sitepaige-mcp-server 1.0.2 → 1.1.0

package/dist/components/login.tsx

@@ -9,7 +9,7 @@ checked in the system build settings. It is safe to modify this file without it
 import React, { useState } from 'react';
 
 interface LoginProps {
-  providers: ('apple' | 'facebook' | 'github' | 'google' | 'username')[];
+  providers: ('apple' | 'facebook' | 'github' | 'google' | 'userpass')[];
 }
 
 export default function Login({ providers }: LoginProps) {
@@ -20,6 +20,8 @@ export default function Login({ providers }: LoginProps) {
   const [confirmPassword, setConfirmPassword] = useState('');
   const [isLoading, setIsLoading] = useState(false);
   const [message, setMessage] = useState<{ type: 'success' | 'error'; text: string } | null>(null);
+  const [showResendVerification, setShowResendVerification] = useState(false);
+  const [resendEmail, setResendEmail] = useState('');
 
 
   const handleProviderLogin = async (provider: string) => {
@@ -49,6 +51,37 @@ export default function Login({ providers }: LoginProps) {
     
   };
 
+  const handleResendVerification = async () => {
+    setError(null);
+    setMessage(null);
+    setIsLoading(true);
+
+    try {
+      const response = await fetch('/api/Auth/resend-verification', {
+        method: 'POST',
+        headers: { 
+          'Content-Type': 'application/json'
+        },
+        credentials: 'include', // Include cookies in request
+        body: JSON.stringify({ email: resendEmail || email })
+      });
+
+      const data = await response.json();
+
+      if (response.ok && data.success) {
+        setMessage({ type: 'success', text: data.message || 'Verification email sent! Please check your inbox.' });
+        setShowResendVerification(false);
+        setResendEmail('');
+      } else {
+        setError(data.error || 'Failed to send verification email');
+      }
+    } catch (err) {
+      setError('An unexpected error occurred');
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
   const handleUsernamePasswordAuth = async (e: React.FormEvent) => {
     e.preventDefault();
     setError(null);
@@ -66,7 +99,10 @@ export default function Login({ providers }: LoginProps) {
 
         const response = await fetch('/api/Auth/signup', {
           method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
+          headers: { 
+            'Content-Type': 'application/json'
+          },
+          credentials: 'include', // Include cookies in request
           body: JSON.stringify({ email, password })
         });
 
@@ -84,8 +120,11 @@ export default function Login({ providers }: LoginProps) {
         // Handle login
         const response = await fetch('/api/Auth', {
           method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({ email, password, provider: 'username' })
+          headers: { 
+            'Content-Type': 'application/json'
+          },
+          credentials: 'include', // Include cookies in request
+          body: JSON.stringify({ email, password, provider: 'userpass' })
         });
 
         const data = await response.json();
@@ -95,6 +134,11 @@ export default function Login({ providers }: LoginProps) {
           window.location.href = '/';
         } else {
           setError(data.error || 'Login failed');
+          // Check if error is about email verification
+          if (response.status === 403 || data.error?.toLowerCase().includes('verify')) {
+            setShowResendVerification(true);
+            setResendEmail(email);
+          }
         }
       }
     } catch (err) {
@@ -104,8 +148,8 @@ export default function Login({ providers }: LoginProps) {
     }
   };
 
-  const showUsernamePasswordForm = providers?.includes('username');
-  const oauthProviders = providers?.filter(p => p !== 'username') || [];
+  const showUsernamePasswordForm = providers?.includes('userpass');
+  const oauthProviders = providers?.filter(p => p !== 'userpass') || [];
 
   return (
     <div className="flex flex-col items-center justify-center min-h-[500px] p-4">
@@ -179,17 +223,18 @@ export default function Login({ providers }: LoginProps) {
             </div>
 
             <div className="text-center">
-              <button
-                type="button"
-                onClick={() => {
+              <a
+                href="#"
+                onClick={(e) => {
+                  e.preventDefault();
                   setIsSignup(!isSignup);
                   setError(null);
                   setMessage(null);
                 }}
-                className="text-sm text-indigo-600 hover:text-indigo-500"
+                className="text-sm text-indigo-600 hover:text-indigo-500 underline"
               >
                 {isSignup ? 'Already have an account? Sign in' : "Don't have an account? Sign up"}
-              </button>
+              </a>
             </div>
           </form>
         )}
@@ -234,6 +279,40 @@ export default function Login({ providers }: LoginProps) {
             {error}
           </div>
         )}
+
+        {showResendVerification && (
+          <div className="mt-4 p-4 border border-gray-200 rounded-md bg-gray-50">
+            <p className="text-sm text-gray-700 mb-3">
+              Need a new verification email? Enter your email address and we'll send you a new link.
+            </p>
+            <div className="space-y-3">
+              <input
+                type="email"
+                value={resendEmail}
+                onChange={(e) => setResendEmail(e.target.value)}
+                placeholder="Email address"
+                className="block w-full px-3 py-2 border border-gray-300 rounded-md shadow-sm focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 text-sm"
+              />
+              <button
+                onClick={handleResendVerification}
+                disabled={isLoading || !resendEmail}
+                className="w-full flex justify-center py-2 px-4 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 disabled:opacity-50"
+              >
+                {isLoading ? 'Sending...' : 'Resend Verification Email'}
+              </button>
+              <button
+                type="button"
+                onClick={() => {
+                  setShowResendVerification(false);
+                  setResendEmail('');
+                }}
+                className="w-full text-sm text-gray-500 hover:text-gray-700 bg-transparent border-0 p-0 underline"
+              >
+                Cancel
+              </button>
+            </div>
+          </div>
+        )}
       </div>
     </div>
   );

package/dist/components/logincallback.tsx

@@ -44,6 +44,7 @@ export default function LoginCallback({ code, state }: LoginCallbackProps) {
           headers: {
             'Content-Type': 'application/json',
           },
+          credentials: 'include',
           body: JSON.stringify({
             code,
             provider

package/dist/components/menu.tsx

@@ -60,7 +60,6 @@ export default function Menu({ menu, onClick, pages = [] }: MenuProps) {
   const [mobileMenuOpen, setMobileMenuOpen] = useState(false);
   const [isMobile, setIsMobile] = useState(false);
   const [selectedPage, setSelectedPage] = useState<string | null>(null);
-  const [isPaigeLoading, setIsPaigeLoading] = useState(false);
 
   // Handle case where menu is undefined/null
   if (!menu) {
@@ -230,7 +229,6 @@ export default function Menu({ menu, onClick, pages = [] }: MenuProps) {
         items-center
         justify-center
         ${isSelected ? 'border-blue-600 bg-blue-50' : ''}
-        ${isPaigeLoading ? 'opacity-50 cursor-not-allowed' : ''}
       `}>
         <h3 
           className={`${isSelected ? 'font-bold' : 'font-medium'} text-gray-800`}
@@ -284,10 +282,6 @@ export default function Menu({ menu, onClick, pages = [] }: MenuProps) {
           href={linkUrl}
           onClick={(e) => {
             e.preventDefault();
-            if (isPaigeLoading) {
-              console.log('Navigation blocked: Paige is currently processing a request');
-              return;
-            }
             setSelectedPage(item.page);
             onClick?.();
           }}

package/dist/components/profile.tsx

@@ -9,9 +9,9 @@ checked in the system build settings. It is safe to modify this file without it
 import { useState, useEffect } from 'react';
 
 interface UserProfile {
-  ID: string;
-  UserName: string;
-  AvatarURL: string | null;
+  id: string;
+  username: string;
+  avatarurl: string | null;
 }
 
 export default function Profile() {
@@ -23,7 +23,8 @@ export default function Profile() {
     const fetchProfile = async () => {
       try {
         const response = await fetch('/api/Auth', {
-          method: 'GET'
+          method: 'GET',
+          credentials: 'include'
         });
 
         if (!response.ok) {
@@ -39,9 +40,9 @@ export default function Profile() {
         // Use the user object from the response
         const userData = data.user;
         setProfile({
-          ID: userData.userid,
-          UserName: userData.UserName,
-          AvatarURL: userData.AvatarURL
+          id: userData.userid,
+          username: userData.username,
+          avatarurl: userData.avatarurl
         });
       } catch (err) {
         setError(err instanceof Error ? err.message : 'An error occurred');
@@ -68,17 +69,17 @@ export default function Profile() {
   return (
     <div className="max-w-md mx-auto mt-8 p-6 bg-white rounded-lg shadow-md">
       <div className="flex flex-col items-center">
-        {profile.AvatarURL && (
+        {profile.avatarurl && (
           <img 
-            src={profile.AvatarURL}
+            src={profile.avatarurl}
             alt="Profile avatar"
             className="w-32 h-32 rounded-full mb-4"
             referrerPolicy="no-referrer"
             crossOrigin="anonymous"
           />
         )}
-        <h2 className="text-2xl font-semibold text-gray-800">{profile.UserName}</h2>
-        <p className="text-gray-500 mt-2">User ID: {profile.ID}</p>
+        <h2 className="text-2xl font-semibold text-gray-800">{profile.username}</h2>
+        <p className="text-gray-500 mt-2">User ID: {profile.id}</p>
       </div>
     </div>
   );

package/dist/defaultapp/api/Auth/resend-verification/route.ts

@@ -0,0 +1,130 @@
+/*
+ * Resend verification email endpoint
+ * Allows users to request a new verification email
+ */
+
+import { NextResponse } from 'next/server';
+import { regenerateVerificationToken } from '../../../db-password-auth';
+import { send_email } from '../../../storage/email';
+
+// Email validation regex
+const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+export async function POST(request: Request) {
+  try {
+    const { email } = await request.json();
+
+    // Validate email format
+    if (!email || !emailRegex.test(email)) {
+      return NextResponse.json(
+        { error: 'Invalid email address' },
+        { status: 400 }
+      );
+    }
+
+    // Regenerate verification token
+    const result = await regenerateVerificationToken(email);
+
+    if (!result) {
+      // Don't reveal whether the email exists or not
+      return NextResponse.json({
+        success: true,
+        message: 'If an unverified account exists with this email, a verification email has been sent.'
+      });
+    }
+
+    const { verificationToken } = result;
+
+    // Get site domain from environment or default
+    const siteDomain = process.env.SITE_DOMAIN || 'https://sitepaige.com';
+    const verificationUrl = `${siteDomain}/api/Auth/verify-email?token=${verificationToken}`;
+
+    // Send verification email
+    try {
+      const emailHtml = `
+        <!DOCTYPE html>
+        <html>
+          <head>
+            <style>
+              body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; }
+              .container { max-width: 600px; margin: 0 auto; padding: 20px; }
+              .button { 
+                display: inline-block; 
+                padding: 12px 24px; 
+                background-color: #f0f0f0; 
+                color: #000000; 
+                text-decoration: none; 
+                border: 1px solid #cccccc;
+                border-radius: 4px;
+              }
+              .footer { margin-top: 30px; font-size: 12px; color: #666; }
+            </style>
+          </head>
+          <body>
+            <div class="container">
+              <h2>Verify Your Email Address</h2>
+              <p>You requested a new verification email for your account at ${siteDomain}. Please verify your email address by clicking the button below:</p>
+              <p style="margin: 30px 0;">
+                <a href="${verificationUrl}" class="button">Verify Email Address</a>
+              </p>
+              <p>Or copy and paste this link into your browser:</p>
+              <p style="word-break: break-all; color: #0066cc;">${verificationUrl}</p>
+              <p>This link will expire in 24 hours.</p>
+              <div class="footer">
+                <p>If you didn't request this email, you can safely ignore it.</p>
+              </div>
+            </div>
+          </body>
+        </html>
+      `;
+
+      const emailText = `
+Verify Your Email Address
+
+You requested a new verification email for your account at ${siteDomain}. Please verify your email address by clicking the link below:
+
+${verificationUrl}
+
+This link will expire in 24 hours.
+
+If you didn't request this email, you can safely ignore it.
+      `;
+
+      await send_email({
+        to: email,
+        from: process.env.EMAIL_FROM || 'noreply@sitepaige.com',
+        subject: 'Verify your email address',
+        html: emailHtml,
+        text: emailText
+      });
+
+      return NextResponse.json({
+        success: true,
+        message: 'Verification email sent successfully! Please check your email.'
+      });
+
+    } catch (emailError) {
+      console.error('Failed to send verification email:', emailError);
+      return NextResponse.json({
+        success: false,
+        error: 'Failed to send verification email. Please try again later.'
+      }, { status: 500 });
+    }
+
+  } catch (error: any) {
+    console.error('Resend verification error:', error);
+
+    if (error.message === 'Email is already verified') {
+      return NextResponse.json(
+        { error: 'This email is already verified. Please sign in.' },
+        { status: 400 }
+      );
+    }
+
+    // Generic response to avoid revealing whether email exists
+    return NextResponse.json({
+      success: true,
+      message: 'If an unverified account exists with this email, a verification email has been sent.'
+    });
+  }
+}

package/dist/defaultapp/api/Auth/route.ts

@@ -10,7 +10,6 @@ import * as crypto from 'node:crypto';
 
 import { db_init, db_query } from '../../db';
 import { upsertUser, storeOAuthToken, validateSession, rotateSession } from '../../db-users';
-import { validateCsrfToken } from '../../csrf';
 
 type OAuthProvider = 'google' | 'facebook' | 'apple'  | 'github';
 
@@ -42,7 +41,7 @@ export async function POST(request: Request) {
     }
 
     // Handle username/password authentication
-    if (provider === 'username') {
+    if (provider === 'userpass') {
       if (!email || !password) {
         return NextResponse.json(
           { error: 'Email and password are required' },
@@ -70,7 +69,7 @@ export async function POST(request: Request) {
         // Create or update user in the main Users table
         const user = await upsertUser(
           `password_${authRecord.id}`, // Unique OAuth ID for password users
-          'username' as any, // Source type
+          'userpass' as any, // Source type
           email.split('@')[0], // Username from email
           email,
           undefined // No avatar for password auth
@@ -78,14 +77,14 @@ export async function POST(request: Request) {
 
         // Delete existing sessions for this user
         const existingSessions = await db_query(db, 
-          "SELECT ID FROM usersession WHERE userid = ?", 
+          "SELECT id FROM usersession WHERE userid = ?", 
           [user.userid]
         );
         
         if (existingSessions && existingSessions.length > 0) {
-          const sessionIds = existingSessions.map(session => session.ID);
+          const sessionIds = existingSessions.map(session => session.id);
           const placeholders = sessionIds.map(() => '?').join(',');
-          await db_query(db, `DELETE FROM usersession WHERE ID IN (${placeholders})`, sessionIds);
+          await db_query(db, `DELETE FROM usersession WHERE id IN (${placeholders})`, sessionIds);
         }
 
         // Generate secure session token and ID
@@ -94,7 +93,7 @@ export async function POST(request: Request) {
 
         // Create new session with secure token
         await db_query(db, 
-          "INSERT INTO usersession (ID, SessionToken, userid, ExpirationDate) VALUES (?, ?, ?, ?)",
+          "INSERT INTO usersession (id, sessiontoken, userid, expirationdate) VALUES (?, ?, ?, ?)",
           [sessionId, sessionToken, user.userid, new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString()]
         );
 
@@ -113,10 +112,10 @@ export async function POST(request: Request) {
         // Create a completely clean object to avoid any database result object issues
         const cleanUserData = {
           userid: String(user.userid),
-          userName: String(user.UserName),
-          avatarURL: String(user.AvatarURL || ''),
-          userLevel: Number(user.UserLevel),
-          isAdmin: Number(user.UserLevel) === 2
+          userName: String(user.username),
+          avatarURL: String(user.avatarurl || ''),
+          userLevel: Number(user.userlevel),
+          isAdmin: Number(user.userlevel) === 2
         };
         
         return NextResponse.json({ 
@@ -153,7 +152,7 @@ export async function POST(request: Request) {
     }
 
     let userData = {
-        ID: '',
+        id: '',
         name: '',
         email: '',
         avatar_url: '',
@@ -204,28 +203,28 @@ export async function POST(request: Request) {
     switch (validProvider) {
    
         case 'google':
-            userData.ID = fetchedUserData.id;
+            userData.id = fetchedUserData.id;
             userData.name = fetchedUserData.name;
             userData.email = fetchedUserData.email;
             userData.avatar_url = fetchedUserData.picture;
             break;
 
         case 'facebook':
-            userData.ID = fetchedUserData.id;
+            userData.id = fetchedUserData.id;
             userData.name = fetchedUserData.name;
             userData.email = fetchedUserData.email;
             userData.avatar_url = fetchedUserData.picture?.data?.url;
             break;
 
         case 'apple':
-            userData.ID = fetchedUserData.sub;
+            userData.id = fetchedUserData.sub;
             userData.name = `${fetchedUserData.given_name || ''} ${fetchedUserData.family_name || ''}`.trim();
             userData.email = fetchedUserData.email;
             // Apple doesn't provide avatar URL
             break;
 
         case 'github':
-            userData.ID = fetchedUserData.id?.toString();
+            userData.id = fetchedUserData.id?.toString();
             userData.name = fetchedUserData.name || fetchedUserData.login;
             userData.email = fetchedUserData.email;
             userData.avatar_url = fetchedUserData.avatar_url;
@@ -240,7 +239,7 @@ export async function POST(request: Request) {
     
     // Create or update user using the new user management system
     const user = await upsertUser(
-      userData.ID,
+      userData.id,
       validProvider,
       userData.name,
       userData.email,
@@ -258,14 +257,14 @@ export async function POST(request: Request) {
     
     // Delete existing sessions for this user
     const existingSessions = await db_query(db, 
-      "SELECT ID FROM usersession WHERE userid = ?", 
+      "SELECT id FROM usersession WHERE userid = ?", 
       [user.userid]
     );
     
     if (existingSessions && existingSessions.length > 0) {
-        const sessionIds = existingSessions.map(session => session.ID);
+        const sessionIds = existingSessions.map(session => session.id);
         const placeholders = sessionIds.map(() => '?').join(',');
-        await db_query(db, `DELETE FROM usersession WHERE ID IN (${placeholders})`, sessionIds);
+        await db_query(db, `DELETE FROM usersession WHERE id IN (${placeholders})`, sessionIds);
     }
 
     // Generate secure session token and ID
@@ -274,7 +273,7 @@ export async function POST(request: Request) {
 
     // Create new session with secure token
     await db_query(db, 
-      "INSERT INTO usersession (ID, SessionToken, userid, ExpirationDate) VALUES (?, ?, ?, ?)",
+      "INSERT INTO usersession (id, sessiontoken, userid, expirationdate) VALUES (?, ?, ?, ?)",
       [sessionId, sessionToken, user.userid, new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString()]
     );
 
@@ -293,10 +292,10 @@ export async function POST(request: Request) {
     // Create a completely clean object to avoid any database result object issues
     const cleanUserData = {
       userid: String(user.userid),
-      userName: String(user.UserName),
-      avatarURL: String(user.AvatarURL || ''),
-      userLevel: Number(user.UserLevel),
-      isAdmin: Number(user.UserLevel) === 2
+      userName: String(user.username),
+      avatarURL: String(user.avatarurl || ''),
+      userLevel: Number(user.userlevel),
+      isAdmin: Number(user.userlevel) === 2
     };
     
     return NextResponse.json({ 
@@ -347,13 +346,13 @@ export async function GET() {
         const response = NextResponse.json({
           user: {
             userid: sessionData.user.userid,
-            UserName: sessionData.user.UserName,
-            AvatarURL: sessionData.user.AvatarURL,
-            Email: sessionData.user.Email,
-            UserLevel: sessionData.user.UserLevel,
-            IsAdmin: sessionData.user.UserLevel === 2,
-            Source: sessionData.user.Source,
-            LastLoginDate: sessionData.user.LastLoginDate
+            username: sessionData.user.username,
+            avatarurl: sessionData.user.avatarurl,
+            email: sessionData.user.email,
+            userlevel: sessionData.user.userlevel,
+            isadmin: sessionData.user.userlevel === 2,
+            source: sessionData.user.source,
+            lastlogindate: sessionData.user.lastlogindate
           }
         });
         
@@ -376,13 +375,13 @@ export async function GET() {
     return NextResponse.json({
       user: {
         userid: sessionData.user.userid,
-        UserName: sessionData.user.UserName,
-        AvatarURL: sessionData.user.AvatarURL,
-        Email: sessionData.user.Email,
-        UserLevel: sessionData.user.UserLevel,
-        IsAdmin: sessionData.user.UserLevel === 2,
-        Source: sessionData.user.Source,
-        LastLoginDate: sessionData.user.LastLoginDate
+        username: sessionData.user.username,
+        avatarurl: sessionData.user.avatarurl,
+        email: sessionData.user.email,
+        userlevel: sessionData.user.userlevel,
+        isadmin: sessionData.user.userlevel === 2,
+        source: sessionData.user.source,
+        lastlogindate: sessionData.user.lastlogindate
       }
     });
 
@@ -395,15 +394,6 @@ export async function GET() {
 }
 
 export async function DELETE(request: Request) {
-  // Validate CSRF token for logout
-  const isValidCsrf = await validateCsrfToken(request);
-  if (!isValidCsrf) {
-    return NextResponse.json(
-      { error: 'Invalid CSRF token' },
-      { status: 403 }
-    );
-  }
-  
   const db = await db_init();
   
   try {
@@ -420,7 +410,7 @@ export async function DELETE(request: Request) {
 
     // Delete session from database using the actual session token
     await db_query(db, 
-      "DELETE FROM usersession WHERE SessionToken = ?", 
+      "DELETE FROM usersession WHERE sessiontoken = ?", 
       [sessionToken]
     );
 

package/dist/defaultapp/api/Auth/signup/route.ts

@@ -4,7 +4,6 @@
  */
 
 import { NextResponse } from 'next/server';
-import { validateCsrfToken } from '../../../csrf';
 import { createPasswordAuth } from '../../../db-password-auth';
 import { send_email } from '../../../storage/email';
 
@@ -15,15 +14,6 @@ const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
 const passwordRegex = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$/;
 
 export async function POST(request: Request) {
-  // Validate CSRF token
-  const isValidCsrf = await validateCsrfToken(request);
-  if (!isValidCsrf) {
-    return NextResponse.json(
-      { error: 'Invalid CSRF token' },
-      { status: 403 }
-    );
-  }
-
   try {
     const { email, password } = await request.json();
 
@@ -62,11 +52,11 @@ export async function POST(request: Request) {
               .button { 
                 display: inline-block; 
                 padding: 12px 24px; 
-                background-color: #4F46E5; 
-                color: white; 
+                background-color: #f0f0f0; 
+                color: #000000; 
                 text-decoration: none; 
-                border-radius: 6px;
-                font-weight: bold;
+                border: 1px solid #cccccc;
+                border-radius: 4px;
               }
               .footer { margin-top: 30px; font-size: 12px; color: #666; }
             </style>
@@ -79,7 +69,7 @@ export async function POST(request: Request) {
                 <a href="${verificationUrl}" class="button">Verify Email Address</a>
               </p>
               <p>Or copy and paste this link into your browser:</p>
-              <p style="word-break: break-all; color: #4F46E5;">${verificationUrl}</p>
+              <p style="word-break: break-all; color: #0066cc;">${verificationUrl}</p>
               <p>This link will expire in 24 hours.</p>
               <div class="footer">
                 <p>If you didn't create an account, you can safely ignore this email.</p>