@dudousxd/adonis-authkit-server 0.1.0

package/build/src/provider/token_exchange.js

@@ -0,0 +1,72 @@
+import { errors } from 'oidc-provider';
+const TOKEN_EXCHANGE = 'urn:ietf:params:oauth:grant-type:token-exchange';
+const ACCESS_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:access_token';
+export function registerTokenExchange(provider, deps) {
+    const adminRole = deps.adminRole ?? 'ADMIN';
+    const handler = async (ctx) => {
+        const { params, client } = ctx.oidc;
+        if (params.subject_token_type !== ACCESS_TOKEN_TYPE) {
+            throw new errors.InvalidRequest('unsupported subject_token_type');
+        }
+        if (!params.subject_token) {
+            throw new errors.InvalidRequest('subject_token is required');
+        }
+        const subjectAt = await provider.AccessToken.find(params.subject_token);
+        if (!subjectAt || subjectAt.isExpired) {
+            throw new errors.InvalidGrant('subject_token invalid or expired');
+        }
+        const actor = await deps.findAccount(subjectAt.accountId);
+        if (!actor || !(actor.globalRoles ?? []).includes(adminRole)) {
+            throw new errors.InvalidGrant('actor not permitted to impersonate');
+        }
+        const targetId = params.requested_subject;
+        if (!targetId) {
+            throw new errors.InvalidRequest('requested_subject is required');
+        }
+        const target = await deps.findAccount(targetId);
+        if (!target) {
+            throw new errors.InvalidGrant('requested_subject not found');
+        }
+        const scope = params.scope || 'openid profile email';
+        const at = new provider.AccessToken({ accountId: target.id, client, scope });
+        const accessToken = await at.save();
+        const idToken = new provider.IdToken({
+            sub: target.id,
+            email: target.email,
+            email_verified: true,
+            name: target.name,
+            [deps.globalRolesClaim]: target.globalRoles ?? [],
+        }, { ctx });
+        idToken.scope = scope;
+        idToken.set('act', { sub: actor.id });
+        const idTokenJwt = await idToken.issue({ use: 'idtoken' });
+        await deps.audit?.record({
+            type: 'impersonation',
+            actorId: actor.id,
+            accountId: target.id,
+            email: target.email ?? null,
+            clientId: client?.clientId ?? null,
+            ip: ctx.req?.socket?.remoteAddress ?? null,
+            metadata: { scope },
+        });
+        ctx.body = {
+            access_token: accessToken,
+            issued_token_type: ACCESS_TOKEN_TYPE,
+            token_type: at.tokenType ?? 'Bearer',
+            expires_in: at.expiration ?? 3600,
+            id_token: idTokenJwt,
+            scope,
+        };
+    };
+    provider.registerGrantType(TOKEN_EXCHANGE, handler, [
+        'subject_token',
+        'subject_token_type',
+        'requested_subject',
+        'requested_token_type',
+        'scope',
+        'audience',
+        'resource',
+        'actor_token',
+        'actor_token_type',
+    ], ['audience', 'resource']);
+}

package/build/src/register_routes.d.ts

@@ -0,0 +1,16 @@
+import type { Router } from '@adonisjs/core/http';
+/**
+ * Registra a rota catch-all que delega ao handler do oidc-provider.
+ * O issuer do consumidor deve terminar em `mountPath` (default `/oidc`),
+ * pois o oidc-provider roteia internamente sob o issuer.
+ * Uso: registerOidcRoutes(router) no start/routes.ts do auth-service.
+ *
+ * Observabilidade (opt-in):
+ * - `metrics: true` monta `GET /authkit/metrics` (snapshot JSON).
+ * - `dashboard: true` monta `GET /authkit/dashboard` (HTML embutido).
+ */
+export declare function registerOidcRoutes(router: Router, options?: {
+    mountPath?: string;
+    metrics?: boolean;
+    dashboard?: boolean;
+}): void;

package/build/src/register_routes.js

@@ -0,0 +1,21 @@
+import OidcCallbackController from './controllers/oidc_callback_controller.js';
+import MetricsController from './observability/metrics_controller.js';
+/**
+ * Registra a rota catch-all que delega ao handler do oidc-provider.
+ * O issuer do consumidor deve terminar em `mountPath` (default `/oidc`),
+ * pois o oidc-provider roteia internamente sob o issuer.
+ * Uso: registerOidcRoutes(router) no start/routes.ts do auth-service.
+ *
+ * Observabilidade (opt-in):
+ * - `metrics: true` monta `GET /authkit/metrics` (snapshot JSON).
+ * - `dashboard: true` monta `GET /authkit/dashboard` (HTML embutido).
+ */
+export function registerOidcRoutes(router, options = {}) {
+    const mount = options.mountPath ?? '/oidc';
+    router.any(`${mount}/*`, [OidcCallbackController]).as('authkit.oidc.wildcard');
+    router.any(mount, [OidcCallbackController]).as('authkit.oidc.root');
+    if (options.metrics)
+        router.get('/authkit/metrics', [MetricsController, 'json']);
+    if (options.dashboard)
+        router.get('/authkit/dashboard', [MetricsController, 'dashboard']);
+}

package/build/stubs/config/authkit.stub

@@ -0,0 +1,29 @@
+{{{
+  exports({ to: app.configPath('authkit.ts') })
+}}}
+import env from '#start/env'
+import AuthUser from '#models/auth_user'
+import { defineConfig, adapters } from '@authkit/server'
+
+const authServerConfig = defineConfig({
+  issuer: env.get('AUTHKIT_ISSUER'),
+  adapter: adapters.redis({ connection: 'main' }),
+  jwks: { source: 'managed', algorithm: 'RS256' },
+  clients: [
+    // registre seus clients OIDC aqui
+  ],
+  ttl: { accessToken: '15m', refreshToken: '30d' },
+  globalRolesClaim: 'roles',
+  findAccount: async (sub) => {
+    const user = await AuthUser.find(sub)
+    if (!user) return null
+    return { id: user.id, email: user.email, globalRoles: user.globalRoles }
+  },
+  verifyCredentials: async (email, password) => {
+    const user = await AuthUser.query().where('email', email).first()
+    if (!user || !(await user.verifyPassword(password))) return null
+    return { id: user.id }
+  },
+})
+
+export default authServerConfig

package/build/stubs/main.d.ts

@@ -0,0 +1 @@
+export declare const stubsRoot: string;

package/build/stubs/main.js

@@ -0,0 +1,2 @@
+import { fileURLToPath } from 'node:url';
+export const stubsRoot = fileURLToPath(new URL('./', import.meta.url));

package/build/stubs/models/auth_user.stub

@@ -0,0 +1,13 @@
+{{{
+  exports({ to: app.makePath('app/models/auth_user.ts') })
+}}}
+import { BaseModel, column } from '@adonisjs/lucid/orm'
+import { compose } from '@adonisjs/core/helpers'
+import { withAuthUser, withCredentials } from '@authkit/server'
+
+export default class AuthUser extends compose(BaseModel, withAuthUser(), withCredentials()) {
+  static connection = 'auth'
+
+  @column({ isPrimary: true })
+  declare id: string
+}

package/build/stubs/ui/edge/views/consent.edge

@@ -0,0 +1,13 @@
+{{{
+  exports({ to: app.makePath('resources/views/authkit/consent.edge') })
+}}}
+<!doctype html>
+<html lang="pt-br"><head><meta charset="utf-8"><title>Autorizar</title>
+<script src="https://cdn.tailwindcss.com"></script></head>
+<body class="min-h-screen flex items-center justify-center bg-gray-50">
+  <form method="POST" action="/auth/interaction/{{ uid }}/consent" class="w-full max-w-sm bg-white p-6 rounded-lg shadow">
+    <h1 class="text-lg font-semibold mb-2">Autorizar acesso</h1>
+    <p class="text-sm text-gray-600 mb-4">O app <strong>{{ params.client_id }}</strong> quer acessar sua conta.</p>
+    <button class="w-full bg-black text-white rounded py-2">Autorizar</button>
+  </form>
+</body></html>

package/build/stubs/ui/edge/views/login.edge

@@ -0,0 +1,19 @@
+{{{
+  exports({ to: app.makePath('resources/views/authkit/login.edge') })
+}}}
+<!doctype html>
+<html lang="pt-br"><head><meta charset="utf-8"><title>Entrar</title>
+<script src="https://cdn.tailwindcss.com"></script></head>
+<body class="min-h-screen flex items-center justify-center bg-gray-50">
+  <form method="POST" action="/auth/interaction/{{ uid }}/login" class="w-full max-w-sm bg-white p-6 rounded-lg shadow">
+    <h1 class="text-lg font-semibold mb-4">Entrar</h1>
+    @if(error)
+      <p class="text-red-600 text-sm mb-3">{{ error }}</p>
+    @end
+    <label class="block text-sm mb-1">E-mail</label>
+    <input name="email" type="email" required class="w-full border rounded px-3 py-2 mb-3" />
+    <label class="block text-sm mb-1">Senha</label>
+    <input name="password" type="password" required class="w-full border rounded px-3 py-2 mb-4" />
+    <button class="w-full bg-black text-white rounded py-2">Entrar</button>
+  </form>
+</body></html>

package/build/stubs/ui/react/components/auth_shell.tsx

@@ -0,0 +1,67 @@
+{{{
+  exports({ to: app.makePath('inertia/components/auth_shell.tsx') })
+}}}
+import type { ReactNode } from 'react'
+
+export interface AuthBrand {
+  appName: string
+  accent: string
+  accentSoft?: string
+  company?: string
+  tagline?: string
+  audienceLabel?: string
+}
+
+const COMPANY_FALLBACK = 'educ(a)ção'
+
+/**
+ * Layout de duas colunas para as telas de autenticacao do IdP.
+ * Painel esquerdo: marca (empresa guarda-chuva + produto). Painel direito: formulario.
+ */
+export default function AuthShell({
+  brand,
+  children,
+}: {
+  brand?: AuthBrand
+  children: ReactNode
+}) {
+  const accent = brand?.accent ?? '#111827'
+  const accentSoft = brand?.accentSoft ?? accent
+  const company = brand?.company ?? COMPANY_FALLBACK
+  const appName = brand?.appName ?? 'Sua conta'
+  const tagline = brand?.tagline ?? 'Acesso unificado'
+
+  return (
+    <div className="min-h-screen flex items-center justify-center bg-gray-100 p-4">
+      <div className="w-full max-w-4xl overflow-hidden rounded-2xl bg-white shadow-xl ring-1 ring-black/5 grid md:grid-cols-2">
+        {/* Painel da marca */}
+        <div
+          className="relative flex flex-col justify-between p-8 text-white md:p-10"
+          style={{ backgroundImage: `linear-gradient(135deg, ${accent} 0%, ${accentSoft} 100%)` }}
+        >
+          <div
+            className="text-xs font-semibold uppercase tracking-[0.2em] text-white/80"
+            aria-label="Empresa"
+          >
+            {company}
+          </div>
+
+          <div className="mt-10 md:mt-0">
+            <h2 className="text-2xl font-bold leading-tight md:text-3xl">{appName}</h2>
+            <p className="mt-2 text-sm text-white/85">{tagline}</p>
+            {brand?.audienceLabel && (
+              <span className="mt-4 inline-block rounded-full bg-white/20 px-3 py-1 text-xs font-medium uppercase tracking-wide text-white ring-1 ring-white/30">
+                {brand.audienceLabel}
+              </span>
+            )}
+          </div>
+
+          <div className="mt-10 text-xs text-white/60">© {company}</div>
+        </div>
+
+        {/* Painel do formulario */}
+        <div className="p-8 md:p-10">{children}</div>
+      </div>
+    </div>
+  )
+}

package/build/stubs/ui/react/pages/account/login.tsx

@@ -0,0 +1,56 @@
+{{{
+  exports({ to: app.makePath('inertia/pages/authkit/account/login.tsx') })
+}}}
+interface Props {
+  csrfToken: string
+  error?: string
+}
+
+export default function AccountLogin({ csrfToken, error }: Props) {
+  return (
+    <div className="min-h-screen flex items-center justify-center bg-gray-100 p-4">
+      <form
+        method="POST"
+        action="/account/login"
+        className="w-full max-w-sm rounded-2xl bg-white p-8 shadow-xl ring-1 ring-black/5"
+      >
+        <input type="hidden" name="_csrf" value={csrfToken} />
+        <div className="text-xs font-semibold uppercase tracking-[0.2em] text-gray-400">educ(a)ção</div>
+        <h1 className="mt-2 text-xl font-semibold text-gray-900">Minha conta</h1>
+        <p className="mt-1 text-sm text-gray-500">Gerencie seus tokens de acesso.</p>
+
+        {error && <p className="mt-4 text-sm text-red-600">{error}</p>}
+
+        <label htmlFor="email" className="mt-6 mb-1 block text-sm font-medium text-gray-700">
+          E-mail
+        </label>
+        <input
+          id="email"
+          name="email"
+          type="email"
+          required
+          autoFocus
+          className="w-full rounded-lg border border-gray-300 px-3 py-2 text-sm outline-none focus:border-gray-900"
+        />
+
+        <label htmlFor="password" className="mt-4 mb-1 block text-sm font-medium text-gray-700">
+          Senha
+        </label>
+        <input
+          id="password"
+          name="password"
+          type="password"
+          required
+          className="w-full rounded-lg border border-gray-300 px-3 py-2 text-sm outline-none focus:border-gray-900"
+        />
+
+        <button
+          type="submit"
+          className="mt-6 w-full rounded-lg bg-gray-900 py-2.5 text-sm font-semibold text-white transition hover:opacity-90"
+        >
+          Entrar
+        </button>
+      </form>
+    </div>
+  )
+}

package/build/stubs/ui/react/pages/account/mfa.tsx

@@ -0,0 +1,132 @@
+{{{
+  exports({ to: app.makePath('inertia/pages/authkit/account/mfa.tsx') })
+}}}
+interface Props {
+  csrfToken: string
+  enabled: boolean
+  enrolling?: boolean
+  secret?: string | null
+  qrDataUrl?: string | null
+  error?: string
+  recoveryCodes?: string[] | null
+}
+
+export default function AccountMfa({
+  csrfToken,
+  enabled,
+  enrolling,
+  secret,
+  qrDataUrl,
+  error,
+  recoveryCodes,
+}: Props) {
+  return (
+    <div className="min-h-screen bg-gray-100 p-4">
+      <div className="mx-auto max-w-2xl">
+        <div className="flex items-center justify-between py-6">
+          <div>
+            <div className="text-xs font-semibold uppercase tracking-[0.2em] text-gray-400">educ(a)ção</div>
+            <h1 className="text-xl font-semibold text-gray-900">Verificação em duas etapas</h1>
+          </div>
+          <form method="POST" action="/account/logout">
+            <input type="hidden" name="_csrf" value={csrfToken} />
+            <button type="submit" className="text-sm text-gray-500 hover:underline">
+              Sair
+            </button>
+          </form>
+        </div>
+
+        {error && <p className="mb-4 text-sm text-red-600">{error}</p>}
+
+        {recoveryCodes && recoveryCodes.length > 0 && (
+          <div className="mb-6 rounded-lg border border-emerald-300 bg-emerald-50 p-4">
+            <p className="text-sm font-medium text-emerald-900">
+              Guarde seus códigos de recuperação — eles não serão mostrados de novo:
+            </p>
+            <ul className="mt-3 grid grid-cols-2 gap-2">
+              {recoveryCodes.map((rc) => (
+                <li key={rc}>
+                  <code className="block rounded bg-white px-3 py-2 text-sm text-emerald-800 ring-1 ring-emerald-200">
+                    {rc}
+                  </code>
+                </li>
+              ))}
+            </ul>
+          </div>
+        )}
+
+        {enrolling ? (
+          <div className="rounded-xl bg-white p-6 shadow-sm ring-1 ring-black/5">
+            <p className="text-sm text-gray-600">
+              Escaneie o QR code com seu app autenticador (Google Authenticator, 1Password, etc.).
+            </p>
+            {qrDataUrl && (
+              <img src={qrDataUrl} alt="QR code TOTP" className="mx-auto my-4 h-48 w-48" />
+            )}
+            {secret && (
+              <>
+                <p className="text-center text-xs text-gray-500">Ou informe manualmente:</p>
+                <code className="mx-auto mt-1 block w-fit break-all rounded bg-gray-100 px-3 py-2 text-sm text-gray-800">
+                  {secret}
+                </code>
+              </>
+            )}
+            <form method="POST" action="/account/mfa/confirm" className="mt-6">
+              <input type="hidden" name="_csrf" value={csrfToken} />
+              <label htmlFor="code" className="mb-1 block text-sm font-medium text-gray-700">
+                Código de confirmação
+              </label>
+              <input
+                id="code"
+                name="code"
+                inputMode="numeric"
+                pattern="[0-9]*"
+                maxLength={6}
+                autoFocus
+                className="w-full rounded-lg border border-gray-300 px-3 py-2 text-center text-lg tracking-[0.4em] outline-none focus:border-gray-900"
+              />
+              <button
+                type="submit"
+                className="mt-4 w-full rounded-lg bg-gray-900 py-2.5 text-sm font-semibold text-white"
+              >
+                Ativar verificação em duas etapas
+              </button>
+            </form>
+          </div>
+        ) : enabled ? (
+          <div className="rounded-xl bg-white p-6 shadow-sm ring-1 ring-black/5">
+            <p className="text-sm text-gray-700">
+              A verificação em duas etapas está{' '}
+              <span className="font-semibold text-emerald-700">ativa</span> nesta conta.
+            </p>
+            <form method="POST" action="/account/mfa/disable" className="mt-4">
+              <input type="hidden" name="_csrf" value={csrfToken} />
+              <button
+                type="submit"
+                className="rounded-lg border border-red-300 px-4 py-2 text-sm font-semibold text-red-600 hover:bg-red-50"
+              >
+                Desativar
+              </button>
+            </form>
+          </div>
+        ) : (
+          <div className="rounded-xl bg-white p-6 shadow-sm ring-1 ring-black/5">
+            <p className="text-sm text-gray-700">
+              A verificação em duas etapas está desativada. Ative-a para proteger sua conta com um app
+              autenticador.
+            </p>
+            <form method="POST" action="/account/mfa/enroll" className="mt-4">
+              <input type="hidden" name="_csrf" value={csrfToken} />
+              <button
+                type="submit"
+                className="rounded-lg bg-gray-900 px-4 py-2 text-sm font-semibold text-white"
+              >
+                Ativar verificação em duas etapas
+              </button>
+            </form>
+          </div>
+        )}
+      </div>
+    </div>
+  )
+}

package/build/stubs/ui/react/pages/account/tokens.tsx

@@ -0,0 +1,88 @@
+{{{
+  exports({ to: app.makePath('inertia/pages/authkit/account/tokens.tsx') })
+}}}
+interface TokenRow {
+  id: string
+  name: string
+  scopes: string[]
+  audience: string | null
+  lastUsedAt: string | null
+  createdAt: string
+}
+interface Props {
+  csrfToken: string
+  createdToken: string | null
+  tokens: TokenRow[]
+}
+
+export default function AccountTokens({ csrfToken, createdToken, tokens }: Props) {
+  return (
+    <div className="min-h-screen bg-gray-100 p-4">
+      <div className="mx-auto max-w-2xl">
+        <div className="flex items-center justify-between py-6">
+          <div>
+            <div className="text-xs font-semibold uppercase tracking-[0.2em] text-gray-400">educ(a)ção</div>
+            <h1 className="text-xl font-semibold text-gray-900">Tokens de acesso</h1>
+          </div>
+          <form method="POST" action="/account/logout">
+            <input type="hidden" name="_csrf" value={csrfToken} />
+            <button type="submit" className="text-sm text-gray-500 hover:underline">
+              Sair
+            </button>
+          </form>
+        </div>
+
+        {createdToken && (
+          <div className="mb-6 rounded-lg border border-emerald-300 bg-emerald-50 p-4">
+            <p className="text-sm font-medium text-emerald-900">
+              Token criado — copie agora, não será mostrado de novo:
+            </p>
+            <code className="mt-2 block break-all rounded bg-white px-3 py-2 text-sm text-emerald-800 ring-1 ring-emerald-200">
+              {createdToken}
+            </code>
+          </div>
+        )}
+
+        <form
+          method="POST"
+          action="/account/tokens"
+          className="mb-6 flex gap-2 rounded-xl bg-white p-4 shadow-sm ring-1 ring-black/5"
+        >
+          <input type="hidden" name="_csrf" value={csrfToken} />
+          <input
+            name="name"
+            placeholder="Nome do token (ex.: CI deploy)"
+            className="flex-1 rounded-lg border border-gray-300 px-3 py-2 text-sm outline-none focus:border-gray-900"
+          />
+          <button type="submit" className="rounded-lg bg-gray-900 px-4 text-sm font-semibold text-white">
+            Criar
+          </button>
+        </form>
+
+        <div className="overflow-hidden rounded-xl bg-white shadow-sm ring-1 ring-black/5">
+          {tokens.length === 0 ? (
+            <p className="p-6 text-sm text-gray-500">Nenhum token ainda.</p>
+          ) : (
+            tokens.map((t) => (
+              <div key={t.id} className="flex items-center justify-between border-b border-gray-100 p-4 last:border-0">
+                <div>
+                  <p className="text-sm font-medium text-gray-900">{t.name}</p>
+                  <p className="text-xs text-gray-500">
+                    Criado em {new Date(t.createdAt).toLocaleDateString('pt-BR')}
+                    {t.lastUsedAt ? ` · último uso ${new Date(t.lastUsedAt).toLocaleDateString('pt-BR')}` : ' · nunca usado'}
+                  </p>
+                </div>
+                <form method="POST" action={`/account/tokens/${t.id}/revoke`}>
+                  <input type="hidden" name="_csrf" value={csrfToken} />
+                  <button type="submit" className="text-sm text-red-600 hover:underline">
+                    Revogar
+                  </button>
+                </form>
+              </div>
+            ))
+          )}
+        </div>
+      </div>
+    </div>
+  )
+}

package/build/stubs/ui/react/pages/consent.tsx

@@ -0,0 +1,39 @@
+{{{
+  exports({ to: app.makePath('inertia/pages/authkit/consent.tsx') })
+}}}
+import AuthShell, { type AuthBrand } from '../../components/auth_shell'
+
+export default function AuthkitConsent({
+  uid,
+  params,
+  csrfToken,
+  brand,
+}: {
+  uid: string
+  params: { client_id: string }
+  csrfToken: string
+  brand?: AuthBrand
+}) {
+  const accent = brand?.accent ?? '#111827'
+  const appName = brand?.appName ?? params.client_id
+
+  return (
+    <AuthShell brand={brand}>
+      <form method="POST" action={'/auth/interaction/' + uid + '/consent'}>
+        <input type="hidden" name="_csrf" value={csrfToken} />
+        <h1 className="text-xl font-semibold text-gray-900">Autorizar acesso</h1>
+        <p className="mt-2 text-sm text-gray-600">
+          O app <strong>{appName}</strong> quer acessar sua conta.
+        </p>
+
+        <button
+          type="submit"
+          className="mt-6 w-full rounded-lg py-2.5 text-sm font-semibold text-white transition hover:opacity-90"
+          style={{ backgroundColor: accent }}
+        >
+          Autorizar
+        </button>
+      </form>
+    </AuthShell>
+  )
+}

package/build/stubs/ui/react/pages/forgot.tsx

@@ -0,0 +1,44 @@
+{{{
+  exports({ to: app.makePath('inertia/pages/authkit/forgot.tsx') })
+}}}
+import AuthShell from '../../components/auth_shell'
+
+const inputClass =
+  'w-full rounded-lg border border-gray-300 px-3 py-2 text-sm outline-none transition focus:border-transparent focus:ring-2 focus:ring-gray-800'
+
+export default function AuthkitForgot({ csrfToken, sent }: { csrfToken: string; sent?: boolean }) {
+  if (sent) {
+    return (
+      <AuthShell>
+        <h1 className="text-xl font-semibold text-gray-900">E-mail enviado</h1>
+        <p className="mt-2 text-sm text-gray-600">
+          Se o e-mail existir, enviaremos instruções de redefinição.
+        </p>
+      </AuthShell>
+    )
+  }
+
+  return (
+    <AuthShell>
+      <form method="POST" action="/auth/forgot-password">
+        <input type="hidden" name="_csrf" value={csrfToken} />
+        <h1 className="text-xl font-semibold text-gray-900">Recuperar senha</h1>
+        <p className="mt-1 text-sm text-gray-500">Enviaremos um link para redefinir sua senha.</p>
+
+        <div className="mt-6">
+          <label htmlFor="email" className="mb-1 block text-sm font-medium text-gray-700">
+            E-mail
+          </label>
+          <input id="email" name="email" type="email" required className={inputClass} />
+        </div>
+
+        <button
+          type="submit"
+          className="mt-6 w-full rounded-lg bg-gray-900 py-2.5 text-sm font-semibold text-white transition hover:opacity-90"
+        >
+          Enviar link
+        </button>
+      </form>
+    </AuthShell>
+  )
+}