@cedros/login-react 0.0.1

package/dist/hooks/useRateLimiter.d.ts

@@ -0,0 +1,58 @@
+export interface UseRateLimiterOptions {
+    /** Maximum number of attempts allowed within the window */
+    maxAttempts?: number;
+    /** Time window in milliseconds */
+    windowMs?: number;
+}
+export interface UseRateLimiterReturn {
+    /**
+     * Check if an action is allowed. Throws an error if rate limited.
+     * Call this before performing the action.
+     */
+    checkLimit: () => void;
+    /**
+     * Check if an action is allowed without throwing.
+     * Returns true if allowed, false if rate limited.
+     */
+    isAllowed: () => boolean;
+    /**
+     * Get remaining attempts in current window
+     */
+    getRemainingAttempts: () => number;
+    /**
+     * Get time until rate limit resets (in ms)
+     */
+    getTimeUntilReset: () => number;
+    /**
+     * Reset the rate limiter (e.g., after successful action)
+     */
+    reset: () => void;
+}
+/**
+ * Rate limiting hook to prevent excessive API calls from the client.
+ *
+ * @param options - Rate limiter configuration
+ * @returns Rate limiter functions
+ *
+ * @example
+ * ```tsx
+ * function LoginForm() {
+ *   const { checkLimit, getRemainingAttempts } = useRateLimiter({
+ *     maxAttempts: 5,
+ *     windowMs: 60000, // 1 minute
+ *   });
+ *
+ *   const handleLogin = async () => {
+ *     try {
+ *       checkLimit(); // Throws if rate limited
+ *       await login(email, password);
+ *     } catch (err) {
+ *       if (err.message.includes('Too many attempts')) {
+ *         // Show rate limit message
+ *       }
+ *     }
+ *   };
+ * }
+ * ```
+ */
+export declare function useRateLimiter(options?: UseRateLimiterOptions): UseRateLimiterReturn;

package/dist/hooks/useSessions.d.ts

@@ -0,0 +1,45 @@
+import { Session, AuthError, RevokeAllSessionsResponse } from '../types';
+export interface UseSessionsReturn {
+    /** List of active sessions */
+    sessions: Session[];
+    /** Loading state */
+    isLoading: boolean;
+    /** Error state */
+    error: AuthError | null;
+    /** Fetch/refresh sessions list */
+    fetchSessions: () => Promise<void>;
+    /** Revoke all sessions (logout everywhere) */
+    revokeAllSessions: () => Promise<RevokeAllSessionsResponse>;
+    /** Number of other active sessions (excluding current) */
+    otherSessionCount: number;
+}
+/**
+ * Hook for managing user sessions across devices.
+ *
+ * @example
+ * ```tsx
+ * function SessionManager() {
+ *   const { sessions, isLoading, revokeAllSessions, otherSessionCount } = useSessions();
+ *
+ *   return (
+ *     <div>
+ *       <h3>Active Sessions ({sessions.length})</h3>
+ *       <ul>
+ *         {sessions.map(session => (
+ *           <li key={session.id}>
+ *             {session.userAgent}
+ *             {session.isCurrent && ' (current)'}
+ *           </li>
+ *         ))}
+ *       </ul>
+ *       {otherSessionCount > 0 && (
+ *         <button onClick={revokeAllSessions}>
+ *           Sign out of {otherSessionCount} other device(s)
+ *         </button>
+ *       )}
+ *     </div>
+ *   );
+ * }
+ * ```
+ */
+export declare function useSessions(): UseSessionsReturn;

package/dist/hooks/useSolanaAuth.d.ts

@@ -0,0 +1,30 @@
+import { AuthResponse, AuthError, ChallengeResponse } from '../types';
+export interface UseSolanaAuthReturn {
+    requestChallenge: (publicKey: string) => Promise<ChallengeResponse>;
+    signIn: (publicKey: string, signature: string, message: string) => Promise<AuthResponse>;
+    isLoading: boolean;
+    error: AuthError | null;
+    clearError: () => void;
+}
+/**
+ * Hook for Solana wallet authentication.
+ *
+ * @example
+ * ```tsx
+ * function SolanaLogin() {
+ *   const { requestChallenge, signIn, isLoading } = useSolanaAuth();
+ *   const { publicKey, signMessage } = useWallet();
+ *
+ *   const handleLogin = async () => {
+ *     const challenge = await requestChallenge(publicKey.toBase58());
+ *     const signature = await signMessage(new TextEncoder().encode(challenge.message));
+ *     const result = await signIn(
+ *       publicKey.toBase58(),
+ *       Buffer.from(signature).toString('base64'),
+ *       challenge.message
+ *     );
+ *   };
+ * }
+ * ```
+ */
+export declare function useSolanaAuth(): UseSolanaAuthReturn;

package/dist/hooks/useSystemSettings.d.ts

@@ -0,0 +1,47 @@
+import { UseSystemSettingsReturn } from '../types';
+/**
+ * Hook for managing system settings (admin only).
+ *
+ * Provides CRUD operations for system-wide configuration settings
+ * stored in the database. Only accessible to system administrators.
+ *
+ * @example
+ * ```tsx
+ * function SystemSettingsPanel() {
+ *   const {
+ *     settings,
+ *     isLoading,
+ *     error,
+ *     fetchSettings,
+ *     updateSettings,
+ *     getValue,
+ *   } = useSystemSettings();
+ *
+ *   useEffect(() => {
+ *     fetchSettings();
+ *   }, [fetchSettings]);
+ *
+ *   const handleSave = async () => {
+ *     await updateSettings([
+ *       { key: 'privacy_period_secs', value: '1209600' },
+ *     ]);
+ *   };
+ *
+ *   return (
+ *     <div>
+ *       {Object.entries(settings).map(([category, items]) => (
+ *         <section key={category}>
+ *           <h3>{category}</h3>
+ *           {items.map(item => (
+ *             <div key={item.key}>
+ *               {item.key}: {item.value}
+ *             </div>
+ *           ))}
+ *         </section>
+ *       ))}
+ *     </div>
+ *   );
+ * }
+ * ```
+ */
+export declare function useSystemSettings(): UseSystemSettingsReturn;

package/dist/hooks/useThemeManager.d.ts

@@ -0,0 +1,11 @@
+import { ThemeMode, ThemeOverrides } from '../types';
+export interface UseThemeManagerOptions {
+    theme?: ThemeMode;
+    themeOverrides?: ThemeOverrides;
+}
+/**
+ * Hook that manages theme application to the document root.
+ * Handles light/dark/auto themes and custom CSS variable overrides.
+ * Properly cleans up styles on unmount to prevent memory leaks.
+ */
+export declare function useThemeManager({ theme, themeOverrides }: UseThemeManagerOptions): void;

package/dist/hooks/useTotp.d.ts

@@ -0,0 +1,52 @@
+import { AuthError, TotpStatus, TotpSetupResponse, TotpBackupCodesResponse, TotpSetupState } from '../types';
+export interface UseTotpReturn {
+    /** Current TOTP status for the user */
+    status: TotpStatus | null;
+    /** Setup state for the enrollment flow */
+    setupState: TotpSetupState;
+    /** Setup data (secret, QR URL, backup codes) */
+    setupData: TotpSetupResponse | null;
+    /** Whether a request is in progress */
+    isLoading: boolean;
+    /** Error from the last request */
+    error: AuthError | null;
+    /** Fetch current TOTP status */
+    getStatus: () => Promise<TotpStatus>;
+    /** Start TOTP setup (generates secret and backup codes) */
+    beginSetup: () => Promise<TotpSetupResponse>;
+    /** Verify code and enable TOTP */
+    enableTotp: (code: string) => Promise<void>;
+    /** Disable TOTP (requires password confirmation) */
+    disableTotp: (password: string) => Promise<void>;
+    /** Regenerate recovery codes (requires current authenticator code) */
+    regenerateBackupCodes: (code: string) => Promise<TotpBackupCodesResponse>;
+    /** Clear error state */
+    clearError: () => void;
+    /** Reset to initial state */
+    reset: () => void;
+}
+/**
+ * Hook for TOTP (Time-based One-Time Password) two-factor authentication.
+ *
+ * Provides methods for:
+ * - Setting up TOTP with authenticator apps
+ * - Enabling/disabling TOTP for the user's account
+ * - Managing backup codes
+ *
+ * @example
+ * ```tsx
+ * function TotpSettings() {
+ *   const { status, beginSetup, enableTotp, setupData } = useTotp();
+ *
+ *   if (status?.enabled) {
+ *     return <p>2FA is enabled</p>;
+ *   }
+ *
+ *   const handleSetup = async () => {
+ *     const data = await beginSetup();
+ *     // Show QR code from data.otpauthUri
+ *   };
+ * }
+ * ```
+ */
+export declare function useTotp(): UseTotpReturn;

package/dist/hooks/useTotpVerify.d.ts

@@ -0,0 +1,38 @@
+import { AuthError, AuthResponse, TotpVerifyState } from '../types';
+export interface UseTotpVerifyReturn {
+    /** Verification state */
+    state: TotpVerifyState;
+    /** Whether verification is in progress */
+    isLoading: boolean;
+    /** Error from the last request */
+    error: AuthError | null;
+    /** Verify MFA code during login */
+    verifyTotp: (mfaToken: string, code: string) => Promise<AuthResponse>;
+    /** Clear error state */
+    clearError: () => void;
+    /** Reset to initial state */
+    reset: () => void;
+    /** Number of remaining verification attempts before rate limiting */
+    remainingAttempts: number;
+    /** Time in ms until rate limit resets (0 if not rate limited) */
+    timeUntilReset: number;
+}
+/**
+ * Hook for verifying TOTP codes during the login flow.
+ *
+ * Used when a user has TOTP enabled and needs to provide
+ * their 6-digit code after password authentication.
+ *
+ * @example
+ * ```tsx
+ * function TotpVerifyStep({ mfaToken }) {
+ *   const { verifyTotp, isLoading, error } = useTotpVerify();
+ *
+ *   const handleVerify = async (code: string) => {
+ *     const response = await verifyTotp(mfaToken, code);
+ *     // User is now authenticated
+ *   };
+ * }
+ * ```
+ */
+export declare function useTotpVerify(): UseTotpVerifyReturn;

package/dist/hooks/useTransactionSigning.d.ts

@@ -0,0 +1,45 @@
+import { UnlockCredential } from '../types/wallet';
+/** Signing method in use */
+export type SigningMethod = 'external' | 'sss' | 'none';
+/** Options for external wallet signing */
+export interface ExternalSignOptions {
+    /**
+     * Callback to sign transaction with external wallet adapter.
+     * Only called when user has external Solana wallet.
+     *
+     * @param transaction - Transaction bytes to sign
+     * @returns Signature bytes (64 bytes Ed25519)
+     */
+    onExternalSign?: (transaction: Uint8Array) => Promise<Uint8Array>;
+}
+/** Return type for useTransactionSigning hook */
+export interface UseTransactionSigningReturn {
+    /** Sign a transaction (routes to appropriate method) */
+    signTransaction: (transaction: Uint8Array, credential?: UnlockCredential) => Promise<Uint8Array>;
+    /** Which signing method is available */
+    signingMethod: SigningMethod;
+    /** Whether user can sign transactions */
+    canSign: boolean;
+    /** Whether signing is in progress */
+    isSigning: boolean;
+    /** Solana public key (from either wallet type) */
+    publicKey: string | null;
+    /** Whether user has external Solana wallet */
+    hasExternalWallet: boolean;
+    /** Whether SSS wallet is enrolled */
+    hasSssWallet: boolean;
+    /** Whether SSS wallet is unlocked (for session-based signing) */
+    isSssUnlocked: boolean;
+    /** Error from last signing attempt */
+    error: string | null;
+    /** Clear error */
+    clearError: () => void;
+}
+/**
+ * Unified transaction signing hook
+ *
+ * Automatically routes signing requests to the appropriate method:
+ * - External wallet: Uses provided callback
+ * - SSS wallet: Uses server-side signing
+ */
+export declare function useTransactionSigning(options?: ExternalSignOptions): UseTransactionSigningReturn;

package/dist/hooks/useWallet.d.ts

@@ -0,0 +1,10 @@
+import { WalletContextValue } from '../types/wallet';
+/**
+ * Main wallet hook
+ *
+ * Provides wallet status, capabilities, and refresh functionality.
+ * Distinguishes between external Solana wallet and SSS embedded wallet.
+ *
+ * Returns safe defaults when called outside CedrosLoginProvider.
+ */
+export declare function useWallet(): WalletContextValue;

package/dist/hooks/useWalletDiscovery.d.ts

@@ -0,0 +1,24 @@
+import { WalletRecoveryMode } from '../types/wallet';
+/** Return type for useWalletDiscovery hook */
+export interface UseWalletDiscoveryReturn {
+    /** Whether wallet feature is enabled on server */
+    walletEnabled: boolean;
+    /** Recovery mode: share_c_only or full_seed */
+    recoveryMode: WalletRecoveryMode;
+    /** Session unlock TTL in seconds */
+    unlockTtlSeconds: number;
+    /** Whether config is still loading */
+    isLoading: boolean;
+    /** Error message if fetch failed */
+    error: string | null;
+    /** Refetch the config */
+    refetch: () => Promise<void>;
+}
+/**
+ * Hook to fetch wallet discovery configuration from server
+ *
+ * Automatically fetches on mount and caches the result.
+ * Default values are used if fetch fails or wallet is not enabled.
+ * Returns defaults when used outside CedrosLoginProvider.
+ */
+export declare function useWalletDiscovery(): UseWalletDiscoveryReturn;

package/dist/hooks/useWalletEnrollment.d.ts

@@ -0,0 +1,9 @@
+import { UseWalletEnrollmentReturn } from '../types/wallet';
+/**
+ * Hook for wallet enrollment
+ *
+ * Supports auth methods:
+ * - password: User sets a wallet password (Argon2id KDF)
+ * - passkey: Uses passkey PRF extension
+ */
+export declare function useWalletEnrollment(): UseWalletEnrollmentReturn;

package/dist/hooks/useWalletMaterial.d.ts

@@ -0,0 +1,10 @@
+import { UseWalletMaterialReturn } from '../types/wallet';
+/**
+ * Hook for wallet material API operations
+ *
+ * Signing happens server-side: server stores Share A (encrypted) and Share B
+ * (plaintext), combines shares JIT for signing, and wipes immediately after.
+ *
+ * Safe to call outside CedrosLoginProvider - returns no-op functions that throw.
+ */
+export declare function useWalletMaterial(): UseWalletMaterialReturn;

package/dist/hooks/useWalletRecovery.d.ts

@@ -0,0 +1,9 @@
+import { UseWalletRecoveryReturn } from '../types/wallet';
+/**
+ * Hook for wallet recovery
+ *
+ * Supports two recovery modes based on server config:
+ * - full_seed: User enters the full 12-word seed phrase (portable)
+ * - share_c_only: User enters 12-word Share C phrase, server provides Share B (app-locked)
+ */
+export declare function useWalletRecovery(): UseWalletRecoveryReturn;

package/dist/hooks/useWalletSigning.d.ts

@@ -0,0 +1,31 @@
+import { UseWalletSigningReturn, UnlockCredential } from '../types/wallet';
+/**
+ * Hook for wallet transaction signing
+ *
+ * Usage:
+ * ```tsx
+ * const { signTransaction, isSigning, error } = useWalletSigning();
+ *
+ * // Sign with password
+ * const signature = await signTransaction(txBytes, { type: 'password', password: 'xxx' });
+ *
+ * // Sign with PIN
+ * const signature = await signTransaction(txBytes, { type: 'password', password: 'secret' });
+ *
+ * // Sign with passkey (PRF)
+ * const signature = await signTransaction(txBytes, { type: 'prfOutput', prfOutput: 'base64...' });
+ * ```
+ */
+export declare function useWalletSigning(): UseWalletSigningReturn;
+/**
+ * Helper hook to get PRF output for passkey signing
+ *
+ * This handles the WebAuthn PRF flow and returns a credential
+ * that can be used with useWalletSigning.
+ */
+export declare function usePasskeySigning(): {
+    getPasskeyCredential: () => Promise<UnlockCredential | null>;
+    isAuthenticating: boolean;
+    error: string | null;
+    clearError: () => void;
+};

package/dist/hooks/useWebAuthn.d.ts

@@ -0,0 +1,25 @@
+import { AuthError, AuthResponse } from '../types';
+export interface UseWebAuthnReturn {
+    isSupported: boolean;
+    isLoading: boolean;
+    error: AuthError | null;
+    clearError: () => void;
+    /** Start a server-managed WebAuthn authentication ceremony (login). */
+    authenticatePasskey: (params?: {
+        email?: string;
+    }) => Promise<AuthResponse>;
+    /** Register a new passkey for the currently authenticated user. */
+    registerPasskey: (params?: {
+        label?: string;
+    }) => Promise<{
+        credentialId: string;
+        label?: string;
+    }>;
+}
+/**
+ * Server-managed WebAuthn (passkey) authentication + registration.
+ *
+ * - Login: /webauthn/auth/options -> navigator.credentials.get -> /webauthn/auth/verify
+ * - Registration: /webauthn/register/options -> navigator.credentials.create -> /webauthn/register/verify
+ */
+export declare function useWebAuthn(): UseWebAuthnReturn;

package/dist/i18n/I18nProvider.d.ts

@@ -0,0 +1,16 @@
+import { ReactNode } from 'react';
+import { Translations } from './translations';
+type DeepPartial<T> = {
+    [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P];
+};
+export interface I18nProviderProps {
+    children: ReactNode;
+    locale?: string;
+    translations?: DeepPartial<Translations>;
+}
+/**
+ * Provider for internationalization support.
+ * Allows overriding default English translations with custom strings.
+ */
+export declare function I18nProvider({ children, locale, translations: customTranslations, }: I18nProviderProps): import("react/jsx-runtime").JSX.Element;
+export {};

package/dist/i18n/context.d.ts

@@ -0,0 +1,6 @@
+import { Translations } from './translations';
+export interface I18nContextValue {
+    t: Translations;
+    locale: string;
+}
+export declare const I18nContext: import('react').Context<I18nContextValue | null>;

package/dist/i18n/index.d.ts

@@ -0,0 +1,5 @@
+export { I18nProvider } from './I18nProvider';
+export type { I18nProviderProps } from './I18nProvider';
+export { useTranslations, useLocale } from './useI18n';
+export { defaultTranslations, mergeTranslations } from './translations';
+export type { Translations } from './translations';

package/dist/i18n/translations.d.ts

@@ -0,0 +1,66 @@
+export interface Translations {
+    auth: {
+        email: string;
+        password: string;
+        confirmPassword: string;
+        name: string;
+        optional: string;
+        createPassword: string;
+        confirmYourPassword: string;
+        emailPlaceholder: string;
+        namePlaceholder: string;
+    };
+    buttons: {
+        signIn: string;
+        signUp: string;
+        signOut: string;
+        createAccount: string;
+        continueWithGoogle: string;
+        continueWithSolana: string;
+        forgotPassword: string;
+        resetPassword: string;
+        sendVerification: string;
+    };
+    messages: {
+        signingIn: string;
+        signingUp: string;
+        creatingAccount: string;
+        connectingWallet: string;
+        verifyingSignature: string;
+        passwordsDoNotMatch: string;
+        alreadyHaveAccount: string;
+        dontHaveAccount: string;
+        orContinueWith: string;
+    };
+    errors: {
+        invalidCredentials: string;
+        emailExists: string;
+        invalidEmail: string;
+        weakPassword: string;
+        networkError: string;
+        unknownError: string;
+        walletNotFound: string;
+        signatureRejected: string;
+        challengeExpired: string;
+    };
+    passwordValidation: {
+        minLength: string;
+        uppercase: string;
+        lowercase: string;
+        number: string;
+        special: string;
+        weak: string;
+        fair: string;
+        good: string;
+        strong: string;
+    };
+}
+export declare const defaultTranslations: Translations;
+/**
+ * Deep merge translations, allowing partial overrides
+ */
+export declare function mergeTranslations(base: Translations, overrides: DeepPartial<Translations>): Translations;
+type DeepPartial<T> = {
+    [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P];
+};
+export {};

package/dist/i18n/useI18n.d.ts

@@ -0,0 +1,9 @@
+import { Translations } from './translations';
+/**
+ * Hook to access translations
+ */
+export declare function useTranslations(): Translations;
+/**
+ * Hook to access current locale
+ */
+export declare function useLocale(): string;