@passlock/node 2.0.0-beta.2 → 2.0.0-beta.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@passlock/node",
-  "version": "2.0.0-beta.2",
+  "version": "2.0.0-beta.5",
   "description": "Passkey authentication for NodeJS backends",
   "keywords": [
     "passkey",
@@ -29,15 +29,10 @@
       "import": "./dist/index.js",
       "default": "./dist/index.js"
     },
-    "./principal": {
-      "types": "./dist/principal/index.d.ts",
-      "import": "./dist/principal/index.js",
-      "default": "./dist/principal/index.js"
-    },
-    "./user": {
-      "types": "./dist/user/index.d.ts",
-      "import": "./dist/user/index.js",
-      "default": "./dist/user/index.js"
+    "./effects": {
+      "types": "./dist/effects/index.d.ts",
+      "import": "./dist/effects/index.js",
+      "default": "./dist/effects/index.js"
     }
   },
   "module": "./dist/index.js",
@@ -48,24 +43,24 @@
     "!dist/**/*.spec.*"
   ],
   "dependencies": {
-    "@effect/platform": "^0.93.6",
-    "@effect/platform-node": "^0.103.0",
-    "effect": "3.19.10",
+    "@effect/platform": "^0.94.1",
+    "@effect/platform-node": "^0.104.0",
     "jose": "^6.1.3"
   },
   "devDependencies": {
-    "@eslint/compat": "^2.0.0",
-    "@eslint/js": "^9.39.1",
-    "@types/node": "24.10.2",
-    "eslint": "^9.39.1",
-    "globals": "^16.5.0",
-    "npm-check-updates": "^19.1.2",
-    "prettier": "^3.7.4",
-    "publint": "0.3.15",
+    "@biomejs/biome": "^2.3.11",
+    "@effect/vitest": "^0.27.0",
+    "@types/node": "25.0.9",
+    "globals": "^17.0.0",
+    "npm-check-updates": "^19.3.1",
+    "publint": "0.3.17",
     "rimraf": "^6.1.2",
     "tsx": "4.21.0",
     "typescript": "^5.9.3",
-    "typescript-eslint": "^8.49.0"
+    "vitest": "^3.2.4"
+  },
+  "peerDependencies": {
+    "effect": "3.19.14"
   },
   "engines": {
     "node": ">=22"
@@ -77,14 +72,18 @@
     "build:readme": "LATEST=${npm_package_version} tsx ../../scripts/replace-readme-tokens.ts ./packages/node",
     "clean": "tsc --build --clean",
     "clean:full": "rimraf dist tsconfig.tsbuildinfo",
-    "format": "prettier --write \"src/**/*.+(js|ts|json)\"",
-    "lint": "prettier --check \"src/**/*.+(js|ts|json)\" && eslint ./src",
-    "lint:fix": "prettier --check \"src/**/*.+(js|ts|json)\" && eslint ./src --fix",
     "replaceTokens": "LATEST=${npm_package_version} tsx ../../scripts/replace-tokens.ts ./packages/node",
-    "test": "vitest run",
+    "test": "vitest --project unit",
+    "test:it": "vitest --project integration",
+    "test:all": "vitest run --project unit --project integration",
     "test:coverage": "vitest run --coverage",
     "test:ui": "vitest --coverage.enabled=true --ui",
     "test:watch": "vitest dev",
-    "typecheck": "tsc --noEmit"
+    "typecheck": "tsc --noEmit",
+    "lint": "biome check .",
+    "lint:fix": "biome check --fix .",
+    "lint:ci": "biome ci .",
+    "format": "biome format --fix .",
+    "format:check": "biome format ."
   }
 }

package/dist/principal/effect.d.ts

@@ -1,53 +0,0 @@
-import { HttpClient } from "@effect/platform";
-import type { RequestError, ResponseError } from "@effect/platform/HttpClientError";
-import { Effect, Schema } from "effect";
-import type { ParseError } from "effect/ParseResult";
-import { Forbidden, type ApiOptions, type AuthorizedApiOptions } from "../shared.js";
-declare const InvalidCode_base: Schema.TaggedErrorClass<InvalidCode, "@error/InvalidCode", {
-    readonly _tag: Schema.tag<"@error/InvalidCode">;
-} & {
-    message: typeof Schema.String;
-}>;
-export declare class InvalidCode extends InvalidCode_base {
-    static isInvalidCode: (payload: unknown) => payload is InvalidCode;
-}
-export declare const Principal: Schema.TaggedStruct<"Principal", {
-    tenancyId: typeof Schema.String;
-    userId: typeof Schema.String;
-    code: typeof Schema.String;
-    authenticatorId: typeof Schema.String;
-    passkey: Schema.optionalWith<Schema.Struct<{
-        userVerified: Schema.optionalWith<typeof Schema.Boolean, {
-            nullable: true;
-        }>;
-    }>, {
-        nullable: true;
-    }>;
-    createdAt: typeof Schema.DateFromNumber;
-    expiresAt: typeof Schema.DateFromNumber;
-}>;
-export type Principal = typeof Principal.Type;
-export declare const isPrincipal: (payload: unknown) => payload is Principal;
-export declare const IdToken: Schema.TaggedStruct<"IdToken", {
-    "a:id": typeof Schema.String;
-    "a:typ": typeof Schema.String;
-    iss: Schema.Literal<["passlock.dev"]>;
-    "pk:uv": typeof Schema.Boolean;
-    sub: typeof Schema.String;
-    jti: typeof Schema.String;
-    aud: typeof Schema.String;
-    iat: typeof Schema.Number;
-    exp: typeof Schema.Number;
-}>;
-export type IdToken = typeof IdToken.Type;
-export declare const exchangeCode: (code: string, options: AuthorizedApiOptions) => Effect.Effect<Principal, InvalidCode | Forbidden | ParseError | RequestError | ResponseError, HttpClient.HttpClient>;
-declare const VerificationError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
-    readonly _tag: "VerificationError";
-} & Readonly<A>;
-export declare class VerificationError extends VerificationError_base<{
-    message: string;
-}> {
-}
-export declare const verifyIdToken: (token: string, options: ApiOptions) => Effect.Effect<Principal, VerificationError | ParseError>;
-export {};
-//# sourceMappingURL=effect.d.ts.map

package/dist/principal/effect.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"effect.d.ts","sourceRoot":"","sources":["../../src/principal/effect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAsB,MAAM,kBAAkB,CAAC;AAClE,OAAO,KAAK,EACV,YAAY,EACZ,aAAa,EACd,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAQ,MAAM,EAAe,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC3D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGrD,OAAO,EACL,SAAS,EACT,KAAK,UAAU,EACf,KAAK,oBAAoB,EAC1B,MAAM,cAAc,CAAC;;;;;;AAEtB,qBAAa,WAAY,SAAQ,gBAEkB;IACjD,MAAM,CAAC,aAAa,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,WAAW,CAC/B;CACnC;AAED,eAAO,MAAM,SAAS;;;;;;;;;;;;;;EAepB,CAAC;AAEH,MAAM,MAAM,SAAS,GAAG,OAAO,SAAS,CAAC,IAAI,CAAC;AAE9C,eAAO,MAAM,WAAW,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,SAC3B,CAAC;AAEhC,eAAO,MAAM,OAAO;;;;;;;;;;EAUlB,CAAC;AAEH,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,IAAI,CAAC;AAE1C,eAAO,MAAM,YAAY,GACvB,MAAM,MAAM,EACZ,SAAS,oBAAoB,KAC5B,MAAM,CAAC,MAAM,CACd,SAAS,EACT,WAAW,GAAG,SAAS,GAAG,UAAU,GAAG,YAAY,GAAG,aAAa,EACnE,UAAU,CAAC,UAAU,CA4BnB,CAAC;;;;AAEL,qBAAa,iBAAkB,SAAQ,uBAAsC;IAC3E,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;CAAG;AAEL,eAAO,MAAM,aAAa,GACxB,OAAO,MAAM,EACb,SAAS,UAAU,KAClB,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,iBAAiB,GAAG,UAAU,CAsCtD,CAAC"}

package/dist/principal/effect.js

@@ -1,78 +0,0 @@
-import { HttpClient, HttpClientResponse } from "@effect/platform";
-import { Data, Effect, Match, pipe, Schema } from "effect";
-import * as jose from "jose";
-import { Forbidden, } from "../shared.js";
-export class InvalidCode extends Schema.TaggedError("@error/InvalidCode")("@error/InvalidCode", { message: Schema.String }) {
-    static isInvalidCode = (payload) => Schema.is(InvalidCode)(payload);
-}
-export const Principal = Schema.TaggedStruct("Principal", {
-    tenancyId: Schema.String,
-    userId: Schema.String,
-    code: Schema.String,
-    authenticatorId: Schema.String,
-    passkey: Schema.optionalWith(Schema.Struct({
-        userVerified: Schema.optionalWith(Schema.Boolean, { nullable: true }),
-    }), {
-        nullable: true,
-    }),
-    createdAt: Schema.DateFromNumber,
-    expiresAt: Schema.DateFromNumber,
-});
-export const isPrincipal = (payload) => Schema.is(Principal)(payload);
-export const IdToken = Schema.TaggedStruct("IdToken", {
-    "a:id": Schema.String,
-    "a:typ": Schema.String,
-    iss: Schema.Literal("passlock.dev"),
-    "pk:uv": Schema.Boolean,
-    sub: Schema.String,
-    jti: Schema.String,
-    aud: Schema.String,
-    iat: Schema.Number,
-    exp: Schema.Number,
-});
-export const exchangeCode = (code, options) => Effect.gen(function* () {
-    const client = yield* HttpClient.HttpClient;
-    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
-    const url = new URL(`/${options.tenancyId}/principal/${code}`, baseUrl);
-    const response = yield* pipe(client.get(url, {
-        headers: { Authorization: `Bearer ${options.apiKey}` },
-    }));
-    const encoded = yield* HttpClientResponse.matchStatus(response, {
-        "2xx": () => HttpClientResponse.schemaBodyJson(Principal)(response),
-        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(InvalidCode, Forbidden))(response),
-    });
-    return yield* pipe(Match.value(encoded), Match.tag("Principal", (principal) => Effect.succeed(principal)), Match.tag("@error/InvalidCode", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
-});
-export class VerificationError extends Data.TaggedError("VerificationError") {
-}
-export const verifyIdToken = (token, options) => Effect.gen(function* () {
-    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
-    const JWKS = jose.createRemoteJWKSet(new URL("/.well-known/jwks.json", baseUrl));
-    const { payload } = yield* Effect.tryPromise({
-        try: () => jose.jwtVerify(token, JWKS, {
-            issuer: "passlock.dev",
-            audience: options.tenancyId,
-        }),
-        catch: (err) => err instanceof Error
-            ? new VerificationError({ message: err.message })
-            : new VerificationError({ message: String(err) }),
-    });
-    const idToken = yield* Schema.decodeUnknown(IdToken)({
-        ...payload,
-        _tag: "IdToken",
-    });
-    const principal = {
-        _tag: "Principal",
-        tenancyId: options.tenancyId,
-        userId: idToken.sub,
-        code: idToken.jti,
-        authenticatorId: idToken["a:id"],
-        passkey: {
-            userVerified: idToken["pk:uv"],
-        },
-        createdAt: new Date(idToken.iat * 1000),
-        expiresAt: new Date(idToken.exp * 1000),
-    };
-    return principal;
-});
-//# sourceMappingURL=effect.js.map

package/dist/principal/effect.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"effect.js","sourceRoot":"","sources":["../../src/principal/effect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAKlE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAE3D,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EACL,SAAS,GAGV,MAAM,cAAc,CAAC;AAEtB,MAAM,OAAO,WAAY,SAAQ,MAAM,CAAC,WAAW,CACjD,oBAAoB,CACrB,CAAC,oBAAoB,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;IACjD,MAAM,CAAC,aAAa,GAAG,CAAC,OAAgB,EAA0B,EAAE,CAClE,MAAM,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC;;AAGpC,MAAM,CAAC,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,WAAW,EAAE;IACxD,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,IAAI,EAAE,MAAM,CAAC,MAAM;IACnB,eAAe,EAAE,MAAM,CAAC,MAAM;IAC9B,OAAO,EAAE,MAAM,CAAC,YAAY,CAC1B,MAAM,CAAC,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;KACtE,CAAC,EACF;QACE,QAAQ,EAAE,IAAI;KACf,CACF;IACD,SAAS,EAAE,MAAM,CAAC,cAAc;IAChC,SAAS,EAAE,MAAM,CAAC,cAAc;CACjC,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,OAAgB,EAAwB,EAAE,CACpE,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC;AAEhC,MAAM,CAAC,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE;IACpD,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,OAAO,EAAE,MAAM,CAAC,MAAM;IACtB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;IACnC,OAAO,EAAE,MAAM,CAAC,OAAO;IACvB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;IAClB,GAAG,EAAE,MAAM,CAAC,MAAM;CACnB,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,IAAY,EACZ,OAA6B,EAK7B,EAAE,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC;IAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAC;IAC/D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,OAAO,CAAC,SAAS,cAAc,IAAI,EAAE,EAAE,OAAO,CAAC,CAAC;IAExE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,IAAI,CAC1B,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE;QACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CACH,CAAC;IAEF,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC;QACnE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CACrE,QAAQ,CACT;KACJ,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAChE,KAAK,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEL,MAAM,OAAO,iBAAkB,SAAQ,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAEzE;CAAG;AAEL,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,KAAa,EACb,OAAmB,EACuC,EAAE,CAC5D,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAClC,IAAI,GAAG,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAC3C,CAAC;IAEF,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;QAC3C,GAAG,EAAE,GAAG,EAAE,CACR,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;YAC1B,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,OAAO,CAAC,SAAS;SAC5B,CAAC;QACJ,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CACb,GAAG,YAAY,KAAK;YAClB,CAAC,CAAC,IAAI,iBAAiB,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;YACjD,CAAC,CAAC,IAAI,iBAAiB,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;KACtD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACnD,GAAG,OAAO;QACV,IAAI,EAAE,SAAS;KAChB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAc;QAC3B,IAAI,EAAE,WAAW;QACjB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,MAAM,EAAE,OAAO,CAAC,GAAG;QACnB,IAAI,EAAE,OAAO,CAAC,GAAG;QACjB,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC;QAChC,OAAO,EAAE;YACP,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC;SAC/B;QACD,SAAS,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;QACvC,SAAS,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;KACxC,CAAC;IAEF,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC,CAAC","sourcesContent":["import { HttpClient, HttpClientResponse } from \"@effect/platform\";\nimport type {\n  RequestError,\n  ResponseError,\n} from \"@effect/platform/HttpClientError\";\nimport { Data, Effect, Match, pipe, Schema } from \"effect\";\nimport type { ParseError } from \"effect/ParseResult\";\nimport * as jose from \"jose\";\n\nimport {\n  Forbidden,\n  type ApiOptions,\n  type AuthorizedApiOptions,\n} from \"../shared.js\";\n\nexport class InvalidCode extends Schema.TaggedError<InvalidCode>(\n  \"@error/InvalidCode\",\n)(\"@error/InvalidCode\", { message: Schema.String }) {\n  static isInvalidCode = (payload: unknown): payload is InvalidCode =>\n    Schema.is(InvalidCode)(payload);\n}\n\nexport const Principal = Schema.TaggedStruct(\"Principal\", {\n  tenancyId: Schema.String,\n  userId: Schema.String,\n  code: Schema.String,\n  authenticatorId: Schema.String,\n  passkey: Schema.optionalWith(\n    Schema.Struct({\n      userVerified: Schema.optionalWith(Schema.Boolean, { nullable: true }),\n    }),\n    {\n      nullable: true,\n    },\n  ),\n  createdAt: Schema.DateFromNumber,\n  expiresAt: Schema.DateFromNumber,\n});\n\nexport type Principal = typeof Principal.Type;\n\nexport const isPrincipal = (payload: unknown): payload is Principal =>\n  Schema.is(Principal)(payload);\n\nexport const IdToken = Schema.TaggedStruct(\"IdToken\", {\n  \"a:id\": Schema.String,\n  \"a:typ\": Schema.String,\n  iss: Schema.Literal(\"passlock.dev\"),\n  \"pk:uv\": Schema.Boolean,\n  sub: Schema.String,\n  jti: Schema.String,\n  aud: Schema.String,\n  iat: Schema.Number,\n  exp: Schema.Number,\n});\n\nexport type IdToken = typeof IdToken.Type;\n\nexport const exchangeCode = (\n  code: string,\n  options: AuthorizedApiOptions,\n): Effect.Effect<\n  Principal,\n  InvalidCode | Forbidden | ParseError | RequestError | ResponseError,\n  HttpClient.HttpClient\n> =>\n  Effect.gen(function* () {\n    const client = yield* HttpClient.HttpClient;\n    const baseUrl = options.endpoint ?? \"https://api.passlock.dev\";\n    const url = new URL(`/${options.tenancyId}/principal/${code}`, baseUrl);\n\n    const response = yield* pipe(\n      client.get(url, {\n        headers: { Authorization: `Bearer ${options.apiKey}` },\n      }),\n    );\n\n    const encoded = yield* HttpClientResponse.matchStatus(response, {\n      \"2xx\": () => HttpClientResponse.schemaBodyJson(Principal)(response),\n      orElse: () =>\n        HttpClientResponse.schemaBodyJson(Schema.Union(InvalidCode, Forbidden))(\n          response,\n        ),\n    });\n\n    return yield* pipe(\n      Match.value(encoded),\n      Match.tag(\"Principal\", (principal) => Effect.succeed(principal)),\n      Match.tag(\"@error/InvalidCode\", (err) => Effect.fail(err)),\n      Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n      Match.exhaustive,\n    );\n  });\n\nexport class VerificationError extends Data.TaggedError(\"VerificationError\")<{\n  message: string;\n}> {}\n\nexport const verifyIdToken = (\n  token: string,\n  options: ApiOptions,\n): Effect.Effect<Principal, VerificationError | ParseError> =>\n  Effect.gen(function* () {\n    const baseUrl = options.endpoint ?? \"https://api.passlock.dev\";\n    const JWKS = jose.createRemoteJWKSet(\n      new URL(\"/.well-known/jwks.json\", baseUrl),\n    );\n\n    const { payload } = yield* Effect.tryPromise({\n      try: () =>\n        jose.jwtVerify(token, JWKS, {\n          issuer: \"passlock.dev\",\n          audience: options.tenancyId,\n        }),\n      catch: (err) =>\n        err instanceof Error\n          ? new VerificationError({ message: err.message })\n          : new VerificationError({ message: String(err) }),\n    });\n\n    const idToken = yield* Schema.decodeUnknown(IdToken)({\n      ...payload,\n      _tag: \"IdToken\",\n    });\n\n    const principal: Principal = {\n      _tag: \"Principal\",\n      tenancyId: options.tenancyId,\n      userId: idToken.sub,\n      code: idToken.jti,\n      authenticatorId: idToken[\"a:id\"],\n      passkey: {\n        userVerified: idToken[\"pk:uv\"],\n      },\n      createdAt: new Date(idToken.iat * 1000),\n      expiresAt: new Date(idToken.exp * 1000),\n    };\n\n    return principal;\n  });\n"]}

package/dist/user/effect.d.ts

@@ -1,18 +0,0 @@
-import { HttpClient } from "@effect/platform";
-import type { RequestError, ResponseError } from "@effect/platform/HttpClientError";
-import type { HttpBodyError } from "@effect/platform/HttpBody";
-import { Effect, Schema } from "effect";
-import type { ParseError } from "effect/ParseResult";
-import { Forbidden, NotFound, type AuthorizedApiOptions } from "../shared.js";
-export declare const AssignedUser: Schema.Struct<{
-    userId: typeof Schema.String;
-    authenticatorId: typeof Schema.String;
-    updatedAt: typeof Schema.DateFromNumber;
-}>;
-export type AssignedUser = typeof AssignedUser.Type;
-export interface AssignUserOptions extends AuthorizedApiOptions {
-    userId: string;
-    authenticatorId: string;
-}
-export declare const assignUser: (options: AssignUserOptions) => Effect.Effect<AssignedUser, NotFound | Forbidden | ParseError | RequestError | HttpBodyError | ResponseError, HttpClient.HttpClient>;
-//# sourceMappingURL=effect.d.ts.map

package/dist/user/effect.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"effect.d.ts","sourceRoot":"","sources":["../../src/user/effect.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EAGX,MAAM,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EACV,YAAY,EACZ,aAAa,EACd,MAAM,kCAAkC,CAAC;AAE1C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE/D,OAAO,EAAE,MAAM,EAAe,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAE9E,eAAO,MAAM,YAAY;;;;EAIvB,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,OAAO,YAAY,CAAC,IAAI,CAAC;AASpD,MAAM,WAAW,iBAAkB,SAAQ,oBAAoB;IAC7D,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,KACzB,MAAM,CAAC,MAAM,CACd,YAAY,EACV,QAAQ,GACR,SAAS,GACT,UAAU,GACV,YAAY,GACZ,aAAa,GACb,aAAa,EACf,UAAU,CAAC,UAAU,CAmCnB,CAAC"}

package/dist/user/effect.js

@@ -1,27 +0,0 @@
-import { HttpClient, HttpClientRequest, HttpClientResponse, } from "@effect/platform";
-import { Effect, Match, pipe, Schema } from "effect";
-import { Forbidden, NotFound } from "../shared.js";
-export const AssignedUser = Schema.Struct({
-    userId: Schema.String,
-    authenticatorId: Schema.String,
-    updatedAt: Schema.DateFromNumber,
-});
-const AssignUserResponse = Schema.Struct({
-    _tag: Schema.tag("Success"),
-    data: AssignedUser,
-});
-export const assignUser = (options) => Effect.gen(function* () {
-    const client = yield* HttpClient.HttpClient;
-    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
-    const { userId, authenticatorId } = options;
-    const url = new URL(`/${options.tenancyId}/authenticator/${authenticatorId}`, baseUrl);
-    const response = yield* HttpClientRequest.patch(url, {
-        headers: { Authorization: `Bearer ${options.apiKey}` },
-    }).pipe(HttpClientRequest.bodyJson({ userId }), Effect.flatMap(client.execute));
-    const encoded = yield* HttpClientResponse.matchStatus(response, {
-        "2xx": () => HttpClientResponse.schemaBodyJson(AssignUserResponse)(response),
-        orElse: () => HttpClientResponse.schemaBodyJson(Schema.Union(NotFound, Forbidden))(response),
-    });
-    return yield* pipe(Match.value(encoded), Match.tag("Success", ({ data }) => Effect.succeed(data)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
-});
-//# sourceMappingURL=effect.js.map

package/dist/user/effect.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"effect.js","sourceRoot":"","sources":["../../src/user/effect.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAS1B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAErD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAA6B,MAAM,cAAc,CAAC;AAE9E,MAAM,CAAC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;IACxC,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,eAAe,EAAE,MAAM,CAAC,MAAM;IAC9B,SAAS,EAAE,MAAM,CAAC,cAAc;CACjC,CAAC,CAAC;AAIH,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC;IACvC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;IAC3B,IAAI,EAAE,YAAY;CACnB,CAAC,CAAC;AASH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EAU1B,EAAE,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC;IAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAC;IAC/D,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC;IAE5C,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,IAAI,OAAO,CAAC,SAAS,kBAAkB,eAAe,EAAE,EACxD,OAAO,CACR,CAAC;IAEF,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,EAAE;QACnD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE,EAAE;KACvD,CAAC,CAAC,IAAI,CACL,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC,EACtC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAC/B,CAAC;IAEF,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC9D,KAAK,EAAE,GAAG,EAAE,CACV,kBAAkB,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC,QAAQ,CAAC;QACjE,MAAM,EAAE,GAAG,EAAE,CACX,kBAAkB,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAClE,QAAQ,CACT;KACJ,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,EACxD,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvD,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAC;AACJ,CAAC,CAAC,CAAC","sourcesContent":["import {\n  HttpClient,\n  HttpClientRequest,\n  HttpClientResponse,\n} from \"@effect/platform\";\n\nimport type {\n  RequestError,\n  ResponseError,\n} from \"@effect/platform/HttpClientError\";\n\nimport type { HttpBodyError } from \"@effect/platform/HttpBody\";\n\nimport { Effect, Match, pipe, Schema } from \"effect\";\nimport type { ParseError } from \"effect/ParseResult\";\nimport { Forbidden, NotFound, type AuthorizedApiOptions } from \"../shared.js\";\n\nexport const AssignedUser = Schema.Struct({\n  userId: Schema.String,\n  authenticatorId: Schema.String,\n  updatedAt: Schema.DateFromNumber,\n});\n\nexport type AssignedUser = typeof AssignedUser.Type;\n\nconst AssignUserResponse = Schema.Struct({\n  _tag: Schema.tag(\"Success\"),\n  data: AssignedUser,\n});\n\ntype AssignUserResponse = typeof AssignUserResponse.Type;\n\nexport interface AssignUserOptions extends AuthorizedApiOptions {\n  userId: string;\n  authenticatorId: string;\n}\n\nexport const assignUser = (\n  options: AssignUserOptions,\n): Effect.Effect<\n  AssignedUser,\n  | NotFound\n  | Forbidden\n  | ParseError\n  | RequestError\n  | HttpBodyError\n  | ResponseError,\n  HttpClient.HttpClient\n> =>\n  Effect.gen(function* () {\n    const client = yield* HttpClient.HttpClient;\n    const baseUrl = options.endpoint ?? \"https://api.passlock.dev\";\n    const { userId, authenticatorId } = options;\n\n    const url = new URL(\n      `/${options.tenancyId}/authenticator/${authenticatorId}`,\n      baseUrl,\n    );\n\n    const response = yield* HttpClientRequest.patch(url, {\n      headers: { Authorization: `Bearer ${options.apiKey}` },\n    }).pipe(\n      HttpClientRequest.bodyJson({ userId }),\n      Effect.flatMap(client.execute),\n    );\n\n    const encoded = yield* HttpClientResponse.matchStatus(response, {\n      \"2xx\": () =>\n        HttpClientResponse.schemaBodyJson(AssignUserResponse)(response),\n      orElse: () =>\n        HttpClientResponse.schemaBodyJson(Schema.Union(NotFound, Forbidden))(\n          response,\n        ),\n    });\n\n    return yield* pipe(\n      Match.value(encoded),\n      Match.tag(\"Success\", ({ data }) => Effect.succeed(data)),\n      Match.tag(\"@error/NotFound\", (err) => Effect.fail(err)),\n      Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n      Match.exhaustive,\n    );\n  });\n"]}

package/dist/user/index.d.ts

@@ -1,18 +0,0 @@
-import { type Forbidden, type NotFound } from "../shared.js";
-import type { AssignedUser, AssignUserOptions } from "./effect.js";
-export { type AssignedUser, type AssignUserOptions as AssignUserRequest, } from "./effect.js";
-/**
- * Call the Passlock backend API to assign a userId to an authenticator
- * @param request
- * @param options
- * @returns
- */
-export declare const assignUser: (options: AssignUserOptions) => Promise<AssignedUser | NotFound | Forbidden>;
-/**
- * Call the Passlock backend API to assign a userId to an authenticator
- * @param request
- * @param options
- * @returns
- */
-export declare const assignUserUnsafe: (options: AssignUserOptions) => Promise<AssignedUser>;
-//# sourceMappingURL=index.d.ts.map

package/dist/user/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/user/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,SAAS,EAAE,KAAK,QAAQ,EAAmB,MAAM,cAAc,CAAC;AAC9E,OAAO,KAAK,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGnE,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,iBAAiB,IAAI,iBAAiB,GAC5C,MAAM,aAAa,CAAC;AAErB;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,KACzB,OAAO,CAAC,YAAY,GAAG,QAAQ,GAAG,SAAS,CAkB3C,CAAC;AAEJ;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAC3B,SAAS,iBAAiB,KACzB,OAAO,CAAC,YAAY,CAiBpB,CAAC"}

package/dist/user/index.js

@@ -1,36 +0,0 @@
-import { FetchHttpClient } from "@effect/platform";
-import { Effect, identity, pipe } from "effect";
-import { UnexpectedError } from "../shared.js";
-import { assignUser as assignUserE } from "./effect.js";
-export {} from "./effect.js";
-/**
- * Call the Passlock backend API to assign a userId to an authenticator
- * @param request
- * @param options
- * @returns
- */
-export const assignUser = (options) => pipe(assignUserE(options), Effect.provide(FetchHttpClient.layer), Effect.catchTags({
-    HttpBodyError: (err) => Effect.die(new UnexpectedError({
-        message: "Invalid request payload",
-        _tag: err.reason._tag,
-    })),
-    ParseError: (err) => Effect.die(new UnexpectedError(err)),
-    RequestError: (err) => Effect.die(new UnexpectedError(err)),
-    ResponseError: (err) => Effect.die(new UnexpectedError(err)),
-}), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
-/**
- * Call the Passlock backend API to assign a userId to an authenticator
- * @param request
- * @param options
- * @returns
- */
-export const assignUserUnsafe = (options) => pipe(assignUserE(options), Effect.provide(FetchHttpClient.layer), Effect.catchTags({
-    HttpBodyError: (err) => Effect.die(new UnexpectedError({
-        message: "Invalid request payload",
-        _tag: err.reason._tag,
-    })),
-    ParseError: (err) => Effect.die(new UnexpectedError(err)),
-    RequestError: (err) => Effect.die(new UnexpectedError(err)),
-    ResponseError: (err) => Effect.die(new UnexpectedError(err)),
-}), Effect.runPromise);
-//# sourceMappingURL=index.js.map

package/dist/user/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/user/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAChD,OAAO,EAAiC,eAAe,EAAE,MAAM,cAAc,CAAC;AAE9E,OAAO,EAAE,UAAU,IAAI,WAAW,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,EAGN,MAAM,aAAa,CAAC;AAErB;;;;;GAKG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EACoB,EAAE,CAChD,IAAI,CACF,WAAW,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,SAAS,CAAC;IACf,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CACrB,MAAM,CAAC,GAAG,CACR,IAAI,eAAe,CAAC;QAClB,OAAO,EAAE,yBAAyB;QAClC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI;KACtB,CAAC,CACH;IACH,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;IACzD,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;IAC3D,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;CAC7D,CAAC,EACF,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAC;AAEJ;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,OAA0B,EACH,EAAE,CACzB,IAAI,CACF,WAAW,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,EACrC,MAAM,CAAC,SAAS,CAAC;IACf,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CACrB,MAAM,CAAC,GAAG,CACR,IAAI,eAAe,CAAC;QAClB,OAAO,EAAE,yBAAyB;QAClC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI;KACtB,CAAC,CACH;IACH,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;IACzD,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;IAC3D,aAAa,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;CAC7D,CAAC,EACF,MAAM,CAAC,UAAU,CAClB,CAAC","sourcesContent":["import { FetchHttpClient } from \"@effect/platform\";\nimport { Effect, identity, pipe } from \"effect\";\nimport { type Forbidden, type NotFound, UnexpectedError } from \"../shared.js\";\nimport type { AssignedUser, AssignUserOptions } from \"./effect.js\";\nimport { assignUser as assignUserE } from \"./effect.js\";\n\nexport {\n  type AssignedUser,\n  type AssignUserOptions as AssignUserRequest,\n} from \"./effect.js\";\n\n/**\n * Call the Passlock backend API to assign a userId to an authenticator\n * @param request\n * @param options\n * @returns\n */\nexport const assignUser = (\n  options: AssignUserOptions,\n): Promise<AssignedUser | NotFound | Forbidden> =>\n  pipe(\n    assignUserE(options),\n    Effect.provide(FetchHttpClient.layer),\n    Effect.catchTags({\n      HttpBodyError: (err) =>\n        Effect.die(\n          new UnexpectedError({\n            message: \"Invalid request payload\",\n            _tag: err.reason._tag,\n          }),\n        ),\n      ParseError: (err) => Effect.die(new UnexpectedError(err)),\n      RequestError: (err) => Effect.die(new UnexpectedError(err)),\n      ResponseError: (err) => Effect.die(new UnexpectedError(err)),\n    }),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise,\n  );\n\n/**\n * Call the Passlock backend API to assign a userId to an authenticator\n * @param request\n * @param options\n * @returns\n */\nexport const assignUserUnsafe = (\n  options: AssignUserOptions,\n): Promise<AssignedUser> =>\n  pipe(\n    assignUserE(options),\n    Effect.provide(FetchHttpClient.layer),\n    Effect.catchTags({\n      HttpBodyError: (err) =>\n        Effect.die(\n          new UnexpectedError({\n            message: \"Invalid request payload\",\n            _tag: err.reason._tag,\n          }),\n        ),\n      ParseError: (err) => Effect.die(new UnexpectedError(err)),\n      RequestError: (err) => Effect.die(new UnexpectedError(err)),\n      ResponseError: (err) => Effect.die(new UnexpectedError(err)),\n    }),\n    Effect.runPromise,\n  );\n"]}