hazo_auth 7.0.1 → 8.0.1

package/dist/lib/email_verification_config.server.js

@@ -3,6 +3,11 @@
 import "server-only";
 // section: imports
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
+import { get_config_value } from "./config/config_loader.server.js";
+// Default image path - consuming apps should either:
+// 1. Configure their own image_src in hazo_auth_config.ini
+// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
+const DEFAULT_VERIFY_EMAIL_IMAGE_PATH = "/hazo_auth/images/verify_email_default.jpg";
 // section: helpers
 /**
  * Reads email verification layout configuration from hazo_auth_config.ini file
@@ -10,13 +15,23 @@ import { get_already_logged_in_config } from "./already_logged_in_config.server.
  * @returns Email verification configuration options
  */
 export function get_email_verification_config() {
+    const section = "hazo_auth__email_verification_layout";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
+    // Read image configuration
+    // If not set in config, falls back to default path-based image
+    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
+    const imageSrc = get_config_value(section, "image_src", DEFAULT_VERIFY_EMAIL_IMAGE_PATH);
+    const imageAlt = get_config_value(section, "image_alt", "Email verification illustration");
+    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         alreadyLoggedInMessage: alreadyLoggedInConfig.message,
         showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
         showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
         returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
     };
 }

package/dist/lib/forgot_password_config.server.d.ts

@@ -5,6 +5,9 @@ export type ForgotPasswordConfig = {
     showReturnHomeButton: boolean;
     returnHomeButtonLabel: string;
     returnHomePath: string;
+    imageSrc: string;
+    imageAlt: string;
+    imageBackgroundColor: string;
 };
 /**
  * Reads forgot password layout configuration from hazo_auth_config.ini file

package/dist/lib/forgot_password_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/forgot_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CAWjE"}
+{"version":3,"file":"forgot_password_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/forgot_password_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CAoCjE"}

package/dist/lib/forgot_password_config.server.js

@@ -3,6 +3,11 @@
 import "server-only";
 // section: imports
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
+import { get_config_value } from "./config/config_loader.server.js";
+// Default image path - consuming apps should either:
+// 1. Configure their own image_src in hazo_auth_config.ini
+// 2. Copy the default images from node_modules/hazo_auth/public/hazo_auth/images/ to their public folder
+const DEFAULT_FORGOT_PASSWORD_IMAGE_PATH = "/hazo_auth/images/forgot_password_default.jpg";
 // section: helpers
 /**
  * Reads forgot password layout configuration from hazo_auth_config.ini file
@@ -10,13 +15,23 @@ import { get_already_logged_in_config } from "./already_logged_in_config.server.
  * @returns Forgot password configuration options
  */
 export function get_forgot_password_config() {
+    const section = "hazo_auth__forgot_password_layout";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
+    // Read image configuration
+    // If not set in config, falls back to default path-based image
+    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
+    const imageSrc = get_config_value(section, "image_src", DEFAULT_FORGOT_PASSWORD_IMAGE_PATH);
+    const imageAlt = get_config_value(section, "image_alt", "Password recovery illustration");
+    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     return {
         alreadyLoggedInMessage: alreadyLoggedInConfig.message,
         showLogoutButton: alreadyLoggedInConfig.showLogoutButton,
         showReturnHomeButton: alreadyLoggedInConfig.showReturnHomeButton,
         returnHomeButtonLabel: alreadyLoggedInConfig.returnHomeButtonLabel,
         returnHomePath: alreadyLoggedInConfig.returnHomePath,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
     };
 }

package/dist/lib/legal/legal_docs_config.server.d.ts

@@ -0,0 +1,22 @@
+import 'server-only';
+import type { LegalDocsConfig } from './legal_docs_types';
+/**
+ * Reads legal docs configuration from hazo_auth_config.ini.
+ * Returns an empty docs array if the section is absent (legal docs disabled).
+ *
+ * Expected INI shape:
+ *   [hazo_auth__legal_docs]
+ *   display_mode = separate   ; or: combined
+ *   doc_1_key   = terms
+ *   doc_1_title = Terms of Service
+ *   doc_1_path  = legal/terms.md
+ *   doc_2_key   = privacy
+ *   doc_2_title = Privacy Policy
+ *   doc_2_path  = legal/privacy.md
+ */
+export declare function get_legal_docs_config(): LegalDocsConfig;
+/**
+ * Call this in tests to clear the cache between runs.
+ */
+export declare function _reset_legal_docs_config_cache(): void;
+//# sourceMappingURL=legal_docs_config.server.d.ts.map

package/dist/lib/legal/legal_docs_config.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_config.server.d.ts","sourceRoot":"","sources":["../../../src/lib/legal/legal_docs_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAIrB,OAAO,KAAK,EAAkB,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAW1E;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qBAAqB,IAAI,eAAe,CAsBvD;AAED;;GAEG;AACH,wBAAgB,8BAA8B,IAAI,IAAI,CAErD"}

package/dist/lib/legal/legal_docs_config.server.js

@@ -0,0 +1,52 @@
+// file_description: server-only helper to read legal docs configuration from hazo_auth_config.ini
+// section: server-only-guard
+import 'server-only';
+// section: imports
+import { read_config_section } from '../config/config_loader.server.js';
+// section: constants
+const SECTION_NAME = 'hazo_auth__legal_docs';
+// section: cache
+// Cached after first load — INI changes require server restart anyway
+let _cached = null;
+// section: exports
+/**
+ * Reads legal docs configuration from hazo_auth_config.ini.
+ * Returns an empty docs array if the section is absent (legal docs disabled).
+ *
+ * Expected INI shape:
+ *   [hazo_auth__legal_docs]
+ *   display_mode = separate   ; or: combined
+ *   doc_1_key   = terms
+ *   doc_1_title = Terms of Service
+ *   doc_1_path  = legal/terms.md
+ *   doc_2_key   = privacy
+ *   doc_2_title = Privacy Policy
+ *   doc_2_path  = legal/privacy.md
+ */
+export function get_legal_docs_config() {
+    var _a, _b;
+    if (_cached)
+        return _cached;
+    const section = (_a = read_config_section(SECTION_NAME)) !== null && _a !== void 0 ? _a : {};
+    const docs = [];
+    let i = 1;
+    while (section[`doc_${i}_key`]) {
+        docs.push({
+            key: section[`doc_${i}_key`],
+            title: (_b = section[`doc_${i}_title`]) !== null && _b !== void 0 ? _b : section[`doc_${i}_key`],
+            path: section[`doc_${i}_path`],
+        });
+        i++;
+    }
+    _cached = {
+        docs,
+        display_mode: section['display_mode'] === 'combined' ? 'combined' : 'separate',
+    };
+    return _cached;
+}
+/**
+ * Call this in tests to clear the cache between runs.
+ */
+export function _reset_legal_docs_config_cache() {
+    _cached = null;
+}

package/dist/lib/legal/legal_docs_reader.server.d.ts

@@ -0,0 +1,15 @@
+import 'server-only';
+export interface ReadDocResult {
+    content: string;
+    hash: string;
+}
+/**
+ * Reads a legal document from the filesystem and returns its text content
+ * together with a deterministic SHA-256 hash of that content.
+ *
+ * @param doc_path - Absolute path, or a path relative to process.cwd().
+ * @returns { content, hash } where hash is formatted as "sha256:<hex>".
+ * @throws If the file cannot be read.
+ */
+export declare function read_legal_doc(doc_path: string): ReadDocResult;
+//# sourceMappingURL=legal_docs_reader.server.d.ts.map

package/dist/lib/legal/legal_docs_reader.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_reader.server.d.ts","sourceRoot":"","sources":["../../../src/lib/legal/legal_docs_reader.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AASrB,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAID;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,aAAa,CAS9D"}

package/dist/lib/legal/legal_docs_reader.server.js

@@ -0,0 +1,24 @@
+// file_description: server-only utility that reads a legal document from disk and returns its content + SHA-256 hash
+// section: server-only-guard
+import 'server-only';
+// section: imports
+import * as fs from 'fs';
+import * as path from 'path';
+import { createHash } from 'crypto';
+// section: exports
+/**
+ * Reads a legal document from the filesystem and returns its text content
+ * together with a deterministic SHA-256 hash of that content.
+ *
+ * @param doc_path - Absolute path, or a path relative to process.cwd().
+ * @returns { content, hash } where hash is formatted as "sha256:<hex>".
+ * @throws If the file cannot be read.
+ */
+export function read_legal_doc(doc_path) {
+    const abs_path = path.isAbsolute(doc_path)
+        ? doc_path
+        : path.join(process.cwd(), doc_path);
+    const content = fs.readFileSync(abs_path, 'utf-8');
+    const hex = createHash('sha256').update(content).digest('hex');
+    return { content, hash: `sha256:${hex}` };
+}

package/dist/lib/legal/legal_docs_service.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Write legal acceptance records. Call from:
+ * - registration_service (bundled with register POST, pre-session)
+ * - legal_docs_accept route (authenticated, post-login)
+ *
+ * Inserts one row per doc into hazo_legal_acceptances (audit history) and
+ * merges the result into the denormalised hazo_users.legal_acceptance JSONB
+ * column for fast "has this user accepted the current version?" queries.
+ */
+export declare function write_legal_acceptance(adapter: any, user_id: string, accepted: Record<string, {
+    hash: string;
+}>, ip: string | null, user_agent: string | null): Promise<void>;
+/**
+ * Publish a doc version as the new required version (admin action).
+ * Upserts hazo_legal_doc_versions keyed on doc_key.
+ */
+export declare function publish_doc_version(adapter: any, doc_key: string, required_hash: string, published_by_user_id: string): Promise<{
+    published_at: string;
+}>;
+/**
+ * Return required version info keyed by doc_key.
+ */
+export declare function get_required_versions(adapter: any, doc_keys: string[]): Promise<Record<string, {
+    required_hash: string;
+    published_at: string;
+}>>;
+/**
+ * Return acceptance history for a user across all doc keys, newest first.
+ */
+export declare function get_user_acceptance_history(adapter: any, user_id: string): Promise<Array<{
+    doc_key: string;
+    doc_hash: string;
+    accepted_at: string;
+    ip: string | null;
+    user_agent: string | null;
+}>>;
+/**
+ * Count how many users have accepted the current required hash for a doc key.
+ * Returns { current, total } where current is users on the required_hash and
+ * total is all users in the system (including those with no legal_acceptance data).
+ *
+ * Note: This performs an in-process scan over all users.  For large user bases
+ * consider a dedicated SQL query in a future optimisation.
+ */
+export declare function get_compliance_count(adapter: any, doc_key: string, required_hash: string): Promise<{
+    current: number;
+    total: number;
+}>;
+//# sourceMappingURL=legal_docs_service.d.ts.map

package/dist/lib/legal/legal_docs_service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_service.d.ts","sourceRoot":"","sources":["../../../src/lib/legal/legal_docs_service.ts"],"names":[],"mappings":"AAaA;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,EAC1C,EAAE,EAAE,MAAM,GAAG,IAAI,EACjB,UAAU,EAAE,MAAM,GAAG,IAAI,GACxB,OAAO,CAAC,IAAI,CAAC,CAwCf;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,EACrB,oBAAoB,EAAE,MAAM,GAC3B,OAAO,CAAC;IAAE,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CA2BnC;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,GAAG,EACZ,QAAQ,EAAE,MAAM,EAAE,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE;IAAE,aAAa,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAoB1E;AAED;;GAEG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,KAAK,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B,CAAC,CAAC,CAeF;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAkB7C"}

package/dist/lib/legal/legal_docs_service.js

@@ -0,0 +1,140 @@
+// file_description: service functions for the legal document acceptance system
+// section: imports
+import { createCrudService } from 'hazo_connect/server';
+// section: helpers
+function generate_id() {
+    return crypto.randomUUID();
+}
+// section: exports
+/**
+ * Write legal acceptance records. Call from:
+ * - registration_service (bundled with register POST, pre-session)
+ * - legal_docs_accept route (authenticated, post-login)
+ *
+ * Inserts one row per doc into hazo_legal_acceptances (audit history) and
+ * merges the result into the denormalised hazo_users.legal_acceptance JSONB
+ * column for fast "has this user accepted the current version?" queries.
+ */
+export async function write_legal_acceptance(adapter, user_id, accepted, ip, user_agent) {
+    var _a;
+    const now = new Date().toISOString();
+    // 1. Insert one history row per doc
+    const history_service = createCrudService(adapter, 'hazo_legal_acceptances');
+    for (const [doc_key, { hash }] of Object.entries(accepted)) {
+        await history_service.insert({
+            id: generate_id(),
+            user_id,
+            doc_key,
+            doc_hash: hash,
+            accepted_at: now,
+            ip,
+            user_agent,
+        });
+    }
+    // 2. Merge into denormalized JSONB on hazo_users
+    const users_service = createCrudService(adapter, 'hazo_users');
+    const rows = await users_service.findBy({ id: user_id });
+    const existing_raw = (_a = rows[0]) === null || _a === void 0 ? void 0 : _a.legal_acceptance;
+    let existing = {};
+    if (existing_raw) {
+        try {
+            existing = typeof existing_raw === 'string'
+                ? JSON.parse(existing_raw)
+                : existing_raw;
+        }
+        catch ( /* corrupt — start fresh */_b) { /* corrupt — start fresh */ }
+    }
+    const updated = Object.assign({}, existing);
+    for (const [doc_key, { hash }] of Object.entries(accepted)) {
+        updated[doc_key] = { hash, accepted_at: now, ip, user_agent };
+    }
+    await users_service.updateById(user_id, {
+        legal_acceptance: JSON.stringify(updated),
+        changed_at: now,
+    });
+}
+/**
+ * Publish a doc version as the new required version (admin action).
+ * Upserts hazo_legal_doc_versions keyed on doc_key.
+ */
+export async function publish_doc_version(adapter, doc_key, required_hash, published_by_user_id) {
+    const now = new Date().toISOString();
+    // createCrudService with doc_key as primary key so updateById works correctly
+    const versions_service = createCrudService(adapter, 'hazo_legal_doc_versions', {
+        primaryKeys: ['doc_key'],
+        autoId: false,
+    });
+    const existing = await versions_service.findBy({ doc_key });
+    if (existing.length > 0) {
+        await versions_service.updateById(doc_key, {
+            required_hash,
+            published_at: now,
+            published_by_user_id,
+        });
+    }
+    else {
+        await versions_service.insert({
+            doc_key,
+            required_hash,
+            published_at: now,
+            published_by_user_id,
+        });
+    }
+    return { published_at: now };
+}
+/**
+ * Return required version info keyed by doc_key.
+ */
+export async function get_required_versions(adapter, doc_keys) {
+    if (doc_keys.length === 0)
+        return {};
+    const versions_service = createCrudService(adapter, 'hazo_legal_doc_versions', {
+        primaryKeys: ['doc_key'],
+        autoId: false,
+    });
+    const rows = await versions_service.list((qb) => qb.whereIn('doc_key', doc_keys).select(['doc_key', 'required_hash', 'published_at']));
+    const result = {};
+    for (const row of rows) {
+        result[String(row.doc_key)] = {
+            required_hash: String(row.required_hash),
+            published_at: String(row.published_at),
+        };
+    }
+    return result;
+}
+/**
+ * Return acceptance history for a user across all doc keys, newest first.
+ */
+export async function get_user_acceptance_history(adapter, user_id) {
+    const history_service = createCrudService(adapter, 'hazo_legal_acceptances');
+    return history_service.list((qb) => qb
+        .where('user_id', 'eq', user_id)
+        .select(['doc_key', 'doc_hash', 'accepted_at', 'ip', 'user_agent'])
+        .order('accepted_at', 'desc'));
+}
+/**
+ * Count how many users have accepted the current required hash for a doc key.
+ * Returns { current, total } where current is users on the required_hash and
+ * total is all users in the system (including those with no legal_acceptance data).
+ *
+ * Note: This performs an in-process scan over all users.  For large user bases
+ * consider a dedicated SQL query in a future optimisation.
+ */
+export async function get_compliance_count(adapter, doc_key, required_hash) {
+    var _a, _b;
+    const users_service = createCrudService(adapter, 'hazo_users');
+    const all_users = await users_service.list((qb) => qb.select(['id', 'legal_acceptance']));
+    let current = 0;
+    for (const user of all_users) {
+        let map = {};
+        try {
+            map = typeof user.legal_acceptance === 'string'
+                ? JSON.parse(user.legal_acceptance)
+                : ((_a = user.legal_acceptance) !== null && _a !== void 0 ? _a : {});
+        }
+        catch ( /* ignore corrupt rows */_c) { /* ignore corrupt rows */ }
+        if (((_b = map[doc_key]) === null || _b === void 0 ? void 0 : _b.hash) === required_hash)
+            current++;
+    }
+    return { current, total: all_users.length };
+}

package/dist/lib/legal/legal_docs_types.d.ts

@@ -0,0 +1,25 @@
+export interface LegalDocConfig {
+    key: string;
+    title: string;
+    path: string;
+}
+export interface LegalDocsConfig {
+    docs: LegalDocConfig[];
+    display_mode: 'separate' | 'combined';
+}
+export interface LegalDoc {
+    key: string;
+    title: string;
+    content: string;
+    hash: string;
+    required_hash: string | null;
+    required_published_at: string | null;
+}
+export interface LegalAcceptanceRecord {
+    hash: string;
+    accepted_at: string;
+    ip: string | null;
+    user_agent: string | null;
+}
+export type LegalAcceptanceMap = Record<string, LegalAcceptanceRecord>;
+//# sourceMappingURL=legal_docs_types.d.ts.map

package/dist/lib/legal/legal_docs_types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_types.d.ts","sourceRoot":"","sources":["../../../src/lib/legal/legal_docs_types.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,cAAc,EAAE,CAAC;IACvB,YAAY,EAAE,UAAU,GAAG,UAAU,CAAC;CACvC;AAED,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,qBAAqB,EAAE,MAAM,GAAG,IAAI,CAAC;CACtC;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAGD,MAAM,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC"}

package/dist/lib/legal/legal_docs_types.js

@@ -0,0 +1,2 @@
+// file_description: shared types for the legal document acceptance system
+export {};

package/dist/lib/login_config.server.d.ts

@@ -13,14 +13,11 @@ export type LoginConfig = {
     createAccountPath: string;
     createAccountLabel: string;
     showCreateAccountLink: boolean;
+    imageSrc: string;
+    imageAlt: string;
+    imageBackgroundColor: string;
     /** OAuth configuration */
     oauth: OAuthConfig;
-    /** Whether the OTP sign-in link is shown below the login form */
-    otpSigninEnabled: boolean;
-    /** Label for the OTP sign-in link */
-    otpSigninLabel: string;
-    /** href for the OTP sign-in link */
-    otpSigninHref: string;
 };
 /**
  * Reads login layout configuration from hazo_auth_config.ini file

package/dist/lib/login_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAG3E,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;IACnB,iEAAiE;IACjE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,qCAAqC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CA0D9C"}
+{"version":3,"file":"login_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/login_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAKrB,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAM3E,MAAM,MAAM,WAAW,GAAG;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0BAA0B;IAC1B,KAAK,EAAE,WAAW,CAAC;CACpB,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAyE9C"}

package/dist/lib/login_config.server.js

@@ -5,6 +5,8 @@ import "server-only";
 import { get_config_value, get_config_value_allow_empty } from "./config/config_loader.server.js";
 import { get_already_logged_in_config } from "./already_logged_in_config.server.js";
 import { get_oauth_config } from "./oauth_config.server.js";
+// Assets served via the package's own API route — no manual copy needed.
+const DEFAULT_LOGIN_IMAGE_PATH = "/api/hazo_auth/assets/login_default.jpg";
 // section: helpers
 /**
  * Reads login layout configuration from hazo_auth_config.ini file
@@ -26,12 +28,14 @@ export function get_login_config() {
     const showCreateAccountLink = get_config_value(section, "show_create_account_link", "true") === "true";
     // Get shared already logged in config
     const alreadyLoggedInConfig = get_already_logged_in_config();
+    // Read image configuration
+    // If not set in config, falls back to default path-based image
+    // Consuming apps should copy images to public/hazo_auth/images/ or configure their own image_src
+    const imageSrc = get_config_value(section, "image_src", DEFAULT_LOGIN_IMAGE_PATH);
+    const imageAlt = get_config_value(section, "image_alt", "Secure login illustration");
+    const imageBackgroundColor = get_config_value(section, "image_background_color", "#f1f5f9");
     // Get OAuth configuration
     const oauth = get_oauth_config();
-    // OTP sign-in link
-    const otpSigninEnabled = get_config_value(section, "otp_signin_enabled", "false") === "true";
-    const otpSigninLabel = get_config_value(section, "otp_signin_label", "Sign in with email code");
-    const otpSigninHref = get_config_value(section, "otp_signin_href", "/hazo_auth/otp");
     return {
         redirectRoute,
         successMessage,
@@ -45,9 +49,9 @@ export function get_login_config() {
         createAccountPath,
         createAccountLabel,
         showCreateAccountLink,
+        imageSrc,
+        imageAlt,
+        imageBackgroundColor,
         oauth,
-        otpSigninEnabled,
-        otpSigninLabel,
-        otpSigninHref,
     };
 }

package/dist/lib/my_settings_config.server.d.ts

@@ -21,6 +21,7 @@ export type MySettingsConfig = {
         user_photo_default_priority2?: "library" | "gravatar";
         library_photo_path: string;
     };
+    heading?: string;
     subHeading?: string;
     profilePhotoLabel?: string;
     profilePhotoRecommendation?: string;

package/dist/lib/my_settings_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"my_settings_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/my_settings_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE;QACV,eAAe,EAAE,OAAO,CAAC;QACzB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;KAC9B,CAAC;IACF,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,cAAc,EAAE;QACd,kBAAkB,EAAE,OAAO,CAAC;QAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,4BAA4B,EAAE,UAAU,GAAG,SAAS,CAAC;QACrD,4BAA4B,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;QACtD,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE;QACR,6BAA6B,EAAE,MAAM,CAAC;QACtC,sBAAsB,EAAE,MAAM,CAAC;QAC/B,2BAA2B,EAAE,MAAM,CAAC;QACpC,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,yBAAyB,EAAE,MAAM,CAAC;QAClC,uBAAuB,EAAE,MAAM,CAAC;QAChC,0BAA0B,EAAE,MAAM,CAAC;QACnC,0BAA0B,EAAE,MAAM,CAAC;QACnC,+BAA+B,EAAE,MAAM,CAAC;QACxC,4BAA4B,EAAE,MAAM,CAAC;KACtC,CAAC;IACF,SAAS,EAAE;QACT,wBAAwB,EAAE,MAAM,EAAE,CAAC;QACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;KACpC,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,gBAAgB,CAuDzD"}
+{"version":3,"file":"my_settings_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/my_settings_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAYrB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE;QACV,eAAe,EAAE,OAAO,CAAC;QACzB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;KAC9B,CAAC;IACF,oBAAoB,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,cAAc,EAAE,OAAO,CAAC;QACxB,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,cAAc,EAAE;QACd,kBAAkB,EAAE,OAAO,CAAC;QAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,4BAA4B,EAAE,UAAU,GAAG,SAAS,CAAC;QACrD,4BAA4B,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;QACtD,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE;QACR,6BAA6B,EAAE,MAAM,CAAC;QACtC,sBAAsB,EAAE,MAAM,CAAC;QAC/B,2BAA2B,EAAE,MAAM,CAAC;QACpC,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;IACF,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,yBAAyB,EAAE,MAAM,CAAC;QAClC,uBAAuB,EAAE,MAAM,CAAC;QAChC,0BAA0B,EAAE,MAAM,CAAC;QACnC,0BAA0B,EAAE,MAAM,CAAC;QACnC,+BAA+B,EAAE,MAAM,CAAC;QACxC,4BAA4B,EAAE,MAAM,CAAC;KACtC,CAAC;IACF,SAAS,EAAE;QACT,wBAAwB,EAAE,MAAM,EAAE,CAAC;QACnC,wBAAwB,EAAE,MAAM,EAAE,CAAC;KACpC,CAAC;CACH,CAAC;AAGF;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,gBAAgB,CAyDzD"}

package/dist/lib/my_settings_config.server.js

@@ -28,6 +28,7 @@ export function get_my_settings_config() {
     const uiSizes = get_ui_sizes_config();
     const fileTypes = get_file_types_config();
     // Read optional labels with defaults
+    const heading = get_config_value(section, "heading", "Account Settings");
     const subHeading = get_config_value(section, "sub_heading", "Manage your profile, password, and email preferences.");
     const profilePhotoLabel = get_config_value(section, "profile_photo_label", "Profile Photo");
     const profilePhotoRecommendation = get_config_value(section, "profile_photo_recommendation", "Recommended size: 200x200px. JPG, PNG.");
@@ -46,6 +47,7 @@ export function get_my_settings_config() {
         userFields,
         passwordRequirements,
         profilePicture,
+        heading,
         subHeading,
         profilePhotoLabel,
         profilePhotoRecommendation,

package/dist/lib/oauth_config.server.d.ts

@@ -2,20 +2,12 @@ import "server-only";
 export type OAuthConfig = {
     /** Enable Google OAuth login */
     enable_google: boolean;
-    /** Enable Facebook OAuth login */
-    enable_facebook: boolean;
     /** Enable traditional email/password login */
     enable_email_password: boolean;
     /** Auto-link Google login to existing unverified email/password accounts */
     auto_link_unverified_accounts: boolean;
-    /** Auto-link Google login to existing unverified email/password accounts (per-provider override) */
-    auto_link_unverified_accounts_google: boolean;
-    /** Auto-link Facebook login to existing unverified email/password accounts */
-    auto_link_unverified_accounts_facebook: boolean;
     /** Text displayed on the Google sign-in button */
     google_button_text: string;
-    /** Text displayed on the Facebook sign-in button */
-    facebook_button_text: string;
     /** Text displayed on the divider between OAuth and email/password form */
     oauth_divider_text: string;
     /** NextAuth signIn page path */
@@ -30,10 +22,14 @@ export type OAuthConfig = {
     skip_invitation_check: boolean;
     /** Redirect when skip_invitation_check=true and user has no scope */
     no_scope_redirect: string;
-    /** Facebook App ID from env HAZO_AUTH_FACEBOOK_APP_ID */
-    facebook_client_id: string | undefined;
-    /** Facebook App Secret from env HAZO_AUTH_FACEBOOK_APP_SECRET */
-    facebook_client_secret: string | undefined;
+    /** Enable Facebook OAuth login */
+    enable_facebook_oauth: boolean;
+    /** Facebook App ID (env: HAZO_AUTH_FACEBOOK_APP_ID overrides config) */
+    facebook_app_id: string;
+    /** Facebook App Secret (env: HAZO_AUTH_FACEBOOK_APP_SECRET overrides config) */
+    facebook_app_secret: string;
+    /** Text displayed on the Facebook sign-in button */
+    facebook_button_text: string;
 };
 /**
  * Reads OAuth configuration from hazo_auth_config.ini file
@@ -51,9 +47,4 @@ export declare function is_google_oauth_enabled(): boolean;
  * @returns true if email/password login is enabled in config
  */
 export declare function is_email_password_enabled(): boolean;
-/**
- * Helper to check if Facebook OAuth is enabled and credentials are present
- * @returns true if Facebook OAuth is enabled and env vars are set
- */
-export declare function is_facebook_oauth_enabled(): boolean;
 //# sourceMappingURL=oauth_config.server.d.ts.map

package/dist/lib/oauth_config.server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/oauth_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GAAG;IACxB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,kCAAkC;IAClC,eAAe,EAAE,OAAO,CAAC;IACzB,8CAA8C;IAC9C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,4EAA4E;IAC5E,6BAA6B,EAAE,OAAO,CAAC;IACvC,oGAAoG;IACpG,oCAAoC,EAAE,OAAO,CAAC;IAC9C,8EAA8E;IAC9E,sCAAsC,EAAE,OAAO,CAAC;IAChD,kDAAkD;IAClD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oDAAoD;IACpD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,0EAA0E;IAC1E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,MAAM,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,qBAAqB,EAAE,OAAO,CAAC;IAC/B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,yDAAyD;IACzD,kBAAkB,EAAE,MAAM,GAAG,SAAS,CAAC;IACvC,iEAAiE;IACjE,sBAAsB,EAAE,MAAM,GAAG,SAAS,CAAC;CAC5C,CAAC;AAMF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAoH9C;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAEjD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAMnD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAInD"}
+{"version":3,"file":"oauth_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/oauth_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GAAG;IACxB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,8CAA8C;IAC9C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,4EAA4E;IAC5E,6BAA6B,EAAE,OAAO,CAAC;IACvC,kDAAkD;IAClD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,0EAA0E;IAC1E,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,eAAe,EAAE,MAAM,CAAC;IACxB,+DAA+D;IAC/D,gBAAgB,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,qBAAqB,EAAE,OAAO,CAAC;IAC/B,qEAAqE;IACrE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kCAAkC;IAClC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,wEAAwE;IACxE,eAAe,EAAE,MAAM,CAAC;IACxB,gFAAgF;IAChF,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oDAAoD;IACpD,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAMF;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,WAAW,CAwG9C;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,OAAO,CAEjD;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,OAAO,CAMnD"}