@passlock/client 0.9.6 → 0.9.8

package/src/index.ts

@@ -7,6 +7,8 @@ import type {
   NotSupported,
   Unauthorized,
 } from '@passlock/shared/dist/error/error.js'
+
+import type { Principal } from '@passlock/shared/dist/schema/schema.js'
 import { ErrorCode } from '@passlock/shared/dist/error/error.js'
 import { RpcConfig } from '@passlock/shared/dist/rpc/rpc.js'
 import { Effect as E, Layer as L, Layer, Option, Runtime, Scope, pipe } from 'effect'
@@ -16,30 +18,44 @@ import { ConnectionService } from './connection/connection.js'
 import { allRequirements } from './effect.js'
 import { EmailService, type VerifyRequest } from './email/email.js'
 import { type RegistrationRequest, RegistrationService } from './registration/register.js'
-import { type AuthType, Storage, StorageService } from './storage/storage.js'
-import { type Email, UserService } from './user/user.js'
+import { type AuthType, Storage, StorageService, type StoredToken } from './storage/storage.js'
+import { type Email, UserService, type ResendEmail } from './user/user.js'
+import { SocialService, type OidcRequest } from './social/social.js'
+
+/* Exports */
+
+export type Options = { signal?: AbortSignal }
+export type { Email } from './user/user.js' 
+export type { UserVerification, VerifyEmail } from '@passlock/shared/dist/schema/schema.js'
+export type { RegistrationRequest } from './registration/register.js'
+export type { AuthenticationRequest } from './authentication/authenticate.js'
+export type { VerifyRequest } from './email/email.js'
+export type { AuthType, StoredToken } from './storage/storage.js'
+export type { Principal } from '@passlock/shared/dist/schema/schema.js'
 
 export { ErrorCode } from '@passlock/shared/dist/error/error.js'
 
 export class PasslockError extends Error {
-  readonly _tag = 'PasslockError'
   readonly code: ErrorCode
+  readonly detail: string | undefined
 
-  constructor(message: string, code: ErrorCode) {
+  constructor(message: string, code: ErrorCode, detail?: string) {
     super(message)
     this.code = code
+    this.detail = detail
   }
 
   static readonly isError = (error: unknown): error is PasslockError => {
     return (
       typeof error === 'object' &&
       error !== null &&
-      '_tag' in error &&
-      error['_tag'] === 'PasslockError'
+      error instanceof PasslockError
     )
   }
 }
 
+/* // Exports */
+
 type PasslockErrors =
   | BadRequest
   | NotSupported
@@ -63,12 +79,12 @@ const transformErrors = <A, R>(
 ): E.Effect<A | PasslockError, never, R> => {
   const withErrorHandling = E.catchTags(effect, {
     NotSupported: e => E.succeed(new PasslockError(e.message, ErrorCode.NotSupported)),
-    BadRequest: e => E.succeed(new PasslockError(e.message, ErrorCode.BadRequest)),
-    Duplicate: e => E.succeed(new PasslockError(e.message, ErrorCode.Duplicate)),
-    Unauthorized: e => E.succeed(new PasslockError(e.message, ErrorCode.Unauthorized)),
-    Forbidden: e => E.succeed(new PasslockError(e.message, ErrorCode.Forbidden)),
-    Disabled: e => E.succeed(new PasslockError(e.message, ErrorCode.Disabled)),
-    NotFound: e => E.succeed(new PasslockError(e.message, ErrorCode.NotFound)),
+    BadRequest: e => E.succeed(new PasslockError(e.message, ErrorCode.BadRequest, e.detail)),
+    Duplicate: e => E.succeed(new PasslockError(e.message, ErrorCode.Duplicate, e.detail)),
+    Unauthorized: e => E.succeed(new PasslockError(e.message, ErrorCode.Unauthorized, e.detail)),
+    Forbidden: e => E.succeed(new PasslockError(e.message, ErrorCode.Forbidden, e.detail)),
+    Disabled: e => E.succeed(new PasslockError(e.message, ErrorCode.Disabled, e.detail)),
+    NotFound: e => E.succeed(new PasslockError(e.message, ErrorCode.NotFound, e.detail)),
   })
 
   const sandboxed = E.sandbox(withErrorHandling)
@@ -110,8 +126,7 @@ type Requirements =
   | EmailService
   | StorageService
   | Capabilities
-
-export type Options = { signal?: AbortSignal }
+  | SocialService
 
 export class PasslockUnsafe {
   private readonly runtime: Runtime.Runtime<Requirements>
@@ -135,56 +150,77 @@ export class PasslockUnsafe {
     )
   }
 
-  preConnect = (options?: Options) =>
+  preConnect = (options?: Options): Promise<void> =>
     pipe(
       ConnectionService,
       E.flatMap(service => service.preConnect()),
       effect => Runtime.runPromise(this.runtime)(effect, options),
     )
 
-  isPasskeySupport = () =>
+  isPasskeySupport = (): Promise<boolean> =>
     pipe(
       Capabilities,
       E.flatMap(service => service.isPasskeySupport),
       effect => Runtime.runPromise(this.runtime)(effect),
     )
 
-  isExistingPasskey = (email: Email, options?: Options) =>
+  isExistingUser = (email: Email, options?: Options): Promise<boolean> =>
     pipe(
       UserService,
       E.flatMap(service => service.isExistingUser(email)),
       effect => this.runPromise(effect, options),
     )
 
-  registerPasskey = (request: RegistrationRequest, options?: Options) =>
+  registerPasskey = (request: RegistrationRequest, options?: Options): Promise<Principal> =>
     pipe(
       RegistrationService,
       E.flatMap(service => service.registerPasskey(request)),
       effect => this.runPromise(effect, options),
     )
 
-  authenticatePasskey = (request: AuthenticationRequest, options?: Options) =>
+  authenticatePasskey = (request: AuthenticationRequest, options?: Options): Promise<Principal> =>
     pipe(
       AuthenticationService,
       E.flatMap(service => service.authenticatePasskey(request)),
       effect => this.runPromise(effect, options),
     )
 
-  verifyEmailCode = (request: VerifyRequest, options?: Options) =>
+  registerOidc = (request: OidcRequest, options?: Options) => 
+    pipe(
+      SocialService,
+      E.flatMap(service => service.registerOidc(request)),
+      effect => this.runPromise(effect, options),
+    )   
+    
+  authenticateOidc = (request: OidcRequest, options?: Options) => 
+    pipe(
+      SocialService,
+      E.flatMap(service => service.authenticateOidc(request)),
+      effect => this.runPromise(effect, options),
+    )      
+
+  verifyEmailCode = (request: VerifyRequest, options?: Options): Promise<Principal> =>
     pipe(
       EmailService,
       E.flatMap(service => service.verifyEmailCode(request)),
       effect => this.runPromise(effect, options),
     )
 
-  verifyEmailLink = (options?: Options) =>
+  resendVerificationEmail = (request: ResendEmail, options?: Options): Promise<void> =>
+    pipe(
+      UserService,
+      E.flatMap(service => service.resendVerificationEmail(request)),
+      effect => this.runPromise(effect, options),
+    )    
+
+  verifyEmailLink = (options?: Options): Promise<Principal> =>
     pipe(
       EmailService,
       E.flatMap(service => service.verifyEmailLink()),
       effect => this.runPromise(effect, options),
     )
 
-  getSessionToken = (authType: AuthType) =>
+  getSessionToken = (authType: AuthType): StoredToken | undefined =>
     pipe(
       StorageService,
       E.flatMap(service => service.getToken(authType).pipe(effect => E.option(effect))),
@@ -192,11 +228,11 @@ export class PasslockUnsafe {
       effect => Runtime.runSync(this.runtime)(effect),
     )
 
-  clearExpiredTokens = () =>
+  clearExpiredTokens = (): void =>
     pipe(
       StorageService,
       E.flatMap(service => service.clearExpiredTokens),
-      effect => Runtime.runPromise(this.runtime)(effect),
+      effect => Runtime.runSync(this.runtime)(effect),
     )
 }
 
@@ -221,56 +257,77 @@ export class Passlock {
     )
   }
 
-  preConnect = (options?: Options) =>
+  preConnect = (options?: Options): Promise<void | PasslockError> =>
     pipe(
       ConnectionService,
       E.flatMap(service => service.preConnect()),
       effect => this.runPromise(effect, options),
     )
 
-  isPasskeySupport = () =>
+  isPasskeySupport = (): Promise<boolean> =>
     pipe(
       Capabilities,
       E.flatMap(service => service.isPasskeySupport),
       effect => Runtime.runPromise(this.runtime)(effect),
     )
 
-  isExistingPasskey = (email: Email, options?: Options) =>
+  isExistingUser = (email: Email, options?: Options): Promise<boolean | PasslockError> =>
     pipe(
       UserService,
       E.flatMap(service => service.isExistingUser(email)),
       effect => this.runPromise(effect, options),
     )
 
-  registerPasskey = (request: RegistrationRequest, options?: Options) =>
+  registerPasskey = (request: RegistrationRequest, options?: Options): Promise<Principal | PasslockError> =>
     pipe(
       RegistrationService,
       E.flatMap(service => service.registerPasskey(request)),
       effect => this.runPromise(effect, options),
     )
 
-  authenticatePasskey = (request: AuthenticationRequest = {}, options?: Options) =>
+  authenticatePasskey = (request: AuthenticationRequest = {}, options?: Options): Promise<Principal | PasslockError> =>
     pipe(
       AuthenticationService,
       E.flatMap(service => service.authenticatePasskey(request)),
       effect => this.runPromise(effect, options),
     )
 
-  verifyEmailCode = (request: VerifyRequest, options?: Options) =>
+  registerOidc = (request: OidcRequest, options?: Options) => 
+    pipe(
+      SocialService,
+      E.flatMap(service => service.registerOidc(request)),
+      effect => this.runPromise(effect, options),
+    )     
+
+  authenticateOidc = (request: OidcRequest, options?: Options) => 
+    pipe(
+      SocialService,
+      E.flatMap(service => service.authenticateOidc(request)),
+      effect => this.runPromise(effect, options),
+    )      
+
+  verifyEmailCode = (request: VerifyRequest, options?: Options): Promise<Principal | PasslockError> =>
     pipe(
       EmailService,
       E.flatMap(service => service.verifyEmailCode(request)),
       effect => this.runPromise(effect, options),
     )
 
-  verifyEmailLink = (options?: Options) =>
+  verifyEmailLink = (options?: Options): Promise<Principal | PasslockError> =>
     pipe(
       EmailService,
       E.flatMap(service => service.verifyEmailLink()),
       effect => this.runPromise(effect, options),
     )
 
-  getSessionToken = (authType: AuthType) =>
+  resendVerificationEmail = (request: ResendEmail, options?: Options): Promise<void | PasslockError> =>
+    pipe(
+      UserService,
+      E.flatMap(service => service.resendVerificationEmail(request)),
+      effect => this.runPromise(effect, options),
+    )      
+
+  getSessionToken = (authType: AuthType): StoredToken | undefined =>
     pipe(
       StorageService,
       E.flatMap(service => service.getToken(authType).pipe(effect => E.option(effect))),
@@ -278,10 +335,10 @@ export class Passlock {
       effect => Runtime.runSync(this.runtime)(effect),
     )
 
-  clearExpiredTokens = () =>
+  clearExpiredTokens = (): void =>
     pipe(
       StorageService,
       E.flatMap(service => service.clearExpiredTokens),
-      effect => Runtime.runPromise(this.runtime)(effect),
+      effect => Runtime.runSync(this.runtime)(effect),
     )
 }

package/src/registration/register.fixture.ts

@@ -1,4 +1,3 @@
-import { BadRequest } from '@passlock/shared/dist/error/error.js'
 import {
   OptionsReq,
   OptionsRes,
@@ -11,6 +10,7 @@ import { Effect as E, Layer as L } from 'effect'
 import { CreateCredential, type RegistrationRequest } from './register.js'
 import * as Fixtures from '../test/fixtures.js'
 import { UserService } from '../user/user.js'
+import { PreConnectRes } from '@passlock/shared/dist/rpc/connection.js'
 
 export const session = 'session'
 export const token = 'token'
@@ -20,8 +20,8 @@ export const expireAt = Date.now() + 10000
 
 export const registrationRequest: RegistrationRequest = {
   email: 'jdoe@gmail.com',
-  firstName: 'john',
-  lastName: 'doe',
+  givenName: 'john',
+  familyName: 'doe',
 }
 
 export const optionsReq = new OptionsReq(registrationRequest)
@@ -70,19 +70,23 @@ export const userServiceTest = L.succeed(
   UserService,
   UserService.of({
     isExistingUser: () => E.succeed(false),
+    resendVerificationEmail: () => E.succeed(true)
   }),
 )
 
 export const rpcClientTest = L.succeed(
   RpcClient,
   RpcClient.of({
-    preConnect: () => E.succeed({ warmed: true }),
-    isExistingUser: () => E.succeed({ existingUser: true }),
-    verifyEmail: () => E.succeed({ verified: true }),
+    preConnect: () => E.succeed(new PreConnectRes({ warmed: true })),
+    isExistingUser: () => E.fail(Fixtures.notImplemented),
+    verifyEmail: () => E.fail(Fixtures.notImplemented),
     getRegistrationOptions: () => E.succeed(optionsRes),
     verifyRegistrationCredential: () => E.succeed(verificationRes),
-    getAuthenticationOptions: () => E.fail(new BadRequest({ message: 'Not implemeneted' })),
-    verifyAuthenticationCredential: () => E.succeed({ principal: Fixtures.principal }),
+    getAuthenticationOptions: () => E.fail(Fixtures.notImplemented),
+    verifyAuthenticationCredential: () => E.fail(Fixtures.notImplemented),
+    registerOidc: () => E.fail(Fixtures.notImplemented),
+    authenticateOidc: () => E.fail(Fixtures.notImplemented),
+    resendVerificationEmail: () => E.fail(Fixtures.notImplemented),
   }),
 )
 

package/src/registration/register.test.ts

@@ -29,41 +29,6 @@ describe('register should', () => {
     return E.runPromise(effect)
   })
 
-  test('check if the user is already registered', async () => {
-    const assertions = E.gen(function* (_) {
-      const service = yield* _(RegistrationService)
-      yield* _(service.registerPasskey(Fixture.registrationRequest))
-
-      const userService = yield* _(UserService)
-      expect(userService.isExistingUser).toHaveBeenCalled()
-    })
-
-    const userServiceTest = L.effect(
-      UserService,
-      E.sync(() => {
-        const userMock = mock<UserService>()
-
-        userMock.isExistingUser.mockReturnValue(E.succeed(false))
-
-        return userMock
-      }),
-    )
-
-    const service = pipe(
-      RegistrationServiceLive,
-      L.provide(Fixture.createCredentialTest),
-      L.provide(Fixture.capabilitiesTest),
-      L.provide(Fixture.storageServiceTest),
-      L.provide(Fixture.rpcClientTest),
-      L.provide(userServiceTest),
-    )
-
-    const layers = Layer.merge(service, userServiceTest)
-    const effect = pipe(E.provide(assertions, layers), Logger.withMinimumLogLevel(LogLevel.None))
-
-    return E.runPromise(effect)
-  })
-
   test('pass the registration data to the backend', async () => {
     const assertions = E.gen(function* (_) {
       const service = yield* _(RegistrationService)
@@ -145,14 +110,14 @@ describe('register should', () => {
       expect(error).toBeInstanceOf(Duplicate)
     })
 
-    const userServiceTest = L.effect(
-      UserService,
+    const rpcClientTest = L.effect(
+      RpcClient,
       E.sync(() => {
-        const userMock = mock<UserService>()
+        const rpcMock = mock<RpcClient['Type']>()
 
-        userMock.isExistingUser.mockReturnValue(E.succeed(true))
+        rpcMock.getRegistrationOptions.mockReturnValue(E.fail(new Duplicate({ message: 'User already exists' })))
 
-        return userMock
+        return rpcMock
       }),
     )
 
@@ -161,11 +126,11 @@ describe('register should', () => {
       L.provide(Fixture.createCredentialTest),
       L.provide(Fixture.capabilitiesTest),
       L.provide(Fixture.storageServiceTest),
-      L.provide(Fixture.rpcClientTest),
-      L.provide(userServiceTest),
+      L.provide(Fixture.userServiceTest),
+      L.provide(rpcClientTest),
     )
 
-    const layers = Layer.merge(service, userServiceTest)
+    const layers = Layer.merge(service, rpcClientTest)
     const effect = pipe(E.provide(assertions, layers), Logger.withMinimumLogLevel(LogLevel.None))
 
     return E.runPromise(effect)

package/src/registration/register.ts

@@ -25,18 +25,18 @@ import { UserService } from '../user/user.js'
 
 export type RegistrationRequest = {
   email: string
-  firstName: string
-  lastName: string
+  givenName: string
+  familyName: string
   userVerification?: UserVerification
   verifyEmail?: VerifyEmail
-  redirectUrl?: string
 }
 
 /* Dependencies */
 
 export type CreateCredential = (
-  options: CredentialCreationOptions,
+  request: CredentialCreationOptions,
 ) => E.Effect<RegistrationCredential, InternalBrowserError | Duplicate>
+
 export const CreateCredential = Context.GenericTag<CreateCredential>('@services/Create')
 
 /* Errors */
@@ -55,12 +55,12 @@ export const RegistrationService = Context.GenericTag<RegistrationService>(
 
 /* Utilities */
 
-const fetchOptions = (req: OptionsReq) => {
+const fetchOptions = (request: OptionsReq) => {
   return E.gen(function* (_) {
     yield* _(E.logDebug('Making request'))
 
     const rpcClient = yield* _(RpcClient)
-    const { publicKey, session } = yield* _(rpcClient.getRegistrationOptions(req))
+    const { publicKey, session } = yield* _(rpcClient.getRegistrationOptions(request))
 
     yield* _(E.logDebug('Converting Passlock options to CredentialCreationOptions'))
     const options = yield* _(toCreationOptions({ publicKey }))
@@ -82,30 +82,17 @@ const toCreationOptions = (jsonOptions: CredentialCreationOptionsJSON) => {
   )
 }
 
-const verifyCredential = (req: VerificationReq) => {
+const verifyCredential = (request: VerificationReq) => {
   return E.gen(function* (_) {
     yield* _(E.logDebug('Making request'))
 
     const rpcClient = yield* _(RpcClient)
-    const { principal } = yield* _(rpcClient.verifyRegistrationCredential(req))
+    const { principal } = yield* _(rpcClient.verifyRegistrationCredential(request))
 
     return principal
   })
 }
 
-const isNewUser = (email: string) => {
-  return pipe(
-    UserService,
-    E.flatMap(service => service.isExistingUser({ email })),
-    E.catchTag('BadRequest', () => E.unit),
-    E.flatMap(isExistingUser => {
-      return isExistingUser
-        ? new Duplicate({ message: 'User already has a passkey registered' })
-        : E.unit
-    }),
-  )
-}
-
 /* Effects */
 
 type Dependencies = Capabilities | CreateCredential | StorageService | UserService | RpcClient
@@ -118,9 +105,6 @@ export const registerPasskey = (
     const capabilities = yield* _(Capabilities)
     yield* _(capabilities.passkeySupport)
 
-    yield* _(E.logInfo('Checking if already registered'))
-    yield* _(isNewUser(request.email))
-
     yield* _(E.logInfo('Fetching registration options from Passlock'))
     const { options, session } = yield* _(fetchOptions(new OptionsReq(request)))
 

package/src/social/social.ts

@@ -0,0 +1,86 @@
+/**
+ * Passkey authentication effects
+ */
+import {
+  type BadRequest,
+  type NotSupported
+} from '@passlock/shared/dist/error/error.js'
+import { RpcClient } from '@passlock/shared/dist/rpc/rpc.js'
+import { AuthenticateOidcErrors, AuthenticateOidcReq, RegisterOidcErrors, RegisterOidcReq } from '@passlock/shared/dist/rpc/social.js'
+import type {
+  Principal
+} from '@passlock/shared/dist/schema/schema.js'
+import { Context, Effect as E, Layer, flow } from 'effect'
+
+/* Requests */
+
+export type OidcRequest = { provider: 'google', idToken: string }
+
+/* Errors */
+
+export type RegistrationErrors = NotSupported | BadRequest | RegisterOidcErrors
+
+export type AuthenticationErrors = NotSupported | BadRequest | AuthenticateOidcErrors
+
+/* Service */
+
+export type SocialService = {
+  registerOidc: (data: OidcRequest) => E.Effect<Principal, RegistrationErrors>
+  authenticateOidc: (data: OidcRequest) => E.Effect<Principal, AuthenticationErrors>
+}
+
+export const SocialService = Context.GenericTag<SocialService>(
+  '@services/SocialService',
+)
+
+/* Effects */
+
+type Dependencies = RpcClient
+
+export const registerOidc = (
+  request: OidcRequest,
+): E.Effect<Principal, RegistrationErrors, Dependencies> => {
+  return E.gen(function* (_) {
+    yield* _(E.logInfo('Registering social account'))
+
+    const rpcClient = yield* _(RpcClient)
+
+    const { principal } = yield* _(
+      rpcClient.registerOidc(new RegisterOidcReq(request))
+    )
+
+    return principal
+  })
+}
+
+export const authenticateOidc = (
+  request: OidcRequest,
+): E.Effect<Principal, AuthenticationErrors, Dependencies> => {
+  return E.gen(function* (_) {
+    yield* _(E.logInfo('Authenticating with social account'))
+
+    const rpcClient = yield* _(RpcClient)
+
+    const { principal } = yield* _(
+      rpcClient.authenticateOidc(new AuthenticateOidcReq(request))
+    )
+
+    return principal
+  })
+}
+
+/* Live */
+
+/* v8 ignore start */
+export const SocialServiceLive = Layer.effect(
+  SocialService,
+  E.gen(function* (_) {
+    const context = yield* _(E.context<RpcClient>())
+
+    return SocialService.of({
+      registerOidc: flow(registerOidc, E.provide(context)),
+      authenticateOidc: flow(authenticateOidc, E.provide(context))
+    })
+  }),
+)
+/* v8 ignore stop */

package/src/storage/storage.fixture.ts

@@ -1,26 +1,7 @@
-import type { Principal } from '@passlock/shared/dist/schema/schema.js'
 import { Effect as E, Layer, pipe } from 'effect'
 import { mock } from 'vitest-mock-extended'
 import { Storage, StorageServiceLive } from './storage.js'
 
-// Frontend receives dates as objects
-export const principal: Principal = {
-  token: 'token',
-  subject: {
-    id: '1',
-    email: 'john.doe@gmail.com',
-    firstName: 'john',
-    lastName: 'doe',
-    emailVerified: false,
-  },
-  authStatement: {
-    authType: 'passkey',
-    userVerified: false,
-    authTimestamp: new Date(0),
-  },
-  expireAt: new Date(100),
-}
-
 const storageTest = Layer.effect(
   Storage,
   E.sync(() => mock<Storage>()),
@@ -31,3 +12,5 @@ export const testLayers = (storage: Layer.Layer<Storage> = storageTest) => {
 
   return Layer.merge(storage, storageService)
 }
+
+export { principal } from '../test/fixtures.js'

package/src/storage/storage.ts

@@ -8,7 +8,7 @@ import type { NoSuchElementException } from 'effect/Cause'
 
 /* Requests */
 
-export type AuthType = 'email' | 'passkey'
+export type AuthType = 'email' | 'passkey' | 'google'
 
 export type StoredToken = {
   token: string
@@ -71,7 +71,7 @@ export const storeToken = (principal: Principal): E.Effect<void, never, Storage>
       const compressed = compressToken(principal)
       const key = buildKey(principal.authStatement.authType)
       localStorage.setItem(key, compressed)
-    }).pipe(E.orElse(() => E.unit)) // We dont care if it fails
+    }).pipe(E.orElse(() => E.void)) // We dont care if it fails
 
     return yield* _(storeEffect)
   })
@@ -134,8 +134,8 @@ export const clearExpiredToken = (authType: AuthType): E.Effect<void, never, Sto
   return pipe(
     effect,
     E.match({
-      onSuccess: () => E.unit,
-      onFailure: () => E.unit,
+      onSuccess: () => E.void,
+      onFailure: () => E.void,
     }),
   )
 }
@@ -143,6 +143,7 @@ export const clearExpiredToken = (authType: AuthType): E.Effect<void, never, Sto
 export const clearExpiredTokens: E.Effect<void, never, Storage> = E.all([
   clearExpiredToken('passkey'),
   clearExpiredToken('email'),
+  clearExpiredToken('google'),
 ])
 
 /* Live */