@draftlab/auth 0.2.5 → 0.2.6

package/dist/provider/totp.d.ts

@@ -47,14 +47,6 @@ interface TOTPProviderConfig {
    * @param error - Optional error message to display
    */
   register: (req: Request, qrCodeUrl: string, secret: string, backupCodes: string[], error?: string, email?: string) => Promise<Response>;
-  /**
-   * Custom verification handler that generates the UI for TOTP verification.
-   * Called when user needs to enter their TOTP code.
-   *
-   * @param req - The HTTP request object
-   * @param error - Optional error message to display
-   */
-  verify: (req: Request, error?: string) => Promise<Response>;
   /**
    * Custom recovery handler that generates the UI for backup code entry.
    * Called when user wants to use a recovery code instead of TOTP.

package/dist/provider/totp.js

@@ -42,9 +42,6 @@ const TOTPProvider = (config) => {
 			const saveTOTPData = async (userId, data) => {
 				await Storage.set(ctx.storage, totpKey(userId), data);
 			};
-			const deleteTOTPData = async (userId) => {
-				await Storage.remove(ctx.storage, totpKey(userId));
-			};
 			const generateBackupCodes = (count) => {
 				const codes = [];
 				for (let i = 0; i < count; i++) {
@@ -66,7 +63,7 @@ const TOTPProvider = (config) => {
 			routes.get("/register", async (c) => {
 				return ctx.forward(c, await config.register(c.request, "", "", []));
 			});
-			routes.post("/register-verify", async (c) => {
+			routes.post("/register", async (c) => {
 				const formData = await c.formData();
 				const email = formData.get("email")?.toString();
 				const action = formData.get("action")?.toString();
@@ -110,13 +107,13 @@ const TOTPProvider = (config) => {
 			routes.get("/authorize", async (c) => {
 				return ctx.forward(c, await config.authorize(c.request));
 			});
-			routes.post("/verify", async (c) => {
+			routes.post("/authorize", async (c) => {
 				const formData = await c.formData();
 				const email = formData.get("email")?.toString();
 				const token = formData.get("token")?.toString();
-				if (!email || !token) return ctx.forward(c, await config.verify(c.request, "Email and verification code are required"));
+				if (!email || !token) return ctx.forward(c, await config.authorize(c.request, "Email and verification code are required"));
 				const totpData = await getTOTPData(email);
-				if (!totpData || !totpData.enabled) return ctx.forward(c, await config.verify(c.request, "TOTP is not set up for this email"));
+				if (!totpData || !totpData.enabled) return ctx.forward(c, await config.authorize(c.request, "TOTP is not set up for this email"));
 				const totp = createTOTPInstance(totpData.secret, totpData.label || email);
 				const delta = totp.validate({
 					token,
@@ -126,12 +123,12 @@ const TOTPProvider = (config) => {
 					email,
 					method: "totp"
 				});
-				return ctx.forward(c, await config.verify(c.request, "Invalid verification code"));
+				return ctx.forward(c, await config.authorize(c.request, "Invalid verification code"));
 			});
 			routes.get("/recovery", async (c) => {
 				return ctx.forward(c, await config.recovery(c.request));
 			});
-			routes.post("/recovery-verify", async (c) => {
+			routes.post("/recovery", async (c) => {
 				const formData = await c.formData();
 				const email = formData.get("email")?.toString();
 				const code = formData.get("code")?.toString()?.toUpperCase();
@@ -149,40 +146,6 @@ const TOTPProvider = (config) => {
 				}
 				return ctx.forward(c, await config.recovery(c.request, "Invalid or already used recovery code"));
 			});
-			routes.post("/disable", async (c) => {
-				const userId = c.query("userId");
-				if (!userId) return c.json({ error: "User ID is required" }, { status: 400 });
-				await deleteTOTPData(userId);
-				return c.json({
-					success: true,
-					message: "TOTP has been disabled"
-				});
-			});
-			routes.get("/status", async (c) => {
-				const userId = c.query("userId");
-				if (!userId) return c.json({ error: "User ID is required" }, { status: 400 });
-				const totpData = await getTOTPData(userId);
-				return c.json({
-					enabled: totpData?.enabled || false,
-					hasBackupCodes: (totpData?.backupCodes?.length || 0) > 0,
-					backupCodesCount: totpData?.backupCodes?.length || 0,
-					setupDate: totpData?.createdAt
-				});
-			});
-			routes.post("/regenerate-backup-codes", async (c) => {
-				const userId = c.query("userId");
-				if (!userId) return c.json({ error: "User ID is required" }, { status: 400 });
-				const totpData = await getTOTPData(userId);
-				if (!totpData || !totpData.enabled) return c.json({ error: "TOTP is not enabled for this user" }, { status: 400 });
-				const newBackupCodes = generateBackupCodes(backupCodesCount);
-				totpData.backupCodes = newBackupCodes;
-				await saveTOTPData(userId, totpData);
-				return c.json({
-					success: true,
-					backupCodes: newBackupCodes,
-					message: "New backup codes generated"
-				});
-			});
 		}
 	};
 };

package/dist/ui/select.js

@@ -8,16 +8,7 @@ import { jsx, jsxs } from "preact/jsx-runtime";
 */
 const PROVIDER_ICONS = {
 	github: ICON_GITHUB,
-	google: ICON_GOOGLE,
-	code: () => /* @__PURE__ */ jsx("svg", {
-		width: "20",
-		height: "20",
-		viewBox: "0 0 52 52",
-		fill: "currentColor",
-		"aria-label": "Code authentication",
-		role: "img",
-		children: /* @__PURE__ */ jsx("path", { d: "M8.55,36.91A6.55,6.55,0,1,1,2,43.45,6.54,6.54,0,0,1,8.55,36.91Zm17.45,0a6.55,6.55,0,1,1-6.55,6.54A6.55,6.55,0,0,1,26,36.91Zm17.45,0a6.55,6.55,0,1,1-6.54,6.54A6.54,6.54,0,0,1,43.45,36.91ZM8.55,19.45A6.55,6.55,0,1,1,2,26,6.55,6.55,0,0,1,8.55,19.45Zm17.45,0A6.55,6.55,0,1,1,19.45,26,6.56,6.56,0,0,1,26,19.45Zm17.45,0A6.55,6.55,0,1,1,36.91,26,6.55,6.55,0,0,1,43.45,19.45ZM8.55,2A6.55,6.55,0,1,1,2,8.55,6.54,6.54,0,0,1,8.55,2ZM26,2a6.55,6.55,0,1,1-6.55,6.55A6.55,6.55,0,0,1,26,2ZM43.45,2a6.55,6.55,0,1,1-6.54,6.55A6.55,6.55,0,0,1,43.45,2Z" })
-	})
+	google: ICON_GOOGLE
 };
 /**
 * Default display names for provider types
@@ -30,28 +21,6 @@ const DEFAULT_DISPLAYS = {
 	password: "Password"
 };
 /**
-* Individual provider button component
-*/
-const ProviderButton = ({ providerKey, providerType, config, displays, buttonText }) => {
-	const displayName = config?.display || displays[providerType] || DEFAULT_DISPLAYS[providerType] || providerType;
-	const IconComponent = PROVIDER_ICONS[providerKey] || PROVIDER_ICONS[providerType];
-	return /* @__PURE__ */ jsxs("a", {
-		href: `./${providerKey}/authorize`,
-		"data-component": "button",
-		"data-color": "ghost",
-		"aria-label": `${buttonText} ${displayName}`,
-		children: [
-			IconComponent && /* @__PURE__ */ jsx("i", {
-				"data-slot": "icon",
-				children: /* @__PURE__ */ jsx(IconComponent, {})
-			}),
-			buttonText,
-			" ",
-			displayName
-		]
-	});
-};
-/**
 * Main provider selection component
 */
 const ProviderSelect = ({ providers, config = {}, theme }) => {
@@ -66,13 +35,25 @@ const ProviderSelect = ({ providers, config = {}, theme }) => {
 		title: "Sign In",
 		children: /* @__PURE__ */ jsx("div", {
 			"data-component": "form",
-			children: visibleProviders.map(([key, type]) => /* @__PURE__ */ jsx(ProviderButton, {
-				providerKey: key,
-				providerType: type,
-				config: config.providers?.[key],
-				displays,
-				buttonText
-			}, key))
+			children: visibleProviders.map(([key, type]) => {
+				const displayName = config.providers?.[key]?.display || displays[type] || DEFAULT_DISPLAYS[type] || type;
+				const IconComponent = PROVIDER_ICONS[key] || PROVIDER_ICONS[type];
+				return /* @__PURE__ */ jsxs("a", {
+					href: `./${key}/authorize`,
+					"data-component": "button",
+					"data-color": "ghost",
+					"aria-label": `${buttonText} ${displayName}`,
+					children: [
+						IconComponent && /* @__PURE__ */ jsx("i", {
+							"data-slot": "icon",
+							children: /* @__PURE__ */ jsx(IconComponent, {})
+						}),
+						buttonText,
+						" ",
+						displayName
+					]
+				}, key);
+			})
 		})
 	});
 };

package/dist/ui/totp.d.ts

@@ -6,12 +6,6 @@ import { TOTPProviderConfig } from "../provider/totp.js";
  * Strongly typed copy text configuration for TOTP UI
  */
 interface TOTPUICopy {
-  readonly setup_title: string;
-  readonly setup_description: string;
-  readonly verify_title: string;
-  readonly verify_description: string;
-  readonly recovery_title: string;
-  readonly recovery_description: string;
   readonly setup_manual_entry: string;
   readonly setup_backup_codes_title: string;
   readonly setup_backup_codes_description: string;

package/dist/ui/totp.js

@@ -5,12 +5,6 @@ import QRCode from "qrcode";
 
 //#region src/ui/totp.tsx
 const DEFAULT_COPY = {
-	setup_title: "Set up Two-Factor Authentication",
-	setup_description: "Scan the QR code with your authenticator app, then enter the verification code.",
-	verify_title: "Enter authentication code",
-	verify_description: "Open your authenticator app and enter the current 6-digit code.",
-	recovery_title: "Use backup code",
-	recovery_description: "Enter one of your backup codes. Each code can only be used once.",
 	setup_manual_entry: "Can't scan? Enter this code manually:",
 	setup_backup_codes_title: "Save your backup codes",
 	setup_backup_codes_description: "Store these backup codes in a safe place. You can use them to access your account if you lose your device.",
@@ -54,7 +48,7 @@ const TOTPUI = (options = {}) => {
 		if (!qrCodeUrl) return /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
 			"data-component": "form",
 			method: "post",
-			action: "./register-verify",
+			action: "./register",
 			children: [
 				/* @__PURE__ */ jsx(FormAlert, { message: error }),
 				/* @__PURE__ */ jsx("input", {
@@ -93,7 +87,7 @@ const TOTPUI = (options = {}) => {
 		return /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
 			"data-component": "form",
 			method: "post",
-			action: "./register-verify",
+			action: "./register",
 			children: [
 				/* @__PURE__ */ jsx(FormAlert, { message: error }),
 				email && /* @__PURE__ */ jsx("input", {
@@ -169,7 +163,7 @@ const TOTPUI = (options = {}) => {
 	const renderAuthorize = (error) => /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
 		"data-component": "form",
 		method: "post",
-		action: "./verify",
+		action: "./authorize",
 		children: [
 			/* @__PURE__ */ jsx(FormAlert, { message: error }),
 			/* @__PURE__ */ jsx("input", {
@@ -215,55 +209,12 @@ const TOTPUI = (options = {}) => {
 		]
 	}) });
 	/**
-	* Renders the verification form
-	*/
-	const renderVerify = (error) => /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
-		"data-component": "form",
-		method: "post",
-		action: "./verify",
-		children: [
-			/* @__PURE__ */ jsx(FormAlert, { message: error }),
-			/* @__PURE__ */ jsx("input", {
-				type: "email",
-				name: "email",
-				placeholder: "Email",
-				autoComplete: "email",
-				"data-component": "input",
-				required: true
-			}),
-			/* @__PURE__ */ jsx("input", {
-				type: "text",
-				name: "token",
-				placeholder: copy.input_token,
-				pattern: "[0-9]{6}",
-				maxLength: 6,
-				minLength: 6,
-				autoComplete: "one-time-code",
-				"data-component": "input",
-				required: true
-			}),
-			/* @__PURE__ */ jsx("button", {
-				type: "submit",
-				"data-component": "button",
-				children: copy.button_continue
-			}),
-			/* @__PURE__ */ jsx("div", {
-				"data-component": "form-footer",
-				children: /* @__PURE__ */ jsx("a", {
-					href: "./recovery",
-					"data-component": "link",
-					children: copy.link_use_recovery
-				})
-			})
-		]
-	}) });
-	/**
 	* Renders the recovery form
 	*/
 	const renderRecovery = (error) => /* @__PURE__ */ jsx(Layout, { children: /* @__PURE__ */ jsxs("form", {
 		"data-component": "form",
 		method: "post",
-		action: "./recovery-verify",
+		action: "./recovery",
 		children: [
 			/* @__PURE__ */ jsx(FormAlert, { message: error }),
 			/* @__PURE__ */ jsx("input", {
@@ -308,10 +259,6 @@ const TOTPUI = (options = {}) => {
 			const jsx$1 = await renderRegister(qrCodeUrl, secret, backupCodes, error, email);
 			return new Response(renderToHTML(jsx$1), { headers: { "Content-Type": "text/html" } });
 		},
-		verify: async (_req, error) => {
-			const jsx$1 = renderVerify(error);
-			return new Response(renderToHTML(jsx$1), { headers: { "Content-Type": "text/html" } });
-		},
 		recovery: async (_req, error) => {
 			const jsx$1 = renderRecovery(error);
 			return new Response(renderToHTML(jsx$1), { headers: { "Content-Type": "text/html" } });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@draftlab/auth",
-  "version": "0.2.5",
+  "version": "0.2.6",
   "type": "module",
   "description": "Core implementation for @draftlab/auth",
   "author": "Matheus Pergoli",
@@ -60,10 +60,10 @@
     "@standard-schema/spec": "^1.0.0",
     "jose": "^6.0.12",
     "otpauth": "^9.4.0",
-    "preact": "^10.26.9",
+    "preact": "^10.27.0",
     "preact-render-to-string": "^6.5.13",
     "qrcode": "^1.5.4",
-    "@draftlab/auth-router": "0.0.4"
+    "@draftlab/auth-router": "0.0.5"
   },
   "engines": {
     "node": ">=18"