@bitblit/ratchet-warden-common 6.0.146-alpha → 6.0.148-alpha

package/src/client/warden-user-service.spec.ts

@@ -0,0 +1,29 @@
+import { WardenUserService } from './warden-user-service.js';
+import { WardenUserServiceOptions } from './provider/warden-user-service-options.js';
+
+import { WardenClientRecentLoginProvider } from './provider/warden-client-recent-login-provider.js';
+import { WardenLoggedInUserProvider } from './provider/warden-logged-in-user-provider.js';
+import { WardenClient } from './warden-client.js';
+import { WardenUserServiceEventProcessingProvider } from './provider/warden-user-service-event-processing-provider.js';
+import { describe, expect, test } from 'vitest';
+import { mock } from 'vitest-mock-extended';
+
+describe('#wardenUserService', function () {
+  // Currently disabled because this seems to hang forever on github actions (2023-03-20)
+  test('should instantiate', async () => {
+    const wuso: WardenUserServiceOptions<any> = {
+      recentLoginProvider: mock<WardenClientRecentLoginProvider>(),
+      loggedInUserProvider: mock<WardenLoggedInUserProvider<any>>(),
+      wardenClient: mock<WardenClient>(),
+      eventProcessor: mock<WardenUserServiceEventProcessingProvider<any>>(),
+      loginCheckTimerPingSeconds: 60,
+      autoLoginHandlingThresholdSeconds: 60,
+      allowAutoRefresh: true,
+      applicationName: 'TEST-APP',
+    };
+
+    const wus: WardenUserService<any> = new WardenUserService<any>(wuso);
+    expect(wus).not.toBeNull();
+    wus.cleanShutDown();
+  });
+});

package/src/client/warden-user-service.ts

@@ -0,0 +1,434 @@
+import { Logger } from "@bitblit/ratchet-common/logger/logger";
+import { StringRatchet } from "@bitblit/ratchet-common/lang/string-ratchet";
+import { JwtDecodeOnlyRatchet } from "@bitblit/ratchet-common/jwt/jwt-decode-only-ratchet";
+import { Subscription, timer } from "rxjs";
+import { WardenUserServiceOptions } from "./provider/warden-user-service-options.js";
+import { WardenLoggedInUserWrapper } from "./provider/warden-logged-in-user-wrapper.js";
+import { WardenContact } from "../common/model/warden-contact.js";
+import { WardenJwtToken } from "../common/model/warden-jwt-token.js";
+import { WardenLoginResults } from "../common/model/warden-login-results.js";
+import { WardenLoginRequest } from "../common/model/warden-login-request.js";
+
+import {
+  AuthenticationResponseJSON,
+  PublicKeyCredentialRequestOptionsJSON,
+  RegistrationResponseJSON,
+  startAuthentication,
+  StartAuthenticationOpts,
+  startRegistration,
+  StartRegistrationOpts
+} from "@simplewebauthn/browser";
+import { WardenEntrySummary } from "../common/model/warden-entry-summary.js";
+import { WardenUtils } from "../common/util/warden-utils.js";
+import { WardenLoginRequestType } from "../common/model/warden-login-request-type";
+import { WardenTeamRoleMapping } from "../common/model/warden-team-role-mapping.ts";
+import { WardenUserDecoration } from "../common/model/warden-user-decoration.ts";
+import { WardenCommand } from "../common/command/warden-command.ts";
+import { WardenCommandResponse } from "../common/command/warden-command-response.ts";
+
+/**
+ * A service that handles logging in, saving the current user, watching
+ * for expiration, auto-refreshing the token, wrapped around a
+ * warden-client.
+ *
+ * T is the type of user object contained in the
+ */
+export class WardenUserService<T> {
+  private loggedInTimerSubscription: Subscription;
+  private _autoRefreshEnabled: boolean = false;
+
+  constructor(private options: WardenUserServiceOptions<T>) {
+    Logger.info('Initializing user service');
+    // Immediately read from storage if there is something there
+    const stored: WardenLoggedInUserWrapper<T> = this.options.loggedInUserProvider.fetchLoggedInUserWrapper();
+    if (WardenUtils.wrapperIsExpired(stored)) {
+      // Not treating this as a logout since it basically never logged in, just clearing it
+      Logger.info('Stored token is expired, removing it');
+      this.options.loggedInUserProvider.logOutUser();
+    } else {
+      // Fire the login event in case anything needs to know about the current user
+      this.options.eventProcessor.onSuccessfulLogin(stored);
+    }
+
+    const timerSeconds: number = this.options.loginCheckTimerPingSeconds || 2.5;
+    this.loggedInTimerSubscription = timer(0, timerSeconds * 1000).subscribe((t) => this.checkForAutoLogoutOrRefresh(t));
+  }
+
+  public cleanShutDown(): void {
+    if (this.loggedInTimerSubscription) {
+      this.loggedInTimerSubscription.unsubscribe();
+    }
+  }
+
+  public get serviceOptions(): WardenUserServiceOptions<T> {
+    return this.options;
+  }
+
+  public async createAccount(contact: WardenContact, sendCode?: boolean, label?: string, tags?: string[]): Promise<string> {
+    const rval: string = await this.options.wardenClient.createAccount(contact, sendCode, label, tags);
+
+    if (this.options.recentLoginProvider && StringRatchet.trimToNull(rval)) {
+      this.options.recentLoginProvider.saveNewUser(rval, label, contact);
+    }
+
+    return rval;
+  }
+
+  public async addContactToLoggedInUser(contact: WardenContact): Promise<boolean> {
+    return this.options.wardenClient.addContactToLoggedInUser(contact);
+  }
+
+  public get autoRefreshEnabled(): boolean {
+    return this._autoRefreshEnabled;
+  }
+
+  public set autoRefreshEnabled(newValue: boolean) {
+    if (newValue) {
+      if (this.options.allowAutoRefresh) {
+        this._autoRefreshEnabled = true;
+      } else {
+        throw new Error('Cannot enable auto-refresh - this is disabled in the user service options');
+      }
+    } else {
+      this._autoRefreshEnabled = false;
+    }
+  }
+
+  public async checkForAutoLogoutOrRefresh(t: number): Promise<void> {
+    Logger.debug('Checking for auto-logout or refresh : %s', t);
+    // This code will cause an auto-logout if the token is already expired, but not if it is CLOSE to expiration
+    const current: WardenLoggedInUserWrapper<T> = this.fetchLoggedInUserWrapper();
+    if (current) {
+      const thresholdSeconds: number = this.options.autoLoginHandlingThresholdSeconds || 10; // Default to 10 seconds
+      const secondsLeft: number = current.expirationEpochSeconds - Math.floor(Date.now() / 1000);
+      if (secondsLeft < thresholdSeconds) {
+        if (this.autoRefreshEnabled) {
+          Logger.info('Under threshold, initiating auto-refresh');
+          const result: WardenLoggedInUserWrapper<T> = await this.refreshToken();
+          this.options.eventProcessor.onAutomaticTokenRefresh(result);
+        } else {
+          Logger.info('Under threshold, initiating auto-logout');
+          this.logout();
+        }
+      }
+    }
+  }
+
+  public logout(): void {
+    this.options.loggedInUserProvider.logOutUser();
+    this.options.eventProcessor.onLogout();
+  }
+
+  public fetchLoggedInUserId(): string {
+    const tmp: WardenLoggedInUserWrapper<T> = this.options.loggedInUserProvider.fetchLoggedInUserWrapper();
+    const rval: string = tmp?.userObject?.wardenData?.userId;
+    return rval;
+  }
+
+  public fetchLoggedInUserWrapper(): WardenLoggedInUserWrapper<T> {
+    let tmp: WardenLoggedInUserWrapper<T> = this.options.loggedInUserProvider.fetchLoggedInUserWrapper();
+    if (tmp) {
+      if (WardenUtils.wrapperIsExpired(tmp)) {
+        // This is belt-and-suspenders for when the window was not open - during normal operation either
+        // auto-logout thread or auto-refresh thread would have handled this
+        Logger.info('Token is expired - auto logout triggered');
+        this.logout();
+        tmp = null;
+      }
+    }
+    return tmp;
+  }
+
+  public loggedInUserHasGlobalRole(roleId: string): boolean {
+    let rval: boolean = false;
+
+    const token: WardenJwtToken<T> = this.fetchLoggedInUserJwtObject();
+    rval = token ? WardenUtils.userHasGlobalRole(WardenUtils.wardenUserDecorationFromToken(token), roleId) : false;
+
+    return rval;
+  }
+
+  public loggedInUserHasRoleOnTeam(teamId: string, roleId: string): boolean {
+    let rval: boolean = false;
+
+    const token: WardenJwtToken<T> = this.fetchLoggedInUserJwtObject();
+    rval = token ? WardenUtils.userHasRoleOnTeam(WardenUtils.wardenUserDecorationFromToken(token), teamId, roleId) : false;
+
+    return rval;
+  }
+
+  public isLoggedIn(): boolean {
+    const t: WardenLoggedInUserWrapper<T> = this.fetchLoggedInUserWrapper();
+    return !!t;
+  }
+
+  public fetchLoggedInUserJwtObject(): WardenJwtToken<T> {
+    const t: WardenLoggedInUserWrapper<T> = this.fetchLoggedInUserWrapper();
+    return t ? t.userObject : null;
+  }
+
+  public fetchLoggedInUserJwtToken(): string {
+    const t: WardenLoggedInUserWrapper<T> = this.fetchLoggedInUserWrapper();
+    return t ? t.jwtToken : null;
+  }
+
+  public fetchLoggedInUserObject(): T {
+    const t: WardenJwtToken<T> = this.fetchLoggedInUserJwtObject();
+    return t?.user;
+  }
+
+  public fetchLoggedInProxyObject(): T {
+    const t: WardenJwtToken<T> = this.fetchLoggedInUserJwtObject();
+    return t?.proxy;
+  }
+
+  public fetchLoggedInGlobalRoleIds(): string[] {
+    const t: WardenJwtToken<T> = this.fetchLoggedInUserJwtObject();
+    return t?.globalRoleIds;
+  }
+
+  public fetchLoggedInTeamRoleMappingsGlobalRoleIds(): WardenTeamRoleMapping[] {
+    const t: WardenJwtToken<T> = this.fetchLoggedInUserJwtObject();
+    return t?.teamRoleMappings;
+  }
+
+  public fetchLoggedInUserExpirationEpochSeconds(): number {
+    const t: WardenJwtToken<T> = this.fetchLoggedInUserJwtObject();
+    return t ? t.exp : null;
+  }
+
+  public fetchLoggedInUserRemainingSeconds(): number {
+    const t: WardenJwtToken<T> = this.fetchLoggedInUserJwtObject();
+    return t ? t.exp - Math.floor(Date.now() / 1000) : null;
+  }
+
+  private async updateLoggedInUserFromTokenString(token: string): Promise<WardenLoggedInUserWrapper<T>> {
+    let rval: WardenLoggedInUserWrapper<T> = null;
+    if (!StringRatchet.trimToNull(token)) {
+      Logger.info('Called updateLoggedInUserFromTokenString with empty string - logging out');
+      this.logout();
+    } else {
+      Logger.info('updateLoggedInUserFromTokenString : %s', token);
+
+      const parsed: WardenJwtToken<T> = JwtDecodeOnlyRatchet.decodeTokenNoVerify<WardenJwtToken<T>>(token);
+      if (parsed) {
+        rval = {
+          userObject: parsed,
+          jwtToken: token,
+          expirationEpochSeconds: parsed.exp,
+        };
+        this.options.loggedInUserProvider.setLoggedInUserWrapper(rval);
+        this.updateRecentLoginsFromWardenEntrySummary(parsed.wardenData); // In case we have a recent logins tracker
+        this.options.eventProcessor.onSuccessfulLogin(rval);
+      } else {
+        Logger.warn('Failed to parse token %s - ignoring login and triggering failure');
+        this.options.eventProcessor.onLoginFailure('Could not parse token string');
+      }
+    }
+    return rval;
+  }
+
+  public async refreshToken(): Promise<WardenLoggedInUserWrapper<T>> {
+    let rval: WardenLoggedInUserWrapper<T> = null;
+    const currentWrapper: WardenLoggedInUserWrapper<T> = this.fetchLoggedInUserWrapper();
+    if (!currentWrapper) {
+      Logger.info('Could not refresh - no token available');
+    } else {
+      const newToken: string = await this.options.wardenClient.refreshJwtToken(currentWrapper.jwtToken);
+      rval = await this.updateLoggedInUserFromTokenString(newToken);
+    }
+    return rval;
+  }
+
+  // Passthru for convenience
+  public async sendExpiringCode(contact: WardenContact): Promise<boolean> {
+    return this.options.wardenClient.sendExpiringValidationToken(contact);
+  }
+
+  private async processWardenLoginResults(resp: WardenLoginResults): Promise<WardenLoggedInUserWrapper<T>> {
+    let rval: WardenLoggedInUserWrapper<T> = null;
+    if (resp) {
+      Logger.info('Warden: response : %j ', resp);
+      if (resp.jwtToken) {
+        Logger.info('Applying login');
+        rval = await this.updateLoggedInUserFromTokenString(resp.jwtToken);
+      } else if (resp.error) {
+        this.options.eventProcessor.onLoginFailure(resp.error);
+      } else {
+        Logger.error('Response contained neither token nor error');
+        this.options.eventProcessor.onLoginFailure('Response contained neither token nor error');
+      }
+    } else {
+      Logger.error('Login call failed');
+      this.options.eventProcessor.onLoginFailure('Login call returned null');
+    }
+    return rval;
+  }
+
+  private updateRecentLoginsFromWardenEntrySummary(res: WardenEntrySummary): void {
+    // Only store if we have a provider, and it was a successful login
+    if (this.options.recentLoginProvider && res) {
+      Logger.info('UserService : Saving recent login %j', res);
+      this.options.recentLoginProvider.saveRecentLogin(res);
+    } else {
+      Logger.info('Not saving recent login - no storage configured or no data passed');
+    }
+  }
+
+  private updateRecentLoginsFromLoggedInUserWrapper(res: WardenLoggedInUserWrapper<T>): void {
+    this.updateRecentLoginsFromWardenEntrySummary(res?.userObject?.wardenData);
+  }
+
+  public async executeWebAuthnBasedLogin(userId: string): Promise<WardenLoggedInUserWrapper<T>> {
+    const resp: WardenLoginResults = await this.executeWebAuthnLoginToWardenLoginResults(userId);
+    const rval: WardenLoggedInUserWrapper<T> = await this.processWardenLoginResults(resp);
+    this.updateRecentLoginsFromLoggedInUserWrapper(rval);
+    return rval;
+  }
+
+  public async removeWebAuthnRegistrationFromLoggedInUser(input: string): Promise<WardenEntrySummary> {
+    const rval: WardenEntrySummary = await this.options.wardenClient.removeWebAuthnRegistrationFromLoggedInUser(input);
+    return rval;
+  }
+
+  public async removeContactFromLoggedInUser(input: WardenContact): Promise<WardenEntrySummary> {
+    const rval: WardenEntrySummary = await this.options.wardenClient.removeContactFromLoggedInUser(input);
+    return rval;
+  }
+
+  public async executeValidationTokenBasedLogin(
+    contact: WardenContact,
+    token: string,
+    createUserIfMissing?: boolean,
+  ): Promise<WardenLoggedInUserWrapper<T>> {
+    Logger.info('Warden: executeValidationTokenBasedLogin : %j : %s : %s', contact, token, createUserIfMissing);
+    const resp: WardenLoginResults = await this.options.wardenClient.performLoginCmd({
+      type: WardenLoginRequestType.ExpiringToken,
+      contact: contact,
+      expiringToken: token,
+      createUserIfMissing: createUserIfMissing,
+    });
+    const rval: WardenLoggedInUserWrapper<T> = await this.processWardenLoginResults(resp);
+    this.updateRecentLoginsFromLoggedInUserWrapper(rval);
+    return rval;
+  }
+
+  public async executeThirdPartyTokenBasedLogin(
+    thirdParty: string,
+    token: string,
+    createUserIfMissing?: boolean,
+  ): Promise<WardenLoggedInUserWrapper<T>> {
+    Logger.info('Warden: executeThirdPartyTokenBasedLogin : %j : %s : %s', thirdParty, token, createUserIfMissing);
+    const resp: WardenLoginResults = await this.options.wardenClient.performLoginCmd({
+      type: WardenLoginRequestType.ThirdParty,
+      thirdPartyToken: {
+        thirdParty: thirdParty,
+        token: token,
+      },
+      createUserIfMissing: createUserIfMissing,
+    });
+    const rval: WardenLoggedInUserWrapper<T> = await this.processWardenLoginResults(resp);
+    this.updateRecentLoginsFromLoggedInUserWrapper(rval);
+    return rval;
+  }
+
+  public async saveCurrentDeviceAsWebAuthnForCurrentUser(): Promise<WardenEntrySummary> {
+    const input: StartRegistrationOpts = await this.options.wardenClient.generateWebAuthnRegistrationChallengeForLoggedInUser();
+
+    const creds: RegistrationResponseJSON = await startRegistration(input);
+
+    const deviceLabel: string = StringRatchet.trimToEmpty(
+      this.options?.deviceLabelGenerator ? this.options.deviceLabelGenerator() : this.defaultDeviceLabelGenerator(),
+    );
+
+    const output: WardenEntrySummary = await this.options.wardenClient.addWebAuthnRegistrationToLoggedInUser(
+      this.options.applicationName,
+      deviceLabel,
+      creds,
+    );
+    this.updateRecentLoginsFromWardenEntrySummary(output);
+    return output;
+  }
+
+
+  public async exportWebAuthnRegistrationEntryForLoggedInUser(origin: string): Promise<string> {
+    return this.options.wardenClient.exportWebAuthnRegistrationEntryForLoggedInUser(origin);
+  }
+  public async importWebAuthnRegistrationEntryForLoggedInUser(token: string): Promise<boolean> {
+    return this.options.wardenClient.importWebAuthnRegistrationEntryForLoggedInUser(token);
+  }
+
+  private defaultDeviceLabelGenerator(): string {
+    let rval: string = '';
+    if (navigator) {
+      // Chromium based browsers have something useful in this field (2023-10-26)
+      if (
+        navigator['userAgentData'] &&
+        navigator['userAgentData']['brands'] &&
+        navigator['userAgentData']['brands'][1] &&
+        navigator['userAgentData']['brands'][1]['brand']
+      ) {
+        rval = navigator['userAgentData']['brands'][1]['brand'];
+      } else {
+        rval = navigator.userAgent;
+      }
+      if (navigator.platform) {
+        rval += ' on ' + navigator.platform;
+      }
+    } else {
+      rval = 'Unknown device';
+    }
+    return rval;
+  }
+
+  public async executeWebAuthnLoginToWardenLoginResults(userId: string): Promise<WardenLoginResults> {
+    let rval: WardenLoginResults = null;
+    try {
+      // Add it to the list
+      const resp: PublicKeyCredentialRequestOptionsJSON =
+        await this.options.wardenClient.generateWebAuthnAuthenticationChallengeForUserId(userId);
+      const input: StartAuthenticationOpts = {
+        optionsJSON: resp,
+        useBrowserAutofill: false,
+        verifyBrowserAutofillInput: false,
+      };
+      Logger.info('Got login challenge : %j', input);
+      const creds: AuthenticationResponseJSON = await startAuthentication(input);
+      Logger.info('Got creds: %j', creds);
+
+      const loginCmd: WardenLoginRequest = {
+        type: WardenLoginRequestType.WebAuthn,
+        userId: userId,
+        webAuthn: creds,
+      };
+      rval = await this.options.wardenClient.performLoginCmd(loginCmd);
+      if (rval?.jwtToken) {
+        //rval = true;
+      }
+    } catch (err) {
+      Logger.error('WebauthN Failed : %s', err);
+    }
+    return rval;
+  }
+
+
+  public async executeThirdPartyLoginToWardenLoginResults(thirdParty: string, token: string): Promise<WardenLoginResults> {
+    let rval: WardenLoginResults = null;
+    try {
+      const loginCmd: WardenLoginRequest = {
+        type: WardenLoginRequestType.ThirdParty,
+        thirdPartyToken: {
+          thirdParty: thirdParty,
+          token: token,
+        }
+      };
+      rval = await this.options.wardenClient.performLoginCmd(loginCmd);
+      if (rval?.jwtToken) {
+        //rval = true;
+      }
+    } catch (err) {
+      Logger.error('Third party Failed : %s', err);
+    }
+    return rval;
+  }
+}

package/src/common/command/add-web-authn-registration-to-logged-in-user.ts

@@ -0,0 +1,7 @@
+import { WebAuthnObjectWrapper } from './web-authn-object-wrapper.js';
+
+export interface AddWebAuthnRegistrationToLoggedInUser {
+  webAuthn: WebAuthnObjectWrapper;
+  applicationName: string;
+  deviceLabel: string;
+}

package/src/common/command/create-account.ts

@@ -0,0 +1,8 @@
+import { WardenContact } from '../model/warden-contact.js';
+
+export interface CreateAccount {
+  contact: WardenContact;
+  sendCode?: boolean;
+  label?: string;
+  tags?: string[];
+}

package/src/common/command/remove-web-authn-registration.ts

@@ -0,0 +1,4 @@
+export interface RemoveWebAuthnRegistration {
+  userId: string;
+  credentialId: string;
+}

package/src/common/command/send-magic-link.ts

@@ -0,0 +1,15 @@
+import { WardenContact } from '../model/warden-contact.js';
+import { WardenContactLookup } from './warden-contact-lookup.js';
+import { WardenCustomTemplateDescriptor } from './warden-custom-template-descriptor.js';
+
+// You must set either contact or contactLookup, but not both
+export interface SendMagicLink {
+  overrideDestinationContact?: WardenContact; // If this is set, then the link will be a login for the userId/contact below, but sent to this address
+
+  contactLookup?: WardenContactLookup;
+  contact?: WardenContact;
+  landingUrl: string;
+  meta?: Record<string, string>;
+  ttlSeconds?: number;
+  customTemplate?: WardenCustomTemplateDescriptor;
+}

package/src/common/command/warden-command-response.ts

@@ -0,0 +1,24 @@
+import { WebAuthnObjectWrapper } from './web-authn-object-wrapper.js';
+import { WardenLoginResults } from '../model/warden-login-results.js';
+import { WardenEntrySummary } from '../model/warden-entry-summary.js';
+
+export interface WardenCommandResponse {
+  createAccount?: string;
+  sendMagicLink?: boolean;
+  generateWebAuthnAuthenticationChallengeForUserId?: WebAuthnObjectWrapper;
+  generateWebAuthnRegistrationChallengeForLoggedInUser?: WebAuthnObjectWrapper;
+  removeWebAuthnRegistration?: WardenEntrySummary;
+  sendExpiringValidationToken?: boolean;
+  addWebAuthnRegistrationToLoggedInUser?: WardenEntrySummary;
+  addContactToLoggedInUser?: boolean;
+  performLogin?: WardenLoginResults;
+  refreshJwtToken?: string;
+
+  removeWebAuthnRegistrationFromLoggedInUser?: WardenEntrySummary;
+  removeContactFromLoggedInUser?: WardenEntrySummary;
+
+  exportWebAuthnRegistrationEntryForLoggedInUser?: string;
+  importWebAuthnRegistrationEntryForLoggedInUser?: boolean;
+
+  error?: string;
+}

package/src/common/command/warden-command.ts

@@ -0,0 +1,29 @@
+import { CreateAccount } from './create-account.js';
+import { WardenContact } from '../model/warden-contact.js';
+import { RemoveWebAuthnRegistration } from './remove-web-authn-registration.js';
+import { WardenLoginRequest } from '../model/warden-login-request.js';
+import { SendMagicLink } from './send-magic-link.js';
+import { AddWebAuthnRegistrationToLoggedInUser } from './add-web-authn-registration-to-logged-in-user.js';
+
+export interface WardenCommand {
+  createAccount?: CreateAccount;
+  sendMagicLink?: SendMagicLink;
+  generateWebAuthnAuthenticationChallengeForUserId?: string;
+  generateWebAuthnRegistrationChallengeForLoggedInUser?: boolean;
+  sendExpiringValidationToken?: WardenContact;
+  addWebAuthnRegistrationToLoggedInUser?: AddWebAuthnRegistrationToLoggedInUser;
+  addContactToLoggedInUser?: WardenContact;
+
+  removeWebAuthnRegistrationFromLoggedInUser?: string;
+  removeContactFromLoggedInUser?: WardenContact;
+
+  removeWebAuthnRegistration?: RemoveWebAuthnRegistration;
+
+  performLogin?: WardenLoginRequest;
+  refreshJwtToken?: string;
+
+  exportWebAuthnRegistrationEntryForLoggedInUser?: string; // Pass the target origin
+  importWebAuthnRegistrationEntryForLoggedInUser?: string;
+
+
+}

package/src/common/command/warden-contact-lookup.ts

@@ -0,0 +1,7 @@
+import { WardenContactType } from '../model/warden-contact-type.js';
+
+// Used when you want to look up a particular contact by userId/contact type on the server side
+export interface WardenContactLookup {
+  userId?: string;
+  contactType?: WardenContactType;
+}

package/src/common/command/warden-custom-template-descriptor.ts

@@ -0,0 +1,7 @@
+export interface WardenCustomTemplateDescriptor {
+  textVersion?: string;
+  htmlVersion?: string;
+  baseLayout?: string;
+  subjectLine?: string;
+  meta?: Record<string, string>;
+}

package/src/common/command/web-authn-object-wrapper.ts

@@ -0,0 +1,3 @@
+export interface WebAuthnObjectWrapper {
+  dataAsJson: string;
+}

package/src/common/error/warden-error-codes.ts

@@ -0,0 +1,9 @@
+// NOTE: This is a psuedo-enum to fix some issues with Typescript enums.  See: https://exploringjs.com/tackling-ts/ch_enum-alternatives.html for details
+
+export const WardenErrorCode = {
+  Unspecified: 100,
+  InvalidLoginToken: 200,
+  ExpiredLoginToken: 300,
+} as const;
+
+export type WardenErrorCode = (typeof WardenErrorCode)[keyof typeof WardenErrorCode];