@1auth/account 0.0.0-beta.0 → 0.0.0-beta.2

package/README.md

@@ -0,0 +1,44 @@
+<div align="center">
+  <h1>@1auth/account</h1>
+  <!--<img alt="1auth logo" src="https://raw.githubusercontent.com/willfarrell/1auth/main/docs/img/logo.svg"/>-->
+  <p><strong>User account management with encrypted storage and lifecycle operations</strong></p>
+<p>
+  <a href="https://github.com/willfarrell/1auth/actions/workflows/test-unit.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-unit.yml/badge.svg" alt="GitHub Actions unit test status"></a>
+  <a href="https://github.com/willfarrell/1auth/actions/workflows/test-dast.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-dast.yml/badge.svg" alt="GitHub Actions dast test status"></a>
+  <a href="https://github.com/willfarrell/1auth/actions/workflows/test-perf.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-perf.yml/badge.svg" alt="GitHub Actions perf test status"></a>
+  <a href="https://github.com/willfarrell/1auth/actions/workflows/test-sast.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-sast.yml/badge.svg" alt="GitHub Actions SAST test status"></a>
+  <a href="https://github.com/willfarrell/1auth/actions/workflows/test-lint.yml"><img src="https://github.com/willfarrell/1auth/actions/workflows/test-lint.yml/badge.svg" alt="GitHub Actions lint test status"></a>
+  <br/>
+  <a href="https://www.npmjs.com/package/@1auth/account"><img alt="npm version" src="https://img.shields.io/npm/v/@1auth/account.svg"></a>
+  <a href="https://packagephobia.com/result?p=@1auth/account"><img src="https://packagephobia.com/badge?p=@1auth/account" alt="npm install size"></a>
+  <a href="https://www.npmjs.com/package/@1auth/account">
+  <img alt="npm weekly downloads" src="https://img.shields.io/npm/dw/@1auth/account.svg"></a>
+  <a href="https://www.npmjs.com/package/@1auth/account#provenance">
+  <img alt="npm provenance" src="https://img.shields.io/badge/provenance-Yes-brightgreen"></a>
+  <br/>
+  <a href="https://scorecard.dev/viewer/?uri=github.com/willfarrell/1auth"><img src="https://api.scorecard.dev/projects/github.com/willfarrell/1auth/badge" alt="Open Source Security Foundation (OpenSSF) Scorecard"></a>
+  <a href="https://slsa.dev"><img src="https://slsa.dev/images/gh-badge-level3.svg" alt="SLSA 3"></a>
+  <a href="https://github.com/willfarrell/1auth/blob/main/docs/CODE_OF_CONDUCT.md"><img src="https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg"></a>
+  <a href="https://biomejs.dev"><img alt="Checked with Biome" src="https://img.shields.io/badge/Checked_with-Biome-60a5fa?style=flat&logo=biome"></a>
+  <a href="https://conventionalcommits.org"><img alt="Conventional Commits" src="https://img.shields.io/badge/Conventional%20Commits-1.0.0-%23FE5196?logo=conventionalcommits&logoColor=white"></a>
+</p>
+<p>You can read the documentation at: <a href="https://1auth.js.org">https://1auth.js.org</a></p>
+</div>
+
+## Install
+
+```bash
+npm install @1auth/account
+```
+
+## Documentation and examples
+
+For documentation and examples, refer to the main [1auth monorepo on GitHub](https://github.com/willfarrell/1auth) or the [1auth website](https://1auth.js.org).
+
+## Contributing
+
+Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/willfarrell/1auth/issues) or to [submit Pull Requests](https://github.com/willfarrell/1auth/pulls).
+
+## License
+
+Licensed under [MIT License](LICENSE). Copyright (c) 2020-2026 [will Farrell](https://github.com/willfarrell) and [contributors](https://github.com/willfarrell/1auth/graphs/contributors).

package/index.js

@@ -1,5 +1,8 @@
+// Copyright 2003 - 2026 will Farrell, and 1Auth contributors.
+// SPDX-License-Identifier: MIT
 import {
 	makeRandomConfigObject,
+	nowInSeconds,
 	symmetricDecryptFields,
 	symmetricEncryptFields,
 	symmetricGenerateEncryptionKey,
@@ -32,8 +35,8 @@ const defaults = {
 	encryptedFields: [],
 };
 const options = {};
-export default (params) => {
-	Object.assign(options, defaults, params);
+export default (opt = {}) => {
+	Object.assign(options, defaults, opt);
 };
 export const getOptions = () => options;
 
@@ -41,7 +44,7 @@ export const exists = async (sub) => {
 	if (!sub || typeof sub !== "string") {
 		throw new Error("404 Not Found", { cause: { sub } });
 	}
-	return options.store.exists(options.table, { sub });
+	return await options.store.exists(options.table, { sub });
 };
 
 export const lookup = async (sub) => {
@@ -63,7 +66,7 @@ export const lookup = async (sub) => {
 };
 
 export const create = async (values = {}) => {
-	const sub = await options.randomSubject.create(options.subPrefix);
+	const sub = await options.randomSubject.create();
 
 	const { encryptionKey, encryptedKey } = symmetricGenerateEncryptionKey(sub);
 	const encryptedValues = symmetricEncryptFields(
@@ -81,11 +84,11 @@ export const create = async (values = {}) => {
 		update: now,
 	};
 	if (options.idGenerate) {
-		params.id = await options.randomId.create(options.idPrefix);
+		params.id = await options.randomId.create();
 	}
 	await options.store.insert(options.table, params);
 
-	// TODO update guest session, attach sub
+	// If caller has a guest session, use session.rotate(guestSub, guestSessionId, sub, deviceMeta) to transition it.
 	return sub;
 };
 
@@ -137,23 +140,3 @@ export const remove = async (sub) => {
 	// Should trigger removal of credentials and messengers
 	await options.store.remove(options.table, { sub });
 };
-
-/* export const expire = async (sub) => {
-  const expire = nowInSeconds() + 90 * 24 * 60 * 60
-  await options.store.update(options.table, { sub }, { expire })
-  await options.notify.trigger('account-expire', sub)
-  // TODO clear sessions
-}
-
-export const recover = async (sub) => {
-  await options.store.update(options.table, { sub }, { expire: null })
-  await options.notify.trigger('account-recover', sub)
-} */
-
-// TODO manage onboard state
-
-// TODO save notification settings
-
-// TODO authorize management?
-
-const nowInSeconds = () => Math.floor(Date.now() / 1000);

package/package.json

@@ -1,7 +1,7 @@
 {
 	"name": "@1auth/account",
-	"version": "0.0.0-beta.0",
-	"description": "",
+	"version": "0.0.0-beta.2",
+	"description": "User account management with encrypted storage and lifecycle operations",
 	"type": "module",
 	"engines": {
 		"node": ">=24"
@@ -12,18 +12,18 @@
 	},
 	"main": "./index.js",
 	"module": "./index.js",
+	"sideEffects": false,
 	"exports": {
 		".": {
-			"import": {
-				"types": "./index.d.ts",
-				"default": "./index.js"
-			}
+			"import": "./index.js"
+		},
+		"./table/*": {
+			"import": "./table/*"
 		}
 	},
-	"types": "index.d.ts",
 	"files": [
 		"index.js",
-		"index.d.ts"
+		"table"
 	],
 	"scripts": {
 		"test": "npm run test:unit",
@@ -34,7 +34,13 @@
 		"type": "github",
 		"url": "https://github.com/sponsors/willfarrell"
 	},
-	"keywords": [],
+	"keywords": [
+		"1auth",
+		"OWASP",
+		"ASVS",
+		"account",
+		"identity"
+	],
 	"author": {
 		"name": "1auth contributors",
 		"url": "https://github.com/willfarrell/1auth/graphs/contributors"
@@ -50,6 +56,6 @@
 	"homepage": "https://github.com/willfarrell/1auth",
 	"gitHead": "7a6c0fbb8ab71d6a2171e678697de9f237568431",
 	"dependencies": {
-		"@1auth/crypto": "0.0.0-beta.0"
+		"@1auth/crypto": "0.0.0-beta.2"
 	}
 }

package/table/dynamodb.js

@@ -0,0 +1,130 @@
+// Copyright 2003 - 2026 will Farrell, and 1Auth contributors.
+// SPDX-License-Identifier: MIT
+import {
+	CreateTableCommand,
+	DeleteTableCommand,
+} from "@aws-sdk/client-dynamodb";
+
+export const name = "accounts";
+export const timeToLiveKey = "remove";
+
+export const create = async (client, table = name) => {
+	try {
+		await client.send(
+			new CreateTableCommand({
+				TableName: table,
+				AttributeDefinitions: [
+					// {
+					// 	AttributeName: "id",
+					// 	AttributeType: "S",
+					// },
+					{
+						AttributeName: "sub",
+						AttributeType: "S",
+					},
+					{
+						AttributeName: "digest",
+						AttributeType: "S",
+					},
+					// Used for listing all active sessions (optional)
+					// {
+					// 	AttributeName: "expire",
+					// 	AttributeType: "N",
+					// },
+				],
+				KeySchema: [
+					{
+						AttributeName: "sub",
+						KeyType: "HASH",
+					},
+					// {
+					// 	AttributeName: "id",
+					// 	KeyType: "RANGE",
+					// },
+				],
+				GlobalSecondaryIndexes: [
+					{
+						IndexName: "sub",
+						KeySchema: [
+							{
+								AttributeName: "sub",
+								KeyType: "HASH",
+							},
+						],
+						Projection: {
+							ProjectionType: "INCLUDE",
+							NonKeyAttributes: [
+								"id",
+								"encryptionKey",
+								"value",
+								"name", // optional, used in tests
+								"unencrypted", // optional, used in tests
+								"create",
+								"expire",
+							],
+						},
+					},
+					{
+						IndexName: "digest",
+						KeySchema: [
+							{
+								AttributeName: "digest",
+								KeyType: "HASH",
+							},
+						],
+						Projection: {
+							ProjectionType: "INCLUDE",
+							NonKeyAttributes: [
+								"id",
+								"sub",
+								"encryptionKey",
+								"value",
+								"create",
+								"expire",
+							],
+						},
+					},
+					// Used for listing all (optional)
+					// {
+					// 	IndexName: "active",
+					// 	KeySchema: [
+					// 		{
+					// 			AttributeName: "expire",
+					// 			KeyType: "HASH",
+					// 		},
+					// 	],
+					// 	Projection: {
+					// 		ProjectionType: "INCLUDE",
+					// 		NonKeyAttributes: ["sub", "create"],
+					// 	},
+					// },
+				],
+				TimeToLiveSpecification: {
+					Enabled: true,
+					AttributeName: timeToLiveKey,
+				},
+				BillingMode: "PAY_PER_REQUEST",
+			}),
+		);
+	} catch (e) {
+		if (e.message === "Cannot create preexisting table") {
+			await truncate(client, table);
+		} else {
+			console.error("ERROR create", e.message);
+			throw e;
+		}
+	}
+};
+
+export const truncate = async (client, table = name) => {
+	await drop(client, table);
+	await create(client, table);
+};
+
+export const drop = async (client, table = name) => {
+	await client.send(
+		new DeleteTableCommand({
+			TableName: table,
+		}),
+	);
+};

package/table/sql.js

@@ -0,0 +1,44 @@
+// Copyright 2003 - 2026 will Farrell, and 1Auth contributors.
+// SPDX-License-Identifier: MIT
+export const name = "accounts";
+export const timeToLiveKey = "remove";
+export const create = async (client, table = name) => {
+	const sql = `
+	CREATE TABLE IF NOT EXISTS ${table}
+   (
+     "id"                 VARCHAR(19)         NOT NULL, -- prefix (user_) + entropy (11)
+     "sub"                VARCHAR(15)         NOT NULL, -- prefix (sub_) + entropy (11)
+
+     "encryptionKey"      VARCHAR(256)        NOT NULL,
+     "value"              VARCHAR(512) DEFAULT NULL, -- username
+     "digest"             VARCHAR(73)  DEFAULT NULL, -- of username
+
+     "name"               VARCHAR(128) DEFAULT NULL,
+     "unencrypted"        VARCHAR(128) DEFAULT NULL,
+
+     "create"             TIMESTAMP WITH TIME ZONE DEFAULT NULL, -- postges: DEFAULT NOW(), sqlite: DEFAULT CURRENT_TIME,
+     "update"             TIMESTAMP WITH TIME ZONE DEFAULT NULL, -- NOW()
+     "verify"             TIMESTAMP WITH TIME ZONE DEFAULT NULL,
+     "expire"             TIMESTAMP WITH TIME ZONE DEFAULT NULL,
+     "${timeToLiveKey}"   TIMESTAMP WITH TIME ZONE DEFAULT NULL,
+
+     CONSTRAINT ${table}_pkey PRIMARY KEY ("id"),
+     CONSTRAINT ${table}_ukey UNIQUE ("sub")
+   );
+   `;
+	return await client.query(sql);
+};
+
+export const truncate = async (client, table = name) => {
+	const sql = `
+    DELETE FROM ${table};
+  `;
+	return await client.query(sql);
+};
+
+export const drop = async (client, table = name) => {
+	const sql = `
+    DROP TABLE ${table};
+  `;
+	return await client.query(sql);
+};