@passlock/node 2.0.0-beta.2 → 2.0.0-beta.5

package/dist/effects/index.d.ts

@@ -0,0 +1,5 @@
+export * from "../passkey/effects.js";
+export * from "../principal/effects.js";
+export * from "../schemas/index.js";
+export * from "../shared.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/effects/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/effects/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAA;AACrC,cAAc,yBAAyB,CAAA;AACvC,cAAc,qBAAqB,CAAA;AACnC,cAAc,cAAc,CAAA"}

package/dist/effects/index.js

@@ -0,0 +1,5 @@
+export * from "../passkey/effects.js";
+export * from "../principal/effects.js";
+export * from "../schemas/index.js";
+export * from "../shared.js";
+//# sourceMappingURL=index.js.map

package/dist/effects/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/effects/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAA;AACrC,cAAc,yBAAyB,CAAA;AACvC,cAAc,qBAAqB,CAAA;AACnC,cAAc,cAAc,CAAA","sourcesContent":["export * from \"../passkey/effects.js\"\nexport * from \"../principal/effects.js\"\nexport * from \"../schemas/index.js\"\nexport * from \"../shared.js\"\n"]}

package/dist/index.d.ts

@@ -1,4 +1,5 @@
-export type { ApiOptions, AuthorizedApiOptions } from "./shared.js";
-export { type Principal, isPrincipal, exchangeCode, exchangeCodeUnsafe, verifyIdToken, verifyIdTokenUnsafe, } from "./principal/index.js";
-export { type AssignUserRequest, type AssignedUser, assignUserUnsafe, } from "./user/index.js";
+export * from "./passkey/index.js";
+export * from "./principal/index.js";
+export * from "./schemas/index.js";
+export * from "./shared.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAEpE,OAAO,EACL,KAAK,SAAS,EACd,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,YAAY,EACjB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAA;AAClC,cAAc,sBAAsB,CAAA;AACpC,cAAc,oBAAoB,CAAA;AAClC,cAAc,aAAa,CAAA"}

package/dist/index.js

@@ -1,3 +1,5 @@
-export { isPrincipal, exchangeCode, exchangeCodeUnsafe, verifyIdToken, verifyIdTokenUnsafe, } from "./principal/index.js";
-export { assignUserUnsafe, } from "./user/index.js";
+export * from "./passkey/index.js";
+export * from "./principal/index.js";
+export * from "./schemas/index.js";
+export * from "./shared.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAGL,gBAAgB,GACjB,MAAM,iBAAiB,CAAC","sourcesContent":["export type { ApiOptions, AuthorizedApiOptions } from \"./shared.js\";\n\nexport {\n  type Principal,\n  isPrincipal,\n  exchangeCode,\n  exchangeCodeUnsafe,\n  verifyIdToken,\n  verifyIdTokenUnsafe,\n} from \"./principal/index.js\";\n\nexport {\n  type AssignUserRequest,\n  type AssignedUser,\n  assignUserUnsafe,\n} from \"./user/index.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAA;AAClC,cAAc,sBAAsB,CAAA;AACpC,cAAc,oBAAoB,CAAA;AAClC,cAAc,aAAa,CAAA","sourcesContent":["export * from \"./passkey/index.js\"\nexport * from \"./principal/index.js\"\nexport * from \"./schemas/index.js\"\nexport * from \"./shared.js\"\n"]}

package/dist/passkey/effects.d.ts

@@ -0,0 +1,24 @@
+import type { AuthenticatedTenancyOptions } from "../shared.js";
+import { HttpClient } from "@effect/platform";
+import { Effect, type Layer, Stream } from "effect";
+import { Forbidden, NotFound } from "../schemas/errors.js";
+import { FindAllPasskeys } from "../schemas/index.js";
+import { DeletedPasskey, Passkey, type PasskeySummary } from "../schemas/passkey.js";
+export type GetPasskeyOptions = AuthenticatedTenancyOptions;
+export declare const getPasskey: (authenticatorId: string, options: GetPasskeyOptions, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Effect.Effect<Passkey, NotFound | Forbidden>;
+export type { GetPasskeyOptions as GetAuthenticatorOptions, Passkey };
+type DeleteAuthenticatorOptions = AuthenticatedTenancyOptions;
+export declare const deletePasskey: (passkeyId: string, request: DeleteAuthenticatorOptions, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Effect.Effect<DeletedPasskey, NotFound | Forbidden>;
+export type { DeleteAuthenticatorOptions };
+interface AssignUserRequest extends AuthenticatedTenancyOptions {
+    userId: string;
+    passkeyId: string;
+}
+export declare const assignUser: (request: AssignUserRequest, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Effect.Effect<Passkey, NotFound | Forbidden>;
+export type { AssignUserRequest };
+export interface ListPasskeyOptions extends AuthenticatedTenancyOptions {
+    cursor?: string;
+}
+export declare const listPasskeysStream: (options: AuthenticatedTenancyOptions, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Stream.Stream<PasskeySummary, Forbidden>;
+export declare const listPasskeys: (options: ListPasskeyOptions, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Effect.Effect<FindAllPasskeys, Forbidden>;
+//# sourceMappingURL=effects.d.ts.map

package/dist/passkey/effects.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"effects.d.ts","sourceRoot":"","sources":["../../src/passkey/effects.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAA;AAC/D,OAAO,EAEL,UAAU,EAGX,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAS,MAAM,EAAE,KAAK,KAAK,EAA+B,MAAM,EAAE,MAAM,QAAQ,CAAA;AACvF,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AACrD,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAIpF,MAAM,MAAM,iBAAiB,GAAG,2BAA2B,CAAA;AAE3D,eAAO,MAAM,UAAU,GACrB,iBAAiB,MAAM,EACvB,SAAS,iBAAiB,EAC1B,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,GAAG,SAAS,CAiC3C,CAAA;AAEH,YAAY,EAAE,iBAAiB,IAAI,uBAAuB,EAAE,OAAO,EAAE,CAAA;AAIrE,KAAK,0BAA0B,GAAG,2BAA2B,CAAA;AAE7D,eAAO,MAAM,aAAa,GACxB,WAAW,MAAM,EACjB,SAAS,0BAA0B,EACnC,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,QAAQ,GAAG,SAAS,CAiClD,CAAA;AAEH,YAAY,EAAE,0BAA0B,EAAE,CAAA;AAI1C,UAAU,iBAAkB,SAAQ,2BAA2B;IAC7D,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,EAC1B,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,GAAG,SAAS,CAmC3C,CAAA;AAEH,YAAY,EAAE,iBAAiB,EAAE,CAAA;AAIjC,MAAM,WAAW,kBAAmB,SAAQ,2BAA2B;IACrE,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,eAAO,MAAM,kBAAkB,GAC7B,SAAS,2BAA2B,EACpC,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,SAAS,CAWvC,CAAA;AAEH,eAAO,MAAM,YAAY,GACvB,SAAS,kBAAkB,EAC3B,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,SAAS,CAkCxC,CAAA"}

package/dist/passkey/effects.js

@@ -0,0 +1,87 @@
+import { FetchHttpClient, HttpClient, HttpClientRequest, HttpClientResponse, } from "@effect/platform";
+import { Chunk, Effect, Match, Option, pipe, Schema, Stream } from "effect";
+import { Forbidden, NotFound } from "../schemas/errors.js";
+import { FindAllPasskeys } from "../schemas/index.js";
+import { DeletedPasskey, Passkey } from "../schemas/passkey.js";
+export const getPasskey = (authenticatorId, options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const { tenancyId } = options;
+    const url = new URL(`/${tenancyId}/passkeys/${authenticatorId}`, baseUrl);
+    const response = yield* HttpClientRequest.get(url, {
+        headers: { Authorization: `Bearer ${options.apiKey}` },
+    }).pipe(client.execute);
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => HttpClientResponse.schemaBodyJson(Passkey)(response),
+        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(response),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("Passkey", (data) => Effect.succeed(data)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.provide(httpClient));
+export const deletePasskey = (passkeyId, request, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = request.endpoint ?? "https://api.passlock.dev";
+    const { tenancyId } = request;
+    const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl);
+    const response = yield* HttpClientRequest.del(url, {
+        headers: { Authorization: `Bearer ${request.apiKey}` },
+    }).pipe(client.execute);
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => HttpClientResponse.schemaBodyJson(DeletedPasskey)(response),
+        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(response),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("DeletedPasskey", (deletedPasskey) => Effect.succeed(deletedPasskey)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.provide(httpClient));
+export const assignUser = (request, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = request.endpoint ?? "https://api.passlock.dev";
+    const { userId, passkeyId } = request;
+    const { tenancyId } = request;
+    const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl);
+    const response = yield* HttpClientRequest.patch(url, {
+        headers: { Authorization: `Bearer ${request.apiKey}` },
+    }).pipe(HttpClientRequest.bodyJson({ userId }), Effect.flatMap(client.execute));
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => HttpClientResponse.schemaBodyJson(Passkey)(response),
+        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(NotFound, Forbidden))(response),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("Passkey", (passkey) => Effect.succeed(passkey)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    HttpBodyError: (err) => Effect.die(err),
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.provide(httpClient));
+export const listPasskeysStream = (options, httpClient = FetchHttpClient.layer) => pipe(Stream.paginateChunkEffect(null, (cursor) => pipe(listPasskeys(cursor ? { ...options, cursor } : options, httpClient), Effect.map((result) => [
+    Chunk.fromIterable(result.records),
+    Option.fromNullable(result.cursor),
+]))));
+export const listPasskeys = (options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const { tenancyId } = options;
+    const url = new URL(`/${tenancyId}/passkeys/`, baseUrl);
+    if (options.cursor) {
+        url.searchParams.append("cursor", options.cursor);
+    }
+    const response = yield* HttpClientRequest.get(url, {
+        headers: { Authorization: `Bearer ${options.apiKey}` },
+    }).pipe(client.execute);
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => HttpClientResponse.schemaBodyJson(FindAllPasskeys)(response),
+        orElse: () => HttpClientResponse.schemaBodyJson(Forbidden)(response),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("FindAllPasskeys", (data) => Effect.succeed(data)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.provide(httpClient));
+//# sourceMappingURL=effects.js.map

package/dist/passkey/effects.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"effects.js","sourceRoot":"","sources":["../../src/passkey/effects.ts"],"names":[],"mappings":"AACA,OAAO,EACL,eAAe,EACf,UAAU,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,KAAK,EAAE,MAAM,EAAc,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AACvF,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AACrD,OAAO,EAAE,cAAc,EAAE,OAAO,EAAuB,MAAM,uBAAuB,CAAA;AAMpF,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,eAAuB,EACvB,OAA0B,EAC1B,aAAiD,eAAe,CAAC,KAAK,EACxB,EAAE,CAChD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,aAAa,eAAe,EAAE,EAAE,OAAO,CAAC,CAAA;IAEzE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;QACjD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAEvB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;QACjE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;KACjF,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,EACpD,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAQH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,SAAiB,EACjB,OAAmC,EACnC,aAAiD,eAAe,CAAC,KAAK,EACjB,EAAE,CACvD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,aAAa,SAAS,EAAE,EAAE,OAAO,CAAC,CAAA;IAEnE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;QACjD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAEvB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC;QACxE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;KACjF,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,cAAc,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,EAC/E,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAWH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EAC1B,aAAiD,eAAe,CAAC,KAAK,EACxB,EAAE,CAChD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IACrC,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,aAAa,SAAS,EAAE,EAAE,OAAO,CAAC,CAAA;IAEnE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,EAAE;QACnD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;IAE/E,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;QACjE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;KACjF,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACvC,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAUH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,OAAoC,EACpC,aAAiD,eAAe,CAAC,KAAK,EAC5B,EAAE,CAC5C,IAAI,CACF,MAAM,CAAC,mBAAmB,CAAC,IAAqB,EAAE,CAAC,MAAM,EAAE,EAAE,CAC3D,IAAI,CACF,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,EACnE,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;IACrB,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC;IAClC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC;CACnC,CAAC,CACH,CACF,CACF,CAAA;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA2B,EAC3B,aAAiD,eAAe,CAAC,KAAK,EAC3B,EAAE,CAC7C,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,YAAY,EAAE,OAAO,CAAC,CAAA;IACvD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;IACnD,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE;QACjD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAEvB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC,QAAQ,CAAC;QACzE,MAAM,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC;KACrE,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,EAC5D,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA","sourcesContent":["import type { AuthenticatedTenancyOptions } from \"../shared.js\"\nimport {\n  FetchHttpClient,\n  HttpClient,\n  HttpClientRequest,\n  HttpClientResponse,\n} from \"@effect/platform\"\nimport { Chunk, Effect, type Layer, Match, Option, pipe, Schema, Stream } from \"effect\"\nimport { Forbidden, NotFound } from \"../schemas/errors.js\"\nimport { FindAllPasskeys } from \"../schemas/index.js\"\nimport { DeletedPasskey, Passkey, type PasskeySummary } from \"../schemas/passkey.js\"\n\n/* Get Passkey */\n\nexport type GetPasskeyOptions = AuthenticatedTenancyOptions\n\nexport const getPasskey = (\n  authenticatorId: string,\n  options: GetPasskeyOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<Passkey, NotFound | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId } = options\n\n      const url = new URL(`/${tenancyId}/passkeys/${authenticatorId}`, baseUrl)\n\n      const response = yield* HttpClientRequest.get(url, {\n        headers: { Authorization: `Bearer ${options.apiKey}` },\n      }).pipe(client.execute)\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(Passkey)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(response),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"Passkey\", (data) => Effect.succeed(data)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\nexport type { GetPasskeyOptions as GetAuthenticatorOptions, Passkey }\n\n/* Delete Passkey */\n\ntype DeleteAuthenticatorOptions = AuthenticatedTenancyOptions\n\nexport const deletePasskey = (\n  passkeyId: string,\n  request: DeleteAuthenticatorOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<DeletedPasskey, NotFound | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = request.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId } = request\n\n      const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl)\n\n      const response = yield* HttpClientRequest.del(url, {\n        headers: { Authorization: `Bearer ${request.apiKey}` },\n      }).pipe(client.execute)\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(DeletedPasskey)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(Forbidden, NotFound))(response),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"DeletedPasskey\", (deletedPasskey) => Effect.succeed(deletedPasskey)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\nexport type { DeleteAuthenticatorOptions }\n\n/* Assign User */\n\ninterface AssignUserRequest extends AuthenticatedTenancyOptions {\n  userId: string\n  passkeyId: string\n}\n\nexport const assignUser = (\n  request: AssignUserRequest,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<Passkey, NotFound | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = request.endpoint ?? \"https://api.passlock.dev\"\n      const { userId, passkeyId } = request\n      const { tenancyId } = request\n\n      const url = new URL(`/${tenancyId}/passkeys/${passkeyId}`, baseUrl)\n\n      const response = yield* HttpClientRequest.patch(url, {\n        headers: { Authorization: `Bearer ${request.apiKey}` },\n      }).pipe(HttpClientRequest.bodyJson({ userId }), Effect.flatMap(client.execute))\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(Passkey)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(NotFound, Forbidden))(response),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"Passkey\", (passkey) => Effect.succeed(passkey)),\n        Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      HttpBodyError: (err) => Effect.die(err),\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\nexport type { AssignUserRequest }\n\n/* List Passkeys */\n\nexport interface ListPasskeyOptions extends AuthenticatedTenancyOptions {\n  cursor?: string\n}\n\nexport const listPasskeysStream = (\n  options: AuthenticatedTenancyOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Stream.Stream<PasskeySummary, Forbidden> =>\n  pipe(\n    Stream.paginateChunkEffect(null as string | null, (cursor) =>\n      pipe(\n        listPasskeys(cursor ? { ...options, cursor } : options, httpClient),\n        Effect.map((result) => [\n          Chunk.fromIterable(result.records),\n          Option.fromNullable(result.cursor),\n        ])\n      )\n    )\n  )\n\nexport const listPasskeys = (\n  options: ListPasskeyOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<FindAllPasskeys, Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId } = options\n\n      const url = new URL(`/${tenancyId}/passkeys/`, baseUrl)\n      if (options.cursor) {\n        url.searchParams.append(\"cursor\", options.cursor)\n      }\n\n      const response = yield* HttpClientRequest.get(url, {\n        headers: { Authorization: `Bearer ${options.apiKey}` },\n      }).pipe(client.execute)\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(FindAllPasskeys)(response),\n        orElse: () => HttpClientResponse.schemaBodyJson(Forbidden)(response),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"FindAllPasskeys\", (data) => Effect.succeed(data)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n"]}

package/dist/passkey/index.d.ts

@@ -0,0 +1,64 @@
+import type { Forbidden, NotFound } from "../schemas/errors.js";
+import type { DeletedPasskey, FindAllPasskeys, PasskeySummary } from "../schemas/passkey.js";
+import type { AuthenticatedTenancyOptions } from "../shared.js";
+import type { AssignUserRequest, DeleteAuthenticatorOptions, GetAuthenticatorOptions, ListPasskeyOptions, Passkey } from "./effects.js";
+/**
+ * Call the Passlock backend API to assign a userId to an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export declare const assignUser: (request: AssignUserRequest) => Promise<Passkey | NotFound | Forbidden>;
+/**
+ * Call the Passlock backend API to assign a userId to an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export declare const assignUserUnsafe: (request: AssignUserRequest) => Promise<Passkey>;
+/**
+ * Call the Passlock backend API to delete an authenticator
+ * @param options
+ * @param options
+ * @returns
+ */
+export declare const deletePasskey: (passkeyId: string, options: DeleteAuthenticatorOptions) => Promise<DeletedPasskey | Forbidden | NotFound>;
+/**
+ * Call the Passlock backend API to delete an authenticator
+ * @param options
+ * @param options
+ * @returns
+ */
+export declare const deletePasskeyUnsafe: (passkeyId: string, options: DeleteAuthenticatorOptions) => Promise<{
+    passkeyId: string;
+}>;
+/**
+ * Call the Passlock backend API to fetch an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export declare const getPasskey: (authenticatorId: string, options: GetAuthenticatorOptions) => Promise<Passkey | Forbidden | NotFound>;
+/**
+ * Call the Passlock backend API to fetch an authenticator
+ * @param authenticatorId
+ * @param options
+ * @returns
+ */
+export declare const getPasskeyUnsafe: (authenticatorId: string, options: GetAuthenticatorOptions) => Promise<Passkey>;
+export type { AssignUserRequest, DeleteAuthenticatorOptions, GetAuthenticatorOptions, Passkey, } from "./effects.js";
+/**
+ * List passkeys for the given tenancy. Note this could return a cursor, in which case the function chould be called with the given cursor.
+ * @param options
+ * @returns
+ */
+export declare const listPasskeys: (options: ListPasskeyOptions) => Promise<FindAllPasskeys | Forbidden>;
+/**
+ * List passkeys for the given tenancy. Note this could return a cursor, in which case the function chould be called with the given cursor.
+ * @param options
+ * @returns
+ */
+export declare const listPasskeysUnsafe: (options: ListPasskeyOptions) => Promise<FindAllPasskeys>;
+export declare const listPasskeysStream: (options: AuthenticatedTenancyOptions) => ReadableStream<PasskeySummary>;
+export type { ListPasskeyOptions } from "./effects.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/passkey/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/passkey/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/D,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAC5F,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAA;AAC/D,OAAO,KAAK,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,uBAAuB,EACvB,kBAAkB,EAClB,OAAO,EACR,MAAM,cAAc,CAAA;AAUrB;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,iBAAiB,KAAG,OAAO,CAAC,OAAO,GAAG,QAAQ,GAAG,SAAS,CAK3F,CAAA;AAEH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,iBAAiB,KAAG,OAAO,CAAC,OAAO,CAC9B,CAAA;AAE/C;;;;;GAKG;AACH,eAAO,MAAM,aAAa,GACxB,WAAW,MAAM,EACjB,SAAS,0BAA0B,KAClC,OAAO,CAAC,cAAc,GAAG,SAAS,GAAG,QAAQ,CAK7C,CAAA;AAEH;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,GAC9B,WAAW,MAAM,EACjB,SAAS,0BAA0B,KAClC,OAAO,CAAC;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,CACuD,CAAA;AAEvF;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GACrB,iBAAiB,MAAM,EACvB,SAAS,uBAAuB,KAC/B,OAAO,CAAC,OAAO,GAAG,SAAS,GAAG,QAAQ,CAKtC,CAAA;AAEH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAC3B,iBAAiB,MAAM,EACvB,SAAS,uBAAuB,KAC/B,OAAO,CAAC,OAAO,CAAmE,CAAA;AAErF,YAAY,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,uBAAuB,EACvB,OAAO,GACR,MAAM,cAAc,CAAA;AAErB;;;;GAIG;AACH,eAAO,MAAM,YAAY,GAAI,SAAS,kBAAkB,KAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAK3F,CAAA;AAEH;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,GAAI,SAAS,kBAAkB,KAAG,OAAO,CAAC,eAAe,CACvC,CAAA;AAEjD,eAAO,MAAM,kBAAkB,GAC7B,SAAS,2BAA2B,KACnC,cAAc,CAAC,cAAc,CACiD,CAAA;AAEjF,YAAY,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA"}

package/dist/passkey/index.js

@@ -0,0 +1,58 @@
+import { Effect, identity, pipe, Stream } from "effect";
+import { assignUser as assignUserE, deletePasskey as deletePasskeyE, getPasskey as getPasskeyE, listPasskeys as listPasskeysE, listPasskeysStream as listPasskeysStreamE, } from "./effects.js";
+/**
+ * Call the Passlock backend API to assign a userId to an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export const assignUser = (request) => pipe(assignUserE(request), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Call the Passlock backend API to assign a userId to an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export const assignUserUnsafe = (request) => pipe(assignUserE(request), Effect.runPromise);
+/**
+ * Call the Passlock backend API to delete an authenticator
+ * @param options
+ * @param options
+ * @returns
+ */
+export const deletePasskey = (passkeyId, options) => pipe(deletePasskeyE(passkeyId, options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Call the Passlock backend API to delete an authenticator
+ * @param options
+ * @param options
+ * @returns
+ */
+export const deletePasskeyUnsafe = (passkeyId, options) => pipe(deletePasskeyE(passkeyId, options), Effect.as({ passkeyId }), Effect.runPromise);
+/**
+ * Call the Passlock backend API to fetch an authenticator
+ * @param request
+ * @param request
+ * @returns
+ */
+export const getPasskey = (authenticatorId, options) => pipe(getPasskeyE(authenticatorId, options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Call the Passlock backend API to fetch an authenticator
+ * @param authenticatorId
+ * @param options
+ * @returns
+ */
+export const getPasskeyUnsafe = (authenticatorId, options) => pipe(getPasskeyE(authenticatorId, options), Effect.runPromise);
+/**
+ * List passkeys for the given tenancy. Note this could return a cursor, in which case the function chould be called with the given cursor.
+ * @param options
+ * @returns
+ */
+export const listPasskeys = (options) => pipe(listPasskeysE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * List passkeys for the given tenancy. Note this could return a cursor, in which case the function chould be called with the given cursor.
+ * @param options
+ * @returns
+ */
+export const listPasskeysUnsafe = (options) => pipe(listPasskeysE(options), Effect.runPromise);
+export const listPasskeysStream = (options) => pipe(listPasskeysStreamE(options), (stream) => Stream.toReadableStream(stream));
+//# sourceMappingURL=index.js.map

package/dist/passkey/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/passkey/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AACvD,OAAO,EACL,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,UAAU,IAAI,WAAW,EACzB,YAAY,IAAI,aAAa,EAC7B,kBAAkB,IAAI,mBAAmB,GAC1C,MAAM,cAAc,CAAA;AAErB;;;;;GAKG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,OAA0B,EAA2C,EAAE,CAChG,IAAI,CACF,WAAW,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,OAA0B,EAAoB,EAAE,CAC/E,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE/C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,SAAiB,EACjB,OAAmC,EACa,EAAE,CAClD,IAAI,CACF,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,EAClC,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,SAAiB,EACjB,OAAmC,EACH,EAAE,CAClC,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEvF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,eAAuB,EACvB,OAAgC,EACS,EAAE,CAC3C,IAAI,CACF,WAAW,CAAC,eAAe,EAAE,OAAO,CAAC,EACrC,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,eAAuB,EACvB,OAAgC,EACd,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AASrF;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,OAA2B,EAAwC,EAAE,CAChG,IAAI,CACF,aAAa,CAAC,OAAO,CAAC,EACtB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,OAA2B,EAA4B,EAAE,CAC1F,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEjD,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,OAAoC,EACJ,EAAE,CAClC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAA","sourcesContent":["import type { Forbidden, NotFound } from \"../schemas/errors.js\"\nimport type { DeletedPasskey, FindAllPasskeys, PasskeySummary } from \"../schemas/passkey.js\"\nimport type { AuthenticatedTenancyOptions } from \"../shared.js\"\nimport type {\n  AssignUserRequest,\n  DeleteAuthenticatorOptions,\n  GetAuthenticatorOptions,\n  ListPasskeyOptions,\n  Passkey,\n} from \"./effects.js\"\nimport { Effect, identity, pipe, Stream } from \"effect\"\nimport {\n  assignUser as assignUserE,\n  deletePasskey as deletePasskeyE,\n  getPasskey as getPasskeyE,\n  listPasskeys as listPasskeysE,\n  listPasskeysStream as listPasskeysStreamE,\n} from \"./effects.js\"\n\n/**\n * Call the Passlock backend API to assign a userId to an authenticator\n * @param request\n * @param request\n * @returns\n */\nexport const assignUser = (request: AssignUserRequest): Promise<Passkey | NotFound | Forbidden> =>\n  pipe(\n    assignUserE(request),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Call the Passlock backend API to assign a userId to an authenticator\n * @param request\n * @param request\n * @returns\n */\nexport const assignUserUnsafe = (request: AssignUserRequest): Promise<Passkey> =>\n  pipe(assignUserE(request), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to delete an authenticator\n * @param options\n * @param options\n * @returns\n */\nexport const deletePasskey = (\n  passkeyId: string,\n  options: DeleteAuthenticatorOptions\n): Promise<DeletedPasskey | Forbidden | NotFound> =>\n  pipe(\n    deletePasskeyE(passkeyId, options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Call the Passlock backend API to delete an authenticator\n * @param options\n * @param options\n * @returns\n */\nexport const deletePasskeyUnsafe = (\n  passkeyId: string,\n  options: DeleteAuthenticatorOptions\n): Promise<{ passkeyId: string }> =>\n  pipe(deletePasskeyE(passkeyId, options), Effect.as({ passkeyId }), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to fetch an authenticator\n * @param request\n * @param request\n * @returns\n */\nexport const getPasskey = (\n  authenticatorId: string,\n  options: GetAuthenticatorOptions\n): Promise<Passkey | Forbidden | NotFound> =>\n  pipe(\n    getPasskeyE(authenticatorId, options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Call the Passlock backend API to fetch an authenticator\n * @param authenticatorId\n * @param options\n * @returns\n */\nexport const getPasskeyUnsafe = (\n  authenticatorId: string,\n  options: GetAuthenticatorOptions\n): Promise<Passkey> => pipe(getPasskeyE(authenticatorId, options), Effect.runPromise)\n\nexport type {\n  AssignUserRequest,\n  DeleteAuthenticatorOptions,\n  GetAuthenticatorOptions,\n  Passkey,\n} from \"./effects.js\"\n\n/**\n * List passkeys for the given tenancy. Note this could return a cursor, in which case the function chould be called with the given cursor.\n * @param options\n * @returns\n */\nexport const listPasskeys = (options: ListPasskeyOptions): Promise<FindAllPasskeys | Forbidden> =>\n  pipe(\n    listPasskeysE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * List passkeys for the given tenancy. Note this could return a cursor, in which case the function chould be called with the given cursor.\n * @param options\n * @returns\n */\nexport const listPasskeysUnsafe = (options: ListPasskeyOptions): Promise<FindAllPasskeys> =>\n  pipe(listPasskeysE(options), Effect.runPromise)\n\nexport const listPasskeysStream = (\n  options: AuthenticatedTenancyOptions\n): ReadableStream<PasskeySummary> =>\n  pipe(listPasskeysStreamE(options), (stream) => Stream.toReadableStream(stream))\n\nexport type { ListPasskeyOptions } from \"./effects.js\"\n"]}

package/dist/principal/effects.d.ts

@@ -0,0 +1,18 @@
+import type { AuthenticatedTenancyOptions, TenancyOptions } from "../shared.js";
+import { HttpClient } from "@effect/platform";
+import { Effect, type Layer } from "effect";
+import { Forbidden, InvalidCode } from "../schemas/errors.js";
+import { ExtendedPrincipal, type Principal } from "../schemas/principal.js";
+type ExchangeCodeOptions = AuthenticatedTenancyOptions;
+export declare const exchangeCode: (code: string, options: ExchangeCodeOptions, httpClient?: Layer.Layer<HttpClient.HttpClient>) => Effect.Effect<ExtendedPrincipal, InvalidCode | Forbidden>;
+type VerifyTokenOptions = TenancyOptions;
+declare const VerificationFailure_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+    readonly _tag: "@error/VerificationFailure";
+} & Readonly<A>;
+export declare class VerificationFailure extends VerificationFailure_base<{
+    message: string;
+}> {
+}
+export declare const verifyIdToken: (token: string, options: VerifyTokenOptions) => Effect.Effect<Principal, VerificationFailure>;
+export type { ExchangeCodeOptions, Principal, VerifyTokenOptions };
+//# sourceMappingURL=effects.d.ts.map

package/dist/principal/effects.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"effects.d.ts","sourceRoot":"","sources":["../../src/principal/effects.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,2BAA2B,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC/E,OAAO,EAAmB,UAAU,EAAsB,MAAM,kBAAkB,CAAA;AAClF,OAAO,EAAQ,MAAM,EAAE,KAAK,KAAK,EAAuB,MAAM,QAAQ,CAAA;AAEtE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,iBAAiB,EAAW,KAAK,SAAS,EAAE,MAAM,yBAAyB,CAAA;AAEpF,KAAK,mBAAmB,GAAG,2BAA2B,CAAA;AAEtD,eAAO,MAAM,YAAY,GACvB,MAAM,MAAM,EACZ,SAAS,mBAAmB,EAC5B,aAAY,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAyB,KACrE,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,WAAW,GAAG,SAAS,CAmCxD,CAAA;AAEH,KAAK,kBAAkB,GAAG,cAAc,CAAA;;;;AAWxC,qBAAa,mBAAoB,SAAQ,yBAA+C;IACtF,OAAO,EAAE,MAAM,CAAA;CAChB,CAAC;CAAG;AAEL,eAAO,MAAM,aAAa,GACxB,OAAO,MAAM,EACb,SAAS,kBAAkB,KAC1B,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,mBAAmB,CAyC5C,CAAA;AAEH,YAAY,EAAE,mBAAmB,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAA"}

package/dist/principal/effects.js

@@ -0,0 +1,64 @@
+import { FetchHttpClient, HttpClient, HttpClientResponse } from "@effect/platform";
+import { Data, Effect, Match, pipe, Schema } from "effect";
+import * as jose from "jose";
+import { Forbidden, InvalidCode } from "../schemas/errors.js";
+import { ExtendedPrincipal, IdToken } from "../schemas/principal.js";
+export const exchangeCode = (code, options, httpClient = FetchHttpClient.layer) => pipe(Effect.gen(function* () {
+    const client = yield* HttpClient.HttpClient;
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const { tenancyId } = options;
+    const url = new URL(`/${tenancyId}/principal/${code}`, baseUrl);
+    const response = yield* pipe(client.get(url, {
+        headers: { Authorization: `Bearer ${options.apiKey}` },
+    }));
+    const encoded = yield* HttpClientResponse.matchStatus(response, {
+        "2xx": () => HttpClientResponse.schemaBodyJson(ExtendedPrincipal)(response),
+        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(InvalidCode, Forbidden))(response),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("ExtendedPrincipal", (principal) => Effect.succeed(principal)), Match.tag("@error/InvalidCode", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    ParseError: (err) => Effect.die(err),
+    RequestError: (err) => Effect.die(err),
+    ResponseError: (err) => Effect.die(err),
+}), Effect.provide(httpClient));
+const createJwks = (endpoint) => Effect.sync(() => {
+    const baseUrl = endpoint ?? "https://api.passlock.dev";
+    return jose.createRemoteJWKSet(new URL("/.well-known/jwks.json", baseUrl));
+});
+const createCachedRemoteJwks = pipe(Effect.cachedFunction(createJwks), Effect.runSync);
+export class VerificationFailure extends Data.TaggedError("@error/VerificationFailure") {
+}
+export const verifyIdToken = (token, options) => pipe(Effect.gen(function* () {
+    const JWKS = yield* createCachedRemoteJwks(options.endpoint);
+    const { payload } = yield* Effect.tryPromise({
+        catch: (err) => {
+            console.error(err);
+            return err instanceof Error
+                ? new VerificationFailure({ message: err.message })
+                : new VerificationFailure({ message: String(err) });
+        },
+        try: () => jose.jwtVerify(token, JWKS, {
+            audience: options.tenancyId,
+            issuer: "passlock.dev",
+        }),
+    });
+    const idToken = yield* Schema.decodeUnknown(IdToken)({
+        ...payload,
+        _tag: "IdToken",
+    });
+    const principal = {
+        _tag: "Principal",
+        id: idToken["jti"],
+        authenticatorId: idToken["a:id"],
+        authenticatorType: "passkey",
+        createdAt: idToken.iat * 1000,
+        expiresAt: idToken.exp * 1000,
+        passkey: {
+            userVerified: idToken["pk:uv"],
+            verified: true,
+        },
+        userId: idToken.sub,
+    };
+    return principal;
+}), Effect.catchTag("ParseError", (err) => Effect.die(err)));
+//# sourceMappingURL=effects.js.map

package/dist/principal/effects.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"effects.js","sourceRoot":"","sources":["../../src/principal/effects.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AAClF,OAAO,EAAE,IAAI,EAAE,MAAM,EAAc,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AACtE,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,iBAAiB,EAAE,OAAO,EAAkB,MAAM,yBAAyB,CAAA;AAIpF,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,IAAY,EACZ,OAA4B,EAC5B,aAAiD,eAAe,CAAC,KAAK,EACX,EAAE,CAC7D,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAA;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAA;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,cAAc,IAAI,EAAE,EAAE,OAAO,CAAC,CAAA;IAE/D,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,IAAI,CAC1B,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE;QACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CACH,CAAA;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC;QAC3E,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;KACpF,CAAC,CAAA;IAEF,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EACxE,KAAK,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACpC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtC,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACxC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAIH,MAAM,UAAU,GAAG,CAAC,QAAiB,EAAE,EAAE,CACvC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE;IACf,MAAM,OAAO,GAAG,QAAQ,IAAI,0BAA0B,CAAA;IAEtD,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC,CAAA;AAC5E,CAAC,CAAC,CAAA;AAEJ,MAAM,sBAAsB,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;AAEtF,MAAM,OAAO,mBAAoB,SAAQ,IAAI,CAAC,WAAW,CAAC,4BAA4B,CAEpF;CAAG;AAEL,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,KAAa,EACb,OAA2B,EACoB,EAAE,CACjD,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,sBAAsB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAE5D,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;QAC3C,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE;YACb,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAClB,OAAO,GAAG,YAAY,KAAK;gBACzB,CAAC,CAAC,IAAI,mBAAmB,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;gBACnD,CAAC,CAAC,IAAI,mBAAmB,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACvD,CAAC;QACD,GAAG,EAAE,GAAG,EAAE,CACR,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;YAC1B,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,MAAM,EAAE,cAAc;SACvB,CAAC;KACL,CAAC,CAAA;IAEF,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACnD,GAAG,OAAO;QACV,IAAI,EAAE,SAAS;KAChB,CAAC,CAAA;IAEF,MAAM,SAAS,GAAc;QAC3B,IAAI,EAAE,WAAW;QACjB,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC;QAClB,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC;QAChC,iBAAiB,EAAE,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,GAAG,GAAG,IAAI;QAC7B,SAAS,EAAE,OAAO,CAAC,GAAG,GAAG,IAAI;QAC7B,OAAO,EAAE;YACP,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC;YAC9B,QAAQ,EAAE,IAAI;SACf;QACD,MAAM,EAAE,OAAO,CAAC,GAAG;KACpB,CAAA;IAED,OAAO,SAAS,CAAA;AAClB,CAAC,CAAC,EACF,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CACxD,CAAA","sourcesContent":["import type { AuthenticatedTenancyOptions, TenancyOptions } from \"../shared.js\"\nimport { FetchHttpClient, HttpClient, HttpClientResponse } from \"@effect/platform\"\nimport { Data, Effect, type Layer, Match, pipe, Schema } from \"effect\"\nimport * as jose from \"jose\"\nimport { Forbidden, InvalidCode } from \"../schemas/errors.js\"\nimport { ExtendedPrincipal, IdToken, type Principal } from \"../schemas/principal.js\"\n\ntype ExchangeCodeOptions = AuthenticatedTenancyOptions\n\nexport const exchangeCode = (\n  code: string,\n  options: ExchangeCodeOptions,\n  httpClient: Layer.Layer<HttpClient.HttpClient> = FetchHttpClient.layer\n): Effect.Effect<ExtendedPrincipal, InvalidCode | Forbidden> =>\n  pipe(\n    Effect.gen(function* () {\n      const client = yield* HttpClient.HttpClient\n      const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n      const { tenancyId } = options\n\n      const url = new URL(`/${tenancyId}/principal/${code}`, baseUrl)\n\n      const response = yield* pipe(\n        client.get(url, {\n          headers: { Authorization: `Bearer ${options.apiKey}` },\n        })\n      )\n\n      const encoded = yield* HttpClientResponse.matchStatus(response, {\n        \"2xx\": () => HttpClientResponse.schemaBodyJson(ExtendedPrincipal)(response),\n        orElse: () =>\n          HttpClientResponse.schemaBodyJson(Schema.Union(InvalidCode, Forbidden))(response),\n      })\n\n      return yield* pipe(\n        Match.value(encoded),\n        Match.tag(\"ExtendedPrincipal\", (principal) => Effect.succeed(principal)),\n        Match.tag(\"@error/InvalidCode\", (err) => Effect.fail(err)),\n        Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n        Match.exhaustive\n      )\n    }),\n    Effect.catchTags({\n      ParseError: (err) => Effect.die(err),\n      RequestError: (err) => Effect.die(err),\n      ResponseError: (err) => Effect.die(err),\n    }),\n    Effect.provide(httpClient)\n  )\n\ntype VerifyTokenOptions = TenancyOptions\n\nconst createJwks = (endpoint?: string) =>\n  Effect.sync(() => {\n    const baseUrl = endpoint ?? \"https://api.passlock.dev\"\n\n    return jose.createRemoteJWKSet(new URL(\"/.well-known/jwks.json\", baseUrl))\n  })\n\nconst createCachedRemoteJwks = pipe(Effect.cachedFunction(createJwks), Effect.runSync)\n\nexport class VerificationFailure extends Data.TaggedError(\"@error/VerificationFailure\")<{\n  message: string\n}> {}\n\nexport const verifyIdToken = (\n  token: string,\n  options: VerifyTokenOptions\n): Effect.Effect<Principal, VerificationFailure> =>\n  pipe(\n    Effect.gen(function* () {\n      const JWKS = yield* createCachedRemoteJwks(options.endpoint)\n\n      const { payload } = yield* Effect.tryPromise({\n        catch: (err) => {\n          console.error(err)\n          return err instanceof Error\n            ? new VerificationFailure({ message: err.message })\n            : new VerificationFailure({ message: String(err) })\n        },\n        try: () =>\n          jose.jwtVerify(token, JWKS, {\n            audience: options.tenancyId,\n            issuer: \"passlock.dev\",\n          }),\n      })\n\n      const idToken = yield* Schema.decodeUnknown(IdToken)({\n        ...payload,\n        _tag: \"IdToken\",\n      })\n\n      const principal: Principal = {\n        _tag: \"Principal\",\n        id: idToken[\"jti\"],\n        authenticatorId: idToken[\"a:id\"],\n        authenticatorType: \"passkey\",\n        createdAt: idToken.iat * 1000,\n        expiresAt: idToken.exp * 1000,\n        passkey: {\n          userVerified: idToken[\"pk:uv\"],\n          verified: true,\n        },\n        userId: idToken.sub,\n      }\n\n      return principal\n    }),\n    Effect.catchTag(\"ParseError\", (err) => Effect.die(err))\n  )\n\nexport type { ExchangeCodeOptions, Principal, VerifyTokenOptions }\n"]}

package/dist/principal/index.d.ts

@@ -1,22 +1,20 @@
-import { type Principal } from "./effect.js";
-import type { VerificationError, InvalidCode } from "./effect.js";
-import { type Forbidden, type ApiOptions, type AuthorizedApiOptions } from "../shared.js";
-export type { VerificationError, Principal } from "./effect.js";
-export { isPrincipal } from "./effect.js";
+import type { Forbidden, InvalidCode } from "../schemas/errors.js";
+import type { ExtendedPrincipal, Principal } from "../schemas/principal.js";
+import { type ExchangeCodeOptions, type VerificationFailure, type VerifyTokenOptions } from "./effects.js";
 /**
  * Call the Passlock backend API to exchange a code for a Principal
  * @param code
  * @package options
  * @returns
  */
-export declare const exchangeCode: (code: string, options: AuthorizedApiOptions) => Promise<Principal | Forbidden | InvalidCode>;
+export declare const exchangeCode: (code: string, options: ExchangeCodeOptions) => Promise<ExtendedPrincipal | Forbidden | InvalidCode>;
 /**
  * Call the Passlock backend API to exchange a code for a Principal
  * @param code
  * @package options
  * @returns
  */
-export declare const exchangeCodeUnsafe: (code: string, options: AuthorizedApiOptions) => Promise<Principal>;
+export declare const exchangeCodeUnsafe: (code: string, options: ExchangeCodeOptions) => Promise<ExtendedPrincipal>;
 /**
  * Decode and verify a Passlock idToken.
  * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
@@ -27,7 +25,7 @@ export declare const exchangeCodeUnsafe: (code: string, options: AuthorizedApiOp
  * @param options
  * @returns
  */
-export declare const verifyIdToken: (token: string, options: ApiOptions) => Promise<Principal | VerificationError>;
+export declare const verifyIdToken: (token: string, options: VerifyTokenOptions) => Promise<Principal | VerificationFailure>;
 /**
  * Decode and verify a Passlock idToken.
  * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
@@ -38,5 +36,8 @@ export declare const verifyIdToken: (token: string, options: ApiOptions) => Prom
  * @param options
  * @returns
  */
-export declare const verifyIdTokenUnsafe: (token: string, options: ApiOptions) => Promise<Principal>;
+export declare const verifyIdTokenUnsafe: (token: string, options: VerifyTokenOptions) => Promise<Principal>;
+export type { InvalidCode } from "../schemas/errors.js";
+export type { ExchangeCodeOptions, Principal, VerificationFailure, VerifyTokenOptions, } from "./effects.js";
+export * from "../schemas/principal.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/principal/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/principal/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,KAAK,SAAS,EAGf,MAAM,aAAa,CAAC;AAErB,OAAO,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAElE,OAAO,EACL,KAAK,SAAS,EAEd,KAAK,UAAU,EACf,KAAK,oBAAoB,EAC1B,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAEhE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C;;;;;GAKG;AACH,eAAO,MAAM,YAAY,GACvB,MAAM,MAAM,EACZ,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,GAAG,SAAS,GAAG,WAAW,CAc3C,CAAC;AAEJ;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAC7B,MAAM,MAAM,EACZ,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,CA8BjB,CAAC;AAEJ;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GACxB,OAAO,MAAM,EACb,SAAS,UAAU,KAClB,OAAO,CAAC,SAAS,GAAG,iBAAiB,CAYrC,CAAC;AAEJ;;;;;;;;;GASG;AACH,eAAO,MAAM,mBAAmB,GAC9B,OAAO,MAAM,EACb,SAAS,UAAU,KAClB,OAAO,CAAC,SAAS,CAajB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/principal/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAClE,OAAO,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AAG3E,OAAO,EACL,KAAK,mBAAmB,EAExB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EAExB,MAAM,cAAc,CAAA;AAErB;;;;;GAKG;AACH,eAAO,MAAM,YAAY,GACvB,MAAM,MAAM,EACZ,SAAS,mBAAmB,KAC3B,OAAO,CAAC,iBAAiB,GAAG,SAAS,GAAG,WAAW,CAMnD,CAAA;AAEH;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,GAC7B,MAAM,MAAM,EACZ,SAAS,mBAAmB,KAC3B,OAAO,CAAC,iBAAiB,CACkE,CAAA;AAE9F;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GACxB,OAAO,MAAM,EACb,SAAS,kBAAkB,KAC1B,OAAO,CAAC,SAAS,GAAG,mBAAmB,CAKvC,CAAA;AAEH;;;;;;;;;GASG;AACH,eAAO,MAAM,mBAAmB,GAC9B,OAAO,MAAM,EACb,SAAS,kBAAkB,KAC1B,OAAO,CAAC,SAAS,CAC4E,CAAA;AAEhG,YAAY,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AACvD,YAAY,EACV,mBAAmB,EACnB,SAAS,EACT,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,cAAc,CAAA;AACrB,cAAc,yBAAyB,CAAA"}

package/dist/principal/index.js

@@ -1,32 +1,20 @@
 import { FetchHttpClient } from "@effect/platform";
-import { Effect, Either, identity, Match, pipe } from "effect";
-import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from "./effect.js";
-import { UnexpectedError, } from "../shared.js";
-export { isPrincipal } from "./effect.js";
+import { Effect, identity, pipe } from "effect";
+import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from "./effects.js";
 /**
  * Call the Passlock backend API to exchange a code for a Principal
  * @param code
  * @package options
  * @returns
  */
-export const exchangeCode = (code, options) => pipe(exchangeCodeE(code, options), Effect.catchTags({
-    ParseError: (err) => Effect.die(err),
-    RequestError: (err) => Effect.die(err),
-    ResponseError: (err) => Effect.die(err),
-}), Effect.match({
-    onSuccess: identity,
-    onFailure: identity,
-}), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
+export const exchangeCode = (code, options) => pipe(exchangeCodeE(code, options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
 /**
  * Call the Passlock backend API to exchange a code for a Principal
  * @param code
  * @package options
  * @returns
  */
-export const exchangeCodeUnsafe = (code, options) => pipe(exchangeCodeE(code, options), Effect.either, Effect.provide(FetchHttpClient.layer), Effect.runPromise, (p) => p.then((response) => Either.match(response, {
-    onLeft: (err) => pipe(Match.value(err), Match.tag("ParseError", (err) => new UnexpectedError(err)), Match.tag("RequestError", (err) => new UnexpectedError(err)), Match.tag("ResponseError", (err) => new UnexpectedError(err)), Match.tag("@error/InvalidCode", (err) => new UnexpectedError(err)), Match.tag("@error/Forbidden", ({ _tag }) => new UnexpectedError({ _tag, message: "Forbidden" })), Match.exhaustive, (serverError) => Promise.reject(serverError)),
-    onRight: (success) => Promise.resolve(success),
-})));
+export const exchangeCodeUnsafe = (code, options) => pipe(exchangeCodeE(code, options), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
 /**
  * Decode and verify a Passlock idToken.
  * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
@@ -37,12 +25,7 @@ export const exchangeCodeUnsafe = (code, options) => pipe(exchangeCodeE(code, op
  * @param options
  * @returns
  */
-export const verifyIdToken = (token, options) => pipe(verifyIdTokenE(token, options), Effect.catchTags({
-    ParseError: (err) => Effect.die(err),
-}), Effect.match({
-    onSuccess: identity,
-    onFailure: identity,
-}), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
+export const verifyIdToken = (token, options) => pipe(verifyIdTokenE(token, options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
 /**
  * Decode and verify a Passlock idToken.
  * Note: This will make a network call to the passlock.dev/.well-known/jwks.json
@@ -53,8 +36,6 @@ export const verifyIdToken = (token, options) => pipe(verifyIdTokenE(token, opti
  * @param options
  * @returns
  */
-export const verifyIdTokenUnsafe = (token, options) => pipe(verifyIdTokenE(token, options), Effect.either, Effect.provide(FetchHttpClient.layer), Effect.runPromise, (p) => p.then((response) => Either.match(response, {
-    onLeft: (err) => Promise.reject(new UnexpectedError(err)),
-    onRight: (success) => Promise.resolve(success),
-})));
+export const verifyIdTokenUnsafe = (token, options) => pipe(verifyIdTokenE(token, options), Effect.provide(FetchHttpClient.layer), Effect.runPromise);
+export * from "../schemas/principal.js";
 //# sourceMappingURL=index.js.map