hazo_auth 7.0.2 → 8.0.1

package/dist/lib/auth/hazo_get_auth.server.js

@@ -39,6 +39,24 @@ function parse_app_user_data(json_string) {
         return null;
     }
 }
+/**
+ * Parse raw legal_acceptance field from DB to LegalAcceptanceMap
+ * @param raw - Raw value from database (string or object)
+ * @returns Parsed LegalAcceptanceMap or null
+ */
+function parse_legal_acceptance(raw) {
+    if (!raw)
+        return null;
+    try {
+        const parsed = typeof raw === 'string' ? JSON.parse(raw) : raw;
+        if (typeof parsed !== 'object' || Array.isArray(parsed))
+            return null;
+        return parsed;
+    }
+    catch (_a) {
+        return null;
+    }
+}
 /**
  * Gets client IP address from request
  * @param request - NextRequest object
@@ -132,6 +150,7 @@ async function fetch_user_data_from_db(user_id) {
         profile_picture_url: user_db.profile_picture_url || null,
         managed_by_user_id: user_db.managed_by_user_id || null,
         app_user_data: parse_app_user_data(user_db.app_user_data),
+        legal_acceptance: parse_legal_acceptance(user_db.legal_acceptance),
     };
     // v5.x: Fetch user's roles from hazo_user_scopes (scope-based role assignments)
     // Each scope assignment has a role_id (string UUID)

package/dist/lib/legal/legal_docs_config.server.d.ts

@@ -0,0 +1,22 @@
+import 'server-only';
+import type { LegalDocsConfig } from './legal_docs_types';
+/**
+ * Reads legal docs configuration from hazo_auth_config.ini.
+ * Returns an empty docs array if the section is absent (legal docs disabled).
+ *
+ * Expected INI shape:
+ *   [hazo_auth__legal_docs]
+ *   display_mode = separate   ; or: combined
+ *   doc_1_key   = terms
+ *   doc_1_title = Terms of Service
+ *   doc_1_path  = legal/terms.md
+ *   doc_2_key   = privacy
+ *   doc_2_title = Privacy Policy
+ *   doc_2_path  = legal/privacy.md
+ */
+export declare function get_legal_docs_config(): LegalDocsConfig;
+/**
+ * Call this in tests to clear the cache between runs.
+ */
+export declare function _reset_legal_docs_config_cache(): void;
+//# sourceMappingURL=legal_docs_config.server.d.ts.map

package/dist/lib/legal/legal_docs_config.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_config.server.d.ts","sourceRoot":"","sources":["../../../src/lib/legal/legal_docs_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAIrB,OAAO,KAAK,EAAkB,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAW1E;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qBAAqB,IAAI,eAAe,CAsBvD;AAED;;GAEG;AACH,wBAAgB,8BAA8B,IAAI,IAAI,CAErD"}

package/dist/lib/legal/legal_docs_config.server.js

@@ -0,0 +1,52 @@
+// file_description: server-only helper to read legal docs configuration from hazo_auth_config.ini
+// section: server-only-guard
+import 'server-only';
+// section: imports
+import { read_config_section } from '../config/config_loader.server.js';
+// section: constants
+const SECTION_NAME = 'hazo_auth__legal_docs';
+// section: cache
+// Cached after first load — INI changes require server restart anyway
+let _cached = null;
+// section: exports
+/**
+ * Reads legal docs configuration from hazo_auth_config.ini.
+ * Returns an empty docs array if the section is absent (legal docs disabled).
+ *
+ * Expected INI shape:
+ *   [hazo_auth__legal_docs]
+ *   display_mode = separate   ; or: combined
+ *   doc_1_key   = terms
+ *   doc_1_title = Terms of Service
+ *   doc_1_path  = legal/terms.md
+ *   doc_2_key   = privacy
+ *   doc_2_title = Privacy Policy
+ *   doc_2_path  = legal/privacy.md
+ */
+export function get_legal_docs_config() {
+    var _a, _b;
+    if (_cached)
+        return _cached;
+    const section = (_a = read_config_section(SECTION_NAME)) !== null && _a !== void 0 ? _a : {};
+    const docs = [];
+    let i = 1;
+    while (section[`doc_${i}_key`]) {
+        docs.push({
+            key: section[`doc_${i}_key`],
+            title: (_b = section[`doc_${i}_title`]) !== null && _b !== void 0 ? _b : section[`doc_${i}_key`],
+            path: section[`doc_${i}_path`],
+        });
+        i++;
+    }
+    _cached = {
+        docs,
+        display_mode: section['display_mode'] === 'combined' ? 'combined' : 'separate',
+    };
+    return _cached;
+}
+/**
+ * Call this in tests to clear the cache between runs.
+ */
+export function _reset_legal_docs_config_cache() {
+    _cached = null;
+}

package/dist/lib/legal/legal_docs_reader.server.d.ts

@@ -0,0 +1,15 @@
+import 'server-only';
+export interface ReadDocResult {
+    content: string;
+    hash: string;
+}
+/**
+ * Reads a legal document from the filesystem and returns its text content
+ * together with a deterministic SHA-256 hash of that content.
+ *
+ * @param doc_path - Absolute path, or a path relative to process.cwd().
+ * @returns { content, hash } where hash is formatted as "sha256:<hex>".
+ * @throws If the file cannot be read.
+ */
+export declare function read_legal_doc(doc_path: string): ReadDocResult;
+//# sourceMappingURL=legal_docs_reader.server.d.ts.map

package/dist/lib/legal/legal_docs_reader.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_reader.server.d.ts","sourceRoot":"","sources":["../../../src/lib/legal/legal_docs_reader.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AASrB,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAID;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,aAAa,CAS9D"}

package/dist/lib/legal/legal_docs_reader.server.js

@@ -0,0 +1,24 @@
+// file_description: server-only utility that reads a legal document from disk and returns its content + SHA-256 hash
+// section: server-only-guard
+import 'server-only';
+// section: imports
+import * as fs from 'fs';
+import * as path from 'path';
+import { createHash } from 'crypto';
+// section: exports
+/**
+ * Reads a legal document from the filesystem and returns its text content
+ * together with a deterministic SHA-256 hash of that content.
+ *
+ * @param doc_path - Absolute path, or a path relative to process.cwd().
+ * @returns { content, hash } where hash is formatted as "sha256:<hex>".
+ * @throws If the file cannot be read.
+ */
+export function read_legal_doc(doc_path) {
+    const abs_path = path.isAbsolute(doc_path)
+        ? doc_path
+        : path.join(process.cwd(), doc_path);
+    const content = fs.readFileSync(abs_path, 'utf-8');
+    const hex = createHash('sha256').update(content).digest('hex');
+    return { content, hash: `sha256:${hex}` };
+}

package/dist/lib/legal/legal_docs_service.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Write legal acceptance records. Call from:
+ * - registration_service (bundled with register POST, pre-session)
+ * - legal_docs_accept route (authenticated, post-login)
+ *
+ * Inserts one row per doc into hazo_legal_acceptances (audit history) and
+ * merges the result into the denormalised hazo_users.legal_acceptance JSONB
+ * column for fast "has this user accepted the current version?" queries.
+ */
+export declare function write_legal_acceptance(adapter: any, user_id: string, accepted: Record<string, {
+    hash: string;
+}>, ip: string | null, user_agent: string | null): Promise<void>;
+/**
+ * Publish a doc version as the new required version (admin action).
+ * Upserts hazo_legal_doc_versions keyed on doc_key.
+ */
+export declare function publish_doc_version(adapter: any, doc_key: string, required_hash: string, published_by_user_id: string): Promise<{
+    published_at: string;
+}>;
+/**
+ * Return required version info keyed by doc_key.
+ */
+export declare function get_required_versions(adapter: any, doc_keys: string[]): Promise<Record<string, {
+    required_hash: string;
+    published_at: string;
+}>>;
+/**
+ * Return acceptance history for a user across all doc keys, newest first.
+ */
+export declare function get_user_acceptance_history(adapter: any, user_id: string): Promise<Array<{
+    doc_key: string;
+    doc_hash: string;
+    accepted_at: string;
+    ip: string | null;
+    user_agent: string | null;
+}>>;
+/**
+ * Count how many users have accepted the current required hash for a doc key.
+ * Returns { current, total } where current is users on the required_hash and
+ * total is all users in the system (including those with no legal_acceptance data).
+ *
+ * Note: This performs an in-process scan over all users.  For large user bases
+ * consider a dedicated SQL query in a future optimisation.
+ */
+export declare function get_compliance_count(adapter: any, doc_key: string, required_hash: string): Promise<{
+    current: number;
+    total: number;
+}>;
+//# sourceMappingURL=legal_docs_service.d.ts.map

package/dist/lib/legal/legal_docs_service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_service.d.ts","sourceRoot":"","sources":["../../../src/lib/legal/legal_docs_service.ts"],"names":[],"mappings":"AAaA;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,EAC1C,EAAE,EAAE,MAAM,GAAG,IAAI,EACjB,UAAU,EAAE,MAAM,GAAG,IAAI,GACxB,OAAO,CAAC,IAAI,CAAC,CAwCf;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,EACrB,oBAAoB,EAAE,MAAM,GAC3B,OAAO,CAAC;IAAE,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CA2BnC;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,GAAG,EACZ,QAAQ,EAAE,MAAM,EAAE,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE;IAAE,aAAa,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAoB1E;AAED;;GAEG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,KAAK,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B,CAAC,CAAC,CAeF;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,GAAG,EACZ,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAkB7C"}

package/dist/lib/legal/legal_docs_service.js

@@ -0,0 +1,140 @@
+// file_description: service functions for the legal document acceptance system
+// section: imports
+import { createCrudService } from 'hazo_connect/server';
+// section: helpers
+function generate_id() {
+    return crypto.randomUUID();
+}
+// section: exports
+/**
+ * Write legal acceptance records. Call from:
+ * - registration_service (bundled with register POST, pre-session)
+ * - legal_docs_accept route (authenticated, post-login)
+ *
+ * Inserts one row per doc into hazo_legal_acceptances (audit history) and
+ * merges the result into the denormalised hazo_users.legal_acceptance JSONB
+ * column for fast "has this user accepted the current version?" queries.
+ */
+export async function write_legal_acceptance(adapter, user_id, accepted, ip, user_agent) {
+    var _a;
+    const now = new Date().toISOString();
+    // 1. Insert one history row per doc
+    const history_service = createCrudService(adapter, 'hazo_legal_acceptances');
+    for (const [doc_key, { hash }] of Object.entries(accepted)) {
+        await history_service.insert({
+            id: generate_id(),
+            user_id,
+            doc_key,
+            doc_hash: hash,
+            accepted_at: now,
+            ip,
+            user_agent,
+        });
+    }
+    // 2. Merge into denormalized JSONB on hazo_users
+    const users_service = createCrudService(adapter, 'hazo_users');
+    const rows = await users_service.findBy({ id: user_id });
+    const existing_raw = (_a = rows[0]) === null || _a === void 0 ? void 0 : _a.legal_acceptance;
+    let existing = {};
+    if (existing_raw) {
+        try {
+            existing = typeof existing_raw === 'string'
+                ? JSON.parse(existing_raw)
+                : existing_raw;
+        }
+        catch ( /* corrupt — start fresh */_b) { /* corrupt — start fresh */ }
+    }
+    const updated = Object.assign({}, existing);
+    for (const [doc_key, { hash }] of Object.entries(accepted)) {
+        updated[doc_key] = { hash, accepted_at: now, ip, user_agent };
+    }
+    await users_service.updateById(user_id, {
+        legal_acceptance: JSON.stringify(updated),
+        changed_at: now,
+    });
+}
+/**
+ * Publish a doc version as the new required version (admin action).
+ * Upserts hazo_legal_doc_versions keyed on doc_key.
+ */
+export async function publish_doc_version(adapter, doc_key, required_hash, published_by_user_id) {
+    const now = new Date().toISOString();
+    // createCrudService with doc_key as primary key so updateById works correctly
+    const versions_service = createCrudService(adapter, 'hazo_legal_doc_versions', {
+        primaryKeys: ['doc_key'],
+        autoId: false,
+    });
+    const existing = await versions_service.findBy({ doc_key });
+    if (existing.length > 0) {
+        await versions_service.updateById(doc_key, {
+            required_hash,
+            published_at: now,
+            published_by_user_id,
+        });
+    }
+    else {
+        await versions_service.insert({
+            doc_key,
+            required_hash,
+            published_at: now,
+            published_by_user_id,
+        });
+    }
+    return { published_at: now };
+}
+/**
+ * Return required version info keyed by doc_key.
+ */
+export async function get_required_versions(adapter, doc_keys) {
+    if (doc_keys.length === 0)
+        return {};
+    const versions_service = createCrudService(adapter, 'hazo_legal_doc_versions', {
+        primaryKeys: ['doc_key'],
+        autoId: false,
+    });
+    const rows = await versions_service.list((qb) => qb.whereIn('doc_key', doc_keys).select(['doc_key', 'required_hash', 'published_at']));
+    const result = {};
+    for (const row of rows) {
+        result[String(row.doc_key)] = {
+            required_hash: String(row.required_hash),
+            published_at: String(row.published_at),
+        };
+    }
+    return result;
+}
+/**
+ * Return acceptance history for a user across all doc keys, newest first.
+ */
+export async function get_user_acceptance_history(adapter, user_id) {
+    const history_service = createCrudService(adapter, 'hazo_legal_acceptances');
+    return history_service.list((qb) => qb
+        .where('user_id', 'eq', user_id)
+        .select(['doc_key', 'doc_hash', 'accepted_at', 'ip', 'user_agent'])
+        .order('accepted_at', 'desc'));
+}
+/**
+ * Count how many users have accepted the current required hash for a doc key.
+ * Returns { current, total } where current is users on the required_hash and
+ * total is all users in the system (including those with no legal_acceptance data).
+ *
+ * Note: This performs an in-process scan over all users.  For large user bases
+ * consider a dedicated SQL query in a future optimisation.
+ */
+export async function get_compliance_count(adapter, doc_key, required_hash) {
+    var _a, _b;
+    const users_service = createCrudService(adapter, 'hazo_users');
+    const all_users = await users_service.list((qb) => qb.select(['id', 'legal_acceptance']));
+    let current = 0;
+    for (const user of all_users) {
+        let map = {};
+        try {
+            map = typeof user.legal_acceptance === 'string'
+                ? JSON.parse(user.legal_acceptance)
+                : ((_a = user.legal_acceptance) !== null && _a !== void 0 ? _a : {});
+        }
+        catch ( /* ignore corrupt rows */_c) { /* ignore corrupt rows */ }
+        if (((_b = map[doc_key]) === null || _b === void 0 ? void 0 : _b.hash) === required_hash)
+            current++;
+    }
+    return { current, total: all_users.length };
+}

package/dist/lib/legal/legal_docs_types.d.ts

@@ -0,0 +1,25 @@
+export interface LegalDocConfig {
+    key: string;
+    title: string;
+    path: string;
+}
+export interface LegalDocsConfig {
+    docs: LegalDocConfig[];
+    display_mode: 'separate' | 'combined';
+}
+export interface LegalDoc {
+    key: string;
+    title: string;
+    content: string;
+    hash: string;
+    required_hash: string | null;
+    required_published_at: string | null;
+}
+export interface LegalAcceptanceRecord {
+    hash: string;
+    accepted_at: string;
+    ip: string | null;
+    user_agent: string | null;
+}
+export type LegalAcceptanceMap = Record<string, LegalAcceptanceRecord>;
+//# sourceMappingURL=legal_docs_types.d.ts.map

package/dist/lib/legal/legal_docs_types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_types.d.ts","sourceRoot":"","sources":["../../../src/lib/legal/legal_docs_types.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,cAAc,EAAE,CAAC;IACvB,YAAY,EAAE,UAAU,GAAG,UAAU,CAAC;CACvC;AAED,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,qBAAqB,EAAE,MAAM,GAAG,IAAI,CAAC;CACtC;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAGD,MAAM,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC"}

package/dist/lib/legal/legal_docs_types.js

@@ -0,0 +1,2 @@
+// file_description: shared types for the legal document acceptance system
+export {};

package/dist/lib/services/registration_service.d.ts

@@ -4,6 +4,11 @@ export type RegistrationData = {
     password: string;
     name?: string;
     url_on_logon?: string;
+    legal_accepted?: Record<string, {
+        hash: string;
+    }>;
+    ip?: string | null;
+    user_agent?: string | null;
 };
 export type RegistrationResult = {
     success: boolean;

package/dist/lib/services/registration_service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"registration_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/registration_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAkBvD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,gBAAgB,GACrB,OAAO,CAAC,kBAAkB,CAAC,CAwJ7B"}
+{"version":3,"file":"registration_service.d.ts","sourceRoot":"","sources":["../../../src/lib/services/registration_service.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAmBvD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,kBAAkB,EAC3B,IAAI,EAAE,gBAAgB,GACrB,OAAO,CAAC,kBAAkB,CAAC,CAmK7B"}

package/dist/lib/services/registration_service.js

@@ -10,6 +10,7 @@ import { send_template_email } from "./email_service.js";
 import { sanitize_error_for_user } from "../utils/error_sanitizer.js";
 import { get_line_number } from "../utils/api_route_helpers.js";
 import { is_user_types_enabled, get_default_user_type, } from "../user_types_config.server.js";
+import { write_legal_acceptance } from "../legal/legal_docs_service.js";
 // section: helpers
 /**
  * Registers a new user in the database using hazo_connect
@@ -18,6 +19,7 @@ import { is_user_types_enabled, get_default_user_type, } from "../user_types_con
  * @returns Registration result with success status and user_id or error
  */
 export async function register_user(adapter, data) {
+    var _a, _b;
     try {
         const { email, password, name, url_on_logon } = data;
         // Create CRUD service for hazo_users table
@@ -130,6 +132,10 @@ export async function register_user(adapter, data) {
                 });
             }
         }
+        // Write legal acceptance records if provided
+        if (data.legal_accepted && Object.keys(data.legal_accepted).length > 0) {
+            await write_legal_acceptance(adapter, user_id, data.legal_accepted, (_a = data.ip) !== null && _a !== void 0 ? _a : null, (_b = data.user_agent) !== null && _b !== void 0 ? _b : null);
+        }
         return {
             success: true,
             user_id,

package/dist/page_components/index.d.ts

@@ -1,8 +1,3 @@
-export { LoginPage, type LoginPageProps } from "./login.js";
-export { RegisterPage, type RegisterPageProps } from "./register.js";
-export { ForgotPasswordPage, type ForgotPasswordPageProps } from "./forgot_password.js";
-export { ResetPasswordPage, type ResetPasswordPageProps } from "./reset_password.js";
-export { VerifyEmailPage, type VerifyEmailPageProps } from "./verify_email.js";
 export { MySettingsPage, type MySettingsPageProps } from "./my_settings.js";
 export { CreateFirmPage, type CreateFirmPageProps } from "./create_firm.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/page_components/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/page_components/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,SAAS,EAAE,KAAK,cAAc,EAAE,MAAM,SAAS,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,KAAK,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,KAAK,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AACrF,OAAO,EAAE,iBAAiB,EAAE,KAAK,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAClF,OAAO,EAAE,eAAe,EAAE,KAAK,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,KAAK,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACzE,OAAO,EAAE,cAAc,EAAE,KAAK,mBAAmB,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/page_components/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,cAAc,EAAE,KAAK,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACzE,OAAO,EAAE,cAAc,EAAE,KAAK,mBAAmB,EAAE,MAAM,eAAe,CAAC"}

package/dist/page_components/index.js

@@ -1,10 +1,5 @@
 // file_description: barrel export for zero-config page components
 // These components can be used directly by consumers with sensible defaults
 // section: page_exports
-export { LoginPage } from "./login.js";
-export { RegisterPage } from "./register.js";
-export { ForgotPasswordPage } from "./forgot_password.js";
-export { ResetPasswordPage } from "./reset_password.js";
-export { VerifyEmailPage } from "./verify_email.js";
 export { MySettingsPage } from "./my_settings.js";
 export { CreateFirmPage } from "./create_firm.js";

package/dist/server/routes/index.d.ts

@@ -34,6 +34,9 @@ export { POST as relationshipUpgradePOST } from "./relationship_upgrade.js";
 export { POST as pinLoginPOST } from "./pin_login.js";
 export { otpRequestPOST } from "./otp/request.js";
 export { otpVerifyPOST } from "./otp/verify.js";
+export { legalDocsGET } from './legal_docs_get.js';
+export { legalDocsAcceptPOST } from './legal_docs_accept.js';
+export { legalDocsPublishPOST } from './legal_docs_publish.js';
 export { consentMeGET } from "./consent_me.js";
 export { stringsDefaultsGET } from "./strings_defaults.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/server/routes/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/routes/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,IAAI,IAAI,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,GAAG,IAAI,KAAK,EAAE,MAAM,MAAM,CAAC;AAGpC,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,IAAI,IAAI,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,GAAG,IAAI,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAGtE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,IAAI,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAGvE,OAAO,EAAE,KAAK,IAAI,eAAe,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,IAAI,IAAI,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAC5E,OAAO,EAAE,MAAM,IAAI,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,GAAG,IAAI,eAAe,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,GAAG,IAAI,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAG9E,OAAO,EAAE,IAAI,IAAI,WAAW,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,IAAI,IAAI,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAGjE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,KAAK,IAAI,wBAAwB,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,IAAI,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACjL,OAAO,EAAE,GAAG,IAAI,4BAA4B,EAAE,IAAI,IAAI,6BAA6B,EAAE,GAAG,IAAI,4BAA4B,EAAE,MAAM,IAAI,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAC3M,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,IAAI,IAAI,uBAAuB,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxI,OAAO,EAAE,GAAG,IAAI,2BAA2B,EAAE,IAAI,IAAI,4BAA4B,EAAE,GAAG,IAAI,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAG7J,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,KAAK,IAAI,gBAAgB,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACvI,OAAO,EAAE,GAAG,IAAI,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAGrE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,IAAI,IAAI,eAAe,EAAE,KAAK,IAAI,gBAAgB,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGvI,OAAO,EAAE,IAAI,IAAI,cAAc,EAAE,MAAM,eAAe,CAAC;AAGvD,OAAO,EAAE,GAAG,IAAI,WAAW,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AACtE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,GAAG,IAAI,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,IAAI,IAAI,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGzD,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,IAAI,IAAI,iBAAiB,EAAE,KAAK,IAAI,kBAAkB,EAAE,MAAM,IAAI,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACjJ,OAAO,EAAE,IAAI,IAAI,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,aAAa,CAAC;AAGnD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/routes/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,IAAI,IAAI,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,GAAG,IAAI,KAAK,EAAE,MAAM,MAAM,CAAC;AAGpC,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,IAAI,IAAI,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,GAAG,IAAI,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAGtE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,IAAI,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAGvE,OAAO,EAAE,KAAK,IAAI,eAAe,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,IAAI,IAAI,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAC5E,OAAO,EAAE,MAAM,IAAI,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,GAAG,IAAI,eAAe,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,GAAG,IAAI,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAG9E,OAAO,EAAE,IAAI,IAAI,WAAW,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,IAAI,IAAI,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAGjE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,KAAK,IAAI,wBAAwB,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,IAAI,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACjL,OAAO,EAAE,GAAG,IAAI,4BAA4B,EAAE,IAAI,IAAI,6BAA6B,EAAE,GAAG,IAAI,4BAA4B,EAAE,MAAM,IAAI,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAC3M,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,IAAI,IAAI,uBAAuB,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxI,OAAO,EAAE,GAAG,IAAI,2BAA2B,EAAE,IAAI,IAAI,4BAA4B,EAAE,GAAG,IAAI,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAG7J,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,KAAK,IAAI,gBAAgB,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACvI,OAAO,EAAE,GAAG,IAAI,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAGrE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,IAAI,IAAI,eAAe,EAAE,KAAK,IAAI,gBAAgB,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGvI,OAAO,EAAE,IAAI,IAAI,cAAc,EAAE,MAAM,eAAe,CAAC;AAGvD,OAAO,EAAE,GAAG,IAAI,WAAW,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AACtE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,GAAG,IAAI,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,IAAI,IAAI,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGzD,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,IAAI,IAAI,iBAAiB,EAAE,KAAK,IAAI,kBAAkB,EAAE,MAAM,IAAI,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACjJ,OAAO,EAAE,IAAI,IAAI,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,aAAa,CAAC;AAGnD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAG5D,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/server/routes/index.js

@@ -48,6 +48,10 @@ export { POST as pinLoginPOST } from "./pin_login.js";
 // OTP sign-in routes
 export { otpRequestPOST } from "./otp/request.js";
 export { otpVerifyPOST } from "./otp/verify.js";
+// Legal docs routes
+export { legalDocsGET } from './legal_docs_get.js';
+export { legalDocsAcceptPOST } from './legal_docs_accept.js';
+export { legalDocsPublishPOST } from './legal_docs_publish.js';
 // Consent routes
 export { consentMeGET } from "./consent_me.js";
 // Strings routes

package/dist/server/routes/legal_docs_accept.d.ts

@@ -0,0 +1,3 @@
+import { NextRequest, NextResponse } from 'next/server';
+export declare function legalDocsAcceptPOST(request: NextRequest): Promise<NextResponse>;
+//# sourceMappingURL=legal_docs_accept.d.ts.map

package/dist/server/routes/legal_docs_accept.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_accept.d.ts","sourceRoot":"","sources":["../../../src/server/routes/legal_docs_accept.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AASxD,wBAAsB,mBAAmB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC,CA0CrF"}

package/dist/server/routes/legal_docs_accept.js

@@ -0,0 +1,43 @@
+// file_description: POST /api/hazo_auth/legal_docs/accept — records a user's acceptance of one or more legal docs
+import { NextResponse } from 'next/server';
+import { hazo_get_auth } from '../../lib/auth/hazo_get_auth.server.js';
+import { get_client_ip } from '../../lib/auth/hazo_get_auth.server.js';
+import { get_legal_docs_config } from '../../lib/legal/legal_docs_config.server.js';
+import { read_legal_doc } from '../../lib/legal/legal_docs_reader.server.js';
+import { write_legal_acceptance } from '../../lib/legal/legal_docs_service.js';
+import { get_hazo_connect_instance } from '../../lib/hazo_connect_instance.server.js';
+import { create_app_logger } from '../../lib/app_logger.js';
+export async function legalDocsAcceptPOST(request) {
+    const logger = create_app_logger();
+    try {
+        const auth = await hazo_get_auth(request);
+        if (!auth.user) {
+            return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 });
+        }
+        const body = await request.json().catch(() => null);
+        const accepted = body === null || body === void 0 ? void 0 : body.accepted;
+        if (!accepted || typeof accepted !== 'object' || Object.keys(accepted).length === 0) {
+            return NextResponse.json({ ok: false, error: 'accepted is required' }, { status: 400 });
+        }
+        const config = get_legal_docs_config();
+        for (const [doc_key, { hash }] of Object.entries(accepted)) {
+            const doc_config = config.docs.find(d => d.key === doc_key);
+            if (!doc_config) {
+                return NextResponse.json({ ok: false, error: `Unknown doc key: ${doc_key}` }, { status: 400 });
+            }
+            const { hash: current_hash } = read_legal_doc(doc_config.path);
+            if (hash !== current_hash) {
+                return NextResponse.json({ ok: false, error: `Hash mismatch for "${doc_key}" — user may have seen a stale version` }, { status: 400 });
+            }
+        }
+        const ip = get_client_ip(request);
+        const user_agent = request.headers.get('user-agent');
+        const adapter = get_hazo_connect_instance();
+        await write_legal_acceptance(adapter, auth.user.id, accepted, ip, user_agent);
+        return NextResponse.json({ ok: true });
+    }
+    catch (err) {
+        logger.error('legal_docs_accept: internal server error', { err });
+        return NextResponse.json({ ok: false, error: 'Internal server error' }, { status: 500 });
+    }
+}

package/dist/server/routes/legal_docs_get.d.ts

@@ -0,0 +1,3 @@
+import { NextRequest, NextResponse } from 'next/server';
+export declare function legalDocsGET(_request: NextRequest): Promise<NextResponse>;
+//# sourceMappingURL=legal_docs_get.d.ts.map

package/dist/server/routes/legal_docs_get.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_get.d.ts","sourceRoot":"","sources":["../../../src/server/routes/legal_docs_get.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAOxD,wBAAsB,YAAY,CAAC,QAAQ,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC,CA8C/E"}

package/dist/server/routes/legal_docs_get.js

@@ -0,0 +1,49 @@
+// file_description: GET /api/hazo_auth/legal_docs — returns configured legal docs with content and required version info
+import { NextResponse } from 'next/server';
+import { get_legal_docs_config } from '../../lib/legal/legal_docs_config.server.js';
+import { read_legal_doc } from '../../lib/legal/legal_docs_reader.server.js';
+import { get_required_versions } from '../../lib/legal/legal_docs_service.js';
+import { get_hazo_connect_instance } from '../../lib/hazo_connect_instance.server.js';
+import { create_app_logger } from '../../lib/app_logger.js';
+export async function legalDocsGET(_request) {
+    const logger = create_app_logger();
+    try {
+        const config = get_legal_docs_config();
+        if (config.docs.length === 0) {
+            return NextResponse.json({ ok: true, data: { display_mode: config.display_mode, docs: [] } });
+        }
+        const doc_results = config.docs.map((doc_config) => {
+            try {
+                const { content, hash } = read_legal_doc(doc_config.path);
+                return { ok: true, key: doc_config.key, title: doc_config.title, content, hash };
+            }
+            catch (err) {
+                logger.error('legal_docs_get: failed to read legal doc file', { err, key: doc_config.key, path: doc_config.path });
+                return { ok: false, key: doc_config.key, error: `File not found: ${doc_config.path}` };
+            }
+        });
+        const failed = doc_results.find(d => !d.ok);
+        if (failed) {
+            return NextResponse.json({ ok: false, error: `Legal doc "${failed.key}" could not be read. Check hazo_auth_config.ini path.` }, { status: 500 });
+        }
+        const adapter = get_hazo_connect_instance();
+        const keys = config.docs.map(d => d.key);
+        const required_versions = await get_required_versions(adapter, keys);
+        const docs = doc_results.map((d) => {
+            var _a, _b, _c, _d;
+            return ({
+                key: d.key,
+                title: d.title,
+                content: d.content,
+                hash: d.hash,
+                required_hash: (_b = (_a = required_versions[d.key]) === null || _a === void 0 ? void 0 : _a.required_hash) !== null && _b !== void 0 ? _b : null,
+                required_published_at: (_d = (_c = required_versions[d.key]) === null || _c === void 0 ? void 0 : _c.published_at) !== null && _d !== void 0 ? _d : null,
+            });
+        });
+        return NextResponse.json({ ok: true, data: { display_mode: config.display_mode, docs } });
+    }
+    catch (err) {
+        logger.error('legal_docs_get: internal server error', { err });
+        return NextResponse.json({ ok: false, error: 'Internal server error' }, { status: 500 });
+    }
+}

package/dist/server/routes/legal_docs_publish.d.ts

@@ -0,0 +1,3 @@
+import { NextRequest, NextResponse } from 'next/server';
+export declare function legalDocsPublishPOST(request: NextRequest): Promise<NextResponse>;
+//# sourceMappingURL=legal_docs_publish.d.ts.map

package/dist/server/routes/legal_docs_publish.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legal_docs_publish.d.ts","sourceRoot":"","sources":["../../../src/server/routes/legal_docs_publish.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAQxD,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,CAAC,CA+BtF"}