@dfns/sdk 0.2.3-rc.1 → 0.2.4

package/generated/webhooks/delegatedClient.ts

@@ -1,237 +0,0 @@
-import { BaseAuthApi, SignUserActionChallengeRequest, UserActionChallengeResponse } from '../../baseAuthApi'
-import { DfnsDelegatedApiClientOptions } from '../../dfnsDelegatedApiClient'
-import { simpleFetch } from '../../utils/fetch'
-import { buildPathAndQuery } from '../../utils/url'
-import * as T from './types'
-
-export class DelegatedWebhooksClient {
-  constructor(private apiOptions: DfnsDelegatedApiClientOptions) {}
-
-  async createWebhookInit(request: T.CreateWebhookRequest): Promise<UserActionChallengeResponse> {
-    const path = buildPathAndQuery('/webhooks', {
-      path: request ?? {},
-      query: {},
-    })
-
-    const challenge = await BaseAuthApi.createUserActionChallenge(
-      {
-        userActionHttpMethod: 'POST',
-        userActionHttpPath: path,
-        userActionPayload: JSON.stringify(request.body),
-        userActionServerKind: 'Api',
-      },
-      this.apiOptions
-    )
-
-    return challenge
-  }
-
-  async createWebhookComplete(
-    request: T.CreateWebhookRequest,
-    signedChallenge: SignUserActionChallengeRequest
-  ): Promise<T.CreateWebhookResponse> {
-    const path = buildPathAndQuery('/webhooks', {
-      path: request ?? {},
-      query: {},
-    })
-
-    const { userAction } = await BaseAuthApi.signUserActionChallenge(
-      signedChallenge,
-      this.apiOptions
-    )
-
-    const response = await simpleFetch(path, {
-      method: 'POST',
-      body: request.body,
-      headers: { 'x-dfns-useraction': userAction },
-      apiOptions: this.apiOptions,
-    })
-
-    return response.json()
-  }
-
-  async deleteWebhookInit(request: T.DeleteWebhookRequest): Promise<UserActionChallengeResponse> {
-    const path = buildPathAndQuery('/webhooks/:webhookId', {
-      path: request ?? {},
-      query: {},
-    })
-
-    const challenge = await BaseAuthApi.createUserActionChallenge(
-      {
-        userActionHttpMethod: 'DELETE',
-        userActionHttpPath: path,
-        userActionPayload: JSON.stringify({}),
-        userActionServerKind: 'Api',
-      },
-      this.apiOptions
-    )
-
-    return challenge
-  }
-
-  async deleteWebhookComplete(
-    request: T.DeleteWebhookRequest,
-    signedChallenge: SignUserActionChallengeRequest
-  ): Promise<T.DeleteWebhookResponse> {
-    const path = buildPathAndQuery('/webhooks/:webhookId', {
-      path: request ?? {},
-      query: {},
-    })
-
-    const { userAction } = await BaseAuthApi.signUserActionChallenge(
-      signedChallenge,
-      this.apiOptions
-    )
-
-    const response = await simpleFetch(path, {
-      method: 'DELETE',
-      body: {},
-      headers: { 'x-dfns-useraction': userAction },
-      apiOptions: this.apiOptions,
-    })
-
-    return response.json()
-  }
-
-  async getWebhook(request: T.GetWebhookRequest): Promise<T.GetWebhookResponse> {
-    const path = buildPathAndQuery('/webhooks/:webhookId', {
-      path: request ?? {},
-      query: {},
-    })
-
-    const response = await simpleFetch(path, {
-      method: 'GET',
-      apiOptions: this.apiOptions,
-    })
-
-    return response.json()
-  }
-
-  async getWebhookEvent(request: T.GetWebhookEventRequest): Promise<T.GetWebhookEventResponse> {
-    const path = buildPathAndQuery('/webhooks/:webhookId/events/:webhookEventId', {
-      path: request ?? {},
-      query: {},
-    })
-
-    const response = await simpleFetch(path, {
-      method: 'GET',
-      apiOptions: this.apiOptions,
-    })
-
-    return response.json()
-  }
-
-  async listWebhookEvents(request: T.ListWebhookEventsRequest): Promise<T.ListWebhookEventsResponse> {
-    const path = buildPathAndQuery('/webhooks/:webhookId/events', {
-      path: request ?? {},
-      query: request.query ?? {},
-    })
-
-    const response = await simpleFetch(path, {
-      method: 'GET',
-      apiOptions: this.apiOptions,
-    })
-
-    return response.json()
-  }
-
-  async listWebhooks(request?: T.ListWebhooksRequest): Promise<T.ListWebhooksResponse> {
-    const path = buildPathAndQuery('/webhooks', {
-      path: request ?? {},
-      query: request?.query ?? {},
-    })
-
-    const response = await simpleFetch(path, {
-      method: 'GET',
-      apiOptions: this.apiOptions,
-    })
-
-    return response.json()
-  }
-
-  async pingWebhookInit(request: T.PingWebhookRequest): Promise<UserActionChallengeResponse> {
-    const path = buildPathAndQuery('/webhooks/:webhookId/ping', {
-      path: request ?? {},
-      query: {},
-    })
-
-    const challenge = await BaseAuthApi.createUserActionChallenge(
-      {
-        userActionHttpMethod: 'POST',
-        userActionHttpPath: path,
-        userActionPayload: JSON.stringify({}),
-        userActionServerKind: 'Api',
-      },
-      this.apiOptions
-    )
-
-    return challenge
-  }
-
-  async pingWebhookComplete(
-    request: T.PingWebhookRequest,
-    signedChallenge: SignUserActionChallengeRequest
-  ): Promise<T.PingWebhookResponse> {
-    const path = buildPathAndQuery('/webhooks/:webhookId/ping', {
-      path: request ?? {},
-      query: {},
-    })
-
-    const { userAction } = await BaseAuthApi.signUserActionChallenge(
-      signedChallenge,
-      this.apiOptions
-    )
-
-    const response = await simpleFetch(path, {
-      method: 'POST',
-      body: {},
-      headers: { 'x-dfns-useraction': userAction },
-      apiOptions: this.apiOptions,
-    })
-
-    return response.json()
-  }
-
-  async updateWebhookInit(request: T.UpdateWebhookRequest): Promise<UserActionChallengeResponse> {
-    const path = buildPathAndQuery('/webhooks/:webhookId', {
-      path: request ?? {},
-      query: {},
-    })
-
-    const challenge = await BaseAuthApi.createUserActionChallenge(
-      {
-        userActionHttpMethod: 'PUT',
-        userActionHttpPath: path,
-        userActionPayload: JSON.stringify(request.body),
-        userActionServerKind: 'Api',
-      },
-      this.apiOptions
-    )
-
-    return challenge
-  }
-
-  async updateWebhookComplete(
-    request: T.UpdateWebhookRequest,
-    signedChallenge: SignUserActionChallengeRequest
-  ): Promise<T.UpdateWebhookResponse> {
-    const path = buildPathAndQuery('/webhooks/:webhookId', {
-      path: request ?? {},
-      query: {},
-    })
-
-    const { userAction } = await BaseAuthApi.signUserActionChallenge(
-      signedChallenge,
-      this.apiOptions
-    )
-
-    const response = await simpleFetch(path, {
-      method: 'PUT',
-      body: request.body,
-      headers: { 'x-dfns-useraction': userAction },
-      apiOptions: this.apiOptions,
-    })
-
-    return response.json()
-  }
-}

package/generated/webhooks/index.ts

@@ -1,3 +0,0 @@
-export * from './types'
-export * from './client'
-export * from './delegatedClient'

package/index.ts

@@ -1,7 +0,0 @@
-export * from './baseAuthApi'
-export * from './dfnsApiClient'
-export * from './dfnsAuthenticator'
-export * from './dfnsDelegatedApiClient'
-export * from './dfnsError'
-export * from './signer'
-export * from './store'

package/project.json

@@ -1,14 +0,0 @@
-{
-  "targets": {
-    "cb": {
-      "executor": "@nx/js:tsc",
-      "options": {
-        "outputPath": "dist/@dfns/sdk",
-        "clean": true,
-        "main": "packages/sdk/index.ts",
-        "tsConfig": "packages/sdk/tsconfig.json",
-        "updateBuildableProjectDepsInPackageJson": true
-      }
-    }
-  }
-}

package/signer.ts

@@ -1,60 +0,0 @@
-export type CredentialKind = 'Key' | 'Fido2' | 'Password' | 'Totp' | 'RecoveryKey'
-
-export type CredentialTransport = 'usb' | 'nfc' | 'ble' | 'internal'
-
-export type AllowCredential = {
-  type: 'public-key'
-  id: string
-  transports: CredentialTransport[]
-}
-
-export type KeyAssertion = {
-  kind: 'Key'
-  credentialAssertion: {
-    credId: string
-    clientData: string
-    signature: string
-    algorithm?: string
-  }
-}
-
-export type Fido2Assertion = {
-  kind: 'Fido2'
-  credentialAssertion: {
-    credId: string
-    clientData: string
-    authenticatorData: string
-    signature: string
-    userHandle: string
-  }
-}
-
-export type PasswordAssertion = {
-  kind: 'Password'
-  password: string
-}
-
-export type TotpAssertion = {
-  kind: 'Totp'
-  otpCode: string
-}
-
-export type RecoveryKeyAssertion = {
-  kind: 'RecoveryKey'
-  credentialAssertion: {
-    credId: string
-    clientData: string
-    signature: string
-    algorithm?: string
-  }
-}
-
-export type FirstFactorAssertion = KeyAssertion | Fido2Assertion | PasswordAssertion
-
-export type SecondFactorAssertion = KeyAssertion | Fido2Assertion | TotpAssertion
-
-export type CredentialAssertion = KeyAssertion | Fido2Assertion | PasswordAssertion | TotpAssertion
-
-export interface CredentialSigner<T extends CredentialAssertion = FirstFactorAssertion> {
-  sign(challenge: string, allowCredentials: { key: AllowCredential[]; webauthn: AllowCredential[] }): Promise<T>
-}

package/store.ts

@@ -1,99 +0,0 @@
-import { AllowCredential, CredentialKind } from './signer'
-
-export type AuthenticatorAttachment = 'platform' | 'cross-platform'
-
-export type ResidentKeyRequirement = 'required' | 'preferred' | 'discouraged'
-
-export type UserVerificationRequirement = 'required' | 'preferred' | 'discouraged'
-
-export type AttestationConveyancePreference = 'none' | 'indirect' | 'direct' | 'enterprise'
-
-export type UserRegistrationChallenge = {
-  temporaryAuthenticationToken: string
-  rp: {
-    id: string
-    name: string
-  }
-  user: {
-    id: string
-    name: string
-    displayName: string
-  }
-  supportedCredentialKinds: {
-    firstFactor: CredentialKind[]
-    secondFactor: CredentialKind[]
-  }
-  otpUrl: string
-  challenge: string
-  authenticatorSelection: {
-    authenticatorAttachment?: AuthenticatorAttachment
-    requireResidentKey: boolean
-    residentKey: ResidentKeyRequirement
-    userVerification: UserVerificationRequirement
-  }
-  attestation: AttestationConveyancePreference
-  pubKeyCredParams: {
-    type: 'public-key'
-    alg: number
-  }[]
-  excludeCredentials: AllowCredential[]
-}
-
-export type KeyAttestation = {
-  credentialKind: 'Key'
-  credentialInfo: {
-    credId: string
-    clientData: string
-    attestationData: string
-  }
-}
-
-export type Fido2Attestation = {
-  credentialKind: 'Fido2'
-  credentialInfo: {
-    credId: string
-    clientData: string
-    attestationData: string
-  }
-}
-
-export type PasswordAttestation = {
-  credentialKind: 'Password'
-  credentialInfo: {
-    password: string
-  }
-}
-
-export type TotpAttestation = {
-  credentialKind: 'Totp'
-  credentialInfo: {
-    otpCode: string
-  }
-}
-
-export type FirstFactorAttestation = KeyAttestation | Fido2Attestation | PasswordAttestation
-
-export type SecondFactorAttestation = KeyAttestation | Fido2Attestation | TotpAttestation
-
-export type RecoveryKeyAttestation = {
-  credentialKind: 'RecoveryKey'
-  credentialInfo: {
-    credId: string
-    clientData: string
-    attestationData: string
-  }
-  encryptedPrivateKey?: string
-}
-
-export type RecoveryFactorAttestation = RecoveryKeyAttestation
-
-export type CredentialAttestation =
-  | KeyAttestation
-  | Fido2Attestation
-  | PasswordAttestation
-  | TotpAttestation
-  | RecoveryKeyAttestation
-
-export interface CredentialStore<T extends CredentialAttestation = FirstFactorAttestation> {
-  create(challenge: UserRegistrationChallenge): Promise<T>
-}

package/tsconfig.json

@@ -1,7 +0,0 @@
-{
-  "extends": "../../tsconfig.base.json",
-  "include": ["*.ts", "**/*.ts"],
-  "compilerOptions": {
-    "baseUrl": "./"
-  }
-}

package/typedoc.json

@@ -1,21 +0,0 @@
-{
-  "$schema": "https://typedoc.org/schema.json",
-  "includeVersion": true,
-  "readme": "./README.md",
-  "entryPoints": [
-    "./index.ts",
-    "./generated/signers/index.ts",
-    "./generated/wallets/index.ts",
-    "./generated/webhooks/index.ts",
-    "./types/signers.ts",
-    "./types/wallets.ts",
-    "./types/webhooks.ts",
-    "./utils/index.ts",
-    "./codegen/Auth/index.ts",
-    "./codegen/Permissions/index.ts",
-    "./codegen/datamodel/Auth/index.ts",
-    "./codegen/datamodel/Foundations/index.ts",
-    "./codegen/datamodel/Orgs/index.ts",
-    "./codegen/datamodel/Permissions/index.ts"
-  ]
-}

package/types/policies.ts

@@ -1 +0,0 @@
-export * from '../generated/policies/types'

package/types/signers.ts

@@ -1 +0,0 @@
-export * from '../generated/signers/types'

package/types/wallets.ts

@@ -1 +0,0 @@
-export * from '../generated/wallets/types'

package/types/webhooks.ts

@@ -1 +0,0 @@
-export * from '../generated/webhooks/types'

package/utils/base64.ts

@@ -1,19 +0,0 @@
-import { Buffer } from 'buffer'
-
-export const toBase64Url = (buffer: string | Buffer): string => {
-  if (typeof buffer === 'string') {
-    buffer = Buffer.from(buffer)
-  }
-
-  return buffer.toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_')
-}
-
-export const fromBase64Url = (encoded: string): Buffer => {
-  const padLength = 4 - (encoded.length % 4)
-  if (padLength < 4) {
-    encoded += '='.repeat(padLength)
-  }
-
-  encoded = encoded.replace(/\-/g, '+').replace(/_/g, '/')
-  return Buffer.from(encoded, 'base64')
-}

package/utils/fetch.ts

@@ -1,130 +0,0 @@
-import { Response, fetch as _fetch } from 'cross-fetch'
-
-import { DfnsError } from '../dfnsError'
-import { BaseAuthApi, DfnsBaseApiOptions } from '../baseAuthApi'
-import { generateNonce } from './nonce'
-import { DfnsApiClientOptions } from '../dfnsApiClient'
-
-export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE'
-
-export type FetchOptions<T> = {
-  method: HttpMethod
-  headers?: Record<string, string>
-  body?: string | unknown
-  apiOptions: T
-}
-
-export type Fetch<T> = (resource: string | URL, options: FetchOptions<T>) => Promise<Response>
-
-const fullUrl = <T extends DfnsBaseApiOptions>(fetch: Fetch<T>): Fetch<T> => {
-  return async (resource, options) => {
-    const { baseUrl } = options.apiOptions
-    resource = new URL(resource, baseUrl)
-    return fetch(resource, options)
-  }
-}
-
-const jsonSerializer = <T>(fetch: Fetch<T>): Fetch<T> => {
-  return async (resource, options) => {
-    if (options.body) {
-      options.body = JSON.stringify(options.body)
-
-      options.headers = {
-        'content-type': 'application/json',
-        ...(options.headers ?? {}),
-      }
-    }
-
-    return fetch(resource, options)
-  }
-}
-
-const errorHandler = <T>(fetch: Fetch<T>): Fetch<T> => {
-  return async (resource, options) => {
-    const response = await fetch(resource, options)
-
-    if (response.ok) {
-      return response
-    } else {
-      const body = await response.json()
-      const message = body?.error?.message ?? body?.message
-      throw new DfnsError(response.status, message, {
-        url: response.url,
-        headers: response.headers,
-        body,
-      })
-    }
-  }
-}
-
-const dfnsAuth = <T extends DfnsBaseApiOptions>(fetch: Fetch<T>): Fetch<T> => {
-  return async (resource, options) => {
-    const { appId, appSecret, authToken } = options.apiOptions
-
-    const authorization: Record<string, string> = authToken
-      ? {
-          authorization: `Bearer ${authToken}`,
-        }
-      : {}
-
-    const dfnsAppSecret: Record<string, string> = appSecret
-      ? {
-          'x-dfns-appsecret': appSecret,
-        }
-      : {}
-
-    options.headers = {
-      'x-dfns-appid': appId,
-      'x-dfns-nonce': generateNonce(),
-      ...dfnsAppSecret,
-      ...authorization,
-      ...(options.headers ?? {}),
-    }
-
-    return fetch(resource, options)
-  }
-}
-
-const userAction = <T extends DfnsApiClientOptions>(fetch: Fetch<T>): Fetch<T> => {
-  return async (resource, options) => {
-    if (options.method !== 'GET') {
-      const apiOptions = {
-        ...options.apiOptions,
-        baseUrl: (<any>options.apiOptions).baseAuthUrl || options.apiOptions.baseUrl,
-      }
-
-      const { challenge, challengeIdentifier, allowCredentials } = await BaseAuthApi.createUserActionChallenge(
-        {
-          userActionPayload: <string>options.body ?? '',
-          userActionHttpMethod: options.method,
-          userActionHttpPath: (<URL>resource).pathname,
-          userActionServerKind: (<any>apiOptions)?.userActionServerKind || 'Api',
-        },
-        apiOptions
-      )
-
-      const assertion = await apiOptions.signer.sign(challenge, allowCredentials)
-
-      const { userAction } = await BaseAuthApi.signUserActionChallenge(
-        {
-          challengeIdentifier,
-          firstFactor: assertion,
-        },
-        apiOptions
-      )
-
-      options.headers = {
-        'x-dfns-useraction': userAction,
-        ...(options.headers ?? {}),
-      }
-    }
-
-    return fetch(resource, options)
-  }
-}
-
-export const simpleFetch = fullUrl(jsonSerializer(dfnsAuth(errorHandler(<Fetch<DfnsBaseApiOptions>>_fetch))))
-
-export const userActionFetch = fullUrl(
-  jsonSerializer(dfnsAuth(userAction(errorHandler(<Fetch<DfnsApiClientOptions>>_fetch))))
-)

package/utils/index.ts

@@ -1,4 +0,0 @@
-export * from './base64'
-export * from './fetch'
-export * from './nonce'
-export * from './url'

package/utils/nonce.ts

@@ -1,12 +0,0 @@
-import { v4 } from 'uuid'
-
-import { toBase64Url } from './base64'
-
-export const generateNonce = (): string => {
-  return toBase64Url(
-    JSON.stringify({
-      uuid: v4(),
-      date: new Date().toISOString(),
-    })
-  )
-}

package/utils/url.ts

@@ -1,19 +0,0 @@
-export const buildPathAndQuery = (
-  pattern: string,
-  params: { path: Record<string, any>; query: Record<string, string | number | boolean | undefined> }
-): string => {
-  let path = pattern
-
-  const paramsToReplace = (path.match(new RegExp(`:[a-zA-Z]+`, 'g')) || []).map((v) => v.replace(/^:/, ''))
-
-  for (const key of paramsToReplace) {
-    path = path.replace(new RegExp(`:${key}`, 'g'), encodeURIComponent(params.path[key]))
-  }
-
-  const query = Object.entries(params.query)
-    .filter(([_, value]) => !!value)
-    .map(([key, value]) => `${key}=${encodeURIComponent(value!.toString())}`)
-    .join('&')
-
-  return query === '' ? path : `${path}?${query}`
-}