@axium/core 0.1.1 → 0.3.0

package/dist/api.d.ts

@@ -0,0 +1,108 @@
+import type { AuthenticatorTransportFuture, CredentialDeviceType, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialRequestOptionsJSON } from '@simplewebauthn/types';
+import type z from 'zod/v4';
+import type { RequestMethod } from './requests.js';
+import type { APIUserRegistration, LogoutSessions, PasskeyAuthenticationResponse, PasskeyChangeable, PasskeyRegistration, UserAuthOptions } from './schemas.js';
+import type { User, UserChangeable, UserPublic } from './user.js';
+export interface Session {
+    id: string;
+    userId: string;
+    expires: Date;
+    created: Date;
+    elevated: boolean;
+}
+export interface Verification {
+    userId: string;
+    expires: Date;
+}
+export interface Passkey {
+    id: string;
+    name?: string | null;
+    createdAt: Date;
+    userId: string;
+    deviceType: CredentialDeviceType;
+    backedUp: boolean;
+    transports: AuthenticatorTransportFuture[];
+}
+export interface NewSessionResponse {
+    userId: string;
+    token: string;
+}
+/**
+ * Types for all API endpoints
+ * @internal
+ */
+export interface _apiTypes {
+    metadata: {
+        GET: {
+            version: string;
+            routes: Record<string, {
+                params: Record<string, string | null>;
+                methods: string[];
+            }>;
+            plugins: Record<string, string>;
+        };
+    };
+    session: {
+        GET: Session & {
+            user: User;
+        };
+        DELETE: Session;
+    };
+    register: {
+        OPTIONS: {
+            userId: string;
+            options: PublicKeyCredentialCreationOptionsJSON;
+        };
+        POST: [z.input<typeof APIUserRegistration>, NewSessionResponse];
+    };
+    'users/:id': {
+        GET: UserPublic & Partial<User>;
+        PATCH: [z.input<typeof UserChangeable>, User];
+        DELETE: User;
+    };
+    'users/:id/full': {
+        GET: User & {
+            sessions: Session[];
+        };
+    };
+    'users/:id/auth': {
+        OPTIONS: [z.input<typeof UserAuthOptions>, PublicKeyCredentialRequestOptionsJSON];
+        POST: [z.input<typeof PasskeyAuthenticationResponse>, NewSessionResponse];
+    };
+    'users/:id/sessions': {
+        GET: Session[];
+        DELETE: [z.input<typeof LogoutSessions>, Session[]];
+    };
+    'users/:id/passkeys': {
+        OPTIONS: PublicKeyCredentialCreationOptionsJSON;
+        GET: Passkey[];
+        PUT: [z.input<typeof PasskeyRegistration>, Passkey];
+    };
+    'users/:id/verify_email': {
+        OPTIONS: {
+            enabled: boolean;
+        };
+        GET: Verification;
+        POST: [{
+            token: string;
+        }, {}];
+    };
+    'passkeys/:id': {
+        GET: Passkey;
+        PATCH: [z.input<typeof PasskeyChangeable>, Passkey];
+        DELETE: Passkey;
+    };
+    user_id: {
+        POST: [{
+            using: 'email' | 'handle';
+            value: string;
+        }, {
+            id: string;
+        }];
+    };
+}
+export type Endpoint = keyof _apiTypes;
+export type APIFunction<Method extends RequestMethod, E extends Endpoint> = Method extends keyof _apiTypes[E] ? _apiTypes[E][Method] extends [infer Body, infer Result] ? (body: Body) => Promise<Result> : () => _apiTypes[E][Method] : unknown;
+export type RequestBody<Method extends RequestMethod, E extends Endpoint> = Method extends keyof _apiTypes[E] ? _apiTypes[E][Method] extends [infer Body, unknown] ? Body : any : unknown;
+export type Result<Method extends RequestMethod, E extends Endpoint> = Promise<Method extends keyof _apiTypes[E] ? (_apiTypes[E][Method] extends [unknown, infer R] ? R : _apiTypes[E][Method]) : unknown>;
+export type APIParameters<S extends string> = S extends `${string}/:${infer Right}` ? [string, ...APIParameters<Right>] : [];

package/dist/api.js

@@ -0,0 +1 @@
+export {};

package/dist/index.d.ts

@@ -1,2 +1,4 @@
-export * as schemas from './schemas.js';
+export * from './api.js';
+export * from './requests.js';
+export * from './schemas.js';
 export * from './user.js';

package/dist/index.js

@@ -1,2 +1,4 @@
-export * as schemas from './schemas.js';
+export * from './api.js';
+export * from './requests.js';
+export * from './schemas.js';
 export * from './user.js';

package/dist/requests.d.ts

@@ -0,0 +1,2 @@
+export declare const requestMethods: readonly ["GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD", "PATCH"];
+export type RequestMethod = (typeof requestMethods)[number];

package/dist/requests.js

@@ -0,0 +1 @@
+export const requestMethods = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'HEAD', 'PATCH'];

package/dist/schemas.d.ts

@@ -1,44 +1,82 @@
-import * as z from 'zod';
-export declare const User: z.ZodObject<{
+import z from 'zod/v4';
+export declare function zFunction<T extends z.core.$ZodFunction>(schema: T): z.ZodCustom<Parameters<T["implement"]>[0], Parameters<T["implement"]>[0]>;
+export declare function zAsyncFunction<T extends z.core.$ZodFunction>(schema: T): z.ZodCustom<Parameters<T["implementAsync"]>[0], Parameters<T["implementAsync"]>[0]>;
+export declare const authenticatorAttachment: z.ZodOptional<z.ZodLiteral<"cross-platform" | "platform">>;
+export declare const PasskeyRegistration: z.ZodObject<{
     id: z.ZodString;
-    email: z.ZodString;
-    name: z.ZodNullable<z.ZodString>;
-    image: z.ZodNullable<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    name: string | null;
-    email: string;
-    id: string;
-    image: string | null;
-}, {
-    name: string | null;
-    email: string;
-    id: string;
-    image: string | null;
-}>;
-export type User = z.infer<typeof User>;
-export declare const Login: z.ZodObject<{
-    email: z.ZodString;
-    password: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    email: string;
-    password?: string | undefined;
-}, {
-    email: string;
-    password?: string | undefined;
-}>;
-export type Login = z.infer<typeof Login>;
-export declare const Registration: z.ZodObject<z.objectUtil.extendShape<{
-    email: z.ZodString;
-    password: z.ZodOptional<z.ZodString>;
-}, {
+    rawId: z.ZodString;
+    response: z.ZodObject<{
+        clientDataJSON: z.ZodString;
+        attestationObject: z.ZodString;
+        authenticatorData: z.ZodOptional<z.ZodString>;
+        transports: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+            ble: "ble";
+            hybrid: "hybrid";
+            internal: "internal";
+            nfc: "nfc";
+            usb: "usb";
+            cable: "cable";
+            "smart-card": "smart-card";
+        }>>>;
+        publicKeyAlgorithm: z.ZodOptional<z.ZodNumber>;
+        publicKey: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>;
+    authenticatorAttachment: z.ZodOptional<z.ZodLiteral<"cross-platform" | "platform">>;
+    clientExtensionResults: z.ZodRecord<z.ZodAny, z.ZodAny>;
+    type: z.ZodLiteral<"public-key">;
+}, z.core.$strip>;
+/**
+ * POSTed to the `/users/:id/login` endpoint.
+ */
+export declare const PasskeyAuthenticationResponse: z.ZodObject<{
+    id: z.ZodString;
+    rawId: z.ZodString;
+    response: z.ZodObject<{
+        clientDataJSON: z.ZodString;
+        authenticatorData: z.ZodString;
+        signature: z.ZodString;
+        userHandle: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>;
+    authenticatorAttachment: z.ZodOptional<z.ZodLiteral<"cross-platform" | "platform">>;
+    clientExtensionResults: z.ZodRecord<z.ZodAny, z.ZodAny>;
+    type: z.ZodLiteral<"public-key">;
+}, z.core.$strip>;
+export declare const APIUserRegistration: z.ZodObject<{
     name: z.ZodString;
-}>, "strip", z.ZodTypeAny, {
-    name: string;
-    email: string;
-    password?: string | undefined;
-}, {
-    name: string;
-    email: string;
-    password?: string | undefined;
-}>;
-export type Registration = z.infer<typeof Registration>;
+    email: z.ZodEmail;
+    userId: z.ZodUUID;
+    response: z.ZodObject<{
+        id: z.ZodString;
+        rawId: z.ZodString;
+        response: z.ZodObject<{
+            clientDataJSON: z.ZodString;
+            attestationObject: z.ZodString;
+            authenticatorData: z.ZodOptional<z.ZodString>;
+            transports: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                ble: "ble";
+                hybrid: "hybrid";
+                internal: "internal";
+                nfc: "nfc";
+                usb: "usb";
+                cable: "cable";
+                "smart-card": "smart-card";
+            }>>>;
+            publicKeyAlgorithm: z.ZodOptional<z.ZodNumber>;
+            publicKey: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>;
+        authenticatorAttachment: z.ZodOptional<z.ZodLiteral<"cross-platform" | "platform">>;
+        clientExtensionResults: z.ZodRecord<z.ZodAny, z.ZodAny>;
+        type: z.ZodLiteral<"public-key">;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export declare const PasskeyChangeable: z.ZodObject<{
+    name: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare const UserAuthOptions: z.ZodObject<{
+    type: z.ZodLiteral<"login" | "action">;
+}, z.core.$strip>;
+export type UserAuthOptions = z.infer<typeof UserAuthOptions>;
+export declare const LogoutSessions: z.ZodObject<{
+    id: z.ZodOptional<z.ZodArray<z.ZodUUID>>;
+    confirm_all: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;

package/dist/schemas.js

@@ -1,14 +1,52 @@
-import * as z from 'zod';
-export const User = z.object({
-    id: z.string().uuid(),
-    email: z.string().email(),
-    name: z.string().min(1, 'Name is required').max(255, 'Name is too long').nullable(),
-    image: z.string().url().nullable(),
-});
-export const Login = z.object({
-    email: z.string({ required_error: 'Email is required' }).min(1, 'Email is required').max(255, 'Email is too long').email('Invalid email'),
-    password: z.string().max(255, 'Password must be less than 255 characters').optional(),
-});
-export const Registration = Login.extend({
-    name: z.string({ required_error: 'Name is required' }),
+import z from 'zod/v4';
+export function zFunction(schema) {
+    return z.custom((fn) => schema.implement(fn));
+}
+export function zAsyncFunction(schema) {
+    return z.custom((fn) => schema.implementAsync(fn));
+}
+const transports = ['ble', 'cable', 'hybrid', 'internal', 'nfc', 'smart-card', 'usb'];
+export const authenticatorAttachment = z.literal(['platform', 'cross-platform']).optional();
+export const PasskeyRegistration = z.object({
+    id: z.string(),
+    rawId: z.string(),
+    response: z.object({
+        clientDataJSON: z.string(),
+        attestationObject: z.string(),
+        authenticatorData: z.string().optional(),
+        transports: z.array(z.enum(transports)).optional(),
+        publicKeyAlgorithm: z.number().optional(),
+        publicKey: z.string().optional(),
+    }),
+    authenticatorAttachment,
+    clientExtensionResults: z.record(z.any(), z.any()),
+    type: z.literal('public-key'),
+});
+/**
+ * POSTed to the `/users/:id/login` endpoint.
+ */
+export const PasskeyAuthenticationResponse = z.object({
+    id: z.string(),
+    rawId: z.string(),
+    response: z.object({
+        clientDataJSON: z.string(),
+        authenticatorData: z.string(),
+        signature: z.string(),
+        userHandle: z.string().optional(),
+    }),
+    authenticatorAttachment,
+    clientExtensionResults: z.record(z.any(), z.any()),
+    type: z.literal('public-key'),
+});
+export const APIUserRegistration = z.object({
+    name: z.string().min(1).max(100),
+    email: z.email(),
+    userId: z.uuid(),
+    response: PasskeyRegistration,
+});
+export const PasskeyChangeable = z.object({ name: z.string() }).partial();
+export const UserAuthOptions = z.object({ type: z.literal(['login', 'action']) });
+export const LogoutSessions = z.object({
+    id: z.array(z.uuid()).optional(),
+    confirm_all: z.boolean().optional(),
 });

package/dist/user.d.ts

@@ -1,4 +1,33 @@
+import z from 'zod/v4';
+/**
+ * User preferences.
+ * Modify with `declare module ...`
+ */
+export interface Preferences {
+}
+export declare const User: z.ZodObject<{
+    id: z.ZodUUID;
+    name: z.ZodString;
+    email: z.ZodEmail;
+    emailVerified: z.ZodOptional<z.ZodNullable<z.ZodDate>>;
+    image: z.ZodOptional<z.ZodNullable<z.ZodURL>>;
+}, z.core.$strip>;
+export interface User extends z.infer<typeof User> {
+    preferences?: Preferences;
+}
+export declare const userPublicFields: ["id", "image", "name"];
+type UserPublicField = (typeof userPublicFields)[number];
+export interface UserPublic extends Pick<User, UserPublicField> {
+}
+export declare const userProtectedFields: ["email", "emailVerified", "preferences"];
+export declare const UserChangeable: z.ZodObject<{
+    email: z.ZodOptional<z.ZodEmail>;
+    name: z.ZodOptional<z.ZodString>;
+    image: z.ZodOptional<z.ZodOptional<z.ZodNullable<z.ZodURL>>>;
+}, z.core.$strip>;
+export type UserChangeable = z.infer<typeof UserChangeable>;
 export declare function getUserImage(user: {
     name?: string;
     image?: string;
 }): string;
+export {};

package/dist/user.js

@@ -1,3 +1,18 @@
+import z from 'zod/v4';
+export const User = z.object({
+    id: z.uuid(),
+    name: z.string().min(1, 'Name is required').max(255, 'Name is too long'),
+    email: z.email(),
+    emailVerified: z.date().nullable().optional(),
+    image: z.url().nullable().optional(),
+});
+export const userPublicFields = ['id', 'image', 'name'];
+export const userProtectedFields = ['email', 'emailVerified', 'preferences'];
+export const UserChangeable = User.pick({
+    name: true,
+    email: true,
+    image: true,
+}).partial();
 export function getUserImage(user) {
     if (user.image)
         return user.image;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@axium/core",
-	"version": "0.1.1",
+	"version": "0.3.0",
 	"author": "James Prevett <axium@jamespre.dev> (https://jamespre.dev)",
 	"funding": {
 		"type": "individual",
@@ -19,7 +19,7 @@
 	"types": "dist/index.d.ts",
 	"exports": {
 		".": "./dist/index.js",
-		"./schemas": "./dist/schemas.js"
+		"./*": "./dist/*.js"
 	},
 	"files": [
 		"dist"
@@ -27,7 +27,10 @@
 	"scripts": {
 		"build": "tsc"
 	},
+	"peerDependencies": {
+		"zod": "^3.25.61"
+	},
 	"dependencies": {
-		"zod": "^3.24.2"
+		"@simplewebauthn/types": "^12.0.0"
 	}
 }