@draftlab/auth 0.4.0 → 0.5.0

package/dist/provider/{password.js → password.mjs}

@@ -1,7 +1,7 @@
-import { getRelativeUrl } from "../util.js";
-import { UnknownStateError } from "../error.js";
-import { generateUnbiasedDigits, timingSafeCompare } from "../random.js";
-import { Storage } from "../storage/storage.js";
+import { getRelativeUrl } from "../util.mjs";
+import { UnknownStateError } from "../error.mjs";
+import { generateUnbiasedDigits, timingSafeCompare } from "../random.mjs";
+import { Storage } from "../storage/storage.mjs";
 import * as jose from "jose";
 import { randomBytes, scrypt, timingSafeEqual } from "node:crypto";
 import { TextEncoder } from "node:util";
@@ -123,12 +123,11 @@ const PasswordProvider = (config) => {
 							message: validationError
 						});
 					}
-					const existingUser = await Storage.get(ctx.storage, [
+					if (await Storage.get(ctx.storage, [
 						"email",
 						email,
 						"password"
-					]);
-					if (existingUser) return transition(provider, { type: "email_taken" });
+					])) return transition(provider, { type: "email_taken" });
 					const code = generateCode();
 					await config.sendCode(email, code);
 					return transition({
@@ -151,12 +150,11 @@ const PasswordProvider = (config) => {
 				if (action === "verify" && provider.type === "code") {
 					const code = formData.get("code")?.toString();
 					if (!(code && timingSafeCompare(code, provider.code))) return transition(provider, { type: "invalid_code" });
-					const existingUser = await Storage.get(ctx.storage, [
+					if (await Storage.get(ctx.storage, [
 						"email",
 						provider.email,
 						"password"
-					]);
-					if (existingUser) return transition({ type: "start" }, { type: "email_taken" });
+					])) return transition({ type: "start" }, { type: "email_taken" });
 					await Storage.set(ctx.storage, [
 						"email",
 						provider.email,
@@ -170,10 +168,9 @@ const PasswordProvider = (config) => {
 			* GET /change - Display password change form
 			*/
 			routes.get("/change", async (c) => {
-				const redirect = c.query("redirect_uri") || getRelativeUrl(c, "/authorize");
 				const state = {
 					type: "start",
-					redirect
+					redirect: c.query("redirect_uri") || getRelativeUrl(c, "/authorize")
 				};
 				await ctx.set(c, "provider", 3600 * 24, state);
 				return ctx.forward(c, await config.change(c.request, state));
@@ -215,12 +212,11 @@ const PasswordProvider = (config) => {
 					});
 				}
 				if (action === "update" && provider.type === "update") {
-					const existingPassword = await Storage.get(ctx.storage, [
+					if (!await Storage.get(ctx.storage, [
 						"email",
 						provider.email,
 						"password"
-					]);
-					if (!existingPassword) return c.redirect(provider.redirect, 302);
+					])) return c.redirect(provider.redirect, 302);
 					const password = formData.get("password")?.toString();
 					const repeat = formData.get("repeat")?.toString();
 					if (!password) return transition(provider, { type: "invalid_password" });
@@ -274,8 +270,7 @@ const PBKDF2Hasher = (opts) => {
 	const iterations = opts?.iterations ?? 6e5;
 	return {
 		async hash(password) {
-			const encoder = new TextEncoder();
-			const passwordBytes = encoder.encode(password);
+			const passwordBytes = new TextEncoder().encode(password);
 			const salt = crypto.getRandomValues(new Uint8Array(16));
 			const keyMaterial = await crypto.subtle.importKey("raw", passwordBytes, "PBKDF2", false, ["deriveBits"]);
 			const hashBuffer = await crypto.subtle.deriveBits({
@@ -284,17 +279,14 @@ const PBKDF2Hasher = (opts) => {
 				salt,
 				iterations
 			}, keyMaterial, 256);
-			const hashBase64 = jose.base64url.encode(new Uint8Array(hashBuffer));
-			const saltBase64 = jose.base64url.encode(salt);
 			return {
-				hash: hashBase64,
-				salt: saltBase64,
+				hash: jose.base64url.encode(new Uint8Array(hashBuffer)),
+				salt: jose.base64url.encode(salt),
 				iterations
 			};
 		},
 		async verify(password, compare) {
-			const encoder = new TextEncoder();
-			const passwordBytes = encoder.encode(password);
+			const passwordBytes = new TextEncoder().encode(password);
 			const salt = jose.base64url.decode(compare.salt);
 			const keyMaterial = await crypto.subtle.importKey("raw", passwordBytes, "PBKDF2", false, ["deriveBits"]);
 			const hashBuffer = await crypto.subtle.deriveBits({
@@ -303,8 +295,7 @@ const PBKDF2Hasher = (opts) => {
 				salt,
 				iterations: compare.iterations
 			}, keyMaterial, 256);
-			const hashBase64 = jose.base64url.encode(new Uint8Array(hashBuffer));
-			return timingSafeCompare(hashBase64, compare.hash);
+			return timingSafeCompare(jose.base64url.encode(new Uint8Array(hashBuffer)), compare.hash);
 		}
 	};
 };
@@ -324,21 +315,18 @@ const ScryptHasher = (opts) => {
 		async hash(password) {
 			const salt = randomBytes(16);
 			const keyLength = 32;
-			const derivedKey = await new Promise((resolve, reject) => {
-				scrypt(password, salt, keyLength, {
-					N,
-					r,
-					p
-				}, (err, derivedKey$1) => {
-					if (err) reject(err);
-					else resolve(derivedKey$1);
-				});
-			});
-			const hashBase64 = derivedKey.toString("base64");
-			const saltBase64 = salt.toString("base64");
 			return {
-				hash: hashBase64,
-				salt: saltBase64,
+				hash: (await new Promise((resolve, reject) => {
+					scrypt(password, salt, keyLength, {
+						N,
+						r,
+						p
+					}, (err, derivedKey) => {
+						if (err) reject(err);
+						else resolve(derivedKey);
+					});
+				})).toString("base64"),
+				salt: salt.toString("base64"),
 				N,
 				r,
 				p
@@ -347,17 +335,16 @@ const ScryptHasher = (opts) => {
 		async verify(password, compare) {
 			const salt = Buffer.from(compare.salt, "base64");
 			const keyLength = 32;
-			const derivedKey = await new Promise((resolve, reject) => {
+			return timingSafeEqual(await new Promise((resolve, reject) => {
 				scrypt(password, salt, keyLength, {
 					N: compare.N,
 					r: compare.r,
 					p: compare.p
-				}, (err, derivedKey$1) => {
+				}, (err, derivedKey) => {
 					if (err) reject(err);
-					else resolve(derivedKey$1);
+					else resolve(derivedKey);
 				});
-			});
-			return timingSafeEqual(derivedKey, Buffer.from(compare.hash, "base64"));
+			}), Buffer.from(compare.hash, "base64"));
 		}
 	};
 };

package/dist/provider/{provider.d.ts → provider.d.mts}

@@ -1,4 +1,4 @@
-import { StorageAdapter } from "../storage/storage.js";
+import { StorageAdapter } from "../storage/storage.mjs";
 import { Router } from "@draftlab/auth-router";
 import { RouterContext } from "@draftlab/auth-router/types";
 

package/dist/provider/{totp.d.ts → totp.d.mts}

@@ -1,4 +1,4 @@
-import { Provider } from "./provider.js";
+import { Provider } from "./provider.mjs";
 
 //#region src/provider/totp.d.ts
 

package/dist/provider/{totp.js → totp.mjs}

@@ -1,8 +1,50 @@
-import { generateSecureToken } from "../random.js";
-import { Storage } from "../storage/storage.js";
+import { generateSecureToken } from "../random.mjs";
+import { Storage } from "../storage/storage.mjs";
 import { Secret, TOTP } from "otpauth";
 
 //#region src/provider/totp.ts
+/**
+* Configures a provider that supports TOTP (Time-based One-Time Password) authentication.
+*
+* ```ts
+* import { TOTPProvider } from "@draftlab/auth/provider/totp"
+*
+* export default issuer({
+*   providers: {
+*     totp: TOTPProvider({
+*       issuer: "My Application",
+*       setup: async (req, qrCode, secret, backupCodes) => {
+*         return new Response(renderSetupPage(qrCode, secret, backupCodes))
+*       },
+*       verify: async (req, error) => {
+*         return new Response(renderVerifyPage(error))
+*       },
+*       recovery: async (req, error) => {
+*         return new Response(renderRecoveryPage(error))
+*       }
+*     })
+*   },
+*   // ...
+* })
+* ```
+*
+* TOTPProvider implements Time-based One-Time Password authentication.
+* It provides secure TOTP token generation and verification with backup recovery codes.
+*
+* The provider requires configuration of:
+* - Issuer name for authenticator apps
+* - UI handlers for setup, verification, and recovery flows
+* - Optional TOTP parameters (algorithm, digits, period)
+*
+* It automatically manages:
+* - Secure secret generation
+* - QR code URL generation for authenticator apps
+* - Token validation with timing attack protection
+* - Recovery codes generation and one-time usage
+* - Storage of TOTP configuration and backup codes
+*
+* @packageDocumentation
+*/
 const totpKey = (userId) => [
 	"totp",
 	"user",
@@ -72,16 +114,14 @@ const TOTPProvider = (config) => {
 					const secret = new Secret({ size: 20 });
 					const label = config.generateLabel ? await config.generateLabel(email) : email;
 					const backupCodes = generateBackupCodes(backupCodesCount);
-					const totp$1 = createTOTPInstance(secret.base32, label);
-					const qrCodeUrl$1 = totp$1.toString();
-					const totpData$1 = {
+					const qrCodeUrl$1 = createTOTPInstance(secret.base32, label).toString();
+					await saveTOTPData(email, {
 						secret: secret.base32,
 						enabled: false,
 						backupCodes,
 						createdAt: (/* @__PURE__ */ new Date()).toISOString(),
 						label
-					};
-					await saveTOTPData(email, totpData$1);
+					});
 					return ctx.forward(c, await config.register(c.request, qrCodeUrl$1, secret.base32, backupCodes, void 0, email));
 				}
 				const token = formData.get("token")?.toString();
@@ -89,11 +129,10 @@ const TOTPProvider = (config) => {
 				const totpData = await getTOTPData(email);
 				if (!totpData) return ctx.forward(c, await config.register(c.request, "", "", [], "TOTP setup session not found"));
 				const totp = createTOTPInstance(totpData.secret, totpData.label || email);
-				const delta = totp.validate({
+				if (totp.validate({
 					token,
 					window
-				});
-				if (delta !== null) {
+				}) !== null) {
 					totpData.enabled = true;
 					await saveTOTPData(email, totpData);
 					return ctx.success(c, {
@@ -114,12 +153,10 @@ const TOTPProvider = (config) => {
 				if (!email || !token) return ctx.forward(c, await config.authorize(c.request, "Email and verification code are required"));
 				const totpData = await getTOTPData(email);
 				if (!totpData || !totpData.enabled) return ctx.forward(c, await config.authorize(c.request, "TOTP is not set up for this email"));
-				const totp = createTOTPInstance(totpData.secret, totpData.label || email);
-				const delta = totp.validate({
+				if (createTOTPInstance(totpData.secret, totpData.label || email).validate({
 					token,
 					window
-				});
-				if (delta !== null) return ctx.success(c, {
+				}) !== null) return ctx.success(c, {
 					email,
 					method: "totp"
 				});

package/dist/{random.js → random.mjs}

@@ -25,8 +25,7 @@ const generateSecureToken = (length = 32) => {
 	if (length <= 0 || !Number.isInteger(length)) throw new RangeError("Token length must be a positive integer");
 	const randomBytes$1 = new Uint8Array(length);
 	crypto.getRandomValues(randomBytes$1);
-	const base64 = btoa(String.fromCharCode.apply(null, Array.from(randomBytes$1)));
-	return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+	return btoa(String.fromCharCode.apply(null, Array.from(randomBytes$1))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
 };
 /**
 * Generates a cryptographically secure string of random digits without modulo bias.

package/dist/storage/{memory.d.ts → memory.d.mts}

@@ -1,4 +1,4 @@
-import { StorageAdapter } from "./storage.js";
+import { StorageAdapter } from "./storage.mjs";
 
 //#region src/storage/memory.d.ts
 

package/dist/storage/{memory.js → memory.mjs}

@@ -1,4 +1,4 @@
-import { joinKey, splitKey } from "./storage.js";
+import { joinKey, splitKey } from "./storage.mjs";
 import { existsSync, readFileSync } from "node:fs";
 import { writeFile } from "node:fs/promises";
 
@@ -79,8 +79,7 @@ const MemoryStorage = (options) => {
 	};
 	return {
 		async get(key) {
-			const searchKey = joinKey(key);
-			const match = search(searchKey);
+			const match = search(joinKey(key));
 			if (!match.found) return;
 			const storeEntry = store[match.index];
 			if (!storeEntry) return;
@@ -104,8 +103,7 @@ const MemoryStorage = (options) => {
 			await save();
 		},
 		async remove(key) {
-			const searchKey = joinKey(key);
-			const match = search(searchKey);
+			const match = search(joinKey(key));
 			if (match.found) {
 				store.splice(match.index, 1);
 				await save();

package/dist/storage/{storage.d.ts → storage.d.mts}

@@ -42,50 +42,64 @@ interface StorageAdapter {
 }
 /**
  * Joins an array of key segments into a single string using the separator.
+ * Segments are properly escaped to handle any input, including separators and escape characters.
  *
  * @param key - Array of key segments to join
  * @returns Single string representing the full key path
  *
  * @example
  * ```ts
- * joinKey(['user', 'session', '123'])
- * // Returns: "user\x1fsession\x1f123"
+ * joinKey(['user', 'data\x1fwith\x1fseparators'])
+ * // Returns: "user\x1fdata\\x1fwith\\x1fseparators"
  * ```
  */
 declare const joinKey: (key: string[]) => string;
 /**
  * Splits a joined key string back into its component segments.
+ * Handles escaped characters properly.
  *
  * @param key - Joined key string to split
  * @returns Array of individual key segments
  *
  * @example
  * ```ts
- * splitKey("user\x1fsession\x1f123")
- * // Returns: ['user', 'session', '123']
+ * splitKey("user\x1fdata\\x1fwith\\x1fseparators")
+ * // Returns: ['user', 'data\x1fwith\x1fseparators']
  * ```
  */
 declare const splitKey: (key: string) => string[];
 /**
  * High-level storage operations with key encoding and type safety.
  * Provides a convenient interface over storage adapters with additional features
- * like TTL conversion and key sanitization.
+ * like TTL validation and secure key encoding to prevent collisions.
  */
 declare const Storage: {
   /**
-   * Encodes key segments by removing any separator characters to prevent conflicts.
-   * Ensures storage keys don't contain characters that could break key parsing.
+   * Encodes key segments by escaping special characters.
+   * Ensures storage keys don't contain unescaped separator characters that could cause collisions.
    *
    * @param key - Array of key segments to encode
-   * @returns Array of sanitized key segments
+   * @returns Array of properly escaped key segments
+   *
+   * @throws {Error} If any segment is empty or whitespace-only
    *
    * @example
    * ```ts
    * Storage.encode(['user', 'data\x1fwith\x1fseparators'])
-   * // Returns: ['user', 'datawithseparators']
+   * // Returns: ['user', 'data\\x1fwith\\x1fseparators']
    * ```
    */
   readonly encode: (key: string[]) => string[];
+  /**
+   * Decodes key segments by unescaping special characters.
+   * Reverse operation of encode().
+   *
+   * @param key - Array of encoded key segments
+   * @returns Array of decoded key segments
+   *
+   * @internal
+   */
+  readonly decode: (key: string[]) => string[];
   /**
    * Retrieves a typed value from storage.
    *
@@ -110,6 +124,7 @@ declare const Storage: {
   readonly get: <T = Record<string, unknown>>(adapter: StorageAdapter, key: string[]) => Promise<T | null>;
   /**
    * Stores a value with optional time-to-live in seconds.
+   * Validates that TTL is a positive integer to prevent edge cases like negative or overflow values.
    *
    * @param adapter - Storage adapter to use
    * @param key - Array of key segments identifying where to store
@@ -117,12 +132,14 @@ declare const Storage: {
    * @param ttlSeconds - Optional TTL in seconds for automatic expiration
    * @returns Promise that resolves when storage is complete
    *
+   * @throws {RangeError} If TTL is invalid (negative, non-integer, or exceeds maximum)
+   *
    * @example
    * ```ts
    * // Store with 1 hour TTL
    * await Storage.set(adapter, ['sessions', sessionId], sessionData, 3600)
    *
-   * // Store permanently
+   * // Store permanently (no expiration)
    * await Storage.set(adapter, ['users', userId], userData)
    * ```
    */

package/dist/storage/storage.mjs

@@ -0,0 +1,104 @@
+//#region src/storage/storage.ts
+/**
+* ASCII unit separator character used to join key segments.
+* Using a control character ensures it won't conflict with user data.
+*/
+const SEPARATOR = String.fromCharCode(31);
+/**
+* Escape character used to escape SEPARATOR characters in key segments.
+* Uses backslash as the escape character, which is then itself escaped when appearing.
+*/
+const ESCAPE = "\\";
+/**
+* Joins an array of key segments into a single string using the separator.
+* Segments are properly escaped to handle any input, including separators and escape characters.
+*
+* @param key - Array of key segments to join
+* @returns Single string representing the full key path
+*
+* @example
+* ```ts
+* joinKey(['user', 'data\x1fwith\x1fseparators'])
+* // Returns: "user\x1fdata\\x1fwith\\x1fseparators"
+* ```
+*/
+const joinKey = (key) => {
+	return key.join(SEPARATOR);
+};
+/**
+* Splits a joined key string back into its component segments.
+* Handles escaped characters properly.
+*
+* @param key - Joined key string to split
+* @returns Array of individual key segments
+*
+* @example
+* ```ts
+* splitKey("user\x1fdata\\x1fwith\\x1fseparators")
+* // Returns: ['user', 'data\x1fwith\x1fseparators']
+* ```
+*/
+const splitKey = (key) => {
+	return key.split(SEPARATOR);
+};
+/**
+* Encodes a single key segment by escaping special characters.
+* Prevents collisions by properly escaping separator and escape characters.
+*
+* @param segment - The key segment to encode
+* @returns Encoded segment with special characters escaped
+* @throws {Error} If segment is empty or whitespace-only
+*
+* @internal
+*/
+const encodeSegment = (segment) => {
+	if (!segment || !segment.trim()) throw new Error(`Storage key segment cannot be empty or whitespace-only: "${segment}"`);
+	return segment.replaceAll(ESCAPE, ESCAPE + ESCAPE).replaceAll(SEPARATOR, ESCAPE + SEPARATOR);
+};
+/**
+* Decodes a key segment by unescaping special characters.
+* Reverse of encodeSegment operation.
+*
+* @param segment - The encoded segment to decode
+* @returns Decoded segment with special characters restored
+*
+* @internal
+*/
+const decodeSegment = (segment) => {
+	return segment.replaceAll(ESCAPE + SEPARATOR, SEPARATOR).replaceAll(ESCAPE + ESCAPE, ESCAPE);
+};
+/**
+* High-level storage operations with key encoding and type safety.
+* Provides a convenient interface over storage adapters with additional features
+* like TTL validation and secure key encoding to prevent collisions.
+*/
+const Storage = {
+	encode: (key) => {
+		return key.map(encodeSegment);
+	},
+	decode: (key) => {
+		return key.map(decodeSegment);
+	},
+	get: (adapter, key) => {
+		return adapter.get(Storage.encode(key));
+	},
+	set: (adapter, key, value, ttlSeconds) => {
+		if (ttlSeconds !== void 0 && ttlSeconds !== null) {
+			if (!Number.isInteger(ttlSeconds)) throw new RangeError(`Storage TTL must be an integer in seconds, received ${typeof ttlSeconds}`);
+			if (ttlSeconds <= 0) throw new RangeError(`Storage TTL must be positive, received ${ttlSeconds}`);
+			const maxTtlSeconds = 3600 * 24 * 365 * 10;
+			if (ttlSeconds > maxTtlSeconds) throw new RangeError(`Storage TTL exceeds maximum (${maxTtlSeconds}s = 10 years), received ${ttlSeconds}s`);
+		}
+		const expiry = ttlSeconds ? new Date(Date.now() + ttlSeconds * 1e3) : void 0;
+		return adapter.set(Storage.encode(key), value, expiry);
+	},
+	remove: (adapter, key) => {
+		return adapter.remove(Storage.encode(key));
+	},
+	scan: (adapter, prefix) => {
+		return adapter.scan(Storage.encode(prefix));
+	}
+};
+
+//#endregion
+export { Storage, joinKey, splitKey };

package/dist/storage/{turso.d.ts → turso.d.mts}

@@ -1,4 +1,4 @@
-import { StorageAdapter } from "./storage.js";
+import { StorageAdapter } from "./storage.mjs";
 import { Client } from "@libsql/client";
 
 //#region src/storage/turso.d.ts

package/dist/storage/{turso.js → turso.mjs}

@@ -1,4 +1,4 @@
-import { joinKey, splitKey } from "./storage.js";
+import { joinKey, splitKey } from "./storage.mjs";
 
 //#region src/storage/turso.ts
 /**

package/dist/storage/{unstorage.d.ts → unstorage.d.mts}

@@ -1,4 +1,4 @@
-import { StorageAdapter } from "./storage.js";
+import { StorageAdapter } from "./storage.mjs";
 import { Driver } from "unstorage";
 
 //#region src/storage/unstorage.d.ts

package/dist/storage/{unstorage.js → unstorage.mjs}

@@ -1,8 +1,15 @@
-import { joinKey, splitKey } from "./storage.js";
+import { joinKey, splitKey } from "./storage.mjs";
 import { createStorage } from "unstorage";
 
 //#region src/storage/unstorage.ts
 /**
+* Universal storage adapter for Draft Auth using Unstorage drivers.
+* Provides seamless integration with any Unstorage-compatible backend including
+* Redis, Cloudflare KV, Vercel KV, and more.
+*
+* @packageDocumentation
+*/
+/**
 * Creates a Draft Auth storage adapter using Unstorage drivers.
 * Supports automatic expiration, error handling, and any Unstorage driver.
 *
@@ -35,15 +42,15 @@ const UnStorage = ({ driver } = {}) => {
 			try {
 				const keyPath = joinKey(key);
 				const entry = await store.getItem(keyPath);
-				if (!entry) return void 0;
+				if (!entry) return;
 				if (entry.expiry && Date.now() >= entry.expiry) {
 					store.removeItem(keyPath).catch(() => {});
-					return void 0;
+					return;
 				}
 				return entry.value;
 			} catch (error) {
 				console.error("UnStorage get error:", error);
-				return void 0;
+				return;
 			}
 		},
 		async set(key, value, expiry) {

package/dist/{subject.d.ts → subject.d.mts}

@@ -1,4 +1,4 @@
-import { Prettify } from "./util.js";
+import { Prettify } from "./util.mjs";
 import { StandardSchemaV1 } from "@standard-schema/spec";
 
 //#region src/subject.d.ts

package/dist/types.mjs

@@ -0,0 +1 @@
+export {  };

package/dist/ui/{base.d.ts → base.d.mts}

@@ -1,4 +1,4 @@
-import { Theme } from "../themes/theme.js";
+import { Theme } from "../themes/theme.mjs";
 import * as preact0 from "preact";
 import { ComponentChildren } from "preact";
 

package/dist/ui/{base.js → base.mjs}

@@ -1,4 +1,4 @@
-import { getTheme } from "../themes/theme.js";
+import { getTheme } from "../themes/theme.mjs";
 import { render } from "preact-render-to-string";
 import { jsx, jsxs } from "preact/jsx-runtime";
 

package/dist/ui/{code.d.ts → code.d.mts}

@@ -1,4 +1,4 @@
-import { CodeProviderOptions } from "../provider/code.js";
+import { CodeProviderOptions } from "../provider/code.mjs";
 
 //#region src/ui/code.d.ts
 

package/dist/ui/{code.js → code.mjs}

@@ -1,5 +1,5 @@
-import { Layout, renderToHTML } from "./base.js";
-import { FormAlert } from "./form.js";
+import { Layout, renderToHTML } from "./base.mjs";
+import { FormAlert } from "./form.mjs";
 import { jsx, jsxs } from "preact/jsx-runtime";
 
 //#region src/ui/code.tsx
@@ -34,9 +34,8 @@ const getErrorMessage = (error, copy) => {
 const getSuccessMessage = (state, copy) => {
 	if (state.type === "start" || !state.claims) return void 0;
 	const contact = state.claims.email || state.claims.phone || "";
-	const prefix = state.resend ? copy.code_resent : copy.code_sent;
 	return {
-		message: `${prefix}${contact}`,
+		message: `${state.resend ? copy.code_resent : copy.code_sent}${contact}`,
 		contact
 	};
 };

package/dist/ui/{magiclink.d.ts → magiclink.d.mts}

@@ -1,4 +1,4 @@
-import { MagicLinkConfig } from "../provider/magiclink.js";
+import { MagicLinkConfig } from "../provider/magiclink.mjs";
 
 //#region src/ui/magiclink.d.ts
 

package/dist/ui/{magiclink.js → magiclink.mjs}

@@ -1,5 +1,5 @@
-import { Layout, renderToHTML } from "./base.js";
-import { FormAlert } from "./form.js";
+import { Layout, renderToHTML } from "./base.mjs";
+import { FormAlert } from "./form.mjs";
 import { jsx, jsxs } from "preact/jsx-runtime";
 
 //#region src/ui/magiclink.tsx
@@ -32,9 +32,8 @@ const getErrorMessage = (error, copy) => {
 const getSuccessMessage = (state, copy, mode) => {
 	if (state.type === "start" || !state.claims) return void 0;
 	const contact = state.claims[mode] || "";
-	const prefix = state.resend ? copy.link_resent : copy.link_sent;
 	return {
-		message: `${prefix}${contact}`,
+		message: `${state.resend ? copy.link_resent : copy.link_sent}${contact}`,
 		contact
 	};
 };

package/dist/ui/{passkey.d.ts → passkey.d.mts}

@@ -1,4 +1,4 @@
-import { PasskeyProviderConfig } from "../provider/passkey.js";
+import { PasskeyProviderConfig } from "../provider/passkey.mjs";
 
 //#region src/ui/passkey.d.ts