npm - @originals/auth - Versions diffs - 1.8.2 → 1.8.3 - Mend

@originals/auth 1.8.2 → 1.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

package/{src/client/index.ts → dist/client/index.d.ts} +2 -15
package/dist/client/index.d.ts.map +1 -0
package/dist/client/index.js +23 -0
package/dist/client/index.js.map +1 -0
package/{src/client/server-auth.ts → dist/client/server-auth.d.ts} +5 -45
package/dist/client/server-auth.d.ts.map +1 -0
package/dist/client/server-auth.js +77 -0
package/dist/client/server-auth.js.map +1 -0
package/dist/client/turnkey-client.d.ts +59 -0
package/dist/client/turnkey-client.d.ts.map +1 -0
package/dist/client/turnkey-client.js +279 -0
package/dist/client/turnkey-client.js.map +1 -0
package/dist/client/turnkey-did-signer.d.ts +58 -0
package/dist/client/turnkey-did-signer.d.ts.map +1 -0
package/dist/client/turnkey-did-signer.js +131 -0
package/dist/client/turnkey-did-signer.js.map +1 -0
package/dist/index.d.ts +23 -0
package/dist/index.d.ts.map +1 -0
package/{src/index.ts → dist/index.js} +1 -6
package/dist/index.js.map +1 -0
package/dist/server/email-auth.d.ts +42 -0
package/dist/server/email-auth.d.ts.map +1 -0
package/dist/server/email-auth.js +187 -0
package/dist/server/email-auth.js.map +1 -0
package/dist/server/index.d.ts +22 -0
package/dist/server/index.d.ts.map +1 -0
package/{src/server/index.ts → dist/server/index.js} +3 -23
package/dist/server/index.js.map +1 -0
package/dist/server/jwt.d.ts +49 -0
package/dist/server/jwt.d.ts.map +1 -0
package/dist/server/jwt.js +113 -0
package/dist/server/jwt.js.map +1 -0
package/dist/server/middleware.d.ts +39 -0
package/dist/server/middleware.d.ts.map +1 -0
package/dist/server/middleware.js +112 -0
package/dist/server/middleware.js.map +1 -0
package/dist/server/turnkey-client.d.ts +24 -0
package/dist/server/turnkey-client.d.ts.map +1 -0
package/dist/server/turnkey-client.js +118 -0
package/dist/server/turnkey-client.js.map +1 -0
package/dist/server/turnkey-signer.d.ts +40 -0
package/dist/server/turnkey-signer.d.ts.map +1 -0
package/dist/server/turnkey-signer.js +121 -0
package/dist/server/turnkey-signer.js.map +1 -0
package/dist/types.d.ts +155 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +5 -0
package/dist/types.js.map +1 -0
package/package.json +13 -12
package/src/client/turnkey-client.ts +0 -364
package/src/client/turnkey-did-signer.ts +0 -203
package/src/server/email-auth.ts +0 -258
package/src/server/jwt.ts +0 -154
package/src/server/middleware.ts +0 -142
package/src/server/turnkey-client.ts +0 -156
package/src/server/turnkey-signer.ts +0 -170
package/src/types.ts +0 -172

package/src/server/turnkey-signer.ts DELETED Viewed

@@ -1,170 +0,0 @@
-/**
- * Turnkey Signer - Integration between Turnkey key management and Originals SDK
- *
- * Provides an ExternalSigner implementation that works with Turnkey-managed
- * keys for use with the Originals SDK's DID creation and signing operations.
- */
-import { Turnkey } from '@turnkey/sdk-server';
-import { ExternalSigner, ExternalVerifier, multikey, OriginalsSDK } from '@originals/sdk';
-import { sha512 } from '@noble/hashes/sha2.js';
-import { concatBytes, bytesToHex } from '@noble/hashes/utils.js';
-import * as ed25519 from '@noble/ed25519';
-// Configure @noble/ed25519 with required SHA-512 function
-const sha512Fn = (...msgs: Uint8Array[]): Uint8Array => sha512(concatBytes(...msgs));
-// Initialize Ed25519 configuration
-try {
-  const ed25519Module = ed25519 as unknown as {
-    utils?: { sha512Sync?: typeof sha512Fn };
-    etc?: { sha512Sync?: typeof sha512Fn };
-  };
-  if (ed25519Module.utils) {
-    ed25519Module.utils.sha512Sync = sha512Fn;
-  }
-  if (ed25519Module.etc) {
-    ed25519Module.etc.sha512Sync = sha512Fn;
-  }
-} catch (error) {
-  console.warn('Failed to configure ed25519 utils:', error);
-}
-/**
- * Turnkey-based signer for use with Originals SDK
- * Implements the ExternalSigner and ExternalVerifier interfaces
- */
-export class TurnkeyWebVHSigner implements ExternalSigner, ExternalVerifier {
-  private subOrgId: string;
-  private keyId: string;
-  private publicKeyMultibase: string;
-  private turnkeyClient: Turnkey;
-  private verificationMethodId: string;
-  constructor(
-    subOrgId: string,
-    keyId: string,
-    publicKeyMultibase: string,
-    turnkeyClient: Turnkey,
-    verificationMethodId: string
-  ) {
-    this.subOrgId = subOrgId;
-    this.keyId = keyId;
-    this.publicKeyMultibase = publicKeyMultibase;
-    this.turnkeyClient = turnkeyClient;
-    this.verificationMethodId = verificationMethodId;
-  }
-  /**
-   * Sign data using Turnkey's API
-   */
-  async sign(input: {
-    document: Record<string, unknown>;
-    proof: Record<string, unknown>;
-  }): Promise<{ proofValue: string }> {
-    try {
-      // Prepare the data for signing using the SDK's canonical approach
-      const dataToSign = await OriginalsSDK.prepareDIDDataForSigning(input.document, input.proof);
-      // Convert canonical data to hex format for Turnkey's sign API
-      const dataHex = `0x${bytesToHex(dataToSign)}`;
-      // Sign using Turnkey's API
-      const result = await this.turnkeyClient.apiClient().signRawPayload({
-        organizationId: this.subOrgId,
-        signWith: this.keyId,
-        payload: dataHex,
-        encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',
-        hashFunction: 'HASH_FUNCTION_NO_OP',
-      });
-      const signRawResult = result.activity?.result?.signRawPayloadResult;
-      if (!signRawResult?.r || !signRawResult?.s) {
-        throw new Error('No signature returned from Turnkey');
-      }
-      const signature = signRawResult.r + signRawResult.s;
-      // Convert signature to bytes
-      const cleanSig = signature.startsWith('0x') ? signature.slice(2) : signature;
-      let signatureBytes = Buffer.from(cleanSig, 'hex');
-      // Ed25519 signatures should be exactly 64 bytes
-      if (signatureBytes.length === 65) {
-        signatureBytes = signatureBytes.slice(0, 64);
-      } else if (signatureBytes.length !== 64) {
-        throw new Error(
-          `Invalid Ed25519 signature length: ${signatureBytes.length} (expected 64 bytes)`
-        );
-      }
-      // Encode signature as multibase
-      const proofValue = multikey.encodeMultibase(signatureBytes);
-      return { proofValue };
-    } catch (error) {
-      console.error('Error signing with Turnkey:', error);
-      throw new Error(
-        `Failed to sign with Turnkey: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }
-  /**
-   * Verify a signature
-   */
-  async verify(
-    signature: Uint8Array,
-    message: Uint8Array,
-    publicKey: Uint8Array
-  ): Promise<boolean> {
-    try {
-      // Ed25519 public keys must be exactly 32 bytes
-      let ed25519PublicKey = publicKey;
-      if (publicKey.length === 33) {
-        ed25519PublicKey = publicKey.slice(1);
-      } else if (publicKey.length !== 32) {
-        return false;
-      }
-      const ed25519Module = ed25519 as unknown as {
-        utils?: { sha512Sync?: typeof sha512Fn };
-      };
-      if (typeof ed25519Module.utils?.sha512Sync !== 'function') {
-        ed25519Module.utils!.sha512Sync = sha512Fn;
-      }
-      return await ed25519.verifyAsync(signature, message, ed25519PublicKey);
-    } catch (error) {
-      console.error('Error verifying signature:', error);
-      return false;
-    }
-  }
-  getVerificationMethodId(): string {
-    return this.verificationMethodId;
-  }
-  getPublicKeyMultibase(): string {
-    return this.publicKeyMultibase;
-  }
-}
-/**
- * Create a Turnkey signer for use with the Originals SDK
- */
-export function createTurnkeySigner(
-  subOrgId: string,
-  keyId: string,
-  turnkeyClient: Turnkey,
-  verificationMethodId: string,
-  publicKeyMultibase: string
-): TurnkeyWebVHSigner {
-  return new TurnkeyWebVHSigner(
-    subOrgId,
-    keyId,
-    publicKeyMultibase,
-    turnkeyClient,
-    verificationMethodId
-  );
-}

package/src/types.ts DELETED Viewed

@@ -1,172 +0,0 @@
-/**
- * Shared types for @originals/auth
- */
-/**
- * Authenticated user information
- */
-export interface AuthUser {
-  /** Database user ID */
-  id: string;
-  /** User's email address */
-  email: string;
-  /** User's DID identifier */
-  did: string;
-  /** Turnkey sub-organization ID */
-  turnkeySubOrgId: string;
-}
-/**
- * JWT token payload structure
- */
-export interface TokenPayload {
-  /** Subject - Turnkey sub-organization ID (stable identifier) */
-  sub: string;
-  /** User email (metadata) */
-  email: string;
-  /** Optional Turnkey session token for user authentication */
-  sessionToken?: string;
-  /** Issued at timestamp */
-  iat: number;
-  /** Expiration timestamp */
-  exp: number;
-}
-/**
- * Options for creating auth middleware
- */
-export interface AuthMiddlewareOptions {
-  /** Function to look up user by Turnkey sub-org ID */
-  getUserByTurnkeyId: (turnkeyId: string) => Promise<AuthUser | null>;
-  /** Optional function to create user on first auth */
-  createUser?: (turnkeyId: string, email: string, temporaryDid: string) => Promise<AuthUser>;
-  /** Cookie name for JWT token (default: 'auth_token') */
-  cookieName?: string;
-  /** JWT secret (default: process.env.JWT_SECRET) */
-  jwtSecret?: string;
-}
-/**
- * Email authentication session
- */
-export interface EmailAuthSession {
-  /** User's email address */
-  email: string;
-  /** Turnkey sub-organization ID */
-  subOrgId?: string;
-  /** Turnkey OTP ID */
-  otpId?: string;
-  /** Session creation timestamp */
-  timestamp: number;
-  /** Whether the session has been verified */
-  verified: boolean;
-}
-/**
- * Result of initiating email authentication
- */
-export interface InitiateAuthResult {
-  /** Session ID for verification step */
-  sessionId: string;
-  /** User-friendly message */
-  message: string;
-}
-/**
- * Result of verifying email authentication
- */
-export interface VerifyAuthResult {
-  /** Whether verification was successful */
-  verified: boolean;
-  /** User's email address */
-  email: string;
-  /** Turnkey sub-organization ID */
-  subOrgId: string;
-}
-/**
- * Cookie configuration for auth tokens
- */
-export interface AuthCookieConfig {
-  /** Cookie name */
-  name: string;
-  /** Cookie value (JWT token) */
-  value: string;
-  /** Cookie options */
-  options: {
-    httpOnly: boolean;
-    secure: boolean;
-    sameSite: 'strict' | 'lax' | 'none';
-    maxAge: number;
-    path: string;
-  };
-}
-/**
- * Turnkey wallet information
- */
-export interface TurnkeyWallet {
-  /** Wallet ID */
-  walletId: string;
-  /** Wallet name */
-  walletName: string;
-  /** Wallet accounts */
-  accounts: TurnkeyWalletAccount[];
-}
-/**
- * Turnkey wallet account
- */
-export interface TurnkeyWalletAccount {
-  /** Account address */
-  address: string;
-  /** Cryptographic curve */
-  curve: 'CURVE_SECP256K1' | 'CURVE_ED25519';
-  /** Derivation path */
-  path: string;
-  /** Address format */
-  addressFormat: string;
-}
-/**
- * Client-side Turnkey authentication state
- */
-export interface TurnkeyAuthState {
-  /** Whether the user is authenticated */
-  isAuthenticated: boolean;
-  /** Whether an auth operation is in progress */
-  isLoading: boolean;
-  /** Error message if any */
-  error: string | null;
-  /** User's email address */
-  email: string | null;
-  /** User's wallets */
-  wallets: TurnkeyWallet[];
-  /** OTP ID for verification step */
-  otpId: string | null;
-}
-/**
- * Request context with authenticated user
- */
-export interface AuthenticatedRequest {
-  user: {
-    /** Database user ID */
-    id: string;
-    /** Turnkey sub-organization ID */
-    turnkeySubOrgId: string;
-    /** User's email */
-    email: string;
-    /** User's DID */
-    did: string;
-    /** Turnkey session token (if available) */
-    sessionToken?: string;
-  };
-}