@passlock/client 0.9.0

package/src/effect.ts

@@ -0,0 +1,278 @@
+import { create, get as getCredential } from '@github/webauthn-json/browser-ponyfill'
+
+export type {
+  BadRequest,
+  Disabled,
+  Duplicate,
+  Forbidden,
+  InternalBrowserError,
+  NotFound,
+  NotSupported,
+  Unauthorized,
+} from '@passlock/shared/dist/error/error'
+
+export type { Principal } from '@passlock/shared/dist/schema/schema'
+
+import {
+  type BadRequest,
+  type Disabled,
+  Duplicate,
+  type Forbidden,
+  InternalBrowserError,
+  type NotFound,
+  type NotSupported,
+  type Unauthorized,
+} from '@passlock/shared/dist/error/error'
+
+import {
+  NetworkServiceLive,
+  RetrySchedule,
+  RpcClientLive,
+  RpcConfig,
+} from '@passlock/shared/dist/rpc/rpc'
+
+import type { Principal } from '@passlock/shared/dist/schema/schema'
+import { Context, Effect as E, Layer as L, Layer, Schedule, pipe } from 'effect'
+import type { NoSuchElementException } from 'effect/Cause'
+
+import {
+  AuthenticateServiceLive,
+  type AuthenticationRequest,
+  AuthenticationService,
+  GetCredential,
+} from './authentication/authenticate'
+
+import { capabilitiesLive } from './capabilities/capabilities'
+import { ConnectionService, ConnectionServiceLive } from './connection/connection'
+import { EmailService, EmailServiceLive, LocationSearch, type VerifyRequest } from './email/email'
+
+import {
+  CreateCredential,
+  type RegistrationRequest,
+  RegistrationService,
+  RegistrationServiceLive,
+} from './registration/register'
+
+import {
+  type AuthType,
+  Storage,
+  StorageService,
+  StorageServiceLive,
+  type StoredToken,
+} from './storage/storage'
+
+import { type Email, UserService, UserServiceLive } from './user/user'
+
+/* Layers */
+
+const createLive = L.succeed(
+  CreateCredential,
+  CreateCredential.of((options: CredentialCreationOptions) =>
+    pipe(
+      E.tryPromise({
+        try: () => create(options),
+        catch: e => {
+          if (e instanceof Error && e.message.includes('excludeCredentials')) {
+            return new Duplicate({
+              message: 'Passkey already registered on this device or cloud account',
+            })
+          } else {
+            return new InternalBrowserError({
+              message: 'Unable to create credential',
+              detail: String(e),
+            })
+          }
+        },
+      }),
+      E.map(credential => credential.toJSON()),
+    ),
+  ),
+)
+
+const getLive = L.succeed(
+  GetCredential,
+  GetCredential.of((options: CredentialRequestOptions) =>
+    pipe(
+      E.tryPromise({
+        try: () => getCredential(options),
+        catch: e =>
+          new InternalBrowserError({
+            message: 'Unable to get authentication credential',
+            detail: String(e),
+          }),
+      }),
+      E.map(credential => credential.toJSON()),
+    ),
+  ),
+)
+
+const schedule = Schedule.intersect(Schedule.recurs(3), Schedule.exponential('100 millis'))
+
+const retryScheduleLive = L.succeed(RetrySchedule, RetrySchedule.of({ schedule }))
+
+const networkServiceLive = pipe(NetworkServiceLive, L.provide(retryScheduleLive))
+
+const rpcClientLive = pipe(RpcClientLive, L.provide(networkServiceLive))
+
+const storageServiceLive = StorageServiceLive
+
+const userServiceLive = pipe(UserServiceLive, L.provide(rpcClientLive))
+
+const registrationServiceLive = pipe(
+  RegistrationServiceLive,
+  L.provide(rpcClientLive),
+  L.provide(userServiceLive),
+  L.provide(capabilitiesLive),
+  L.provide(createLive),
+  L.provide(storageServiceLive),
+)
+
+const authenticationServiceLive = pipe(
+  AuthenticateServiceLive,
+  L.provide(rpcClientLive),
+  L.provide(capabilitiesLive),
+  L.provide(getLive),
+  L.provide(storageServiceLive),
+)
+
+const connectionServiceLive = pipe(
+  ConnectionServiceLive, 
+  L.provide(rpcClientLive), 
+  L.provide(networkServiceLive)
+)
+
+const locationSearchLive = Layer.succeed(
+  LocationSearch,
+  LocationSearch.of(E.sync(() => globalThis.window.location.search)),
+)
+
+const emailServiceLive = pipe(
+  EmailServiceLive,
+  L.provide(locationSearchLive),
+  L.provide(rpcClientLive),
+  L.provide(capabilitiesLive),
+  L.provide(authenticationServiceLive),
+  L.provide(storageServiceLive),
+)
+
+export const allRequirements = Layer.mergeAll(
+  capabilitiesLive,
+  userServiceLive,
+  registrationServiceLive,
+  authenticationServiceLive,
+  connectionServiceLive,
+  emailServiceLive,
+  storageServiceLive,
+)
+
+export class Config extends Context.Tag('Config')<
+  Config,
+  {
+    tenancyId: string
+    clientId: string
+    endpoint?: string
+  }
+>() {}
+
+const storageLive = Layer.effect(
+  Storage,
+  E.sync(() => Storage.of(globalThis.localStorage)),
+)
+
+const exchangeConfig = <A, E>(effect: E.Effect<A, E, RpcConfig | Storage>) => {
+  return pipe(
+    Config,
+    E.flatMap(config => E.provideService(effect, RpcConfig, RpcConfig.of(config))),
+    effect => E.provide(effect, storageLive),
+  )
+}
+
+export const preConnect = (): E.Effect<void, never, Config> =>
+  pipe(
+    ConnectionService,
+    E.flatMap(service => service.preConnect()),
+    E.provide(connectionServiceLive),
+    exchangeConfig,
+  )
+
+export const isRegistered = (email: Email): E.Effect<boolean, BadRequest, Config> =>
+  pipe(
+    UserService,
+    E.flatMap(service => service.isExistingUser(email)),
+    E.provide(userServiceLive),
+    exchangeConfig,
+  )
+
+export type RegistrationErrors = NotSupported | BadRequest | Duplicate | Unauthorized | Forbidden
+
+export const registerPasskey = (
+  request: RegistrationRequest,
+): E.Effect<Principal, RegistrationErrors, Config> =>
+  pipe(
+    RegistrationService,
+    E.flatMap(service => service.registerPasskey(request)),
+    E.provide(registrationServiceLive),
+    exchangeConfig,
+  )
+
+export type AuthenticationErrors =
+  | NotSupported
+  | BadRequest
+  | NotFound
+  | Disabled
+  | Unauthorized
+  | Forbidden
+
+export const authenticatePasskey = (
+  request: AuthenticationRequest,
+): E.Effect<Principal, AuthenticationErrors, Config> =>
+  pipe(
+    AuthenticationService,
+    E.flatMap(service => service.authenticatePasskey(request)),
+    E.provide(authenticationServiceLive),
+    exchangeConfig,
+  )
+
+export type VerifyEmailErrors =
+  | NotSupported
+  | BadRequest
+  | NotFound
+  | Disabled
+  | Unauthorized
+  | Forbidden
+
+export const verifyEmailCode = (
+  request: VerifyRequest,
+): E.Effect<boolean, VerifyEmailErrors, Config> =>
+  pipe(
+    EmailService,
+    E.flatMap(service => service.verifyEmailCode(request)),
+    E.provide(emailServiceLive),
+    exchangeConfig,
+  )
+
+export const verifyEmailLink = (): E.Effect<boolean, VerifyEmailErrors, Config> =>
+  pipe(
+    EmailService,
+    E.flatMap(service => service.verifyEmailLink()),
+    E.provide(emailServiceLive),
+    exchangeConfig,
+  )
+
+export const getSessionToken = (
+  authType: AuthType,
+): E.Effect<StoredToken, NoSuchElementException> =>
+  pipe(
+    StorageService,
+    E.flatMap(service => service.getToken(authType)),
+    E.provide(storageServiceLive),
+    E.provide(storageLive),
+  )
+
+export const clearExpiredTokens = (): E.Effect<void> =>
+  pipe(
+    StorageService,
+    E.flatMap(service => service.clearExpiredTokens),
+    E.provide(storageServiceLive),
+    E.provide(storageLive),
+  )

package/src/email/email.fixture.ts

@@ -0,0 +1,49 @@
+
+import { BadRequest } from '@passlock/shared/dist/error/error'
+import { RpcClient } from '@passlock/shared/dist/rpc/rpc'
+import { VerifyEmailReq, VerifyEmailRes } from '@passlock/shared/dist/rpc/user'
+import { Effect as E, Layer as L } from 'effect'
+import { LocationSearch } from './email'
+import { AuthenticationService } from '../authentication/authenticate'
+import * as Fixtures from '../test/fixtures'
+
+
+export const token = 'token'
+export const code = 'code'
+export const authType = 'passkey'
+export const expireAt = Date.now() + 10000
+
+export const locationSearchTest = L.succeed(
+  LocationSearch,
+  LocationSearch.of(E.succeed(`?code=${code}`)),
+)
+
+export const authenticationServiceTest = L.succeed(
+  AuthenticationService,
+  AuthenticationService.of({
+    authenticatePasskey: () => E.succeed(Fixtures.principal),
+  }),
+)
+
+export const rpcClientTest = L.succeed(
+  RpcClient,
+  RpcClient.of({
+    preConnect: () => E.succeed({ warmed: true }),
+    isExistingUser: () => E.succeed({ existingUser: true }),
+    verifyEmail: () => E.succeed({ verified: true }),
+    getRegistrationOptions: () => E.fail(new BadRequest({ message: 'Not implemeneted' })),
+    verifyRegistrationCredential: () => E.fail(new BadRequest({ message: 'Not implemeneted' })),
+    getAuthenticationOptions: () => E.fail(new BadRequest({ message: 'Not implemeneted' })),
+    verifyAuthenticationCredential: () => E.fail(new BadRequest({ message: 'Not implemeneted' })),
+  }),
+)
+
+export const verifyEmailReq = new VerifyEmailReq({ token, code })
+
+export const verifyEmailRes = new VerifyEmailRes({ verified: true })
+
+export const principal = Fixtures.principal
+
+export const storedToken = Fixtures.storedToken
+
+export const storageServiceTest = Fixtures.storageServiceTest

package/src/email/email.test.ts

@@ -0,0 +1,186 @@
+import { type RouterOps, RpcClient } from '@passlock/shared/dist/rpc/rpc'
+import { Effect as E, Layer as L, LogLevel, Logger, pipe } from 'effect'
+import { NoSuchElementException } from 'effect/Cause'
+import { describe, expect, test } from 'vitest'
+import { mock } from 'vitest-mock-extended'
+import { EmailService, EmailServiceLive } from './email'
+import * as Fixture from './email.fixture'
+import { AuthenticationService } from '../authentication/authenticate'
+import { StorageService } from '../storage/storage'
+
+
+describe('verifyEmailCode should', () => {
+  test('return true when the verification is successful', async () => {
+    const assertions = E.gen(function* (_) {
+      const service = yield* _(EmailService)
+      const result = yield* _(service.verifyEmailCode({ code: '123' }))
+
+      expect(result).toBe(true)
+    })
+
+    const service = pipe(
+      EmailServiceLive,
+      L.provide(Fixture.locationSearchTest),
+      L.provide(Fixture.authenticationServiceTest),
+      L.provide(Fixture.storageServiceTest),
+      L.provide(Fixture.rpcClientTest),
+    )
+
+    const effect = pipe(E.provide(assertions, service), Logger.withMinimumLogLevel(LogLevel.None))
+
+    return E.runPromise(effect)
+  })
+
+  test('check for a token in local storage', async () => {
+    const assertions = E.gen(function* (_) {
+      const service = yield* _(EmailService)
+      yield* _(service.verifyEmailCode({ code: '123' }))
+
+      const storageService = yield* _(StorageService)
+      expect(storageService.getToken).toHaveBeenCalledWith('passkey')
+    })
+
+    const storageServiceTest = L.effect(
+      StorageService,
+      E.sync(() => {
+        const storageServiceMock = mock<StorageService>()
+
+        storageServiceMock.getToken.mockReturnValue(E.succeed(Fixture.storedToken))
+        storageServiceMock.clearToken.mockReturnValue(E.unit)
+
+        return storageServiceMock
+      }),
+    )
+
+    const service = pipe(
+      EmailServiceLive,
+      L.provide(Fixture.locationSearchTest),
+      L.provide(Fixture.authenticationServiceTest),
+      L.provide(storageServiceTest),
+      L.provide(Fixture.rpcClientTest),
+    )
+
+    const layers = L.merge(service, storageServiceTest)
+    const effect = pipe(E.provide(assertions, layers), Logger.withMinimumLogLevel(LogLevel.None))
+
+    return E.runPromise(effect)
+  })
+
+  test('re-authenticate the user if no local token', async () => {
+    const assertions = E.gen(function* (_) {
+      const service = yield* _(EmailService)
+      yield* _(service.verifyEmailCode({ code: '123' }))
+
+      const authService = yield* _(AuthenticationService)
+      expect(authService.authenticatePasskey).toHaveBeenCalled()
+    })
+
+    const storageServiceTest = L.effect(
+      StorageService,
+      E.sync(() => {
+        const storageServiceMock = mock<StorageService>()
+
+        storageServiceMock.getToken.mockReturnValue(E.fail(new NoSuchElementException()))
+        storageServiceMock.clearToken.mockReturnValue(E.unit)
+
+        return storageServiceMock
+      }),
+    )
+
+    const authServiceTest = L.effect(
+      AuthenticationService,
+      E.sync(() => {
+        const authServiceMock = mock<AuthenticationService>()
+
+        authServiceMock.authenticatePasskey.mockReturnValue(E.succeed(Fixture.principal))
+
+        return authServiceMock
+      }),
+    )
+
+    const service = pipe(
+      EmailServiceLive,
+      L.provide(Fixture.locationSearchTest),
+      L.provide(authServiceTest),
+      L.provide(storageServiceTest),
+      L.provide(Fixture.rpcClientTest),
+    )
+
+    const layers = L.mergeAll(service, storageServiceTest, authServiceTest)
+    const effect = pipe(E.provide(assertions, layers), Logger.withMinimumLogLevel(LogLevel.None))
+
+    return E.runPromise(effect)
+  })
+
+  test('call the backend', async () => {
+    const assertions = E.gen(function* (_) {
+      const service = yield* _(EmailService)
+      yield* _(service.verifyEmailCode({ code: Fixture.code }))
+
+      const rpcClient = yield* _(RpcClient)
+      expect(rpcClient.verifyEmail).toHaveBeenCalledWith(Fixture.verifyEmailReq)
+    })
+
+    const rpcClientTest = L.effect(
+      RpcClient,
+      E.sync(() => {
+        const rpcMock = mock<RouterOps>()
+
+        rpcMock.verifyEmail.mockReturnValue(E.succeed(Fixture.verifyEmailRes))
+
+        return rpcMock
+      }),
+    )
+
+    const service = pipe(
+      EmailServiceLive,
+      L.provide(Fixture.locationSearchTest),
+      L.provide(Fixture.authenticationServiceTest),
+      L.provide(Fixture.storageServiceTest),
+      L.provide(rpcClientTest),
+    )
+
+    const layers = L.merge(service, rpcClientTest)
+    const effect = pipe(E.provide(assertions, layers), Logger.withMinimumLogLevel(LogLevel.None))
+
+    return E.runPromise(effect)
+  })
+})
+
+describe('verifyEmailLink should', () => {
+  test('extract the code from the current url', async () => {
+    const assertions = E.gen(function* (_) {
+      const service = yield* _(EmailService)
+      yield* _(service.verifyEmailLink())
+
+      // LocationSearch return ?code=code
+      // and we expect rpcClient to be called with code
+      const rpcClient = yield* _(RpcClient)
+      expect(rpcClient.verifyEmail).toBeCalledWith(Fixture.verifyEmailReq)
+    })
+
+    const rpcClientTest = L.effect(
+      RpcClient,
+      E.sync(() => {
+        const rpcMock = mock<RouterOps>()
+
+        rpcMock.verifyEmail.mockReturnValue(E.succeed(Fixture.verifyEmailRes))
+
+        return rpcMock
+      }),
+    )
+
+    const service = pipe(
+      EmailServiceLive,
+      L.provide(Fixture.locationSearchTest),
+      L.provide(Fixture.storageServiceTest),
+      L.provide(Fixture.authenticationServiceTest),
+      L.provide(rpcClientTest),
+    )
+
+    const layers = L.merge(service, rpcClientTest)
+    const effect = pipe(E.provide(assertions, layers), Logger.withMinimumLogLevel(LogLevel.None))
+
+    return E.runPromise(effect)
+  })
+})

package/src/email/email.ts

@@ -0,0 +1,139 @@
+/**
+ * Email verification effects
+ */
+import { BadRequest } from '@passlock/shared/dist/error/error'
+import { RpcClient } from '@passlock/shared/dist/rpc/rpc'
+import type { VerifyEmailErrors as RpcErrors} from '@passlock/shared/dist/rpc/user';
+import { VerifyEmailReq } from '@passlock/shared/dist/rpc/user'
+import { Context, Effect as E, Layer, Option as O, flow, identity, pipe } from 'effect'
+import { type AuthenticationErrors, AuthenticationService } from '../authentication/authenticate'
+import { StorageService } from '../storage/storage'
+
+
+/* Requests */
+
+export type VerifyRequest = {
+  code: string
+}
+
+/* Errors */
+
+export type VerifyEmailErrors = RpcErrors | AuthenticationErrors
+
+/* Dependencies */
+
+export class LocationSearch extends Context.Tag('LocationSearch')<
+  LocationSearch,
+  E.Effect<string>
+>() {}
+
+/* Service */
+
+export type EmailService = {
+  verifyEmailCode: (request: VerifyRequest) => E.Effect<boolean, VerifyEmailErrors>
+  verifyEmailLink: () => E.Effect<boolean, VerifyEmailErrors>
+}
+
+export const EmailService = Context.GenericTag<EmailService>('@services/EmailService')
+
+/* Utils */
+
+export type Dependencies = StorageService | AuthenticationService | RpcClient
+
+/**
+ * Check for existing token in sessionStorage,
+ * otherwise force passkey re-authentication
+ * @returns
+ */
+const getToken = () => {
+  return E.gen(function* (_) {
+    // Check for existing token
+    const storageService = yield* _(StorageService)
+    const existingTokenE = storageService.getToken('passkey')
+    const authenticationService = yield* _(AuthenticationService)
+
+    const tokenE = E.matchEffect(existingTokenE, {
+      onSuccess: token => E.succeed(token),
+      onFailure: () =>
+        // No token, need to authenticate the user
+        pipe(
+          authenticationService.authenticatePasskey({ userVerification: 'preferred' }),
+          E.map(principal => ({
+            token: principal.token,
+            authType: principal.authStatement.authType,
+            expiresAt: principal.expireAt.getTime(),
+          })),
+        ),
+    })
+
+    const token = yield* _(tokenE)
+    yield* _(storageService.clearToken('passkey'))
+
+    return token
+  })
+}
+
+/**
+ * Look for ?code=<code> in the url
+ * @returns
+ */
+export const extractCodeFromHref = () => {
+  return pipe(
+    LocationSearch,
+    E.flatMap(identity),
+    E.map(search => new URLSearchParams(search)),
+    E.flatMap(params => O.fromNullable(params.get('code'))),
+  )
+}
+
+/* Effects */
+
+/**
+ * Verify the mailbox using the given code
+ * @param verificationRequest
+ * @returns
+ */
+export const verifyEmail = (
+  verificationRequest: VerifyRequest,
+): E.Effect<boolean, VerifyEmailErrors, Dependencies> => {
+  return E.gen(function* (_) {
+    // Re-authenticate the user if required
+    const { token } = yield* _(getToken())
+
+    yield* _(E.logDebug('Making request'))
+    const client = yield* _(RpcClient)
+    const { verified } = yield* _(
+      client.verifyEmail(new VerifyEmailReq({ token, code: verificationRequest.code })),
+    )
+
+    return verified
+  })
+}
+
+/**
+ * Look for a code in the current url and verify it
+ * @returns
+ */
+export const verifyEmailLink = () =>
+  pipe(
+    extractCodeFromHref(),
+    E.mapError(() => new BadRequest({ message: 'Expected ?code=xxx in window.location' })),
+    E.flatMap(code => verifyEmail({ code })),
+  )
+
+/* Live */
+
+/* v8 ignore start */
+export const EmailServiceLive = Layer.effect(
+  EmailService,
+  E.gen(function* (_) {
+    const context = yield* _(
+      E.context<RpcClient | AuthenticationService | StorageService | LocationSearch>(),
+    )
+    return EmailService.of({
+      verifyEmailCode: flow(verifyEmail, E.provide(context)),
+      verifyEmailLink: flow(verifyEmailLink, E.provide(context)),
+    })
+  }),
+)
+/* v8 ignore stop */

package/src/event/event.node.test.ts

@@ -0,0 +1,20 @@
+import { Effect, pipe } from 'effect'
+import { describe, expect, test } from 'vitest'
+import { fireEvent } from './event'
+
+// @vitest-environment node
+
+describe('isPasslockEvent', () => {
+  test("return a Passlock error if custom events aren't supported", async () => {
+    const program = pipe(
+      fireEvent('hello world'),
+      Effect.flip,
+      Effect.tap(e => {
+        expect(e._tag).toBe('InternalBrowserError')
+        expect(e.message).toBe('Unable to fire custom event')
+      }),
+    )
+
+    await Effect.runPromise(program)
+  })
+})

package/src/event/event.test.ts

@@ -0,0 +1,37 @@
+import { Effect } from 'effect'
+import { afterEach, describe, expect, test, vi } from 'vitest'
+import { DebugMessage, fireEvent, isPasslockEvent } from './event'
+
+
+describe('fireEvent', () => {
+  afterEach(() => {
+    vi.restoreAllMocks()
+  })
+
+  test('fire a custom log event', () => {
+    const effect = fireEvent('hello world')
+    const eventSpy = vi.spyOn(globalThis, 'dispatchEvent')
+    Effect.runSync(effect)
+
+    const expectedEvent = new CustomEvent(DebugMessage, {
+      detail: 'hello world',
+    })
+
+    expect(eventSpy).toHaveBeenCalledWith(expectedEvent)
+  })
+})
+
+describe('isPasslockEvent', () => {
+  test('return true for our custom event', () => {
+    const passlockEvent = new CustomEvent(DebugMessage, {
+      detail: 'hello world',
+    })
+
+    expect(isPasslockEvent(passlockEvent)).toBe(true)
+  })
+
+  test('return false for other events', () => {
+    const otherEvent = new MouseEvent('click')
+    expect(isPasslockEvent(otherEvent)).toBe(false)
+  })
+})