay = 3000, loginPath = "/hazo_auth/login", imageSrc = DEFAULT_IMAGE_SRC, imageAlt = DEFAULT_IMAGE_ALT, imageBackgroundColor = DEFAULT_IMAGE_BG, } = {}) {
     const [dataClient, setDataClient] = useState(null);
     useEffect(() => {
         // Initialize hazo_connect on client side
@@ -41,6 +45,6 @@ export function VerifyEmailPage({ alreadyLoggedInMessage = "You are already logg
         return (_jsx("div", { className: "cls_verify_email_page_loading flex items-center justify-center min-h-screen", children: _jsx("div", { className: "text-slate-600 animate-pulse", children: "Loading..." }) }));
     }
     const EmailVerificationLayout = email_verification_layout;
-    return (_jsx(EmailVerificationLayout, { data_client: dataClient, already_logged_in_message: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, redirect_delay: redirectDelay, login_path: loginPath }));
+    return (_jsx(EmailVerificationLayout, { image_src: imageSrc, image_alt: imageAlt, image_background_color: imageBackgroundColor, data_client: dataClient, already_logged_in_message: alreadyLoggedInMessage, showLogoutButton: showLogoutButton, showReturnHomeButton: showReturnHomeButton, returnHomeButtonLabel: returnHomeButtonLabel, returnHomePath: returnHomePath, redirect_delay: redirectDelay, login_path: loginPath }));
 }
 export default VerifyEmailPage;

package/dist/server/routes/assets.d.ts

@@ -0,0 +1,8 @@
+import "server-only";
+import { NextRequest, NextResponse } from "next/server";
+export declare function assetGET(_request: NextRequest, { params }: {
+    params: {
+        name: string;
+    };
+}): Promise<NextResponse>;
+//# sourceMappingURL=assets.d.ts.map

package/dist/server/routes/assets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assets.d.ts","sourceRoot":"","sources":["../../../src/server/routes/assets.ts"],"names":[],"mappings":"AACA,OAAO,aAAa,CAAC;AACrB,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAoBxD,wBAAsB,QAAQ,CAC5B,QAAQ,EAAE,WAAW,EACrB,EAAE,MAAM,EAAE,EAAE;IAAE,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,GACvC,OAAO,CAAC,YAAY,CAAC,CAuBvB"}

package/dist/server/routes/assets.js

@@ -0,0 +1,38 @@
+// file_description: Route handler serving static assets from the package dist directory
+import "server-only";
+import { NextResponse } from "next/server";
+import path from "path";
+import fs from "fs";
+const ASSETS_DIR = path.join(path.dirname(require.resolve("hazo_auth/package.json")), "dist", "assets", "images");
+const MIME = {
+    ".jpg": "image/jpeg",
+    ".jpeg": "image/jpeg",
+    ".png": "image/png",
+    ".webp": "image/webp",
+    ".svg": "image/svg+xml",
+    ".gif": "image/gif",
+};
+export async function assetGET(_request, { params }) {
+    const name = params.name;
+    // Reject path traversal
+    if (name.includes("..") || name.includes("/") || name.includes("\\")) {
+        return new NextResponse("Not found", { status: 404 });
+    }
+    const ext = path.extname(name).toLowerCase();
+    const mime = MIME[ext];
+    if (!mime) {
+        return new NextResponse("Not found", { status: 404 });
+    }
+    const file_path = path.join(ASSETS_DIR, name);
+    if (!fs.existsSync(file_path)) {
+        return new NextResponse("Not found", { status: 404 });
+    }
+    const buffer = fs.readFileSync(file_path);
+    return new NextResponse(buffer, {
+        status: 200,
+        headers: {
+            "Content-Type": mime,
+            "Cache-Control": "public, max-age=31536000, immutable",
+        },
+    });
+}

package/dist/server/routes/consent_me.d.ts

@@ -0,0 +1,4 @@
+import "server-only";
+import { NextRequest, NextResponse } from "next/server";
+export declare function consentMeGET(request: NextRequest): Promise<NextResponse>;
+//# sourceMappingURL=consent_me.d.ts.map

package/dist/server/routes/consent_me.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"consent_me.d.ts","sourceRoot":"","sources":["../../../src/server/routes/consent_me.ts"],"names":[],"mappings":"AACA,OAAO,aAAa,CAAC;AACrB,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAYxD,wBAAsB,YAAY,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC,CAG9E"}

package/dist/server/routes/consent_me.js

@@ -0,0 +1,15 @@
+// file_description: Route handler returning the current user's parsed consent state
+import "server-only";
+import { NextResponse } from "next/server";
+import { read_consent } from "../../consent/read_consent.js";
+const DEFAULT_CONSENT = {
+    necessary: true,
+    functional: false,
+    analytics: false,
+    marketing: false,
+    version: 1,
+};
+export async function consentMeGET(request) {
+    const consent = read_consent(request.headers);
+    return NextResponse.json(consent !== null && consent !== void 0 ? consent : DEFAULT_CONSENT, { status: 200 });
+}

package/dist/server/routes/index.d.ts

@@ -8,8 +8,6 @@ export { POST as changePasswordPOST } from "./change_password.js";
 export { GET as validateResetTokenGET } from "./validate_reset_token.js";
 export { GET as verifyEmailGET } from "./verify_email.js";
 export { POST as resendVerificationPOST } from "./resend_verification.js";
-export { otpRequestPOST } from "./otp/request.js";
-export { otpVerifyPOST } from "./otp/verify.js";
 export { PATCH as updateUserPATCH } from "./update_user.js";
 export { POST as uploadProfilePicturePOST } from "./upload_profile_picture.js";
 export { DELETE as removeProfilePictureDELETE } from "./remove_profile_picture.js";
@@ -18,7 +16,7 @@ export { GET as libraryPhotoGET } from "./library_photo.js";
 export { GET as profilePictureFilenameGET } from "./profile_picture_filename.js";
 export { POST as getAuthPOST } from "./get_auth.js";
 export { POST as invalidateCachePOST } from "./invalidate_cache.js";
-export { GET as userManagementUsersGET, PATCH as userManagementUsersPATCH, POST as userManagementUsersPOST } from "./user_management_users.js";
+export { GET as userManagementUsersGET, PATCH as userManagementUsersPATCH, POST as userManagementUsersPOST, DELETE as userManagementUsersDELETE } from "./user_management_users.js";
 export { GET as userManagementPermissionsGET, POST as userManagementPermissionsPOST, PUT as userManagementPermissionsPUT, DELETE as userManagementPermissionsDELETE } from "./user_management_permissions.js";
 export { GET as userManagementRolesGET, POST as userManagementRolesPOST, PUT as userManagementRolesPUT } from "./user_management_roles.js";
 export { GET as userManagementUsersRolesGET, POST as userManagementUsersRolesPOST, PUT as userManagementUsersRolesPUT } from "./user_management_users_roles.js";
@@ -28,10 +26,14 @@ export { GET as invitationsGET, POST as invitationsPOST, PATCH as invitationsPAT
 export { POST as createFirmPOST } from "./create_firm.js";
 export { GET as nextauthGET, POST as nextauthPOST } from "./nextauth.js";
 export { GET as oauthGoogleCallbackGET } from "./oauth_google_callback.js";
-export { facebookCallbackGET } from "./oauth_facebook_callback.js";
+export { GET as oauthFacebookCallbackGET } from "./oauth_facebook_callback.js";
 export { POST as setPasswordPOST } from "./set_password.js";
 export { GET as relationshipsGET, POST as relationshipsPOST, PATCH as relationshipsPATCH, DELETE as relationshipsDELETE } from "./relationships.js";
 export { POST as relationshipSelfPOST } from "./relationship_self.js";
 export { POST as relationshipUpgradePOST } from "./relationship_upgrade.js";
 export { POST as pinLoginPOST } from "./pin_login.js";
+export { otpRequestPOST } from "./otp/request.js";
+export { otpVerifyPOST } from "./otp/verify.js";
+export { consentMeGET } from "./consent_me.js";
+export { stringsDefaultsGET } from "./strings_defaults.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/server/routes/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/routes/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,IAAI,IAAI,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,GAAG,IAAI,KAAK,EAAE,MAAM,MAAM,CAAC;AAGpC,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,IAAI,IAAI,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,GAAG,IAAI,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAGtE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,IAAI,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAGvE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EAAE,KAAK,IAAI,eAAe,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,IAAI,IAAI,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAC5E,OAAO,EAAE,MAAM,IAAI,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,GAAG,IAAI,eAAe,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,GAAG,IAAI,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAG9E,OAAO,EAAE,IAAI,IAAI,WAAW,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,IAAI,IAAI,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAGjE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,KAAK,IAAI,wBAAwB,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAC5I,OAAO,EAAE,GAAG,IAAI,4BAA4B,EAAE,IAAI,IAAI,6BAA6B,EAAE,GAAG,IAAI,4BAA4B,EAAE,MAAM,IAAI,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAC3M,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,IAAI,IAAI,uBAAuB,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxI,OAAO,EAAE,GAAG,IAAI,2BAA2B,EAAE,IAAI,IAAI,4BAA4B,EAAE,GAAG,IAAI,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAG7J,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,KAAK,IAAI,gBAAgB,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACvI,OAAO,EAAE,GAAG,IAAI,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAGrE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,IAAI,IAAI,eAAe,EAAE,KAAK,IAAI,gBAAgB,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGvI,OAAO,EAAE,IAAI,IAAI,cAAc,EAAE,MAAM,eAAe,CAAC;AAGvD,OAAO,EAAE,GAAG,IAAI,WAAW,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AACtE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,IAAI,IAAI,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGzD,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,IAAI,IAAI,iBAAiB,EAAE,KAAK,IAAI,kBAAkB,EAAE,MAAM,IAAI,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACjJ,OAAO,EAAE,IAAI,IAAI,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/routes/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,IAAI,IAAI,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,GAAG,IAAI,KAAK,EAAE,MAAM,MAAM,CAAC;AAGpC,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,IAAI,IAAI,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,GAAG,IAAI,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAGtE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,IAAI,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAGvE,OAAO,EAAE,KAAK,IAAI,eAAe,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,IAAI,IAAI,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAC5E,OAAO,EAAE,MAAM,IAAI,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,GAAG,IAAI,eAAe,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,GAAG,IAAI,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAG9E,OAAO,EAAE,IAAI,IAAI,WAAW,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,IAAI,IAAI,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAGjE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,KAAK,IAAI,wBAAwB,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,IAAI,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACjL,OAAO,EAAE,GAAG,IAAI,4BAA4B,EAAE,IAAI,IAAI,6BAA6B,EAAE,GAAG,IAAI,4BAA4B,EAAE,MAAM,IAAI,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAC3M,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,IAAI,IAAI,uBAAuB,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxI,OAAO,EAAE,GAAG,IAAI,2BAA2B,EAAE,IAAI,IAAI,4BAA4B,EAAE,GAAG,IAAI,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAG7J,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,KAAK,IAAI,gBAAgB,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACvI,OAAO,EAAE,GAAG,IAAI,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAGrE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,IAAI,IAAI,eAAe,EAAE,KAAK,IAAI,gBAAgB,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGvI,OAAO,EAAE,IAAI,IAAI,cAAc,EAAE,MAAM,eAAe,CAAC;AAGvD,OAAO,EAAE,GAAG,IAAI,WAAW,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AACtE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,GAAG,IAAI,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,IAAI,IAAI,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGzD,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,IAAI,IAAI,iBAAiB,EAAE,KAAK,IAAI,kBAAkB,EAAE,MAAM,IAAI,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACjJ,OAAO,EAAE,IAAI,IAAI,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,aAAa,CAAC;AAGnD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/server/routes/index.js

@@ -13,9 +13,6 @@ export { GET as validateResetTokenGET } from "./validate_reset_token.js";
 // Email verification routes
 export { GET as verifyEmailGET } from "./verify_email.js";
 export { POST as resendVerificationPOST } from "./resend_verification.js";
-// OTP routes (one-time password via email)
-export { otpRequestPOST } from "./otp/request.js";
-export { otpVerifyPOST } from "./otp/verify.js";
 // User profile routes
 export { PATCH as updateUserPATCH } from "./update_user.js";
 export { POST as uploadProfilePicturePOST } from "./upload_profile_picture.js";
@@ -27,7 +24,7 @@ export { GET as profilePictureFilenameGET } from "./profile_picture_filename.js"
 export { POST as getAuthPOST } from "./get_auth.js";
 export { POST as invalidateCachePOST } from "./invalidate_cache.js";
 // User management routes
-export { GET as userManagementUsersGET, PATCH as userManagementUsersPATCH, POST as userManagementUsersPOST } from "./user_management_users.js";
+export { GET as userManagementUsersGET, PATCH as userManagementUsersPATCH, POST as userManagementUsersPOST, DELETE as userManagementUsersDELETE } from "./user_management_users.js";
 export { GET as userManagementPermissionsGET, POST as userManagementPermissionsPOST, PUT as userManagementPermissionsPUT, DELETE as userManagementPermissionsDELETE } from "./user_management_permissions.js";
 export { GET as userManagementRolesGET, POST as userManagementRolesPOST, PUT as userManagementRolesPUT } from "./user_management_roles.js";
 export { GET as userManagementUsersRolesGET, POST as userManagementUsersRolesPOST, PUT as userManagementUsersRolesPUT } from "./user_management_users_roles.js";
@@ -41,10 +38,17 @@ export { POST as createFirmPOST } from "./create_firm.js";
 // OAuth routes
 export { GET as nextauthGET, POST as nextauthPOST } from "./nextauth.js";
 export { GET as oauthGoogleCallbackGET } from "./oauth_google_callback.js";
-export { facebookCallbackGET } from "./oauth_facebook_callback.js";
+export { GET as oauthFacebookCallbackGET } from "./oauth_facebook_callback.js";
 export { POST as setPasswordPOST } from "./set_password.js";
 // Relationship routes (managed sub-profiles)
 export { GET as relationshipsGET, POST as relationshipsPOST, PATCH as relationshipsPATCH, DELETE as relationshipsDELETE } from "./relationships.js";
 export { POST as relationshipSelfPOST } from "./relationship_self.js";
 export { POST as relationshipUpgradePOST } from "./relationship_upgrade.js";
 export { POST as pinLoginPOST } from "./pin_login.js";
+// OTP sign-in routes
+export { otpRequestPOST } from "./otp/request.js";
+export { otpVerifyPOST } from "./otp/verify.js";
+// Consent routes
+export { consentMeGET } from "./consent_me.js";
+// Strings routes
+export { stringsDefaultsGET } from "./strings_defaults.js";

package/dist/server/routes/me.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"me.d.ts","sourceRoot":"","sources":["../../../src/server/routes/me.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AA+BxD;;;;;GAKG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;IAqJ7C"}
+{"version":3,"file":"me.d.ts","sourceRoot":"","sources":["../../../src/server/routes/me.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAoBxD;;;;;GAKG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;IA+G7C"}

package/dist/server/routes/me.js

@@ -1,7 +1,6 @@
 // file_description: API route handler to get current authenticated user information with permissions
 // section: imports
 import { NextResponse } from "next/server";
-import { jwtVerify } from "jose";
 import { hazo_get_auth } from "../../lib/auth/hazo_get_auth.server.js";
 import { get_hazo_connect_instance } from "../../lib/hazo_connect_instance.server.js";
 import { createCrudService } from "hazo_connect/server";
@@ -9,9 +8,6 @@ import { map_db_source_to_ui } from "../../lib/services/profile_picture_source_m
 import { create_app_logger } from "../../lib/app_logger.js";
 import { get_filename, get_line_number } from "../../lib/utils/api_route_helpers.js";
 import { is_user_types_enabled, get_user_type_by_key, } from "../../lib/user_types_config.server.js";
-import { get_cookie_name, get_cookie_options, BASE_COOKIE_NAMES, } from "../../lib/cookies_config.server.js";
-import { create_session_token } from "../../lib/services/session_token_service.js";
-import { get_otp_config, hazo_auth_otp_session_ttl_seconds, } from "../../lib/otp_config.server.js";
 // section: helpers
 function strip_sentinel_email(email) {
     if (!email)
@@ -28,7 +24,6 @@ function strip_sentinel_email(email) {
  * Always returns the same format to prevent downstream variations.
  */
 export async function GET(request) {
-    var _a, _b, _c, _d, _e, _f;
     const logger = create_app_logger();
     try {
         // Use hazo_get_auth to get user with permissions
@@ -75,7 +70,7 @@ export async function GET(request) {
         }
         // Return unified format with all fields
         const profile_pic = auth_result.user.profile_picture_url;
-        const response = NextResponse.json({
+        return NextResponse.json({
             authenticated: true,
             // Top-level fields for backward compatibility
             user_id: auth_result.user.id,
@@ -105,43 +100,6 @@ export async function GET(request) {
             permission_ok: auth_result.permission_ok,
             missing_permissions: auth_result.missing_permissions,
         }, { status: 200 });
-        // --- OTP sliding-session hook ---
-        const session_kind = (_a = request.cookies.get(get_cookie_name(BASE_COOKIE_NAMES.SESSION_KIND))) === null || _a === void 0 ? void 0 : _a.value;
-        if (session_kind === "otp") {
-            try {
-                const session_cookie = (_b = request.cookies.get(get_cookie_name(BASE_COOKIE_NAMES.SESSION))) === null || _b === void 0 ? void 0 : _b.value;
-                if (session_cookie) {
-                    const secret = new TextEncoder().encode((_c = process.env.JWT_SECRET) !== null && _c !== void 0 ? _c : "");
-                    const { payload } = await jwtVerify(session_cookie, secret);
-                    const exp = Number((_d = payload.exp) !== null && _d !== void 0 ? _d : 0);
-                    const now_seconds = Math.floor(Date.now() / 1000);
-                    const otp_cfg = get_otp_config();
-                    const seconds_until_exp = exp - now_seconds;
-                    if (seconds_until_exp > 0 && seconds_until_exp < otp_cfg.slide_when_within_seconds) {
-                        const ttl_seconds = hazo_auth_otp_session_ttl_seconds();
-                        const user_id = String((_e = payload.user_id) !== null && _e !== void 0 ? _e : "");
-                        const user_email = String((_f = payload.email) !== null && _f !== void 0 ? _f : "");
-                        const new_token = await create_session_token(user_id, user_email, undefined, ttl_seconds);
-                        const cookie_options = get_cookie_options({
-                            httpOnly: true,
-                            secure: process.env.NODE_ENV === "production",
-                            sameSite: "lax",
-                            path: "/",
-                            maxAge: ttl_seconds,
-                        });
-                        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.SESSION), new_token, cookie_options);
-                        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.USER_ID), user_id, cookie_options);
-                        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.USER_EMAIL), user_email, cookie_options);
-                        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.SESSION_KIND), "otp", cookie_options);
-                    }
-                }
-            }
-            catch (slide_err) {
-                // Slide is best-effort — never break /me for this
-            }
-        }
-        // --- end OTP sliding-session hook ---
-        return response;
     }
     catch (error) {
         const error_message = error instanceof Error ? error.message : "Unknown error";

package/dist/server/routes/oauth_facebook_callback.d.ts

@@ -4,5 +4,5 @@ import { NextRequest, NextResponse } from "next/server";
  * The user creation/linking is done in NextAuth signIn callback
  * This route just sets the hazo_auth session cookies
  */
-export declare function facebookCallbackGET(original_request: NextRequest): Promise<NextResponse<unknown>>;
+export declare function GET(original_request: NextRequest): Promise<NextResponse<unknown>>;
 //# sourceMappingURL=oauth_facebook_callback.d.ts.map

package/dist/server/routes/oauth_facebook_callback.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth_facebook_callback.d.ts","sourceRoot":"","sources":["../../../src/server/routes/oauth_facebook_callback.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAuBxD;;;;GAIG;AACH,wBAAsB,mBAAmB,CAAC,gBAAgB,EAAE,WAAW,kCAoKtE"}
+{"version":3,"file":"oauth_facebook_callback.d.ts","sourceRoot":"","sources":["../../../src/server/routes/oauth_facebook_callback.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAuBxD;;;;GAIG;AACH,wBAAsB,GAAG,CAAC,gBAAgB,EAAE,WAAW,kCAiLtD"}

package/dist/server/routes/oauth_facebook_callback.js

@@ -17,7 +17,7 @@ import { rewrite_request_for_proxy } from "../../lib/utils/proxy_request.js";
  * The user creation/linking is done in NextAuth signIn callback
  * This route just sets the hazo_auth session cookies
  */
-export async function facebookCallbackGET(original_request) {
+export async function GET(original_request) {
     // Rewrite request.url to public origin when behind a reverse proxy.
     const request = rewrite_request_for_proxy(original_request);
     const logger = create_app_logger();
@@ -139,6 +139,13 @@ export async function facebookCallbackGET(original_request) {
                 note: "OAuth login succeeded but session token creation failed - using legacy cookies",
             });
         }
+        // Set session kind cookie so downstream can identify sign-in method
+        response.cookies.set(get_cookie_name(BASE_COOKIE_NAMES.SESSION_KIND), "facebook", cookie_options);
+        logger.info("facebook_callback_session_created", {
+            filename: get_filename(),
+            user_id,
+            email,
+        });
         return response;
     }
     catch (error) {

package/dist/server/routes/oauth_google_callback.js

@@ -172,7 +172,7 @@ export async function GET(original_request) {
             error_message,
             error_stack,
         });
-        const login_url = new URL(sign_in_page, request.url);
+        const login_url = new URL("/hazo_auth/login", request.url);
         login_url.searchParams.set("error", "oauth_error");
         return NextResponse.redirect(login_url.toString());
     }

package/dist/server/routes/otp/verify.js

@@ -28,7 +28,7 @@ export async function otpVerifyPOST(request) {
             ip,
         });
         if (result.ok === false) {
-            return NextResponse.json({ ok: false, error: "invalid_or_expired" }, { status: 400 });
+            return NextResponse.json({ ok: false, error: result.error }, { status: 401 });
         }
         const ttl_seconds = hazo_auth_otp_session_ttl_seconds();
         const base_cookie_options = {
@@ -53,6 +53,6 @@ export async function otpVerifyPOST(request) {
     catch (err) {
         const msg = err instanceof Error ? err.message : String(err);
         logger.error("otp_verify_route_error", { error: msg });
-        return NextResponse.json({ ok: false, error: "invalid_or_expired" }, { status: 400 });
+        return NextResponse.json({ ok: false, error: "invalid_or_expired" }, { status: 401 });
     }
 }

package/dist/server/routes/strings_defaults.d.ts

@@ -0,0 +1,4 @@
+import "server-only";
+import { NextResponse } from "next/server";
+export declare function stringsDefaultsGET(): Promise<NextResponse>;
+//# sourceMappingURL=strings_defaults.d.ts.map

package/dist/server/routes/strings_defaults.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"strings_defaults.d.ts","sourceRoot":"","sources":["../../../src/server/routes/strings_defaults.ts"],"names":[],"mappings":"AACA,OAAO,aAAa,CAAC;AACrB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,YAAY,CAAC,CAEhE"}

package/dist/server/routes/strings_defaults.js

@@ -0,0 +1,7 @@
+// file_description: Route handler returning the DEFAULT_STRINGS object for introspection and testing
+import "server-only";
+import { NextResponse } from "next/server";
+import { DEFAULT_STRINGS } from "../../strings/default_strings.js";
+export async function stringsDefaultsGET() {
+    return NextResponse.json(DEFAULT_STRINGS, { status: 200 });
+}

package/dist/server/routes/user_management_users.d.ts

@@ -44,4 +44,15 @@ export declare function POST(request: NextRequest): Promise<NextResponse<{
 }> | NextResponse<{
     success: boolean;
 }>>;
+/**
+ * DELETE - Hard-delete a user from hazo_users (cascades to all related rows).
+ * Body: { user_id: string }
+ * Requires: admin_user_management permission (enforced by UI, not here — same
+ * pattern as PATCH/POST in this file which also don't re-auth).
+ */
+export declare function DELETE(request: NextRequest): Promise<NextResponse<{
+    error: string;
+}> | NextResponse<{
+    success: boolean;
+}>>;
 //# sourceMappingURL=user_management_users.d.ts.map

package/dist/server/routes/user_management_users.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user_management_users.d.ts","sourceRoot":"","sources":["../../../src/server/routes/user_management_users.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAexD,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAGvC;;;GAGG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;;;;;;;;;;;;;;;;;;IAyF7C;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,WAAW;;;;IAgI/C;AAED;;GAEG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;IA2E9C"}
+{"version":3,"file":"user_management_users.d.ts","sourceRoot":"","sources":["../../../src/server/routes/user_management_users.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAexD,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAGvC;;;GAGG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;;;;;;;;;;;;;;;;;;;IAyF7C;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,WAAW;;;;IAgI/C;AAED;;GAEG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;IA2E9C;AAED;;;;;GAKG;AACH,wBAAsB,MAAM,CAAC,OAAO,EAAE,WAAW;;;;IAuDhD"}

package/dist/server/routes/user_management_users.js

@@ -241,3 +241,53 @@ export async function POST(request) {
         return NextResponse.json({ error: "Failed to send password reset email" }, { status: 500 });
     }
 }
+/**
+ * DELETE - Hard-delete a user from hazo_users (cascades to all related rows).
+ * Body: { user_id: string }
+ * Requires: admin_user_management permission (enforced by UI, not here — same
+ * pattern as PATCH/POST in this file which also don't re-auth).
+ */
+export async function DELETE(request) {
+    const logger = create_app_logger();
+    try {
+        const body = await request.json();
+        const { user_id } = body;
+        if (!user_id) {
+            return NextResponse.json({ error: "user_id is required" }, { status: 400 });
+        }
+        const hazoConnect = get_hazo_connect_instance();
+        const users_service = createCrudService(hazoConnect, "hazo_users");
+        // Verify user exists before deleting
+        const users = await users_service.findBy({ id: user_id });
+        if (!Array.isArray(users) || users.length === 0) {
+            return NextResponse.json({ error: "User not found" }, { status: 404 });
+        }
+        // Invalidate auth cache first
+        try {
+            const auth_config = get_auth_utility_config();
+            const auth_cache = get_auth_cache(auth_config.cache_max_users, auth_config.cache_ttl_minutes, auth_config.cache_max_age_minutes);
+            auth_cache.invalidate_user(user_id);
+        }
+        catch (_a) {
+            // Non-fatal
+        }
+        await users_service.deleteById(user_id);
+        logger.info("user_management_user_deleted", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            user_id,
+        });
+        return NextResponse.json({ success: true }, { status: 200 });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        const error_stack = error instanceof Error ? error.stack : undefined;
+        logger.error("user_management_user_delete_error", {
+            filename: get_filename(),
+            line_number: get_line_number(),
+            error_message,
+            error_stack,
+        });
+        return NextResponse.json({ error: "Failed to delete user" }, { status: 500 });
+    }
+}

package/dist/server-lib.d.ts

@@ -24,9 +24,6 @@ export { get_oauth_config, is_google_oauth_enabled, is_email_password_enabled, }
 export type { OAuthConfig } from "./lib/oauth_config.server";
 export { get_branding_config, is_branding_enabled, is_allowed_logo_format, get_max_logo_size_bytes, } from "./lib/branding_config.server.js";
 export type { FirmBrandingConfig } from "./lib/branding_config.server";
-export { get_otp_config, hazo_auth_otp_session_ttl_seconds, OTP_CONFIG_DEFAULTS } from "./lib/otp_config.server.js";
-export type { OtpConfig } from "./lib/otp_config.server";
-export { request_email_otp, verify_email_otp } from "./lib/services/otp_service.js";
 export { create_sqlite_hazo_connect } from "./lib/hazo_connect_setup.js";
 export { get_hazo_connect_instance } from "./lib/hazo_connect_instance.server.js";
 export { create_app_logger } from "./lib/app_logger.js";

package/dist/server-lib.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server-lib.d.ts","sourceRoot":"","sources":["../src/server-lib.ts"],"names":[],"mappings":"AAYA,OAAO,aAAa,CAAC;AAGrB,cAAc,kBAAkB,CAAC;AAGjC,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AAGrF,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,OAAO,EAAE,6BAA6B,EAAE,MAAM,wCAAwC,CAAC;AACvF,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AACnF,OAAO,EAAE,4BAA4B,EAAE,MAAM,uCAAuC,CAAC;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,gCAAgC,EAAE,MAAM,2CAA2C,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,iCAAiC,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACjH,YAAY,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAGjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAG/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AAC5E,cAAc,+BAA+B,CAAC"}
+{"version":3,"file":"server-lib.d.ts","sourceRoot":"","sources":["../src/server-lib.ts"],"names":[],"mappings":"AAYA,OAAO,aAAa,CAAC;AAGrB,cAAc,kBAAkB,CAAC;AAGjC,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,2BAA2B,EAAE,MAAM,wCAAwC,CAAC;AAGrF,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,OAAO,EAAE,6BAA6B,EAAE,MAAM,wCAAwC,CAAC;AACvF,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AACnF,OAAO,EAAE,4BAA4B,EAAE,MAAM,uCAAuC,CAAC;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,gCAAgC,EAAE,MAAM,2CAA2C,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,yBAAyB,GAC1B,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGvE,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAG/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AAC5E,cAAc,+BAA+B,CAAC"}

package/dist/server-lib.js

@@ -37,8 +37,6 @@ export { get_user_fields_config } from "./lib/user_fields_config.server.js";
 export { get_file_types_config } from "./lib/file_types_config.server.js";
 export { get_oauth_config, is_google_oauth_enabled, is_email_password_enabled, } from "./lib/oauth_config.server.js";
 export { get_branding_config, is_branding_enabled, is_allowed_logo_format, get_max_logo_size_bytes, } from "./lib/branding_config.server.js";
-export { get_otp_config, hazo_auth_otp_session_ttl_seconds, OTP_CONFIG_DEFAULTS } from "./lib/otp_config.server.js";
-export { request_email_otp, verify_email_otp } from "./lib/services/otp_service.js";
 // section: hazo_connect_exports
 export { create_sqlite_hazo_connect } from "./lib/hazo_connect_setup.js";
 export { get_hazo_connect_instance } from "./lib/hazo_connect_instance.server.js";

package/dist/server_pages/forgot_password.d.ts

@@ -1,5 +1,21 @@
 import "server-only";
+import type { StaticImageData } from "next/image";
 export type ForgotPasswordPageProps = {
+    /**
+     * Optional image source for the visual panel
+     * Defaults from hazo_auth_config.ini or package default image
+     */
+    image_src?: string | StaticImageData;
+    /**
+     * Optional image alt text
+     * Defaults to "Password recovery illustration"
+     */
+    image_alt?: string;
+    /**
+     * Optional image background color
+     * Defaults to "#f1f5f9"
+     */
+    image_background_color?: string;
     /**
      * Optional sign in path
      * Defaults from DEFAULT_FORGOT_PASSWORD.loginPath
@@ -10,18 +26,6 @@ export type ForgotPasswordPageProps = {
      * Defaults from DEFAULT_FORGOT_PASSWORD.loginLabel
      */
     sign_in_label?: string;
-    /**
-     * Optional theme that controls visual appearance and layout mode.
-     * When `theme.layout` is `"split"`, activates the two-column split layout
-     * with the brand panel on the left.
-     */
-    theme?: import("../theme/theme_types").HazoAuthTheme;
-    /** Override the page heading. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
-    title?: string;
-    /** Override the page subtitle. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
-    subtitle?: string;
-    /** Override the submit button label. Falls back to HazoAuthStringsProvider → DEFAULT_STRINGS. */
-    ctaText?: string;
 };
 /**
  * Zero-config ForgotPasswordPage server component
@@ -43,9 +47,9 @@ export type ForgotPasswordPageProps = {
  *
  * Zero configuration required - works out of the box!
  *
- * @param props - Optional navigation customization props
+ * @param props - Optional visual and navigation customization props
  * @returns Server-rendered forgot password page
  */
-export default function ForgotPasswordPage(props: ForgotPasswordPageProps): import("react/jsx-runtime").JSX.Element;
+export default function ForgotPasswordPage({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, }?: ForgotPasswordPageProps): import("react/jsx-runtime").JSX.Element;
 export { ForgotPasswordPage };
 //# sourceMappingURL=forgot_password.d.ts.map

package/dist/server_pages/forgot_password.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAUrB,MAAM,MAAM,uBAAuB,GAAG;IACpC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,sBAAsB,EAAE,aAAa,CAAC;IACrD,0FAA0F;IAC1F,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2FAA2F;IAC3F,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iGAAiG;IACjG,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,kBAAkB,CAAC,KAAK,EAAE,uBAAuB,2CAoCxE;AAGD,OAAO,EAAE,kBAAkB,EAAE,CAAC"}
+{"version":3,"file":"forgot_password.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password.tsx"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AASrB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,uBAAuB,GAAG;IACpC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAAC;IAErC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,OAAO,UAAU,kBAAkB,CAAC,EACzC,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,YAAgD,EAChD,aAAkD,GACnD,GAAE,uBAA4B,2CAkC9B;AAGD,OAAO,EAAE,kBAAkB,EAAE,CAAC"}

package/dist/server_pages/forgot_password.js

@@ -5,9 +5,9 @@ import "server-only";
 // section: imports
 import { get_forgot_password_config } from "../lib/forgot_password_config.server.js";
 import { ForgotPasswordClientWrapper } from "./forgot_password_client_wrapper.js";
+import { readStrings } from "../strings.js";
 import { AuthPageShell } from "../components/layouts/shared/components/auth_page_shell.js";
 import { DEFAULT_FORGOT_PASSWORD } from "../lib/config/default_config.js";
-import { DEFAULT_STRINGS, readStrings } from "../strings.js";
 // section: component
 /**
  * Zero-config ForgotPasswordPage server component
@@ -29,22 +29,24 @@ import { DEFAULT_STRINGS, readStrings } from "../strings.js";
  *
  * Zero configuration required - works out of the box!
  *
- * @param props - Optional navigation customization props
+ * @param props - Optional visual and navigation customization props
  * @returns Server-rendered forgot password page
  */
-export default function ForgotPasswordPage(props) {
-    var _a, _b, _c;
-    const { sign_in_path = DEFAULT_FORGOT_PASSWORD.loginPath, sign_in_label = DEFAULT_FORGOT_PASSWORD.loginLabel, theme, title, subtitle, ctaText, } = props !== null && props !== void 0 ? props : {};
-    // Resolve strings: prop > HazoAuthStringsProvider > DEFAULT_STRINGS
+export default function ForgotPasswordPage({ image_src, image_alt, image_background_color, sign_in_path = DEFAULT_FORGOT_PASSWORD.loginPath, sign_in_label = DEFAULT_FORGOT_PASSWORD.loginLabel, } = {}) {
+    // Load configuration from INI file (with defaults including asset images)
+    const config = get_forgot_password_config();
     const strings = readStrings();
     const fp_strings = strings.forgot_password;
-    const resolved_title = (_a = title !== null && title !== void 0 ? title : fp_strings.title) !== null && _a !== void 0 ? _a : DEFAULT_STRINGS.forgot_password.title;
-    const resolved_subtitle = (_b = subtitle !== null && subtitle !== void 0 ? subtitle : fp_strings.subtitle) !== null && _b !== void 0 ? _b : DEFAULT_STRINGS.forgot_password.subtitle;
-    const resolved_cta = (_c = ctaText !== null && ctaText !== void 0 ? ctaText : fp_strings.ctaText) !== null && _c !== void 0 ? _c : DEFAULT_STRINGS.forgot_password.ctaText;
-    // Load configuration from INI file (with defaults)
-    const config = get_forgot_password_config();
+    // Use props if provided, otherwise fall back to config (which includes default asset image)
+    const finalImageSrc = image_src || config.imageSrc;
+    const finalImageAlt = image_alt || config.imageAlt;
+    const finalImageBackgroundColor = image_background_color || config.imageBackgroundColor;
     // Pass serializable config to client wrapper, wrapped in AuthPageShell for navbar support
-    return (_jsx(AuthPageShell, { children: _jsx(ForgotPasswordClientWrapper, { sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, theme: theme, labels: { heading: resolved_title, subHeading: resolved_subtitle, submitButton: resolved_cta } }) }));
+    return (_jsx(AuthPageShell, { children: _jsx(ForgotPasswordClientWrapper, { image_src: finalImageSrc, image_alt: finalImageAlt, image_background_color: finalImageBackgroundColor, sign_in_path: sign_in_path, sign_in_label: sign_in_label, alreadyLoggedInMessage: config.alreadyLoggedInMessage, showLogoutButton: config.showLogoutButton, showReturnHomeButton: config.showReturnHomeButton, returnHomeButtonLabel: config.returnHomeButtonLabel, returnHomePath: config.returnHomePath, labels: {
+                heading: fp_strings.title,
+                subHeading: fp_strings.subtitle,
+                submitButton: fp_strings.ctaText,
+            } }) }));
 }
 // Named export for direct imports
 export { ForgotPasswordPage };

package/dist/server_pages/forgot_password_client_wrapper.d.ts

@@ -1,16 +1,17 @@
 import type { ForgotPasswordConfig } from "../lib/forgot_password_config.server";
-import type { HazoAuthTheme } from "../theme/theme_types";
-export type ForgotPasswordClientWrapperProps = ForgotPasswordConfig & {
+import type { LayoutLabelOverrides } from "../components/layouts/shared/config/layout_customization";
+import type { StaticImageData } from "next/image";
+export type ForgotPasswordClientWrapperProps = Omit<ForgotPasswordConfig, 'imageSrc' | 'imageAlt' | 'imageBackgroundColor'> & {
+    image_src: string | StaticImageData;
+    image_alt: string;
+    image_background_color: string;
     sign_in_path: string;
     sign_in_label: string;
-    /** Optional theme passed through to ForgotPasswordLayout → TwoColumnAuthLayout. */
-    theme?: HazoAuthTheme;
-    /** Optional label overrides (heading, subHeading, submitButton) */
-    labels?: import("../components/layouts/shared/config/layout_customization").LayoutLabelOverrides;
+    labels?: LayoutLabelOverrides;
 };
 /**
  * Client wrapper for ForgotPasswordLayout
  * Initializes hazo_connect data client on client side and passes config from server
  */
-export declare function ForgotPasswordClientWrapper({ sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, theme, labels, }: ForgotPasswordClientWrapperProps): import("react/jsx-runtime").JSX.Element;
+export declare function ForgotPasswordClientWrapper({ image_src, image_alt, image_background_color, sign_in_path, sign_in_label, alreadyLoggedInMessage, showLogoutButton, showReturnHomeButton, returnHomeButtonLabel, returnHomePath, labels, }: ForgotPasswordClientWrapperProps): import("react/jsx-runtime").JSX.Element;
 //# sourceMappingURL=forgot_password_client_wrapper.d.ts.map

package/dist/server_pages/forgot_password_client_wrapper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAG1D,MAAM,MAAM,gCAAgC,GAAG,oBAAoB,GAAG;IACpE,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,mFAAmF;IACnF,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,mEAAmE;IACnE,MAAM,CAAC,EAAE,OAAO,0DAA0D,EAAE,oBAAoB,CAAC;CAClG,CAAC;AAGF;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,YAAY,EACZ,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,KAAK,EACL,MAAM,GACP,EAAE,gCAAgC,2CAkClC"}
+{"version":3,"file":"forgot_password_client_wrapper.d.ts","sourceRoot":"","sources":["../../src/server_pages/forgot_password_client_wrapper.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AACjF,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0DAA0D,CAAC;AAGrG,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,MAAM,gCAAgC,GAAG,IAAI,CAAC,oBAAoB,EAAE,UAAU,GAAG,UAAU,GAAG,sBAAsB,CAAC,GAAG;IAC5H,SAAS,EAAE,MAAM,GAAG,eAAe,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,oBAAoB,CAAC;CAC/B,CAAC;AAGF;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,EAC1C,SAAS,EACT,SAAS,EACT,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,sBAAsB,EACtB,gBAAgB,EAChB,oBAAoB,EACpB,qBAAqB,EACrB,cAAc,EACd,MAAM,GACP,EAAE,gCAAgC,2CAoClC"}