@sentropic/auth-hono 0.2.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Fabien Antoine
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,80 @@
+# @sentropic/auth-hono
+
+Reusable Hono authentication route factories, contracts, and server-side auth helpers for Sentropic-compatible apps.
+
+## Boundary
+
+`@sentropic/auth-hono` owns backend auth route composition and reusable ceremony logic for:
+
+- email code verification;
+- magic-link verification;
+- passkey registration;
+- passkey authentication;
+- session refresh/logout;
+- credential list/rename/revoke;
+- Hono auth middleware factories.
+
+Application-owned adapters provide storage, email delivery, audit logging, cookies, token secrets, and workspace/account policy.
+
+## Auth UI Alignment
+
+The package route contract is aligned with the `@sentropic/auth-ui` `AuthUiTransport` shape from BR-39a. Backend implementations must preserve those request/result boundaries while allowing host apps to mount routes under their own prefix, such as Sentropic `/auth/*` or `spa-transpose-cv` `/admin/auth/*`.
+
+## Quick start (per-route mounting)
+
+Each route handler is independent; the host app composes only the ones it wants.
+
+```ts
+import {
+  createAuthEmailRouteHandlers,
+  createAuthWebAuthnRegistrationRouteHandlers,
+  createAuthWebAuthnAuthenticationRouteHandlers,
+} from '@sentropic/auth-hono';
+import { Hono } from 'hono';
+
+const router = new Hono();
+
+const emailHandlers = createAuthEmailRouteHandlers({ service: hostEmailService });
+router.post('/email/verify-request', emailHandlers.requestEmailCode!);
+router.post('/email/verify-code', emailHandlers.verifyEmailCode!);
+
+const registerHandlers = createAuthWebAuthnRegistrationRouteHandlers({
+  prepareRegistrationOptions: hostPrepare,
+  resolveRegistrationUser: hostResolveUser,
+  service: hostRegistrationService,
+  // Optional: own the success response (session creation, cookie, rich body)
+  finalizeRegistration: hostFinalizeRegistration,
+});
+router.post('/register/options', registerHandlers.createPasskeyRegistrationOptions!);
+router.post('/register/verify', registerHandlers.verifyPasskeyRegistration!);
+```
+
+## Hooks (since 0.2.x)
+
+WebAuthn route handlers expose two host-owned extension points so the package can stay storage- and policy-agnostic while still letting hosts express their flow:
+
+- **Error short-circuit** — `prepareRegistrationOptions` / `resolveRegistrationUser` / `resolveAuthenticationOptions` may return either their normal success value **or** an `AuthHonoRouteHandlerError` (`{ error: { status, code, message } }`). The handler maps it directly to the HTTP response, so the host can refuse early (e.g. unverified email → 403) without throwing.
+- **Finalize hook** — `finalizeRegistration` / `finalizeAuthentication` are optional callbacks invoked after a successful credential verification with `{ credentialId, userId, request }` and the Hono `Context`. They return the final `Response`, giving the host full control over session creation, cookies, and the response body. Without a hook the package returns the default structured `{ credentialId, success, userId }` body.
+
+## Response contract (structured)
+
+All package handlers emit structured responses to keep contracts predictable across hosts:
+
+- success bodies carry domain-specific fields (e.g. `{ delivery: 'email', expiresAt, success: true }`, `{ success: true, verificationToken }`, `{ sessionToken, refreshToken, expiresAt, success: true }` when the host's `finalize` builds the session response);
+- error bodies are always `{ error: { code, message } }` plus an HTTP status. Hosts that need a host-specific shape (legacy flat errors, additional metadata) can wrap a handler or use the prepare/finalize hooks to project a different payload.
+
+## Mounting recipes
+
+- **Sentropic-style app** with a Drizzle/Postgres backend, WebAuthn-only login, and workspace-scoped sessions: implement `AuthHonoCredentialPort`, an `AuthHonoSessionService` adapter (or the package's `createAuthSessionService` when the full `AuthHonoPorts` bundle is wired), an `AuthHonoWebAuthnRegistrationService`/`AuthHonoWebAuthnAuthenticationService` adapter, and provide `prepareRegistrationOptions`/`resolveRegistrationUser` for first-admin + account-status policy and `finalizeRegistration`/`finalizeAuthentication` for session creation and cookie issuance. Sentropic's `api/src/services/auth/*-adapter.ts` modules show this end-to-end.
+- **DB-less admin flow** (e.g. `spa-transpose-cv` mounting at `/admin/auth/*`): use a file- or memory-backed implementation of `AuthHonoCredentialPort` and the relevant ports, skip workspace bootstrap entirely, and either rely on the default verify response or supply a minimal `finalizeAuthentication` that issues a host-managed session cookie. The package never touches workspace state, so no DB schema is required.
+
+## First Publish
+
+This is a brand-new public package. First publish requires the one-shot bootstrap flow from `rules/workflow.md`: trigger `ci.yml` with `bootstrap_publish_target=auth-hono`, handle any npm token or 2FA requirement with the npm owner, then attach the npm OIDC trusted publisher for `rhanka/sentropic` workflow `ci.yml`. Steady-state publishes should use trusted publishing and skip if the version already exists.
+
+## Versioning
+
+This branch ships `0.2.1`:
+
+- `0.2.0` adds `AuthHonoRouteHandlerError` short-circuit on WebAuthn prepare/resolve hooks and the `finalizeRegistration`/`finalizeAuthentication` post-verify hooks. Additive; existing handler signatures stay valid.
+- `0.2.1` patches `extractChallenge` (both WebAuthn handlers) to handle `credential.response === null` defensively (returns 400 `invalid_credential` instead of throwing 500).

package/dist/contracts.d.ts

@@ -0,0 +1,64 @@
+export declare const AUTH_HONO_AUTH_UI_METHODS: readonly ["requestEmailCode", "verifyEmailCode", "requestMagicLink", "verifyMagicLink", "createPasskeyRegistrationOptions", "verifyPasskeyRegistration", "createPasskeyAuthenticationOptions", "verifyPasskeyAuthentication", "refreshSession", "logout", "listCredentials", "renameCredential", "revokeCredential"];
+export type AuthHonoAuthUiMethod = (typeof AUTH_HONO_AUTH_UI_METHODS)[number];
+export type AuthHonoHttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE';
+export interface AuthHonoRouteContract {
+    method: AuthHonoHttpMethod;
+    path: string;
+}
+export declare const AUTH_HONO_ROUTE_MAP: {
+    readonly requestEmailCode: {
+        readonly method: "POST";
+        readonly path: "/email/verify-request";
+    };
+    readonly verifyEmailCode: {
+        readonly method: "POST";
+        readonly path: "/email/verify-code";
+    };
+    readonly requestMagicLink: {
+        readonly method: "POST";
+        readonly path: "/magic-link/request";
+    };
+    readonly verifyMagicLink: {
+        readonly method: "POST";
+        readonly path: "/magic-link/verify";
+    };
+    readonly createPasskeyRegistrationOptions: {
+        readonly method: "POST";
+        readonly path: "/register/options";
+    };
+    readonly verifyPasskeyRegistration: {
+        readonly method: "POST";
+        readonly path: "/register/verify";
+    };
+    readonly createPasskeyAuthenticationOptions: {
+        readonly method: "POST";
+        readonly path: "/login/options";
+    };
+    readonly verifyPasskeyAuthentication: {
+        readonly method: "POST";
+        readonly path: "/login/verify";
+    };
+    readonly refreshSession: {
+        readonly method: "POST";
+        readonly path: "/session/refresh";
+    };
+    readonly logout: {
+        readonly method: "DELETE";
+        readonly path: "/session";
+    };
+    readonly listCredentials: {
+        readonly method: "GET";
+        readonly path: "/credentials";
+    };
+    readonly renameCredential: {
+        readonly method: "PUT";
+        readonly path: "/credentials/:id";
+    };
+    readonly revokeCredential: {
+        readonly method: "DELETE";
+        readonly path: "/credentials/:id";
+    };
+};
+export declare const AUTH_HONO_REQUIRED_PORTS: readonly ["users", "credentials", "challenges", "sessions", "emailVerification", "magicLinks", "emailDelivery", "cookies", "tokens", "auditLog", "clock", "random", "accountPolicy"];
+export type AuthHonoRequiredPort = (typeof AUTH_HONO_REQUIRED_PORTS)[number];
+//# sourceMappingURL=contracts.d.ts.map

package/dist/contracts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contracts.d.ts","sourceRoot":"","sources":["../src/contracts.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,yBAAyB,sTAc5B,CAAC;AAEX,MAAM,MAAM,oBAAoB,GAAG,CAAC,OAAO,yBAAyB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE9E,MAAM,MAAM,kBAAkB,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAC;AAEnE,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,kBAAkB,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;CACd;AAED,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqDwC,CAAC;AAEzE,eAAO,MAAM,wBAAwB,sLAcgB,CAAC;AAEtD,MAAM,MAAM,oBAAoB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC"}

package/dist/contracts.js

@@ -0,0 +1,85 @@
+export const AUTH_HONO_AUTH_UI_METHODS = [
+    'requestEmailCode',
+    'verifyEmailCode',
+    'requestMagicLink',
+    'verifyMagicLink',
+    'createPasskeyRegistrationOptions',
+    'verifyPasskeyRegistration',
+    'createPasskeyAuthenticationOptions',
+    'verifyPasskeyAuthentication',
+    'refreshSession',
+    'logout',
+    'listCredentials',
+    'renameCredential',
+    'revokeCredential',
+];
+export const AUTH_HONO_ROUTE_MAP = {
+    requestEmailCode: {
+        method: 'POST',
+        path: '/email/verify-request',
+    },
+    verifyEmailCode: {
+        method: 'POST',
+        path: '/email/verify-code',
+    },
+    requestMagicLink: {
+        method: 'POST',
+        path: '/magic-link/request',
+    },
+    verifyMagicLink: {
+        method: 'POST',
+        path: '/magic-link/verify',
+    },
+    createPasskeyRegistrationOptions: {
+        method: 'POST',
+        path: '/register/options',
+    },
+    verifyPasskeyRegistration: {
+        method: 'POST',
+        path: '/register/verify',
+    },
+    createPasskeyAuthenticationOptions: {
+        method: 'POST',
+        path: '/login/options',
+    },
+    verifyPasskeyAuthentication: {
+        method: 'POST',
+        path: '/login/verify',
+    },
+    refreshSession: {
+        method: 'POST',
+        path: '/session/refresh',
+    },
+    logout: {
+        method: 'DELETE',
+        path: '/session',
+    },
+    listCredentials: {
+        method: 'GET',
+        path: '/credentials',
+    },
+    renameCredential: {
+        method: 'PUT',
+        path: '/credentials/:id',
+    },
+    revokeCredential: {
+        method: 'DELETE',
+        path: '/credentials/:id',
+    },
+};
+export const AUTH_HONO_REQUIRED_PORTS = [
+    'users',
+    'credentials',
+    'challenges',
+    'sessions',
+    'emailVerification',
+    'magicLinks',
+    'emailDelivery',
+    'cookies',
+    'tokens',
+    'auditLog',
+    'clock',
+    'random',
+    'accountPolicy',
+];
+//# sourceMappingURL=contracts.js.map

package/dist/contracts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contracts.js","sourceRoot":"","sources":["../src/contracts.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,kBAAkB;IAClB,iBAAiB;IACjB,kBAAkB;IAClB,iBAAiB;IACjB,kCAAkC;IAClC,2BAA2B;IAC3B,oCAAoC;IACpC,6BAA6B;IAC7B,gBAAgB;IAChB,QAAQ;IACR,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;CACV,CAAC;AAWX,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,gBAAgB,EAAE;QAChB,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,uBAAuB;KAC9B;IACD,eAAe,EAAE;QACf,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,oBAAoB;KAC3B;IACD,gBAAgB,EAAE;QAChB,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,qBAAqB;KAC5B;IACD,eAAe,EAAE;QACf,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,oBAAoB;KAC3B;IACD,gCAAgC,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,mBAAmB;KAC1B;IACD,yBAAyB,EAAE;QACzB,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,kBAAkB;KACzB;IACD,kCAAkC,EAAE;QAClC,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,gBAAgB;KACvB;IACD,2BAA2B,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,eAAe;KACtB;IACD,cAAc,EAAE;QACd,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,kBAAkB;KACzB;IACD,MAAM,EAAE;QACN,MAAM,EAAE,QAAQ;QAChB,IAAI,EAAE,UAAU;KACjB;IACD,eAAe,EAAE;QACf,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,cAAc;KACrB;IACD,gBAAgB,EAAE;QAChB,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,kBAAkB;KACzB;IACD,gBAAgB,EAAE;QAChB,MAAM,EAAE,QAAQ;QAChB,IAAI,EAAE,kBAAkB;KACzB;CACqE,CAAC;AAEzE,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,OAAO;IACP,aAAa;IACb,YAAY;IACZ,UAAU;IACV,mBAAmB;IACnB,YAAY;IACZ,eAAe;IACf,SAAS;IACT,QAAQ;IACR,UAAU;IACV,OAAO;IACP,QAAQ;IACR,eAAe;CACoC,CAAC"}

package/dist/credential-route-handlers.d.ts

@@ -0,0 +1,13 @@
+import type { Context } from 'hono';
+import type { AuthHonoCredentialPort } from './ports.js';
+import type { AuthHonoRouteHandlers } from './router.js';
+export interface AuthHonoCredentialRouteSession {
+    userId: string;
+}
+export type AuthHonoCredentialSessionResolver = (c: Context) => Promise<AuthHonoCredentialRouteSession | null>;
+export interface CreateAuthCredentialRouteHandlersOptions {
+    credentials: AuthHonoCredentialPort;
+    resolveSession: AuthHonoCredentialSessionResolver;
+}
+export declare const createAuthCredentialRouteHandlers: (options: CreateAuthCredentialRouteHandlersOptions) => AuthHonoRouteHandlers;
+//# sourceMappingURL=credential-route-handlers.d.ts.map

package/dist/credential-route-handlers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-route-handlers.d.ts","sourceRoot":"","sources":["../src/credential-route-handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAGpC,OAAO,KAAK,EAAE,sBAAsB,EAA4B,MAAM,YAAY,CAAC;AACnF,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEzD,MAAM,WAAW,8BAA8B;IAC7C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,iCAAiC,GAAG,CAC9C,CAAC,EAAE,OAAO,KACP,OAAO,CAAC,8BAA8B,GAAG,IAAI,CAAC,CAAC;AAEpD,MAAM,WAAW,wCAAwC;IACvD,WAAW,EAAE,sBAAsB,CAAC;IACpC,cAAc,EAAE,iCAAiC,CAAC;CACnD;AAMD,eAAO,MAAM,iCAAiC,YACnC,wCAAwC,KAChD,qBAiED,CAAC"}

package/dist/credential-route-handlers.js

@@ -0,0 +1,102 @@
+import { z } from 'zod';
+const renameCredentialSchema = z.object({
+    deviceName: z.string().min(1).max(100),
+});
+export const createAuthCredentialRouteHandlers = (options) => ({
+    async listCredentials(c) {
+        const session = await options.resolveSession(c);
+        if (!session) {
+            return authenticationRequired(c);
+        }
+        const credentials = await options.credentials.listForUser(session.userId);
+        return c.json({ credentials: credentials.map(toCredentialResponse) });
+    },
+    async renameCredential(c) {
+        const session = await options.resolveSession(c);
+        if (!session) {
+            return authenticationRequired(c);
+        }
+        const parsed = await parseJson(c, renameCredentialSchema);
+        if (!parsed.ok) {
+            return invalidInput(c, parsed.error);
+        }
+        const checked = await requireOwnedCredential(c, options, session.userId);
+        if (!checked.ok) {
+            return checked.response;
+        }
+        const renamed = await options.credentials.rename(checked.credential.id, session.userId, parsed.value.deviceName);
+        if (!renamed) {
+            return credentialNotFound(c);
+        }
+        return c.json({ credential: toCredentialResponse(renamed), success: true });
+    },
+    async revokeCredential(c) {
+        const session = await options.resolveSession(c);
+        if (!session) {
+            return authenticationRequired(c);
+        }
+        const checked = await requireOwnedCredential(c, options, session.userId);
+        if (!checked.ok) {
+            return checked.response;
+        }
+        const revoked = await options.credentials.revoke(checked.credential.id, session.userId);
+        if (!revoked) {
+            return credentialNotFound(c);
+        }
+        return c.json({ success: true });
+    },
+});
+const toCredentialResponse = (credential) => ({
+    backedUp: credential.backedUp,
+    counter: credential.counter,
+    createdAt: credential.createdAt.toISOString(),
+    credentialId: credential.credentialId,
+    deviceName: credential.name ?? 'Unnamed credential',
+    deviceType: credential.deviceType,
+    id: credential.id,
+    lastUsedAt: credential.lastUsedAt ? credential.lastUsedAt.toISOString() : null,
+    transports: credential.transports,
+});
+const requireOwnedCredential = async (c, options, userId) => {
+    const credentialId = c.req.param('id');
+    if (!credentialId) {
+        return { ok: false, response: credentialNotFound(c) };
+    }
+    const credential = await options.credentials.findById(credentialId);
+    if (!credential) {
+        return { ok: false, response: credentialNotFound(c) };
+    }
+    if (credential.userId !== userId) {
+        return { ok: false, response: forbidden(c) };
+    }
+    return { credential, ok: true };
+};
+const parseJson = async (c, schema) => {
+    const body = await c.req.json().catch(() => null);
+    const parsed = schema.safeParse(body);
+    if (!parsed.success) {
+        return { error: parsed.error, ok: false };
+    }
+    return { ok: true, value: parsed.data };
+};
+const authenticationRequired = (c) => c.json({
+    error: {
+        code: 'authentication_required',
+        message: 'Authentication is required to access credentials.',
+    },
+}, 401);
+const invalidInput = (c, error) => c.json({
+    error: {
+        code: 'invalid_input',
+        details: error.errors,
+        message: 'Invalid request data.',
+    },
+}, 400);
+const credentialNotFound = (c) => c.json({ error: { code: 'credential_not_found', message: 'Credential not found.' } }, 404);
+const forbidden = (c) => c.json({
+    error: {
+        code: 'forbidden',
+        message: 'Credential does not belong to the authenticated user.',
+    },
+}, 403);
+//# sourceMappingURL=credential-route-handlers.js.map

package/dist/credential-route-handlers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-route-handlers.js","sourceRoot":"","sources":["../src/credential-route-handlers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAkBxB,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;CACvC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iCAAiC,GAAG,CAC/C,OAAiD,EAC1B,EAAE,CAAC,CAAC;IAC3B,KAAK,CAAC,eAAe,CAAC,CAAC;QACrB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QAEhD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC1E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QAEhD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,CAAC,EAAE,sBAAsB,CAAC,CAAC;QAE1D,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAEzE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,OAAO,OAAO,CAAC,QAAQ,CAAC;QAC1B,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,MAAM,CAC9C,OAAO,CAAC,UAAU,CAAC,EAAE,EACrB,OAAO,CAAC,MAAM,EACd,MAAM,CAAC,KAAK,CAAC,UAAU,CACxB,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,oBAAoB,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QAEhD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAEzE,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,OAAO,OAAO,CAAC,QAAQ,CAAC;QAC1B,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAExF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACnC,CAAC;CACF,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,CAAC,UAAoC,EAAE,EAAE,CAAC,CAAC;IACtE,QAAQ,EAAE,UAAU,CAAC,QAAQ;IAC7B,OAAO,EAAE,UAAU,CAAC,OAAO;IAC3B,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,WAAW,EAAE;IAC7C,YAAY,EAAE,UAAU,CAAC,YAAY;IACrC,UAAU,EAAE,UAAU,CAAC,IAAI,IAAI,oBAAoB;IACnD,UAAU,EAAE,UAAU,CAAC,UAAU;IACjC,EAAE,EAAE,UAAU,CAAC,EAAE;IACjB,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;IAC9E,UAAU,EAAE,UAAU,CAAC,UAAU;CAClC,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,KAAK,EAClC,CAAU,EACV,OAAiD,EACjD,MAAc,EACmF,EAAE;IACnG,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEvC,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC;IACxD,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAEpE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC;IACxD,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AAClC,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,KAAK,EACrB,CAAU,EACV,MAAS,EACoE,EAAE;IAC/E,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAEtC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC1C,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAG,CAAC,CAAU,EAAY,EAAE,CACtD,CAAC,CAAC,IAAI,CACJ;IACE,KAAK,EAAE;QACL,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,mDAAmD;KAC7D;CACF,EACD,GAAG,CACJ,CAAC;AAEJ,MAAM,YAAY,GAAG,CAAC,CAAU,EAAE,KAAiB,EAAY,EAAE,CAC/D,CAAC,CAAC,IAAI,CACJ;IACE,KAAK,EAAE;QACL,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,KAAK,CAAC,MAAM;QACrB,OAAO,EAAE,uBAAuB;KACjC;CACF,EACD,GAAG,CACJ,CAAC;AAEJ,MAAM,kBAAkB,GAAG,CAAC,CAAU,EAAY,EAAE,CAClD,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,uBAAuB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;AAE7F,MAAM,SAAS,GAAG,CAAC,CAAU,EAAY,EAAE,CACzC,CAAC,CAAC,IAAI,CACJ;IACE,KAAK,EAAE;QACL,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uDAAuD;KACjE;CACF,EACD,GAAG,CACJ,CAAC"}

package/dist/email-verification.d.ts

@@ -0,0 +1,41 @@
+import type { AuthHonoPorts } from './ports.js';
+export interface CreateAuthEmailVerificationServiceOptions {
+    codeLength?: number;
+    codeTtlSeconds?: number;
+    maxRequestsPerWindow?: number;
+    ports: AuthHonoPorts;
+    verificationTokenTtlSeconds?: number;
+    windowSeconds?: number;
+}
+export interface AuthHonoRequestEmailCodeInput {
+    email: string;
+}
+export interface AuthHonoVerifyEmailCodeInput {
+    code: string;
+    email: string;
+}
+export type AuthHonoRequestEmailCodeResult = {
+    expiresAt: Date;
+    success: true;
+} | {
+    error: AuthHonoServiceError;
+    success: false;
+};
+export type AuthHonoVerifyEmailCodeResult = {
+    valid: true;
+    verificationToken: string;
+} | {
+    error: AuthHonoServiceError;
+    valid: false;
+};
+export interface AuthHonoServiceError {
+    code: string;
+    message: string;
+    status: number;
+}
+export interface AuthHonoEmailVerificationService {
+    requestEmailCode(input: AuthHonoRequestEmailCodeInput): Promise<AuthHonoRequestEmailCodeResult>;
+    verifyEmailCode(input: AuthHonoVerifyEmailCodeInput): Promise<AuthHonoVerifyEmailCodeResult>;
+}
+export declare const createAuthEmailVerificationService: (options: CreateAuthEmailVerificationServiceOptions) => AuthHonoEmailVerificationService;
+//# sourceMappingURL=email-verification.d.ts.map

package/dist/email-verification.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-verification.d.ts","sourceRoot":"","sources":["../src/email-verification.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,MAAM,WAAW,yCAAyC;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,KAAK,EAAE,aAAa,CAAC;IACrB,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,6BAA6B;IAC5C,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,4BAA4B;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,MAAM,8BAA8B,GACtC;IACE,SAAS,EAAE,IAAI,CAAC;IAChB,OAAO,EAAE,IAAI,CAAC;CACf,GACD;IACE,KAAK,EAAE,oBAAoB,CAAC;IAC5B,OAAO,EAAE,KAAK,CAAC;CAChB,CAAC;AAEN,MAAM,MAAM,6BAA6B,GACrC;IACE,KAAK,EAAE,IAAI,CAAC;IACZ,iBAAiB,EAAE,MAAM,CAAC;CAC3B,GACD;IACE,KAAK,EAAE,oBAAoB,CAAC;IAC5B,KAAK,EAAE,KAAK,CAAC;CACd,CAAC;AAEN,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gCAAgC;IAC/C,gBAAgB,CAAC,KAAK,EAAE,6BAA6B,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAC;IAChG,eAAe,CAAC,KAAK,EAAE,4BAA4B,GAAG,OAAO,CAAC,6BAA6B,CAAC,CAAC;CAC9F;AAED,eAAO,MAAM,kCAAkC,YACpC,yCAAyC,KACjD,gCAyEF,CAAC"}

package/dist/email-verification.js

@@ -0,0 +1,65 @@
+export const createAuthEmailVerificationService = (options) => {
+    const codeLength = options.codeLength ?? 6;
+    const codeTtlSeconds = options.codeTtlSeconds ?? 10 * 60;
+    const maxRequestsPerWindow = options.maxRequestsPerWindow ?? 3;
+    const verificationTokenTtlSeconds = options.verificationTokenTtlSeconds ?? 15 * 60;
+    const windowSeconds = options.windowSeconds ?? 10 * 60;
+    return {
+        async requestEmailCode(input) {
+            const email = options.ports.accountPolicy.normalizeEmail(input.email);
+            const now = options.ports.clock.now();
+            const windowStart = options.ports.clock.addSeconds(now, -windowSeconds);
+            const recentCount = await options.ports.emailVerification.countRecent(email, windowStart);
+            if (recentCount >= maxRequestsPerWindow) {
+                return {
+                    error: {
+                        code: 'rate_limited',
+                        message: 'Too many verification code requests.',
+                        status: 429,
+                    },
+                    success: false,
+                };
+            }
+            const code = options.ports.random.numericCode(codeLength);
+            const codeHash = await options.ports.tokens.hashSecret(code);
+            const expiresAt = options.ports.clock.addSeconds(now, codeTtlSeconds);
+            await options.ports.emailVerification.createCode({
+                email,
+                codeHash,
+                expiresAt,
+                now,
+            });
+            await options.ports.emailDelivery.sendVerificationCode({ email, code, expiresAt });
+            return {
+                expiresAt,
+                success: true,
+            };
+        },
+        async verifyEmailCode(input) {
+            const email = options.ports.accountPolicy.normalizeEmail(input.email);
+            const codeHash = await options.ports.tokens.hashSecret(input.code);
+            const now = options.ports.clock.now();
+            const record = await options.ports.emailVerification.findLatestValidCode(email, codeHash, now);
+            if (!record || record.used || record.expiresAt <= now) {
+                return {
+                    error: {
+                        code: 'invalid_or_expired_code',
+                        message: 'Verification code is invalid or expired.',
+                        status: 400,
+                    },
+                    valid: false,
+                };
+            }
+            const verificationToken = await options.ports.tokens.signVerificationToken({
+                email,
+                expiresAt: options.ports.clock.addSeconds(now, verificationTokenTtlSeconds),
+            });
+            await options.ports.emailVerification.markUsedWithVerificationToken(record.id, verificationToken);
+            return {
+                valid: true,
+                verificationToken,
+            };
+        },
+    };
+};
+//# sourceMappingURL=email-verification.js.map

package/dist/email-verification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-verification.js","sourceRoot":"","sources":["../src/email-verification.ts"],"names":[],"mappings":"AAmDA,MAAM,CAAC,MAAM,kCAAkC,GAAG,CAChD,OAAkD,EAChB,EAAE;IACpC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC;IAC3C,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,EAAE,GAAG,EAAE,CAAC;IACzD,MAAM,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,IAAI,CAAC,CAAC;IAC/D,MAAM,2BAA2B,GAAG,OAAO,CAAC,2BAA2B,IAAI,EAAE,GAAG,EAAE,CAAC;IACnF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,EAAE,GAAG,EAAE,CAAC;IAEvD,OAAO;QACL,KAAK,CAAC,gBAAgB,CAAC,KAAK;YAC1B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC;YACxE,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;YAE1F,IAAI,WAAW,IAAI,oBAAoB,EAAE,CAAC;gBACxC,OAAO;oBACL,KAAK,EAAE;wBACL,IAAI,EAAE,cAAc;wBACpB,OAAO,EAAE,sCAAsC;wBAC/C,MAAM,EAAE,GAAG;qBACZ;oBACD,OAAO,EAAE,KAAK;iBACf,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;YAC1D,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC7D,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;YAEtE,MAAM,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,UAAU,CAAC;gBAC/C,KAAK;gBACL,QAAQ;gBACR,SAAS;gBACT,GAAG;aACJ,CAAC,CAAC;YACH,MAAM,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,oBAAoB,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;YAEnF,OAAO;gBACL,SAAS;gBACT,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,eAAe,CAAC,KAAK;YACzB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;YAE/F,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,SAAS,IAAI,GAAG,EAAE,CAAC;gBACtD,OAAO;oBACL,KAAK,EAAE;wBACL,IAAI,EAAE,yBAAyB;wBAC/B,OAAO,EAAE,0CAA0C;wBACnD,MAAM,EAAE,GAAG;qBACZ;oBACD,KAAK,EAAE,KAAK;iBACb,CAAC;YACJ,CAAC;YAED,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,qBAAqB,CAAC;gBACzE,KAAK;gBACL,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,2BAA2B,CAAC;aAC5E,CAAC,CAAC;YAEH,MAAM,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,6BAA6B,CAAC,MAAM,CAAC,EAAE,EAAE,iBAAiB,CAAC,CAAC;YAElG,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,iBAAiB;aAClB,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,15 @@
+export * from './contracts.js';
+export * from './credential-route-handlers.js';
+export * from './email-verification.js';
+export * from './magic-link.js';
+export * from './middleware.js';
+export * from './ports.js';
+export * from './route-handlers.js';
+export * from './router.js';
+export * from './session.js';
+export * from './session-route-handlers.js';
+export * from './webauthn-authentication.js';
+export * from './webauthn-authentication-route-handlers.js';
+export * from './webauthn-registration.js';
+export * from './webauthn-registration-route-handlers.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,qBAAqB,CAAC;AACpC,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,6BAA6B,CAAC;AAC5C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,6CAA6C,CAAC;AAC5D,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2CAA2C,CAAC"}

package/dist/index.js

@@ -0,0 +1,15 @@
+export * from './contracts.js';
+export * from './credential-route-handlers.js';
+export * from './email-verification.js';
+export * from './magic-link.js';
+export * from './middleware.js';
+export * from './ports.js';
+export * from './route-handlers.js';
+export * from './router.js';
+export * from './session.js';
+export * from './session-route-handlers.js';
+export * from './webauthn-authentication.js';
+export * from './webauthn-authentication-route-handlers.js';
+export * from './webauthn-registration.js';
+export * from './webauthn-registration-route-handlers.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC;AAC3B,cAAc,qBAAqB,CAAC;AACpC,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,6BAA6B,CAAC;AAC5C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,6CAA6C,CAAC;AAC5D,cAAc,4BAA4B,CAAC;AAC3C,cAAc,2CAA2C,CAAC"}

package/dist/magic-link.d.ts

@@ -0,0 +1,40 @@
+import type { AuthHonoPorts, AuthHonoUserRecord } from './ports.js';
+export interface CreateAuthMagicLinkServiceOptions {
+    baseUrl: string;
+    ports: AuthHonoPorts;
+    tokenBytes?: number;
+    ttlSeconds?: number;
+}
+export interface AuthHonoRequestMagicLinkInput {
+    email: string;
+    userId?: string | null;
+}
+export interface AuthHonoVerifyMagicLinkInput {
+    token: string;
+}
+export type AuthHonoRequestMagicLinkResult = {
+    expiresAt: Date;
+    success: true;
+} | {
+    error: AuthHonoMagicLinkError;
+    success: false;
+};
+export type AuthHonoVerifyMagicLinkResult = {
+    email: string;
+    user: AuthHonoUserRecord;
+    valid: true;
+} | {
+    error: AuthHonoMagicLinkError;
+    valid: false;
+};
+export interface AuthHonoMagicLinkError {
+    code: string;
+    message: string;
+    status: number;
+}
+export interface AuthHonoMagicLinkService {
+    requestMagicLink(input: AuthHonoRequestMagicLinkInput): Promise<AuthHonoRequestMagicLinkResult>;
+    verifyMagicLink(input: AuthHonoVerifyMagicLinkInput): Promise<AuthHonoVerifyMagicLinkResult>;
+}
+export declare const createAuthMagicLinkService: (options: CreateAuthMagicLinkServiceOptions) => AuthHonoMagicLinkService;
+//# sourceMappingURL=magic-link.d.ts.map

package/dist/magic-link.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"magic-link.d.ts","sourceRoot":"","sources":["../src/magic-link.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEpE,MAAM,WAAW,iCAAiC;IAChD,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,6BAA6B;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;AAED,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,MAAM,8BAA8B,GACtC;IACE,SAAS,EAAE,IAAI,CAAC;IAChB,OAAO,EAAE,IAAI,CAAC;CACf,GACD;IACE,KAAK,EAAE,sBAAsB,CAAC;IAC9B,OAAO,EAAE,KAAK,CAAC;CAChB,CAAC;AAEN,MAAM,MAAM,6BAA6B,GACrC;IACE,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,kBAAkB,CAAC;IACzB,KAAK,EAAE,IAAI,CAAC;CACb,GACD;IACE,KAAK,EAAE,sBAAsB,CAAC;IAC9B,KAAK,EAAE,KAAK,CAAC;CACd,CAAC;AAEN,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,gBAAgB,CAAC,KAAK,EAAE,6BAA6B,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAC;IAChG,eAAe,CAAC,KAAK,EAAE,4BAA4B,GAAG,OAAO,CAAC,6BAA6B,CAAC,CAAC;CAC9F;AAED,eAAO,MAAM,0BAA0B,YAC5B,iCAAiC,KACzC,wBAyDF,CAAC"}