npm - @passlock/server - Versions diffs - 2.1.0 - Mend

@passlock/server 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/README.md +45 -0
package/README.template.md +45 -0
package/dist/effect.d.ts +7 -0
package/dist/effect.d.ts.map +1 -0
package/dist/effect.js +4 -0
package/dist/effect.js.map +1 -0
package/dist/errors.d.ts +71 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +30 -0
package/dist/errors.js.map +1 -0
package/dist/index.d.ts +115 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +109 -0
package/dist/index.js.map +1 -0
package/dist/network.d.ts +134 -0
package/dist/network.d.ts.map +1 -0
package/dist/network.js +172 -0
package/dist/network.js.map +1 -0
package/dist/passkey/passkey.d.ts +132 -0
package/dist/passkey/passkey.d.ts.map +1 -0
package/dist/passkey/passkey.js +158 -0
package/dist/passkey/passkey.js.map +1 -0
package/dist/principal/principal.d.ts +22 -0
package/dist/principal/principal.d.ts.map +1 -0
package/dist/principal/principal.js +65 -0
package/dist/principal/principal.js.map +1 -0
package/dist/safe.d.ts +154 -0
package/dist/safe.d.ts.map +1 -0
package/dist/safe.js +147 -0
package/dist/safe.js.map +1 -0
package/dist/schemas/errors.d.ts +2 -0
package/dist/schemas/errors.d.ts.map +1 -0
package/dist/schemas/errors.js +72 -0
package/dist/schemas/errors.js.map +1 -0
package/dist/schemas/index.d.ts +5 -0
package/dist/schemas/index.d.ts.map +1 -0
package/dist/schemas/index.js +5 -0
package/dist/schemas/index.js.map +1 -0
package/dist/schemas/passkey.d.ts +85 -0
package/dist/schemas/passkey.d.ts.map +1 -0
package/dist/schemas/passkey.js +64 -0
package/dist/schemas/passkey.js.map +1 -0
package/dist/schemas/principal.d.ts +88 -0
package/dist/schemas/principal.d.ts.map +1 -0
package/dist/schemas/principal.js +46 -0
package/dist/schemas/principal.js.map +1 -0
package/dist/schemas/satisfy.d.ts +2 -0
package/dist/schemas/satisfy.d.ts.map +1 -0
package/dist/schemas/satisfy.js +2 -0
package/dist/schemas/satisfy.js.map +1 -0
package/dist/schemas/signup.d.ts +13 -0
package/dist/schemas/signup.d.ts.map +1 -0
package/dist/schemas/signup.js +11 -0
package/dist/schemas/signup.js.map +1 -0
package/dist/shared.d.ts +19 -0
package/dist/shared.d.ts.map +1 -0
package/dist/shared.js +9 -0
package/dist/shared.js.map +1 -0
package/package.json +93 -0

package/dist/principal/principal.js ADDED Viewed

@@ -0,0 +1,65 @@
+import { Data, Effect, Match, pipe, Schema } from "effect";
+import * as jose from "jose";
+import { fetchNetwork, matchStatus, NetworkFetchLive, } from "../network.js";
+import { ForbiddenError, InvalidCodeError } from "../schemas/errors.js";
+import { ExtendedPrincipalSchema, IdTokenSchema, } from "../schemas/principal.js";
+export const exchangeCode = (options, fetchLayer = NetworkFetchLive) => pipe(Effect.gen(function* () {
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const { tenancyId, code } = options;
+    const url = new URL(`/${tenancyId}/principal/${code}`, baseUrl);
+    const response = yield* fetchNetwork(url, "get", undefined, {
+        headers: {
+            authorization: `Bearer ${options.apiKey}`,
+        },
+    });
+    const encoded = yield* matchStatus(response, {
+        "2xx": ({ json }) => pipe(json, Effect.flatMap(Schema.decodeUnknown(ExtendedPrincipalSchema))),
+        orElse: ({ json }) => pipe(json, Effect.flatMap(Schema.decodeUnknown(Schema.Union(InvalidCodeError, ForbiddenError)))),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("ExtendedPrincipal", (principal) => Effect.succeed(principal)), Match.tag("@error/InvalidCode", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    "@error/NetworkPayload": (err) => Effect.die(err),
+    "@error/NetworkRequest": (err) => Effect.die(err),
+    "@error/NetworkResponse": (err) => Effect.die(err),
+    ParseError: (err) => Effect.die(err),
+}), Effect.provide(fetchLayer));
+export class VerificationError extends Data.TaggedError("@error/Verification") {
+}
+export const verifyIdToken = (options) => pipe(Effect.gen(function* () {
+    const JWKS = yield* createCachedRemoteJwks(options.endpoint);
+    const { payload } = yield* Effect.tryPromise({
+        catch: (err) => {
+            return err instanceof Error
+                ? new VerificationError({ message: err.message })
+                : new VerificationError({ message: String(err) });
+        },
+        try: () => jose.jwtVerify(options.token, JWKS, {
+            audience: options.tenancyId,
+            issuer: "passlock.dev",
+        }),
+    });
+    const idToken = yield* Schema.decodeUnknown(IdTokenSchema)({
+        ...payload,
+        _tag: "IdToken",
+    });
+    const principal = {
+        _tag: "Principal",
+        id: idToken["jti"],
+        authenticatorId: idToken["a:id"],
+        authenticatorType: "passkey",
+        createdAt: idToken.iat * 1000,
+        expiresAt: idToken.exp * 1000,
+        passkey: {
+            userVerified: idToken["pk:uv"],
+            verified: true,
+        },
+        userId: idToken.sub,
+    };
+    return principal;
+}), Effect.catchTag("ParseError", (err) => Effect.die(err)));
+const createJwks = (endpoint) => Effect.sync(() => {
+    const baseUrl = endpoint ?? "https://api.passlock.dev";
+    return jose.createRemoteJWKSet(new URL("/.well-known/jwks.json", baseUrl));
+});
+const createCachedRemoteJwks = pipe(Effect.cachedFunction(createJwks), Effect.runSync);
+//# sourceMappingURL=principal.js.map

package/dist/principal/principal.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"principal.js","sourceRoot":"","sources":["../../src/principal/principal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAc,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAEtE,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,EACL,YAAY,EACZ,WAAW,EAEX,gBAAgB,GAIjB,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvE,OAAO,EAEL,uBAAuB,EACvB,aAAa,GAEd,MAAM,yBAAyB,CAAA;AAQhC,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA4B,EAC5B,aAAwC,gBAAgB,EACa,EAAE,CACvE,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,IAAI,0BAA0B,CAAA;IAC9D,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAA;IAEnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,SAAS,cAAc,IAAI,EAAE,EAAE,OAAO,CAAC,CAAA;IAE/D,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,YAAY,CAAC,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE;QAC1D,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE;SAC1C;KACF,CAAC,CAAA;IAEF,MAAM,OAAO,GACX,KAAK,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE;QAC3B,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAClB,IAAI,CACF,IAAI,EACJ,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,uBAAuB,CAAC,CAAC,CAC9D;QACH,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CACnB,IAAI,CACF,IAAI,EACJ,MAAM,CAAC,OAAO,CACZ,MAAM,CAAC,aAAa,CAClB,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAC/C,CACF,CACF;KACJ,CAAC,CAAA;IAEJ,OAAO,KAAK,CAAC,CAAC,IAAI,CAChB,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,KAAK,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,SAAS,EAAE,EAAE,CAC3C,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAC1B,EACD,KAAK,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAC1D,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACxD,KAAK,CAAC,UAAU,CACjB,CAAA;AACH,CAAC,CAAC,EACF,MAAM,CAAC,SAAS,CAAC;IACf,uBAAuB,EAAE,CAAC,GAAwB,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtE,uBAAuB,EAAE,CAAC,GAAwB,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACtE,wBAAwB,EAAE,CAAC,GAAyB,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;IACxE,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;CACrC,CAAC,EACF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAC3B,CAAA;AAEH,MAAM,OAAO,iBAAkB,SAAQ,IAAI,CAAC,WAAW,CAAC,qBAAqB,CAE3E;CAAG;AAML,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACgB,EAAE,CAC/C,IAAI,CACF,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,sBAAsB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAE5D,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;QAC3C,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE;YACb,OAAO,GAAG,YAAY,KAAK;gBACzB,CAAC,CAAC,IAAI,iBAAiB,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjD,CAAC,CAAC,IAAI,iBAAiB,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACrD,CAAC;QACD,GAAG,EAAE,GAAG,EAAE,CACR,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE;YAClC,QAAQ,EAAE,OAAO,CAAC,SAAS;YAC3B,MAAM,EAAE,cAAc;SACvB,CAAC;KACL,CAAC,CAAA;IAEF,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QACzD,GAAG,OAAO;QACV,IAAI,EAAE,SAAS;KAChB,CAAC,CAAA;IAEF,MAAM,SAAS,GAAc;QAC3B,IAAI,EAAE,WAAW;QACjB,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC;QAClB,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC;QAChC,iBAAiB,EAAE,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,GAAG,GAAG,IAAI;QAC7B,SAAS,EAAE,OAAO,CAAC,GAAG,GAAG,IAAI;QAC7B,OAAO,EAAE;YACP,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC;YAC9B,QAAQ,EAAE,IAAI;SACf;QACD,MAAM,EAAE,OAAO,CAAC,GAAG;KACpB,CAAA;IAED,OAAO,SAAS,CAAA;AAClB,CAAC,CAAC,EACF,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CACxD,CAAA;AAEH,MAAM,UAAU,GAAG,CAAC,QAAiB,EAAE,EAAE,CACvC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE;IACf,MAAM,OAAO,GAAG,QAAQ,IAAI,0BAA0B,CAAA;IAEtD,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC,CAAA;AAC5E,CAAC,CAAC,CAAA;AAEJ,MAAM,sBAAsB,GAAG,IAAI,CACjC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,EACjC,MAAM,CAAC,OAAO,CACf,CAAA","sourcesContent":["import { Data, Effect, type Layer, Match, pipe, Schema } from \"effect\"\n\nimport * as jose from \"jose\"\nimport {\n fetchNetwork,\n matchStatus,\n type NetworkFetch,\n NetworkFetchLive,\n type NetworkPayloadError,\n type NetworkRequestError,\n type NetworkResponseError,\n} from \"../network.js\"\nimport { ForbiddenError, InvalidCodeError } from \"../schemas/errors.js\"\nimport {\n type ExtendedPrincipal,\n ExtendedPrincipalSchema,\n IdTokenSchema,\n type Principal,\n} from \"../schemas/principal.js\"\n\nimport type { AuthenticatedOptions, PasslockOptions } from \"../shared.js\"\n\nexport interface ExchangeCodeOptions extends AuthenticatedOptions {\n code: string\n}\n\nexport const exchangeCode = (\n options: ExchangeCodeOptions,\n fetchLayer: Layer.Layer<NetworkFetch> = NetworkFetchLive\n): Effect.Effect<ExtendedPrincipal, InvalidCodeError | ForbiddenError> =>\n pipe(\n Effect.gen(function* () {\n const baseUrl = options.endpoint ?? \"https://api.passlock.dev\"\n const { tenancyId, code } = options\n\n const url = new URL(`/${tenancyId}/principal/${code}`, baseUrl)\n\n const response = yield* fetchNetwork(url, \"get\", undefined, {\n headers: {\n authorization: `Bearer ${options.apiKey}`,\n },\n })\n\n const encoded: ExtendedPrincipal | InvalidCodeError | ForbiddenError =\n yield* matchStatus(response, {\n \"2xx\": ({ json }) =>\n pipe(\n json,\n Effect.flatMap(Schema.decodeUnknown(ExtendedPrincipalSchema))\n ),\n orElse: ({ json }) =>\n pipe(\n json,\n Effect.flatMap(\n Schema.decodeUnknown(\n Schema.Union(InvalidCodeError, ForbiddenError)\n )\n )\n ),\n })\n\n return yield* pipe(\n Match.value(encoded),\n Match.tag(\"ExtendedPrincipal\", (principal) =>\n Effect.succeed(principal)\n ),\n Match.tag(\"@error/InvalidCode\", (err) => Effect.fail(err)),\n Match.tag(\"@error/Forbidden\", (err) => Effect.fail(err)),\n Match.exhaustive\n )\n }),\n Effect.catchTags({\n \"@error/NetworkPayload\": (err: NetworkPayloadError) => Effect.die(err),\n \"@error/NetworkRequest\": (err: NetworkRequestError) => Effect.die(err),\n \"@error/NetworkResponse\": (err: NetworkResponseError) => Effect.die(err),\n ParseError: (err) => Effect.die(err),\n }),\n Effect.provide(fetchLayer)\n )\n\nexport class VerificationError extends Data.TaggedError(\"@error/Verification\")<{\n message: string\n}> {}\n\nexport interface VerifyIdTokenOptions extends PasslockOptions {\n token: string\n}\n\nexport const verifyIdToken = (\n options: VerifyIdTokenOptions\n): Effect.Effect<Principal, VerificationError> =>\n pipe(\n Effect.gen(function* () {\n const JWKS = yield* createCachedRemoteJwks(options.endpoint)\n\n const { payload } = yield* Effect.tryPromise({\n catch: (err) => {\n return err instanceof Error\n ? new VerificationError({ message: err.message })\n : new VerificationError({ message: String(err) })\n },\n try: () =>\n jose.jwtVerify(options.token, JWKS, {\n audience: options.tenancyId,\n issuer: \"passlock.dev\",\n }),\n })\n\n const idToken = yield* Schema.decodeUnknown(IdTokenSchema)({\n ...payload,\n _tag: \"IdToken\",\n })\n\n const principal: Principal = {\n _tag: \"Principal\",\n id: idToken[\"jti\"],\n authenticatorId: idToken[\"a:id\"],\n authenticatorType: \"passkey\",\n createdAt: idToken.iat * 1000,\n expiresAt: idToken.exp * 1000,\n passkey: {\n userVerified: idToken[\"pk:uv\"],\n verified: true,\n },\n userId: idToken.sub,\n }\n\n return principal\n }),\n Effect.catchTag(\"ParseError\", (err) => Effect.die(err))\n )\n\nconst createJwks = (endpoint?: string) =>\n Effect.sync(() => {\n const baseUrl = endpoint ?? \"https://api.passlock.dev\"\n\n return jose.createRemoteJWKSet(new URL(\"/.well-known/jwks.json\", baseUrl))\n })\n\nconst createCachedRemoteJwks = pipe(\n Effect.cachedFunction(createJwks),\n Effect.runSync\n)\n"]}

package/dist/safe.d.ts ADDED Viewed

@@ -0,0 +1,154 @@
+/**
+ * Safe functions that return discriminated unions representing
+ * the successful outcome or expected failures.
+ *
+ * Note: unexpected runtime failures may still throw.
+ *
+ * @categoryDescription Passkeys
+ * Functions and related types for managing passkeys
+ *
+ * @showCategories
+ *
+ * @module safe
+ */
+import type { ForbiddenError, InvalidCodeError, NotFoundError, VerificationError } from "./errors.js";
+import type { AssignUserOptions, DeletePasskeyOptions, FindAllPasskeys, GetPasskeyOptions, ListPasskeyOptions, Passkey, UpdatedPasskeyUsernames, UpdatePasskeyOptions, UpdatePasskeyUsernamesOptions } from "./passkey/passkey.js";
+import type { ExchangeCodeOptions, VerifyIdTokenOptions } from "./principal/principal.js";
+import type { ExtendedPrincipal, Principal } from "./schemas/principal.js";
+/**
+ * Assign a custom User ID to a passkey. Will be reflected in the next
+ * {@link Principal} or {@link ExtendedPrincipal} generated.
+ *
+ * **Note:** This does not change the underlying WebAuthn credential's `userId`.
+ * Instead we apply a layer of indirection.
+ *
+ * @see {@link Principal}
+ * @see {@link ExtendedPrincipal}
+ * @see [credential](https://passlock.dev/rest-api/credential/)
+ *
+ * @param request
+ * @returns A promise resolving to either a passkey or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const assignUser: (request: AssignUserOptions) => Promise<Passkey | NotFoundError | ForbiddenError>;
+/**
+ * Can also be used to assign a custom User ID, but also allows you to update
+ * the username.
+ *
+ * **Important:** changing the username has no bearing on authentication, as
+ * it's typically only used in the client-side component of the passkey
+ * (so the user knows which account the passkey relates to).
+ *
+ * However you might choose to align the username in your vault with the
+ * client-side component to simplify end user support.
+ *
+ * @param request
+ * @returns A promise resolving to either a passkey or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const updatePasskey: (request: UpdatePasskeyOptions) => Promise<Passkey | NotFoundError | ForbiddenError>;
+/**
+ * Update the username for all passkeys belonging to a given user.
+ *
+ * **Important:** changing the username has no bearing on authentication, as
+ * it's typically only used in the client-side component of the passkey
+ * (so the user knows which account the passkey relates to).
+ *
+ * However you might choose to align the username in your vault with the
+ * client-side component to simplify end user support.
+ *
+ * @param request
+ * @returns A promise resolving to either updated passkey usernames or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const updatePasskeyUsernames: (request: UpdatePasskeyUsernamesOptions) => Promise<UpdatedPasskeyUsernames | NotFoundError | ForbiddenError>;
+/**
+ * Delete a passkey from your vault.
+ *
+ * **Note:** The user will still retain the passkey on their device so
+ * you will need to either:
+ *
+ * a) Use the @passlock/client functions to delete the passkey from the user's device.
+ * b) Remind the user to delete the passkey
+ *
+ * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) in the documentation.
+ *
+ * In addition, during authentication you should handle a missing passkey scenario.
+ * This happens when a user tries to authenticate with a passkey that is missing from
+ * your vault. The @passlock/client library can help with this. See
+ * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)
+ *
+ * @see [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/)
+ * @see [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)
+ *
+ * @param options
+ * @returns A promise resolving to either the deleted passkey or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const deletePasskey: (options: DeletePasskeyOptions) => Promise<Passkey | ForbiddenError | NotFoundError>;
+/**
+ * Fetch details about a passkey. **Important**: Not to be confused with
+ * the {@link exchangeCode} or {@link verifyIdToken} functions, which
+ * return details about specific authentication or registration operations.
+ * Use this function for passkey management, not authentication.
+ *
+ * @param options
+ * @returns A promise resolving to either passkey details or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const getPasskey: (options: GetPasskeyOptions) => Promise<Passkey | ForbiddenError | NotFoundError>;
+/**
+ * List passkeys for the given tenancy. Note: This could return a cursor.
+ * If so, call again, passing the cursor back in.
+ *
+ * @param options
+ * @returns A promise resolving to a page of passkey summaries or an API error.
+ *
+ * @category Passkeys
+ */
+export declare const listPasskeys: (options: ListPasskeyOptions) => Promise<FindAllPasskeys | ForbiddenError>;
+/**
+ * The @passlock/client library generates codes, which you should send to
+ * your backend. Use this function to exchange the code for details about
+ * the registration or authentication operation. **Note:** a code is valid
+ * for 5 minutes.
+ *
+ * @see {@link ExtendedPrincipal}
+ *
+ * @param options
+ * @returns A promise resolving to an extended principal or an API error.
+ *
+ * @category Principal
+ */
+export declare const exchangeCode: (options: ExchangeCodeOptions) => Promise<ExtendedPrincipal | ForbiddenError | InvalidCodeError>;
+/**
+ * Decode and verify an id_token (JWT) locally.
+ * **Note:** This will make a network call to
+ * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)
+ * to fetch the relevant public key. The response will be cached, however
+ * bear in mind that for something like AWS Lambda it will make the call on every
+ * cold start so might actually be slower than {@link exchangeCode}
+ *
+ * @see {@link Principal}
+ *
+ * @param options
+ * @returns A promise resolving to a verified principal or verification failure.
+ *
+ * @category Principal
+ */
+export declare const verifyIdToken: (options: VerifyIdTokenOptions) => Promise<Principal | VerificationError>;
+export type { BadRequestError, DuplicateEmailError, ForbiddenError, InvalidCodeError, InvalidEmailError, InvalidTenancyError, NotFoundError, PasskeyNotFoundError, UnauthorizedError, VerificationError, } from "./errors.js";
+export { isBadRequestError, isDuplicateEmailError, isForbiddenError, isInvalidCodeError, isInvalidEmailError, isInvalidTenancyError, isNotFoundError, isPasskeyNotFoundError, isUnauthorizedError, isVerificationError, } from "./errors.js";
+export type { AssignUserOptions, Credential, DeletePasskeyOptions, FindAllPasskeys, GetPasskeyOptions, ListPasskeyOptions, Passkey, PasskeySummary, Platform, UpdatedPasskeys, UpdatedPasskeyUsernames, UpdatePasskeyOptions, UpdatePasskeyUsernamesOptions, } from "./passkey/passkey.js";
+export { isPasskey, isPasskeySummary, isUpdatedPasskeys, isUpdatedPasskeyUsernames, } from "./passkey/passkey.js";
+export type { ExchangeCodeOptions, VerifyIdTokenOptions, } from "./principal/principal.js";
+export type { CredentialDeviceType, Transports, } from "./schemas/passkey.js";
+export type { ExtendedPrincipal, Principal } from "./schemas/principal.js";
+export { isExtendedPrincipal, isPrincipal } from "./schemas/principal.js";
+export type { AuthenticatedOptions, PasslockOptions, } from "./shared.js";
+//# sourceMappingURL=safe.d.ts.map

package/dist/safe.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"safe.d.ts","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EACV,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EAClB,MAAM,aAAa,CAAA;AACpB,OAAO,KAAK,EACV,iBAAiB,EACjB,oBAAoB,EACpB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,uBAAuB,EACvB,oBAAoB,EACpB,6BAA6B,EAC9B,MAAM,sBAAsB,CAAA;AAS7B,OAAO,KAAK,EACV,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,0BAA0B,CAAA;AAKjC,OAAO,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAE1E;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,KACzB,OAAO,CAAC,OAAO,GAAG,aAAa,GAAG,cAAc,CAKhD,CAAA;AAEH;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,GAAG,aAAa,GAAG,cAAc,CAKhD,CAAA;AAEH;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,sBAAsB,GACjC,SAAS,6BAA6B,KACrC,OAAO,CAAC,uBAAuB,GAAG,aAAa,GAAG,cAAc,CAKhE,CAAA;AAEH;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,GAAG,cAAc,GAAG,aAAa,CAKhD,CAAA;AAEH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,KACzB,OAAO,CAAC,OAAO,GAAG,cAAc,GAAG,aAAa,CAKhD,CAAA;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,kBAAkB,KAC1B,OAAO,CAAC,eAAe,GAAG,cAAc,CAKxC,CAAA;AAEH;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,mBAAmB,KAC3B,OAAO,CAAC,iBAAiB,GAAG,cAAc,GAAG,gBAAgB,CAK7D,CAAA;AAEH;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,GAAG,iBAAiB,CAKrC,CAAA;AAIH,YAAY,EACV,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,iBAAiB,EACjB,UAAU,EACV,oBAAoB,EACpB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,cAAc,EACd,QAAQ,EACR,eAAe,EACf,uBAAuB,EACvB,oBAAoB,EACpB,6BAA6B,GAC9B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EACV,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAC1E,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACzE,YAAY,EACV,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAA"}

package/dist/safe.js ADDED Viewed

@@ -0,0 +1,147 @@
+/**
+ * Safe functions that return discriminated unions representing
+ * the successful outcome or expected failures.
+ *
+ * Note: unexpected runtime failures may still throw.
+ *
+ * @categoryDescription Passkeys
+ * Functions and related types for managing passkeys
+ *
+ * @showCategories
+ *
+ * @module safe
+ */
+import { Effect, identity, pipe } from "effect";
+import { assignUser as assignUserE, deletePasskey as deletePasskeyE, getPasskey as getPasskeyE, listPasskeys as listPasskeysE, updatePasskey as updatePasskeyE, updatePasskeyUsernames as updatePasskeyUsernamesE, } from "./passkey/passkey.js";
+import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from "./principal/principal.js";
+/**
+ * Assign a custom User ID to a passkey. Will be reflected in the next
+ * {@link Principal} or {@link ExtendedPrincipal} generated.
+ *
+ * **Note:** This does not change the underlying WebAuthn credential's `userId`.
+ * Instead we apply a layer of indirection.
+ *
+ * @see {@link Principal}
+ * @see {@link ExtendedPrincipal}
+ * @see [credential](https://passlock.dev/rest-api/credential/)
+ *
+ * @param request
+ * @returns A promise resolving to either a passkey or an API error.
+ *
+ * @category Passkeys
+ */
+export const assignUser = (request) => pipe(assignUserE(request), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Can also be used to assign a custom User ID, but also allows you to update
+ * the username.
+ *
+ * **Important:** changing the username has no bearing on authentication, as
+ * it's typically only used in the client-side component of the passkey
+ * (so the user knows which account the passkey relates to).
+ *
+ * However you might choose to align the username in your vault with the
+ * client-side component to simplify end user support.
+ *
+ * @param request
+ * @returns A promise resolving to either a passkey or an API error.
+ *
+ * @category Passkeys
+ */
+export const updatePasskey = (request) => pipe(updatePasskeyE(request), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Update the username for all passkeys belonging to a given user.
+ *
+ * **Important:** changing the username has no bearing on authentication, as
+ * it's typically only used in the client-side component of the passkey
+ * (so the user knows which account the passkey relates to).
+ *
+ * However you might choose to align the username in your vault with the
+ * client-side component to simplify end user support.
+ *
+ * @param request
+ * @returns A promise resolving to either updated passkey usernames or an API error.
+ *
+ * @category Passkeys
+ */
+export const updatePasskeyUsernames = (request) => pipe(updatePasskeyUsernamesE(request), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Delete a passkey from your vault.
+ *
+ * **Note:** The user will still retain the passkey on their device so
+ * you will need to either:
+ *
+ * a) Use the @passlock/client functions to delete the passkey from the user's device.
+ * b) Remind the user to delete the passkey
+ *
+ * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) in the documentation.
+ *
+ * In addition, during authentication you should handle a missing passkey scenario.
+ * This happens when a user tries to authenticate with a passkey that is missing from
+ * your vault. The @passlock/client library can help with this. See
+ * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)
+ *
+ * @see [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/)
+ * @see [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)
+ *
+ * @param options
+ * @returns A promise resolving to either the deleted passkey or an API error.
+ *
+ * @category Passkeys
+ */
+export const deletePasskey = (options) => pipe(deletePasskeyE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Fetch details about a passkey. **Important**: Not to be confused with
+ * the {@link exchangeCode} or {@link verifyIdToken} functions, which
+ * return details about specific authentication or registration operations.
+ * Use this function for passkey management, not authentication.
+ *
+ * @param options
+ * @returns A promise resolving to either passkey details or an API error.
+ *
+ * @category Passkeys
+ */
+export const getPasskey = (options) => pipe(getPasskeyE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * List passkeys for the given tenancy. Note: This could return a cursor.
+ * If so, call again, passing the cursor back in.
+ *
+ * @param options
+ * @returns A promise resolving to a page of passkey summaries or an API error.
+ *
+ * @category Passkeys
+ */
+export const listPasskeys = (options) => pipe(listPasskeysE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * The @passlock/client library generates codes, which you should send to
+ * your backend. Use this function to exchange the code for details about
+ * the registration or authentication operation. **Note:** a code is valid
+ * for 5 minutes.
+ *
+ * @see {@link ExtendedPrincipal}
+ *
+ * @param options
+ * @returns A promise resolving to an extended principal or an API error.
+ *
+ * @category Principal
+ */
+export const exchangeCode = (options) => pipe(exchangeCodeE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+/**
+ * Decode and verify an id_token (JWT) locally.
+ * **Note:** This will make a network call to
+ * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)
+ * to fetch the relevant public key. The response will be cached, however
+ * bear in mind that for something like AWS Lambda it will make the call on every
+ * cold start so might actually be slower than {@link exchangeCode}
+ *
+ * @see {@link Principal}
+ *
+ * @param options
+ * @returns A promise resolving to a verified principal or verification failure.
+ *
+ * @category Principal
+ */
+export const verifyIdToken = (options) => pipe(verifyIdTokenE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+export { isBadRequestError, isDuplicateEmailError, isForbiddenError, isInvalidCodeError, isInvalidEmailError, isInvalidTenancyError, isNotFoundError, isPasskeyNotFoundError, isUnauthorizedError, isVerificationError, } from "./errors.js";
+export { isPasskey, isPasskeySummary, isUpdatedPasskeys, isUpdatedPasskeyUsernames, } from "./passkey/passkey.js";
+export { isExtendedPrincipal, isPrincipal } from "./schemas/principal.js";
+//# sourceMappingURL=safe.js.map

package/dist/safe.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"safe.js","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAkB/C,OAAO,EACL,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,UAAU,IAAI,WAAW,EACzB,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,EAC/B,sBAAsB,IAAI,uBAAuB,GAClD,MAAM,sBAAsB,CAAA;AAK7B,OAAO,EACL,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,GAChC,MAAM,0BAA0B,CAAA;AAGjC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EACyB,EAAE,CACrD,IAAI,CACF,WAAW,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACsB,EAAE,CACrD,IAAI,CACF,cAAc,CAAC,OAAO,CAAC,EACvB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CACpC,OAAsC,EAC6B,EAAE,CACrE,IAAI,CACF,uBAAuB,CAAC,OAAO,CAAC,EAChC,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACsB,EAAE,CACrD,IAAI,CACF,cAAc,CAAC,OAAO,CAAC,EACvB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EACyB,EAAE,CACrD,IAAI,CACF,WAAW,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA2B,EACgB,EAAE,CAC7C,IAAI,CACF,aAAa,CAAC,OAAO,CAAC,EACtB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA4B,EACoC,EAAE,CAClE,IAAI,CACF,aAAa,CAAC,OAAO,CAAC,EACtB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACW,EAAE,CAC1C,IAAI,CACF,cAAc,CAAC,OAAO,CAAC,EACvB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAgBH,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AAgBpB,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,sBAAsB,CAAA;AAU7B,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA","sourcesContent":["/**\n * Safe functions that return discriminated unions representing\n * the successful outcome or expected failures.\n *\n * Note: unexpected runtime failures may still throw.\n *\n * @categoryDescription Passkeys\n * Functions and related types for managing passkeys\n *\n * @showCategories\n *\n * @module safe\n */\n\nimport { Effect, identity, pipe } from \"effect\"\nimport type {\n ForbiddenError,\n InvalidCodeError,\n NotFoundError,\n VerificationError,\n} from \"./errors.js\"\nimport type {\n AssignUserOptions,\n DeletePasskeyOptions,\n FindAllPasskeys,\n GetPasskeyOptions,\n ListPasskeyOptions,\n Passkey,\n UpdatedPasskeyUsernames,\n UpdatePasskeyOptions,\n UpdatePasskeyUsernamesOptions,\n} from \"./passkey/passkey.js\"\nimport {\n assignUser as assignUserE,\n deletePasskey as deletePasskeyE,\n getPasskey as getPasskeyE,\n listPasskeys as listPasskeysE,\n updatePasskey as updatePasskeyE,\n updatePasskeyUsernames as updatePasskeyUsernamesE,\n} from \"./passkey/passkey.js\"\nimport type {\n ExchangeCodeOptions,\n VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nimport {\n exchangeCode as exchangeCodeE,\n verifyIdToken as verifyIdTokenE,\n} from \"./principal/principal.js\"\nimport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\n\n/**\n * Assign a custom User ID to a passkey. Will be reflected in the next\n * {@link Principal} or {@link ExtendedPrincipal} generated.\n *\n * **Note:** This does not change the underlying WebAuthn credential's `userId`.\n * Instead we apply a layer of indirection.\n *\n * @see {@link Principal}\n * @see {@link ExtendedPrincipal}\n * @see [credential](https://passlock.dev/rest-api/credential/)\n *\n * @param request\n * @returns A promise resolving to either a passkey or an API error.\n *\n * @category Passkeys\n */\nexport const assignUser = (\n request: AssignUserOptions\n): Promise<Passkey | NotFoundError | ForbiddenError> =>\n pipe(\n assignUserE(request),\n Effect.match({ onFailure: identity, onSuccess: identity }),\n Effect.runPromise\n )\n\n/**\n * Can also be used to assign a custom User ID, but also allows you to update\n * the username.\n *\n * **Important:** changing the username has no bearing on authentication, as\n * it's typically only used in the client-side component of the passkey\n * (so the user knows which account the passkey relates to).\n *\n * However you might choose to align the username in your vault with the\n * client-side component to simplify end user support.\n *\n * @param request\n * @returns A promise resolving to either a passkey or an API error.\n *\n * @category Passkeys\n */\nexport const updatePasskey = (\n request: UpdatePasskeyOptions\n): Promise<Passkey | NotFoundError | ForbiddenError> =>\n pipe(\n updatePasskeyE(request),\n Effect.match({ onFailure: identity, onSuccess: identity }),\n Effect.runPromise\n )\n\n/**\n * Update the username for all passkeys belonging to a given user.\n *\n * **Important:** changing the username has no bearing on authentication, as\n * it's typically only used in the client-side component of the passkey\n * (so the user knows which account the passkey relates to).\n *\n * However you might choose to align the username in your vault with the\n * client-side component to simplify end user support.\n *\n * @param request\n * @returns A promise resolving to either updated passkey usernames or an API error.\n *\n * @category Passkeys\n */\nexport const updatePasskeyUsernames = (\n request: UpdatePasskeyUsernamesOptions\n): Promise<UpdatedPasskeyUsernames | NotFoundError | ForbiddenError> =>\n pipe(\n updatePasskeyUsernamesE(request),\n Effect.match({ onFailure: identity, onSuccess: identity }),\n Effect.runPromise\n )\n\n/**\n * Delete a passkey from your vault.\n *\n * **Note:** The user will still retain the passkey on their device so\n * you will need to either:\n *\n * a) Use the @passlock/client functions to delete the passkey from the user's device.\n * b) Remind the user to delete the passkey\n *\n * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) in the documentation.\n *\n * In addition, during authentication you should handle a missing passkey scenario.\n * This happens when a user tries to authenticate with a passkey that is missing from\n * your vault. The @passlock/client library can help with this. See\n * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)\n *\n * @see [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/)\n * @see [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)\n *\n * @param options\n * @returns A promise resolving to either the deleted passkey or an API error.\n *\n * @category Passkeys\n */\nexport const deletePasskey = (\n options: DeletePasskeyOptions\n): Promise<Passkey | ForbiddenError | NotFoundError> =>\n pipe(\n deletePasskeyE(options),\n Effect.match({ onFailure: identity, onSuccess: identity }),\n Effect.runPromise\n )\n\n/**\n * Fetch details about a passkey. **Important**: Not to be confused with\n * the {@link exchangeCode} or {@link verifyIdToken} functions, which\n * return details about specific authentication or registration operations.\n * Use this function for passkey management, not authentication.\n *\n * @param options\n * @returns A promise resolving to either passkey details or an API error.\n *\n * @category Passkeys\n */\nexport const getPasskey = (\n options: GetPasskeyOptions\n): Promise<Passkey | ForbiddenError | NotFoundError> =>\n pipe(\n getPasskeyE(options),\n Effect.match({ onFailure: identity, onSuccess: identity }),\n Effect.runPromise\n )\n\n/**\n * List passkeys for the given tenancy. Note: This could return a cursor.\n * If so, call again, passing the cursor back in.\n *\n * @param options\n * @returns A promise resolving to a page of passkey summaries or an API error.\n *\n * @category Passkeys\n */\nexport const listPasskeys = (\n options: ListPasskeyOptions\n): Promise<FindAllPasskeys | ForbiddenError> =>\n pipe(\n listPasskeysE(options),\n Effect.match({ onFailure: identity, onSuccess: identity }),\n Effect.runPromise\n )\n\n/**\n * The @passlock/client library generates codes, which you should send to\n * your backend. Use this function to exchange the code for details about\n * the registration or authentication operation. **Note:** a code is valid\n * for 5 minutes.\n *\n * @see {@link ExtendedPrincipal}\n *\n * @param options\n * @returns A promise resolving to an extended principal or an API error.\n *\n * @category Principal\n */\nexport const exchangeCode = (\n options: ExchangeCodeOptions\n): Promise<ExtendedPrincipal | ForbiddenError | InvalidCodeError> =>\n pipe(\n exchangeCodeE(options),\n Effect.match({ onFailure: identity, onSuccess: identity }),\n Effect.runPromise\n )\n\n/**\n * Decode and verify an id_token (JWT) locally.\n * **Note:** This will make a network call to\n * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)\n * to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS Lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n *\n * @see {@link Principal}\n *\n * @param options\n * @returns A promise resolving to a verified principal or verification failure.\n *\n * @category Principal\n */\nexport const verifyIdToken = (\n options: VerifyIdTokenOptions\n): Promise<Principal | VerificationError> =>\n pipe(\n verifyIdTokenE(options),\n Effect.match({ onFailure: identity, onSuccess: identity }),\n Effect.runPromise\n )\n\n/* Re-exports */\n\nexport type {\n BadRequestError,\n DuplicateEmailError,\n ForbiddenError,\n InvalidCodeError,\n InvalidEmailError,\n InvalidTenancyError,\n NotFoundError,\n PasskeyNotFoundError,\n UnauthorizedError,\n VerificationError,\n} from \"./errors.js\"\nexport {\n isBadRequestError,\n isDuplicateEmailError,\n isForbiddenError,\n isInvalidCodeError,\n isInvalidEmailError,\n isInvalidTenancyError,\n isNotFoundError,\n isPasskeyNotFoundError,\n isUnauthorizedError,\n isVerificationError,\n} from \"./errors.js\"\nexport type {\n AssignUserOptions,\n Credential,\n DeletePasskeyOptions,\n FindAllPasskeys,\n GetPasskeyOptions,\n ListPasskeyOptions,\n Passkey,\n PasskeySummary,\n Platform,\n UpdatedPasskeys,\n UpdatedPasskeyUsernames,\n UpdatePasskeyOptions,\n UpdatePasskeyUsernamesOptions,\n} from \"./passkey/passkey.js\"\nexport {\n isPasskey,\n isPasskeySummary,\n isUpdatedPasskeys,\n isUpdatedPasskeyUsernames,\n} from \"./passkey/passkey.js\"\nexport type {\n ExchangeCodeOptions,\n VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nexport type {\n CredentialDeviceType,\n Transports,\n} from \"./schemas/passkey.js\"\nexport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\nexport { isExtendedPrincipal, isPrincipal } from \"./schemas/principal.js\"\nexport type {\n AuthenticatedOptions,\n PasslockOptions,\n} from \"./shared.js\"\n"]}

package/dist/schemas/errors.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=errors.d.ts.map

package/dist/schemas/errors.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/schemas/errors.ts"],"names":[],"mappings":""}

package/dist/schemas/errors.js ADDED Viewed

@@ -0,0 +1,72 @@
+import { Schema } from "effect";
+/* Unauthorized */
+/** @internal */
+export class UnauthorizedError extends Schema.TaggedError()("@error/Unauthorized", {}) {
+}
+/** @internal */
+export const isUnauthorizedError = (payload) => Schema.is(UnauthorizedError)(payload);
+/* Forbidden */
+/** @internal */
+export class ForbiddenError extends Schema.TaggedError()("@error/Forbidden", {}) {
+}
+/** @internal */
+export const isForbiddenError = (payload) => Schema.is(ForbiddenError)(payload);
+/* InvalidCode */
+/** @internal */
+export class InvalidCodeError extends Schema.TaggedError()("@error/InvalidCode", {
+    message: Schema.String,
+}) {
+}
+/** @internal */
+export const isInvalidCodeError = (payload) => Schema.is(InvalidCodeError)(payload);
+/* InvalidTenancy */
+/** @internal */
+export class InvalidTenancyError extends Schema.TaggedError()("@error/InvalidTenancy", {
+    message: Schema.String,
+}) {
+}
+/** @internal */
+export const isInvalidTenancyError = (payload) => Schema.is(InvalidTenancyError)(payload);
+/* PasskeyNotFound */
+/** @internal */
+export class PasskeyNotFoundError extends Schema.TaggedError()("@error/PasskeyNotFound", {
+    credentialId: Schema.String,
+    message: Schema.String,
+    rpId: Schema.String,
+}) {
+}
+/** @internal */
+export const isPasskeyNotFoundError = (payload) => Schema.is(PasskeyNotFoundError)(payload);
+/* NotFound */
+/** @internal */
+export class NotFoundError extends Schema.TaggedError()("@error/NotFound", {
+    message: Schema.String,
+}) {
+}
+/** @internal */
+export const isNotFoundError = (payload) => Schema.is(NotFoundError)(payload);
+/* InvalidEmail */
+/** @internal */
+export class InvalidEmailError extends Schema.TaggedError()("@error/InvalidEmail", {
+    message: Schema.String,
+}) {
+}
+/** @internal */
+export const isInvalidEmailError = (payload) => Schema.is(InvalidEmailError)(payload);
+/* DuplicateEmail */
+/** @internal */
+export class DuplicateEmailError extends Schema.TaggedError()("@error/DuplicateEmail", {
+    message: Schema.String,
+}) {
+}
+/** @internal */
+export const isDuplicateEmailError = (payload) => Schema.is(DuplicateEmailError)(payload);
+/* BadRequest */
+/** @internal */
+export class BadRequestError extends Schema.TaggedError()("@error/BadRequest", {
+    message: Schema.String,
+}) {
+}
+/** @internal */
+export const isBadRequestError = (payload) => Schema.is(BadRequestError)(payload);
+//# sourceMappingURL=errors.js.map

package/dist/schemas/errors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/schemas/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAE/B,kBAAkB;AAElB,gBAAgB;AAChB,MAAM,OAAO,iBAAkB,SAAQ,MAAM,CAAC,WAAW,EAAqB,CAC5E,qBAAqB,EACrB,EAAE,CACH;CAAG;AAEJ,gBAAgB;AAChB,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,OAAgB,EACc,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,CAAA;AAExE,eAAe;AAEf,gBAAgB;AAChB,MAAM,OAAO,cAAe,SAAQ,MAAM,CAAC,WAAW,EAAkB,CACtE,kBAAkB,EAClB,EAAE,CACH;CAAG;AAEJ,gBAAgB;AAChB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,OAAgB,EAA6B,EAAE,CAC9E,MAAM,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAA;AAEpC,iBAAiB;AAEjB,gBAAgB;AAChB,MAAM,OAAO,gBAAiB,SAAQ,MAAM,CAAC,WAAW,EAAoB,CAC1E,oBAAoB,EACpB;IACE,OAAO,EAAE,MAAM,CAAC,MAAM;CACvB,CACF;CAAG;AAEJ,gBAAgB;AAChB,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,OAAgB,EACa,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAA;AAEtE,oBAAoB;AAEpB,gBAAgB;AAChB,MAAM,OAAO,mBAAoB,SAAQ,MAAM,CAAC,WAAW,EAAuB,CAChF,uBAAuB,EACvB;IACE,OAAO,EAAE,MAAM,CAAC,MAAM;CACvB,CACF;CAAG;AAEJ,gBAAgB;AAChB,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,OAAgB,EACgB,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,CAAA;AAE5E,qBAAqB;AAErB,gBAAgB;AAChB,MAAM,OAAO,oBAAqB,SAAQ,MAAM,CAAC,WAAW,EAAwB,CAClF,wBAAwB,EACxB;IACE,YAAY,EAAE,MAAM,CAAC,MAAM;IAC3B,OAAO,EAAE,MAAM,CAAC,MAAM;IACtB,IAAI,EAAE,MAAM,CAAC,MAAM;CACpB,CACF;CAAG;AAEJ,gBAAgB;AAChB,MAAM,CAAC,MAAM,sBAAsB,GAAG,CACpC,OAAgB,EACiB,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,CAAA;AAE9E,cAAc;AAEd,gBAAgB;AAChB,MAAM,OAAO,aAAc,SAAQ,MAAM,CAAC,WAAW,EAAiB,CACpE,iBAAiB,EACjB;IACE,OAAO,EAAE,MAAM,CAAC,MAAM;CACvB,CACF;CAAG;AAEJ,gBAAgB;AAChB,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAgB,EAA4B,EAAE,CAC5E,MAAM,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAA;AAEnC,kBAAkB;AAElB,gBAAgB;AAChB,MAAM,OAAO,iBAAkB,SAAQ,MAAM,CAAC,WAAW,EAAqB,CAC5E,qBAAqB,EACrB;IACE,OAAO,EAAE,MAAM,CAAC,MAAM;CACvB,CACF;CAAG;AAEJ,gBAAgB;AAChB,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,OAAgB,EACc,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,CAAA;AAExE,oBAAoB;AAEpB,gBAAgB;AAChB,MAAM,OAAO,mBAAoB,SAAQ,MAAM,CAAC,WAAW,EAAuB,CAChF,uBAAuB,EACvB;IACE,OAAO,EAAE,MAAM,CAAC,MAAM;CACvB,CACF;CAAG;AAEJ,gBAAgB;AAChB,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,OAAgB,EACgB,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,CAAA;AAE5E,gBAAgB;AAEhB,gBAAgB;AAChB,MAAM,OAAO,eAAgB,SAAQ,MAAM,CAAC,WAAW,EAAmB,CACxE,mBAAmB,EACnB;IACE,OAAO,EAAE,MAAM,CAAC,MAAM;CACvB,CACF;CAAG;AAEJ,gBAAgB;AAChB,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,OAAgB,EACY,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAA","sourcesContent":["import { Schema } from \"effect\"\n\n/* Unauthorized */\n\n/** @internal */\nexport class UnauthorizedError extends Schema.TaggedError<UnauthorizedError>()(\n \"@error/Unauthorized\",\n {}\n) {}\n\n/** @internal */\nexport const isUnauthorizedError = (\n payload: unknown\n): payload is UnauthorizedError => Schema.is(UnauthorizedError)(payload)\n\n/* Forbidden */\n\n/** @internal */\nexport class ForbiddenError extends Schema.TaggedError<ForbiddenError>()(\n \"@error/Forbidden\",\n {}\n) {}\n\n/** @internal */\nexport const isForbiddenError = (payload: unknown): payload is ForbiddenError =>\n Schema.is(ForbiddenError)(payload)\n\n/* InvalidCode */\n\n/** @internal */\nexport class InvalidCodeError extends Schema.TaggedError<InvalidCodeError>()(\n \"@error/InvalidCode\",\n {\n message: Schema.String,\n }\n) {}\n\n/** @internal */\nexport const isInvalidCodeError = (\n payload: unknown\n): payload is InvalidCodeError => Schema.is(InvalidCodeError)(payload)\n\n/* InvalidTenancy */\n\n/** @internal */\nexport class InvalidTenancyError extends Schema.TaggedError<InvalidTenancyError>()(\n \"@error/InvalidTenancy\",\n {\n message: Schema.String,\n }\n) {}\n\n/** @internal */\nexport const isInvalidTenancyError = (\n payload: unknown\n): payload is InvalidTenancyError => Schema.is(InvalidTenancyError)(payload)\n\n/* PasskeyNotFound */\n\n/** @internal */\nexport class PasskeyNotFoundError extends Schema.TaggedError<PasskeyNotFoundError>()(\n \"@error/PasskeyNotFound\",\n {\n credentialId: Schema.String,\n message: Schema.String,\n rpId: Schema.String,\n }\n) {}\n\n/** @internal */\nexport const isPasskeyNotFoundError = (\n payload: unknown\n): payload is PasskeyNotFoundError => Schema.is(PasskeyNotFoundError)(payload)\n\n/* NotFound */\n\n/** @internal */\nexport class NotFoundError extends Schema.TaggedError<NotFoundError>()(\n \"@error/NotFound\",\n {\n message: Schema.String,\n }\n) {}\n\n/** @internal */\nexport const isNotFoundError = (payload: unknown): payload is NotFoundError =>\n Schema.is(NotFoundError)(payload)\n\n/* InvalidEmail */\n\n/** @internal */\nexport class InvalidEmailError extends Schema.TaggedError<InvalidEmailError>()(\n \"@error/InvalidEmail\",\n {\n message: Schema.String,\n }\n) {}\n\n/** @internal */\nexport const isInvalidEmailError = (\n payload: unknown\n): payload is InvalidEmailError => Schema.is(InvalidEmailError)(payload)\n\n/* DuplicateEmail */\n\n/** @internal */\nexport class DuplicateEmailError extends Schema.TaggedError<DuplicateEmailError>()(\n \"@error/DuplicateEmail\",\n {\n message: Schema.String,\n }\n) {}\n\n/** @internal */\nexport const isDuplicateEmailError = (\n payload: unknown\n): payload is DuplicateEmailError => Schema.is(DuplicateEmailError)(payload)\n\n/* BadRequest */\n\n/** @internal */\nexport class BadRequestError extends Schema.TaggedError<BadRequestError>()(\n \"@error/BadRequest\",\n {\n message: Schema.String,\n }\n) {}\n\n/** @internal */\nexport const isBadRequestError = (\n payload: unknown\n): payload is BadRequestError => Schema.is(BadRequestError)(payload)\n"]}

package/dist/schemas/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export * from "./errors.js";
+export * from "./passkey.js";
+export * from "./principal.js";
+export * from "./signup.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/schemas/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/schemas/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAA;AAC3B,cAAc,cAAc,CAAA;AAC5B,cAAc,gBAAgB,CAAA;AAC9B,cAAc,aAAa,CAAA"}

package/dist/schemas/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+export * from "./errors.js";
+export * from "./passkey.js";
+export * from "./principal.js";
+export * from "./signup.js";
+//# sourceMappingURL=index.js.map

package/dist/schemas/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/schemas/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAA;AAC3B,cAAc,cAAc,CAAA;AAC5B,cAAc,gBAAgB,CAAA;AAC9B,cAAc,aAAa,CAAA","sourcesContent":["export * from \"./errors.js\"\nexport * from \"./passkey.js\"\nexport * from \"./principal.js\"\nexport * from \"./signup.js\"\n"]}

package/dist/schemas/passkey.d.ts ADDED Viewed

@@ -0,0 +1,85 @@
+import { Schema } from "effect";
+export declare const UserVerification: Schema.Literal<["required", "preferred", "discouraged"]>;
+export declare const CredentialDeviceType: readonly ["singleDevice", "multiDevice"];
+export type CredentialDeviceType = (typeof CredentialDeviceType)[number];
+export declare const Transports: readonly ["ble", "hybrid", "internal", "nfc", "usb", "cable", "smart-card"];
+export type Transports = (typeof Transports)[number];
+export declare const Passkey: Schema.TaggedStruct<"Passkey", {
+    id: typeof Schema.String;
+    userId: Schema.optional<typeof Schema.String>;
+    enabled: typeof Schema.Boolean;
+    credential: Schema.Struct<{
+        id: typeof Schema.String;
+        userId: typeof Schema.String;
+        username: typeof Schema.String;
+        aaguid: typeof Schema.String;
+        backedUp: typeof Schema.Boolean;
+        counter: typeof Schema.Number;
+        deviceType: Schema.Literal<["singleDevice", "multiDevice"]>;
+        transports: Schema.Array$<Schema.Literal<["ble", "hybrid", "internal", "nfc", "usb", "cable", "smart-card"]>>;
+        publicKey: Schema.Schema<Uint8Array<ArrayBufferLike>, string, never>;
+        rpId: typeof Schema.String;
+    }>;
+    platform: Schema.optional<Schema.Struct<{
+        icon: Schema.optional<typeof Schema.String>;
+        name: Schema.optional<typeof Schema.String>;
+    }>>;
+    lastUsed: Schema.optional<typeof Schema.Number>;
+    createdAt: typeof Schema.Number;
+    updatedAt: typeof Schema.Number;
+}>;
+export type Passkey = typeof Passkey.Type;
+export type PasskeyEncoded = typeof Passkey.Encoded;
+export declare const PasskeySummary: Schema.TaggedStruct<"PasskeySummary", {
+    id: typeof Schema.String;
+    userId: typeof Schema.String;
+    credential: Schema.Struct<{
+        id: typeof Schema.String;
+        userId: typeof Schema.String;
+    }>;
+    enabled: typeof Schema.Boolean;
+    createdAt: typeof Schema.Number;
+    lastUsed: Schema.optional<typeof Schema.Number>;
+}>;
+export type PasskeySummary = typeof PasskeySummary.Type;
+export declare const FindAllPasskeys: Schema.TaggedStruct<"FindAllPasskeys", {
+    cursor: Schema.NullOr<typeof Schema.String>;
+    records: Schema.Array$<Schema.TaggedStruct<"PasskeySummary", {
+        id: typeof Schema.String;
+        userId: typeof Schema.String;
+        credential: Schema.Struct<{
+            id: typeof Schema.String;
+            userId: typeof Schema.String;
+        }>;
+        enabled: typeof Schema.Boolean;
+        createdAt: typeof Schema.Number;
+        lastUsed: Schema.optional<typeof Schema.Number>;
+    }>>;
+}>;
+export declare const UpdatedPasskeys: Schema.TaggedStruct<"UpdatedPasskeys", {
+    updated: Schema.Array$<Schema.TaggedStruct<"Passkey", {
+        id: typeof Schema.String;
+        userId: Schema.optional<typeof Schema.String>;
+        enabled: typeof Schema.Boolean;
+        credential: Schema.Struct<{
+            id: typeof Schema.String;
+            userId: typeof Schema.String;
+            username: typeof Schema.String;
+            aaguid: typeof Schema.String;
+            backedUp: typeof Schema.Boolean;
+            counter: typeof Schema.Number;
+            deviceType: Schema.Literal<["singleDevice", "multiDevice"]>;
+            transports: Schema.Array$<Schema.Literal<["ble", "hybrid", "internal", "nfc", "usb", "cable", "smart-card"]>>;
+            publicKey: Schema.Schema<Uint8Array<ArrayBufferLike>, string, never>;
+            rpId: typeof Schema.String;
+        }>;
+        platform: Schema.optional<Schema.Struct<{
+            icon: Schema.optional<typeof Schema.String>;
+            name: Schema.optional<typeof Schema.String>;
+        }>>;
+        lastUsed: Schema.optional<typeof Schema.Number>;
+        createdAt: typeof Schema.Number;
+        updatedAt: typeof Schema.Number;
+    }>>;
+}>;
+//# sourceMappingURL=passkey.d.ts.map

package/dist/schemas/passkey.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"passkey.d.ts","sourceRoot":"","sources":["../../src/schemas/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAW/B,eAAO,MAAM,gBAAgB,0DAI5B,CAAA;AAID,eAAO,MAAM,oBAAoB,0CAA2C,CAAA;AAC5E,MAAM,MAAM,oBAAoB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAA;AAExE,eAAO,MAAM,UAAU,6EAQb,CAAA;AACV,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,CAAC,CAAA;AAIpD,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;EAyBlB,CAAA;AAEF,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,IAAI,CAAA;AAEzC,MAAM,MAAM,cAAc,GAAG,OAAO,OAAO,CAAC,OAAO,CAAA;AAEnD,eAAO,MAAM,cAAc;;;;;;;;;;EAUzB,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,OAAO,cAAc,CAAC,IAAI,CAAA;AAEvD,eAAO,MAAM,eAAe;;;;;;;;;;;;;EAG1B,CAAA;AAEF,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;EAE1B,CAAA"}