@mrgnw/anahtar 0.0.6

package/dist/session.js

@@ -0,0 +1,31 @@
+import { sha256 } from '@oslojs/crypto/sha2';
+import { encodeHexLowerCase } from '@oslojs/encoding';
+import { randomBytes } from 'node:crypto';
+export async function createSession(db, userId, config) {
+    const tokenBytes = randomBytes(32);
+    const sessionToken = encodeHexLowerCase(tokenBytes);
+    const tokenHash = encodeHexLowerCase(sha256(tokenBytes));
+    const expiresAt = Date.now() + config.sessionDuration;
+    await db.createSession(tokenHash, userId, expiresAt);
+    return { sessionToken, expiresAt };
+}
+export async function validateSession(db, token) {
+    if (!token || token.length !== 64 || !/^[0-9a-f]+$/.test(token))
+        return null;
+    const tokenBytes = new Uint8Array(token.match(/.{2}/g).map((b) => Number.parseInt(b, 16)));
+    const sessionId = encodeHexLowerCase(sha256(tokenBytes));
+    const row = await db.getSession(sessionId);
+    if (!row)
+        return null;
+    if (row.expiresAt < Date.now()) {
+        await db.deleteSession(sessionId);
+        return null;
+    }
+    return {
+        user: { id: row.userId, email: row.email },
+        session: { id: row.id, expiresAt: row.expiresAt },
+    };
+}
+export async function invalidateSession(db, sessionId) {
+    await db.deleteSession(sessionId);
+}

package/dist/types.d.ts

@@ -0,0 +1,93 @@
+export interface AuthUser {
+    id: string;
+    email: string;
+    skipPasskeyPrompt: boolean;
+    createdAt: number;
+}
+export interface SessionRecord {
+    id: string;
+    userId: string;
+    expiresAt: number;
+}
+export interface OTPRecord {
+    id: string;
+    email: string;
+    code: string;
+    attempts: number;
+    expiresAt: number;
+}
+export interface PasskeyRecord {
+    id: string;
+    credentialId: string;
+    publicKey: Uint8Array;
+    counter: number;
+    transports: string | null;
+    name: string | null;
+    createdAt: number;
+}
+export interface FullPasskeyRecord extends PasskeyRecord {
+    userId: string;
+    email: string;
+}
+export interface NewPasskey {
+    id: string;
+    userId: string;
+    credentialId: string;
+    publicKey: Uint8Array;
+    counter: number;
+    transports: string | null;
+    name: string | null;
+}
+export type OtpResult = {
+    ok: true;
+} | {
+    ok: false;
+    error: 'invalid';
+} | {
+    ok: false;
+    error: 'expired';
+} | {
+    ok: false;
+    error: 'rate_limited';
+    attemptsLeft: number;
+};
+export type MaybePromise<T> = T | Promise<T>;
+export interface AuthDB {
+    init(): MaybePromise<void>;
+    getUserByEmail(email: string): MaybePromise<AuthUser | null>;
+    createUser(email: string): MaybePromise<AuthUser>;
+    setSkipPasskeyPrompt(userId: string, skip: boolean): MaybePromise<void>;
+    createSession(tokenHash: string, userId: string, expiresAt: number): MaybePromise<void>;
+    getSession(tokenHash: string): MaybePromise<(SessionRecord & {
+        email: string;
+    }) | null>;
+    deleteSession(tokenHash: string): MaybePromise<void>;
+    storeOTP(email: string, id: string, code: string, expiresAt: number): MaybePromise<void>;
+    getLatestOTP(email: string): MaybePromise<OTPRecord | null>;
+    updateOTPAttempts(id: string, attempts: number): MaybePromise<void>;
+    deleteOTP(id: string): MaybePromise<void>;
+    deleteOTPsForEmail(email: string): MaybePromise<void>;
+    storeChallenge(challenge: string, userId: string, expiresAt: number): MaybePromise<void>;
+    consumeChallenge(challenge: string): MaybePromise<{
+        userId: string;
+    } | null>;
+    getPasskeyByCredentialId(credentialId: string): MaybePromise<FullPasskeyRecord | null>;
+    getUserPasskeys(userId: string): MaybePromise<PasskeyRecord[]>;
+    storePasskey(passkey: NewPasskey): MaybePromise<void>;
+    updatePasskeyCounter(id: string, counter: number): MaybePromise<void>;
+    deletePasskey(id: string, userId: string): MaybePromise<boolean>;
+}
+export interface AuthConfig {
+    db: AuthDB;
+    tablePrefix?: string;
+    cookie?: string;
+    sessionDuration?: number;
+    otpExpiry?: number;
+    otpLength?: number;
+    otpMaxAttempts?: number;
+    rpName?: string;
+    onSendOTP: (email: string, code: string) => Promise<void>;
+}
+export interface ResolvedConfig extends Required<Omit<AuthConfig, 'onSendOTP'>> {
+    onSendOTP: (email: string, code: string) => Promise<void>;
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,92 @@
+{
+	"name": "@mrgnw/anahtar",
+	"version": "0.0.6",
+	"description": "Opinionated, reusable auth for SvelteKit. Email+OTP + passkeys.",
+	"license": "MIT",
+	"type": "module",
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/mrgnw/anahtar.git"
+	},
+	"publishConfig": {
+		"registry": "https://registry.npmjs.org/",
+		"access": "public"
+	},
+	"scripts": {
+		"build": "svelte-package",
+		"check": "svelte-check --tsconfig ./tsconfig.json",
+		"test": "vitest run --config vitest.unit.ts && vitest run --config vitest.browser.ts",
+		"test:unit": "vitest run --config vitest.unit.ts",
+		"test:browser": "vitest run --config vitest.browser.ts",
+		"prepublishOnly": "pnpm build"
+	},
+	"svelte": "./dist/index.js",
+	"types": "./dist/index.d.ts",
+	"exports": {
+		".": {
+			"types": "./dist/index.d.ts",
+			"svelte": "./dist/index.js",
+			"default": "./dist/index.js"
+		},
+		"./sqlite": {
+			"types": "./dist/db/sqlite.d.ts",
+			"default": "./dist/db/sqlite.js"
+		},
+		"./postgres": {
+			"types": "./dist/db/postgres.d.ts",
+			"default": "./dist/db/postgres.js"
+		},
+		"./d1": {
+			"types": "./dist/db/d1.d.ts",
+			"default": "./dist/db/d1.js"
+		},
+		"./components": {
+			"types": "./dist/components/index.d.ts",
+			"svelte": "./dist/components/index.js",
+			"default": "./dist/components/index.js"
+		}
+	},
+	"files": [
+		"dist",
+		"!dist/**/*.test.*"
+	],
+	"peerDependencies": {
+		"@simplewebauthn/browser": "^13.0.0",
+		"@sveltejs/kit": "^2.0.0",
+		"svelte": "^5.0.0"
+	},
+	"peerDependenciesMeta": {
+		"svelte": {
+			"optional": true
+		},
+		"@simplewebauthn/browser": {
+			"optional": true
+		}
+	},
+	"dependencies": {
+		"@oslojs/crypto": "^1.0.1",
+		"@oslojs/encoding": "^1.1.0",
+		"@simplewebauthn/server": "^13.2.2"
+	},
+	"pnpm": {
+		"onlyBuiltDependencies": [
+			"better-sqlite3"
+		]
+	},
+	"devDependencies": {
+		"@simplewebauthn/browser": "^13.2.2",
+		"@sveltejs/kit": "^2.31.1",
+		"@sveltejs/package": "^2.3.7",
+		"@sveltejs/vite-plugin-svelte": "^6.2.4",
+		"@testing-library/jest-dom": "^6.9.1",
+		"@testing-library/svelte": "^5.3.1",
+		"@testing-library/user-event": "^14.6.1",
+		"@types/better-sqlite3": "^7.6.13",
+		"better-sqlite3": "^12.6.2",
+		"happy-dom": "^20.6.1",
+		"svelte": "^5.38.1",
+		"svelte-check": "^4.3.1",
+		"typescript": "^5.9.2",
+		"vitest": "^3.2.1"
+	}
+}