@draftlab/auth 0.15.0 → 0.16.0

package/dist/ui/totp.mjs

@@ -1,270 +0,0 @@
-import { Layout, renderToHTML } from "./base.mjs";
-import { FormAlert } from "./form.mjs";
-import { jsx, jsxs } from "preact/jsx-runtime";
-import QRCode from "qrcode";
-
-//#region src/ui/totp.tsx
-const DEFAULT_COPY = {
-	setup_manual_entry: "Can't scan? Enter this code manually:",
-	setup_backup_codes_title: "Save your backup codes",
-	setup_backup_codes_description: "Store these backup codes in a safe place. You can use them to access your account if you lose your device.",
-	button_continue: "Continue",
-	link_use_recovery: "Use backup code instead",
-	link_back_to_totp: "Back to authenticator code",
-	input_token: "000000",
-	input_recovery_code: "XXXX-XXXX"
-};
-/**
-* Creates a complete UI configuration for TOTP authentication
-*/
-const TOTPUI = (options = {}) => {
-	const { qrSize = 200, showManualEntry = true } = options;
-	const copy = {
-		...DEFAULT_COPY,
-		...options.copy
-	};
-	/**
-	* Generates QR code as data URL using the qrcode library
-	*/
-	const generateQRCode = async (text) => {
-		try {
-			return await QRCode.toDataURL(text, {
-				width: qrSize,
-				margin: 1,
-				color: {
-					dark: "#000000",
-					light: "#FFFFFF"
-				}
-			});
-		} catch (error) {
-			console.error("QR Code generation failed:", error);
-			return "";
-		}
-	};
-	/**
-	* Renders the setup form with QR code and backup codes
-	*/
-	const renderRegister = async (qrCodeUrl, secret, backupCodes, error, email) => {
-		if (!qrCodeUrl) return /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
-			"data-component": "form",
-			method: "post",
-			action: "./register",
-			children: [
-				/* @__PURE__ */ jsx(FormAlert, { message: error }),
-				/* @__PURE__ */ jsx("input", {
-					type: "email",
-					name: "email",
-					placeholder: "Email",
-					autoComplete: "email",
-					"data-component": "input",
-					required: true
-				}),
-				/* @__PURE__ */ jsx("input", {
-					type: "hidden",
-					name: "action",
-					value: "generate"
-				}),
-				/* @__PURE__ */ jsx("button", {
-					type: "submit",
-					"data-component": "button",
-					children: "Generate QR Code"
-				}),
-				/* @__PURE__ */ jsx("div", {
-					"data-component": "form-footer",
-					children: /* @__PURE__ */ jsxs("span", { children: [
-						"Already have TOTP?",
-						" ",
-						/* @__PURE__ */ jsx("a", {
-							href: "./authorize",
-							"data-component": "link",
-							children: "Login"
-						})
-					] })
-				})
-			]
-		}) });
-		const qrCodeDataUrl = await generateQRCode(qrCodeUrl);
-		return /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
-			"data-component": "form",
-			method: "post",
-			action: "./register",
-			children: [
-				/* @__PURE__ */ jsx(FormAlert, { message: error }),
-				email && /* @__PURE__ */ jsx("input", {
-					type: "hidden",
-					name: "email",
-					value: email
-				}),
-				qrCodeDataUrl && /* @__PURE__ */ jsx("img", {
-					src: qrCodeDataUrl,
-					alt: "TOTP QR Code",
-					width: qrSize,
-					height: qrSize,
-					style: {
-						display: "block",
-						margin: "0 auto"
-					}
-				}),
-				showManualEntry && /* @__PURE__ */ jsxs("div", { children: [/* @__PURE__ */ jsx("p", {
-					"data-component": "description",
-					children: copy.setup_manual_entry
-				}), /* @__PURE__ */ jsx("code", {
-					style: {
-						display: "block",
-						textAlign: "center",
-						margin: "8px 0"
-					},
-					children: secret
-				})] }),
-				/* @__PURE__ */ jsx("input", {
-					type: "text",
-					name: "token",
-					placeholder: copy.input_token,
-					pattern: "[0-9]{6}",
-					maxLength: 6,
-					minLength: 6,
-					autoComplete: "one-time-code",
-					"data-component": "input",
-					required: true
-				}),
-				/* @__PURE__ */ jsx("button", {
-					type: "submit",
-					"data-component": "button",
-					children: copy.button_continue
-				}),
-				backupCodes.length > 0 && /* @__PURE__ */ jsxs("div", { children: [
-					/* @__PURE__ */ jsx("h3", {
-						style: { textAlign: "center" },
-						children: copy.setup_backup_codes_title
-					}),
-					/* @__PURE__ */ jsx("p", {
-						"data-component": "description",
-						children: copy.setup_backup_codes_description
-					}),
-					/* @__PURE__ */ jsx("div", {
-						style: {
-							display: "grid",
-							gridTemplateColumns: "repeat(2, 1fr)",
-							gap: "8px",
-							margin: "16px 0"
-						},
-						children: backupCodes.map((code, index) => /* @__PURE__ */ jsx("code", {
-							"data-component": "button",
-							children: code
-						}, `${code}-${index + Math.random()}`))
-					})
-				] })
-			]
-		}) });
-	};
-	/**
-	* Renders the authorize form (main TOTP login page following passkey pattern)
-	*/
-	const renderAuthorize = (error) => /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
-		"data-component": "form",
-		method: "post",
-		action: "./authorize",
-		children: [
-			/* @__PURE__ */ jsx(FormAlert, { message: error }),
-			/* @__PURE__ */ jsx("input", {
-				type: "email",
-				name: "email",
-				placeholder: "Email",
-				autoComplete: "email",
-				"data-component": "input",
-				required: true
-			}),
-			/* @__PURE__ */ jsx("input", {
-				type: "text",
-				name: "token",
-				placeholder: copy.input_token,
-				pattern: "[0-9]{6}",
-				maxLength: 6,
-				minLength: 6,
-				autoComplete: "one-time-code",
-				"data-component": "input",
-				required: true
-			}),
-			/* @__PURE__ */ jsx("button", {
-				type: "submit",
-				"data-component": "button",
-				children: copy.button_continue
-			}),
-			/* @__PURE__ */ jsxs("div", {
-				"data-component": "form-footer",
-				children: [/* @__PURE__ */ jsxs("span", { children: [
-					"Don't have TOTP setup?",
-					" ",
-					/* @__PURE__ */ jsx("a", {
-						href: "./register",
-						"data-component": "link",
-						children: "Register"
-					})
-				] }), /* @__PURE__ */ jsx("a", {
-					href: "./recovery",
-					"data-component": "link",
-					children: copy.link_use_recovery
-				})]
-			})
-		]
-	}) });
-	/**
-	* Renders the recovery form
-	*/
-	const renderRecovery = (error) => /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
-		"data-component": "form",
-		method: "post",
-		action: "./recovery",
-		children: [
-			/* @__PURE__ */ jsx(FormAlert, { message: error }),
-			/* @__PURE__ */ jsx("input", {
-				type: "email",
-				name: "email",
-				placeholder: "Email",
-				autoComplete: "email",
-				"data-component": "input",
-				required: true
-			}),
-			/* @__PURE__ */ jsx("input", {
-				type: "text",
-				name: "code",
-				placeholder: copy.input_recovery_code,
-				pattern: "[A-Z0-9]{4}-[A-Z0-9]{4}",
-				maxLength: 9,
-				autoComplete: "off",
-				"data-component": "input",
-				required: true
-			}),
-			/* @__PURE__ */ jsx("button", {
-				type: "submit",
-				"data-component": "button",
-				children: copy.button_continue
-			}),
-			/* @__PURE__ */ jsx("div", {
-				"data-component": "form-footer",
-				children: /* @__PURE__ */ jsx("a", {
-					href: "./authorize",
-					"data-component": "link",
-					children: copy.link_back_to_totp
-				})
-			})
-		]
-	}) });
-	return {
-		authorize: async (_req, error) => {
-			const jsx$1 = renderAuthorize(error);
-			return new Response(renderToHTML(jsx$1), { headers: { "Content-Type": "text/html" } });
-		},
-		register: async (_req, qrCodeUrl, secret, backupCodes, error, email) => {
-			const jsx$1 = await renderRegister(qrCodeUrl, secret, backupCodes, error, email);
-			return new Response(renderToHTML(jsx$1), { headers: { "Content-Type": "text/html" } });
-		},
-		recovery: async (_req, error) => {
-			const jsx$1 = renderRecovery(error);
-			return new Response(renderToHTML(jsx$1), { headers: { "Content-Type": "text/html" } });
-		}
-	};
-};
-
-//#endregion
-export { TOTPUI };

package/dist/util.mjs

@@ -1,128 +0,0 @@
-//#region src/util.ts
-/**
-* Constructs a complete URL relative to the current request context.
-* Handles proxy headers (x-forwarded-*) to ensure correct URL generation
-* in containerized and load-balanced environments.
-*
-* @param ctx - Router context containing request information
-* @param path - Relative path to append to the base URL
-* @returns Complete URL string with proper protocol, host, and port
-*
-* @example
-* ```ts
-* const callbackUrl = getRelativeUrl(ctx, "/callback")
-* // Returns: "https://myapp.com/auth/callback"
-* ```
-*/
-const getRelativeUrl = (ctx, path) => {
-	const result = new URL(path, ctx.request.url);
-	result.host = ctx.header("x-forwarded-host") || result.host;
-	result.protocol = ctx.header("x-forwarded-proto") || result.protocol;
-	result.port = ctx.header("x-forwarded-port") || result.port;
-	return result.toString();
-};
-/**
-* List of known two-part top-level domains that require special handling
-* for domain matching. These domains have an additional level that should
-* be considered when determining effective domain boundaries.
-*/
-const twoPartTlds = [
-	"co.uk",
-	"co.jp",
-	"co.kr",
-	"co.nz",
-	"co.za",
-	"co.in",
-	"com.au",
-	"com.br",
-	"com.cn",
-	"com.mx",
-	"com.tw",
-	"net.au",
-	"org.uk",
-	"ne.jp",
-	"ac.uk",
-	"gov.uk",
-	"edu.au",
-	"gov.au"
-];
-/**
-* Determines if two domain names are considered a match for security purposes.
-* Uses effective TLD+1 matching to allow subdomains while preventing
-* unauthorized cross-domain requests.
-*
-* @param a - First domain name to compare
-* @param b - Second domain name to compare
-* @returns True if domains are considered a security match
-*
-* @example
-* ```ts
-* isDomainMatch("app.example.com", "auth.example.com") // true
-* isDomainMatch("example.com", "evil.com") // false
-* isDomainMatch("app.co.uk", "auth.co.uk") // true (handles two-part TLD)
-* ```
-*/
-const isDomainMatch = (a, b) => {
-	if (a === b) return true;
-	const partsA = a.split(".");
-	const partsB = b.split(".");
-	const numParts = twoPartTlds.some((tld) => a.endsWith(`.${tld}`) || b.endsWith(`.${tld}`)) ? -3 : -2;
-	const min = Math.min(partsA.length, partsB.length, numParts);
-	return partsA.slice(min).join(".") === partsB.slice(min).join(".");
-};
-/**
-* Creates a lazy-evaluated function that caches the result of the first execution.
-* Subsequent calls return the cached value without re-executing the function.
-*
-* @template T - The return type of the lazy function
-* @param fn - Function to execute lazily
-* @returns Function that returns the cached result
-*
-* @example
-* ```ts
-* const expensiveOperation = lazy(() => {
-*   // Computing... (only logs once)
-*   return heavyComputation()
-* })
-*
-* const result1 = expensiveOperation() // Executes and caches
-* const result2 = expensiveOperation() // Returns cached value
-* ```
-*/
-const lazy = (fn) => {
-	let value;
-	let hasValue = false;
-	return () => {
-		if (!hasValue) {
-			value = fn();
-			hasValue = true;
-		}
-		return value;
-	};
-};
-/**
-* Utility function to immediately invoke a function and return its result.
-* Useful for complex conditional rendering logic in JSX/TSX where you want
-* to use if/else statements instead of ternary operators.
-*
-* @template T - The return type of the function
-* @param fn - Function to execute immediately
-* @returns The result of executing the function
-*
-* @example
-* ```tsx
-* return (
-*   <div>
-*     {run(() => {
-*       if (state === "loading") return <Spinner />
-*       if (state === "error") return <Error />
-*       return <Content />
-*     })}
-*   </div>
-* )
-* ```
-*/
-const run = (fn) => fn();
-
-//#endregion
-export { getRelativeUrl, isDomainMatch, lazy, run };