@atpassport/client 0.1.0

package/dist/__tests__/client.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__tests__/client.test.js

@@ -0,0 +1,112 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const index_1 = require("../index");
+const jose_1 = require("jose");
+(0, vitest_1.describe)('AtPassport', () => {
+    const baseUrl = 'https://passport.atproto.com';
+    const callbackUrl = 'https://app.com/callback';
+    let privateKey;
+    let publicKey;
+    (0, vitest_1.beforeEach)(async () => {
+        const keyPair = await (0, jose_1.generateKeyPair)('RS256');
+        privateKey = await (0, jose_1.exportPKCS8)(keyPair.privateKey);
+        publicKey = await (0, jose_1.exportSPKI)(keyPair.publicKey);
+        // Polyfill crypto.randomUUID for vitest environment if needed
+        if (typeof crypto === 'undefined' || typeof crypto.randomUUID !== 'function') {
+            const g = global;
+            if (!g.crypto)
+                g.crypto = {};
+            g.crypto.randomUUID = () => 'test-uuid-1234';
+        }
+    });
+    (0, vitest_1.it)('generates correct register URL', () => {
+        const passport = new index_1.AtPassport({ baseUrl, callbackUrl });
+        const url = passport.registerUrl('alice.bsky.social', 'https://app.com/register-callback');
+        const parsed = new URL(url);
+        (0, vitest_1.expect)(parsed.origin).toBe(baseUrl);
+        (0, vitest_1.expect)(parsed.pathname).toBe('/api/register');
+        (0, vitest_1.expect)(parsed.searchParams.get('handle')).toBe('alice.bsky.social');
+        (0, vitest_1.expect)(parsed.searchParams.get('callbackUrl')).toBe('https://app.com/register-callback');
+    });
+    (0, vitest_1.it)('generates correct resolve URL', () => {
+        const passport = new index_1.AtPassport({ baseUrl, callbackUrl });
+        const url = passport.resolveUrl('https://app.com/resolve-callback');
+        const parsed = new URL(url);
+        (0, vitest_1.expect)(parsed.origin).toBe(baseUrl);
+        (0, vitest_1.expect)(parsed.pathname).toBe('/api/resolve');
+        (0, vitest_1.expect)(parsed.searchParams.get('callbackUrl')).toBe('https://app.com/resolve-callback');
+    });
+    (0, vitest_1.it)('gets session from a valid token', async () => {
+        const passport = new index_1.AtPassport({ baseUrl, callbackUrl, publicKey });
+        const payload = { did: 'did:plc:123', handle: 'alice.bsky.social', uuid: 'uuid-123' };
+        const token = await new jose_1.SignJWT(payload)
+            .setProtectedHeader({ alg: 'RS256' })
+            .setIssuedAt()
+            .setExpirationTime('1h')
+            .setIssuer('atpassport')
+            .sign(await importPKCS8(privateKey, 'RS256'));
+        const verified = await passport.get(token);
+        (0, vitest_1.expect)(verified.did).toBe(payload.did);
+        (0, vitest_1.expect)(verified.handle).toBe(payload.handle);
+    });
+    (0, vitest_1.it)('generates correct auth URL and state', () => {
+        const passport = new index_1.AtPassport({ baseUrl, callbackUrl });
+        const { url, atpstate } = passport.generateAuthUrl({ theme: 'dark' });
+        const parsed = new URL(url);
+        (0, vitest_1.expect)(parsed.origin).toBe(baseUrl);
+        (0, vitest_1.expect)(parsed.pathname).toBe('/authentication');
+        (0, vitest_1.expect)(parsed.searchParams.get('atpstate')).toBe(atpstate);
+        const innerCallback = new URL(parsed.searchParams.get('callback'));
+        (0, vitest_1.expect)(innerCallback.origin).toBe('https://app.com');
+        (0, vitest_1.expect)(innerCallback.searchParams.get('theme')).toBe('dark');
+    });
+    (0, vitest_1.it)('parses callback URL correctly', () => {
+        const passport = new index_1.AtPassport({ callbackUrl });
+        const testUrl = 'https://app.com/callback?handle=alice.bsky.social&did=did:plc:123&pdsurl=https://pds.example.com&atpstate=test-state&extra=param';
+        const result = passport.parseCallback(testUrl);
+        (0, vitest_1.expect)(result.handle).toBe('alice.bsky.social');
+        (0, vitest_1.expect)(result.did).toBe('did:plc:123');
+        (0, vitest_1.expect)(result.pdsUrl).toBe('https://pds.example.com');
+        (0, vitest_1.expect)(result.atpstate).toBe('test-state');
+        (0, vitest_1.expect)(result.customParams.extra).toBe('param');
+        (0, vitest_1.expect)(result.customParams.handle).toBeUndefined();
+    });
+});
+async function importPKCS8(pkcs8, alg) {
+    const { importPKCS8 } = await Promise.resolve().then(() => __importStar(require('jose')));
+    return await importPKCS8(pkcs8, alg);
+}

package/dist/index.d.ts

@@ -0,0 +1,60 @@
+export interface AtPassportSession {
+    did: string;
+    handle: string;
+    uuid: string;
+}
+export interface AtPassportOptions {
+    callbackUrl: string;
+    baseUrl?: string;
+    publicKey?: string;
+}
+/**
+ * AtPassport Client
+ */
+export declare class AtPassport {
+    private readonly baseUrl;
+    private readonly publicKey?;
+    private readonly callbackUrl;
+    constructor(options: AtPassportOptions);
+    /**
+     * Generates the URL for handle registration.
+     */
+    registerUrl(handle: string, callback: string): string;
+    /**
+     * Generates the URL for identity resolution.
+     */
+    resolveUrl(callback: string): string;
+    /**
+     * Verifies the token and returns the session.
+     */
+    get(token: string): Promise<AtPassportSession>;
+    /**
+     * Generates the authentication URL and state.
+     * By saving the state on the app side and verifying it in parseCallback,
+     * you can prevent CSRF attacks. Custom parameters will be attached to the callback.
+     */
+    generateAuthUrl(customParams?: Record<string, string>): {
+        url: string;
+        atpstate: string;
+    };
+    /**
+     * Parses the callback URL returned from AtPassport and extracts parameters.
+     */
+    parseCallback(currentUrl: string): {
+        handle: string | null;
+        did: string | null;
+        pdsUrl: string | null;
+        atpstate: string | null;
+        customParams: Record<string, string>;
+    };
+    /**
+     * Opens a popup to let user pick a handle.
+     * Returns a promise that resolves with the selected handle.
+     */
+    pick(): Promise<string>;
+    /**
+     * Attaches the picker to an input element.
+     * Automatically fills the input when a handle is picked on focus.
+     */
+    decorate(input: HTMLInputElement): void;
+}

package/dist/index.js

@@ -0,0 +1,131 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AtPassport = void 0;
+const jose_1 = require("jose");
+/**
+ * AtPassport Client
+ */
+class AtPassport {
+    baseUrl;
+    publicKey;
+    callbackUrl;
+    constructor(options) {
+        this.baseUrl = (options.baseUrl || "https://atpassport.net").replace(/\/$/, "");
+        this.publicKey = options.publicKey;
+        this.callbackUrl = options.callbackUrl;
+    }
+    /**
+     * Generates the URL for handle registration.
+     */
+    registerUrl(handle, callback) {
+        const url = new URL(`${this.baseUrl}/api/register`);
+        url.searchParams.set("handle", handle);
+        url.searchParams.set("callbackUrl", callback);
+        return url.toString();
+    }
+    /**
+     * Generates the URL for identity resolution.
+     */
+    resolveUrl(callback) {
+        const url = new URL(`${this.baseUrl}/api/resolve`);
+        url.searchParams.set("callbackUrl", callback);
+        return url.toString();
+    }
+    /**
+     * Verifies the token and returns the session.
+     */
+    async get(token) {
+        if (!this.publicKey) {
+            throw new Error("Public key is required for verification");
+        }
+        const spki = this.publicKey.includes("BEGIN")
+            ? this.publicKey
+            : Buffer.from(this.publicKey, 'base64').toString();
+        const key = await (0, jose_1.importSPKI)(spki, "RS256");
+        const { payload } = await (0, jose_1.jwtVerify)(token, key, { issuer: "atpassport" });
+        return payload;
+    }
+    /**
+     * Generates the authentication URL and state.
+     * By saving the state on the app side and verifying it in parseCallback,
+     * you can prevent CSRF attacks. Custom parameters will be attached to the callback.
+     */
+    generateAuthUrl(customParams) {
+        const atpstate = crypto.randomUUID(); // Requires browser context or Node.js 19+
+        const url = new URL(`${this.baseUrl}/authentication`);
+        const callback = new URL(this.callbackUrl);
+        if (customParams) {
+            for (const [key, value] of Object.entries(customParams)) {
+                callback.searchParams.set(key, value);
+            }
+        }
+        url.searchParams.set("callback", callback.toString());
+        url.searchParams.set("atpstate", atpstate);
+        return { url: url.toString(), atpstate };
+    }
+    /**
+     * Parses the callback URL returned from AtPassport and extracts parameters.
+     */
+    parseCallback(currentUrl) {
+        const url = new URL(currentUrl);
+        const handle = url.searchParams.get("handle");
+        const did = url.searchParams.get("did");
+        const pdsUrl = url.searchParams.get("pdsurl");
+        const atpstate = url.searchParams.get("atpstate");
+        const customParams = {};
+        url.searchParams.forEach((value, key) => {
+            if (!["handle", "did", "pdsurl", "atpstate"].includes(key)) {
+                customParams[key] = value;
+            }
+        });
+        return { handle, did, pdsUrl, atpstate, customParams };
+    }
+    /**
+     * Opens a popup to let user pick a handle.
+     * Returns a promise that resolves with the selected handle.
+     */
+    async pick() {
+        return new Promise((resolve) => {
+            const width = 400;
+            const height = 500;
+            const left = window.screenX + (window.outerWidth - width) / 2;
+            const top = window.screenY + (window.outerHeight - height) / 2;
+            const pickerUrl = `${this.baseUrl}/picker`;
+            const popup = window.open(pickerUrl, 'atpassport:picker', `width=${width},height=${height},left=${left},top=${top}`);
+            const handler = (event) => {
+                if (event.origin !== new URL(this.baseUrl).origin)
+                    return;
+                if (event.data?.type === 'atpassport:pick') {
+                    window.removeEventListener('message', handler);
+                    resolve(event.data.handle);
+                }
+            };
+            window.addEventListener('message', handler);
+            // Optional: Check if popup is closed without picking
+            const checkClosed = setInterval(() => {
+                if (popup?.closed) {
+                    clearInterval(checkClosed);
+                    // resolve empty if closed?
+                }
+            }, 1000);
+        });
+    }
+    /**
+     * Attaches the picker to an input element.
+     * Automatically fills the input when a handle is picked on focus.
+     */
+    decorate(input) {
+        input.addEventListener('focus', async () => {
+            if (input.value)
+                return; // Don't interrupt if already filled
+            const handle = await this.pick();
+            if (handle) {
+                input.value = handle;
+                // Trigger change events
+                input.dispatchEvent(new Event('input', { bubbles: true }));
+                input.dispatchEvent(new Event('change', { bubbles: true }));
+            }
+        });
+    }
+}
+exports.AtPassport = AtPassport;

package/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "@atpassport/client",
+  "version": "0.1.0",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run"
+  },
+  "dependencies": {
+    "jose": "^5.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^25.5.0",
+    "typescript": "^5.0.0",
+    "vitest": "^2.0.0"
+  }
+}