@originals/auth 1.8.0 → 1.8.2

package/dist/client/turnkey-did-signer.d.ts

@@ -1,58 +0,0 @@
-/**
- * Turnkey DID Signer Adapter
- * Adapts Turnkey signing to work with didwebvh-ts signer interface
- * Uses @turnkey/sdk-server for all Turnkey operations (no viem/ethers dependency)
- */
-import { Turnkey } from '@turnkey/sdk-server';
-import type { TurnkeyWalletAccount } from '../types';
-interface SigningInput {
-    document: Record<string, unknown>;
-    proof: Record<string, unknown>;
-}
-interface SigningOutput {
-    proofValue: string;
-}
-/**
- * Signer that uses Turnkey for signing DID documents
- * Compatible with didwebvh-ts signer interface
- */
-export declare class TurnkeyDIDSigner {
-    private turnkeyClient;
-    private signWith;
-    private subOrgId;
-    private publicKeyMultibase;
-    private onExpired?;
-    constructor(turnkeyClient: Turnkey, signWith: string, subOrgId: string, publicKeyMultibase: string, onExpired?: () => void);
-    /**
-     * Sign the document and proof using Turnkey
-     */
-    sign(input: SigningInput): Promise<SigningOutput>;
-    /**
-     * Get the verification method ID for this signer
-     */
-    getVerificationMethodId(): string;
-    /**
-     * Verify a signature
-     */
-    verify(signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array): Promise<boolean>;
-}
-/**
- * Create a DID:WebVH using OriginalsSDK.createDIDOriginal() with Turnkey signing
- */
-export declare function createDIDWithTurnkey(params: {
-    turnkeyClient: Turnkey;
-    updateKeyAccount: TurnkeyWalletAccount;
-    subOrgId: string;
-    authKeyPublic: string;
-    assertionKeyPublic: string;
-    updateKeyPublic: string;
-    domain: string;
-    slug: string;
-    onExpired?: () => void;
-}): Promise<{
-    did: string;
-    didDocument: unknown;
-    didLog: unknown;
-}>;
-export {};
-//# sourceMappingURL=turnkey-did-signer.d.ts.map

package/dist/client/turnkey-did-signer.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"turnkey-did-signer.d.ts","sourceRoot":"","sources":["../../src/client/turnkey-did-signer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAE9C,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAGrD,UAAU,YAAY;IACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED,UAAU,aAAa;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,aAAa,CAAU;IAC/B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,SAAS,CAAC,CAAa;gBAG7B,aAAa,EAAE,OAAO,EACtB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,kBAAkB,EAAE,MAAM,EAC1B,SAAS,CAAC,EAAE,MAAM,IAAI;IASxB;;OAEG;IACG,IAAI,CAAC,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;IA2DvD;;OAEG;IACH,uBAAuB,IAAI,MAAM;IAIjC;;OAEG;IACG,MAAM,CACV,SAAS,EAAE,UAAU,EACrB,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC;CAQpB;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,MAAM,EAAE;IACjD,aAAa,EAAE,OAAO,CAAC;IACvB,gBAAgB,EAAE,oBAAoB,CAAC;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,IAAI,CAAC;CACxB,GAAG,OAAO,CAAC;IACV,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;CACjB,CAAC,CAsDD"}

package/dist/client/turnkey-did-signer.js

@@ -1,131 +0,0 @@
-/**
- * Turnkey DID Signer Adapter
- * Adapts Turnkey signing to work with didwebvh-ts signer interface
- * Uses @turnkey/sdk-server for all Turnkey operations (no viem/ethers dependency)
- */
-import { OriginalsSDK, encoding } from '@originals/sdk';
-import { TurnkeySessionExpiredError, withTokenExpiration } from './turnkey-client';
-/**
- * Signer that uses Turnkey for signing DID documents
- * Compatible with didwebvh-ts signer interface
- */
-export class TurnkeyDIDSigner {
-    turnkeyClient;
-    signWith;
-    subOrgId;
-    publicKeyMultibase;
-    onExpired;
-    constructor(turnkeyClient, signWith, subOrgId, publicKeyMultibase, onExpired) {
-        this.turnkeyClient = turnkeyClient;
-        this.signWith = signWith;
-        this.subOrgId = subOrgId;
-        this.publicKeyMultibase = publicKeyMultibase;
-        this.onExpired = onExpired;
-    }
-    /**
-     * Sign the document and proof using Turnkey
-     */
-    async sign(input) {
-        return withTokenExpiration(async () => {
-            try {
-                // Use SDK's prepareDIDDataForSigning
-                const dataToSign = await OriginalsSDK.prepareDIDDataForSigning(input.document, input.proof);
-                // Sign with Turnkey via server SDK
-                const result = await this.turnkeyClient.apiClient().signRawPayload({
-                    organizationId: this.subOrgId,
-                    signWith: this.signWith,
-                    payload: Buffer.from(dataToSign).toString('hex'),
-                    encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',
-                    hashFunction: 'HASH_FUNCTION_NO_OP',
-                });
-                const r = result.r;
-                const s = result.s;
-                if (!r || !s) {
-                    throw new Error('Invalid signature response from Turnkey');
-                }
-                // For Ed25519, combine r+s only (64 bytes total)
-                const cleanR = r.startsWith('0x') ? r.slice(2) : r;
-                const cleanS = s.startsWith('0x') ? s.slice(2) : s;
-                const combinedHex = cleanR + cleanS;
-                const signatureBytes = Buffer.from(combinedHex, 'hex');
-                if (signatureBytes.length !== 64) {
-                    throw new Error(`Invalid Ed25519 signature length: ${signatureBytes.length} (expected 64 bytes)`);
-                }
-                const proofValue = encoding.multibase.encode(signatureBytes, 'base58btc');
-                return { proofValue };
-            }
-            catch (error) {
-                console.error('[TurnkeyDIDSigner] Error signing with Turnkey:', error);
-                const errorStr = JSON.stringify(error);
-                if (errorStr.toLowerCase().includes('api_key_expired') ||
-                    errorStr.toLowerCase().includes('expired api key') ||
-                    errorStr.toLowerCase().includes('"code":16')) {
-                    console.warn('Detected expired API key in sign method, calling onExpired');
-                    if (this.onExpired) {
-                        this.onExpired();
-                    }
-                    throw new TurnkeySessionExpiredError();
-                }
-                throw error;
-            }
-        }, this.onExpired);
-    }
-    /**
-     * Get the verification method ID for this signer
-     */
-    getVerificationMethodId() {
-        return `did:key:${this.publicKeyMultibase}`;
-    }
-    /**
-     * Verify a signature
-     */
-    async verify(signature, message, publicKey) {
-        try {
-            return await OriginalsSDK.verifyDIDSignature(signature, message, publicKey);
-        }
-        catch (error) {
-            console.error('[TurnkeyDIDSigner] Error verifying signature:', error);
-            return false;
-        }
-    }
-}
-/**
- * Create a DID:WebVH using OriginalsSDK.createDIDOriginal() with Turnkey signing
- */
-export async function createDIDWithTurnkey(params) {
-    const { turnkeyClient, updateKeyAccount, subOrgId, authKeyPublic, assertionKeyPublic, updateKeyPublic, domain, slug, onExpired, } = params;
-    // Create Turnkey signer for the update key
-    const signer = new TurnkeyDIDSigner(turnkeyClient, updateKeyAccount.address, subOrgId, updateKeyPublic, onExpired);
-    // Use SDK's createDIDOriginal
-    const result = await OriginalsSDK.createDIDOriginal({
-        type: 'did',
-        domain,
-        signer,
-        verifier: signer,
-        updateKeys: [signer.getVerificationMethodId()],
-        verificationMethods: [
-            {
-                id: '#key-0',
-                type: 'Multikey',
-                controller: '',
-                publicKeyMultibase: authKeyPublic,
-            },
-            {
-                id: '#key-1',
-                type: 'Multikey',
-                controller: '',
-                publicKeyMultibase: assertionKeyPublic,
-            },
-        ],
-        paths: [slug],
-        portable: false,
-        authentication: ['#key-0'],
-        assertionMethod: ['#key-1'],
-    });
-    return {
-        did: result.did,
-        didDocument: result.doc,
-        didLog: result.log,
-    };
-}
-//# sourceMappingURL=turnkey-did-signer.js.map

package/dist/client/turnkey-did-signer.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"turnkey-did-signer.js","sourceRoot":"","sources":["../../src/client/turnkey-did-signer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAExD,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAWnF;;;GAGG;AACH,MAAM,OAAO,gBAAgB;IACnB,aAAa,CAAU;IACvB,QAAQ,CAAS;IACjB,QAAQ,CAAS;IACjB,kBAAkB,CAAS;IAC3B,SAAS,CAAc;IAE/B,YACE,aAAsB,EACtB,QAAgB,EAChB,QAAgB,EAChB,kBAA0B,EAC1B,SAAsB;QAEtB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,KAAmB;QAC5B,OAAO,mBAAmB,CAAC,KAAK,IAAI,EAAE;YACpC,IAAI,CAAC;gBACH,qCAAqC;gBACrC,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,wBAAwB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAE5F,mCAAmC;gBACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC;oBACjE,cAAc,EAAE,IAAI,CAAC,QAAQ;oBAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;oBAChD,QAAQ,EAAE,8BAA8B;oBACxC,YAAY,EAAE,qBAAqB;iBACpC,CAAC,CAAC;gBAEH,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC;gBACnB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC;gBAEnB,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;oBACb,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;gBAC7D,CAAC;gBAED,iDAAiD;gBACjD,MAAM,MAAM,GAAG,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACnD,MAAM,MAAM,GAAG,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACnD,MAAM,WAAW,GAAG,MAAM,GAAG,MAAM,CAAC;gBAEpC,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;gBAEvD,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;oBACjC,MAAM,IAAI,KAAK,CACb,qCAAqC,cAAc,CAAC,MAAM,sBAAsB,CACjF,CAAC;gBACJ,CAAC;gBAED,MAAM,UAAU,GAAG,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;gBAE1E,OAAO,EAAE,UAAU,EAAE,CAAC;YACxB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,gDAAgD,EAAE,KAAK,CAAC,CAAC;gBAEvE,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvC,IACE,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;oBAClD,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;oBAClD,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAC5C,CAAC;oBACD,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;oBAC3E,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;wBACnB,IAAI,CAAC,SAAS,EAAE,CAAC;oBACnB,CAAC;oBACD,MAAM,IAAI,0BAA0B,EAAE,CAAC;gBACzC,CAAC;gBAED,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,uBAAuB;QACrB,OAAO,WAAW,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,SAAqB,EACrB,OAAmB,EACnB,SAAqB;QAErB,IAAI,CAAC;YACH,OAAO,MAAM,YAAY,CAAC,kBAAkB,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QAC9E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,KAAK,CAAC,CAAC;YACtE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,MAU1C;IAKC,MAAM,EACJ,aAAa,EACb,gBAAgB,EAChB,QAAQ,EACR,aAAa,EACb,kBAAkB,EAClB,eAAe,EACf,MAAM,EACN,IAAI,EACJ,SAAS,GACV,GAAG,MAAM,CAAC;IAEX,2CAA2C;IAC3C,MAAM,MAAM,GAAG,IAAI,gBAAgB,CACjC,aAAa,EACb,gBAAgB,CAAC,OAAO,EACxB,QAAQ,EACR,eAAe,EACf,SAAS,CACV,CAAC;IAEF,8BAA8B;IAC9B,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,iBAAiB,CAAC;QAClD,IAAI,EAAE,KAAK;QACX,MAAM;QACN,MAAM;QACN,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,CAAC,MAAM,CAAC,uBAAuB,EAAE,CAAC;QAC9C,mBAAmB,EAAE;YACnB;gBACE,EAAE,EAAE,QAAQ;gBACZ,IAAI,EAAE,UAAU;gBAChB,UAAU,EAAE,EAAE;gBACd,kBAAkB,EAAE,aAAa;aAClC;YACD;gBACE,EAAE,EAAE,QAAQ;gBACZ,IAAI,EAAE,UAAU;gBAChB,UAAU,EAAE,EAAE;gBACd,kBAAkB,EAAE,kBAAkB;aACvC;SACF;QACD,KAAK,EAAE,CAAC,IAAI,CAAC;QACb,QAAQ,EAAE,KAAK;QACf,cAAc,EAAE,CAAC,QAAQ,CAAC;QAC1B,eAAe,EAAE,CAAC,QAAQ,CAAC;KAC5B,CAAC,CAAC;IAEH,OAAO;QACL,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,WAAW,EAAE,MAAM,CAAC,GAAG;QACvB,MAAM,EAAE,MAAM,CAAC,GAAG;KACnB,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -1,23 +0,0 @@
-/**
- * @originals/auth - Turnkey-based authentication for the Originals Protocol
- *
- * This package provides authentication utilities for both server and client applications.
- *
- * Server-side:
- * ```typescript
- * import { createAuthMiddleware, initiateEmailAuth, verifyEmailAuth } from '@originals/auth/server';
- * ```
- *
- * Client-side (pure functions, no React):
- * ```typescript
- * import { initializeTurnkeyClient, initOtp, completeOtp, fetchWallets } from '@originals/auth/client';
- * ```
- *
- * Types:
- * ```typescript
- * import type { AuthUser, TokenPayload, TurnkeyWallet } from '@originals/auth/types';
- * ```
- */
-export * from './types';
-export * from './server';
-//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAGH,cAAc,SAAS,CAAC;AAGxB,cAAc,UAAU,CAAC"}

package/dist/index.js

@@ -1,27 +0,0 @@
-/**
- * @originals/auth - Turnkey-based authentication for the Originals Protocol
- *
- * This package provides authentication utilities for both server and client applications.
- *
- * Server-side:
- * ```typescript
- * import { createAuthMiddleware, initiateEmailAuth, verifyEmailAuth } from '@originals/auth/server';
- * ```
- *
- * Client-side (pure functions, no React):
- * ```typescript
- * import { initializeTurnkeyClient, initOtp, completeOtp, fetchWallets } from '@originals/auth/client';
- * ```
- *
- * Types:
- * ```typescript
- * import type { AuthUser, TokenPayload, TurnkeyWallet } from '@originals/auth/types';
- * ```
- */
-// Re-export types
-export * from './types';
-// Re-export server utilities (for convenience, though subpath is preferred)
-export * from './server';
-// Note: Client utilities should be imported from '@originals/auth/client'
-// to avoid bundling React in server environments
-//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,kBAAkB;AAClB,cAAc,SAAS,CAAC;AAExB,4EAA4E;AAC5E,cAAc,UAAU,CAAC;AAEzB,0EAA0E;AAC1E,iDAAiD"}

package/dist/server/email-auth.d.ts

@@ -1,42 +0,0 @@
-/**
- * Turnkey Email Authentication Service
- * Implements email-based authentication using Turnkey's OTP flow
- */
-import { Turnkey } from '@turnkey/sdk-server';
-import type { EmailAuthSession, InitiateAuthResult, VerifyAuthResult } from '../types';
-/**
- * Session storage interface for pluggable session management
- */
-export interface SessionStorage {
-    get(sessionId: string): EmailAuthSession | undefined;
-    set(sessionId: string, session: EmailAuthSession): void;
-    delete(sessionId: string): void;
-    cleanup(): void;
-}
-/**
- * Create an in-memory session storage
- * For production, consider using Redis or a database
- */
-export declare function createInMemorySessionStorage(): SessionStorage;
-/**
- * Initiate email authentication using Turnkey OTP
- * Sends a 6-digit OTP code to the user's email
- */
-export declare function initiateEmailAuth(email: string, turnkeyClient: Turnkey, sessionStorage?: SessionStorage): Promise<InitiateAuthResult>;
-/**
- * Verify email authentication code using Turnkey OTP
- */
-export declare function verifyEmailAuth(sessionId: string, code: string, turnkeyClient: Turnkey, sessionStorage?: SessionStorage): Promise<VerifyAuthResult>;
-/**
- * Check if a session is verified
- */
-export declare function isSessionVerified(sessionId: string, sessionStorage?: SessionStorage): boolean;
-/**
- * Clean up a session after successful login
- */
-export declare function cleanupSession(sessionId: string, sessionStorage?: SessionStorage): void;
-/**
- * Get session data
- */
-export declare function getSession(sessionId: string, sessionStorage?: SessionStorage): EmailAuthSession | undefined;
-//# sourceMappingURL=email-auth.d.ts.map

package/dist/server/email-auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"email-auth.d.ts","sourceRoot":"","sources":["../../src/server/email-auth.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAG9C,OAAO,KAAK,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAMvF;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS,CAAC;IACrD,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACxD,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,OAAO,IAAI,IAAI,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAgB,4BAA4B,IAAI,cAAc,CA2B7D;AAmBD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,OAAO,EACtB,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAAC,kBAAkB,CAAC,CA2D7B;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,EACZ,aAAa,EAAE,OAAO,EACtB,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAAC,gBAAgB,CAAC,CAqD3B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAYT;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,SAAS,EAAE,MAAM,EACjB,cAAc,CAAC,EAAE,cAAc,GAC9B,IAAI,CAGN;AAED;;GAEG;AACH,wBAAgB,UAAU,CACxB,SAAS,EAAE,MAAM,EACjB,cAAc,CAAC,EAAE,cAAc,GAC9B,gBAAgB,GAAG,SAAS,CAa9B"}

package/dist/server/email-auth.js

@@ -1,187 +0,0 @@
-/**
- * Turnkey Email Authentication Service
- * Implements email-based authentication using Turnkey's OTP flow
- */
-import { sha256 } from '@noble/hashes/sha2.js';
-import { bytesToHex } from '@noble/hashes/utils.js';
-import { getOrCreateTurnkeySubOrg } from './turnkey-client';
-// Session timeout (15 minutes to match Turnkey OTP)
-const SESSION_TIMEOUT = 15 * 60 * 1000;
-/**
- * Create an in-memory session storage
- * For production, consider using Redis or a database
- */
-export function createInMemorySessionStorage() {
-    const sessions = new Map();
-    // Start cleanup interval
-    const cleanupInterval = setInterval(() => {
-        const now = Date.now();
-        for (const [sessionId, session] of sessions.entries()) {
-            if (now - session.timestamp > SESSION_TIMEOUT) {
-                sessions.delete(sessionId);
-            }
-        }
-    }, 60 * 1000);
-    // Keep the interval from preventing process exit
-    if (cleanupInterval.unref) {
-        cleanupInterval.unref();
-    }
-    return {
-        get: (sessionId) => sessions.get(sessionId),
-        set: (sessionId, session) => sessions.set(sessionId, session),
-        delete: (sessionId) => sessions.delete(sessionId),
-        cleanup: () => {
-            clearInterval(cleanupInterval);
-            sessions.clear();
-        },
-    };
-}
-// Default session storage
-let defaultSessionStorage = null;
-function getDefaultSessionStorage() {
-    if (!defaultSessionStorage) {
-        defaultSessionStorage = createInMemorySessionStorage();
-    }
-    return defaultSessionStorage;
-}
-/**
- * Generate a random session ID
- */
-function generateSessionId() {
-    return `session_${Date.now()}_${Math.random().toString(36).substring(2, 15)}`;
-}
-/**
- * Initiate email authentication using Turnkey OTP
- * Sends a 6-digit OTP code to the user's email
- */
-export async function initiateEmailAuth(email, turnkeyClient, sessionStorage) {
-    const storage = sessionStorage ?? getDefaultSessionStorage();
-    // Validate email format
-    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-    if (!emailRegex.test(email)) {
-        throw new Error('Invalid email format');
-    }
-    console.log(`\n🚀 Initiating email auth for: ${email}`);
-    // Step 1: Get or create Turnkey sub-organization
-    const subOrgId = await getOrCreateTurnkeySubOrg(email, turnkeyClient);
-    // Step 2: Send OTP via Turnkey
-    console.log(`📨 Sending OTP to ${email} via Turnkey...`);
-    // Generate a unique user identifier for rate limiting
-    const data = new TextEncoder().encode(email);
-    const hash = sha256(data);
-    const userIdentifier = bytesToHex(hash);
-    const otpResult = await turnkeyClient.apiClient().initOtp({
-        otpType: 'OTP_TYPE_EMAIL',
-        contact: email,
-        userIdentifier: userIdentifier,
-        appName: 'Originals',
-        otpLength: 6,
-        alphanumeric: false,
-    });
-    const otpId = otpResult.otpId;
-    if (!otpId) {
-        throw new Error('Failed to initiate OTP - no OTP ID returned');
-    }
-    console.log(`✅ OTP sent! OTP ID: ${otpId}`);
-    // Create auth session
-    const sessionId = generateSessionId();
-    storage.set(sessionId, {
-        email,
-        subOrgId,
-        otpId,
-        timestamp: Date.now(),
-        verified: false,
-    });
-    console.log('='.repeat(60));
-    console.log(`📧 Check ${email} for the verification code!`);
-    console.log(`   Session ID: ${sessionId}`);
-    console.log(`   Valid for: 15 minutes`);
-    console.log('='.repeat(60) + '\n');
-    return {
-        sessionId,
-        message: 'Verification code sent to your email. Check your inbox!',
-    };
-}
-/**
- * Verify email authentication code using Turnkey OTP
- */
-export async function verifyEmailAuth(sessionId, code, turnkeyClient, sessionStorage) {
-    const storage = sessionStorage ?? getDefaultSessionStorage();
-    const session = storage.get(sessionId);
-    if (!session) {
-        throw new Error('Invalid or expired session');
-    }
-    // Check if session has expired
-    if (Date.now() - session.timestamp > SESSION_TIMEOUT) {
-        storage.delete(sessionId);
-        throw new Error('Session expired. Please request a new code.');
-    }
-    if (!session.otpId) {
-        throw new Error('OTP ID not found in session');
-    }
-    if (!session.subOrgId) {
-        throw new Error('Sub-organization ID not found');
-    }
-    console.log(`\n🔐 Verifying OTP for session ${sessionId}...`);
-    try {
-        // Verify the OTP code with Turnkey
-        const verifyResult = await turnkeyClient.apiClient().verifyOtp({
-            otpId: session.otpId,
-            otpCode: code,
-            expirationSeconds: '900', // 15 minutes
-        });
-        if (!verifyResult.verificationToken) {
-            throw new Error('OTP verification failed - no verification token returned');
-        }
-        console.log(`✅ OTP verified successfully!`);
-        // Mark session as verified
-        session.verified = true;
-        storage.set(sessionId, session);
-        return {
-            verified: true,
-            email: session.email,
-            subOrgId: session.subOrgId,
-        };
-    }
-    catch (error) {
-        console.error('❌ OTP verification failed:', error);
-        throw new Error(`Invalid verification code: ${error instanceof Error ? error.message : String(error)}`);
-    }
-}
-/**
- * Check if a session is verified
- */
-export function isSessionVerified(sessionId, sessionStorage) {
-    const storage = sessionStorage ?? getDefaultSessionStorage();
-    const session = storage.get(sessionId);
-    if (!session)
-        return false;
-    if (Date.now() - session.timestamp > SESSION_TIMEOUT) {
-        storage.delete(sessionId);
-        return false;
-    }
-    return session.verified;
-}
-/**
- * Clean up a session after successful login
- */
-export function cleanupSession(sessionId, sessionStorage) {
-    const storage = sessionStorage ?? getDefaultSessionStorage();
-    storage.delete(sessionId);
-}
-/**
- * Get session data
- */
-export function getSession(sessionId, sessionStorage) {
-    const storage = sessionStorage ?? getDefaultSessionStorage();
-    const session = storage.get(sessionId);
-    if (!session)
-        return undefined;
-    // Check if expired
-    if (Date.now() - session.timestamp > SESSION_TIMEOUT) {
-        storage.delete(sessionId);
-        return undefined;
-    }
-    return session;
-}
-//# sourceMappingURL=email-auth.js.map

package/dist/server/email-auth.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"email-auth.js","sourceRoot":"","sources":["../../src/server/email-auth.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,oDAAoD;AACpD,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAYvC;;;GAGG;AACH,MAAM,UAAU,4BAA4B;IAC1C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA4B,CAAC;IAErD,yBAAyB;IACzB,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YACtD,IAAI,GAAG,GAAG,OAAO,CAAC,SAAS,GAAG,eAAe,EAAE,CAAC;gBAC9C,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC;IAEd,iDAAiD;IACjD,IAAI,eAAe,CAAC,KAAK,EAAE,CAAC;QAC1B,eAAe,CAAC,KAAK,EAAE,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,GAAG,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC;QACnD,GAAG,EAAE,CAAC,SAAiB,EAAE,OAAyB,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC;QACvF,MAAM,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;QACzD,OAAO,EAAE,GAAG,EAAE;YACZ,aAAa,CAAC,eAAe,CAAC,CAAC;YAC/B,QAAQ,CAAC,KAAK,EAAE,CAAC;QACnB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,0BAA0B;AAC1B,IAAI,qBAAqB,GAA0B,IAAI,CAAC;AAExD,SAAS,wBAAwB;IAC/B,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,qBAAqB,GAAG,4BAA4B,EAAE,CAAC;IACzD,CAAC;IACD,OAAO,qBAAqB,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO,WAAW,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AAChF,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAAa,EACb,aAAsB,EACtB,cAA+B;IAE/B,MAAM,OAAO,GAAG,cAAc,IAAI,wBAAwB,EAAE,CAAC;IAE7D,wBAAwB;IACxB,MAAM,UAAU,GAAG,4BAA4B,CAAC;IAChD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,mCAAmC,KAAK,EAAE,CAAC,CAAC;IAExD,iDAAiD;IACjD,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;IAEtE,+BAA+B;IAC/B,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,iBAAiB,CAAC,CAAC;IAEzD,sDAAsD;IACtD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1B,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IAExC,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC;QACxD,OAAO,EAAE,gBAAgB;QACzB,OAAO,EAAE,KAAK;QACd,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,WAAW;QACpB,SAAS,EAAE,CAAC;QACZ,YAAY,EAAE,KAAK;KACpB,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;IAE9B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,EAAE,CAAC,CAAC;IAE5C,sBAAsB;IACtB,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACtC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE;QACrB,KAAK;QACL,QAAQ;QACR,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,6BAA6B,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,kBAAkB,SAAS,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IAEnC,OAAO;QACL,SAAS;QACT,OAAO,EAAE,yDAAyD;KACnE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,SAAiB,EACjB,IAAY,EACZ,aAAsB,EACtB,cAA+B;IAE/B,MAAM,OAAO,GAAG,cAAc,IAAI,wBAAwB,EAAE,CAAC;IAC7D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,+BAA+B;IAC/B,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,GAAG,eAAe,EAAE,CAAC;QACrD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,kCAAkC,SAAS,KAAK,CAAC,CAAC;IAE9D,IAAI,CAAC;QACH,mCAAmC;QACnC,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC;YAC7D,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,OAAO,EAAE,IAAI;YACb,iBAAiB,EAAE,KAAK,EAAE,aAAa;SACxC,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,iBAAiB,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAE5C,2BAA2B;QAC3B,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAEhC,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CACb,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAAiB,EACjB,cAA+B;IAE/B,MAAM,OAAO,GAAG,cAAc,IAAI,wBAAwB,EAAE,CAAC;IAC7D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEvC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,GAAG,eAAe,EAAE,CAAC;QACrD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,OAAO,CAAC,QAAQ,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,SAAiB,EACjB,cAA+B;IAE/B,MAAM,OAAO,GAAG,cAAc,IAAI,wBAAwB,EAAE,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CACxB,SAAiB,EACjB,cAA+B;IAE/B,MAAM,OAAO,GAAG,cAAc,IAAI,wBAAwB,EAAE,CAAC;IAC7D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAEvC,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAE/B,mBAAmB;IACnB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,GAAG,eAAe,EAAE,CAAC;QACrD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/server/index.d.ts

@@ -1,22 +0,0 @@
-/**
- * Server-side authentication utilities
- *
- * @example
- * ```typescript
- * import {
- *   createAuthMiddleware,
- *   initiateEmailAuth,
- *   verifyEmailAuth,
- *   signToken,
- *   verifyToken,
- *   createTurnkeyClient,
- *   TurnkeyWebVHSigner
- * } from '@originals/auth/server';
- * ```
- */
-export { createTurnkeyClient, getOrCreateTurnkeySubOrg } from './turnkey-client';
-export { initiateEmailAuth, verifyEmailAuth, isSessionVerified, cleanupSession, getSession, type SessionStorage, createInMemorySessionStorage, } from './email-auth';
-export { signToken, verifyToken, getAuthCookieConfig, getClearAuthCookieConfig, } from './jwt';
-export { createAuthMiddleware } from './middleware';
-export { TurnkeyWebVHSigner, createTurnkeySigner } from './turnkey-signer';
-//# sourceMappingURL=index.d.ts.map

package/dist/server/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,UAAU,EACV,KAAK,cAAc,EACnB,4BAA4B,GAC7B,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,SAAS,EACT,WAAW,EACX,mBAAmB,EACnB,wBAAwB,GACzB,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/server/index.js

@@ -1,22 +0,0 @@
-/**
- * Server-side authentication utilities
- *
- * @example
- * ```typescript
- * import {
- *   createAuthMiddleware,
- *   initiateEmailAuth,
- *   verifyEmailAuth,
- *   signToken,
- *   verifyToken,
- *   createTurnkeyClient,
- *   TurnkeyWebVHSigner
- * } from '@originals/auth/server';
- * ```
- */
-export { createTurnkeyClient, getOrCreateTurnkeySubOrg } from './turnkey-client';
-export { initiateEmailAuth, verifyEmailAuth, isSessionVerified, cleanupSession, getSession, createInMemorySessionStorage, } from './email-auth';
-export { signToken, verifyToken, getAuthCookieConfig, getClearAuthCookieConfig, } from './jwt';
-export { createAuthMiddleware } from './middleware';
-export { TurnkeyWebVHSigner, createTurnkeySigner } from './turnkey-signer';
-//# sourceMappingURL=index.js.map

package/dist/server/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,UAAU,EAEV,4BAA4B,GAC7B,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,SAAS,EACT,WAAW,EACX,mBAAmB,EACnB,wBAAwB,GACzB,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/server/jwt.d.ts

@@ -1,49 +0,0 @@
-/**
- * JWT Authentication Module
- * Implements secure token issuance and validation with HTTP-only cookies
- */
-import type { TokenPayload, AuthCookieConfig } from '../types';
-/**
- * Sign a JWT token for a user
- * @param subOrgId - Turnkey sub-organization ID (stable identifier)
- * @param email - User email (metadata)
- * @param sessionToken - Optional Turnkey session token for user authentication
- * @param options - Additional options
- * @returns Signed JWT token string
- */
-export declare function signToken(subOrgId: string, email: string, sessionToken?: string, options?: {
-    secret?: string;
-    expiresIn?: number;
-    issuer?: string;
-    audience?: string;
-}): string;
-/**
- * Verify and decode a JWT token
- * @param token - JWT token string
- * @param options - Additional options
- * @returns Decoded token payload
- * @throws Error if token is invalid or expired
- */
-export declare function verifyToken(token: string, options?: {
-    secret?: string;
-    issuer?: string;
-    audience?: string;
-}): TokenPayload;
-/**
- * Generate a secure cookie configuration for authentication tokens
- * @param token - JWT token to set in cookie
- * @param options - Cookie options
- * @returns Cookie configuration object
- */
-export declare function getAuthCookieConfig(token: string, options?: {
-    cookieName?: string;
-    maxAge?: number;
-    secure?: boolean;
-}): AuthCookieConfig;
-/**
- * Get cookie configuration for logout (clears the auth cookie)
- * @param cookieName - Name of the cookie to clear
- * @returns Cookie configuration for clearing
- */
-export declare function getClearAuthCookieConfig(cookieName?: string): AuthCookieConfig;
-//# sourceMappingURL=jwt.d.ts.map

package/dist/server/jwt.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/server/jwt.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAgB/D;;;;;;;GAOG;AACH,wBAAgB,SAAS,CACvB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE;IACR,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GACA,MAAM,CAuBR;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CACzB,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE;IACR,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GACA,YAAY,CAuBd;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB,GACA,gBAAgB,CAclB;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,gBAAgB,CAc9E"}