@bitblit/ratchet-warden-server 4.0.1-alpha

package/CHANGELOG.md

@@ -0,0 +1,19 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Notes]
+Alpha releases are exactly what they sound like - places where I am trying out new things that aren't ready for prime
+time, but I need published to see how they interact with the rest of my software ecosystem.  If you use an alpha
+package without knowing why it is alpha you'll get exactly what you deserve.
+
+## [Unreleased]
+
+## In Flight
+
+## [0.0.x] - 2018-03-23
+### Initial Release
+- Basic support for Warden, email and text messaging, and a simplified interface for bootstrapping over GraphQL
+

package/License.txt

@@ -0,0 +1,13 @@
+Copyright 2022-2023 Christopher Weiss
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

package/README.md

@@ -0,0 +1,38 @@
+# @bitblit/ratchet-warden-server
+
+Typescript library to simplify using simplewebauthn and secondary auth methods over GraphQL.
+
+## Introduction
+
+I really like using the [SimpleWebAuthn](https://simplewebauthn.dev/) library for Authentication but it has a couple
+pieces of code that I still end up re-writing over and over - adding the secondary login methods (like single-use
+code sent to email/text) and setting it up to run over GraphQL, which I use regularly and don't really want to 
+add a bunch of special methods when they are boilerplate inside anyway once I nail down storage.
+
+So, Warden handles that stuff for me.  Relies heavily on my [Ratchet](https://github.com/bitblit/Ratchet) library
+for supporting code.
+
+You may wish to read [the changelog](CHANGELOG.md)
+
+## Installation
+
+`yarn install @bitblit/warden`
+
+## Usage
+
+TBD
+
+### Barrel Files
+A Note on barrel files - All of Warden's barrel files are one level down. This is because otherwise everything
+I said above about transitive dependencies gets thrown out the window if you put them all in one big barrel file
+
+# Testing
+
+Ha! No, seriously - all testing is done using Jest.  To run them:
+
+`yarn test`
+
+# Contributing
+
+Pull requests are welcome, although I'm not sure why you'd be interested!
+

package/lib/build/ratchet-warden-server-info.d.ts

@@ -0,0 +1,5 @@
+import { BuildInformation } from '@bitblit/ratchet-common';
+export declare class RatchetWardenServerInfo {
+    private constructor();
+    static buildInformation(): BuildInformation;
+}

package/lib/index.d.ts

@@ -0,0 +1,15 @@
+export * from './build/ratchet-warden-server-info.js';
+export * from './server/warden-service-options.js';
+export * from './server/warden-service.js';
+export * from './server/provider/warden-default-user-decoration-provider.js';
+export * from './server/provider/warden-event-processing-provider.js';
+export * from './server/provider/warden-mailer-message-sending-provider-options.js';
+export * from './server/provider/warden-mailer-message-sending-provider.js';
+export * from './server/provider/warden-message-sending-provider.js';
+export * from './server/provider/warden-no-op-event-processing-provider.js';
+export * from './server/provider/warden-s3-single-file-storage-provider-options.js';
+export * from './server/provider/warden-s3-single-file-storage-provider.js';
+export * from './server/provider/warden-storage-provider.js';
+export * from './server/provider/warden-twilio-text-message-sending-provider-options.js';
+export * from './server/provider/warden-twilio-text-message-sending-provider.js';
+export * from './server/provider/warden-user-decoration-provider.js';

package/lib/index.mjs

@@ -0,0 +1,2 @@
+import{generateRegistrationOptions as e,verifyRegistrationResponse as t,generateAuthenticationOptions as r,verifyAuthenticationResponse as n}from"@simplewebauthn/server";import{WardenUtils as o,WardenStoreRegistrationResponseType as a,WardenCustomerMessageType as i,WardenContactType as s}from"@bitblit/ratchet-warden-common";import{ExpiringCodeRatchet as d,S3CacheRatchet as l}from"@bitblit/ratchet-aws";import{RequireRatchet as c,Logger as u,ErrorRatchet as h,StringRatchet as g,ExpiredJwtHandling as p,Base64Ratchet as m,TwilioRatchet as y}from"@bitblit/ratchet-common";class f{constructor(){}static buildInformation(){return{version:"LOCAL-SNAPSHOT",hash:"LOCAL-HASH",branch:"LOCAL-BRANCH",tag:"LOCAL-TAG",timeBuiltISO:"LOCAL-TIME-ISO",notes:"LOCAL-NOTES"}}}class w{async fetchDecoration(e){return{userTokenData:o.stripWardenEntryToSummary(e),userTokenExpirationSeconds:3600,userTeamRoles:[{team:"WARDEN",role:"USER"}]}}}class v{async userCreated(e){}async userRemoved(e){}}class C{inOptions;opts;expiringCodeRatchet;constructor(e){this.inOptions=e,c.notNullOrUndefined(e,"options"),c.notNullOrUndefined(e.relyingPartyName,"options.relyingPartyName"),c.notNullUndefinedOrEmptyArray(e.allowedOrigins,"options.allowedOrigins"),c.notNullOrUndefined(e.storageProvider,"options.storageProvider"),c.notNullUndefinedOrEmptyArray(e.messageSendingProviders,"options.messageSendingProviders"),c.notNullOrUndefined(e.expiringCodeProvider,"options.expiringCodeProvider"),c.notNullOrUndefined(e.jwtRatchet,"options.jwtRatchet"),this.opts=Object.assign({userTokenDataProvider:new w,eventProcessor:new v},e),this.expiringCodeRatchet=new d(this.opts.expiringCodeProvider)}get options(){return Object.assign({},this.opts)}findEntryByContact(e){return this.opts.storageProvider.findEntryByContact(e)}async processCommandStringToString(e,t,r){let n=null;try{const o=JSON.parse(e),a=await this.processCommandToResponse(o,t,r);null===a?u.warn("Response was null for %s %s %s",e,t,r):n=JSON.stringify(a)}catch(t){const r=h.safeStringifyErr(t);u.error("Failed %s : %j",r,e,t),n=JSON.stringify({error:r})}return n}async processCommandToResponse(e,t,r){let n=null;if(e){if(u.info("Processing command : UserID: %s  Origin: %s Command: %j",r,t,e),e.sendExpiringValidationToken)n={sendExpiringValidationToken:await this.sendExpiringValidationToken(e.sendExpiringValidationToken)};else if(e.generateWebAuthnAuthenticationChallengeForUserId){const r=await this.generateWebAuthnAuthenticationChallengeForUserId(e.generateWebAuthnAuthenticationChallengeForUserId,t);n={generateWebAuthnAuthenticationChallengeForUserId:{dataAsJson:JSON.stringify(r)}}}else if(e.createAccount)n={createAccount:await this.createAccount(e.createAccount.contact,e.createAccount.sendCode,e.createAccount.label,e.createAccount.tags)};else if(e.generateWebAuthnRegistrationChallengeForLoggedInUser){g.trimToNull(r)||h.throwFormattedErr("This requires a logged in user");const e=await this.generateWebAuthnRegistrationChallengeForLoggedInUser(r,t);n={generateWebAuthnRegistrationChallengeForLoggedInUser:{dataAsJson:JSON.stringify(e)}}}else if(e.addContactToLoggedInUser)if(o.validContact(e.addContactToLoggedInUser)){n={addContactToLoggedInUser:await this.addContactMethodToUser(r,e.addContactToLoggedInUser)}}else h.throwFormattedErr("Cannot add, invalid contact %j",e.addContactToLoggedInUser);else if(e.addWebAuthnRegistrationToLoggedInUser){g.trimToNull(r)||h.throwFormattedErr("This requires a logged in user");const a=JSON.parse(e.addWebAuthnRegistrationToLoggedInUser.dataAsJson),i=await this.storeAuthnRegistration(r,t,a);n=i.updatedEntry?{addWebAuthnRegistrationToLoggedInUser:o.stripWardenEntryToSummary(i.updatedEntry)}:i.error?{error:i.error}:{error:"Cannot happen - neither user nor error set"}}else if(e.removeWebAuthnRegistration){const t=await this.removeSingleWebAuthnRegistration(e.removeWebAuthnRegistration.userId,e.removeWebAuthnRegistration.credentialId);n={removeWebAuthnRegistration:o.stripWardenEntryToSummary(t)}}else if(e.removeWebAuthnRegistrationFromLoggedInUser){const t=await this.removeSingleWebAuthnRegistration(r,e.removeWebAuthnRegistrationFromLoggedInUser);n={removeWebAuthnRegistrationFromLoggedInUser:o.stripWardenEntryToSummary(t)}}else if(e.removeContactFromLoggedInUser){const t=await this.removeContactMethodFromUser(r,e.removeContactFromLoggedInUser);n={removeContactFromLoggedInUser:o.stripWardenEntryToSummary(t)}}else if(e.performLogin){const r=e.performLogin,a=await this.processLogin(r,t);if(u.info("Performing login - login auth check was : %s",a),a){const e=g.trimToNull(r.userId)?await this.opts.storageProvider.findEntryById(r.userId):await this.opts.storageProvider.findEntryByContact(r.contact),t=await this.opts.userDecorationProvider.fetchDecoration(e),a={loginData:o.stripWardenEntryToSummary(e),user:t.userTokenData,roles:o.teamRolesToRoles(t.userTeamRoles),proxy:null},i=await this.opts.jwtRatchet.createTokenString(a,t.userTokenExpirationSeconds);n={performLogin:{request:r,userId:e.userId,jwtToken:i}}}else n={error:"Login failed"}}else if(e.refreshJwtToken){const t=await this.opts.jwtRatchet.decodeToken(e.refreshJwtToken,p.THROW_EXCEPTION),r=await this.opts.storageProvider.findEntryById(t.loginData.userId),a=await this.opts.userDecorationProvider.fetchDecoration(r),i={loginData:o.stripWardenEntryToSummary(r),user:a.userTokenData,roles:o.teamRolesToRoles(a.userTeamRoles),proxy:null};n={refreshJwtToken:await this.opts.jwtRatchet.createTokenString(i,a.userTokenExpirationSeconds)}}}else n={error:"No command sent"};return n}async createAccount(e,t,r,n){let a=null;if(o.validContact(e)){await this.opts.storageProvider.findEntryByContact(e)&&h.throwFormattedErr("Cannot create - account already exists for %j",e);this.senderForContact(e)||h.throwFormattedErr("Cannot create - no sending provider for type %s",e.type);const o=g.createType4Guid(),i=Date.now(),s={userId:o,userLabel:r||"User "+o,contactMethods:[e],tags:n||[],webAuthnAuthenticators:[],createdEpochMS:i,updatedEpochMS:i},d=await this.opts.storageProvider.saveEntry(s);a=d.userId,this?.opts?.eventProcessor&&await this.opts.eventProcessor.userCreated(d),t&&(u.info("New user %j created and send requested - sending",d),await this.sendExpiringValidationToken(e))}else h.throwFormattedErr("Cannot create - invalid contact (missing or invalid fields)");return a}async addContactMethodToUser(e,t){let r=!1;if(g.trimToNull(e)&&o.validContact(t)){const n=await this.opts.storageProvider.findEntryByContact(t);n&&n.userId!==e&&h.throwFormattedErr("Cannot add contact to this user, another user already has that contact");const o=await this.opts.storageProvider.findEntryById(e);o||h.throwFormattedErr("Cannot add contact to this user, user does not exist"),o.contactMethods.push(t),await this.opts.storageProvider.saveEntry(o),r=!0}else h.throwFormattedErr("Cannot add - invalid config : %s %j",e,t);return r}async removeContactMethodFromUser(e,t){let r=null;if(g.trimToNull(e)&&o.validContact(t)){const n=await this.opts.storageProvider.findEntryById(e);n||h.throwFormattedErr("Cannot remove contact from this user, user does not exist"),n.contactMethods=(n.contactMethods||[]).filter((e=>e.type!==t.type||e.value!==t.value)),0===n.contactMethods.length&&h.throwFormattedErr("Cannot remove the last contact method from a user"),await this.opts.storageProvider.saveEntry(n),r=await this.opts.storageProvider.findEntryById(e)}else h.throwFormattedErr("Cannot add - invalid config : %s %j",e,t);return r}async generateWebAuthnRegistrationChallengeForLoggedInUser(t,r){if(!r||!this.opts.allowedOrigins.includes(r))throw new Error("Invalid origin : "+r);const n=new URL(r).hostname,o=await this.opts.storageProvider.findEntryById(t),a=e({rpName:this.opts.relyingPartyName,rpID:n,userID:o.userId,userName:o.userLabel,attestationType:"none",excludeCredentials:o.webAuthnAuthenticators.map((e=>({id:m.base64StringToBuffer(e.credentialPublicKeyBase64),type:"public-key",transports:e.transports})))});return await this.opts.storageProvider.updateUserChallenge(o.userId,n,a.challenge),a}async storeAuthnRegistration(e,r,n){u.info("Store authn data : %j",n);let o=null;try{if(!r||!this.opts.allowedOrigins.includes(r))throw new Error("Invalid origin : "+r);const i=new URL(r).hostname,s=await this.opts.storageProvider.findEntryById(e),d={response:n,expectedChallenge:await this.opts.storageProvider.fetchCurrentUserChallenge(s.userId,i),expectedOrigin:r,expectedRPID:i};u.info("Calling verifyRegistrationResponse: %j",d);const l=await t(d);if(u.info("verifyRegistrationResponse Result : %j",l),o={updatedEntry:null,registrationResponseId:n.id,result:l.verified?a.Verified:a.Failed},o.result===a.Verified){u.info("Storing registration");const e={counter:l.registrationInfo.counter,credentialBackedUp:l.registrationInfo.credentialBackedUp,credentialDeviceType:l.registrationInfo.credentialDeviceType,credentialIdBase64:n.id,credentialPublicKeyBase64:m.generateBase64VersionOfBuffer(Buffer.from(l.registrationInfo.credentialPublicKey))};s.webAuthnAuthenticators=(s.webAuthnAuthenticators||[]).filter((t=>t.credentialIdBase64!==e.credentialIdBase64)),s.webAuthnAuthenticators.push(e);const t=await this.opts.storageProvider.saveEntry(s);o.updatedEntry=t,u.info("Stored auth : %j",t)}}catch(e){o={registrationResponseId:n.id,result:a.Error,error:h.safeStringifyErr(e)}}return o}async generateWebAuthnAuthenticationChallengeForUserId(e,t){const r=await this.opts.storageProvider.findEntryById(e);return await this.generateWebAuthnAuthenticationChallenge(r,t)}async generateWebAuthnAuthenticationChallenge(e,t){const n=e.webAuthnAuthenticators;if(!t||!this.opts.allowedOrigins.includes(t))throw new Error("Invalid origin : "+t);const o=new URL(t).hostname,a=n.map((e=>({id:Buffer.from(e.credentialIdBase64,"base64"),type:"public-key",transports:e.transports}))),i=r({allowCredentials:a,userVerification:"preferred"});return await this.opts.storageProvider.updateUserChallenge(e.userId,o,i.challenge),i}senderForContact(e){let t=null;return e?.type&&(t=(this.opts.messageSendingProviders||[]).find((t=>t.handlesContactType(e.type)))),t}async sendExpiringValidationToken(e){let t=!1;if(e?.type&&g.trimToNull(e?.value)){const r=this.senderForContact(e);if(r){const n=await this.expiringCodeRatchet.createNewCode({context:e.value,length:6,alphabet:"0123456789",timeToLiveSeconds:300,tags:["Login"]}),o=await r.formatMessage(e,i.ExpiringCode,{code:n.code,relyingPartyName:this.opts.relyingPartyName});t=await r.sendMessage(e,o)}else h.throwFormattedErr("No provider found for contact type %s",e.type)}else h.throwFormattedErr("Cannot send - invalid request %j",e);return t}async processLogin(e,t){u.info("Processing login : %s : %j",t,e);let r=!1;c.notNullOrUndefined(e,"request"),c.true(!!g.trimToNull(e?.userId)||o.validContact(e?.contact),"Invalid contact and no userId"),c.true(!!e?.webAuthn||!!g.trimToNull(e?.expiringToken),"You must provide one of webAuthn or expiringToken"),c.true(!e?.webAuthn||!g.trimToNull(e?.expiringToken),"WebAuthn and ExpiringToken may not BOTH be set");const n=g.trimToNull(e?.userId)?await this.opts.storageProvider.findEntryById(e?.userId):await this.opts.storageProvider.findEntryByContact(e.contact);if(n||h.throwFormattedErr("No user found for %j / %s",e?.contact,e?.userId),e.webAuthn)r=await this.loginWithWebAuthnRequest(n,t,e.webAuthn);else if(g.trimToNull(e.expiringToken)){await this.expiringCodeRatchet.checkCode(g.trimToEmpty(e.expiringToken),g.trimToEmpty(e.contact.value),!0)?r=!0:h.throwFormattedErr("Cannot login - token is invalid for this user")}return r}async loginWithWebAuthnRequest(e,t,r){let o=!1;const a=new URL(t).hostname,i=await this.opts.storageProvider.fetchCurrentUserChallenge(e.userId,a),s=(e.webAuthnAuthenticators||[]).find((e=>e.credentialIdBase64===r.id));if(!s)throw new Error(`Could not find authenticator ${r.id} for user ${e.userId}`);const d={counter:s.counter,credentialID:m.base64StringToBuffer(s.credentialIdBase64),credentialPublicKey:m.base64StringToBuffer(s.credentialPublicKeyBase64)},l={response:r,expectedChallenge:i,expectedOrigin:t,expectedRPID:a,authenticator:d};return(await n(l)).verified&&(o=!0),o}async removeSingleWebAuthnRegistration(e,t){let r=await this.opts.storageProvider.findEntryById(e);return r?(r.webAuthnAuthenticators=(r.webAuthnAuthenticators||[]).filter((e=>e.credentialIdBase64!==t)),r=await this.opts.storageProvider.saveEntry(r)):u.info("Not removing - no such user as %s",e),r}async removeUser(e){let t=!1;if(g.trimToNull(e)){const r=await this.opts.storageProvider.findEntryById(e);r?(await this.opts.storageProvider.removeEntry(e),this?.opts?.eventProcessor&&await this.opts.eventProcessor.userRemoved(r),t=!0):u.warn("Cannot remove non-existent user : %s",e)}return t}}class T{mailer;options;static defaultOptions(){return{emailBaseLayoutName:void 0,expiringTokenHtmlTemplateName:"expiring-token-request-email",expiringTokenTxtTemplateName:void 0}}constructor(e,t=T.defaultOptions()){this.mailer=e,this.options=t}async formatMessage(e,t,r){const n={destinationAddresses:[e.value],subject:"Your login token"};return await this.mailer.fillEmailBody(n,r,this.options.expiringTokenHtmlTemplateName,this.options.expiringTokenTxtTemplateName,this.options.emailBaseLayoutName),n}handlesContactType(e){return e===s.EmailAddress}async sendMessage(e,t){const r=await this.mailer.sendEmail(t);return u.debug("SendRawEmailResponse was : %j",r),!!r}}class I{s3;options;ratchet;constructor(e,t){this.s3=e,this.options=t,this.ratchet=new l(this.s3,this.options.bucket)}async listUserSummaries(){return(await this.fetchDataFile()).entries.map((e=>o.stripWardenEntryToSummary(e)))}async fetchDataFile(){let e=await this.ratchet.fetchCacheFileAsObject(this.options.dataFileKey);return e=e||{entries:[],challenges:[]},e}async storeDataFile(e){let t=null;return e&&(t=await this.ratchet.writeObjectToCacheFile(this.options.dataFileKey,e)),t}async fetchCurrentUserChallenge(e,t){const r=((await this.fetchDataFile()).challenges||[]).find((r=>r.userId===e&&r.relyingPartyId===t));return r||h.throwFormattedErr("fetchCurrentUserChallenge: Could not find user %s",e),r.challenge}async findEntryByContact(e){let t=null;if(e?.type&&g.trimToNull(e?.value)){t=((await this.fetchDataFile()).entries||[]).find((t=>!!(t.contactMethods||[]).find((t=>t.type===e.type&&t.value===e.value))))}return t}async findEntryById(e){let t=null;if(g.trimToNull(e)){t=((await this.fetchDataFile()).entries||[]).find((t=>t.userId===e))}return t}async removeEntry(e){const t=await this.fetchDataFile();return t.entries=(t.entries||[]).filter((t=>t.userId!==e)),await this.storeDataFile(t),!0}async saveEntry(e){let t=null;if(e&&e.userId){const r=Date.now();e.createdEpochMS=e.createdEpochMS||r,e.updatedEpochMS=r;const n=await this.fetchDataFile();n.entries=(n.entries||[]).filter((t=>t.userId!==e.userId)),n.entries.push(e),await this.storeDataFile(n),t=await this.findEntryById(e.userId)}return t}async updateUserChallenge(e,t,r){const n=await this.fetchDataFile();return n.challenges=(n.challenges||[]).filter((r=>r.userId!==e||r.relyingPartyId!==t)),n.challenges.push({userId:e,relyingPartyId:t,challenge:r,updatedEpochMS:Date.now()}),await this.storeDataFile(n),!0}}class E{optsPromise;constructor(e){this.optsPromise=e}async formatMessage(e,t,r){u.info("Creating text");return r.code+" is your "+r.relyingPartyName+" authentication code.\n@"+r.relyingPartyName+" #"+r.code}handlesContactType(e){return e===s.TextCapablePhoneNumber}async sendMessage(e,t){const r=await this.optsPromise,n=await y.sendMessageDirect(r.accountSID,r.authToken,r.outBoundNumber,[e.value],t);return u.debug("sendMessage was : %j",n),!!n&&n.length>0}}export{f as RatchetWardenServerInfo,w as WardenDefaultUserDecorationProvider,T as WardenMailerMessageSendingProvider,v as WardenNoOpEventProcessingProvider,I as WardenS3SingleFileStorageProvider,C as WardenService,E as WardenTwilioTextMessageSendingProvider};
+//# sourceMappingURL=index.mjs.map

package/lib/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sources":["../src/build/ratchet-warden-server-info.ts","../src/server/provider/warden-default-user-decoration-provider.ts","../src/server/provider/warden-no-op-event-processing-provider.ts","../src/server/warden-service.ts","../src/server/provider/warden-mailer-message-sending-provider.ts","../src/server/provider/warden-s3-single-file-storage-provider.ts","../src/server/provider/warden-twilio-text-message-sending-provider.ts"],"sourcesContent":[null,null,null,null,null,null,null],"names":["RatchetWardenServerInfo","constructor","static","version","hash","branch","tag","timeBuiltISO","notes","WardenDefaultUserDecorationProvider","async","wardenUser","userTokenData","WardenUtils","stripWardenEntryToSummary","userTokenExpirationSeconds","userTeamRoles","team","role","WardenNoOpEventProcessingProvider","entry","WardenService","inOptions","opts","expiringCodeRatchet","this","RequireRatchet","notNullOrUndefined","relyingPartyName","notNullUndefinedOrEmptyArray","allowedOrigins","storageProvider","messageSendingProviders","expiringCodeProvider","jwtRatchet","Object","assign","userTokenDataProvider","eventProcessor","ExpiringCodeRatchet","options","findEntryByContact","contact","cmdString","origin","loggedInUserId","rval","cmd","JSON","parse","resp","processCommandToResponse","Logger","warn","stringify","err","errString","ErrorRatchet","safeStringifyErr","error","info","sendExpiringValidationToken","generateWebAuthnAuthenticationChallengeForUserId","tmp","dataAsJson","createAccount","sendCode","label","tags","generateWebAuthnRegistrationChallengeForLoggedInUser","StringRatchet","trimToNull","throwFormattedErr","addContactToLoggedInUser","validContact","addContactMethodToUser","addWebAuthnRegistrationToLoggedInUser","data","out","storeAuthnRegistration","updatedEntry","removeWebAuthnRegistration","modified","removeSingleWebAuthnRegistration","userId","credentialId","removeWebAuthnRegistrationFromLoggedInUser","removeContactFromLoggedInUser","output","removeContactMethodFromUser","performLogin","loginData","loginOk","processLogin","user","findEntryById","decoration","userDecorationProvider","fetchDecoration","wardenToken","roles","teamRolesToRoles","proxy","jwtToken","createTokenString","request","refreshJwtToken","parsed","decodeToken","ExpiredJwtHandling","THROW_EXCEPTION","senderForContact","type","guid","createType4Guid","now","Date","newUser","userLabel","contactMethods","webAuthnAuthenticators","createdEpochMS","updatedEpochMS","next","saveEntry","userCreated","otherUser","curUser","push","filter","s","value","length","includes","Error","rpID","URL","hostname","generateRegistrationOptions","rpName","userID","userName","attestationType","excludeCredentials","map","authenticator","id","Base64Ratchet","base64StringToBuffer","credentialPublicKeyBase64","transports","updateUserChallenge","challenge","vrOpts","response","expectedChallenge","fetchCurrentUserChallenge","expectedOrigin","expectedRPID","verification","verifyRegistrationResponse","registrationResponseId","result","verified","WardenStoreRegistrationResponseType","Verified","Failed","newAuth","counter","registrationInfo","credentialBackedUp","credentialDeviceType","credentialIdBase64","generateBase64VersionOfBuffer","Buffer","from","credentialPublicKey","wa","storedUser","generateWebAuthnAuthenticationChallenge","userAuthenticators","generateAuthenticationOptions","allowCredentials","userVerification","find","p","handlesContactType","prov","token","createNewCode","context","alphabet","timeToLiveSeconds","msg","formatMessage","WardenCustomerMessageType","ExpiringCode","code","sendMessage","true","webAuthn","expiringToken","loginWithWebAuthnRequest","checkCode","trimToEmpty","auth","credentialID","verifyAuthenticationResponse","key","ent","oldUser","removeEntry","userRemoved","WardenMailerMessageSendingProvider","mailer","emailBaseLayoutName","undefined","expiringTokenHtmlTemplateName","expiringTokenTxtTemplateName","defaultOptions","messageType","rts","destinationAddresses","subject","fillEmailBody","WardenContactType","EmailAddress","message","sendEmail","debug","WardenS3SingleFileStorageProvider","s3","ratchet","S3CacheRatchet","bucket","fetchDataFile","entries","d","fetchCacheFileAsObject","dataFileKey","challenges","file","writeObjectToCacheFile","relyingPartyId","x","storeDataFile","WardenTwilioTextMessageSendingProvider","optsPromise","TextCapablePhoneNumber","TwilioRatchet","sendMessageDirect","accountSID","authToken","outBoundNumber"],"mappings":"mkBAEaA,EAGXC,cAAwB,CAEjBC,0BASL,MAR8B,CAC5BC,QAAS,iBACTC,KAAM,aACNC,OAAQ,eACRC,IAAK,YACLC,aAAc,iBACdC,MAAO,cAGV,QCPUC,EACJC,sBAAsBC,GAO3B,MALuD,CACrDC,cAAeC,EAAYC,0BAA0BH,GACrDI,2BAA4B,KAC5BC,cAAe,CAAC,CAAEC,KAAM,SAAUC,KAAM,SAG3C,QCbUC,EAEJT,kBAAkBU,GAAqC,CAEvDV,kBAAkBU,GAAqC,QCoCnDC,EAISC,UAHZC,KACAC,oBAERvB,YAAoBqB,GAAAG,KAASH,UAATA,EAClBI,EAAeC,mBAAmBL,EAAW,WAC7CI,EAAeC,mBAAmBL,EAAUM,iBAAkB,4BAC9DF,EAAeG,6BAA6BP,EAAUQ,eAAgB,0BACtEJ,EAAeC,mBAAmBL,EAAUS,gBAAiB,2BAC7DL,EAAeG,6BAA6BP,EAAUU,wBAAyB,mCAC/EN,EAAeC,mBAAmBL,EAAUW,qBAAsB,gCAClEP,EAAeC,mBAAmBL,EAAUY,WAAY,sBAExDT,KAAKF,KAAOY,OAAOC,OACjB,CAAEC,sBAAuB,IAAI5B,EAAuC6B,eAAgB,IAAInB,GACxFG,GAGFG,KAAKD,oBAAsB,IAAIe,EAAoBd,KAAKF,KAAKU,qBAC9D,CAEUO,cACT,OAAOL,OAAOC,OAAO,CAAE,EAAEX,KAAKF,KAC/B,CAGMkB,mBAAmBC,GACxB,OAAOjB,KAAKF,KAAKQ,gBAAgBU,mBAAmBC,EACrD,CAGMhC,mCAAmCiC,EAAmBC,EAAgBC,GAC3E,IAAIC,EAAe,KACnB,IACE,MAAMC,EAAqBC,KAAKC,MAAMN,GAChCO,QAAoCzB,KAAK0B,yBAAyBJ,EAAKH,EAAQC,GACxE,OAATK,EACFE,EAAOC,KAAK,iCAAkCV,EAAWC,EAAQC,GAEjEC,EAAOE,KAAKM,UAAUJ,EAEzB,CAAC,MAAOK,GAEP,MAAMC,EAAoBC,EAAaC,iBAAiBH,GACxDH,EAAOO,MAAM,iBAAkBH,EAAWb,EAAWY,GACrDT,EAAOE,KAAKM,UAAU,CAAEK,MAAOH,GAChC,CACD,OAAOV,CACR,CAGMpC,+BAA+BqC,EAAoBH,EAAgBC,GACxE,IAAIC,EAA8B,KAClC,GAAIC,GAGF,GAFAK,EAAOQ,KAAK,0DAA2Df,EAAgBD,EAAQG,GAE3FA,EAAIc,4BACNf,EAAO,CAAEe,kCAAmCpC,KAAKoC,4BAA4Bd,EAAIc,mCAC5E,GAAId,EAAIe,iDAAkD,CAC/D,MAAMC,QAAmDtC,KAAKqC,iDAC5Df,EAAIe,iDACJlB,GAEFE,EAAO,CAAEgB,iDAAkD,CAAEE,WAAYhB,KAAKM,UAAUS,IACzF,MAAM,GAAIhB,EAAIkB,cACbnB,EAAO,CACLmB,oBAAqBxC,KAAKwC,cACxBlB,EAAIkB,cAAcvB,QAClBK,EAAIkB,cAAcC,SAClBnB,EAAIkB,cAAcE,MAClBpB,EAAIkB,cAAcG,YAGjB,GAAIrB,EAAIsB,qDAAsD,CAC9DC,EAAcC,WAAW1B,IAC5BY,EAAae,kBAAkB,kCAEjC,MAAMT,QAAoDtC,KAAK4C,qDAC7DxB,EACAD,GAEFE,EAAO,CAAEuB,qDAAsD,CAAEL,WAAYhB,KAAKM,UAAUS,IAC7F,MAAM,GAAIhB,EAAI0B,yBACb,GAAK5D,EAAY6D,aAAa3B,EAAI0B,0BAE3B,CAEL3B,EAAO,CAAE2B,+BADkBhD,KAAKkD,uBAAuB9B,EAAgBE,EAAI0B,0BAE5E,MAJChB,EAAae,kBAAkB,iCAAkCzB,EAAI0B,+BAKlE,GAAI1B,EAAI6B,sCAAuC,CAC/CN,EAAcC,WAAW1B,IAC5BY,EAAae,kBAAkB,kCAEjC,MAAMK,EAAiC7B,KAAKC,MAAMF,EAAI6B,sCAAsCZ,YACtFc,QAA6CrD,KAAKsD,uBAAuBlC,EAAgBD,EAAQiC,GAErG/B,EADEgC,EAAIE,aACC,CAAEJ,sCAAuC/D,EAAYC,0BAA0BgE,EAAIE,eACjFF,EAAInB,MACN,CAAEA,MAAOmB,EAAInB,OAEb,CAAEA,MAAO,6CAEnB,MAAM,GAAIZ,EAAIkC,2BAA4B,CACzC,MAAMC,QAA8BzD,KAAK0D,iCACvCpC,EAAIkC,2BAA2BG,OAC/BrC,EAAIkC,2BAA2BI,cAEjCvC,EAAO,CACLmC,2BAA4BpE,EAAYC,0BAA0BoE,GAErE,MAAM,GAAInC,EAAIuC,2CAA4C,CACzD,MAAMJ,QAA8BzD,KAAK0D,iCACvCtC,EACAE,EAAIuC,4CAENxC,EAAO,CACLwC,2CAA4CzE,EAAYC,0BAA0BoE,GAErF,MAAM,GAAInC,EAAIwC,8BAA+B,CAC5C,MAAMC,QAA4B/D,KAAKgE,4BAA4B5C,EAAgBE,EAAIwC,+BAEvFzC,EAAO,CACLyC,8BAA+B1E,EAAYC,0BAA0B0E,GAGxE,MAAM,GAAIzC,EAAI2C,aAAc,CAC3B,MAAMC,EAAgC5C,EAAI2C,aACpCE,QAAyBnE,KAAKoE,aAAaF,EAAW/C,GAE5D,GADAQ,EAAOQ,KAAK,+CAAgDgC,GACxDA,EAAS,CACX,MAAME,EAAoBxB,EAAcC,WAAWoB,EAAUP,cACnD3D,KAAKF,KAAKQ,gBAAgBgE,cAAcJ,EAAUP,cAClD3D,KAAKF,KAAKQ,gBAAgBU,mBAAmBkD,EAAUjD,SAC3DsD,QAA8CvE,KAAKF,KAAK0E,uBAAuBC,gBAAgBJ,GAC/FK,EAAmC,CACvCR,UAAW9E,EAAYC,0BAA0BgF,GACjDA,KAAME,EAAWpF,cACjBwF,MAAOvF,EAAYwF,iBAAiBL,EAAWhF,eAC/CsF,MAAO,MAEHC,QAAyB9E,KAAKF,KAAKW,WAAWsE,kBAAkBL,EAAaH,EAAWjF,4BAM9F+B,EAAO,CAAE4C,aAL0B,CACjCe,QAASd,EACTP,OAAQU,EAAKV,OACbmB,SAAUA,GAGb,MACCzD,EAAO,CAAEa,MAAO,eAEnB,MAAM,GAAIZ,EAAI2D,gBAAiB,CAC9B,MAAMC,QAAoClF,KAAKF,KAAKW,WAAW0E,YAAY7D,EAAI2D,gBAAiBG,EAAmBC,iBAC7GhB,QAA0BrE,KAAKF,KAAKQ,gBAAgBgE,cAAcY,EAAOhB,UAAUP,QACnFY,QAA8CvE,KAAKF,KAAK0E,uBAAuBC,gBAAgBJ,GAC/FK,EAAmC,CACvCR,UAAW9E,EAAYC,0BAA0BgF,GACjDA,KAAME,EAAWpF,cACjBwF,MAAOvF,EAAYwF,iBAAiBL,EAAWhF,eAC/CsF,MAAO,MAMTxD,EAAO,CACL4D,sBAJ6BjF,KAAKF,KAAKW,WAAWsE,kBAAkBL,EAAaH,EAAWjF,4BAM/F,OAED+B,EAAO,CAAEa,MAAO,mBAElB,OAAOb,CACR,CAGMpC,oBAAoBgC,EAAwBwB,EAAoBC,EAAgBC,GACrF,IAAItB,EAAe,KACnB,GAAIjC,EAAY6D,aAAahC,GAAU,OACNjB,KAAKF,KAAKQ,gBAAgBU,mBAAmBC,IAE1Ee,EAAae,kBAAkB,gDAAiD9B,GAGlCjB,KAAKsF,iBAAiBrE,IAEpEe,EAAae,kBAAkB,kDAAmD9B,EAAQsE,MAE5F,MAAMC,EAAe3C,EAAc4C,kBAC7BC,EAAcC,KAAKD,MACnBE,EAAuB,CAC3BjC,OAAQ6B,EACRK,UAAWnD,GAAS,QAAU8C,EAC9BM,eAAgB,CAAC7E,GACjB0B,KAAMA,GAAQ,GACdoD,uBAAwB,GACxBC,eAAgBN,EAChBO,eAAgBP,GAEZQ,QAA0BlG,KAAKF,KAAKQ,gBAAgB6F,UAAUP,GACpEvE,EAAO6E,EAAKvC,OACR3D,MAAMF,MAAMe,sBACRb,KAAKF,KAAKe,eAAeuF,YAAYF,GAGzCzD,IACFd,EAAOQ,KAAK,mDAAoD+D,SAC1DlG,KAAKoC,4BAA4BnB,GAE1C,MACCe,EAAae,kBAAkB,+DAEjC,OAAO1B,CACR,CAKMpC,6BAA6B0E,EAAgB1C,GAClD,IAAII,GAAgB,EACpB,GAAIwB,EAAcC,WAAWa,IAAWvE,EAAY6D,aAAahC,GAAU,CACzE,MAAMoF,QAA+BrG,KAAKF,KAAKQ,gBAAgBU,mBAAmBC,GAC9EoF,GAAaA,EAAU1C,SAAWA,GACpC3B,EAAae,kBAAkB,0EAEjC,MAAMuD,QAA6BtG,KAAKF,KAAKQ,gBAAgBgE,cAAcX,GACtE2C,GACHtE,EAAae,kBAAkB,wDAEjCuD,EAAQR,eAAeS,KAAKtF,SACtBjB,KAAKF,KAAKQ,gBAAgB6F,UAAUG,GAC1CjF,GAAO,CACR,MACCW,EAAae,kBAAkB,sCAAuCY,EAAQ1C,GAEhF,OAAOI,CACR,CAGMpC,kCAAkC0E,EAAgB1C,GACvD,IAAII,EAAoB,KACxB,GAAIwB,EAAcC,WAAWa,IAAWvE,EAAY6D,aAAahC,GAAU,CACzE,MAAMqF,QAA6BtG,KAAKF,KAAKQ,gBAAgBgE,cAAcX,GACtE2C,GACHtE,EAAae,kBAAkB,6DAEjCuD,EAAQR,gBAAkBQ,EAAQR,gBAAkB,IAAIU,QAAQC,GAAMA,EAAElB,OAAStE,EAAQsE,MAAQkB,EAAEC,QAAUzF,EAAQyF,QAC/E,IAAlCJ,EAAQR,eAAea,QACzB3E,EAAae,kBAAkB,2DAE3B/C,KAAKF,KAAKQ,gBAAgB6F,UAAUG,GAC1CjF,QAAarB,KAAKF,KAAKQ,gBAAgBgE,cAAcX,EACtD,MACC3B,EAAae,kBAAkB,sCAAuCY,EAAQ1C,GAEhF,OAAOI,CACR,CAIMpC,2DACL0E,EACAxC,GAEA,IAAKA,IAAWnB,KAAKF,KAAKO,eAAeuG,SAASzF,GAChD,MAAM,IAAI0F,MAAM,oBAAsB1F,GAExC,MACM2F,EADa,IAAIC,IAAI5F,GACA6F,SAErBrH,QAA2BK,KAAKF,KAAKQ,gBAAgBgE,cAAcX,GACnE5C,EAAUkG,EAA4B,CAC1CC,OAAQlH,KAAKF,KAAKK,iBAClB2G,KAAMA,EACNK,OAAQxH,EAAMgE,OACdyD,SAAUzH,EAAMkG,UAGhBwB,gBAAiB,OAEjBC,mBAAoB3H,EAAMoG,uBAAuBwB,KAAKC,IAAmB,CACvEC,GAAIC,EAAcC,qBAAqBH,EAAcI,2BACrDrC,KAAM,aAENsC,WAAYL,EAAcK,iBAM9B,aAFM7H,KAAKF,KAAKQ,gBAAgBwH,oBAAoBnI,EAAMgE,OAAQmD,EAAM/F,EAAQgH,WAEzEhH,CACR,CAGM9B,6BACL0E,EACAxC,EACAiC,GAEAzB,EAAOQ,KAAK,wBAAyBiB,GACrC,IAAI/B,EAAwC,KAC5C,IACE,IAAKF,IAAWnB,KAAKF,KAAKO,eAAeuG,SAASzF,GAChD,MAAM,IAAI0F,MAAM,oBAAsB1F,GAExC,MACM2F,EADa,IAAIC,IAAI5F,GACA6F,SAErB3C,QAA0BrE,KAAKF,KAAKQ,gBAAgBgE,cAAcX,GAIlEqE,EAAyC,CAC7CC,SAAU7E,EACV8E,wBAJsClI,KAAKF,KAAKQ,gBAAgB6H,0BAA0B9D,EAAKV,OAAQmD,GAKvGsB,eAAgBjH,EAChBkH,aAAcvB,GAGhBnF,EAAOQ,KAAK,yCAA0C6F,GAEtD,MAAMM,QAAmDC,EAA2BP,GASpF,GARArG,EAAOQ,KAAK,yCAA0CmG,GAEtDjH,EAAO,CACLkC,aAAc,KACdiF,uBAAwBpF,EAAKqE,GAC7BgB,OAAQH,EAAaI,SAAWC,EAAoCC,SAAWD,EAAoCE,QAGjHxH,EAAKoH,SAAWE,EAAoCC,SAAU,CAChEjH,EAAOQ,KAAK,wBACZ,MAAM2G,EAA+B,CACnCC,QAAST,EAAaU,iBAAiBD,QACvCE,mBAAoBX,EAAaU,iBAAiBC,mBAClDC,qBAAsBZ,EAAaU,iBAAiBE,qBACpDC,mBAAoB/F,EAAKqE,GACzBG,0BAA2BF,EAAc0B,8BACvCC,OAAOC,KAAKhB,EAAaU,iBAAiBO,uBAO9ClF,EAAK0B,wBAA0B1B,EAAK0B,wBAA0B,IAAIS,QAC/DgD,GAAOA,EAAGL,qBAAuBL,EAAQK,qBAE5C9E,EAAK0B,uBAAuBQ,KAAKuC,GACjC,MAAMW,QAAgCzJ,KAAKF,KAAKQ,gBAAgB6F,UAAU9B,GAC1EhD,EAAKkC,aAAekG,EACpB9H,EAAOQ,KAAK,mBAAoBsH,EACjC,CACF,CAAC,MAAO3H,GACPT,EAAO,CACLmH,uBAAwBpF,EAAKqE,GAC7BgB,OAAQE,EAAoC9B,MAC5C3E,MAAOF,EAAaC,iBAAiBH,GAExC,CAED,OAAOT,CACR,CAEMpC,uDACL0E,EACAxC,GAEA,MAAMkD,QAA0BrE,KAAKF,KAAKQ,gBAAgBgE,cAAcX,GAExE,aAD0D3D,KAAK0J,wCAAwCrF,EAAMlD,EAE9G,CAGMlC,8CAA8CoF,EAAmBlD,GAGtE,MAAMwI,EAA4CtF,EAAK0B,uBACvD,IAAK5E,IAAWnB,KAAKF,KAAKO,eAAeuG,SAASzF,GAChD,MAAM,IAAI0F,MAAM,oBAAsB1F,GAExC,MACM2F,EADa,IAAIC,IAAI5F,GACA6F,SAErB3D,EAAasG,EAAmBpC,KAAKC,IACvB,CAChBC,GAAI4B,OAAOC,KAAK9B,EAAc2B,mBAAoB,UAClD5D,KAAM,aAENsC,WAAYL,EAAcK,eAKxB9G,EAAiD6I,EAA8B,CAEnFC,iBAAkBxG,EAClByG,iBAAkB,cAMpB,aAFM9J,KAAKF,KAAKQ,gBAAgBwH,oBAAoBzD,EAAKV,OAAQmD,EAAM/F,EAAQgH,WAExEhH,CACR,CAGMuE,iBAAiBrE,GACtB,IAAII,EAA0C,KAI9C,OAHIJ,GAASsE,OACXlE,GAAQrB,KAAKF,KAAKS,yBAA2B,IAAIwJ,MAAMC,GAAMA,EAAEC,mBAAmBhJ,EAAQsE,SAErFlE,CACR,CAGMpC,kCAAkC+F,GACvC,IAAI3D,GAAgB,EACpB,GAAI2D,GAASO,MAAQ1C,EAAcC,WAAWkC,GAAS0B,OAAQ,CAC7D,MAAMwD,EAA0ClK,KAAKsF,iBAAiBN,GACtE,GAAIkF,EAAM,CACR,MAAMC,QAA4BnK,KAAKD,oBAAoBqK,cAAc,CACvEC,QAASrF,EAAQ0B,MACjBC,OAAQ,EACR2D,SAAU,aACVC,kBAAmB,IACnB5H,KAAM,CAAC,WAEH6H,QAAiBN,EAAKO,cAAczF,EAAS0F,EAA0BC,aAAc,CACzFC,KAAMT,EAAMS,KACZzK,iBAAkBH,KAAKF,KAAKK,mBAE9BkB,QAAa6I,EAAKW,YAAY7F,EAASwF,EACxC,MACCxI,EAAae,kBAAkB,wCAAyCiC,EAAQO,KAEnF,MACCvD,EAAae,kBAAkB,mCAAoCiC,GAErE,OAAO3D,CACR,CAIMpC,mBAAmB+F,EAA6B7D,GACrDQ,EAAOQ,KAAK,6BAA8BhB,EAAQ6D,GAClD,IAAI3D,GAAgB,EACpBpB,EAAeC,mBAAmB8E,EAAS,WAC3C/E,EAAe6K,OACXjI,EAAcC,WAAWkC,GAASrB,SAAWvE,EAAY6D,aAAa+B,GAAS/D,SACjF,iCAEFhB,EAAe6K,OACX9F,GAAS+F,YAAclI,EAAcC,WAAWkC,GAASgG,eAC3D,qDAEF/K,EAAe6K,MACZ9F,GAAS+F,WAAalI,EAAcC,WAAWkC,GAASgG,eACzD,kDAGF,MAAM3G,EAAoBxB,EAAcC,WAAWkC,GAASrB,cAClD3D,KAAKF,KAAKQ,gBAAgBgE,cAAcU,GAASrB,cACjD3D,KAAKF,KAAKQ,gBAAgBU,mBAAmBgE,EAAQ/D,SAK/D,GAJKoD,GACHrC,EAAae,kBAAkB,4BAA6BiC,GAAS/D,QAAS+D,GAASrB,QAGrFqB,EAAQ+F,SACV1J,QAAarB,KAAKiL,yBAAyB5G,EAAMlD,EAAQ6D,EAAQ+F,eAC5D,GAAIlI,EAAcC,WAAWkC,EAAQgG,eAAgB,OAC5BhL,KAAKD,oBAAoBmL,UACrDrI,EAAcsI,YAAYnG,EAAQgG,eAClCnI,EAAcsI,YAAYnG,EAAQ/D,QAAQyF,QAC1C,GAGArF,GAAO,EAEPW,EAAae,kBAAkB,gDAElC,CACD,OAAO1B,CACR,CAGMpC,+BAA+BoF,EAAmBlD,EAAgBiC,GACvE,IAAI/B,GAAgB,EACpB,MACMyF,EADa,IAAIC,IAAI5F,GACA6F,SACrBkB,QAAkClI,KAAKF,KAAKQ,gBAAgB6H,0BAA0B9D,EAAKV,OAAQmD,GAKnGsE,GAA6B/G,EAAK0B,wBAA0B,IAAIgE,MAAMtD,GAAMA,EAAE0C,qBAAuB/F,EAAKqE,KAEhH,IAAK2D,EACH,MAAM,IAAIvE,MAAM,gCAAgCzD,EAAKqE,eAAepD,EAAKV,UAG3E,MAAM6D,EAAqC,CACzCuB,QAASqC,EAAKrC,QACdsC,aAAc3D,EAAcC,qBAAqByD,EAAKjC,oBACtDI,oBAAqB7B,EAAcC,qBAAqByD,EAAKxD,4BAGzDI,EAA2C,CAC/CC,SAAU7E,EACV8E,oBACAE,eAAgBjH,EAChBkH,aAAcvB,EACdU,iBAQF,aAL2D8D,EAA6BtD,IAEvEU,WACfrH,GAAO,GAEFA,CACR,CAGMpC,uCAAuC0E,EAAgB4H,GAC5D,IAAIC,QAAyBxL,KAAKF,KAAKQ,gBAAgBgE,cAAcX,GAOrE,OANI6H,GACFA,EAAIzF,wBAA0ByF,EAAIzF,wBAA0B,IAAIS,QAAQC,GAAMA,EAAE0C,qBAAuBoC,IACvGC,QAAYxL,KAAKF,KAAKQ,gBAAgB6F,UAAUqF,IAEhD7J,EAAOQ,KAAK,oCAAqCwB,GAE5C6H,CACR,CAGMvM,iBAAiB0E,GACtB,IAAItC,GAAgB,EACpB,GAAIwB,EAAcC,WAAWa,GAAS,CACpC,MAAM8H,QAA6BzL,KAAKF,KAAKQ,gBAAgBgE,cAAcX,GACvE8H,SACIzL,KAAKF,KAAKQ,gBAAgBoL,YAAY/H,GACxC3D,MAAMF,MAAMe,sBACRb,KAAKF,KAAKe,eAAe8K,YAAYF,GAE7CpK,GAAO,GAEPM,EAAOC,KAAK,uCAAwC+B,EAEvD,CAED,OAAOtC,CACR,QCzkBUuK,EAWDC,OACA9K,QAXFtC,wBAMN,MALwD,CACtDqN,yBAAqBC,EACrBC,8BAA+B,+BAC/BC,kCAA8BF,EAGjC,CAEDvN,YACUqN,EACA9K,EAAqD6K,EAAmCM,kBADxFlM,KAAM6L,OAANA,EACA7L,KAAOe,QAAPA,CACN,CAEG9B,oBACLgC,EACAkL,EACA9B,GAEA,MAAM+B,EAAwB,CAC5BC,qBAAsB,CAACpL,EAAQyF,OAC/B4F,QAAS,oBAWX,aARMtM,KAAK6L,OAAOU,cAChBH,EACA/B,EACArK,KAAKe,QAAQiL,8BACbhM,KAAKe,QAAQkL,6BACbjM,KAAKe,QAAQ+K,qBAGRM,CACR,CAEDnC,mBAAmB1E,GACjB,OAAOA,IAASiH,EAAkBC,YACnC,CAEMxN,kBAAkBgC,EAAwByL,GAC/C,MAAMrL,QAAmCrB,KAAK6L,OAAOc,UAAUD,GAE/D,OADA/K,EAAOiL,MAAM,gCAAiCvL,KACrCA,CACV,QCvCUwL,EAESC,GAAsB/L,QADlCgM,QACRvO,YAAoBsO,EAAsB/L,GAAtBf,KAAE8M,GAAFA,EAAsB9M,KAAOe,QAAPA,EACxCf,KAAK+M,QAAU,IAAIC,EAAehN,KAAK8M,GAAI9M,KAAKe,QAAQkM,OACzD,CAEMhO,0BAGL,aAFsCe,KAAKkN,iBAAiBC,QACjB5F,KAAK6F,GAAMhO,EAAYC,0BAA0B+N,IAE7F,CAEMnO,sBACL,IAAImE,QACIpD,KAAK+M,QAAQM,uBAAkErN,KAAKe,QAAQuM,aAKpG,OAJAlK,EAAOA,GAAQ,CACb+J,QAAS,GACTI,WAAY,IAEPnK,CACR,CAEMnE,oBAAoBuO,GACzB,IAAInM,EAAwB,KAI5B,OAHImM,IACFnM,QAAarB,KAAK+M,QAAQU,uBAAuBzN,KAAKe,QAAQuM,YAAaE,IAEtEnM,CACR,CAEMpC,gCAAgC0E,EAAgB+J,GACrD,MACM/N,UADwDK,KAAKkN,iBACGK,YAAc,IAAIxD,MACrFqD,GAAMA,EAAEzJ,SAAWA,GAAUyJ,EAAEM,iBAAmBA,IAMrD,OAJK/N,GACHqC,EAAae,kBAAkB,oDAAqDY,GAG/EhE,EAAMoI,SACd,CAEM9I,yBAAyBgC,GAC9B,IAAII,EAAoB,KACxB,GAAIJ,GAASsE,MAAQ1C,EAAcC,WAAW7B,GAASyF,OAAQ,CAE7DrF,UAD8DrB,KAAKkN,iBACtDC,SAAW,IAAIpD,MAAMqD,MAASA,EAAEtH,gBAAkB,IAAIiE,MAAM4D,GAAMA,EAAEpI,OAAStE,EAAQsE,MAAQoI,EAAEjH,QAAUzF,EAAQyF,SAC/H,CACD,OAAOrF,CACR,CAEMpC,oBAAoB0E,GACzB,IAAItC,EAAoB,KACxB,GAAIwB,EAAcC,WAAWa,GAAS,CAEpCtC,UAD8DrB,KAAKkN,iBACtDC,SAAW,IAAIpD,MAAMqD,GAAMA,EAAEzJ,SAAWA,GACtD,CACD,OAAOtC,CACR,CAEMpC,kBAAkB0E,GACvB,MAAMP,QAAwDpD,KAAKkN,gBAGnE,OAFA9J,EAAK+J,SAAW/J,EAAK+J,SAAW,IAAI3G,QAAQ4G,GAAMA,EAAEzJ,SAAWA,UACzD3D,KAAK4N,cAAcxK,IAClB,CACR,CAEMnE,gBAAgBU,GACrB,IAAI0B,EAAoB,KACxB,GAAI1B,GAASA,EAAMgE,OAAQ,CACzB,MAAM+B,EAAcC,KAAKD,MACzB/F,EAAMqG,eAAiBrG,EAAMqG,gBAAkBN,EAC/C/F,EAAMsG,eAAiBP,EACvB,MAAMtC,QAAwDpD,KAAKkN,gBACnE9J,EAAK+J,SAAW/J,EAAK+J,SAAW,IAAI3G,QAAQ4G,GAAMA,EAAEzJ,SAAWhE,EAAMgE,SACrEP,EAAK+J,QAAQ5G,KAAK5G,SACZK,KAAK4N,cAAcxK,GACzB/B,QAAarB,KAAKsE,cAAc3E,EAAMgE,OACvC,CACD,OAAOtC,CACR,CAEMpC,0BAA0B0E,EAAgB+J,EAAwB3F,GACvE,MAAM3E,QAAwDpD,KAAKkN,gBAUnE,OATA9J,EAAKmK,YAAcnK,EAAKmK,YAAc,IAAI/G,QAAQ4G,GAAMA,EAAEzJ,SAAWA,GAAUyJ,EAAEM,iBAAmBA,IACpGtK,EAAKmK,WAAWhH,KAAK,CACnB5C,OAAQA,EACR+J,eAAgBA,EAChB3F,UAAWA,EACX9B,eAAgBN,KAAKD,cAGjB1F,KAAK4N,cAAcxK,IAClB,CACR,QCrGUyK,EACSC,YAApBtP,YAAoBsP,GAAA9N,KAAW8N,YAAXA,CAAuE,CAEpF7O,oBACLgC,EACAkL,EACA9B,GAEA1I,EAAOQ,KAAK,iBAUZ,OAPEkI,EAAc,KACd,YACAA,EAA0B,iBAC1B,2BACAA,EAA0B,iBAC1B,KACAA,EAAc,IAEjB,CAEDJ,mBAAmB1E,GACjB,OAAOA,IAASiH,EAAkBuB,sBACnC,CAEM9O,kBAAkBgC,EAAwByL,GAC/C,MAAM5M,QAA4DE,KAAK8N,YACjEzM,QAAoB2M,EAAcC,kBACtCnO,EAAKoO,WACLpO,EAAKqO,UACLrO,EAAKsO,eACL,CAACnN,EAAQyF,OACTgG,GAGF,OADA/K,EAAOiL,MAAM,uBAAwBvL,KAC5BA,GAAQA,EAAKsF,OAAS,CAChC"}

package/lib/server/provider/warden-default-user-decoration-provider.d.ts

@@ -0,0 +1,7 @@
+import { WardenEntry } from '@bitblit/ratchet-warden-common';
+import { WardenEntrySummary } from '@bitblit/ratchet-warden-common';
+import { WardenUserDecoration } from '@bitblit/ratchet-warden-common';
+import { WardenUserDecorationProvider } from './warden-user-decoration-provider.js';
+export declare class WardenDefaultUserDecorationProvider implements WardenUserDecorationProvider<WardenEntrySummary> {
+    fetchDecoration(wardenUser: WardenEntry): Promise<WardenUserDecoration<WardenEntrySummary>>;
+}

package/lib/server/provider/warden-event-processing-provider.d.ts

@@ -0,0 +1,5 @@
+import { WardenEntry } from '@bitblit/ratchet-warden-common';
+export interface WardenEventProcessingProvider {
+    userCreated(entry: WardenEntry): Promise<void>;
+    userRemoved(entry: WardenEntry): Promise<void>;
+}

package/lib/server/provider/warden-mailer-message-sending-provider-options.d.ts

@@ -0,0 +1,5 @@
+export interface WardenMailerMessageSendingProviderOptions {
+    emailBaseLayoutName?: string;
+    expiringTokenHtmlTemplateName: string;
+    expiringTokenTxtTemplateName: string;
+}

package/lib/server/provider/warden-mailer-message-sending-provider.d.ts

@@ -0,0 +1,16 @@
+import { WardenMessageSendingProvider } from './warden-message-sending-provider.js';
+import { WardenMailerMessageSendingProviderOptions } from './warden-mailer-message-sending-provider-options.js';
+import { MailerLike } from '@bitblit/ratchet-aws';
+import { ReadyToSendEmail } from '@bitblit/ratchet-aws';
+import { WardenContact } from '@bitblit/ratchet-warden-common';
+import { WardenContactType } from '@bitblit/ratchet-warden-common';
+import { WardenCustomerMessageType } from '@bitblit/ratchet-warden-common';
+export declare class WardenMailerMessageSendingProvider implements WardenMessageSendingProvider<ReadyToSendEmail> {
+    private mailer;
+    private options;
+    private static defaultOptions;
+    constructor(mailer: MailerLike, options?: WardenMailerMessageSendingProviderOptions);
+    formatMessage(contact: WardenContact, messageType: WardenCustomerMessageType, context: Record<string, any>): Promise<ReadyToSendEmail>;
+    handlesContactType(type: WardenContactType): boolean;
+    sendMessage(contact: WardenContact, message: ReadyToSendEmail): Promise<boolean>;
+}

package/lib/server/provider/warden-message-sending-provider.d.ts

@@ -0,0 +1,8 @@
+import { WardenContactType } from '@bitblit/ratchet-warden-common';
+import { WardenContact } from '@bitblit/ratchet-warden-common';
+import { WardenCustomerMessageType } from '@bitblit/ratchet-warden-common';
+export interface WardenMessageSendingProvider<T> {
+    handlesContactType(type: WardenContactType): boolean;
+    sendMessage(contact: WardenContact, message: T): Promise<boolean>;
+    formatMessage(contact: WardenContact, messageType: WardenCustomerMessageType, context: Record<string, any>): Promise<T>;
+}

package/lib/server/provider/warden-no-op-event-processing-provider.d.ts

@@ -0,0 +1,6 @@
+import { WardenEntry } from '@bitblit/ratchet-warden-common';
+import { WardenEventProcessingProvider } from './warden-event-processing-provider.js';
+export declare class WardenNoOpEventProcessingProvider implements WardenEventProcessingProvider {
+    userCreated(entry: WardenEntry): Promise<void>;
+    userRemoved(entry: WardenEntry): Promise<void>;
+}

package/lib/server/provider/warden-s3-single-file-storage-provider-options.d.ts

@@ -0,0 +1,4 @@
+export interface WardenS3SingleFileStorageProviderOptions {
+    bucket: string;
+    dataFileKey: string;
+}

package/lib/server/provider/warden-s3-single-file-storage-provider.d.ts

@@ -0,0 +1,31 @@
+import { WardenEntry } from '@bitblit/ratchet-warden-common';
+import { WardenEntrySummary } from '@bitblit/ratchet-warden-common';
+import { WardenStorageProvider } from './warden-storage-provider.js';
+import { WardenS3SingleFileStorageProviderOptions } from './warden-s3-single-file-storage-provider-options.js';
+import { PutObjectOutput, S3Client } from '@aws-sdk/client-s3';
+import { WardenContact } from '@bitblit/ratchet-warden-common';
+export declare class WardenS3SingleFileStorageProvider implements WardenStorageProvider {
+    private s3;
+    private options;
+    private ratchet;
+    constructor(s3: S3Client, options: WardenS3SingleFileStorageProviderOptions);
+    listUserSummaries(): Promise<WardenEntrySummary[]>;
+    fetchDataFile(): Promise<WardenS3SingleFileStorageProviderDataFile>;
+    storeDataFile(file: WardenS3SingleFileStorageProviderDataFile): Promise<PutObjectOutput>;
+    fetchCurrentUserChallenge(userId: string, relyingPartyId: string): Promise<string>;
+    findEntryByContact(contact: WardenContact): Promise<WardenEntry>;
+    findEntryById(userId: string): Promise<WardenEntry>;
+    removeEntry(userId: string): Promise<boolean>;
+    saveEntry(entry: WardenEntry): Promise<WardenEntry>;
+    updateUserChallenge(userId: string, relyingPartyId: string, challenge: string): Promise<boolean>;
+}
+export interface WardenS3SingleFileStorageProviderChallengeRecord {
+    userId: string;
+    relyingPartyId: string;
+    challenge: string;
+    updatedEpochMS: number;
+}
+export interface WardenS3SingleFileStorageProviderDataFile {
+    entries: WardenEntry[];
+    challenges: WardenS3SingleFileStorageProviderChallengeRecord[];
+}

package/lib/server/provider/warden-storage-provider.d.ts

@@ -0,0 +1,12 @@
+import { WardenEntry } from '@bitblit/ratchet-warden-common';
+import { WardenEntrySummary } from '@bitblit/ratchet-warden-common';
+import { WardenContact } from '@bitblit/ratchet-warden-common';
+export interface WardenStorageProvider {
+    findEntryById(userId: string): Promise<WardenEntry>;
+    findEntryByContact(contact: WardenContact): Promise<WardenEntry>;
+    saveEntry(entry: WardenEntry): Promise<WardenEntry>;
+    removeEntry(userId: string): Promise<boolean>;
+    updateUserChallenge(userId: string, relyingPartyId: string, challenge: string): Promise<boolean>;
+    fetchCurrentUserChallenge(userId: string, relyingPartyId: string): Promise<string>;
+    listUserSummaries(): Promise<WardenEntrySummary[]>;
+}

package/lib/server/provider/warden-twilio-text-message-sending-provider-options.d.ts

@@ -0,0 +1,5 @@
+export interface WardenTwilioTextMessageSendingProviderOptions {
+    accountSID: string;
+    authToken: string;
+    outBoundNumber: string;
+}

package/lib/server/provider/warden-twilio-text-message-sending-provider.d.ts

@@ -0,0 +1,12 @@
+import { WardenMessageSendingProvider } from './warden-message-sending-provider.js';
+import { WardenTwilioTextMessageSendingProviderOptions } from './warden-twilio-text-message-sending-provider-options.js';
+import { WardenContact } from '@bitblit/ratchet-warden-common';
+import { WardenCustomerMessageType } from '@bitblit/ratchet-warden-common';
+import { WardenContactType } from '@bitblit/ratchet-warden-common';
+export declare class WardenTwilioTextMessageSendingProvider implements WardenMessageSendingProvider<string> {
+    private optsPromise;
+    constructor(optsPromise: Promise<WardenTwilioTextMessageSendingProviderOptions>);
+    formatMessage(contact: WardenContact, messageType: WardenCustomerMessageType, context: Record<string, any>): Promise<string>;
+    handlesContactType(type: WardenContactType): boolean;
+    sendMessage(contact: WardenContact, message: string): Promise<boolean>;
+}

package/lib/server/provider/warden-user-decoration-provider.d.ts

@@ -0,0 +1,5 @@
+import { WardenEntry } from '@bitblit/ratchet-warden-common';
+import { WardenUserDecoration } from '@bitblit/ratchet-warden-common';
+export interface WardenUserDecorationProvider<T> {
+    fetchDecoration(wardenUser: WardenEntry): Promise<WardenUserDecoration<T>>;
+}

package/lib/server/warden-service-options.d.ts

@@ -0,0 +1,16 @@
+import { WardenStorageProvider } from './provider/warden-storage-provider.js';
+import { WardenMessageSendingProvider } from './provider/warden-message-sending-provider.js';
+import { ExpiringCodeProvider } from '@bitblit/ratchet-aws';
+import { JwtRatchetLike } from '@bitblit/ratchet-common';
+import { WardenUserDecorationProvider } from './provider/warden-user-decoration-provider.js';
+import { WardenEventProcessingProvider } from './provider/warden-event-processing-provider.js';
+export interface WardenServiceOptions {
+    relyingPartyName: string;
+    allowedOrigins: string[];
+    storageProvider: WardenStorageProvider;
+    messageSendingProviders: WardenMessageSendingProvider<any>[];
+    expiringCodeProvider: ExpiringCodeProvider;
+    jwtRatchet: JwtRatchetLike;
+    userDecorationProvider?: WardenUserDecorationProvider<any>;
+    eventProcessor?: WardenEventProcessingProvider;
+}

package/lib/server/warden-service.d.ts

@@ -0,0 +1,32 @@
+import { AuthenticationResponseJSON, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialRequestOptionsJSON, RegistrationResponseJSON } from '@simplewebauthn/typescript-types';
+import { WardenServiceOptions } from './warden-service-options.js';
+import { WardenEntry } from '@bitblit/ratchet-warden-common';
+import { WardenStoreRegistrationResponse } from '@bitblit/ratchet-warden-common';
+import { WardenMessageSendingProvider } from './provider/warden-message-sending-provider.js';
+import { WardenContact } from '@bitblit/ratchet-warden-common';
+import { WardenCommand } from '@bitblit/ratchet-warden-common';
+import { WardenCommandResponse } from '@bitblit/ratchet-warden-common';
+import { WardenLoginRequest } from '@bitblit/ratchet-warden-common';
+export declare class WardenService {
+    private inOptions;
+    private opts;
+    private expiringCodeRatchet;
+    constructor(inOptions: WardenServiceOptions);
+    get options(): WardenServiceOptions;
+    findEntryByContact(contact: WardenContact): Promise<WardenEntry>;
+    processCommandStringToString(cmdString: string, origin: string, loggedInUserId: string): Promise<string>;
+    processCommandToResponse(cmd: WardenCommand, origin: string, loggedInUserId: string): Promise<WardenCommandResponse>;
+    createAccount(contact: WardenContact, sendCode?: boolean, label?: string, tags?: string[]): Promise<string>;
+    addContactMethodToUser(userId: string, contact: WardenContact): Promise<boolean>;
+    removeContactMethodFromUser(userId: string, contact: WardenContact): Promise<WardenEntry>;
+    generateWebAuthnRegistrationChallengeForLoggedInUser(userId: string, origin: string): Promise<PublicKeyCredentialCreationOptionsJSON>;
+    storeAuthnRegistration(userId: string, origin: string, data: RegistrationResponseJSON): Promise<WardenStoreRegistrationResponse>;
+    generateWebAuthnAuthenticationChallengeForUserId(userId: string, origin: string): Promise<PublicKeyCredentialRequestOptionsJSON>;
+    generateWebAuthnAuthenticationChallenge(user: WardenEntry, origin: string): Promise<PublicKeyCredentialRequestOptionsJSON>;
+    senderForContact(contact: WardenContact): WardenMessageSendingProvider<any>;
+    sendExpiringValidationToken(request: WardenContact): Promise<boolean>;
+    processLogin(request: WardenLoginRequest, origin: string): Promise<boolean>;
+    loginWithWebAuthnRequest(user: WardenEntry, origin: string, data: AuthenticationResponseJSON): Promise<boolean>;
+    removeSingleWebAuthnRegistration(userId: string, key: string): Promise<WardenEntry>;
+    removeUser(userId: string): Promise<boolean>;
+}

package/package.json

@@ -0,0 +1,73 @@
+{
+  "name": "@bitblit/ratchet-warden-server",
+  "version": "4.0.1-alpha",
+  "description": "Typescript library to simplify using simplewebauthn and secondary auth methods over GraphQL",
+  "sideEffects": false,
+  "bin": {},
+  "type": "module",
+  "files": [
+    "lib/*",
+    "bin/*"
+  ],
+  "exports": {
+    ".": {
+      "types": "./lib/index.d.ts",
+      "import": "./lib/index.mjs"
+    }
+  },
+  "contributors": [
+    "Christopher Weiss <bitblit@gmail.com>"
+  ],
+  "husky": {
+    "hooks": {
+      "pre-commit": "pretty-quick --staged"
+    }
+  },
+  "prettier": {
+    "printWidth": 140,
+    "singleQuote": true,
+    "arrowParens": "always"
+  },
+  "config": {},
+  "scripts": {
+    "watch": "tsc-watch",
+    "clean": "shx rm -Rf lib",
+    "test": "jest",
+    "docs": "typedoc",
+    "lint": "eslint src/**/*.ts",
+    "lint-fix": "eslint --fix src/**/*.ts",
+    "generate-barrels": "barrelsby -q --delete -d src -e .*\\.spec\\.ts && sed -i 's/\\x27;/.js\\x27;/' src/index.ts",
+    "build": "yarn clean && yarn generate-barrels && rollup -c rollup.config.js",
+    "force-build": "tsc --build --force"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/bitblit/Ratchet"
+  },
+  "keywords": [
+    "warden",
+    "simplewebauthn"
+  ],
+  "bugs": {
+    "url": "https://github.com/bitblit/Ratchet/issues"
+  },
+  "homepage": "https://github.com/bitblit/Ratchet#readme",
+  "engines": {
+    "node": ">=14.18"
+  },
+  "license": "Apache-2.0",
+  "dependencies": {
+    "@aws-sdk/client-s3": "3.332.0",
+    "@aws-sdk/client-ses": "3.332.0",
+    "@bitblit/ratchet-aws": "4.0.1-alpha",
+    "@bitblit/ratchet-common": "4.0.1-alpha",
+    "@bitblit/ratchet-warden-common": "4.0.1-alpha",
+    "@simplewebauthn/browser": "7.2.0",
+    "@simplewebauthn/server": "7.2.0",
+    "@simplewebauthn/typescript-types": "7.0.0",
+    "@simplewebauthn/iso-webcrypto": "7.2.0",
+    "jwt-decode": "3.1.2"
+  },
+  "peerDependencies": {
+  }
+}