hazo_auth 7.0.2 → 9.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +34 -0
- package/SETUP_CHECKLIST.md +31 -0
- package/cli-src/lib/AGENTS.md +26 -0
- package/cli-src/lib/app_logger.ts +3 -7
- package/cli-src/lib/auth/auth_types.ts +3 -0
- package/cli-src/lib/auth/auth_utils.server.ts +2 -1
- package/cli-src/lib/auth/ensure_anon_id.server.ts +2 -1
- package/cli-src/lib/auth/hazo_get_auth.server.ts +30 -4
- package/cli-src/lib/config/hazo_auth_core_config.ts +44 -0
- package/cli-src/lib/cookies_config.server.ts +13 -10
- package/cli-src/lib/hazo_connect_setup.server.ts +19 -11
- package/cli-src/lib/legal/legal_docs_config.server.ts +61 -0
- package/cli-src/lib/legal/legal_docs_reader.server.ts +36 -0
- package/cli-src/lib/legal/legal_docs_service.ts +197 -0
- package/cli-src/lib/legal/legal_docs_types.ts +31 -0
- package/cli-src/lib/services/email_service.ts +22 -11
- package/cli-src/lib/services/firm_service.ts +2 -1
- package/cli-src/lib/services/otp_service.ts +3 -2
- package/cli-src/lib/services/profile_picture_service.ts +2 -1
- package/cli-src/lib/services/registration_service.ts +16 -1
- package/cli-src/lib/services/relationship_service.ts +5 -4
- package/cli-src/lib/services/session_token_service.ts +3 -2
- package/cli-src/lib/utils/api_route_helpers.ts +4 -59
- package/cli-src/lib/utils/get_origin_url.ts +5 -61
- package/cli-src/lib/utils.ts +4 -10
- package/config/hazo_auth_config.example.ini +6 -0
- package/dist/client.d.ts +1 -0
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +3 -0
- package/dist/components/layouts/index.d.ts +1 -0
- package/dist/components/layouts/index.d.ts.map +1 -1
- package/dist/components/layouts/index.js +2 -0
- package/dist/components/layouts/legal/index.d.ts +5 -0
- package/dist/components/layouts/legal/index.d.ts.map +1 -0
- package/dist/components/layouts/legal/index.js +4 -0
- package/dist/components/layouts/legal/legal_acceptance_gate.d.ts +7 -0
- package/dist/components/layouts/legal/legal_acceptance_gate.d.ts.map +1 -0
- package/dist/components/layouts/legal/legal_acceptance_gate.js +84 -0
- package/dist/components/layouts/legal/legal_doc_checkbox_list.d.ts +9 -0
- package/dist/components/layouts/legal/legal_doc_checkbox_list.d.ts.map +1 -0
- package/dist/components/layouts/legal/legal_doc_checkbox_list.js +11 -0
- package/dist/components/layouts/legal/legal_doc_combined_view.d.ts +9 -0
- package/dist/components/layouts/legal/legal_doc_combined_view.d.ts.map +1 -0
- package/dist/components/layouts/legal/legal_doc_combined_view.js +11 -0
- package/dist/components/layouts/legal/legal_doc_drawer.d.ts +8 -0
- package/dist/components/layouts/legal/legal_doc_drawer.d.ts.map +1 -0
- package/dist/components/layouts/legal/legal_doc_drawer.js +55 -0
- package/dist/components/layouts/register/hooks/use_register_form.d.ts +5 -1
- package/dist/components/layouts/register/hooks/use_register_form.d.ts.map +1 -1
- package/dist/components/layouts/register/hooks/use_register_form.js +25 -10
- package/dist/components/layouts/register/index.d.ts.map +1 -1
- package/dist/components/layouts/register/index.js +21 -1
- package/dist/components/layouts/user_management/index.d.ts.map +1 -1
- package/dist/components/layouts/user_management/index.js +45 -7
- package/dist/components/ui/input-otp.d.ts +2 -2
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/lib/app_logger.d.ts +2 -3
- package/dist/lib/app_logger.d.ts.map +1 -1
- package/dist/lib/app_logger.js +3 -5
- package/dist/lib/auth/auth_types.d.ts +2 -0
- package/dist/lib/auth/auth_types.d.ts.map +1 -1
- package/dist/lib/auth/auth_types.js +0 -2
- package/dist/lib/auth/auth_utils.server.d.ts.map +1 -1
- package/dist/lib/auth/auth_utils.server.js +2 -1
- package/dist/lib/auth/ensure_anon_id.server.d.ts.map +1 -1
- package/dist/lib/auth/ensure_anon_id.server.js +2 -1
- package/dist/lib/auth/hazo_get_auth.server.d.ts.map +1 -1
- package/dist/lib/auth/hazo_get_auth.server.js +30 -4
- package/dist/lib/config/hazo_auth_core_config.d.ts +44 -0
- package/dist/lib/config/hazo_auth_core_config.d.ts.map +1 -0
- package/dist/lib/config/hazo_auth_core_config.js +40 -0
- package/dist/lib/cookies_config.server.d.ts.map +1 -1
- package/dist/lib/cookies_config.server.js +12 -7
- package/dist/lib/hazo_connect_setup.server.d.ts.map +1 -1
- package/dist/lib/hazo_connect_setup.server.js +18 -5
- package/dist/lib/legal/legal_docs_config.server.d.ts +22 -0
- package/dist/lib/legal/legal_docs_config.server.d.ts.map +1 -0
- package/dist/lib/legal/legal_docs_config.server.js +52 -0
- package/dist/lib/legal/legal_docs_reader.server.d.ts +15 -0
- package/dist/lib/legal/legal_docs_reader.server.d.ts.map +1 -0
- package/dist/lib/legal/legal_docs_reader.server.js +24 -0
- package/dist/lib/legal/legal_docs_service.d.ts +49 -0
- package/dist/lib/legal/legal_docs_service.d.ts.map +1 -0
- package/dist/lib/legal/legal_docs_service.js +141 -0
- package/dist/lib/legal/legal_docs_types.d.ts +25 -0
- package/dist/lib/legal/legal_docs_types.d.ts.map +1 -0
- package/dist/lib/legal/legal_docs_types.js +2 -0
- package/dist/lib/services/email_service.d.ts +1 -1
- package/dist/lib/services/email_service.d.ts.map +1 -1
- package/dist/lib/services/email_service.js +21 -9
- package/dist/lib/services/firm_service.d.ts.map +1 -1
- package/dist/lib/services/firm_service.js +2 -1
- package/dist/lib/services/otp_service.d.ts.map +1 -1
- package/dist/lib/services/otp_service.js +3 -2
- package/dist/lib/services/profile_picture_service.d.ts.map +1 -1
- package/dist/lib/services/profile_picture_service.js +2 -1
- package/dist/lib/services/registration_service.d.ts +5 -0
- package/dist/lib/services/registration_service.d.ts.map +1 -1
- package/dist/lib/services/registration_service.js +6 -0
- package/dist/lib/services/relationship_service.d.ts.map +1 -1
- package/dist/lib/services/relationship_service.js +5 -4
- package/dist/lib/services/session_token_service.d.ts.map +1 -1
- package/dist/lib/services/session_token_service.js +3 -2
- package/dist/lib/utils/api_route_helpers.d.ts +1 -12
- package/dist/lib/utils/api_route_helpers.d.ts.map +1 -1
- package/dist/lib/utils/api_route_helpers.js +4 -57
- package/dist/lib/utils/get_origin_url.d.ts +1 -22
- package/dist/lib/utils/get_origin_url.d.ts.map +1 -1
- package/dist/lib/utils/get_origin_url.js +5 -57
- package/dist/lib/utils.d.ts +2 -3
- package/dist/lib/utils.d.ts.map +1 -1
- package/dist/lib/utils.js +4 -9
- package/dist/page_components/index.d.ts +0 -5
- package/dist/page_components/index.d.ts.map +1 -1
- package/dist/page_components/index.js +0 -5
- package/dist/server/config/config_loader.js +2 -2
- package/dist/server/index.js +1 -1
- package/dist/server/routes/index.d.ts +3 -0
- package/dist/server/routes/index.d.ts.map +1 -1
- package/dist/server/routes/index.js +4 -0
- package/dist/server/routes/legal_docs_accept.d.ts +3 -0
- package/dist/server/routes/legal_docs_accept.d.ts.map +1 -0
- package/dist/server/routes/legal_docs_accept.js +43 -0
- package/dist/server/routes/legal_docs_get.d.ts +3 -0
- package/dist/server/routes/legal_docs_get.d.ts.map +1 -0
- package/dist/server/routes/legal_docs_get.js +49 -0
- package/dist/server/routes/legal_docs_publish.d.ts +3 -0
- package/dist/server/routes/legal_docs_publish.d.ts.map +1 -0
- package/dist/server/routes/legal_docs_publish.js +35 -0
- package/dist/server/routes/register.d.ts.map +1 -1
- package/dist/server/routes/register.js +26 -0
- package/dist/server/routes/remove_profile_picture.d.ts.map +1 -1
- package/dist/server/routes/remove_profile_picture.js +6 -1
- package/dist/server/routes/upload_profile_picture.d.ts.map +1 -1
- package/dist/server/routes/upload_profile_picture.js +6 -1
- package/dist/server/routes/user_management_users.d.ts +2 -2
- package/dist/server/routes/user_management_users.d.ts.map +1 -1
- package/dist/server/routes/user_management_users.js +46 -2
- package/dist/server/server.d.ts.map +1 -1
- package/dist/server/server.js +7 -0
- package/dist/strings.d.ts +2 -0
- package/dist/strings.d.ts.map +1 -0
- package/dist/strings.js +3 -0
- package/package.json +33 -35
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as React from "react";
|
|
2
|
-
declare const InputOTP: React.ForwardRefExoticComponent<(Omit<Omit<React.InputHTMLAttributes<HTMLInputElement>, "
|
|
2
|
+
declare const InputOTP: React.ForwardRefExoticComponent<(Omit<Omit<React.InputHTMLAttributes<HTMLInputElement>, "maxLength" | "value" | "onChange" | "textAlign" | "onComplete" | "pushPasswordManagerStrategy" | "pasteTransformer" | "containerClassName" | "noScriptCSSFallback"> & {
|
|
3
3
|
value?: string;
|
|
4
4
|
onChange?: (newValue: string) => unknown;
|
|
5
5
|
maxLength: number;
|
|
@@ -12,7 +12,7 @@ declare const InputOTP: React.ForwardRefExoticComponent<(Omit<Omit<React.InputHT
|
|
|
12
12
|
} & {
|
|
13
13
|
render: (props: import("input-otp").RenderProps) => React.ReactNode;
|
|
14
14
|
children?: never;
|
|
15
|
-
} & React.RefAttributes<HTMLInputElement>, "ref"> | Omit<Omit<React.InputHTMLAttributes<HTMLInputElement>, "
|
|
15
|
+
} & React.RefAttributes<HTMLInputElement>, "ref"> | Omit<Omit<React.InputHTMLAttributes<HTMLInputElement>, "maxLength" | "value" | "onChange" | "textAlign" | "onComplete" | "pushPasswordManagerStrategy" | "pasteTransformer" | "containerClassName" | "noScriptCSSFallback"> & {
|
|
16
16
|
value?: string;
|
|
17
17
|
onChange?: (newValue: string) => unknown;
|
|
18
18
|
maxLength: number;
|
package/dist/index.d.ts
CHANGED
|
@@ -3,6 +3,7 @@ export * from "./contexts/hazo_auth_config.js";
|
|
|
3
3
|
export * from "./components/index.js";
|
|
4
4
|
export type { HazoAuthUser, HazoAuthResult, HazoAuthError, HazoAuthOptions, ScopeDetails, TenantOrganization, TenantAuthOptions, TenantAuthResult, RequiredTenantAuthResult, } from "./lib/auth/auth_types";
|
|
5
5
|
export { AuthenticationRequiredError, TenantRequiredError, TenantAccessDeniedError, } from "./lib/auth/auth_types.js";
|
|
6
|
+
export type { LegalDoc, LegalAcceptanceRecord, LegalAcceptanceMap } from './lib/legal/legal_docs_types';
|
|
6
7
|
export { cn, merge_class_names } from "./lib/utils.js";
|
|
7
8
|
export { HAZO_AUTH_PERMISSIONS, ALL_ADMIN_PERMISSIONS } from "./lib/constants.js";
|
|
8
9
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAQA,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC;AAG5C,cAAc,oBAAoB,CAAC;AAGnC,YAAY,EACV,YAAY,EACZ,cAAc,EACd,aAAa,EACb,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGpD,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAQA,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC;AAG5C,cAAc,oBAAoB,CAAC;AAGnC,YAAY,EACV,YAAY,EACZ,cAAc,EACd,aAAa,EACb,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,2BAA2B,EAC3B,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,uBAAuB,CAAC;AAG/B,YAAY,EAAE,QAAQ,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGxG,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGpD,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC"}
|
package/dist/lib/app_logger.d.ts
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
|
-
import "server-only";
|
|
2
1
|
/**
|
|
3
2
|
* Returns the hazo_auth logger instance
|
|
4
|
-
* Uses
|
|
3
|
+
* Uses hazo_core for consistent logging across hazo packages
|
|
5
4
|
*/
|
|
6
|
-
export declare const create_app_logger: () => import("
|
|
5
|
+
export declare const create_app_logger: () => import("hazo_core").HazoCoreLogger;
|
|
7
6
|
//# sourceMappingURL=app_logger.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app_logger.d.ts","sourceRoot":"","sources":["../../src/lib/app_logger.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"app_logger.d.ts","sourceRoot":"","sources":["../../src/lib/app_logger.ts"],"names":[],"mappings":"AAQA;;;GAGG;AACH,eAAO,MAAM,iBAAiB,0CAAe,CAAC"}
|
package/dist/lib/app_logger.js
CHANGED
|
@@ -1,13 +1,11 @@
|
|
|
1
|
-
// file_description: server-only wrapper for the main app logging service using
|
|
2
|
-
// section: server-only-guard
|
|
3
|
-
import "server-only";
|
|
1
|
+
// file_description: server-only wrapper for the main app logging service using hazo_core
|
|
4
2
|
// section: imports
|
|
5
|
-
import { createLogger } from "
|
|
3
|
+
import { createLogger } from "hazo_core";
|
|
6
4
|
// section: logger_instance
|
|
7
5
|
// Create a singleton logger for the hazo_auth package
|
|
8
6
|
const logger = createLogger("hazo_auth");
|
|
9
7
|
/**
|
|
10
8
|
* Returns the hazo_auth logger instance
|
|
11
|
-
* Uses
|
|
9
|
+
* Uses hazo_core for consistent logging across hazo packages
|
|
12
10
|
*/
|
|
13
11
|
export const create_app_logger = () => logger;
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { LegalAcceptanceMap } from '../legal/legal_docs_types';
|
|
1
2
|
/**
|
|
2
3
|
* User data structure returned by hazo_get_auth
|
|
3
4
|
*/
|
|
@@ -9,6 +10,7 @@ export type HazoAuthUser = {
|
|
|
9
10
|
profile_picture_url: string | null;
|
|
10
11
|
managed_by_user_id?: string | null;
|
|
11
12
|
app_user_data: Record<string, unknown> | null;
|
|
13
|
+
legal_acceptance: LegalAcceptanceMap | null;
|
|
12
14
|
};
|
|
13
15
|
/**
|
|
14
16
|
* Scope access information returned when scope checking is used
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth_types.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth_types.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth_types.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth_types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEnC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAE9C,gBAAgB,EAAE,kBAAkB,GAAG,IAAI,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,cAAc,GACtB;IACE,aAAa,EAAE,IAAI,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE/B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC,GACD;IACE,aAAa,EAAE,KAAK,CAAC;IACrB,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,EAAE,CAAC;IAChB,aAAa,EAAE,KAAK,CAAC;IACrB,QAAQ,CAAC,EAAE,KAAK,CAAC;CAClB,CAAC;AAEN;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;GAIG;AACH,qBAAa,eAAgB,SAAQ,KAAK;IAE/B,mBAAmB,EAAE,MAAM,EAAE;IAC7B,gBAAgB,EAAE,MAAM,EAAE;IAC1B,oBAAoB,EAAE,MAAM,EAAE;IAC9B,qBAAqB,CAAC,EAAE,MAAM;IAC9B,uBAAuB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC;gBAJ7C,mBAAmB,EAAE,MAAM,EAAE,EAC7B,gBAAgB,EAAE,MAAM,EAAE,EAC1B,oBAAoB,EAAE,MAAM,EAAE,EAC9B,qBAAqB,CAAC,EAAE,MAAM,YAAA,EAC9B,uBAAuB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,YAAA;CAKvD;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IAEhC,QAAQ,EAAE,MAAM;IAChB,WAAW,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;gBAD7D,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAKvE;AAID;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;IAEhB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE;QACT,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;QAC/B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,CAAC;CACH,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,eAAe,GAAG;IAChD;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GACxB;IACE,aAAa,EAAE,IAAI,CAAC;IACpB,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,YAAY,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACxC,0EAA0E;IAC1E,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,WAAW,EAAE,YAAY,EAAE,CAAC;IAC5B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC,GACD;IACE,aAAa,EAAE,KAAK,CAAC;IACrB,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,EAAE,CAAC;IAChB,aAAa,EAAE,KAAK,CAAC;IACrB,YAAY,EAAE,IAAI,CAAC;IACnB,0EAA0E;IAC1E,eAAe,EAAE,IAAI,CAAC;IACtB,WAAW,EAAE,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,KAAK,CAAC;CAClB,CAAC;AAEN;;;GAGG;AACH,MAAM,MAAM,wBAAwB,GAAG,gBAAgB,GAAG;IACxD,aAAa,EAAE,IAAI,CAAC;IACpB,YAAY,EAAE,kBAAkB,CAAC;CAClC,CAAC;AAIF;;;GAGG;AACH,qBAAa,aAAc,SAAQ,KAAK;aAGpB,IAAI,EAAE,MAAM;aACZ,WAAW,EAAE,MAAM;gBAFnC,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM;CAKtC;AAED;;GAEG;AACH,qBAAa,2BAA4B,SAAQ,aAAa;gBAChD,OAAO,GAAE,MAAkC;CAIxD;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,aAAa;aAGlC,WAAW,EAAE,YAAY,EAAE;gBAD3C,OAAO,GAAE,MAAkC,EAC3B,WAAW,GAAE,YAAY,EAAO;CAKnD;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,aAAa;aAEtC,QAAQ,EAAE,MAAM;aAChB,WAAW,EAAE,YAAY,EAAE;gBAD3B,QAAQ,EAAE,MAAM,EAChB,WAAW,GAAE,YAAY,EAAO;CAKnD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth_utils.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth_utils.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"auth_utils.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/auth_utils.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAQxD,MAAM,MAAM,QAAQ,GAAG;IACrB,aAAa,EAAE,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,OAAO,CAAC;IACxB,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;CAC/D,CAAC;AAEF,MAAM,MAAM,UAAU,GAClB,QAAQ,GACR;IAAE,aAAa,EAAE,KAAK,CAAA;CAAE,CAAC;AAmB7B;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CA8CtF;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAG7E;AAED;;;;;;GAMG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,CAQ1E;AAED;;;;;GAKG;AACH,wBAAsB,oCAAoC,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC;IACxF,WAAW,EAAE,UAAU,CAAC;IACxB,QAAQ,CAAC,EAAE,YAAY,CAAC;CACzB,CAAC,CA6DD"}
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
import "server-only";
|
|
4
4
|
// section: imports
|
|
5
5
|
import { NextResponse } from "next/server";
|
|
6
|
+
import { HazoAuthError } from "hazo_core";
|
|
6
7
|
import { get_hazo_connect_instance } from "../hazo_connect_instance.server.js";
|
|
7
8
|
import { createCrudService } from "hazo_connect/server";
|
|
8
9
|
import { map_db_source_to_ui } from "../services/profile_picture_source_mapper.js";
|
|
@@ -89,7 +90,7 @@ export async function is_authenticated(request) {
|
|
|
89
90
|
export async function require_auth(request) {
|
|
90
91
|
const result = await get_authenticated_user(request);
|
|
91
92
|
if (!result.authenticated) {
|
|
92
|
-
throw new
|
|
93
|
+
throw new HazoAuthError({ code: 'HAZO_AUTH_FORBIDDEN', pkg: 'hazo_auth', message: 'Authentication required' });
|
|
93
94
|
}
|
|
94
95
|
return result;
|
|
95
96
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ensure_anon_id.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/ensure_anon_id.server.ts"],"names":[],"mappings":"AAqBA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"ensure_anon_id.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/ensure_anon_id.server.ts"],"names":[],"mappings":"AAqBA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAiB1C;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CA8B1E"}
|
|
@@ -20,6 +20,7 @@
|
|
|
20
20
|
// section: server-only-guard
|
|
21
21
|
import "server-only";
|
|
22
22
|
import { cookies } from "next/headers";
|
|
23
|
+
import { generateRequestId } from "hazo_core";
|
|
23
24
|
import { BASE_COOKIE_NAMES, get_cookie_name, get_cookie_options, } from "../cookies_config.server.js";
|
|
24
25
|
// section: constants
|
|
25
26
|
const TWO_YEARS_SECONDS = 60 * 60 * 24 * 365 * 2;
|
|
@@ -58,7 +59,7 @@ export async function ensure_anon_id(request) {
|
|
|
58
59
|
return existing;
|
|
59
60
|
}
|
|
60
61
|
// Issue a new id and queue the Set-Cookie via the next/headers cookie store.
|
|
61
|
-
const new_id =
|
|
62
|
+
const new_id = generateRequestId().slice(4);
|
|
62
63
|
const cookie_options = get_cookie_options({
|
|
63
64
|
httpOnly: true,
|
|
64
65
|
secure: process.env.NODE_ENV === "production",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hazo_get_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/hazo_get_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"hazo_get_auth.server.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/hazo_get_auth.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAGrB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM1C,OAAO,KAAK,EACV,cAAc,EAEd,eAAe,EAGhB,MAAM,cAAc,CAAC;AA+DtB;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAU1D;AA6SD;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,cAAc,CAAC,CAyNzB"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
// file_description: server-side implementation of hazo_get_auth utility for API routes
|
|
2
2
|
// section: server-only-guard
|
|
3
3
|
import "server-only";
|
|
4
|
+
import { HazoNotFoundError, HazoAuthError, HazoRateLimitError, getCorrelationId } from "hazo_core";
|
|
4
5
|
import { get_hazo_connect_instance } from "../hazo_connect_instance.server.js";
|
|
5
6
|
import { createCrudService } from "hazo_connect/server";
|
|
6
7
|
import { create_app_logger } from "../app_logger.js";
|
|
@@ -39,6 +40,24 @@ function parse_app_user_data(json_string) {
|
|
|
39
40
|
return null;
|
|
40
41
|
}
|
|
41
42
|
}
|
|
43
|
+
/**
|
|
44
|
+
* Parse raw legal_acceptance field from DB to LegalAcceptanceMap
|
|
45
|
+
* @param raw - Raw value from database (string or object)
|
|
46
|
+
* @returns Parsed LegalAcceptanceMap or null
|
|
47
|
+
*/
|
|
48
|
+
function parse_legal_acceptance(raw) {
|
|
49
|
+
if (!raw)
|
|
50
|
+
return null;
|
|
51
|
+
try {
|
|
52
|
+
const parsed = typeof raw === 'string' ? JSON.parse(raw) : raw;
|
|
53
|
+
if (typeof parsed !== 'object' || Array.isArray(parsed))
|
|
54
|
+
return null;
|
|
55
|
+
return parsed;
|
|
56
|
+
}
|
|
57
|
+
catch (_a) {
|
|
58
|
+
return null;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
42
61
|
/**
|
|
43
62
|
* Gets client IP address from request
|
|
44
63
|
* @param request - NextRequest object
|
|
@@ -116,12 +135,12 @@ async function fetch_user_data_from_db(user_id) {
|
|
|
116
135
|
// Fetch user
|
|
117
136
|
const users = await users_service.findBy({ id: user_id });
|
|
118
137
|
if (!Array.isArray(users) || users.length === 0) {
|
|
119
|
-
throw new
|
|
138
|
+
throw new HazoNotFoundError({ code: 'HAZO_AUTH_USER_NOT_FOUND', pkg: 'hazo_auth', message: 'User not found' });
|
|
120
139
|
}
|
|
121
140
|
const user_db = users[0];
|
|
122
141
|
// Check if user is active (status must be 'ACTIVE')
|
|
123
142
|
if (user_db.status !== "ACTIVE") {
|
|
124
|
-
throw new
|
|
143
|
+
throw new HazoAuthError({ code: 'HAZO_AUTH_FORBIDDEN', pkg: 'hazo_auth', message: 'User account is inactive' });
|
|
125
144
|
}
|
|
126
145
|
// Build user object
|
|
127
146
|
const user = {
|
|
@@ -132,6 +151,7 @@ async function fetch_user_data_from_db(user_id) {
|
|
|
132
151
|
profile_picture_url: user_db.profile_picture_url || null,
|
|
133
152
|
managed_by_user_id: user_db.managed_by_user_id || null,
|
|
134
153
|
app_user_data: parse_app_user_data(user_db.app_user_data),
|
|
154
|
+
legal_acceptance: parse_legal_acceptance(user_db.legal_acceptance),
|
|
135
155
|
};
|
|
136
156
|
// v5.x: Fetch user's roles from hazo_user_scopes (scope-based role assignments)
|
|
137
157
|
// Each scope assignment has a role_id (string UUID)
|
|
@@ -313,6 +333,7 @@ export async function hazo_get_auth(request, options) {
|
|
|
313
333
|
line_number: get_line_number(),
|
|
314
334
|
error: token_error_message,
|
|
315
335
|
note: "Falling back to simple cookie check",
|
|
336
|
+
correlation_id: getCorrelationId(),
|
|
316
337
|
});
|
|
317
338
|
}
|
|
318
339
|
}
|
|
@@ -330,8 +351,9 @@ export async function hazo_get_auth(request, options) {
|
|
|
330
351
|
filename: get_filename(),
|
|
331
352
|
line_number: get_line_number(),
|
|
332
353
|
ip: client_ip,
|
|
354
|
+
correlation_id: getCorrelationId(),
|
|
333
355
|
});
|
|
334
|
-
throw new
|
|
356
|
+
throw new HazoRateLimitError({ code: 'HAZO_AUTH_RATE_LIMITED', pkg: 'hazo_auth', message: 'Rate limit exceeded. Please try again later.' });
|
|
335
357
|
}
|
|
336
358
|
return {
|
|
337
359
|
authenticated: false,
|
|
@@ -347,8 +369,9 @@ export async function hazo_get_auth(request, options) {
|
|
|
347
369
|
filename: get_filename(),
|
|
348
370
|
line_number: get_line_number(),
|
|
349
371
|
user_id,
|
|
372
|
+
correlation_id: getCorrelationId(),
|
|
350
373
|
});
|
|
351
|
-
throw new
|
|
374
|
+
throw new HazoRateLimitError({ code: 'HAZO_AUTH_RATE_LIMITED', pkg: 'hazo_auth', message: 'Rate limit exceeded. Please try again later.' });
|
|
352
375
|
}
|
|
353
376
|
// Check cache
|
|
354
377
|
let cached_entry = cache.get(user_id);
|
|
@@ -378,6 +401,7 @@ export async function hazo_get_auth(request, options) {
|
|
|
378
401
|
line_number: get_line_number(),
|
|
379
402
|
user_id,
|
|
380
403
|
error: error_message,
|
|
404
|
+
correlation_id: getCorrelationId(),
|
|
381
405
|
});
|
|
382
406
|
return {
|
|
383
407
|
authenticated: false,
|
|
@@ -405,6 +429,7 @@ export async function hazo_get_auth(request, options) {
|
|
|
405
429
|
missing_permissions,
|
|
406
430
|
user_permissions: permissions,
|
|
407
431
|
ip: client_ip,
|
|
432
|
+
correlation_id: getCorrelationId(),
|
|
408
433
|
});
|
|
409
434
|
}
|
|
410
435
|
// Throw error if strict mode
|
|
@@ -433,6 +458,7 @@ export async function hazo_get_auth(request, options) {
|
|
|
433
458
|
scope_id: options.scope_id,
|
|
434
459
|
user_scopes: scope_result.user_scopes,
|
|
435
460
|
ip: client_ip,
|
|
461
|
+
correlation_id: getCorrelationId(),
|
|
436
462
|
});
|
|
437
463
|
}
|
|
438
464
|
// Throw error if strict mode and scope access denied
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
declare const HazoAuthCoreConfigSchema: z.ZodObject<{
|
|
3
|
+
hazo_auth__tokens: z.ZodPipe<z.ZodOptional<z.ZodObject<{
|
|
4
|
+
access_token_ttl_seconds: z.ZodPipe<z.ZodOptional<z.ZodString>, z.ZodTransform<number, string | undefined>>;
|
|
5
|
+
refresh_token_ttl_seconds: z.ZodPipe<z.ZodOptional<z.ZodString>, z.ZodTransform<number, string | undefined>>;
|
|
6
|
+
}, z.core.$strip>>, z.ZodTransform<{
|
|
7
|
+
access_token_ttl_seconds: number;
|
|
8
|
+
refresh_token_ttl_seconds: number;
|
|
9
|
+
}, {
|
|
10
|
+
access_token_ttl_seconds: number;
|
|
11
|
+
refresh_token_ttl_seconds: number;
|
|
12
|
+
} | undefined>>;
|
|
13
|
+
hazo_auth__cookies: z.ZodPipe<z.ZodOptional<z.ZodObject<{
|
|
14
|
+
cookie_prefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
15
|
+
cookie_domain: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
16
|
+
}, z.core.$strip>>, z.ZodTransform<{
|
|
17
|
+
cookie_prefix: string;
|
|
18
|
+
cookie_domain: string;
|
|
19
|
+
}, {
|
|
20
|
+
cookie_prefix: string;
|
|
21
|
+
cookie_domain: string;
|
|
22
|
+
} | undefined>>;
|
|
23
|
+
hazo_auth__rate_limit: z.ZodPipe<z.ZodOptional<z.ZodObject<{
|
|
24
|
+
max_attempts: z.ZodPipe<z.ZodOptional<z.ZodString>, z.ZodTransform<number, string | undefined>>;
|
|
25
|
+
window_minutes: z.ZodPipe<z.ZodOptional<z.ZodString>, z.ZodTransform<number, string | undefined>>;
|
|
26
|
+
}, z.core.$strip>>, z.ZodTransform<{
|
|
27
|
+
max_attempts: number;
|
|
28
|
+
window_minutes: number;
|
|
29
|
+
}, {
|
|
30
|
+
max_attempts: number;
|
|
31
|
+
window_minutes: number;
|
|
32
|
+
} | undefined>>;
|
|
33
|
+
log: z.ZodPipe<z.ZodOptional<z.ZodObject<{
|
|
34
|
+
overrides: z.ZodDefault<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>>;
|
|
35
|
+
}, z.core.$strip>>, z.ZodTransform<{
|
|
36
|
+
overrides: Record<string, string>;
|
|
37
|
+
}, {
|
|
38
|
+
overrides: Record<string, string>;
|
|
39
|
+
} | undefined>>;
|
|
40
|
+
}, z.core.$strip>;
|
|
41
|
+
export type HazoAuthCoreConfig = z.infer<typeof HazoAuthCoreConfigSchema>;
|
|
42
|
+
export declare function getHazoAuthCoreConfig(): HazoAuthCoreConfig;
|
|
43
|
+
export {};
|
|
44
|
+
//# sourceMappingURL=hazo_auth_core_config.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hazo_auth_core_config.d.ts","sourceRoot":"","sources":["../../../src/lib/config/hazo_auth_core_config.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,QAAA,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA4B5B,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E,wBAAgB,qBAAqB,IAAI,kBAAkB,CAK1D"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
// file_description: Zod-validated config loader for hazo_auth core settings.
|
|
2
|
+
// Covers server-critical sections ([hazo_auth__tokens], [hazo_auth__cookies], [hazo_auth__rate_limit], [log.overrides]).
|
|
3
|
+
// UI sections (login_layout, register_layout, etc.) are still handled by config_loader.server.ts.
|
|
4
|
+
import { z } from 'zod';
|
|
5
|
+
import { loadConfig } from 'hazo_core';
|
|
6
|
+
const HazoAuthCoreConfigSchema = z.object({
|
|
7
|
+
hazo_auth__tokens: z
|
|
8
|
+
.object({
|
|
9
|
+
access_token_ttl_seconds: z.string().optional().transform(v => v ? parseInt(v, 10) : 900),
|
|
10
|
+
refresh_token_ttl_seconds: z.string().optional().transform(v => v ? parseInt(v, 10) : 2592000),
|
|
11
|
+
})
|
|
12
|
+
.optional()
|
|
13
|
+
.transform(v => v !== null && v !== void 0 ? v : { access_token_ttl_seconds: 900, refresh_token_ttl_seconds: 2592000 }),
|
|
14
|
+
hazo_auth__cookies: z
|
|
15
|
+
.object({
|
|
16
|
+
cookie_prefix: z.string().optional().default(''),
|
|
17
|
+
cookie_domain: z.string().optional().default(''),
|
|
18
|
+
})
|
|
19
|
+
.optional()
|
|
20
|
+
.transform(v => v !== null && v !== void 0 ? v : { cookie_prefix: '', cookie_domain: '' }),
|
|
21
|
+
hazo_auth__rate_limit: z
|
|
22
|
+
.object({
|
|
23
|
+
max_attempts: z.string().optional().transform(v => v ? parseInt(v, 10) : 5),
|
|
24
|
+
window_minutes: z.string().optional().transform(v => v ? parseInt(v, 10) : 5),
|
|
25
|
+
})
|
|
26
|
+
.optional()
|
|
27
|
+
.transform(v => v !== null && v !== void 0 ? v : { max_attempts: 5, window_minutes: 5 }),
|
|
28
|
+
log: z
|
|
29
|
+
.object({
|
|
30
|
+
overrides: z.record(z.string(), z.string()).optional().default({}),
|
|
31
|
+
})
|
|
32
|
+
.optional()
|
|
33
|
+
.transform(v => v !== null && v !== void 0 ? v : { overrides: {} }),
|
|
34
|
+
});
|
|
35
|
+
export function getHazoAuthCoreConfig() {
|
|
36
|
+
return loadConfig({
|
|
37
|
+
pkg: 'hazo_auth',
|
|
38
|
+
schema: HazoAuthCoreConfigSchema,
|
|
39
|
+
});
|
|
40
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookies_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/cookies_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,aAAa,GAAG;IAC1B,6FAA6F;IAC7F,aAAa,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAYF,eAAO,MAAM,iBAAiB;;;;;;;;CAQpB,CAAC;AAGX;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,aAAa,
|
|
1
|
+
{"version":3,"file":"cookies_config.server.d.ts","sourceRoot":"","sources":["../../src/lib/cookies_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAMrB,MAAM,MAAM,aAAa,GAAG;IAC1B,6FAA6F;IAC7F,aAAa,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAYF,eAAO,MAAM,iBAAiB;;;;;;;;CAQpB,CAAC;AAGX;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,aAAa,CAuBlD;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAGzD;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAQzG;AAKD;;;GAGG;AACH,wBAAgB,yBAAyB,IAAI,aAAa,CAKzD;AAED;;GAEG;AACH,wBAAgB,0BAA0B,IAAI,IAAI,CAEjD"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
// file_description: server-only helper to read cookie configuration from hazo_auth_config.ini
|
|
2
2
|
// section: server-only-guard
|
|
3
3
|
import "server-only";
|
|
4
|
+
import { HazoConfigError } from "hazo_core";
|
|
4
5
|
import { read_config_section } from "./config/config_loader.server.js";
|
|
5
6
|
// section: defaults
|
|
6
7
|
const DEFAULT_CONFIG = {
|
|
@@ -29,13 +30,17 @@ export function get_cookies_config() {
|
|
|
29
30
|
const section = read_config_section(SECTION_NAME);
|
|
30
31
|
const cookie_prefix = (section === null || section === void 0 ? void 0 : section.cookie_prefix) || "";
|
|
31
32
|
if (!cookie_prefix) {
|
|
32
|
-
throw new
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
"
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
33
|
+
throw new HazoConfigError({
|
|
34
|
+
code: 'HAZO_AUTH_CONFIG',
|
|
35
|
+
pkg: 'hazo_auth',
|
|
36
|
+
message: "[hazo_auth] cookie_prefix is required but not configured.\n" +
|
|
37
|
+
"Set cookie_prefix in [hazo_auth__cookies] section of config/hazo_auth_config.ini:\n\n" +
|
|
38
|
+
" [hazo_auth__cookies]\n" +
|
|
39
|
+
" cookie_prefix = myapp_\n\n" +
|
|
40
|
+
"Also set the matching environment variable for Edge runtime (middleware):\n" +
|
|
41
|
+
" HAZO_AUTH_COOKIE_PREFIX=myapp_\n\n" +
|
|
42
|
+
"This prevents cookie conflicts between apps using hazo_auth.",
|
|
43
|
+
});
|
|
39
44
|
}
|
|
40
45
|
return {
|
|
41
46
|
cookie_prefix,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hazo_connect_setup.server.d.ts","sourceRoot":"","sources":["../../src/lib/hazo_connect_setup.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"hazo_connect_setup.server.d.ts","sourceRoot":"","sources":["../../src/lib/hazo_connect_setup.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AA8JrB;;;;GAIG;AACH,wBAAgB,iCAAiC,8CAuBhD;AAED;;;;GAIG;AACH,wBAAgB,+BAA+B,IAAI;IACjD,IAAI,CAAC,EAAE,QAAQ,GAAG,WAAW,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAsBA"}
|
|
@@ -5,6 +5,7 @@ import "server-only";
|
|
|
5
5
|
// Reads configuration from hazo_auth_config.ini using hazo_config
|
|
6
6
|
// section: imports
|
|
7
7
|
import { createHazoConnect } from "hazo_connect/server";
|
|
8
|
+
import { HazoConfigError } from "hazo_core";
|
|
8
9
|
import path from "path";
|
|
9
10
|
import { create_app_logger } from "./app_logger.js";
|
|
10
11
|
import { read_config_section } from "./config/config_loader.server.js";
|
|
@@ -52,8 +53,12 @@ function get_hazo_connect_config() {
|
|
|
52
53
|
sqlite_path = path.normalize(fallback_sqlite_path);
|
|
53
54
|
}
|
|
54
55
|
else {
|
|
55
|
-
throw new
|
|
56
|
-
|
|
56
|
+
throw new HazoConfigError({
|
|
57
|
+
code: 'HAZO_AUTH_CONFIG',
|
|
58
|
+
pkg: 'hazo_auth',
|
|
59
|
+
message: "[hazo_auth] sqlite_path not configured. Set sqlite_path in [hazo_connect] section of config/hazo_auth_config.ini, " +
|
|
60
|
+
"or set HAZO_CONNECT_SQLITE_PATH environment variable.",
|
|
61
|
+
});
|
|
57
62
|
}
|
|
58
63
|
// Validate config keys for typos
|
|
59
64
|
if (hazo_connect_section) {
|
|
@@ -96,7 +101,11 @@ function get_hazo_connect_config() {
|
|
|
96
101
|
process.env.HAZO_CONNECT_POSTGREST_API_KEY ||
|
|
97
102
|
process.env.POSTGREST_API_KEY;
|
|
98
103
|
if (!postgrest_url) {
|
|
99
|
-
throw new
|
|
104
|
+
throw new HazoConfigError({
|
|
105
|
+
code: 'HAZO_AUTH_CONFIG',
|
|
106
|
+
pkg: 'hazo_auth',
|
|
107
|
+
message: 'PostgREST URL is required. Set postgrest_url in [hazo_connect] section of hazo_auth_config.ini or HAZO_CONNECT_POSTGREST_URL environment variable.',
|
|
108
|
+
});
|
|
100
109
|
}
|
|
101
110
|
return {
|
|
102
111
|
type: "postgrest",
|
|
@@ -105,7 +114,11 @@ function get_hazo_connect_config() {
|
|
|
105
114
|
enableAdminUi,
|
|
106
115
|
};
|
|
107
116
|
}
|
|
108
|
-
throw new
|
|
117
|
+
throw new HazoConfigError({
|
|
118
|
+
code: 'HAZO_AUTH_CONFIG',
|
|
119
|
+
pkg: 'hazo_auth',
|
|
120
|
+
message: `Unsupported HAZO_CONNECT_TYPE: ${type}. Supported types: sqlite, postgrest`,
|
|
121
|
+
});
|
|
109
122
|
}
|
|
110
123
|
/**
|
|
111
124
|
* Server-only function to create hazo_connect adapter
|
|
@@ -130,7 +143,7 @@ export function create_sqlite_hazo_connect_server() {
|
|
|
130
143
|
apiKey: apiKey, // Pass empty string if not set
|
|
131
144
|
});
|
|
132
145
|
}
|
|
133
|
-
throw new
|
|
146
|
+
throw new HazoConfigError({ code: 'HAZO_AUTH_CONFIG', pkg: 'hazo_auth', message: `Unsupported database type: ${config.type}` });
|
|
134
147
|
}
|
|
135
148
|
/**
|
|
136
149
|
* Gets hazo_connect configuration options for use with singleton API
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import 'server-only';
|
|
2
|
+
import type { LegalDocsConfig } from './legal_docs_types';
|
|
3
|
+
/**
|
|
4
|
+
* Reads legal docs configuration from hazo_auth_config.ini.
|
|
5
|
+
* Returns an empty docs array if the section is absent (legal docs disabled).
|
|
6
|
+
*
|
|
7
|
+
* Expected INI shape:
|
|
8
|
+
* [hazo_auth__legal_docs]
|
|
9
|
+
* display_mode = separate ; or: combined
|
|
10
|
+
* doc_1_key = terms
|
|
11
|
+
* doc_1_title = Terms of Service
|
|
12
|
+
* doc_1_path = legal/terms.md
|
|
13
|
+
* doc_2_key = privacy
|
|
14
|
+
* doc_2_title = Privacy Policy
|
|
15
|
+
* doc_2_path = legal/privacy.md
|
|
16
|
+
*/
|
|
17
|
+
export declare function get_legal_docs_config(): LegalDocsConfig;
|
|
18
|
+
/**
|
|
19
|
+
* Call this in tests to clear the cache between runs.
|
|
20
|
+
*/
|
|
21
|
+
export declare function _reset_legal_docs_config_cache(): void;
|
|
22
|
+
//# sourceMappingURL=legal_docs_config.server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"legal_docs_config.server.d.ts","sourceRoot":"","sources":["../../../src/lib/legal/legal_docs_config.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AAIrB,OAAO,KAAK,EAAkB,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAW1E;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qBAAqB,IAAI,eAAe,CAsBvD;AAED;;GAEG;AACH,wBAAgB,8BAA8B,IAAI,IAAI,CAErD"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
// file_description: server-only helper to read legal docs configuration from hazo_auth_config.ini
|
|
2
|
+
// section: server-only-guard
|
|
3
|
+
import 'server-only';
|
|
4
|
+
// section: imports
|
|
5
|
+
import { read_config_section } from '../config/config_loader.server.js';
|
|
6
|
+
// section: constants
|
|
7
|
+
const SECTION_NAME = 'hazo_auth__legal_docs';
|
|
8
|
+
// section: cache
|
|
9
|
+
// Cached after first load — INI changes require server restart anyway
|
|
10
|
+
let _cached = null;
|
|
11
|
+
// section: exports
|
|
12
|
+
/**
|
|
13
|
+
* Reads legal docs configuration from hazo_auth_config.ini.
|
|
14
|
+
* Returns an empty docs array if the section is absent (legal docs disabled).
|
|
15
|
+
*
|
|
16
|
+
* Expected INI shape:
|
|
17
|
+
* [hazo_auth__legal_docs]
|
|
18
|
+
* display_mode = separate ; or: combined
|
|
19
|
+
* doc_1_key = terms
|
|
20
|
+
* doc_1_title = Terms of Service
|
|
21
|
+
* doc_1_path = legal/terms.md
|
|
22
|
+
* doc_2_key = privacy
|
|
23
|
+
* doc_2_title = Privacy Policy
|
|
24
|
+
* doc_2_path = legal/privacy.md
|
|
25
|
+
*/
|
|
26
|
+
export function get_legal_docs_config() {
|
|
27
|
+
var _a, _b;
|
|
28
|
+
if (_cached)
|
|
29
|
+
return _cached;
|
|
30
|
+
const section = (_a = read_config_section(SECTION_NAME)) !== null && _a !== void 0 ? _a : {};
|
|
31
|
+
const docs = [];
|
|
32
|
+
let i = 1;
|
|
33
|
+
while (section[`doc_${i}_key`]) {
|
|
34
|
+
docs.push({
|
|
35
|
+
key: section[`doc_${i}_key`],
|
|
36
|
+
title: (_b = section[`doc_${i}_title`]) !== null && _b !== void 0 ? _b : section[`doc_${i}_key`],
|
|
37
|
+
path: section[`doc_${i}_path`],
|
|
38
|
+
});
|
|
39
|
+
i++;
|
|
40
|
+
}
|
|
41
|
+
_cached = {
|
|
42
|
+
docs,
|
|
43
|
+
display_mode: section['display_mode'] === 'combined' ? 'combined' : 'separate',
|
|
44
|
+
};
|
|
45
|
+
return _cached;
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Call this in tests to clear the cache between runs.
|
|
49
|
+
*/
|
|
50
|
+
export function _reset_legal_docs_config_cache() {
|
|
51
|
+
_cached = null;
|
|
52
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import 'server-only';
|
|
2
|
+
export interface ReadDocResult {
|
|
3
|
+
content: string;
|
|
4
|
+
hash: string;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Reads a legal document from the filesystem and returns its text content
|
|
8
|
+
* together with a deterministic SHA-256 hash of that content.
|
|
9
|
+
*
|
|
10
|
+
* @param doc_path - Absolute path, or a path relative to process.cwd().
|
|
11
|
+
* @returns { content, hash } where hash is formatted as "sha256:<hex>".
|
|
12
|
+
* @throws If the file cannot be read.
|
|
13
|
+
*/
|
|
14
|
+
export declare function read_legal_doc(doc_path: string): ReadDocResult;
|
|
15
|
+
//# sourceMappingURL=legal_docs_reader.server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"legal_docs_reader.server.d.ts","sourceRoot":"","sources":["../../../src/lib/legal/legal_docs_reader.server.ts"],"names":[],"mappings":"AAEA,OAAO,aAAa,CAAC;AASrB,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAID;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,aAAa,CAS9D"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
// file_description: server-only utility that reads a legal document from disk and returns its content + SHA-256 hash
|
|
2
|
+
// section: server-only-guard
|
|
3
|
+
import 'server-only';
|
|
4
|
+
// section: imports
|
|
5
|
+
import * as fs from 'fs';
|
|
6
|
+
import * as path from 'path';
|
|
7
|
+
import { createHash } from 'crypto';
|
|
8
|
+
// section: exports
|
|
9
|
+
/**
|
|
10
|
+
* Reads a legal document from the filesystem and returns its text content
|
|
11
|
+
* together with a deterministic SHA-256 hash of that content.
|
|
12
|
+
*
|
|
13
|
+
* @param doc_path - Absolute path, or a path relative to process.cwd().
|
|
14
|
+
* @returns { content, hash } where hash is formatted as "sha256:<hex>".
|
|
15
|
+
* @throws If the file cannot be read.
|
|
16
|
+
*/
|
|
17
|
+
export function read_legal_doc(doc_path) {
|
|
18
|
+
const abs_path = path.isAbsolute(doc_path)
|
|
19
|
+
? doc_path
|
|
20
|
+
: path.join(process.cwd(), doc_path);
|
|
21
|
+
const content = fs.readFileSync(abs_path, 'utf-8');
|
|
22
|
+
const hex = createHash('sha256').update(content).digest('hex');
|
|
23
|
+
return { content, hash: `sha256:${hex}` };
|
|
24
|
+
}
|