nextworks 0.1.0-alpha.11 → 0.1.0-alpha.14

package/dist/kits/auth-core/app/(protected)/settings/profile/profile-form.tsx

@@ -1,114 +1,120 @@
-"use client";
-
-import React, { useEffect, useState } from "react";
-import { useForm } from "react-hook-form";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { userSchema } from "@/lib/validation/forms";
-import { Form } from "@/components/ui/form/form";
-import { FormField } from "@/components/ui/form/form-field";
-import { FormItem } from "@/components/ui/form/form-item";
-import { FormLabel } from "@/components/ui/form/form-label";
-import { FormControl } from "@/components/ui/form/form-control";
-import { FormMessage } from "@/components/ui/form/form-message";
-import { Input } from "@/components/ui/input";
-import { Button } from "@/components/ui/button";
-import { useSession } from "next-auth/react";
-import { mapApiErrorsToForm } from "@/lib/forms/map-errors";
-import { toast } from "sonner";
-
-export default function ProfileForm() {
-  const { data: session, update } = useSession();
-
-  const methods = useForm({
-    resolver: zodResolver(userSchema),
-    defaultValues: { name: "", email: "" },
-  });
-  const { control, handleSubmit, reset } = methods;
-  const [isSaving, setIsSaving] = useState(false);
-
-  useEffect(() => {
-    if (session?.user) {
-      reset({ name: session.user.name ?? "", email: session.user.email ?? "" });
-    }
-  }, [session, reset]);
-
-  const onSubmit = async (values: any) => {
-    if (!session?.user?.id) {
-      toast.error("You must be signed in to update your profile");
-      return;
-    }
-
-    setIsSaving(true);
-    try {
-      const res = await fetch(`/api/users/${session.user.id}`, {
-        method: "PUT",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(values),
-      });
-
-      const payload = await res.json();
-
-      const globalMessage = mapApiErrorsToForm(methods, payload);
-
-      if (payload?.success) {
-        toast.success(payload.message ?? "Profile updated");
-        // update local form values to reflect saved state
-        reset(values);
-        // Patch the NextAuth session so UI reflects the change immediately
-        await update({ name: values.name, email: values.email });
-      } else {
-        if (globalMessage) {
-          toast.error(globalMessage);
-        } else {
-          toast.error(payload?.message ?? "Failed to update profile");
-        }
-      }
-    } catch (e) {
-      console.error("Failed to update profile", e);
-      toast.error("Network error while updating profile");
-    } finally {
-      setIsSaving(false);
-    }
-  };
-
-  return (
-    <div className="bg-card rounded-md p-6">
-      <h2 className="mb-3 text-lg font-semibold">Profile settings</h2>
-      <Form methods={methods}>
-        <form onSubmit={handleSubmit(onSubmit)} className="space-y-3">
-          <FormField
-            control={control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>Name</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={control}
-            name="email"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>Email</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <Button type="submit" disabled={isSaving}>
-            {isSaving ? "Saving..." : "Save"}
-          </Button>
-        </form>
-      </Form>
-    </div>
-  );
-}
+"use client";
+
+import React, { useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { z } from "zod";
+import { userSchema } from "@/lib/validation/forms";
+
+import { Form } from "@/components/ui/form/form";
+import { FormField } from "@/components/ui/form/form-field";
+import { FormItem } from "@/components/ui/form/form-item";
+import { FormLabel } from "@/components/ui/form/form-label";
+import { FormControl } from "@/components/ui/form/form-control";
+import { FormMessage } from "@/components/ui/form/form-message";
+import { Input } from "@/components/ui/input";
+import { Button } from "@/components/ui/button";
+import { useSession } from "next-auth/react";
+import { mapApiErrorsToForm } from "@/lib/forms/map-errors";
+import { toast } from "sonner";
+
+export default function ProfileForm() {
+  const { data: session, update } = useSession();
+
+    const methods = useForm({
+    resolver: zodResolver(userSchema),
+    defaultValues: { name: "", email: "" },
+  });
+
+  type ProfileFormValues = z.infer<typeof userSchema>;
+
+  const { control, handleSubmit, reset } = methods;
+  const [isSaving, setIsSaving] = useState(false);
+
+  useEffect(() => {
+    if (session?.user) {
+      reset({ name: session.user.name ?? "", email: session.user.email ?? "" });
+    }
+  }, [session, reset]);
+
+    const onSubmit = async (values: ProfileFormValues) => {
+
+    if (!session?.user?.id) {
+      toast.error("You must be signed in to update your profile");
+      return;
+    }
+
+    setIsSaving(true);
+    try {
+      const res = await fetch(`/api/users/${session.user.id}`, {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(values),
+      });
+
+      const payload = await res.json();
+
+      const globalMessage = mapApiErrorsToForm(methods, payload);
+
+      if (payload?.success) {
+        toast.success(payload.message ?? "Profile updated");
+        // update local form values to reflect saved state
+        reset(values);
+        // Patch the NextAuth session so UI reflects the change immediately
+        await update({ name: values.name, email: values.email });
+      } else {
+        if (globalMessage) {
+          toast.error(globalMessage);
+        } else {
+          toast.error(payload?.message ?? "Failed to update profile");
+        }
+      }
+    } catch (e) {
+      console.error("Failed to update profile", e);
+      toast.error("Network error while updating profile");
+    } finally {
+      setIsSaving(false);
+    }
+  };
+
+  return (
+    <div className="bg-card rounded-md p-6">
+      <h2 className="mb-3 text-lg font-semibold">Profile settings</h2>
+      <Form methods={methods}>
+        <form onSubmit={handleSubmit(onSubmit)} className="space-y-3">
+          <FormField
+            control={control}
+            name="name"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>Name</FormLabel>
+                <FormControl>
+                  <Input {...field} />
+                </FormControl>
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={control}
+            name="email"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>Email</FormLabel>
+                <FormControl>
+                  <Input {...field} />
+                </FormControl>
+                <FormMessage />
+              </FormItem>
+            )}
+          />
+
+          <Button type="submit" disabled={isSaving}>
+            {isSaving ? "Saving..." : "Save"}
+          </Button>
+        </form>
+      </Form>
+    </div>
+  );
+}

package/dist/kits/auth-core/app/api/auth/forgot-password/route.ts

@@ -1,114 +1,116 @@
-import { NextResponse } from "next/server";
-import { z } from "zod";
-import { Prisma } from "@prisma/client";
-import { prisma } from "@/lib/prisma";
-import { forgotPasswordSchema } from "@/lib/validation/forms";
-import { randomBytes, createHash } from "crypto";
-import { sendDevEmail } from "@/lib/email/dev-transport";
-import { sendEmail, isEmailProviderConfigured } from "@/lib/email";
-
-const RATE_LIMIT_WINDOW_MS = 60 * 60 * 1000; // 1 hour
-const MAX_PER_WINDOW = 5;
-const ipMap = new Map<string, number[]>();
-
-function rateLimit(ip: string) {
-  const now = Date.now();
-  const arr = ipMap.get(ip) ?? [];
-  const pruned = arr.filter((t) => now - t < RATE_LIMIT_WINDOW_MS);
-  pruned.push(now);
-  ipMap.set(ip, pruned);
-  return pruned.length <= MAX_PER_WINDOW;
-}
-
-export async function POST(req: Request) {
-  if (process.env.NEXTWORKS_ENABLE_PASSWORD_RESET !== "1") {
-    return NextResponse.json({ message: "Not found" }, { status: 404 });
-  }
-  const ip = req.headers.get("x-forwarded-for") || "local";
-  if (!rateLimit(ip)) {
-    return NextResponse.json({ message: "Too many requests" }, { status: 429 });
-  }
-
-  let body: unknown;
-  try {
-    body = await req.json();
-  } catch {
-    return NextResponse.json({ message: "Invalid request" }, { status: 400 });
-  }
-
-  try {
-    const parsed = forgotPasswordSchema.parse(body);
-    const { email } = parsed;
-
-    const user = await prisma.user.findUnique({ where: { email } });
-    if (user) {
-      const token = randomBytes(24).toString("hex");
-      const tokenHash = createHash("sha256").update(token).digest("hex");
-      const expires = new Date(Date.now() + 1000 * 60 * 60); // 1 hour
-      await prisma.passwordReset.create({
-        data: {
-          tokenHash,
-          expires,
-          user: { connect: { id: user.id } },
-        },
-      });
-
-      const mailConfigured = isEmailProviderConfigured();
-      const isProd = process.env.NODE_ENV === "production";
-
-      if (
-        isProd &&
-        process.env.NEXTWORKS_ENABLE_PASSWORD_RESET === "1" &&
-        !mailConfigured
-      ) {
-        return NextResponse.json({ message: "Not found" }, { status: 404 });
-      }
-
-      try {
-        const base = process.env.NEXTAUTH_URL ?? "http://localhost:3000";
-        const resetUrl = `${base.replace(/\/$/, "")}/auth/reset-password?token=${token}`;
-
-        if (mailConfigured) {
-          try {
-            await sendEmail({
-              to: email,
-              subject: "Password reset",
-              text: `Reset your password: ${resetUrl}`,
-              html: `<p>Reset your password: <a href="${resetUrl}">Reset password</a></p>`,
-            });
-            console.info(`Password reset email queued for ${email}`);
-          } catch (e) {
-            console.error("Failed to send password reset email");
-          }
-        } else if (process.env.NEXTWORKS_USE_DEV_EMAIL === "1") {
-          try {
-            const { previewUrl } = await sendDevEmail({
-              to: email,
-              subject: "Password reset",
-              text: `Reset your password: ${resetUrl}`,
-              html: `<p>Reset your password: <a href="${resetUrl}">Reset password</a></p>`,
-            });
-            if (previewUrl) {
-              console.info(`Password reset email (dev preview): ${previewUrl}`);
-            } else {
-              console.info(`Password reset email queued for ${email}`);
-            }
-          } catch (e) {
-            console.error("Failed to send dev password reset email");
-          }
-        } else {
-          console.info(`Password reset requested for ${email}`);
-        }
-      } catch (e) {
-        console.error("Failed to handle password reset email");
-      }
-    }
-
-    return NextResponse.json({ message: "If an account exists, a reset link was sent." });
-  } catch (err: any) {
-    if (err instanceof z.ZodError) {
-      return NextResponse.json({ message: "Validation failed", errors: (err as z.ZodError).issues }, { status: 400 });
-    }
-    return NextResponse.json({ message: "Failed" }, { status: 400 });
-  }
-}
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { prisma } from "@/lib/prisma";
+import { forgotPasswordSchema } from "@/lib/validation/forms";
+import { randomBytes, createHash } from "crypto";
+import { sendDevEmail } from "@/lib/email/dev-transport";
+import { sendEmail, isEmailProviderConfigured } from "@/lib/email";
+
+const RATE_LIMIT_WINDOW_MS = 60 * 60 * 1000; // 1 hour
+const MAX_PER_WINDOW = 5;
+const ipMap = new Map<string, number[]>();
+
+function rateLimit(ip: string) {
+  const now = Date.now();
+  const arr = ipMap.get(ip) ?? [];
+  const pruned = arr.filter((t) => now - t < RATE_LIMIT_WINDOW_MS);
+  pruned.push(now);
+  ipMap.set(ip, pruned);
+  return pruned.length <= MAX_PER_WINDOW;
+}
+
+export async function POST(req: Request) {
+  if (process.env.NEXTWORKS_ENABLE_PASSWORD_RESET !== "1") {
+    return NextResponse.json({ message: "Not found" }, { status: 404 });
+  }
+  const ip = req.headers.get("x-forwarded-for") || "local";
+  if (!rateLimit(ip)) {
+    return NextResponse.json({ message: "Too many requests" }, { status: 429 });
+  }
+
+  let body: unknown;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ message: "Invalid request" }, { status: 400 });
+  }
+
+  try {
+    const parsed = forgotPasswordSchema.parse(body);
+    const { email } = parsed;
+
+    const user = await prisma.user.findUnique({ where: { email } });
+    if (user) {
+      const token = randomBytes(24).toString("hex");
+      const tokenHash = createHash("sha256").update(token).digest("hex");
+      const expires = new Date(Date.now() + 1000 * 60 * 60); // 1 hour
+      await prisma.passwordReset.create({
+        data: {
+          tokenHash,
+          expires,
+          user: { connect: { id: user.id } },
+        },
+      });
+
+      const mailConfigured = isEmailProviderConfigured();
+      const isProd = process.env.NODE_ENV === "production";
+
+      if (
+        isProd &&
+        process.env.NEXTWORKS_ENABLE_PASSWORD_RESET === "1" &&
+        !mailConfigured
+      ) {
+        return NextResponse.json({ message: "Not found" }, { status: 404 });
+      }
+
+      try {
+        const base = process.env.NEXTAUTH_URL ?? "http://localhost:3000";
+        const resetUrl = `${base.replace(/\/$/, "")}/auth/reset-password?token=${token}`;
+
+        if (mailConfigured) {
+          try {
+            await sendEmail({
+              to: email,
+              subject: "Password reset",
+              text: `Reset your password: ${resetUrl}`,
+              html: `<p>Reset your password: <a href="${resetUrl}">Reset password</a></p>`,
+            });
+            console.info(`Password reset email queued for ${email}`);
+          } catch {
+            console.error("Failed to send password reset email");
+          }
+        } else if (process.env.NEXTWORKS_USE_DEV_EMAIL === "1") {
+          try {
+            const { previewUrl } = await sendDevEmail({
+              to: email,
+              subject: "Password reset",
+              text: `Reset your password: ${resetUrl}`,
+              html: `<p>Reset your password: <a href="${resetUrl}">Reset password</a></p>`,
+            });
+            if (previewUrl) {
+              console.info(`Password reset email (dev preview): ${previewUrl}`);
+            } else {
+              console.info(`Password reset email queued for ${email}`);
+            }
+          } catch {
+            console.error("Failed to send dev password reset email");
+          }
+        } else {
+          console.info(`Password reset requested for ${email}`);
+        }
+      } catch {
+        console.error("Failed to handle password reset email");
+      }
+    }
+
+    return NextResponse.json({ message: "If an account exists, a reset link was sent." });
+  } catch (err: unknown) {
+    if (err instanceof z.ZodError) {
+      return NextResponse.json(
+        { message: "Validation failed", errors: err.issues },
+        { status: 400 },
+      );
+    }
+    return NextResponse.json({ message: "Failed" }, { status: 400 });
+  }
+}

package/dist/kits/auth-core/app/api/auth/reset-password/route.ts

@@ -1,63 +1,66 @@
-import { NextResponse } from "next/server";
-import { prisma } from "@/lib/prisma";
-import { resetPasswordSchema } from "@/lib/validation/forms";
-import { hash } from "bcryptjs";
-import { createHash } from "crypto";
-import { z } from "zod";
-
-export async function POST(req: Request) {
-  if (process.env.NEXTWORKS_ENABLE_PASSWORD_RESET !== "1") {
-    return NextResponse.json({ message: "Not found" }, { status: 404 });
-  }
-  let body: unknown;
-  try {
-    body = await req.json();
-  } catch {
-    return NextResponse.json({ message: "Invalid request" }, { status: 400 });
-  }
-
-  try {
-    const parsed = resetPasswordSchema.parse(body);
-    const { token, password } = parsed;
-
-    const tokenHash = createHash("sha256").update(token).digest("hex");
-    const pr = await prisma.passwordReset.findFirst({ where: { tokenHash } });
-    if (!pr) {
-      return NextResponse.json({ message: "Invalid or expired token" }, { status: 400 });
-    }
-    if ((pr as any).used) {
-      return NextResponse.json({ message: "Token already used" }, { status: 400 });
-    }
-    if (pr.expires < new Date()) {
-      return NextResponse.json({ message: "Token expired" }, { status: 400 });
-    }
-
-    const hashed = await hash(password, 10);
-    await prisma.user.update({ where: { id: pr.userId }, data: { password: hashed } });
-    await prisma.passwordReset.update({ where: { id: pr.id }, data: { used: true } });
-
-    return NextResponse.json({ message: "Password updated" });
-  } catch (err: any) {
-    if (err instanceof z.ZodError) {
-      return NextResponse.json({ message: "Validation failed", errors: (err as z.ZodError).issues }, { status: 400 });
-    }
-    return NextResponse.json({ message: "Failed" }, { status: 400 });
-  }
-}
-
-export async function GET(req: Request) {
-  if (process.env.NEXTWORKS_ENABLE_PASSWORD_RESET !== "1") {
-    return NextResponse.json({ message: "Not found" }, { status: 404 });
-  }
-  const url = new URL(req.url);
-  const token = url.searchParams.get("token");
-  if (!token) return NextResponse.json({ valid: false }, { status: 400 });
-
-  const tokenHash = createHash("sha256").update(token).digest("hex");
-  const pr = await prisma.passwordReset.findFirst({ where: { tokenHash } });
-  if (!pr) return NextResponse.json({ valid: false });
-  if ((pr as any).used) return NextResponse.json({ valid: false });
-  if (pr.expires < new Date()) return NextResponse.json({ valid: false });
-
-  return NextResponse.json({ valid: true });
-}
+import { NextResponse } from "next/server";
+import { prisma } from "@/lib/prisma";
+import { resetPasswordSchema } from "@/lib/validation/forms";
+import { hash } from "bcryptjs";
+import { createHash } from "crypto";
+import { z } from "zod";
+
+export async function POST(req: Request) {
+  if (process.env.NEXTWORKS_ENABLE_PASSWORD_RESET !== "1") {
+    return NextResponse.json({ message: "Not found" }, { status: 404 });
+  }
+  let body: unknown;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ message: "Invalid request" }, { status: 400 });
+  }
+
+  try {
+    const parsed = resetPasswordSchema.parse(body);
+    const { token, password } = parsed;
+
+    const tokenHash = createHash("sha256").update(token).digest("hex");
+    const pr = await prisma.passwordReset.findFirst({ where: { tokenHash } });
+    if (!pr) {
+      return NextResponse.json({ message: "Invalid or expired token" }, { status: 400 });
+    }
+    if (pr.used) {
+      return NextResponse.json({ message: "Token already used" }, { status: 400 });
+    }
+    if (pr.expires < new Date()) {
+      return NextResponse.json({ message: "Token expired" }, { status: 400 });
+    }
+
+    const hashed = await hash(password, 10);
+    await prisma.user.update({ where: { id: pr.userId }, data: { password: hashed } });
+    await prisma.passwordReset.update({ where: { id: pr.id }, data: { used: true } });
+
+    return NextResponse.json({ message: "Password updated" });
+  } catch (err: unknown) {
+    if (err instanceof z.ZodError) {
+      return NextResponse.json(
+        { message: "Validation failed", errors: err.issues },
+        { status: 400 },
+      );
+    }
+    return NextResponse.json({ message: "Failed" }, { status: 400 });
+  }
+}
+
+export async function GET(req: Request) {
+  if (process.env.NEXTWORKS_ENABLE_PASSWORD_RESET !== "1") {
+    return NextResponse.json({ message: "Not found" }, { status: 404 });
+  }
+  const url = new URL(req.url);
+  const token = url.searchParams.get("token");
+  if (!token) return NextResponse.json({ valid: false }, { status: 400 });
+
+  const tokenHash = createHash("sha256").update(token).digest("hex");
+  const pr = await prisma.passwordReset.findFirst({ where: { tokenHash } });
+  if (!pr) return NextResponse.json({ valid: false });
+  if (pr.used) return NextResponse.json({ valid: false });
+  if (pr.expires < new Date()) return NextResponse.json({ valid: false });
+
+  return NextResponse.json({ valid: true });
+}

package/dist/kits/auth-core/app/api/auth/send-verify-email/route.ts

@@ -1,6 +1,6 @@
 import { NextResponse } from "next/server";
 
-export async function POST(req: Request) {
+export async function POST(): Promise<Response> {
   // Placeholder endpoint: future work may implement email verification tokens.
   return NextResponse.json({ message: "Not implemented" }, { status: 501 });
 }