@mrgnw/anahtar 0.0.12 → 0.0.14

package/dist/kit/handlers.js

@@ -1,8 +1,8 @@
-import { json } from '@sveltejs/kit';
-import { generateOTP, verifyOTP } from '../otp.js';
-import { generateAuthenticationChallenge, generateRegistrationChallenge, removePasskey, verifyAuthenticationResponse, verifyRegistrationResponse } from '../passkey.js';
-import { createSession, invalidateSession, validateSession } from '../session.js';
-import { resolveMessages, detectLocaleServer } from '../i18n/index.js';
+import { json } from "@sveltejs/kit";
+import { generateOTP, verifyOTP } from "../otp.js";
+import { generateAuthenticationChallenge, generateAuthenticationChallengeForUser, generateRegistrationChallenge, removePasskey, verifyAuthenticationResponse, verifyRegistrationResponse, } from "../passkey.js";
+import { createSession, invalidateSession, validateSession, } from "../session.js";
+import { resolveMessages, detectLocaleServer, } from "../i18n/index.js";
 const SESSION_MAX_AGE_SECONDS = 30 * 24 * 60 * 60;
 function getMessages(event, config) {
     const locale = config.locale ?? detectLocaleServer(event.request);
@@ -19,32 +19,36 @@ export function createHandlers(config) {
     function cookieOpts(event) {
         return {
             httpOnly: true,
-            secure: event.url.protocol === 'https:',
-            sameSite: 'lax',
-            path: '/',
-            maxAge
+            secure: event.url.protocol === "https:",
+            sameSite: "lax",
+            path: "/",
+            maxAge,
         };
     }
     const routes = {
         start: {
-            method: 'POST',
+            method: "POST",
             handler: async (event) => {
                 const m = getMessages(event, config);
                 const body = await event.request.json().catch(() => null);
-                if (!body || typeof body.email !== 'string' || !body.email.includes('@')) {
+                if (!body ||
+                    typeof body.email !== "string" ||
+                    !body.email.includes("@")) {
                     return json({ error: m.errorInvalidEmail }, { status: 400 });
                 }
                 const { code } = await generateOTP(config.db, body.email, config);
                 await config.onSendOTP(body.email, code);
                 return json({ success: true });
-            }
+            },
         },
         verify: {
-            method: 'POST',
+            method: "POST",
             handler: async (event) => {
                 const m = getMessages(event, config);
                 const body = await event.request.json().catch(() => null);
-                if (!body || typeof body.email !== 'string' || typeof body.code !== 'string') {
+                if (!body ||
+                    typeof body.email !== "string" ||
+                    typeof body.code !== "string") {
                     return json({ error: m.errorInvalidInput }, { status: 400 });
                 }
                 const otp = await verifyOTP(config.db, body.email, body.code, config);
@@ -54,7 +58,7 @@ export function createHandlers(config) {
                         expired: m.errorCodeExpired,
                         rate_limited: m.errorTooManyAttempts,
                     };
-                    return json({ error: messages[otp.error] }, { status: otp.error === 'rate_limited' ? 429 : 400 });
+                    return json({ error: messages[otp.error] }, { status: otp.error === "rate_limited" ? 429 : 400 });
                 }
                 let user = await config.db.getUserByEmail(body.email);
                 if (!user) {
@@ -66,12 +70,12 @@ export function createHandlers(config) {
                 return json({
                     user: { id: user.id, email: user.email },
                     hasPasskey: passkeys.length > 0,
-                    skipPasskeyPrompt: user.skipPasskeyPrompt
+                    skipPasskeyPrompt: user.skipPasskeyPrompt,
                 });
-            }
+            },
         },
         logout: {
-            method: 'POST',
+            method: "POST",
             handler: async (event) => {
                 const token = event.cookies.get(config.cookie);
                 if (token) {
@@ -79,20 +83,31 @@ export function createHandlers(config) {
                     if (result) {
                         await invalidateSession(config.db, result.session.id);
                     }
-                    event.cookies.delete(config.cookie, { path: '/' });
+                    event.cookies.delete(config.cookie, { path: "/" });
                 }
                 return json({ ok: true });
-            }
+            },
         },
-        'passkey/login-start': {
-            method: 'GET',
+        "passkey/login-start": {
+            method: "GET",
             handler: async (event) => {
                 const options = await generateAuthenticationChallenge(config.db, event.url);
                 return json(options);
-            }
+            },
+        },
+        "passkey/check-email": {
+            method: "POST",
+            handler: async (event) => {
+                const body = await event.request.json().catch(() => null);
+                const email = body?.email;
+                if (!email || typeof email !== "string")
+                    return json({ allowCredentials: [] });
+                const options = await generateAuthenticationChallengeForUser(config.db, email, event.url);
+                return json(options);
+            },
         },
-        'passkey/login-finish': {
-            method: 'POST',
+        "passkey/login-finish": {
+            method: "POST",
             handler: async (event) => {
                 const m = getMessages(event, config);
                 const body = await event.request.json().catch(() => null);
@@ -104,10 +119,10 @@ export function createHandlers(config) {
                 const session = await createSession(config.db, result.user.id, config);
                 event.cookies.set(config.cookie, session.sessionToken, cookieOpts(event));
                 return json({ user: result.user });
-            }
+            },
         },
-        'passkey/register-start': {
-            method: 'POST',
+        "passkey/register-start": {
+            method: "POST",
             handler: async (event) => {
                 const m = getMessages(event, config);
                 const user = requireAuth(event, m);
@@ -115,10 +130,10 @@ export function createHandlers(config) {
                     return user;
                 const options = await generateRegistrationChallenge(config.db, user, event.url, config);
                 return json(options);
-            }
+            },
         },
-        'passkey/register-finish': {
-            method: 'POST',
+        "passkey/register-finish": {
+            method: "POST",
             handler: async (event) => {
                 const m = getMessages(event, config);
                 const user = requireAuth(event, m);
@@ -128,34 +143,34 @@ export function createHandlers(config) {
                 if (!body)
                     return json({ error: m.errorInvalidInput }, { status: 400 });
                 const { name, ...response } = body;
-                const passkeyName = typeof name === 'string' && name.trim() ? name.trim() : null;
+                const passkeyName = typeof name === "string" && name.trim() ? name.trim() : null;
                 const result = await verifyRegistrationResponse(config.db, user.id, response, event.url, passkeyName);
                 if (!result.ok) {
-                    console.error('register-finish failed:', result.reason);
+                    console.error("register-finish failed:", result.reason);
                     return json({ error: m.errorPasskeyRegFailed, reason: result.reason }, { status: 400 });
                 }
                 return json({ success: true });
-            }
+            },
         },
-        'passkey/remove': {
-            method: 'POST',
+        "passkey/remove": {
+            method: "POST",
             handler: async (event) => {
                 const m = getMessages(event, config);
                 const user = requireAuth(event, m);
                 if (user instanceof Response)
                     return user;
                 const body = await event.request.json().catch(() => null);
-                if (!body || typeof body.passkeyId !== 'string') {
+                if (!body || typeof body.passkeyId !== "string") {
                     return json({ error: m.errorInvalidInput }, { status: 400 });
                 }
                 const success = await removePasskey(config.db, body.passkeyId, user.id);
                 if (!success)
                     return json({ error: m.errorPasskeyNotFound }, { status: 404 });
                 return json({ success: true });
-            }
+            },
         },
-        'skip-passkey': {
-            method: 'POST',
+        "skip-passkey": {
+            method: "POST",
             handler: async (event) => {
                 const m = getMessages(event, config);
                 const user = requireAuth(event, m);
@@ -163,12 +178,12 @@ export function createHandlers(config) {
                     return user;
                 await config.db.setSkipPasskeyPrompt(user.id, true);
                 return json({ success: true });
-            }
-        }
+            },
+        },
     };
     function getRoute(event) {
         const path = event.params.path;
-        if (typeof path === 'string')
+        if (typeof path === "string")
             return path;
         return null;
     }
@@ -179,7 +194,7 @@ export function createHandlers(config) {
             if (!path)
                 return json({ error: m.errorNotFound }, { status: 404 });
             const route = routes[path];
-            if (!route || route.method !== 'GET') {
+            if (!route || route.method !== "GET") {
                 return json({ error: m.errorNotFound }, { status: 404 });
             }
             return route.handler(event);
@@ -190,10 +205,10 @@ export function createHandlers(config) {
             if (!path)
                 return json({ error: m.errorNotFound }, { status: 404 });
             const route = routes[path];
-            if (!route || route.method !== 'POST') {
+            if (!route || route.method !== "POST") {
                 return json({ error: m.errorNotFound }, { status: 404 });
             }
             return route.handler(event);
-        }
+        },
     };
 }

package/dist/passkey.d.ts

@@ -14,6 +14,7 @@ export declare function verifyRegistrationResponse(db: AuthDB, userId: string, r
     ok: false;
     reason: string;
 }>;
+export declare function generateAuthenticationChallengeForUser(db: AuthDB, email: string, requestUrl: URL): Promise<import("@simplewebauthn/server").PublicKeyCredentialRequestOptionsJSON>;
 export declare function generateAuthenticationChallenge(db: AuthDB, requestUrl: URL): Promise<import("@simplewebauthn/server").PublicKeyCredentialRequestOptionsJSON>;
 export declare function verifyAuthenticationResponse(db: AuthDB, response: AuthenticationResponseJSON, requestUrl: URL): Promise<{
     user: {

package/dist/passkey.js

@@ -81,6 +81,28 @@ export async function verifyRegistrationResponse(db, userId, response, requestUr
         return { ok: false, reason: `verification threw: ${e}` };
     }
 }
+export async function generateAuthenticationChallengeForUser(db, email, requestUrl) {
+    const { rpID } = getWebAuthnConfig(requestUrl);
+    const user = await db.getUserByEmail(email);
+    if (!user)
+        return generateAuthenticationChallenge(db, requestUrl);
+    const passkeys = await db.getUserPasskeys(user.id);
+    if (passkeys.length === 0)
+        return generateAuthenticationChallenge(db, requestUrl);
+    const allowCredentials = passkeys.map((pk) => ({
+        id: pk.credentialId,
+        transports: pk.transports
+            ? JSON.parse(pk.transports)
+            : undefined,
+    }));
+    const options = await generateAuthenticationOptions({
+        rpID,
+        allowCredentials,
+        userVerification: "preferred",
+    });
+    await db.storeChallenge(options.challenge, user.id, Date.now() + CHALLENGE_EXPIRY_MS);
+    return options;
+}
 export async function generateAuthenticationChallenge(db, requestUrl) {
     const { rpID } = getWebAuthnConfig(requestUrl);
     const options = await generateAuthenticationOptions({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mrgnw/anahtar",
-  "version": "0.0.12",
+  "version": "0.0.14",
   "description": "Opinionated, reusable auth for SvelteKit. Email+OTP + passkeys.",
   "license": "MIT",
   "type": "module",