@originals/auth 1.8.1 → 1.8.3

package/package.json

@@ -1,10 +1,13 @@
 {
   "name": "@originals/auth",
-  "version": "1.8.1",
+  "version": "1.8.3",
   "description": "Turnkey-based authentication for the Originals Protocol",
   "type": "module",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
@@ -21,18 +24,11 @@
     "./types": {
       "types": "./dist/types.d.ts",
       "import": "./dist/types.js"
-    },
-    "./server/*.js": {
-      "types": "./dist/server/*.d.ts",
-      "import": "./dist/server/*.js"
-    },
-    "./client/*.js": {
-      "types": "./dist/client/*.d.ts",
-      "import": "./dist/client/*.js"
     }
   },
   "scripts": {
     "build": "bunx tsc && bunx tsc-alias",
+    "prepublishOnly": "npm run build",
     "test": "bun test tests/",
     "lint": "eslint src/**/*.ts",
     "format": "prettier --write src/**/*.ts"
@@ -56,7 +52,7 @@
   },
   "dependencies": {
     "@turnkey/sdk-server": "^5.0.0",
-    "@originals/sdk": "^1.4.4",
+    "@originals/sdk": "^1.8.1",
     "jsonwebtoken": "^9.0.2",
     "@noble/hashes": "^2.0.1",
     "@noble/ed25519": "^2.0.0"

package/.turbo/turbo-build.log

@@ -1 +0,0 @@
-$ bunx tsc && bunx tsc-alias

package/eslint.config.js

@@ -1,32 +0,0 @@
-import eslint from '@eslint/js';
-import tseslint from 'typescript-eslint';
-
-export default tseslint.config(
-  eslint.configs.recommended,
-  ...tseslint.configs.recommendedTypeChecked,
-  {
-    languageOptions: {
-      parserOptions: {
-        project: true,
-        tsconfigRootDir: import.meta.dirname,
-      },
-    },
-    rules: {
-      '@typescript-eslint/no-explicit-any': 'warn',
-      '@typescript-eslint/no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
-      '@typescript-eslint/explicit-function-return-type': 'off',
-      '@typescript-eslint/no-unsafe-assignment': 'warn',
-      '@typescript-eslint/no-unsafe-member-access': 'warn',
-      '@typescript-eslint/no-unsafe-call': 'warn',
-      '@typescript-eslint/no-unsafe-return': 'warn',
-      '@typescript-eslint/restrict-template-expressions': 'warn',
-      'no-console': 'off',
-      'no-empty': ['error', { allowEmptyCatch: false }],
-      'prefer-const': 'error',
-      'no-var': 'error',
-    },
-  },
-  {
-    ignores: ['dist/', 'node_modules/', '*.js', 'tests/'],
-  }
-);

package/src/client/index.ts

@@ -1,36 +0,0 @@
-/**
- * Client-side authentication utilities
- *
- * Pure library functions for Turnkey authentication.
- * No React dependencies - consuming apps should create their own hooks.
- *
- * @example
- * ```typescript
- * import {
- *   initializeTurnkeyClient,
- *   initOtp,
- *   completeOtp,
- *   fetchUser,
- *   fetchWallets,
- *   TurnkeyDIDSigner,
- *   createDIDWithTurnkey
- * } from '@originals/auth/client';
- * ```
- */
-
-export {
-  initializeTurnkeyClient,
-  initOtp,
-  completeOtp,
-  fetchUser,
-  fetchWallets,
-  getKeyByCurve,
-  createWalletWithAccounts,
-  ensureWalletWithAccounts,
-  TurnkeySessionExpiredError,
-  withTokenExpiration,
-} from './turnkey-client';
-
-export { TurnkeyDIDSigner, createDIDWithTurnkey } from './turnkey-did-signer';
-
-export { sendOtp, verifyOtp, type ServerAuthOptions } from './server-auth';

package/src/client/server-auth.ts

@@ -1,101 +0,0 @@
-/**
- * Client-side helpers for server-proxied authentication
- * Use these when your server handles Turnkey API keys
- *
- * @example
- * ```typescript
- * import { sendOtp, verifyOtp } from '@originals/auth/client';
- *
- * // Send OTP to user's email via your server
- * const { sessionId } = await sendOtp('user@example.com');
- *
- * // Verify the code they enter
- * const { verified, email, subOrgId } = await verifyOtp(sessionId, '123456');
- * ```
- */
-
-import type { InitiateAuthResult, VerifyAuthResult } from '../types';
-
-/**
- * Options for server-proxied auth functions
- */
-export interface ServerAuthOptions {
-  /** Custom fetch function (for testing) */
-  fetch?: typeof fetch;
-}
-
-/**
- * Send OTP via your server endpoint
- * Server should call initiateEmailAuth() from @originals/auth/server
- *
- * @param email - User's email address
- * @param endpoint - Server endpoint URL (default: '/api/auth/send-otp')
- * @param options - Optional configuration
- * @returns Promise with sessionId and message
- *
- * @example
- * ```typescript
- * const { sessionId, message } = await sendOtp('user@example.com');
- * // sessionId is used for verification step
- * // message is user-friendly text to display
- * ```
- */
-export async function sendOtp(
-  email: string,
-  endpoint = '/api/auth/send-otp',
-  options?: ServerAuthOptions
-): Promise<InitiateAuthResult> {
-  const fetchFn = options?.fetch ?? fetch;
-  const response = await fetchFn(endpoint, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ email }),
-  });
-
-  if (!response.ok) {
-    const error = await response.json().catch(() => ({ message: 'Failed to send OTP' })) as { message?: string };
-    throw new Error(error.message ?? `HTTP ${response.status}`);
-  }
-
-  return response.json() as Promise<InitiateAuthResult>;
-}
-
-/**
- * Verify OTP via your server endpoint
- * Server should call verifyEmailAuth() from @originals/auth/server
- *
- * @param sessionId - Session ID from sendOtp result
- * @param code - OTP code entered by user
- * @param endpoint - Server endpoint URL (default: '/api/auth/verify-otp')
- * @param options - Optional configuration
- * @returns Promise with verification result
- *
- * @example
- * ```typescript
- * const { verified, email, subOrgId } = await verifyOtp(sessionId, '123456');
- * if (verified) {
- *   // User is authenticated
- *   console.log(`Authenticated: ${email}`);
- * }
- * ```
- */
-export async function verifyOtp(
-  sessionId: string,
-  code: string,
-  endpoint = '/api/auth/verify-otp',
-  options?: ServerAuthOptions
-): Promise<VerifyAuthResult> {
-  const fetchFn = options?.fetch ?? fetch;
-  const response = await fetchFn(endpoint, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ sessionId, code }),
-  });
-
-  if (!response.ok) {
-    const error = await response.json().catch(() => ({ message: 'Verification failed' })) as { message?: string };
-    throw new Error(error.message ?? `HTTP ${response.status}`);
-  }
-
-  return response.json() as Promise<VerifyAuthResult>;
-}

package/src/client/turnkey-client.ts

@@ -1,364 +0,0 @@
-/**
- * Client-side Turnkey utilities
- * Uses @turnkey/sdk-server for all Turnkey operations (no viem/ethers dependency)
- */
-
-import { Turnkey } from '@turnkey/sdk-server';
-import type { TurnkeyWallet, TurnkeyWalletAccount } from '../types';
-
-/**
- * Session expired error for handling token expiration
- */
-export class TurnkeySessionExpiredError extends Error {
-  constructor(message: string = 'Your Turnkey session has expired. Please log in again.') {
-    super(message);
-    this.name = 'TurnkeySessionExpiredError';
-  }
-}
-
-/**
- * Wrapper to handle token expiration errors
- */
-export async function withTokenExpiration<T>(
-  fn: () => Promise<T>,
-  onExpired?: () => void
-): Promise<T> {
-  try {
-    return await fn();
-  } catch (error) {
-    const errorStr = JSON.stringify(error);
-    if (
-      errorStr.toLowerCase().includes('api_key_expired') ||
-      errorStr.toLowerCase().includes('expired api key') ||
-      errorStr.toLowerCase().includes('"code":16')
-    ) {
-      console.warn('Detected expired API key, calling onExpired');
-      if (onExpired) {
-        onExpired();
-      }
-      throw new TurnkeySessionExpiredError();
-    }
-    throw error;
-  }
-}
-
-/**
- * Initialize Turnkey server client
- * Reads from environment variables or provided config
- */
-export function initializeTurnkeyClient(config?: {
-  apiBaseUrl?: string;
-  apiPublicKey?: string;
-  apiPrivateKey?: string;
-  organizationId?: string;
-}): Turnkey {
-  const apiPublicKey = config?.apiPublicKey ?? process.env.TURNKEY_API_PUBLIC_KEY;
-  const apiPrivateKey = config?.apiPrivateKey ?? process.env.TURNKEY_API_PRIVATE_KEY;
-  const organizationId = config?.organizationId ?? process.env.TURNKEY_ORGANIZATION_ID;
-
-  if (!apiPublicKey) {
-    throw new Error('TURNKEY_API_PUBLIC_KEY is required');
-  }
-  if (!apiPrivateKey) {
-    throw new Error('TURNKEY_API_PRIVATE_KEY is required');
-  }
-  if (!organizationId) {
-    throw new Error('TURNKEY_ORGANIZATION_ID is required');
-  }
-
-  return new Turnkey({
-    apiBaseUrl: config?.apiBaseUrl ?? 'https://api.turnkey.com',
-    apiPublicKey,
-    apiPrivateKey,
-    defaultOrganizationId: organizationId,
-  });
-}
-
-/**
- * Send OTP code to email via Turnkey
- */
-export async function initOtp(
-  turnkeyClient: Turnkey,
-  email: string,
-  subOrgId?: string
-): Promise<string> {
-  try {
-    const result = await turnkeyClient.apiClient().initOtp({
-      otpType: 'OTP_TYPE_EMAIL',
-      contact: email,
-      appName: 'Originals',
-      ...(subOrgId ? { organizationId: subOrgId } : {}),
-    });
-
-    const otpId = result.otpId;
-    if (!otpId) {
-      throw new Error('No OTP ID returned from Turnkey');
-    }
-
-    return otpId;
-  } catch (error) {
-    console.error('Error initializing OTP:', error);
-    throw new Error(
-      `Failed to send OTP: ${error instanceof Error ? error.message : String(error)}`
-    );
-  }
-}
-
-/**
- * Complete OTP verification flow
- * Returns verification token and sub-org ID
- */
-export async function completeOtp(
-  turnkeyClient: Turnkey,
-  otpId: string,
-  otpCode: string,
-  subOrgId: string
-): Promise<{ verificationToken: string; subOrgId: string }> {
-  try {
-    const result = await turnkeyClient.apiClient().verifyOtp({
-      otpId,
-      otpCode,
-      expirationSeconds: '900',
-      organizationId: subOrgId,
-    });
-
-    if (!result.verificationToken) {
-      throw new Error('OTP verification failed - no verification token returned');
-    }
-
-    return {
-      verificationToken: result.verificationToken,
-      subOrgId,
-    };
-  } catch (error) {
-    console.error('Error completing OTP:', error);
-    throw new Error(
-      `Failed to complete OTP: ${error instanceof Error ? error.message : String(error)}`
-    );
-  }
-}
-
-/**
- * Fetch users in a sub-organization
- */
-export async function fetchUser(
-  turnkeyClient: Turnkey,
-  subOrgId: string,
-  onExpired?: () => void
-): Promise<unknown> {
-  return withTokenExpiration(async () => {
-    try {
-      const response = await turnkeyClient.apiClient().getUsers({
-        organizationId: subOrgId,
-      });
-      const users = response.users ?? [];
-      return users[0] ?? null;
-    } catch (error) {
-      console.error('Error fetching user:', error);
-      throw new Error(
-        `Failed to fetch user: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }, onExpired);
-}
-
-/**
- * Fetch user's wallets with accounts
- */
-export async function fetchWallets(
-  turnkeyClient: Turnkey,
-  subOrgId: string,
-  onExpired?: () => void
-): Promise<TurnkeyWallet[]> {
-  return withTokenExpiration(async () => {
-    try {
-      const response = await turnkeyClient.apiClient().getWallets({
-        organizationId: subOrgId,
-      });
-
-      const wallets: TurnkeyWallet[] = [];
-
-      for (const wallet of response.wallets || []) {
-        const accountsResponse = await turnkeyClient.apiClient().getWalletAccounts({
-          organizationId: subOrgId,
-          walletId: wallet.walletId,
-        });
-
-        wallets.push({
-          walletId: wallet.walletId,
-          walletName: wallet.walletName,
-          accounts: (accountsResponse.accounts || []).map(
-            (acc: { address: string; curve: string; path: string; addressFormat: string }) => ({
-              address: acc.address,
-              curve: acc.curve as 'CURVE_SECP256K1' | 'CURVE_ED25519',
-              path: acc.path,
-              addressFormat: acc.addressFormat,
-            })
-          ),
-        });
-      }
-
-      return wallets;
-    } catch (error) {
-      console.error('Error fetching wallets:', error);
-      throw new Error(
-        `Failed to fetch wallets: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }, onExpired);
-}
-
-/**
- * Get key by curve type from wallets
- */
-export function getKeyByCurve(
-  wallets: TurnkeyWallet[],
-  curve: 'CURVE_SECP256K1' | 'CURVE_ED25519'
-): TurnkeyWalletAccount | null {
-  for (const wallet of wallets) {
-    for (const account of wallet.accounts) {
-      if (account.curve === curve) {
-        return account;
-      }
-    }
-  }
-  return null;
-}
-
-/**
- * Create a wallet with the required accounts for DID creation
- */
-export async function createWalletWithAccounts(
-  turnkeyClient: Turnkey,
-  subOrgId: string,
-  onExpired?: () => void
-): Promise<TurnkeyWallet> {
-  return withTokenExpiration(async () => {
-    try {
-      const response = await turnkeyClient.apiClient().createWallet({
-        walletName: 'default-wallet',
-        accounts: [
-          {
-            curve: 'CURVE_SECP256K1',
-            pathFormat: 'PATH_FORMAT_BIP32',
-            path: "m/44'/0'/0'/0/0",
-            addressFormat: 'ADDRESS_FORMAT_BITCOIN_MAINNET_P2TR',
-          },
-          {
-            curve: 'CURVE_ED25519',
-            pathFormat: 'PATH_FORMAT_BIP32',
-            path: "m/44'/501'/0'/0'",
-            addressFormat: 'ADDRESS_FORMAT_SOLANA',
-          },
-          {
-            curve: 'CURVE_ED25519',
-            pathFormat: 'PATH_FORMAT_BIP32',
-            path: "m/44'/501'/1'/0'",
-            addressFormat: 'ADDRESS_FORMAT_SOLANA',
-          },
-        ],
-        organizationId: subOrgId,
-      });
-
-      const walletId = response.walletId;
-      if (!walletId) {
-        throw new Error('No wallet ID returned from createWallet');
-      }
-
-      // Wait for wallet to be created, then fetch it
-      await new Promise((resolve) => setTimeout(resolve, 500));
-
-      const wallets = await fetchWallets(turnkeyClient, subOrgId, onExpired);
-      const createdWallet = wallets.find((w) => w.walletId === walletId);
-
-      if (!createdWallet) {
-        throw new Error('Failed to fetch created wallet');
-      }
-
-      return createdWallet;
-    } catch (error) {
-      console.error('Error creating wallet:', error);
-      throw new Error(
-        `Failed to create wallet: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }, onExpired);
-}
-
-/**
- * Ensure user has a wallet with the required accounts for DID creation
- */
-export async function ensureWalletWithAccounts(
-  turnkeyClient: Turnkey,
-  subOrgId: string,
-  onExpired?: () => void
-): Promise<TurnkeyWallet[]> {
-  return withTokenExpiration(async () => {
-    try {
-      let wallets = await fetchWallets(turnkeyClient, subOrgId, onExpired);
-
-      if (wallets.length === 0) {
-        console.log('No wallets found, creating new wallet with accounts...');
-        const newWallet = await createWalletWithAccounts(turnkeyClient, subOrgId, onExpired);
-        wallets = [newWallet];
-        return wallets;
-      }
-
-      const defaultWallet = wallets[0];
-      const allAccounts = defaultWallet.accounts;
-      const secp256k1Accounts = allAccounts.filter((acc) => acc.curve === 'CURVE_SECP256K1');
-      const ed25519Accounts = allAccounts.filter((acc) => acc.curve === 'CURVE_ED25519');
-
-      // Check if we need more accounts
-      if (secp256k1Accounts.length >= 1 && ed25519Accounts.length >= 2) {
-        return wallets;
-      }
-
-      // Need to create additional accounts
-      const accountsToCreate: Array<{
-        curve: 'CURVE_SECP256K1' | 'CURVE_ED25519';
-        pathFormat: 'PATH_FORMAT_BIP32';
-        path: string;
-        addressFormat: 'ADDRESS_FORMAT_BITCOIN_MAINNET_P2TR' | 'ADDRESS_FORMAT_SOLANA';
-      }> = [];
-
-      if (secp256k1Accounts.length === 0) {
-        accountsToCreate.push({
-          curve: 'CURVE_SECP256K1',
-          pathFormat: 'PATH_FORMAT_BIP32',
-          path: "m/44'/0'/0'/0/0",
-          addressFormat: 'ADDRESS_FORMAT_BITCOIN_MAINNET_P2TR',
-        });
-      }
-
-      const ed25519Needed = 2 - ed25519Accounts.length;
-      for (let i = 0; i < ed25519Needed; i++) {
-        const pathIndex = ed25519Accounts.length + i;
-        accountsToCreate.push({
-          curve: 'CURVE_ED25519',
-          pathFormat: 'PATH_FORMAT_BIP32',
-          path: pathIndex === 0 ? "m/44'/501'/0'/0'" : "m/44'/501'/1'/0'",
-          addressFormat: 'ADDRESS_FORMAT_SOLANA',
-        });
-      }
-
-      if (accountsToCreate.length > 0) {
-        console.log(`Creating ${accountsToCreate.length} missing account(s)...`);
-        await turnkeyClient.apiClient().createWalletAccounts({
-          walletId: defaultWallet.walletId,
-          accounts: accountsToCreate,
-          organizationId: subOrgId,
-        });
-
-        wallets = await fetchWallets(turnkeyClient, subOrgId, onExpired);
-      }
-
-      return wallets;
-    } catch (error) {
-      console.error('Error ensuring wallet with accounts:', error);
-      throw new Error(
-        `Failed to ensure wallet with accounts: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }, onExpired);
-}