@happyvertical/auth 0.74.8

package/dist/chunks/index-BpsMhFXS.js

@@ -0,0 +1,151 @@
+import { NotImplementedError } from "../index.js";
+class NostrProvider {
+  options;
+  constructor(options) {
+    this.options = {
+      challengeExpiration: 300,
+      // 5 minutes
+      relayTimeout: 1e4,
+      // 10 seconds
+      ...options,
+      // Ensure relays has a default if not provided
+      relays: options.relays?.length ? options.relays : ["wss://relay.damus.io", "wss://nos.lol", "wss://relay.nostr.band"]
+    };
+  }
+  // ---------------------------------------------------------------------------
+  // AUTHENTICATION FLOWS
+  // ---------------------------------------------------------------------------
+  async getAuthorizationUrl(_options) {
+    throw new NotImplementedError("getAuthorizationUrl", "nostr");
+  }
+  async exchangeCode(_params) {
+    throw new NotImplementedError("exchangeCode", "nostr");
+  }
+  async authenticate(_credentials) {
+    throw new NotImplementedError("authenticate", "nostr");
+  }
+  async refresh(_refreshToken) {
+    throw new NotImplementedError("refresh", "nostr", {
+      reason: "NIP-98 tokens are ephemeral. Generate a new token for each request."
+    });
+  }
+  async logout(_options) {
+    throw new NotImplementedError("logout", "nostr");
+  }
+  // ---------------------------------------------------------------------------
+  // TOKEN OPERATIONS
+  // ---------------------------------------------------------------------------
+  async validateToken(_token, _options) {
+    throw new NotImplementedError("validateToken", "nostr");
+  }
+  decodeToken(_token) {
+    throw new NotImplementedError("decodeToken", "nostr");
+  }
+  async introspectToken(_token) {
+    throw new NotImplementedError("introspectToken", "nostr");
+  }
+  // ---------------------------------------------------------------------------
+  // USER OPERATIONS
+  // ---------------------------------------------------------------------------
+  async getProfile(_tokenOrSession) {
+    throw new NotImplementedError("getProfile", "nostr");
+  }
+  async updateProfile(_tokenOrSession, _profile) {
+    throw new NotImplementedError("updateProfile", "nostr");
+  }
+  async getUser(_userId, _adminToken) {
+    throw new NotImplementedError("getUser", "nostr");
+  }
+  async createUser(_user, _adminToken) {
+    throw new NotImplementedError("createUser", "nostr", {
+      reason: 'Nostr users self-create by generating a keypair. Use authenticate({ method: "generate" }).'
+    });
+  }
+  async updateUser(_userId, _updates, _adminToken) {
+    throw new NotImplementedError("updateUser", "nostr", {
+      reason: "Nostr is decentralized. Users can only update their own profile."
+    });
+  }
+  async deleteUser(_userId, _adminToken) {
+    throw new NotImplementedError("deleteUser", "nostr", {
+      reason: "Nostr identities cannot be deleted. The keypair remains valid forever. To abandon an identity, stop using the keypair."
+    });
+  }
+  async listUsers(_query, _adminToken) {
+    throw new NotImplementedError("listUsers", "nostr");
+  }
+  async requestPasswordReset(_email) {
+    throw new NotImplementedError("requestPasswordReset", "nostr", {
+      reason: "Nostr uses keypairs, not passwords. There is no password to reset."
+    });
+  }
+  async resetPassword(_token, _newPassword) {
+    throw new NotImplementedError("resetPassword", "nostr", {
+      reason: "Nostr uses keypairs, not passwords. There is no password to reset."
+    });
+  }
+  // ---------------------------------------------------------------------------
+  // SESSION OPERATIONS
+  // ---------------------------------------------------------------------------
+  async listSessions(_userId, _adminToken) {
+    throw new NotImplementedError("listSessions", "nostr");
+  }
+  async revokeSession(_sessionId, _adminToken) {
+    throw new NotImplementedError("revokeSession", "nostr");
+  }
+  async revokeAllSessions(_userId, _adminToken) {
+    throw new NotImplementedError("revokeAllSessions", "nostr");
+  }
+  // ---------------------------------------------------------------------------
+  // AUTHORIZATION
+  // ---------------------------------------------------------------------------
+  async hasRole(_tokenOrUserId, _role) {
+    throw new NotImplementedError("hasRole", "nostr");
+  }
+  async hasPermission(_tokenOrUserId, _permission, _resource) {
+    throw new NotImplementedError("hasPermission", "nostr");
+  }
+  async getRoles(_tokenOrUserId, _adminToken) {
+    throw new NotImplementedError("getRoles", "nostr");
+  }
+  async assignRole(_userId, _role, _adminToken) {
+    throw new NotImplementedError("assignRole", "nostr");
+  }
+  async removeRole(_userId, _role, _adminToken) {
+    throw new NotImplementedError("removeRole", "nostr");
+  }
+  // ---------------------------------------------------------------------------
+  // PROVIDER INFORMATION
+  // ---------------------------------------------------------------------------
+  async getCapabilities() {
+    return {
+      authorizationCode: false,
+      // Uses challenge-response instead
+      passwordGrant: false,
+      // Uses keypair instead
+      clientCredentials: false,
+      tokenRefresh: false,
+      // NIP-98 tokens are ephemeral
+      oidc: false,
+      userManagement: false,
+      // Decentralized - users self-manage
+      sessionManagement: false,
+      // Client-side only
+      rbac: !!this.options.roleStore,
+      // Only if roleStore configured
+      passwordReset: false,
+      // No passwords
+      mfa: false,
+      socialLogin: false,
+      federation: false,
+      decentralized: true
+    };
+  }
+  async getDiscoveryDocument() {
+    return null;
+  }
+}
+export {
+  NostrProvider
+};
+//# sourceMappingURL=index-BpsMhFXS.js.map

package/dist/chunks/index-BpsMhFXS.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-BpsMhFXS.js","sources":["../../src/shared/providers/nostr/index.ts"],"sourcesContent":["/**\n * Nostr Provider - Public Key Identity Authentication\n *\n * This is a stub implementation. The full implementation will be added in Phase 4.\n *\n * Nostr authentication uses public key cryptography:\n * - Identity = public key (npub)\n * - Authentication = proving private key ownership via signatures\n * - Tokens = NIP-98 signed events\n * - Profiles = kind:0 events from relays\n */\n\nimport { NotImplementedError } from '../../errors.js';\nimport type {\n  AuthCapabilities,\n  AuthCredentials,\n  AuthInterface,\n  AuthorizationOptions,\n  AuthorizationResult,\n  AuthResult,\n  CodeExchangeParams,\n  CreateUserRequest,\n  LogoutOptions,\n  NostrOptions,\n  OIDCDiscoveryDocument,\n  Session,\n  TokenClaims,\n  TokenIntrospection,\n  TokenPayload,\n  TokenValidationOptions,\n  UserListResult,\n  UserProfile,\n  UserQuery,\n} from '../../types.js';\n\n/**\n * Nostr authentication provider.\n *\n * Implements public key identity authentication using the Nostr protocol.\n * Maps Nostr concepts to OAuth-like interface:\n *\n * | Concept        | OAuth/OIDC           | Nostr                          |\n * |---------------|----------------------|--------------------------------|\n * | Identity      | Server user ID       | Public key (npub)              |\n * | Authentication| Password             | Signature (private key proof)  |\n * | Tokens        | JWT                  | NIP-98 signed events           |\n * | Profiles      | Userinfo endpoint    | kind:0 events from relays      |\n * | Sessions      | Server-side          | Client-side keypair reference  |\n */\nexport class NostrProvider implements AuthInterface {\n  private options: NostrOptions;\n\n  constructor(options: NostrOptions) {\n    this.options = {\n      challengeExpiration: 300, // 5 minutes\n      relayTimeout: 10000, // 10 seconds\n      ...options,\n      // Ensure relays has a default if not provided\n      relays: options.relays?.length\n        ? options.relays\n        : ['wss://relay.damus.io', 'wss://nos.lol', 'wss://relay.nostr.band'],\n    };\n  }\n\n  // ---------------------------------------------------------------------------\n  // AUTHENTICATION FLOWS\n  // ---------------------------------------------------------------------------\n\n  async getAuthorizationUrl(\n    _options?: AuthorizationOptions,\n  ): Promise<AuthorizationResult> {\n    throw new NotImplementedError('getAuthorizationUrl', 'nostr');\n  }\n\n  async exchangeCode(_params: CodeExchangeParams): Promise<AuthResult> {\n    throw new NotImplementedError('exchangeCode', 'nostr');\n  }\n\n  async authenticate(_credentials: AuthCredentials): Promise<AuthResult> {\n    throw new NotImplementedError('authenticate', 'nostr');\n  }\n\n  async refresh(_refreshToken: string): Promise<AuthResult> {\n    // Nostr tokens (NIP-98 events) are ephemeral and cannot be refreshed\n    throw new NotImplementedError('refresh', 'nostr', {\n      reason:\n        'NIP-98 tokens are ephemeral. Generate a new token for each request.',\n    });\n  }\n\n  async logout(_options?: LogoutOptions): Promise<void> {\n    throw new NotImplementedError('logout', 'nostr');\n  }\n\n  // ---------------------------------------------------------------------------\n  // TOKEN OPERATIONS\n  // ---------------------------------------------------------------------------\n\n  async validateToken(\n    _token: string,\n    _options?: TokenValidationOptions,\n  ): Promise<TokenClaims | null> {\n    throw new NotImplementedError('validateToken', 'nostr');\n  }\n\n  decodeToken(_token: string): TokenPayload {\n    throw new NotImplementedError('decodeToken', 'nostr');\n  }\n\n  async introspectToken(_token: string): Promise<TokenIntrospection> {\n    throw new NotImplementedError('introspectToken', 'nostr');\n  }\n\n  // ---------------------------------------------------------------------------\n  // USER OPERATIONS\n  // ---------------------------------------------------------------------------\n\n  async getProfile(_tokenOrSession: string): Promise<UserProfile> {\n    throw new NotImplementedError('getProfile', 'nostr');\n  }\n\n  async updateProfile(\n    _tokenOrSession: string,\n    _profile: Partial<UserProfile>,\n  ): Promise<UserProfile> {\n    throw new NotImplementedError('updateProfile', 'nostr');\n  }\n\n  async getUser(_userId: string, _adminToken?: string): Promise<UserProfile> {\n    throw new NotImplementedError('getUser', 'nostr');\n  }\n\n  async createUser(\n    _user: CreateUserRequest,\n    _adminToken: string,\n  ): Promise<UserProfile> {\n    // Nostr users create their own identity by generating a keypair\n    throw new NotImplementedError('createUser', 'nostr', {\n      reason:\n        'Nostr users self-create by generating a keypair. Use authenticate({ method: \"generate\" }).',\n    });\n  }\n\n  async updateUser(\n    _userId: string,\n    _updates: Partial<CreateUserRequest>,\n    _adminToken: string,\n  ): Promise<UserProfile> {\n    // Can only update own profile via updateProfile\n    throw new NotImplementedError('updateUser', 'nostr', {\n      reason:\n        'Nostr is decentralized. Users can only update their own profile.',\n    });\n  }\n\n  async deleteUser(_userId: string, _adminToken: string): Promise<void> {\n    // Nostr identities cannot be deleted - they are cryptographic keys\n    throw new NotImplementedError('deleteUser', 'nostr', {\n      reason:\n        'Nostr identities cannot be deleted. The keypair remains valid forever. ' +\n        'To abandon an identity, stop using the keypair.',\n    });\n  }\n\n  async listUsers(\n    _query: UserQuery,\n    _adminToken?: string,\n  ): Promise<UserListResult> {\n    throw new NotImplementedError('listUsers', 'nostr');\n  }\n\n  async requestPasswordReset(_email: string): Promise<void> {\n    // Nostr has no passwords - identity is based on keypairs\n    throw new NotImplementedError('requestPasswordReset', 'nostr', {\n      reason:\n        'Nostr uses keypairs, not passwords. There is no password to reset.',\n    });\n  }\n\n  async resetPassword(_token: string, _newPassword: string): Promise<void> {\n    throw new NotImplementedError('resetPassword', 'nostr', {\n      reason:\n        'Nostr uses keypairs, not passwords. There is no password to reset.',\n    });\n  }\n\n  // ---------------------------------------------------------------------------\n  // SESSION OPERATIONS\n  // ---------------------------------------------------------------------------\n\n  async listSessions(\n    _userId: string,\n    _adminToken?: string,\n  ): Promise<Session[]> {\n    throw new NotImplementedError('listSessions', 'nostr');\n  }\n\n  async revokeSession(_sessionId: string, _adminToken?: string): Promise<void> {\n    throw new NotImplementedError('revokeSession', 'nostr');\n  }\n\n  async revokeAllSessions(\n    _userId: string,\n    _adminToken?: string,\n  ): Promise<void> {\n    throw new NotImplementedError('revokeAllSessions', 'nostr');\n  }\n\n  // ---------------------------------------------------------------------------\n  // AUTHORIZATION\n  // ---------------------------------------------------------------------------\n\n  async hasRole(_tokenOrUserId: string, _role: string): Promise<boolean> {\n    throw new NotImplementedError('hasRole', 'nostr');\n  }\n\n  async hasPermission(\n    _tokenOrUserId: string,\n    _permission: string,\n    _resource?: string,\n  ): Promise<boolean> {\n    throw new NotImplementedError('hasPermission', 'nostr');\n  }\n\n  async getRoles(\n    _tokenOrUserId: string,\n    _adminToken?: string,\n  ): Promise<string[]> {\n    throw new NotImplementedError('getRoles', 'nostr');\n  }\n\n  async assignRole(\n    _userId: string,\n    _role: string,\n    _adminToken: string,\n  ): Promise<void> {\n    throw new NotImplementedError('assignRole', 'nostr');\n  }\n\n  async removeRole(\n    _userId: string,\n    _role: string,\n    _adminToken: string,\n  ): Promise<void> {\n    throw new NotImplementedError('removeRole', 'nostr');\n  }\n\n  // ---------------------------------------------------------------------------\n  // PROVIDER INFORMATION\n  // ---------------------------------------------------------------------------\n\n  async getCapabilities(): Promise<AuthCapabilities> {\n    return {\n      authorizationCode: false, // Uses challenge-response instead\n      passwordGrant: false, // Uses keypair instead\n      clientCredentials: false,\n      tokenRefresh: false, // NIP-98 tokens are ephemeral\n      oidc: false,\n      userManagement: false, // Decentralized - users self-manage\n      sessionManagement: false, // Client-side only\n      rbac: !!this.options.roleStore, // Only if roleStore configured\n      passwordReset: false, // No passwords\n      mfa: false,\n      socialLogin: false,\n      federation: false,\n      decentralized: true,\n    };\n  }\n\n  async getDiscoveryDocument(): Promise<OIDCDiscoveryDocument | null> {\n    // Nostr is not OIDC-based\n    return null;\n  }\n}\n"],"names":[],"mappings":";AAiDO,MAAM,cAAuC;AAAA,EAC1C;AAAA,EAER,YAAY,SAAuB;AACjC,SAAK,UAAU;AAAA,MACb,qBAAqB;AAAA;AAAA,MACrB,cAAc;AAAA;AAAA,MACd,GAAG;AAAA;AAAA,MAEH,QAAQ,QAAQ,QAAQ,SACpB,QAAQ,SACR,CAAC,wBAAwB,iBAAiB,wBAAwB;AAAA,IAAA;AAAA,EAE1E;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,oBACJ,UAC8B;AAC9B,UAAM,IAAI,oBAAoB,uBAAuB,OAAO;AAAA,EAC9D;AAAA,EAEA,MAAM,aAAa,SAAkD;AACnE,UAAM,IAAI,oBAAoB,gBAAgB,OAAO;AAAA,EACvD;AAAA,EAEA,MAAM,aAAa,cAAoD;AACrE,UAAM,IAAI,oBAAoB,gBAAgB,OAAO;AAAA,EACvD;AAAA,EAEA,MAAM,QAAQ,eAA4C;AAExD,UAAM,IAAI,oBAAoB,WAAW,SAAS;AAAA,MAChD,QACE;AAAA,IAAA,CACH;AAAA,EACH;AAAA,EAEA,MAAM,OAAO,UAAyC;AACpD,UAAM,IAAI,oBAAoB,UAAU,OAAO;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,cACJ,QACA,UAC6B;AAC7B,UAAM,IAAI,oBAAoB,iBAAiB,OAAO;AAAA,EACxD;AAAA,EAEA,YAAY,QAA8B;AACxC,UAAM,IAAI,oBAAoB,eAAe,OAAO;AAAA,EACtD;AAAA,EAEA,MAAM,gBAAgB,QAA6C;AACjE,UAAM,IAAI,oBAAoB,mBAAmB,OAAO;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAAW,iBAA+C;AAC9D,UAAM,IAAI,oBAAoB,cAAc,OAAO;AAAA,EACrD;AAAA,EAEA,MAAM,cACJ,iBACA,UACsB;AACtB,UAAM,IAAI,oBAAoB,iBAAiB,OAAO;AAAA,EACxD;AAAA,EAEA,MAAM,QAAQ,SAAiB,aAA4C;AACzE,UAAM,IAAI,oBAAoB,WAAW,OAAO;AAAA,EAClD;AAAA,EAEA,MAAM,WACJ,OACA,aACsB;AAEtB,UAAM,IAAI,oBAAoB,cAAc,SAAS;AAAA,MACnD,QACE;AAAA,IAAA,CACH;AAAA,EACH;AAAA,EAEA,MAAM,WACJ,SACA,UACA,aACsB;AAEtB,UAAM,IAAI,oBAAoB,cAAc,SAAS;AAAA,MACnD,QACE;AAAA,IAAA,CACH;AAAA,EACH;AAAA,EAEA,MAAM,WAAW,SAAiB,aAAoC;AAEpE,UAAM,IAAI,oBAAoB,cAAc,SAAS;AAAA,MACnD,QACE;AAAA,IAAA,CAEH;AAAA,EACH;AAAA,EAEA,MAAM,UACJ,QACA,aACyB;AACzB,UAAM,IAAI,oBAAoB,aAAa,OAAO;AAAA,EACpD;AAAA,EAEA,MAAM,qBAAqB,QAA+B;AAExD,UAAM,IAAI,oBAAoB,wBAAwB,SAAS;AAAA,MAC7D,QACE;AAAA,IAAA,CACH;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,QAAgB,cAAqC;AACvE,UAAM,IAAI,oBAAoB,iBAAiB,SAAS;AAAA,MACtD,QACE;AAAA,IAAA,CACH;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,aACJ,SACA,aACoB;AACpB,UAAM,IAAI,oBAAoB,gBAAgB,OAAO;AAAA,EACvD;AAAA,EAEA,MAAM,cAAc,YAAoB,aAAqC;AAC3E,UAAM,IAAI,oBAAoB,iBAAiB,OAAO;AAAA,EACxD;AAAA,EAEA,MAAM,kBACJ,SACA,aACe;AACf,UAAM,IAAI,oBAAoB,qBAAqB,OAAO;AAAA,EAC5D;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,QAAQ,gBAAwB,OAAiC;AACrE,UAAM,IAAI,oBAAoB,WAAW,OAAO;AAAA,EAClD;AAAA,EAEA,MAAM,cACJ,gBACA,aACA,WACkB;AAClB,UAAM,IAAI,oBAAoB,iBAAiB,OAAO;AAAA,EACxD;AAAA,EAEA,MAAM,SACJ,gBACA,aACmB;AACnB,UAAM,IAAI,oBAAoB,YAAY,OAAO;AAAA,EACnD;AAAA,EAEA,MAAM,WACJ,SACA,OACA,aACe;AACf,UAAM,IAAI,oBAAoB,cAAc,OAAO;AAAA,EACrD;AAAA,EAEA,MAAM,WACJ,SACA,OACA,aACe;AACf,UAAM,IAAI,oBAAoB,cAAc,OAAO;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAA6C;AACjD,WAAO;AAAA,MACL,mBAAmB;AAAA;AAAA,MACnB,eAAe;AAAA;AAAA,MACf,mBAAmB;AAAA,MACnB,cAAc;AAAA;AAAA,MACd,MAAM;AAAA,MACN,gBAAgB;AAAA;AAAA,MAChB,mBAAmB;AAAA;AAAA,MACnB,MAAM,CAAC,CAAC,KAAK,QAAQ;AAAA;AAAA,MACrB,eAAe;AAAA;AAAA,MACf,KAAK;AAAA,MACL,aAAa;AAAA,MACb,YAAY;AAAA,MACZ,eAAe;AAAA,IAAA;AAAA,EAEnB;AAAA,EAEA,MAAM,uBAA8D;AAElE,WAAO;AAAA,EACT;AACF;"}