@logto/core-kit 2.0.0 → 2.1.0

package/LICENSE

@@ -1,9 +1,3 @@
-Portions of this software are licensed as follows:
-
-* All content that resides under the "packages/cloud" directory of this repository, if that directory exists, is licensed under the license defined in "packages/cloud/LICENSE" (Elastic-2.0).
-* All third party components incorporated into this software are licensed under the original license provided by the owner of the applicable component.
-* Content outside of the above mentioned directories or restrictions above is available under the "MPL-2.0" license as defined below.
-
 Mozilla Public License Version 2.0
 ==================================
 

package/lib/http.d.ts

@@ -0,0 +1 @@
+export declare const httpCodeToMessage: Record<number, string>;

package/lib/http.js

@@ -0,0 +1,44 @@
+export const httpCodeToMessage = Object.freeze({
+    200: 'OK',
+    201: 'Created',
+    202: 'Accepted',
+    203: 'Non-Authoritative Information',
+    204: 'No Content',
+    205: 'Reset Content',
+    206: 'Partial Content',
+    300: 'Multiple Choices',
+    301: 'Moved Permanently',
+    302: 'Found',
+    303: 'See Other',
+    304: 'Not Modified',
+    305: 'Use Proxy',
+    306: 'Unused',
+    307: 'Temporary Redirect',
+    400: 'Bad Request',
+    401: 'Unauthorized',
+    402: 'Payment Required',
+    403: 'Forbidden',
+    404: 'Not Found',
+    405: 'Method Not Allowed',
+    406: 'Not Acceptable',
+    407: 'Proxy Authentication Required',
+    408: 'Request Timeout',
+    409: 'Conflict',
+    410: 'Gone',
+    411: 'Length Required',
+    412: 'Precondition Required',
+    413: 'Request Entry Too Large',
+    414: 'Request-URI Too Long',
+    415: 'Unsupported Media Type',
+    416: 'Requested Range Not Satisfiable',
+    417: 'Expectation Failed',
+    418: "I'm a teapot",
+    422: 'Unprocessable Content',
+    429: 'Too Many Requests',
+    500: 'Internal Server Error',
+    501: 'Not Implemented',
+    502: 'Bad Gateway',
+    503: 'Service Unavailable',
+    504: 'Gateway Timeout',
+    505: 'HTTP Version Not Supported',
+});

package/lib/index.d.ts

@@ -2,3 +2,5 @@ export * from './utils/index.js';
 export * from './regex.js';
 export * from './scope.js';
 export * from './models/index.js';
+export * from './http.js';
+export * from './password-policy.js';

package/lib/index.js

@@ -2,3 +2,5 @@ export * from './utils/index.js';
 export * from './regex.js';
 export * from './scope.js';
 export * from './models/index.js';
+export * from './http.js';
+export * from './password-policy.js';

package/lib/password-policy.d.ts

@@ -0,0 +1,226 @@
+import { type DeepPartial } from '@silverhand/essentials';
+import { z } from 'zod';
+/** Password policy configuration type. */
+export type PasswordPolicy = {
+    /** Policy about password length. */
+    length: {
+        /** Minimum password length. */
+        min: number;
+        /** Maximum password length. */
+        max: number;
+    };
+    /**
+     * Policy about password character types. Four types of characters are supported:
+     *
+     * - Lowercase letters (a-z).
+     * - Uppercase letters (A-Z).
+     * - Digits (0-9).
+     * - Symbols ({@link PasswordPolicyChecker.symbols}).
+     */
+    characterTypes: {
+        /** Minimum number of character types. Range: 1-4. */
+        min: number;
+    };
+    /** Policy about what passwords to reject. */
+    rejects: {
+        /** Whether to reject passwords that are pwned. */
+        pwned: boolean;
+        /** Whether to reject passwords that like '123456' or 'aaaaaa'. */
+        repetitionAndSequence: boolean;
+        /** Whether to reject passwords that include current user information. */
+        userInfo: boolean;
+        /** Whether to reject passwords that include specific words. */
+        words: string[];
+    };
+};
+/** Password policy configuration guard. */
+export declare const passwordPolicyGuard: z.ZodObject<{
+    length: z.ZodDefault<z.ZodObject<{
+        min: z.ZodDefault<z.ZodNumber>;
+        max: z.ZodDefault<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        min: number;
+        max: number;
+    }, {
+        min?: number | undefined;
+        max?: number | undefined;
+    }>>;
+    characterTypes: z.ZodDefault<z.ZodObject<{
+        min: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    }, "strip", z.ZodTypeAny, {
+        min: number;
+    }, {
+        min?: number | undefined;
+    }>>;
+    rejects: z.ZodDefault<z.ZodObject<{
+        pwned: z.ZodDefault<z.ZodBoolean>;
+        repetitionAndSequence: z.ZodDefault<z.ZodBoolean>;
+        userInfo: z.ZodDefault<z.ZodBoolean>;
+        words: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    }, "strip", z.ZodTypeAny, {
+        pwned: boolean;
+        repetitionAndSequence: boolean;
+        userInfo: boolean;
+        words: string[];
+    }, {
+        pwned?: boolean | undefined;
+        repetitionAndSequence?: boolean | undefined;
+        userInfo?: boolean | undefined;
+        words?: string[] | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    length: {
+        min: number;
+        max: number;
+    };
+    characterTypes: {
+        min: number;
+    };
+    rejects: {
+        pwned: boolean;
+        repetitionAndSequence: boolean;
+        userInfo: boolean;
+        words: string[];
+    };
+}, {
+    length?: {
+        min?: number | undefined;
+        max?: number | undefined;
+    } | undefined;
+    characterTypes?: {
+        min?: number | undefined;
+    } | undefined;
+    rejects?: {
+        pwned?: boolean | undefined;
+        repetitionAndSequence?: boolean | undefined;
+        userInfo?: boolean | undefined;
+        words?: string[] | undefined;
+    } | undefined;
+}>;
+/** The code of why a password is rejected. */
+export type PasswordRejectionCode = 'too_short' | 'too_long' | 'character_types' | 'unsupported_characters' | 'pwned' | 'restricted.repetition' | 'restricted.sequence' | 'restricted.user_info' | 'restricted.words';
+/** A password issue that does not meet the policy. */
+export type PasswordIssue<Code extends PasswordRejectionCode = PasswordRejectionCode> = {
+    /** Issue code. */
+    code: `password_rejected.${Code}`;
+    /** Interpolation data for the issue message. */
+    interpolation?: Record<string, unknown>;
+};
+/** User information to check. */
+export type UserInfo = Partial<{
+    name: string;
+    username: string;
+    email: string;
+    phoneNumber: string;
+}>;
+/**
+ * The class for checking if a password meets the policy. The policy is defined as
+ * {@link PasswordPolicy}.
+ *
+ * @example
+ * ```ts
+ * const checker = new PasswordPolicyChecker({
+ *   length: { min: 8, max: 256 },
+ *   characterTypes: { min: 2 },
+ *   rejects: { pwned: true, repetitionAndSequence: true, words: [] },
+ * });
+ *
+ * const issues = await checker.check('123456');
+ * console.log(issues);
+ * // [
+ * //   { code: 'password_rejected.too_short' },
+ * //   { code: 'password_rejected.character_types', interpolation: { min: 2 } },
+ * //   { code: 'password_rejected.pwned' },
+ * //   { code: 'password_rejected.restricted.sequence' },
+ * // ]
+ * ```
+ */
+export declare class PasswordPolicyChecker {
+    /** The Web Crypto API to use. By default, the global `crypto.subtle` will be used. */
+    protected readonly subtle: SubtleCrypto;
+    static symbols: "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~ ";
+    /** A set of characters that are considered as sequential. */
+    static sequence: readonly ["0123456789", "abcdefghijklmnopqrstuvwxyz", "qwertyuiop", "asdfghjkl", "zxcvbnm", "1qaz", "2wsx", "3edc", "4rfv", "5tgb", "6yhn", "7ujm", "8ik", "9ol"];
+    /** The length threshold for checking repetition and sequence. */
+    static repetitionAndSequenceThreshold: 3;
+    /**
+     * If the password contains more than such number of characters that are not
+     * in the restricted phrases, it will be accepted.
+     */
+    static restrictedPhrasesTolerance: 3;
+    /** Get the length threshold for checking restricted phrases. */
+    protected static getRestrictedPhraseThreshold(password: string): number;
+    readonly policy: PasswordPolicy;
+    constructor(policy: DeepPartial<PasswordPolicy>, 
+    /** The Web Crypto API to use. By default, the global `crypto.subtle` will be used. */
+    subtle?: SubtleCrypto);
+    /**
+     * Check if a password meets all the policy requirements.
+     *
+     * @param password - Password to check.
+     * @param userInfo - User information to check. Required if the policy
+     * requires to reject passwords that include user information.
+     * @returns An array of issues. If the password meets the policy, an empty array will be returned.
+     * @throws TypeError - If the policy requires to reject passwords that include user information
+     * but the user information is not provided.
+     */
+    check(password: string, userInfo?: UserInfo): Promise<PasswordIssue[]>;
+    /**
+     * Perform a fast check to see if the password passes the basic requirements.
+     * Only the length and character types will be checked.
+     *
+     * This method is used for frontend validation.
+     *
+     * @param password - Password to check.
+     * @returns Whether the password passes the basic requirements.
+     */
+    fastCheck(password: string): PasswordIssue<PasswordRejectionCode>[];
+    /**
+     * Check if the given password contains enough character types.
+     *
+     * @param password - Password to check.
+     * @returns Whether the password contains enough character types; or `'unsupported'`
+     * if the password contains unsupported characters.
+     */
+    checkCharTypes(password: string): boolean | 'unsupported';
+    /**
+     * Check if the given password has been pwned.
+     *
+     * @param password - Password to check.
+     * @returns Whether the password has been pwned.
+     */
+    hasBeenPwned(password: string): Promise<boolean>;
+    /**
+     * Get the length of the repetition at the beginning of the given string.
+     * For example, `repetitionLength('aaaaa')` will return `5`.
+     *
+     * If the length is less than {@link PasswordPolicyChecker.repetitionAndSequenceThreshold},
+     * `0` will be returned.
+     */
+    repetitionLength(password: string): number;
+    /**
+     * Get the length of the user information at the beginning of the given string.
+     * For example, `userInfoLength('silverhand', { username: 'silverhand' })` will return `10`.
+     *
+     * For multiple matches, the longest length will be returned.
+     */
+    userInfoLength(password: string, userInfo: UserInfo): number;
+    /**
+     * Get the length of the word that matches the word list at the beginning of the given string.
+     *
+     * For multiple matches, the longest length will be returned.
+     */
+    wordLength(password: string): number;
+    /**
+     * Get the length of the sequence at the beginning of the given string.
+     * For example, `sequenceLength('12345')` will return `5`.
+     *
+     * If the length is less than {@link PasswordPolicyChecker.repetitionAndSequenceThreshold},
+     * `0` will be returned.
+     */
+    sequenceLength(password: string): number;
+    /**
+     * Check if the given string is sequential by iterating through the {@link PasswordPolicyChecker.sequence}.
+     */
+    protected isSequential(value: string): boolean;
+}

package/lib/password-policy.js

@@ -0,0 +1,359 @@
+import { z } from 'zod';
+/** Password policy configuration guard. */
+export const passwordPolicyGuard = z.object({
+    length: z
+        .object({
+        min: z.number().int().min(1).default(8),
+        max: z.number().int().min(1).default(256),
+    })
+        .default({}),
+    characterTypes: z
+        .object({
+        min: z.number().int().min(1).max(4).optional().default(1),
+    })
+        .default({}),
+    rejects: z
+        .object({
+        pwned: z.boolean().default(true),
+        repetitionAndSequence: z.boolean().default(true),
+        userInfo: z.boolean().default(true),
+        words: z.string().array().default([]),
+    })
+        .default({}),
+});
+/**
+ * The class for checking if a password meets the policy. The policy is defined as
+ * {@link PasswordPolicy}.
+ *
+ * @example
+ * ```ts
+ * const checker = new PasswordPolicyChecker({
+ *   length: { min: 8, max: 256 },
+ *   characterTypes: { min: 2 },
+ *   rejects: { pwned: true, repetitionAndSequence: true, words: [] },
+ * });
+ *
+ * const issues = await checker.check('123456');
+ * console.log(issues);
+ * // [
+ * //   { code: 'password_rejected.too_short' },
+ * //   { code: 'password_rejected.character_types', interpolation: { min: 2 } },
+ * //   { code: 'password_rejected.pwned' },
+ * //   { code: 'password_rejected.restricted.sequence' },
+ * // ]
+ * ```
+ */
+class PasswordPolicyChecker {
+    static { this.symbols = Object.freeze('!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~ '); }
+    /** A set of characters that are considered as sequential. */
+    static { this.sequence = Object.freeze([
+        '0123456789',
+        'abcdefghijklmnopqrstuvwxyz',
+        'qwertyuiop',
+        'asdfghjkl',
+        'zxcvbnm',
+        '1qaz',
+        '2wsx',
+        '3edc',
+        '4rfv',
+        '5tgb',
+        '6yhn',
+        '7ujm',
+        '8ik',
+        '9ol',
+    ]); }
+    /** The length threshold for checking repetition and sequence. */
+    static { this.repetitionAndSequenceThreshold = 3; }
+    /**
+     * If the password contains more than such number of characters that are not
+     * in the restricted phrases, it will be accepted.
+     */
+    static { this.restrictedPhrasesTolerance = 3; }
+    /** Get the length threshold for checking restricted phrases. */
+    static getRestrictedPhraseThreshold(password) {
+        const { restrictedPhrasesTolerance } = PasswordPolicyChecker;
+        return Math.max(1, password.length - restrictedPhrasesTolerance);
+    }
+    constructor(policy, 
+    /** The Web Crypto API to use. By default, the global `crypto.subtle` will be used. */
+    subtle = crypto.subtle) {
+        this.subtle = subtle;
+        this.policy = passwordPolicyGuard.parse(policy);
+    }
+    /**
+     * Check if a password meets all the policy requirements.
+     *
+     * @param password - Password to check.
+     * @param userInfo - User information to check. Required if the policy
+     * requires to reject passwords that include user information.
+     * @returns An array of issues. If the password meets the policy, an empty array will be returned.
+     * @throws TypeError - If the policy requires to reject passwords that include user information
+     * but the user information is not provided.
+     */
+    /* eslint-disable @silverhand/fp/no-let, @silverhand/fp/no-mutation, @silverhand/fp/no-mutating-methods */
+    async check(password, userInfo) {
+        const issues = this.fastCheck(password);
+        if (this.policy.rejects.pwned && (await this.hasBeenPwned(password))) {
+            issues.push({
+                code: 'password_rejected.pwned',
+            });
+        }
+        // `hashArray[i]` indicates whether the `i`th character violates the restriction.
+        // We'll gradually set the value to `1` if needed.
+        // The algorithm time complexity should be O(n^2), but it's fast enough for a password.
+        const hashArray = Array.from({ length: password.length }).fill(0);
+        const issueCodes = new Set();
+        const { repetitionAndSequence, words, userInfo: rejectUserInfo } = this.policy.rejects;
+        const rejectWords = words.length > 0;
+        const fillHashArray = (startIndex, length, code) => {
+            if (length <= 0) {
+                return;
+            }
+            for (let i = startIndex; i < startIndex + length; i += 1) {
+                hashArray[i] = 1;
+            }
+            issueCodes.add(code);
+        };
+        for (let i = 0; i < password.length; i += 1) {
+            const sliced = password.slice(i);
+            if (repetitionAndSequence) {
+                fillHashArray(i, this.repetitionLength(sliced), 'restricted.repetition');
+                fillHashArray(i, this.sequenceLength(sliced), 'restricted.sequence');
+            }
+            if (rejectWords) {
+                fillHashArray(i, this.wordLength(sliced), 'restricted.words');
+            }
+            if (rejectUserInfo) {
+                if (!userInfo) {
+                    throw new TypeError('User information data is required to check user information.');
+                }
+                fillHashArray(i, this.userInfoLength(sliced, userInfo), 'restricted.user_info');
+            }
+        }
+        return hashArray.reduce((total, current) => total + current, 0) >
+            PasswordPolicyChecker.getRestrictedPhraseThreshold(password)
+            ? [
+                ...issues,
+                ...[...issueCodes].map((code) => ({ code: `password_rejected.${code}` })),
+            ]
+            : issues;
+    }
+    /* eslint-enable @silverhand/fp/no-let, @silverhand/fp/no-mutation, @silverhand/fp/no-mutating-methods */
+    /**
+     * Perform a fast check to see if the password passes the basic requirements.
+     * Only the length and character types will be checked.
+     *
+     * This method is used for frontend validation.
+     *
+     * @param password - Password to check.
+     * @returns Whether the password passes the basic requirements.
+     */
+    /* eslint-disable @silverhand/fp/no-mutating-methods */
+    fastCheck(password) {
+        const issues = [];
+        if (password.length < this.policy.length.min) {
+            issues.push({
+                code: 'password_rejected.too_short',
+                interpolation: { min: this.policy.length.min },
+            });
+        }
+        else if (password.length > this.policy.length.max) {
+            issues.push({
+                code: 'password_rejected.too_long',
+                interpolation: { max: this.policy.length.max },
+            });
+        }
+        const characterTypes = this.checkCharTypes(password);
+        if (characterTypes === 'unsupported') {
+            issues.push({
+                code: 'password_rejected.unsupported_characters',
+            });
+        }
+        else if (!characterTypes) {
+            issues.push({
+                code: 'password_rejected.character_types',
+                interpolation: { min: this.policy.characterTypes.min },
+            });
+        }
+        return issues;
+    }
+    /* eslint-enable @silverhand/fp/no-mutating-methods */
+    /**
+     * Check if the given password contains enough character types.
+     *
+     * @param password - Password to check.
+     * @returns Whether the password contains enough character types; or `'unsupported'`
+     * if the password contains unsupported characters.
+     */
+    checkCharTypes(password) {
+        const characterTypes = new Set();
+        for (const char of password) {
+            if (char >= 'a' && char <= 'z') {
+                characterTypes.add('lowercase');
+            }
+            else if (char >= 'A' && char <= 'Z') {
+                characterTypes.add('uppercase');
+            }
+            else if (char >= '0' && char <= '9') {
+                characterTypes.add('digits');
+            }
+            else if (PasswordPolicyChecker.symbols.includes(char)) {
+                characterTypes.add('symbols');
+            }
+            else {
+                return 'unsupported';
+            }
+        }
+        return characterTypes.size >= this.policy.characterTypes.min;
+    }
+    /**
+     * Check if the given password has been pwned.
+     *
+     * @param password - Password to check.
+     * @returns Whether the password has been pwned.
+     */
+    async hasBeenPwned(password) {
+        const hash = await this.subtle.digest('SHA-1', new TextEncoder().encode(password));
+        const hashHex = Array.from(new Uint8Array(hash))
+            .map((binary) => binary.toString(16).padStart(2, '0'))
+            .join('');
+        const hashPrefix = hashHex.slice(0, 5);
+        const hashSuffix = hashHex.slice(5);
+        const response = await fetch(`https://api.pwnedpasswords.com/range/${hashPrefix}`);
+        const text = await response.text();
+        const hashes = text.split('\n');
+        const found = hashes.some((hex) => hex.toLowerCase().startsWith(hashSuffix));
+        return found;
+    }
+    /**
+     * Get the length of the repetition at the beginning of the given string.
+     * For example, `repetitionLength('aaaaa')` will return `5`.
+     *
+     * If the length is less than {@link PasswordPolicyChecker.repetitionAndSequenceThreshold},
+     * `0` will be returned.
+     */
+    /* eslint-disable @silverhand/fp/no-let, @silverhand/fp/no-mutation */
+    repetitionLength(password) {
+        const { repetitionAndSequenceThreshold } = PasswordPolicyChecker;
+        const firstChar = password[0];
+        let length = 0;
+        if (firstChar === undefined) {
+            return 0;
+        }
+        for (const char of password) {
+            if (char === firstChar) {
+                length += 1;
+            }
+            else {
+                break;
+            }
+        }
+        return length >= repetitionAndSequenceThreshold ? length : 0;
+    }
+    /* eslint-enable @silverhand/fp/no-let, @silverhand/fp/no-mutation */
+    /**
+     * Get the length of the user information at the beginning of the given string.
+     * For example, `userInfoLength('silverhand', { username: 'silverhand' })` will return `10`.
+     *
+     * For multiple matches, the longest length will be returned.
+     */
+    // eslint-disable-next-line complexity
+    userInfoLength(password, userInfo) {
+        const lowercased = password.toLowerCase();
+        const { name, username, email, phoneNumber } = userInfo;
+        // eslint-disable-next-line @silverhand/fp/no-let
+        let length = 0;
+        const updateLength = (newLength) => {
+            if (newLength > length) {
+                // eslint-disable-next-line @silverhand/fp/no-mutation
+                length = newLength;
+            }
+        };
+        if (name) {
+            const joined = name.replaceAll(/\s+/g, '');
+            // The original name should be the longest string, so we check it first.
+            if (lowercased.startsWith(name.toLowerCase())) {
+                updateLength(name.length);
+            }
+            else {
+                if (lowercased.startsWith(joined.toLowerCase())) {
+                    updateLength(joined.length);
+                }
+                for (const word of name.split(' ')) {
+                    if (lowercased.startsWith(word.toLowerCase())) {
+                        updateLength(word.length);
+                    }
+                }
+            }
+        }
+        if (username && lowercased.startsWith(username.toLowerCase())) {
+            updateLength(username.length);
+        }
+        if (email) {
+            const emailPrefix = email.split('@')[0];
+            if (emailPrefix && lowercased.startsWith(emailPrefix.toLowerCase())) {
+                updateLength(emailPrefix.length);
+            }
+        }
+        if (phoneNumber && lowercased.startsWith(phoneNumber)) {
+            updateLength(phoneNumber.length);
+        }
+        return length;
+    }
+    /**
+     * Get the length of the word that matches the word list at the beginning of the given string.
+     *
+     * For multiple matches, the longest length will be returned.
+     */
+    /* eslint-disable @silverhand/fp/no-let, @silverhand/fp/no-mutation */
+    wordLength(password) {
+        const sliced = password.toLowerCase();
+        let length = 0;
+        for (const word of this.policy.rejects.words) {
+            if (sliced.startsWith(word.toLowerCase()) && word.length > length) {
+                length = word.length;
+            }
+        }
+        return length;
+    }
+    /* eslint-enable @silverhand/fp/no-let, @silverhand/fp/no-mutation */
+    /**
+     * Get the length of the sequence at the beginning of the given string.
+     * For example, `sequenceLength('12345')` will return `5`.
+     *
+     * If the length is less than {@link PasswordPolicyChecker.repetitionAndSequenceThreshold},
+     * `0` will be returned.
+     */
+    /* eslint-disable @silverhand/fp/no-let, @silverhand/fp/no-mutation */
+    sequenceLength(password) {
+        const { repetitionAndSequenceThreshold } = PasswordPolicyChecker;
+        let value = '';
+        let length = 0;
+        for (const char of password) {
+            if (!value || this.isSequential(value + char)) {
+                value += char;
+                length += 1;
+            }
+            else {
+                break;
+            }
+        }
+        return length >= repetitionAndSequenceThreshold ? length : 0;
+    }
+    /* eslint-enable @silverhand/fp/no-let, @silverhand/fp/no-mutation */
+    /**
+     * Check if the given string is sequential by iterating through the {@link PasswordPolicyChecker.sequence}.
+     */
+    isSequential(value) {
+        const { sequence } = PasswordPolicyChecker;
+        for (const seq of sequence) {
+            // eslint-disable-next-line @silverhand/fp/no-mutating-methods -- created a new array before mutating
+            const reversedSeq = [...seq].reverse().join('');
+            if ([seq, reversedSeq, seq.toUpperCase(), reversedSeq.toUpperCase()].some((item) => item.includes(value))) {
+                return true;
+            }
+        }
+        return false;
+    }
+}
+export { PasswordPolicyChecker };

package/lib/regex.d.ts

@@ -7,4 +7,3 @@ export declare const mobileUriSchemeProtocolRegEx: RegExp;
 export declare const hexColorRegEx: RegExp;
 export declare const dateRegex: RegExp;
 export declare const noSpaceRegEx: RegExp;
-export declare const passwordRegEx: RegExp;

package/lib/regex.js

@@ -3,12 +3,7 @@ export const phoneRegEx = /^\d+$/;
 export const phoneInputRegEx = /^\+?[\d-( )]+$/;
 export const usernameRegEx = /^[A-Z_a-z]\w*$/;
 export const webRedirectUriProtocolRegEx = /^https?:$/;
-export const mobileUriSchemeProtocolRegEx = /^[a-z][\d_a-z]*(\.[\d_a-z]+)+:$/;
+export const mobileUriSchemeProtocolRegEx = /^[a-z][\d+_a-z-]*(\.[\d+_a-z-]+)+:$/;
 export const hexColorRegEx = /^#[\da-f]{3}([\da-f]{3})?$/i;
 export const dateRegex = /^\d{4}(-\d{2}){2}/;
 export const noSpaceRegEx = /^\S+$/;
-const atLeastOneDigitAndOneLetters = /(?=.*\d)(?=.*[A-Za-z])/;
-const atLeastOneDigitAndOneSpecialChar = /(?=.*\d)(?=.*[!"#$%&'()*+,./:;<=>?@[\]^_`{|}~-])/;
-const atLeastOneLetterAndOneSpecialChar = /(?=.*[A-Za-z])(?=.*[!"#$%&'()*+,./:;<=>?@[\]^_`{|}~-])/;
-const allowedChars = /[\w!"#$%&'()*+,./:;<=>?@[\]^`{|}~-]{8,}/;
-export const passwordRegEx = new RegExp(`^(${atLeastOneDigitAndOneLetters.source}|${atLeastOneDigitAndOneSpecialChar.source}|${atLeastOneLetterAndOneSpecialChar.source})${allowedChars.source}$`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/core-kit",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "homepage": "https://github.com/logto-io/toolkit#readme",
   "repository": {
@@ -11,9 +11,13 @@
   "type": "module",
   "main": "./lib/index.js",
   "exports": {
-    "default": "./lib/index.js",
-    "types": "./lib/index.d.ts",
-    "import": "./lib/index.js"
+    ".": {
+      "default": "./lib/index.js",
+      "types": "./lib/index.d.ts",
+      "import": "./lib/index.js"
+    },
+    "./declaration": "./declaration/index.ts",
+    "./scss/*": "./scss/*.scss"
   },
   "types": "./lib/index.d.ts",
   "files": [
@@ -26,7 +30,7 @@
   },
   "dependencies": {
     "@logto/language-kit": "^1.0.0",
-    "@logto/shared": "^2.0.0",
+    "@logto/shared": "^2.0.1",
     "color": "^4.2.3"
   },
   "optionalDependencies": {
@@ -34,19 +38,19 @@
   },
   "devDependencies": {
     "@jest/types": "^29.0.3",
-    "@silverhand/eslint-config": "3.0.1",
-    "@silverhand/essentials": "^2.5.0",
-    "@silverhand/ts-config": "3.0.0",
-    "@silverhand/ts-config-react": "3.0.0",
+    "@silverhand/eslint-config": "4.0.1",
+    "@silverhand/essentials": "^2.8.4",
+    "@silverhand/ts-config": "4.0.0",
+    "@silverhand/ts-config-react": "4.0.0",
     "@types/color": "^3.0.3",
     "@types/jest": "^29.4.0",
     "@types/node": "^18.11.18",
     "@types/react": "^18.0.31",
-    "eslint": "^8.34.0",
+    "eslint": "^8.44.0",
     "jest": "^29.5.0",
-    "lint-staged": "^13.0.0",
+    "lint-staged": "^14.0.0",
     "postcss": "^8.4.6",
-    "prettier": "^2.8.2",
+    "prettier": "^3.0.0",
     "stylelint": "^15.0.0",
     "tslib": "^2.4.1",
     "typescript": "^5.0.0"

package/scss/_console-themes.scss

@@ -105,10 +105,15 @@
   --color-tertiary-container: var(--color-tertiary-90);
   --color-on-tertiary-container: var(--color-tertiary-10);
   --color-error: var(--color-error-40);
-  --color-on-error: var(--color-all-100);
-  --color-error-container: var(--color-error-90);
-  --color-on-error-container: var(--color-error-10);
-  --color-alert-container: var(--color-alert-99);
+  --color-error-hover: var(--color-error-50);
+  --color-error-container: var(--color-error-95);
+  --color-on-error-container: var(--color-error-50);
+  --color-alert-container: var(--color-alert-95);
+  --color-on-alert-container: var(--color-alert-70);
+  --color-success-container: var(--color-success-99);
+  --color-on-success-container: var(--color-success-70);
+  --color-info-container: var(--color-neutral-variant-90);
+  --color-on-info-container: var(--color-neutral-variant-60);
   --color-background: var(--color-neutral-99);
   --color-on-background: var(--color-neutral-10);
   --color-surface: var(--color-neutral-99);
@@ -150,6 +155,9 @@
   --color-hover-variant: rgba(93, 52, 242, 8%); // 8% Primary-40
   --color-pressed-variant: rgba(93, 52, 242, 12%); // 12% Primary-40
   --color-focused-variant: rgba(93, 52, 242, 16%); // 16% Primary-40
+  --color-env-tag-development: rgba(93, 52, 242, 15%);
+  --color-env-tag-staging: rgba(255, 185, 90, 35%);
+  --color-env-tag-production: rgba(131, 218, 133, 35%);
 
   // Shadows
   --shadow-1: 0 4px 8px rgba(0, 0, 0, 8%);
@@ -169,6 +177,21 @@
   --color-guide-dropdown-background: var(--color-white);
   --color-guide-dropdown-border: var(--color-border);
   --color-skeleton-shimmer-rgb: 255, 255, 255; // rgb of Layer-1
+  --color-specific-tag-upsell: var(--color-primary-50);
+
+  // Background
+  --color-bg-body-base: var(--color-neutral-95);
+  --color-bg-body: var(--color-neutral-100);
+  --color-bg-layer-1: var(--color-static-white);
+  --color-bg-layer-2: var(--color-neutral-95);
+  --color-bg-body-overlay: var(--color-neutral-100);
+  --color-bg-float-base: var(--color-neutral-variant-90);
+  --color-bg-float: var(--color-neutral-100);
+  --color-bg-float-overlay: var(--color-neutral-100);
+  --color-bg-mask: rgba(0, 0, 0, 40%); // 4% --color-neutral-0
+  --color-bg-toast: var(--color-neutral-20);
+  --color-bg-state-unselected: var(--color-neutral-90);
+  --color-bg-state-disabled: rgba(25, 28, 29, 8%); // 8% --color-neutral-10
 }
 
 @mixin dark {
@@ -278,10 +301,15 @@
   --color-tertiary-container: var(--color-tertiary-90);
   --color-on-tertiary-container: var(--color-tertiary-30);
   --color-error: var(--color-error-70);
-  --color-on-error: var(--color-all-0);
-  --color-error-container: var(--color-error-90);
-  --color-on-error-container: var(--color-error-30);
+  --color-error-hover: var(--color-error-60);
+  --color-error-container: var(--color-error-95);
+  --color-on-error-container: var(--color-error-70);
   --color-alert-container: var(--color-alert-90);
+  --color-on-alert-container: var(--color-alert-60);
+  --color-success-container: var(--color-success-90);
+  --color-on-success-container: var(--color-success-60);
+  --color-info-container: var(--color-neutral-variant-90);
+  --color-on-info-container: var(--color-neutral-variant-70);
   --color-background: var(--color-neutral-99);
   --color-on-background: var(--color-neutral-10);
   --color-surface: var(--color-neutral-99);
@@ -323,6 +351,9 @@
   --color-hover-variant: rgba(202, 190, 255, 8%); // 8% Primary-40
   --color-pressed-variant: rgba(202, 190, 255, 12%); // 12% Primary-40
   --color-focused-variant: rgba(202, 190, 255, 16%); // 16% Primary-40
+  --color-env-tag-development: rgba(202, 190, 255, 32%);
+  --color-env-tag-staging: rgba(235, 153, 24, 36%);
+  --color-env-tag-production: rgba(104, 190, 108, 36%);
 
   // Shadows
   --shadow-1: 0 4px 8px rgba(0, 0, 0, 8%);
@@ -337,9 +368,27 @@
   --color-danger-focused: rgba(255, 180, 169, 16%); // 16% Error-40
   --color-tooltip-background: var(--color-surface-4);
   --color-tooltip-text: var(--color-neutral-10);
-  --color-overlay: rgba(0, 0, 0, 30%);
+  --color-overlay: rgba(0, 0, 0, 70%); // 70% Neutral-100
   --color-drawer-overlay: rgba(0, 0, 0, 60%);
   --color-guide-dropdown-background: var(--color-neutral-variant-80);
   --color-guide-dropdown-border: var(--color-neutral-variant-70);
   --color-skeleton-shimmer-rgb: 42, 44, 50; // rgb of Layer-1
+  --color-specific-tag-upsell: var(--color-primary-70);
+
+  // Background
+  --color-bg-body-base: var(--color-neutral-100);
+  --color-bg-body: var(--color-surface);
+  --color-bg-body-overlay: var(--color-surface-2);
+  --color-bg-layer-1:
+    linear-gradient(0deg, rgba(202, 190, 255, 8%), rgba(202, 190, 255, 8%)),
+    linear-gradient(0deg, rgba(196, 199, 199, 2%), rgba(196, 199, 199, 2%)),
+    #191c1d;
+  --color-bg-layer-2: var(--color-surface-4);
+  --color-bg-float-base: var(--color-neutral-100);
+  --color-bg-float: var(--color-surface-3);
+  --color-bg-float-overlay: var(--color-surface-4);
+  --color-bg-mask: rgba(0, 0, 0, 60%); // 60% --color-neutral-100;
+  --color-bg-toast: var(--color-neutral-80);
+  --color-bg-state-unselected: var(--color-neutral-90);
+  --color-bg-state-disabled: rgba(247, 248, 248, 8%); // 8% --color-neutral-10
 }

package/scss/_fonts.scss

@@ -12,6 +12,9 @@ $font-family:
 
 :root {
   --font-family: #{$font-family};
+  --font-display-1: 700 48/56px #{$font-family};
+  --font-display-2: 700 40px/48px #{$font-family};
+  --font-display-3: 700 32px/40px #{$font-family};
   --font-headline-1: 600 32px/40px #{$font-family};
   --font-headline-2: 600 28px/36px #{$font-family};
   --font-headline-3: 600 24px/32px #{$font-family};
@@ -21,6 +24,7 @@ $font-family:
   --font-label-1: 500 16px/24px #{$font-family};
   --font-label-2: 500 14px/20px #{$font-family};
   --font-label-3: 500 12px/16px #{$font-family};
+  --font-body-0: 400 18px/26px #{$font-family};
   --font-body-1: 400 16px/24px #{$font-family};
   --font-body-2: 400 14px/20px #{$font-family};
   --font-body-3: 400 12px/16px #{$font-family};