@dfns/sdk 0.0.0-prealpha.9

package/dfnsError.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DfnsError = void 0;
+class DfnsError extends Error {
+    constructor(httpStatus, message, context) {
+        super(message);
+        this.httpStatus = httpStatus;
+        this.context = context;
+    }
+}
+exports.DfnsError = DfnsError;

package/index.d.ts

@@ -0,0 +1,7 @@
+export * from './baseAuthApi';
+export * from './dfnsApiClient';
+export * from './dfnsAuthenticator';
+export * from './dfnsDelegatedApiClient';
+export * from './dfnsError';
+export * from './signer';
+export * from './store';

package/index.js

@@ -0,0 +1,23 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./baseAuthApi"), exports);
+__exportStar(require("./dfnsApiClient"), exports);
+__exportStar(require("./dfnsAuthenticator"), exports);
+__exportStar(require("./dfnsDelegatedApiClient"), exports);
+__exportStar(require("./dfnsError"), exports);
+__exportStar(require("./signer"), exports);
+__exportStar(require("./store"), exports);

package/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "@dfns/sdk",
+  "version": "0.0.0-prealpha.9",
+  "dependencies": {
+    "buffer": "^6.0.3",
+    "cross-fetch": "^3.1.6",
+    "uuid": "9.0.0"
+  },
+  "main": "./index.js",
+  "types": "./index.d.ts"
+}

package/signer.d.ts

@@ -0,0 +1,42 @@
+export type CredentialKind = 'Key' | 'Fido2' | 'Password' | 'Totp' | 'RecoveryKey';
+export type CredentialTransport = 'usb' | 'nfc' | 'ble' | 'internal';
+export type AllowCredential = {
+    type: 'public-key';
+    id: string;
+    transports: CredentialTransport[];
+};
+export type KeyAssertion = {
+    kind: 'Key';
+    credentialAssertion: {
+        credId: string;
+        clientData: string;
+        signature: string;
+    };
+};
+export type Fido2Assertion = {
+    kind: 'Fido2';
+    credentialAssertion: {
+        credId: string;
+        clientData: string;
+        authenticatorData: string;
+        signature: string;
+        userHandle?: string;
+    };
+};
+export type PasswordAssertion = {
+    kind: 'Password';
+    password: string;
+};
+export type TotpAssertion = {
+    kind: 'Totp';
+    otpCode: string;
+};
+export type FirstFactorAssertion = KeyAssertion | Fido2Assertion | PasswordAssertion;
+export type SecondFactorAssertion = KeyAssertion | Fido2Assertion | TotpAssertion;
+export type CredentialAssertion = KeyAssertion | Fido2Assertion | PasswordAssertion | TotpAssertion;
+export interface CredentialSigner<T extends CredentialAssertion = FirstFactorAssertion> {
+    sign(challenge: string, allowCredentials: {
+        key: AllowCredential[];
+        webauthn: AllowCredential[];
+    }): Promise<T>;
+}

package/signer.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/store.d.ts

@@ -0,0 +1,79 @@
+import { AllowCredential, CredentialKind } from './signer';
+export type AuthenticatorAttachment = 'platform' | 'cross-platform';
+export type ResidentKeyRequirement = 'required' | 'preferred' | 'discouraged';
+export type UserVerificationRequirement = 'required' | 'preferred' | 'discouraged';
+export type AttestationConveyancePreference = 'none' | 'indirect' | 'direct' | 'enterprise';
+export type UserRegistrationChallenge = {
+    temporaryAuthenticationToken: string;
+    rp: {
+        id: string;
+        name: string;
+    };
+    user: {
+        id: string;
+        name: string;
+        displayName: string;
+    };
+    supportedCredentialKinds: {
+        firstFactor: CredentialKind[];
+        secondFactor: CredentialKind[];
+    };
+    otpUrl: string;
+    challenge: string;
+    authenticatorSelection: {
+        authenticatorAttachment?: AuthenticatorAttachment;
+        requireResidentKey: boolean;
+        residentKey: ResidentKeyRequirement;
+        userVerification: UserVerificationRequirement;
+    };
+    attestation: AttestationConveyancePreference;
+    pubKeyCredParams: {
+        type: 'public-key';
+        alg: number;
+    }[];
+    excludeCredentials: AllowCredential[];
+};
+export type KeyAttestation = {
+    credentialKind: 'Key';
+    credentialInfo: {
+        credId: string;
+        clientData: string;
+        attestationData: string;
+    };
+};
+export type Fido2Attestation = {
+    credentialKind: 'Fido2';
+    credentialInfo: {
+        credId: string;
+        clientData: string;
+        attestationData: string;
+    };
+};
+export type PasswordAttestation = {
+    credentialKind: 'Password';
+    credentialInfo: {
+        password: string;
+    };
+};
+export type TotpAttestation = {
+    credentialKind: 'Totp';
+    credentialInfo: {
+        otpCode: string;
+    };
+};
+export type FirstFactorAttestation = KeyAttestation | Fido2Attestation | PasswordAttestation;
+export type SecondFactorAttestation = KeyAttestation | Fido2Attestation | TotpAttestation;
+export type RecoveryKeyAttestation = {
+    credentialKind: 'RecoveryKey';
+    credentialInfo: {
+        credId: string;
+        clientData: string;
+        attestationData: string;
+    };
+    encryptedPrivateKey?: string;
+};
+export type RecoveryFactorAttestation = RecoveryKeyAttestation;
+export type CredentialAttestation = KeyAttestation | Fido2Attestation | PasswordAttestation | TotpAttestation | RecoveryKeyAttestation;
+export interface CredentialStore<T extends CredentialAttestation = FirstFactorAttestation> {
+    create(challenge: UserRegistrationChallenge): Promise<T>;
+}

package/store.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/utils/base64.d.ts

@@ -0,0 +1,3 @@
+import { Buffer } from 'buffer';
+export declare const toBase64Url: (buffer: string | Buffer) => string;
+export declare const fromBase64Url: (encoded: string) => Buffer;

package/utils/base64.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fromBase64Url = exports.toBase64Url = void 0;
+const buffer_1 = require("buffer");
+const toBase64Url = (buffer) => {
+    if (typeof buffer === 'string') {
+        buffer = buffer_1.Buffer.from(buffer);
+    }
+    return buffer.toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
+};
+exports.toBase64Url = toBase64Url;
+const fromBase64Url = (encoded) => {
+    const padLength = 4 - (encoded.length % 4);
+    if (padLength < 4) {
+        encoded += '='.repeat(padLength);
+    }
+    encoded = encoded.replace(/\-/g, '+').replace(/_/g, '/');
+    return buffer_1.Buffer.from(encoded, 'base64');
+};
+exports.fromBase64Url = fromBase64Url;

package/utils/fetch.d.ts

@@ -0,0 +1,12 @@
+import { DfnsBaseApiOptions } from '../baseAuthApi';
+import { DfnsApiClientOptions } from '../dfnsApiClient';
+export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE';
+export type FetchOptions<T> = {
+    method: HttpMethod;
+    headers?: Record<string, string>;
+    body?: string | unknown;
+    apiOptions: T;
+};
+export type Fetch<T> = (resource: string | URL, options: FetchOptions<T>) => Promise<Response>;
+export declare const simpleFetch: Fetch<DfnsBaseApiOptions>;
+export declare const userActionFetch: Fetch<DfnsApiClientOptions>;

package/utils/fetch.js

@@ -0,0 +1,89 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.userActionFetch = exports.simpleFetch = void 0;
+const cross_fetch_1 = require("cross-fetch");
+const dfnsError_1 = require("../dfnsError");
+const baseAuthApi_1 = require("../baseAuthApi");
+const nonce_1 = require("./nonce");
+const fullUrl = (fetch) => {
+    return async (resource, options) => {
+        const { baseUrl } = options.apiOptions;
+        resource = new URL(resource, baseUrl);
+        return fetch(resource, options);
+    };
+};
+const jsonSerializer = (fetch) => {
+    return async (resource, options) => {
+        var _a;
+        if (options.body) {
+            options.body = JSON.stringify(options.body);
+            options.headers = {
+                'content-type': 'application/json',
+                ...((_a = options.headers) !== null && _a !== void 0 ? _a : {}),
+            };
+        }
+        return fetch(resource, options);
+    };
+};
+const errorHandler = (fetch) => {
+    return async (resource, options) => {
+        const response = await fetch(resource, options);
+        if (response.ok) {
+            return response;
+        }
+        else {
+            const body = await response.json();
+            throw new dfnsError_1.DfnsError(response.status, body.error.message, body.error);
+        }
+    };
+};
+const dfnsAuth = (fetch) => {
+    return async (resource, options) => {
+        var _a;
+        const { appId, appSecret, authToken } = options.apiOptions;
+        const authorization = authToken
+            ? {
+                authorization: `Bearer ${authToken}`,
+            }
+            : {};
+        const dfnsAppSecret = appSecret
+            ? {
+                'x-dfns-appsecret': appSecret,
+            }
+            : {};
+        options.headers = {
+            'x-dfns-appid': appId,
+            'x-dfns-nonce': (0, nonce_1.generateNonce)(),
+            ...dfnsAppSecret,
+            ...authorization,
+            ...((_a = options.headers) !== null && _a !== void 0 ? _a : {}),
+        };
+        return fetch(resource, options);
+    };
+};
+const userAction = (fetch) => {
+    return async (resource, options) => {
+        var _a, _b;
+        if (options.method !== 'GET') {
+            const { challenge, challengeIdentifier, allowCredentials } = await baseAuthApi_1.BaseAuthApi.createUserActionChallenge({
+                userActionPayload: (_a = options.body) !== null && _a !== void 0 ? _a : '',
+                userActionHttpMethod: options.method,
+                userActionHttpPath: resource.pathname,
+                userActionServerKind: 'Api',
+            }, options.apiOptions);
+            const { signer } = options.apiOptions;
+            const assertion = await signer.sign(challenge, allowCredentials);
+            const { userAction } = await baseAuthApi_1.BaseAuthApi.signUserActionChallenge({
+                challengeIdentifier,
+                firstFactor: assertion,
+            }, options.apiOptions);
+            options.headers = {
+                'x-dfns-useraction': userAction,
+                ...((_b = options.headers) !== null && _b !== void 0 ? _b : {}),
+            };
+        }
+        return fetch(resource, options);
+    };
+};
+exports.simpleFetch = fullUrl(jsonSerializer(dfnsAuth(errorHandler(cross_fetch_1.fetch))));
+exports.userActionFetch = fullUrl(jsonSerializer(dfnsAuth(userAction(errorHandler(cross_fetch_1.fetch)))));

package/utils/nonce.d.ts

@@ -0,0 +1 @@
+export declare const generateNonce: () => string;

package/utils/nonce.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateNonce = void 0;
+const uuid_1 = require("uuid");
+const base64_1 = require("./base64");
+const generateNonce = () => {
+    return (0, base64_1.toBase64Url)(JSON.stringify({
+        uuid: (0, uuid_1.v4)(),
+        date: new Date().toISOString(),
+    }));
+};
+exports.generateNonce = generateNonce;

package/utils/url.d.ts

@@ -0,0 +1,4 @@
+export declare const buildPathAndQuery: (pattern: string, params: {
+    path: Record<string, string>;
+    query: Record<string, string | number | boolean | undefined>;
+}) => string;

package/utils/url.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildPathAndQuery = void 0;
+const buildPathAndQuery = (pattern, params) => {
+    let path = pattern;
+    for (const key in params.path) {
+        path = path.replace(new RegExp(`:${key}`, 'g'), encodeURIComponent(params.path[key]));
+    }
+    const query = Object.entries(params.query)
+        .filter(([_, value]) => !!value)
+        .map(([key, value]) => `${key}=${encodeURIComponent(value.toString())}`)
+        .join('&');
+    return query === '' ? path : `${path}?${query}`;
+};
+exports.buildPathAndQuery = buildPathAndQuery;