@flink-app/otp-auth-plugin 0.12.1-alpha.40

package/dist/OtpAuthPlugin.d.ts

@@ -0,0 +1,64 @@
+import { FlinkPlugin } from "@flink-app/flink";
+import { OtpAuthPluginOptions } from "./OtpAuthPluginOptions";
+/**
+ * OTP Auth Plugin Factory Function
+ *
+ * Creates a Flink plugin for OTP (One-Time Password) authentication via SMS or email.
+ * Integrates with JWT Auth Plugin for token generation.
+ *
+ * @param options - OTP auth plugin configuration options
+ * @returns FlinkPlugin instance
+ *
+ * @example
+ * ```typescript
+ * import { jwtAuthPlugin } from '@flink-app/jwt-auth-plugin';
+ * import { otpAuthPlugin } from '@flink-app/otp-auth-plugin';
+ *
+ * const app = new FlinkApp({
+ *   auth: jwtAuthPlugin({
+ *     secret: process.env.JWT_SECRET!,
+ *     getUser: async (tokenData) => {
+ *       return ctx.repos.userRepo.getById(tokenData.userId);
+ *     },
+ *     rolePermissions: {
+ *       user: ['read', 'write']
+ *     }
+ *   }),
+ *
+ *   plugins: [
+ *     otpAuthPlugin({
+ *       codeLength: 6,
+ *       codeTTL: 300, // 5 minutes
+ *       maxAttempts: 3,
+ *       onSendCode: async (code, identifier, method) => {
+ *         if (method === 'sms') {
+ *           await ctx.plugins.sms.send(identifier, `Your code: ${code}`);
+ *         } else {
+ *           await ctx.plugins.email.send({
+ *             to: identifier,
+ *             subject: 'Your verification code',
+ *             text: `Your code: ${code}`
+ *           });
+ *         }
+ *         return true;
+ *       },
+ *       onGetUser: async (identifier, method) => {
+ *         if (method === 'sms') {
+ *           return await ctx.repos.userRepo.findOne({ phoneNumber: identifier });
+ *         } else {
+ *           return await ctx.repos.userRepo.findOne({ email: identifier });
+ *         }
+ *       },
+ *       onVerifySuccess: async (user, identifier, method) => {
+ *         const token = await ctx.auth.createToken(
+ *           { userId: user._id, email: user.email },
+ *           user.roles
+ *         );
+ *         return { user, token };
+ *       }
+ *     })
+ *   ]
+ * });
+ * ```
+ */
+export declare function otpAuthPlugin(options: OtpAuthPluginOptions): FlinkPlugin;

package/dist/OtpAuthPlugin.js

@@ -0,0 +1,231 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.otpAuthPlugin = void 0;
+var flink_1 = require("@flink-app/flink");
+var initiate_1 = require("./functions/initiate");
+var verify_1 = require("./functions/verify");
+var PostOtpInitiate = __importStar(require("./handlers/PostOtpInitiate"));
+var PostOtpVerify = __importStar(require("./handlers/PostOtpVerify"));
+var OtpSessionRepo_1 = __importDefault(require("./repos/OtpSessionRepo"));
+/**
+ * OTP Auth Plugin Factory Function
+ *
+ * Creates a Flink plugin for OTP (One-Time Password) authentication via SMS or email.
+ * Integrates with JWT Auth Plugin for token generation.
+ *
+ * @param options - OTP auth plugin configuration options
+ * @returns FlinkPlugin instance
+ *
+ * @example
+ * ```typescript
+ * import { jwtAuthPlugin } from '@flink-app/jwt-auth-plugin';
+ * import { otpAuthPlugin } from '@flink-app/otp-auth-plugin';
+ *
+ * const app = new FlinkApp({
+ *   auth: jwtAuthPlugin({
+ *     secret: process.env.JWT_SECRET!,
+ *     getUser: async (tokenData) => {
+ *       return ctx.repos.userRepo.getById(tokenData.userId);
+ *     },
+ *     rolePermissions: {
+ *       user: ['read', 'write']
+ *     }
+ *   }),
+ *
+ *   plugins: [
+ *     otpAuthPlugin({
+ *       codeLength: 6,
+ *       codeTTL: 300, // 5 minutes
+ *       maxAttempts: 3,
+ *       onSendCode: async (code, identifier, method) => {
+ *         if (method === 'sms') {
+ *           await ctx.plugins.sms.send(identifier, `Your code: ${code}`);
+ *         } else {
+ *           await ctx.plugins.email.send({
+ *             to: identifier,
+ *             subject: 'Your verification code',
+ *             text: `Your code: ${code}`
+ *           });
+ *         }
+ *         return true;
+ *       },
+ *       onGetUser: async (identifier, method) => {
+ *         if (method === 'sms') {
+ *           return await ctx.repos.userRepo.findOne({ phoneNumber: identifier });
+ *         } else {
+ *           return await ctx.repos.userRepo.findOne({ email: identifier });
+ *         }
+ *       },
+ *       onVerifySuccess: async (user, identifier, method) => {
+ *         const token = await ctx.auth.createToken(
+ *           { userId: user._id, email: user.email },
+ *           user.roles
+ *         );
+ *         return { user, token };
+ *       }
+ *     })
+ *   ]
+ * });
+ * ```
+ */
+function otpAuthPlugin(options) {
+    // Validation
+    if (!options.onSendCode) {
+        throw new Error("OTP Auth Plugin: onSendCode callback is required");
+    }
+    if (!options.onGetUser) {
+        throw new Error("OTP Auth Plugin: onGetUser callback is required");
+    }
+    if (!options.onVerifySuccess) {
+        throw new Error("OTP Auth Plugin: onVerifySuccess callback is required");
+    }
+    // Validate code length
+    var codeLength = options.codeLength || 6;
+    if (codeLength < 4 || codeLength > 8) {
+        throw new Error("OTP Auth Plugin: codeLength must be between 4 and 8");
+    }
+    // Validate code TTL
+    var codeTTL = options.codeTTL || 300;
+    if (codeTTL < 30 || codeTTL > 3600) {
+        flink_1.log.warn("OTP Auth Plugin: codeTTL should be between 30 and 3600 seconds for security");
+    }
+    // Validate max attempts
+    var maxAttempts = options.maxAttempts || 3;
+    if (maxAttempts < 1 || maxAttempts > 10) {
+        throw new Error("OTP Auth Plugin: maxAttempts must be between 1 and 10");
+    }
+    var flinkApp;
+    var sessionRepo;
+    /**
+     * Plugin initialization
+     */
+    function init(app, db) {
+        return __awaiter(this, void 0, void 0, function () {
+            var collectionName, keepSessionsSec, error_1;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        flink_1.log.info("Initializing OTP Auth Plugin...");
+                        flinkApp = app;
+                        _a.label = 1;
+                    case 1:
+                        _a.trys.push([1, 3, , 4]);
+                        if (!db) {
+                            throw new Error("OTP Auth Plugin: Database connection is required");
+                        }
+                        collectionName = options.otpSessionsCollectionName || "otp_sessions";
+                        sessionRepo = new OtpSessionRepo_1.default(collectionName, db);
+                        flinkApp.addRepo("otpSessionRepo", sessionRepo);
+                        keepSessionsSec = options.keepSessionsSec || 86400;
+                        return [4 /*yield*/, sessionRepo.ensureExpiringIndex(keepSessionsSec)];
+                    case 2:
+                        _a.sent();
+                        // Register OTP handlers
+                        // Only register handlers if registerRoutes is enabled (default: true)
+                        if (options.registerRoutes !== false) {
+                            flinkApp.addHandler(PostOtpInitiate);
+                            flinkApp.addHandler(PostOtpVerify);
+                            flink_1.log.info("OTP Auth Plugin: Registered HTTP endpoints");
+                        }
+                        flink_1.log.info("OTP Auth Plugin initialized (codeLength: ".concat(codeLength, ", codeTTL: ").concat(codeTTL, "s, maxAttempts: ").concat(maxAttempts, ")"));
+                        return [3 /*break*/, 4];
+                    case 3:
+                        error_1 = _a.sent();
+                        flink_1.log.error("Failed to initialize OTP Auth Plugin:", error_1);
+                        throw error_1;
+                    case 4: return [2 /*return*/];
+                }
+            });
+        });
+    }
+    /**
+     * Plugin context exposed via ctx.plugins.otpAuth
+     */
+    var pluginCtx = {
+        options: Object.freeze(__assign({}, options)),
+        initiate: function (initiateOptions) { return (0, initiate_1.initiate)(flinkApp.ctx, initiateOptions); },
+        verify: function (verifyOptions) { return (0, verify_1.verify)(flinkApp.ctx, verifyOptions); },
+    };
+    return {
+        id: "otpAuth",
+        db: {
+            useHostDb: true,
+        },
+        ctx: pluginCtx,
+        init: init,
+    };
+}
+exports.otpAuthPlugin = otpAuthPlugin;

package/dist/OtpAuthPluginContext.d.ts

@@ -0,0 +1,10 @@
+import { OtpAuthPluginOptions } from "./OtpAuthPluginOptions";
+import { InitiateOptions, InitiateResponse } from "./functions/initiate";
+import { VerifyOptions, VerifyResponse } from "./functions/verify";
+export interface OtpAuthPluginContext {
+    otpAuth: {
+        options: OtpAuthPluginOptions;
+        initiate: (options: InitiateOptions) => Promise<InitiateResponse>;
+        verify: (options: VerifyOptions) => Promise<VerifyResponse>;
+    };
+}

package/dist/OtpAuthPluginContext.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/OtpAuthPluginOptions.d.ts

@@ -0,0 +1,112 @@
+export interface AuthSuccessCallbackResponse {
+    user: any;
+    token: string;
+}
+export interface OtpAuthPluginOptions {
+    /**
+     * Number of digits in the OTP code (4-8).
+     * Default is 6.
+     */
+    codeLength?: number;
+    /**
+     * How long the OTP code is valid in seconds.
+     * Default is 300 (5 minutes).
+     */
+    codeTTL?: number;
+    /**
+     * Maximum number of verification attempts before session is locked.
+     * Default is 3.
+     */
+    maxAttempts?: number;
+    /**
+     * Callback to send the OTP code via SMS or email.
+     * Should return true if sending succeeded, false otherwise.
+     *
+     * @param code - The OTP code to send
+     * @param identifier - The user identifier (phone number or email)
+     * @param method - The delivery method ('sms' or 'email')
+     * @param payload - Optional custom payload from initiation
+     * @returns Promise that resolves to true if sent successfully
+     *
+     * @example
+     * ```typescript
+     * onSendCode: async (code, identifier, method, payload) => {
+     *   if (method === 'sms') {
+     *     await ctx.plugins.sms.send(identifier, `Your code is: ${code}`);
+     *   } else {
+     *     await ctx.plugins.email.send({
+     *       to: identifier,
+     *       subject: 'Your verification code',
+     *       text: `Your code is: ${code}`
+     *     });
+     *   }
+     *   return true;
+     * }
+     * ```
+     */
+    onSendCode: (code: string, identifier: string, method: "sms" | "email", payload?: Record<string, any>) => Promise<boolean>;
+    /**
+     * Callback to retrieve user by identifier (phone number or email).
+     * Return null if user is not found.
+     *
+     * @param identifier - The user identifier (phone number or email)
+     * @param method - The delivery method ('sms' or 'email')
+     * @param payload - Optional custom payload from initiation
+     * @returns Promise that resolves to user object or null
+     *
+     * @example
+     * ```typescript
+     * onGetUser: async (identifier, method) => {
+     *   if (method === 'sms') {
+     *     return await ctx.repos.userRepo.findOne({ phoneNumber: identifier });
+     *   } else {
+     *     return await ctx.repos.userRepo.findOne({ email: identifier });
+     *   }
+     * }
+     * ```
+     */
+    onGetUser: (identifier: string, method: "sms" | "email", payload?: Record<string, any>) => Promise<any | null>;
+    /**
+     * Callback invoked when OTP verification is successful.
+     * Must return user object and JWT token.
+     *
+     * @param user - The user object returned from onGetUser
+     * @param identifier - The user identifier (phone number or email)
+     * @param method - The delivery method ('sms' or 'email')
+     * @param payload - Optional custom payload from initiation
+     * @returns Promise that resolves to user and token
+     *
+     * @example
+     * ```typescript
+     * onVerifySuccess: async (user, identifier, method, payload) => {
+     *   const token = await ctx.auth.createToken(
+     *     { userId: user._id, email: user.email },
+     *     user.roles
+     *   );
+     *   return { user, token };
+     * }
+     * ```
+     */
+    onVerifySuccess: (user: any, identifier: string, method: "sms" | "email", payload?: Record<string, any>) => Promise<AuthSuccessCallbackResponse>;
+    /**
+     * For how long to keep sessions in database (in seconds).
+     * This is for data retention purposes only.
+     *
+     * An expiring index will be created in the database to automatically
+     * remove old sessions based on this.
+     *
+     * Default is 86400 (24 hours).
+     */
+    keepSessionsSec?: number;
+    /**
+     * The name of the MongoDB collection to use for storing OTP sessions.
+     * Default is "otp_sessions".
+     */
+    otpSessionsCollectionName?: string;
+    /**
+     * Whether to register the default HTTP routes for OTP operations.
+     * If false, you'll need to implement your own handlers using the functions.
+     * Default is true.
+     */
+    registerRoutes?: boolean;
+}

package/dist/OtpAuthPluginOptions.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/OtpInternalContext.d.ts

@@ -0,0 +1,11 @@
+import { FlinkContext } from "@flink-app/flink";
+import { OtpAuthPluginContext } from "./OtpAuthPluginContext";
+import OtpSessionRepo from "./repos/OtpSessionRepo";
+export interface OtpInternalContext extends FlinkContext {
+    plugins: {
+        otpAuth: OtpAuthPluginContext["otpAuth"];
+    };
+    repos: {
+        otpSessionRepo: OtpSessionRepo;
+    };
+}

package/dist/OtpInternalContext.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/functions/initiate.d.ts

@@ -0,0 +1,18 @@
+import { OtpInternalContext } from "../OtpInternalContext";
+export interface InitiateOptions {
+    /** User identifier (phone number or email) */
+    identifier: string;
+    /** Delivery method for the OTP code */
+    method: "sms" | "email";
+    /** Optional custom payload to attach to the session */
+    payload?: Record<string, any>;
+}
+export interface InitiateResponse {
+    /** Unique session ID for this OTP session */
+    sessionId: string;
+    /** When the code expires */
+    expiresAt: Date;
+    /** Time-to-live in seconds */
+    ttl: number;
+}
+export declare function initiate(ctx: OtpInternalContext, options: InitiateOptions): Promise<InitiateResponse>;

package/dist/functions/initiate.js

@@ -0,0 +1,104 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initiate = void 0;
+var flink_1 = require("@flink-app/flink");
+var otp_utils_1 = require("../utils/otp-utils");
+function initiate(ctx, options) {
+    return __awaiter(this, void 0, void 0, function () {
+        var identifier, method, payload, pluginOptions, normalizedIdentifier, codeLength, code, sessionId, codeTTL, expiresAt, session, sent, error_1;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    identifier = options.identifier, method = options.method, payload = options.payload;
+                    pluginOptions = ctx.plugins.otpAuth.options;
+                    // Validate identifier format
+                    if (!(0, otp_utils_1.validateIdentifier)(identifier, method)) {
+                        flink_1.log.warn("Invalid identifier format for method ".concat(method, ": ").concat(identifier));
+                        throw (0, flink_1.badRequest)("Invalid ".concat(method === "email" ? "email address" : "phone number", " format"));
+                    }
+                    normalizedIdentifier = (0, otp_utils_1.normalizeIdentifier)(identifier, method);
+                    codeLength = pluginOptions.codeLength || 6;
+                    if (codeLength < 4 || codeLength > 8) {
+                        throw new Error("OTP code length must be between 4 and 8 digits");
+                    }
+                    code = (0, otp_utils_1.generateOtpCode)(codeLength);
+                    sessionId = (0, otp_utils_1.generateSessionId)();
+                    codeTTL = pluginOptions.codeTTL || 300;
+                    expiresAt = new Date(Date.now() + codeTTL * 1000);
+                    session = {
+                        sessionId: sessionId,
+                        identifier: normalizedIdentifier,
+                        method: method,
+                        code: code,
+                        attempts: 0,
+                        maxAttempts: pluginOptions.maxAttempts || 3,
+                        status: "pending",
+                        createdAt: new Date(),
+                        expiresAt: expiresAt,
+                        payload: payload,
+                    };
+                    return [4 /*yield*/, ctx.repos.otpSessionRepo.createSession(session)];
+                case 1:
+                    _a.sent();
+                    _a.label = 2;
+                case 2:
+                    _a.trys.push([2, 4, , 5]);
+                    return [4 /*yield*/, pluginOptions.onSendCode(code, normalizedIdentifier, method, payload)];
+                case 3:
+                    sent = _a.sent();
+                    if (!sent) {
+                        flink_1.log.error("Failed to send OTP code to ".concat(normalizedIdentifier, " via ").concat(method));
+                        throw new Error("Failed to send verification code");
+                    }
+                    flink_1.log.info("OTP code sent to ".concat(normalizedIdentifier, " via ").concat(method, " (session: ").concat(sessionId, ")"));
+                    return [3 /*break*/, 5];
+                case 4:
+                    error_1 = _a.sent();
+                    flink_1.log.error("Error sending OTP code: ".concat(error_1));
+                    throw new Error("Failed to send verification code");
+                case 5: return [2 /*return*/, {
+                        sessionId: sessionId,
+                        expiresAt: expiresAt,
+                        ttl: codeTTL,
+                    }];
+            }
+        });
+    });
+}
+exports.initiate = initiate;

package/dist/functions/verify.d.ts

@@ -0,0 +1,20 @@
+import { OtpInternalContext } from "../OtpInternalContext";
+export interface VerifyOptions {
+    /** The session ID from the initiate response */
+    sessionId: string;
+    /** The OTP code entered by the user */
+    code: string;
+}
+export interface VerifyResponse {
+    /** Verification status */
+    status: "success" | "invalid_code" | "expired" | "locked" | "not_found";
+    /** JWT token if successful */
+    token?: string;
+    /** User object if successful */
+    user?: any;
+    /** Remaining attempts if code was invalid */
+    remainingAttempts?: number;
+    /** Error message */
+    message?: string;
+}
+export declare function verify(ctx: OtpInternalContext, options: VerifyOptions): Promise<VerifyResponse>;