@passlock/client 0.9.32 → 2.0.0-beta.1

package/src/social/social.ts

@@ -1,79 +0,0 @@
-/**
- * Passkey authentication effects
- */
-import { Context, Effect as E, Layer, flow } from 'effect'
-import * as RPC from '../rpc/social.js'
-import { type BadRequest, type NotSupported } from '@passlock/shared/dist/error/error.js'
-import type { Principal } from '@passlock/shared/dist/schema/principal.js'
-
-/* Requests */
-
-export type Provider = 'apple' | 'google'
-
-export type RegisterOidcReq = RPC.OIDCRegistrationRequest
-
-export type AuthenticateOidcReq = RPC.OIDCAuthenticationRequest
-
-/* Errors */
-
-export type RegistrationErrors = NotSupported | BadRequest | RPC.OIDCRegistrationErrors
-
-export type AuthenticationErrors = NotSupported | BadRequest | RPC.OIDCAuthenticationErrors
-
-/* Service */
-
-export class SocialService extends Context.Tag('@services/SocialService')<
-  SocialService,
-  {
-    registerOidc: (req: RegisterOidcReq) => E.Effect<Principal, RegistrationErrors>
-    authenticateOidc: (req: AuthenticateOidcReq) => E.Effect<Principal, AuthenticationErrors>
-  }
->() {}
-
-/* Effects */
-
-type Dependencies = RPC.SocialClient
-
-export const registerOidc = (
-  request: RegisterOidcReq,
-): E.Effect<Principal, RegistrationErrors, Dependencies> => {
-  return E.gen(function* (_) {
-    yield* _(E.logInfo('Registering social account'))
-
-    const rpcClient = yield* _(RPC.SocialClient)
-    const rpcRequest = new RPC.OIDCRegistrationRequest(request)
-    const { principal } = yield* _(rpcClient.oidcRegistration(rpcRequest))
-
-    return principal
-  })
-}
-
-export const authenticateOidc = (
-  request: AuthenticateOidcReq,
-): E.Effect<Principal, AuthenticationErrors, Dependencies> => {
-  return E.gen(function* (_) {
-    yield* _(E.logInfo('Authenticating with social account'))
-
-    const rpcClient = yield* _(RPC.SocialClient)
-    const rpcRequest = new RPC.OIDCAuthenticationRequest(request)
-    const { principal } = yield* _(rpcClient.oidcAuthentication(rpcRequest))
-
-    return principal
-  })
-}
-
-/* Live */
-
-/* v8 ignore start */
-export const SocialServiceLive = Layer.effect(
-  SocialService,
-  E.gen(function* (_) {
-    const context = yield* _(E.context<RPC.SocialClient>())
-
-    return SocialService.of({
-      registerOidc: flow(registerOidc, E.provide(context)),
-      authenticateOidc: flow(authenticateOidc, E.provide(context)),
-    })
-  }),
-)
-/* v8 ignore stop */

package/src/storage/storage.fixture.ts

@@ -1,16 +0,0 @@
-import { Effect as E, Layer, pipe } from 'effect'
-import { mock } from 'vitest-mock-extended'
-
-import { BrowserStorage, StorageServiceLive } from './storage.js'
-
-const storageTest = Layer.effect(
-  BrowserStorage,
-  E.sync(() => mock<Storage>()),
-)
-
-export const testLayers = (storage: Layer.Layer<BrowserStorage> = storageTest) => {
-  const storageService = pipe(StorageServiceLive, Layer.provide(storage))
-  return Layer.merge(storage, storageService)
-}
-
-export { principal } from '../test/fixtures.js'

package/src/storage/storage.test.ts

@@ -1,206 +0,0 @@
-import { Effect as E, Layer, LogLevel, Logger, identity, pipe } from 'effect'
-import { describe, expect, test } from 'vitest'
-import { mock } from 'vitest-mock-extended'
-
-import { principal, testLayers } from './storage.fixture.js'
-import {
-  BrowserStorage,
-  StorageService,
-  clearExpiredToken,
-  clearToken,
-  getToken,
-} from './storage.js'
-
-// eslint chokes on expect(storage.setItem) etc
-/* eslint @typescript-eslint/unbound-method: 0 */
-
-describe('storeToken should', () => {
-  test('set the token in local storage', () => {
-    const assertions = E.gen(function* (_) {
-      const service = yield* _(StorageService)
-      yield* _(service.storeToken(principal))
-
-      const storage = yield* _(BrowserStorage)
-      expect(storage.setItem).toHaveBeenCalled()
-    })
-
-    const effect = pipe(
-      E.provide(assertions, testLayers()),
-      Logger.withMinimumLogLevel(LogLevel.None),
-    )
-
-    E.runSync(effect)
-  })
-
-  test('with the key passlock:passkey:token', () => {
-    const assertions = E.gen(function* (_) {
-      const service = yield* _(StorageService)
-      yield* _(service.storeToken(principal))
-
-      const storage = yield* _(BrowserStorage)
-      expect(storage.setItem).toHaveBeenCalledWith('passlock:passkey:token', expect.any(String))
-    })
-
-    const effect = pipe(
-      E.provide(assertions, testLayers()),
-      Logger.withMinimumLogLevel(LogLevel.None),
-    )
-
-    E.runSync(effect)
-  })
-
-  test('with the value token:expiry', () => {
-    const assertions = E.gen(function* (_) {
-      const service = yield* _(StorageService)
-      yield* _(service.storeToken(principal))
-
-      const storage = yield* _(BrowserStorage)
-      const token = principal.jti
-      const expiry = principal.exp.getTime()
-      expect(storage.setItem).toHaveBeenCalledWith(
-        'passlock:passkey:token',
-        `${token}:${expiry.toFixed(0)}`,
-      )
-    })
-
-    const effect = pipe(
-      E.provide(assertions, testLayers()),
-      Logger.withMinimumLogLevel(LogLevel.None),
-    )
-
-    E.runSync(effect)
-  })
-})
-
-describe('getToken should', () => {
-  test('get the token from local storage', () => {
-    const assertions = E.gen(function* (_) {
-      const service = yield* _(StorageService)
-      yield* _(service.getToken('passkey'))
-
-      const storage = yield* _(BrowserStorage)
-      expect(storage.getItem).toHaveBeenCalled()
-      expect(storage.getItem).toHaveBeenCalledWith('passlock:passkey:token')
-    })
-
-    const storageTest = Layer.effect(
-      BrowserStorage,
-      E.sync(() => {
-        const mockStorage = mock<Storage>()
-        const expiry = Date.now() + 1000
-        mockStorage.getItem.mockReturnValue(`token:${expiry.toFixed(0)}`)
-        return mockStorage
-      }),
-    )
-
-    const effect = pipe(
-      E.provide(assertions, testLayers(storageTest)),
-      Logger.withMinimumLogLevel(LogLevel.None),
-    )
-
-    E.runSync(effect)
-  })
-
-  test('filter out expired tokens', () => {
-    const assertions = pipe(
-      getToken('passkey'),
-      E.match({
-        onSuccess: identity,
-        onFailure: () => undefined,
-      }),
-      E.flatMap(result =>
-        E.sync(() => {
-          expect(result).toBeUndefined()
-        }),
-      ),
-    )
-
-    const storageTest = Layer.effect(
-      BrowserStorage,
-      E.sync(() => {
-        const mockStorage = mock<Storage>()
-        const expiry = Date.now() - 1000
-        mockStorage.getItem.mockReturnValue(`token:${expiry.toFixed(0)}`)
-        return mockStorage
-      }),
-    )
-
-    const effect = pipe(
-      E.provide(assertions, testLayers(storageTest)),
-      Logger.withMinimumLogLevel(LogLevel.None),
-    )
-
-    E.runSync(effect)
-  })
-})
-
-describe('clearToken should', () => {
-  test('clear the token in local storage', () => {
-    const assertions = E.gen(function* (_) {
-      const storage = yield* _(BrowserStorage)
-      yield* _(clearToken('passkey'))
-      expect(storage.removeItem).toHaveBeenCalledWith('passlock:passkey:token')
-    })
-
-    const effect = pipe(
-      E.provide(assertions, testLayers()),
-      Logger.withMinimumLogLevel(LogLevel.None),
-    )
-
-    E.runSync(effect)
-  })
-})
-
-describe('clearExpiredToken should', () => {
-  test('clear an expired token from local storage', () => {
-    const assertions = E.gen(function* (_) {
-      const storage = yield* _(BrowserStorage)
-      yield* _(clearExpiredToken('passkey'))
-      expect(storage.getItem).toHaveBeenCalledWith('passlock:passkey:token')
-      expect(storage.removeItem).toHaveBeenCalledWith('passlock:passkey:token')
-    })
-
-    const storageTest = Layer.effect(
-      BrowserStorage,
-      E.sync(() => {
-        const mockStorage = mock<Storage>()
-        const expiry = Date.now() - 1000
-        mockStorage.getItem.mockReturnValue(`token:${expiry.toFixed(0)}`)
-        return mockStorage
-      }),
-    )
-
-    const effect = pipe(
-      E.provide(assertions, testLayers(storageTest)),
-      Logger.withMinimumLogLevel(LogLevel.None),
-    )
-
-    E.runSync(effect)
-  })
-
-  test('leave a live token in local storage', () => {
-    const assertions = E.gen(function* (_) {
-      const storage = yield* _(BrowserStorage)
-      yield* _(clearExpiredToken('passkey'))
-      expect(storage.getItem).toHaveBeenCalledWith('passlock:passkey:token')
-      expect(storage.removeItem).not.toHaveBeenCalled()
-    })
-
-    const storageTest = Layer.effect(
-      BrowserStorage,
-      E.sync(() => {
-        const mockStorage = mock<Storage>()
-        const expiry = Date.now() + 1000
-        mockStorage.getItem.mockReturnValue(`token:${expiry.toFixed(0)}`)
-        return mockStorage
-      }),
-    )
-
-    const effect = pipe(
-      E.provide(assertions, testLayers(storageTest)),
-      Logger.withMinimumLogLevel(LogLevel.None),
-    )
-
-    E.runSync(effect)
-  })
-})

package/src/storage/storage.ts

@@ -1,168 +0,0 @@
-/**
- * Wrapper around local storage that allows us to store
- * authentication tokens in local storage for a short period.
- */
-import { Context, Effect as E, Layer, Option as O, flow, pipe } from 'effect'
-import type { NoSuchElementException } from 'effect/Cause'
-
-import type { Principal } from '@passlock/shared/dist/schema/principal.js'
-
-/* Requests */
-
-export type AuthType = 'email' | 'passkey' | 'apple' | 'google'
-
-export type StoredToken = {
-  token: string
-  authType: AuthType
-  expiry: number
-}
-
-/* Service */
-
-export class StorageService extends Context.Tag('@services/StorageService')<
-  StorageService,
-  {
-    storeToken: (principal: Principal) => E.Effect<void>
-    getToken: (authType: AuthType) => E.Effect<StoredToken, NoSuchElementException>
-    clearToken: (authType: AuthType) => E.Effect<void>
-    clearExpiredToken: (authType: AuthType) => E.Effect<void>
-    clearExpiredTokens: E.Effect<void>
-  }
->() {}
-
-export class BrowserStorage extends Context.Tag('@services/Storage')<BrowserStorage, Storage>() {}
-
-export const buildKey = (authType: AuthType) => `passlock:${authType}:token`
-
-// principal => token:expireAt
-export const compressToken = (principal: Principal): string => {
-  const expireAt = principal.exp.getTime()
-  const token = principal.jti
-  return `${token}:${expireAt.toFixed(0)}`
-}
-
-// token:expireAt => { authType, token, expireAt }
-export const expandToken =
-  (authType: AuthType) =>
-  (s: string): O.Option<StoredToken> => {
-    const tokens = s.split(':')
-    if (tokens.length !== 2) return O.none()
-
-    const [token, expireAtString] = tokens
-    if (token === undefined || expireAtString === undefined) return O.none()
-
-    const parse = O.liftThrowable(Number.parseInt)
-    const expireAt = parse(expireAtString)
-
-    return O.map(expireAt, expiry => ({ authType, token, expiry }))
-  }
-
-/* Effects */
-
-/**
- * Store compressed token in local storage
- * @param principal
- * @returns
- */
-export const storeToken = (principal: Principal): E.Effect<void, never, BrowserStorage> => {
-  return E.gen(function* (_) {
-    const localStorage = yield* _(BrowserStorage)
-
-    const storeEffect = E.try(() => {
-      const compressed = compressToken(principal)
-      const key = buildKey(principal.authType)
-      localStorage.setItem(key, compressed)
-    }).pipe(E.orElse(() => E.void)) // We dont care if it fails
-
-    return yield* _(storeEffect)
-  })
-}
-
-/**
- * Get stored token from local storage
- * @param authenticator
- * @returns
- */
-export const getToken = (
-  authenticator: AuthType,
-): E.Effect<StoredToken, NoSuchElementException, BrowserStorage> => {
-  return E.gen(function* (_) {
-    const localStorage = yield* _(BrowserStorage)
-
-    const getEffect = pipe(
-      O.some(buildKey(authenticator)),
-      O.flatMap(key => pipe(localStorage.getItem(key), O.fromNullable)),
-      O.flatMap(expandToken(authenticator)),
-      O.filter(({ expiry }) => expiry > Date.now()),
-    )
-
-    return yield* _(getEffect)
-  })
-}
-
-/**
- * Remove token from local storage
- * @param authType
- * @returns
- */
-export const clearToken = (authType: AuthType): E.Effect<void, never, BrowserStorage> => {
-  return E.gen(function* (_) {
-    const localStorage = yield* _(BrowserStorage)
-    localStorage.removeItem(buildKey(authType))
-  })
-}
-
-/**
- * Only clear if now > token.expireAt
- * @param authType
- * @param defer
- * @returns
- */
-export const clearExpiredToken = (authType: AuthType): E.Effect<void, never, BrowserStorage> => {
-  const key = buildKey(authType)
-
-  const effect = E.gen(function* (_) {
-    const storage = yield* _(BrowserStorage)
-    const item = yield* _(O.fromNullable(storage.getItem(key)))
-    const token = yield* _(expandToken(authType)(item))
-
-    if (token.expiry < Date.now()) {
-      storage.removeItem(key)
-    }
-  })
-
-  // we don't care if it fails
-  return pipe(
-    effect,
-    E.match({
-      onSuccess: () => E.void,
-      onFailure: () => E.void,
-    }),
-  )
-}
-
-export const clearExpiredTokens: E.Effect<void, never, BrowserStorage> = E.all([
-  clearExpiredToken('passkey'),
-  clearExpiredToken('email'),
-  clearExpiredToken('google'),
-  clearExpiredToken('apple'),
-])
-
-/* Live */
-
-/* v8 ignore start */
-export const StorageServiceLive = Layer.effect(
-  StorageService,
-  E.gen(function* (_) {
-    const context = yield* _(E.context<BrowserStorage>())
-
-    return {
-      storeToken: flow(storeToken, E.provide(context)),
-      getToken: flow(getToken, E.provide(context)),
-      clearToken: flow(clearToken, E.provide(context)),
-      clearExpiredToken: flow(clearExpiredToken, E.provide(context)),
-      clearExpiredTokens: pipe(clearExpiredTokens, E.provide(context)),
-    }
-  }),
-)
-/* v8 ignore stop */

package/src/test/fixtures.ts

@@ -1,70 +0,0 @@
-import { Effect as E, Layer as L } from 'effect'
-
-import { BadRequest } from '@passlock/shared/dist/error/error.js'
-import type { Principal } from '@passlock/shared/dist/schema/principal.js'
-
-import { Capabilities } from '../capabilities/capabilities.js'
-import { StorageService, type StoredToken } from '../storage/storage.js'
-
-export const session = 'session'
-export const token = 'token'
-export const code = 'code'
-export const authType = 'passkey'
-export const expiry = Date.now() + 10000
-
-export const principal: Principal = {
-  jti: 'token',
-  token: 'token',
-  sub: 'user-1',
-  iss: 'idp.passlock.dev',
-  aud: 'tenancy_id',
-  iat: new Date(),
-  nbf: new Date(),
-  exp: new Date(Date.now() + 5 * 60 * 1000),
-  email: 'john.doe@gmail.com',
-  givenName: 'john',
-  familyName: 'doe',
-  emailVerified: false,
-  authType: 'passkey',
-  authId: 'auth-1',
-  userVerified: true,
-  // legacy
-  user: {
-    id: 'user-1',
-    givenName: 'john',
-    familyName: 'doe',
-    email: 'john.doe@gmail.com',
-    emailVerified: false,
-  },
-  authStatement: {
-    authType: 'passkey',
-    userVerified: false,
-    authTimestamp: new Date(0),
-  },
-  expireAt: new Date(0),
-}
-
-export const capabilitiesTest = L.succeed(
-  Capabilities,
-  Capabilities.of({
-    passkeySupport: E.void,
-    isPasskeySupport: E.succeed(true),
-    autofillSupport: E.void,
-    isAutofillSupport: E.succeed(true),
-  }),
-)
-
-export const storedToken: StoredToken = { token, authType, expiry }
-
-export const storageServiceTest = L.succeed(
-  StorageService,
-  StorageService.of({
-    storeToken: () => E.void,
-    getToken: () => E.succeed(storedToken),
-    clearToken: () => E.void,
-    clearExpiredToken: () => E.void,
-    clearExpiredTokens: E.void,
-  }),
-)
-
-export const notImplemented = new BadRequest({ message: 'Not implemented' })

package/src/user/user.fixture.ts

@@ -1,33 +0,0 @@
-import { Effect as E, Layer as L, Option as O } from 'effect'
-
-import {
-  IsExistingUserRequest,
-  IsExistingUserResponse,
-  ResendEmailRequest,
-  ResendEmailResponse,
-  VerifyEmailResponse,
-} from '@passlock/shared/dist/rpc/user.js'
-
-import * as Fixtures from '../test/fixtures.js'
-import { UserClient } from '../rpc/user.js'
-import type { ResendEmail } from './user.js'
-
-export const email = 'jdoe@gmail.com'
-export const isRegisteredReq = new IsExistingUserRequest({ email })
-export const isRegisteredRes = new IsExistingUserResponse({ existingUser: false, detail: O.none() })
-export const verifyEmailRes = new VerifyEmailResponse({ principal: Fixtures.principal })
-export const resendEmailReq: ResendEmail = { userId: '123', method: 'code' }
-export const rpcResendEmailReq = new ResendEmailRequest({
-  userId: '123',
-  verifyEmail: { method: 'code' },
-})
-export const rpcResendEmailRes = new ResendEmailResponse({})
-
-export const rpcClientTest = L.succeed(
-  UserClient,
-  UserClient.of({
-    isExistingUser: () => E.succeed({ existingUser: true, detail: O.none() }),
-    verifyEmail: () => E.succeed(verifyEmailRes),
-    resendVerificationEmail: () => E.fail(Fixtures.notImplemented),
-  }),
-)

package/src/user/user.test.ts

@@ -1,84 +0,0 @@
-import { Effect as E, Layer as L, Layer, LogLevel, Logger, pipe } from 'effect'
-import { describe, expect, test } from 'vitest'
-import { mock } from 'vitest-mock-extended'
-
-import * as Fixture from './user.fixture.js'
-import { UserClient } from '../rpc/user.js'
-import { UserService, UserServiceLive } from './user.js'
-
-describe('isExistingUser should', () => {
-  test('return true when the user already has a passkey', async () => {
-    const assertions = E.gen(function* (_) {
-      const service = yield* _(UserService)
-      const result = yield* _(service.isExistingUser({ email: Fixture.email }))
-
-      expect(result).toBe(true)
-    })
-
-    const service = pipe(UserServiceLive, L.provide(Fixture.rpcClientTest))
-
-    const effect = pipe(E.provide(assertions, service), Logger.withMinimumLogLevel(LogLevel.None))
-
-    return E.runPromise(effect)
-  })
-
-  test('send the email to the backend', async () => {
-    const assertions = E.gen(function* (_) {
-      const service = yield* _(UserService)
-      const result = yield* _(service.isExistingUser({ email: Fixture.email }))
-
-      expect(result).toBe(false)
-      const rpcClient = yield* _(UserClient)
-      expect(rpcClient.isExistingUser).toBeCalledWith(Fixture.isRegisteredReq)
-    })
-
-    const rpcClientTest = Layer.effect(
-      UserClient,
-      E.sync(() => {
-        const rpcMock = mock<UserClient['Type']>()
-
-        rpcMock.isExistingUser.mockReturnValue(E.succeed(Fixture.isRegisteredRes))
-
-        return rpcMock
-      }),
-    )
-
-    const service = pipe(UserServiceLive, L.provide(rpcClientTest))
-
-    const layers = L.merge(service, rpcClientTest)
-    const effect = pipe(E.provide(assertions, layers), Logger.withMinimumLogLevel(LogLevel.None))
-
-    return E.runPromise(effect)
-  })
-})
-
-describe('resendVerificationEmail should', () => {
-  test('forward the request to the backend', async () => {
-    const assertions = E.gen(function* (_) {
-      const service = yield* _(UserService)
-      yield* _(service.resendVerificationEmail(Fixture.resendEmailReq))
-
-      const rpcClient = yield* _(UserClient)
-      expect(rpcClient.resendVerificationEmail).toBeCalledWith(Fixture.rpcResendEmailReq)
-    })
-
-    const rpcClientTest = Layer.effect(
-      UserClient,
-      E.sync(() => {
-        const rpcMock = mock<UserClient['Type']>()
-
-        rpcMock.resendVerificationEmail.mockReturnValue(E.succeed(Fixture.rpcResendEmailRes))
-
-        return rpcMock
-      }),
-    )
-
-    const service = pipe(UserServiceLive, L.provide(rpcClientTest))
-
-    const layers = L.merge(service, rpcClientTest)
-
-    const effect = pipe(E.provide(assertions, layers), Logger.withMinimumLogLevel(LogLevel.None))
-
-    return E.runPromise(effect)
-  })
-})