hazo_auth 9.1.1 → 10.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +124 -6
- package/SETUP_CHECKLIST.md +24 -16
- package/cli-src/cli/init_users.ts +40 -48
- package/cli-src/lib/auth/auth_types.ts +0 -2
- package/cli-src/lib/auth/hazo_get_auth.server.ts +31 -25
- package/cli-src/lib/auth/hazo_get_tenant_auth.server.ts +9 -13
- package/cli-src/lib/auth/nextauth_config.ts +41 -0
- package/cli-src/lib/auth/request_google_scopes.ts +23 -0
- package/cli-src/lib/constants.ts +2 -0
- package/cli-src/lib/profile_pic_menu_config.server.ts +4 -3
- package/cli-src/lib/schema/sqlite_schema.ts +16 -4
- package/cli-src/lib/scope_hierarchy_config.server.ts +1 -9
- package/cli-src/lib/services/google_token_service.ts +408 -0
- package/cli-src/lib/services/index.ts +1 -1
- package/cli-src/lib/services/invitation_service.ts +1 -1
- package/cli-src/lib/services/scope_service.ts +2 -76
- package/cli-src/lib/services/user_scope_service.ts +7 -61
- package/dist/cli/init_users.d.ts.map +1 -1
- package/dist/cli/init_users.js +42 -42
- package/dist/client.d.ts +2 -1
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +3 -1
- package/dist/components/layouts/google_token_test/index.d.ts +6 -0
- package/dist/components/layouts/google_token_test/index.d.ts.map +1 -0
- package/dist/components/layouts/google_token_test/index.js +74 -0
- package/dist/components/layouts/shared/components/profile_pic_menu.d.ts.map +1 -1
- package/dist/components/layouts/shared/components/profile_pic_menu.js +7 -1
- package/dist/components/layouts/shared/components/sidebar_layout_wrapper.d.ts.map +1 -1
- package/dist/components/layouts/shared/components/sidebar_layout_wrapper.js +2 -2
- package/dist/index.d.ts +2 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -1
- package/dist/lib/auth/auth_types.d.ts +0 -2
- package/dist/lib/auth/auth_types.d.ts.map +1 -1
- package/dist/lib/auth/hazo_get_auth.server.d.ts.map +1 -1
- package/dist/lib/auth/hazo_get_auth.server.js +27 -19
- package/dist/lib/auth/hazo_get_tenant_auth.server.d.ts.map +1 -1
- package/dist/lib/auth/hazo_get_tenant_auth.server.js +10 -10
- package/dist/lib/auth/nextauth_config.d.ts +2 -0
- package/dist/lib/auth/nextauth_config.d.ts.map +1 -1
- package/dist/lib/auth/nextauth_config.js +39 -1
- package/dist/lib/auth/request_google_scopes.d.ts +10 -0
- package/dist/lib/auth/request_google_scopes.d.ts.map +1 -0
- package/dist/lib/auth/request_google_scopes.js +13 -0
- package/dist/lib/constants.d.ts +1 -0
- package/dist/lib/constants.d.ts.map +1 -1
- package/dist/lib/constants.js +1 -0
- package/dist/lib/profile_pic_menu_config.server.d.ts +2 -1
- package/dist/lib/profile_pic_menu_config.server.d.ts.map +1 -1
- package/dist/lib/profile_pic_menu_config.server.js +1 -1
- package/dist/lib/schema/sqlite_schema.d.ts +1 -1
- package/dist/lib/schema/sqlite_schema.d.ts.map +1 -1
- package/dist/lib/schema/sqlite_schema.js +16 -4
- package/dist/lib/scope_hierarchy_config.server.d.ts +0 -2
- package/dist/lib/scope_hierarchy_config.server.d.ts.map +1 -1
- package/dist/lib/scope_hierarchy_config.server.js +1 -3
- package/dist/lib/services/google_token_service.d.ts +48 -0
- package/dist/lib/services/google_token_service.d.ts.map +1 -0
- package/dist/lib/services/google_token_service.js +319 -0
- package/dist/lib/services/index.d.ts +1 -0
- package/dist/lib/services/index.d.ts.map +1 -1
- package/dist/lib/services/index.js +1 -0
- package/dist/lib/services/invitation_service.d.ts +1 -1
- package/dist/lib/services/invitation_service.js +1 -1
- package/dist/lib/services/scope_service.d.ts +1 -14
- package/dist/lib/services/scope_service.d.ts.map +1 -1
- package/dist/lib/services/scope_service.js +2 -67
- package/dist/lib/services/user_scope_service.d.ts +5 -12
- package/dist/lib/services/user_scope_service.d.ts.map +1 -1
- package/dist/lib/services/user_scope_service.js +8 -45
- package/dist/server/routes/google_token.d.ts +13 -0
- package/dist/server/routes/google_token.d.ts.map +1 -0
- package/dist/server/routes/google_token.js +66 -0
- package/dist/server/routes/index.d.ts +1 -0
- package/dist/server/routes/index.d.ts.map +1 -1
- package/dist/server/routes/index.js +2 -0
- package/dist/server/routes/invitations.d.ts +1 -1
- package/dist/server/routes/invitations.d.ts.map +1 -1
- package/dist/server/routes/invitations.js +12 -11
- package/dist/server/routes/user_management_users.d.ts +1 -1
- package/package.json +17 -13
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"google_token.d.ts","sourceRoot":"","sources":["../../../src/server/routes/google_token.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAS/C;;;GAGG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW,qBAuB7C;AAGD;;;;GAIG;AACH,wBAAsB,MAAM,CAAC,OAAO,EAAE,WAAW,qBAuBhD"}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
import { hazo_get_auth } from "../../lib/auth/hazo_get_auth.server.js";
|
|
2
|
+
import { get_google_token_status, revoke_google_oauth_token, } from "../../lib/services/google_token_service.js";
|
|
3
|
+
import { create_app_logger } from "../../lib/app_logger.js";
|
|
4
|
+
// section: get_handler
|
|
5
|
+
/**
|
|
6
|
+
* GET /api/hazo_auth/google/token
|
|
7
|
+
* Returns the current Google OAuth token status for the authenticated user.
|
|
8
|
+
*/
|
|
9
|
+
export async function GET(request) {
|
|
10
|
+
var _a;
|
|
11
|
+
const logger = create_app_logger();
|
|
12
|
+
try {
|
|
13
|
+
const auth = await hazo_get_auth(request);
|
|
14
|
+
if (!((_a = auth.user) === null || _a === void 0 ? void 0 : _a.id)) {
|
|
15
|
+
return new Response(JSON.stringify({ ok: false, error: "unauthenticated" }), {
|
|
16
|
+
status: 401,
|
|
17
|
+
headers: { "Content-Type": "application/json" },
|
|
18
|
+
});
|
|
19
|
+
}
|
|
20
|
+
const status = await get_google_token_status(auth.user.id);
|
|
21
|
+
return new Response(JSON.stringify({ ok: true, data: status }), {
|
|
22
|
+
status: 200,
|
|
23
|
+
headers: { "Content-Type": "application/json" },
|
|
24
|
+
});
|
|
25
|
+
}
|
|
26
|
+
catch (error) {
|
|
27
|
+
const msg = error instanceof Error ? error.message : String(error);
|
|
28
|
+
logger.error("google_token_get_error", { error: msg });
|
|
29
|
+
return new Response(JSON.stringify({ ok: false, error: "internal_error" }), {
|
|
30
|
+
status: 500,
|
|
31
|
+
headers: { "Content-Type": "application/json" },
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
// section: delete_handler
|
|
36
|
+
/**
|
|
37
|
+
* DELETE /api/hazo_auth/google/token
|
|
38
|
+
* Revokes the stored Google OAuth token for the authenticated user.
|
|
39
|
+
* Does NOT sign the user out.
|
|
40
|
+
*/
|
|
41
|
+
export async function DELETE(request) {
|
|
42
|
+
var _a;
|
|
43
|
+
const logger = create_app_logger();
|
|
44
|
+
try {
|
|
45
|
+
const auth = await hazo_get_auth(request);
|
|
46
|
+
if (!((_a = auth.user) === null || _a === void 0 ? void 0 : _a.id)) {
|
|
47
|
+
return new Response(JSON.stringify({ ok: false, error: "unauthenticated" }), {
|
|
48
|
+
status: 401,
|
|
49
|
+
headers: { "Content-Type": "application/json" },
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
const result = await revoke_google_oauth_token(auth.user.id);
|
|
53
|
+
return new Response(JSON.stringify(result), {
|
|
54
|
+
status: result.ok ? 200 : 400,
|
|
55
|
+
headers: { "Content-Type": "application/json" },
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
catch (error) {
|
|
59
|
+
const msg = error instanceof Error ? error.message : String(error);
|
|
60
|
+
logger.error("google_token_delete_error", { error: msg });
|
|
61
|
+
return new Response(JSON.stringify({ ok: false, error: "internal_error" }), {
|
|
62
|
+
status: 500,
|
|
63
|
+
headers: { "Content-Type": "application/json" },
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
}
|
|
@@ -39,4 +39,5 @@ export { legalDocsAcceptPOST } from './legal_docs_accept.js';
|
|
|
39
39
|
export { legalDocsPublishPOST } from './legal_docs_publish.js';
|
|
40
40
|
export { consentMeGET } from "./consent_me.js";
|
|
41
41
|
export { stringsDefaultsGET } from "./strings_defaults.js";
|
|
42
|
+
export { GET as googleTokenGET, DELETE as googleTokenDELETE } from "./google_token.js";
|
|
42
43
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/routes/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,IAAI,IAAI,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,GAAG,IAAI,KAAK,EAAE,MAAM,MAAM,CAAC;AAGpC,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,IAAI,IAAI,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,GAAG,IAAI,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAGtE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,IAAI,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAGvE,OAAO,EAAE,KAAK,IAAI,eAAe,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,IAAI,IAAI,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAC5E,OAAO,EAAE,MAAM,IAAI,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,GAAG,IAAI,eAAe,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,GAAG,IAAI,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAG9E,OAAO,EAAE,IAAI,IAAI,WAAW,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,IAAI,IAAI,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAGjE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,KAAK,IAAI,wBAAwB,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,IAAI,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACjL,OAAO,EAAE,GAAG,IAAI,4BAA4B,EAAE,IAAI,IAAI,6BAA6B,EAAE,GAAG,IAAI,4BAA4B,EAAE,MAAM,IAAI,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAC3M,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,IAAI,IAAI,uBAAuB,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxI,OAAO,EAAE,GAAG,IAAI,2BAA2B,EAAE,IAAI,IAAI,4BAA4B,EAAE,GAAG,IAAI,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAG7J,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,KAAK,IAAI,gBAAgB,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACvI,OAAO,EAAE,GAAG,IAAI,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAGrE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,IAAI,IAAI,eAAe,EAAE,KAAK,IAAI,gBAAgB,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGvI,OAAO,EAAE,IAAI,IAAI,cAAc,EAAE,MAAM,eAAe,CAAC;AAGvD,OAAO,EAAE,GAAG,IAAI,WAAW,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AACtE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,GAAG,IAAI,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,IAAI,IAAI,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGzD,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,IAAI,IAAI,iBAAiB,EAAE,KAAK,IAAI,kBAAkB,EAAE,MAAM,IAAI,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACjJ,OAAO,EAAE,IAAI,IAAI,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,aAAa,CAAC;AAGnD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAG5D,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/routes/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,IAAI,IAAI,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,GAAG,IAAI,KAAK,EAAE,MAAM,MAAM,CAAC;AAGpC,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,IAAI,IAAI,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,IAAI,IAAI,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,GAAG,IAAI,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAGtE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,IAAI,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAGvE,OAAO,EAAE,KAAK,IAAI,eAAe,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,IAAI,IAAI,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAC5E,OAAO,EAAE,MAAM,IAAI,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,GAAG,IAAI,eAAe,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,GAAG,IAAI,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAG9E,OAAO,EAAE,IAAI,IAAI,WAAW,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,IAAI,IAAI,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAGjE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,KAAK,IAAI,wBAAwB,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,IAAI,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACjL,OAAO,EAAE,GAAG,IAAI,4BAA4B,EAAE,IAAI,IAAI,6BAA6B,EAAE,GAAG,IAAI,4BAA4B,EAAE,MAAM,IAAI,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAC3M,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,IAAI,IAAI,uBAAuB,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxI,OAAO,EAAE,GAAG,IAAI,2BAA2B,EAAE,IAAI,IAAI,4BAA4B,EAAE,GAAG,IAAI,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAG7J,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,KAAK,IAAI,gBAAgB,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACvI,OAAO,EAAE,GAAG,IAAI,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAGrE,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,IAAI,IAAI,eAAe,EAAE,KAAK,IAAI,gBAAgB,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGvI,OAAO,EAAE,IAAI,IAAI,cAAc,EAAE,MAAM,eAAe,CAAC;AAGvD,OAAO,EAAE,GAAG,IAAI,WAAW,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,YAAY,CAAC;AACtE,OAAO,EAAE,GAAG,IAAI,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACxE,OAAO,EAAE,GAAG,IAAI,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAC5E,OAAO,EAAE,IAAI,IAAI,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGzD,OAAO,EAAE,GAAG,IAAI,gBAAgB,EAAE,IAAI,IAAI,iBAAiB,EAAE,KAAK,IAAI,kBAAkB,EAAE,MAAM,IAAI,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACjJ,OAAO,EAAE,IAAI,IAAI,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,IAAI,IAAI,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,MAAM,aAAa,CAAC;AAGnD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAG5D,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAG5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAGxD,OAAO,EAAE,GAAG,IAAI,cAAc,EAAE,MAAM,IAAI,iBAAiB,EAAE,MAAM,gBAAgB,CAAC"}
|
|
@@ -56,3 +56,5 @@ export { legalDocsPublishPOST } from './legal_docs_publish.js';
|
|
|
56
56
|
export { consentMeGET } from "./consent_me.js";
|
|
57
57
|
// Strings routes
|
|
58
58
|
export { stringsDefaultsGET } from "./strings_defaults.js";
|
|
59
|
+
// Google OAuth token routes (status + revoke)
|
|
60
|
+
export { GET as googleTokenGET, DELETE as googleTokenDELETE } from "./google_token.js";
|
|
@@ -5,7 +5,7 @@ export declare const dynamic = "force-dynamic";
|
|
|
5
5
|
* Query params:
|
|
6
6
|
* - scope_id: Filter by scope (optional, required for non-super-admins)
|
|
7
7
|
* - status: Filter by status (optional: PENDING, ACCEPTED, EXPIRED, REVOKED)
|
|
8
|
-
*
|
|
8
|
+
* Global admins can see all invitations, others can only see invitations for their scopes
|
|
9
9
|
*/
|
|
10
10
|
export declare function GET(request: NextRequest): Promise<NextResponse<{
|
|
11
11
|
error: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invitations.d.ts","sourceRoot":"","sources":["../../../src/server/routes/invitations.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"invitations.d.ts","sourceRoot":"","sources":["../../../src/server/routes/invitations.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAiBxD,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAGvC;;;;;;GAMG;AACH,wBAAsB,GAAG,CAAC,OAAO,EAAE,WAAW;;;;;IAqH7C;AAED;;;GAGG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;;IAoG9C;AAED;;;GAGG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,WAAW;;;;;IAkG/C;AAED;;;GAGG;AACH,wBAAsB,MAAM,CAAC,OAAO,EAAE,WAAW;;;;IA2FhD"}
|
|
@@ -6,7 +6,8 @@ import { create_app_logger } from "../../lib/app_logger.js";
|
|
|
6
6
|
import { get_filename, get_line_number } from "../../lib/utils/api_route_helpers.js";
|
|
7
7
|
import { hazo_get_auth } from "../../lib/auth/hazo_get_auth.server.js";
|
|
8
8
|
import { create_invitation, list_invitations_by_scope, list_all_invitations, revoke_invitation, get_invitation_by_id, } from "../../lib/services/invitation_service.js";
|
|
9
|
-
import {
|
|
9
|
+
import { get_user_scopes } from "../../lib/services/user_scope_service.js";
|
|
10
|
+
import { GLOBAL_ADMIN_PERMISSION } from "../../lib/constants.js";
|
|
10
11
|
// section: route_config
|
|
11
12
|
export const dynamic = "force-dynamic";
|
|
12
13
|
// section: api_handler
|
|
@@ -15,7 +16,7 @@ export const dynamic = "force-dynamic";
|
|
|
15
16
|
* Query params:
|
|
16
17
|
* - scope_id: Filter by scope (optional, required for non-super-admins)
|
|
17
18
|
* - status: Filter by status (optional: PENDING, ACCEPTED, EXPIRED, REVOKED)
|
|
18
|
-
*
|
|
19
|
+
* Global admins can see all invitations, others can only see invitations for their scopes
|
|
19
20
|
*/
|
|
20
21
|
export async function GET(request) {
|
|
21
22
|
var _a, _b;
|
|
@@ -34,11 +35,11 @@ export async function GET(request) {
|
|
|
34
35
|
const status_param = searchParams.get("status");
|
|
35
36
|
const status = status_param;
|
|
36
37
|
const hazoConnect = get_hazo_connect_instance();
|
|
37
|
-
// Check if user is
|
|
38
|
-
const is_super =
|
|
38
|
+
// Check if user is a global admin
|
|
39
|
+
const is_super = auth.permissions.includes(GLOBAL_ADMIN_PERMISSION);
|
|
39
40
|
let result;
|
|
40
41
|
if (is_super) {
|
|
41
|
-
//
|
|
42
|
+
// Global admin can see all invitations
|
|
42
43
|
if (scope_id) {
|
|
43
44
|
result = await list_invitations_by_scope(hazoConnect, scope_id, status);
|
|
44
45
|
}
|
|
@@ -124,8 +125,8 @@ export async function POST(request) {
|
|
|
124
125
|
return NextResponse.json({ error: "Invalid email address format" }, { status: 400 });
|
|
125
126
|
}
|
|
126
127
|
const hazoConnect = get_hazo_connect_instance();
|
|
127
|
-
// Check if user is
|
|
128
|
-
const is_super =
|
|
128
|
+
// Check if user is a global admin or has access to the scope
|
|
129
|
+
const is_super = auth.permissions.includes(GLOBAL_ADMIN_PERMISSION);
|
|
129
130
|
if (!is_super) {
|
|
130
131
|
const user_scopes = await get_user_scopes(hazoConnect, auth.user.id);
|
|
131
132
|
const has_scope_access = (_a = user_scopes.scopes) === null || _a === void 0 ? void 0 : _a.some((s) => s.scope_id === scope_id);
|
|
@@ -196,8 +197,8 @@ export async function PATCH(request) {
|
|
|
196
197
|
if (!invitation_result.success || !invitation_result.invitation) {
|
|
197
198
|
return NextResponse.json({ error: "Invitation not found" }, { status: 404 });
|
|
198
199
|
}
|
|
199
|
-
// Check if user is
|
|
200
|
-
const is_super =
|
|
200
|
+
// Check if user is a global admin or has access to the invitation's scope
|
|
201
|
+
const is_super = auth.permissions.includes(GLOBAL_ADMIN_PERMISSION);
|
|
201
202
|
if (!is_super) {
|
|
202
203
|
const user_scopes = await get_user_scopes(hazoConnect, auth.user.id);
|
|
203
204
|
const has_scope_access = (_a = user_scopes.scopes) === null || _a === void 0 ? void 0 : _a.some((s) => { var _a; return s.scope_id === ((_a = invitation_result.invitation) === null || _a === void 0 ? void 0 : _a.scope_id); });
|
|
@@ -257,8 +258,8 @@ export async function DELETE(request) {
|
|
|
257
258
|
if (!invitation_result.success || !invitation_result.invitation) {
|
|
258
259
|
return NextResponse.json({ error: "Invitation not found" }, { status: 404 });
|
|
259
260
|
}
|
|
260
|
-
// Check if user is
|
|
261
|
-
const is_super =
|
|
261
|
+
// Check if user is a global admin or has access to the invitation's scope
|
|
262
|
+
const is_super = auth.permissions.includes(GLOBAL_ADMIN_PERMISSION);
|
|
262
263
|
if (!is_super) {
|
|
263
264
|
const user_scopes = await get_user_scopes(hazoConnect, auth.user.id);
|
|
264
265
|
const has_scope_access = (_a = user_scopes.scopes) === null || _a === void 0 ? void 0 : _a.some((s) => { var _a; return s.scope_id === ((_a = invitation_result.invitation) === null || _a === void 0 ? void 0 : _a.scope_id); });
|
|
@@ -26,7 +26,7 @@ export declare function GET(request: NextRequest): Promise<NextResponse<{
|
|
|
26
26
|
profile_source: {} | null;
|
|
27
27
|
user_type: string | null;
|
|
28
28
|
app_user_data: Record<string, unknown> | null;
|
|
29
|
-
legal_acceptance_status: "
|
|
29
|
+
legal_acceptance_status: "current" | "none" | "outdated";
|
|
30
30
|
}[];
|
|
31
31
|
}>>;
|
|
32
32
|
/**
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "hazo_auth",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "10.1.0",
|
|
4
4
|
"description": "Zero-config authentication UI components for Next.js with RBAC, OAuth, scope-based multi-tenancy, and invitations",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"authentication",
|
|
@@ -252,13 +252,14 @@
|
|
|
252
252
|
"@radix-ui/react-switch": "^1.2.0",
|
|
253
253
|
"@radix-ui/react-tabs": "^1.1.0",
|
|
254
254
|
"@radix-ui/react-tooltip": "^1.2.0",
|
|
255
|
-
"hazo_api": "^2.1
|
|
256
|
-
"hazo_config": "^2.1.
|
|
257
|
-
"hazo_connect": "^3.
|
|
258
|
-
"hazo_core": "^1.
|
|
259
|
-
"hazo_logs": "^2.0.
|
|
260
|
-
"hazo_notify": "^6.1.
|
|
261
|
-
"
|
|
255
|
+
"hazo_api": "^2.3.1",
|
|
256
|
+
"hazo_config": "^2.1.10",
|
|
257
|
+
"hazo_connect": "^3.5.1",
|
|
258
|
+
"hazo_core": "^1.1.0",
|
|
259
|
+
"hazo_logs": "^2.0.3",
|
|
260
|
+
"hazo_notify": "^6.1.3",
|
|
261
|
+
"hazo_secure": "^1.1.0",
|
|
262
|
+
"hazo_ui": "^3.4.1",
|
|
262
263
|
"input-otp": "^1.4.0",
|
|
263
264
|
"lucide-react": "^0.553.0",
|
|
264
265
|
"next": "^14.0.0",
|
|
@@ -287,6 +288,9 @@
|
|
|
287
288
|
"hazo_notify": {
|
|
288
289
|
"optional": true
|
|
289
290
|
},
|
|
291
|
+
"hazo_secure": {
|
|
292
|
+
"optional": true
|
|
293
|
+
},
|
|
290
294
|
"hazo_ui": {
|
|
291
295
|
"optional": true
|
|
292
296
|
},
|
|
@@ -388,13 +392,13 @@
|
|
|
388
392
|
"eslint": "^9.39.1",
|
|
389
393
|
"eslint-config-next": "^16.0.4",
|
|
390
394
|
"eslint-plugin-storybook": "^10.0.6",
|
|
391
|
-
"hazo_api": "^2.3.
|
|
392
|
-
"hazo_config": "^2.1.
|
|
393
|
-
"hazo_connect": "^3.
|
|
394
|
-
"hazo_core": "^1.0
|
|
395
|
+
"hazo_api": "^2.3.1",
|
|
396
|
+
"hazo_config": "^2.1.10",
|
|
397
|
+
"hazo_connect": "^3.5.1",
|
|
398
|
+
"hazo_core": "^1.1.0",
|
|
395
399
|
"hazo_logs": "^2.0.3",
|
|
396
400
|
"hazo_notify": "^6.1.3",
|
|
397
|
-
"hazo_ui": "^3.
|
|
401
|
+
"hazo_ui": "^3.4.1",
|
|
398
402
|
"input-otp": "^1.4.0",
|
|
399
403
|
"jest": "^30.2.0",
|
|
400
404
|
"jest-environment-jsdom": "^30.0.0",
|