@vonosan/auth 0.2.1

package/dist/service/auth.service.d.ts

@@ -0,0 +1,73 @@
+/**
+ * ──────────────────────────────────────────────────────────────────
+ * 🏢 Company Name: Bonifade Technologies
+ * 👨‍💻 Developer: Bowofade Oyerinde
+ * 🐙 GitHub: oyenet1
+ * 📅 Created Date: 2026-04-05
+ * 🔄 Updated Date: 2026-04-05
+ * ──────────────────────────────────────────────────────────────────
+ */
+import type { PostgresJsDatabase } from 'drizzle-orm/postgres-js';
+import { accounts } from '../schema.js';
+export interface AuthTokens {
+    accessToken: string;
+    refreshToken: string;
+    sessionId: string;
+}
+export interface RegisterInput {
+    email: string;
+    password: string;
+    username?: string;
+}
+/**
+ * AuthService — handles all authentication flows.
+ *
+ * Inject via constructor with a Drizzle db instance and JWT secret.
+ */
+export declare class AuthService {
+    private readonly db;
+    private readonly jwtSecret;
+    constructor(db: PostgresJsDatabase<typeof import('../schema.js')>, jwtSecret: string);
+    /**
+     * Register a new account with email + password.
+     * Assigns the 'user' role by default.
+     */
+    register(email: string, password: string, username?: string): Promise<{
+        id: string;
+        email: string;
+    }>;
+    /**
+     * Authenticate with email + password.
+     * Creates a session and returns access + refresh tokens.
+     */
+    login(email: string, password: string, ip?: string, userAgent?: string): Promise<AuthTokens>;
+    /**
+     * Exchange a refresh token for a new access + refresh token pair.
+     * Rotates the refresh token (old session deleted, new one created).
+     */
+    refresh(refreshToken: string): Promise<AuthTokens>;
+    /**
+     * Invalidate a session by ID.
+     */
+    logout(sessionId: string): Promise<void>;
+    /**
+     * Generate a 6-digit OTP for password reset.
+     * Stores the hash; returns the raw OTP so the caller can send it via email.
+     */
+    forgotPassword(email: string): Promise<string>;
+    /**
+     * Verify OTP and update the account password.
+     * Invalidates all existing sessions after reset.
+     */
+    resetPassword(email: string, otp: string, newPassword: string): Promise<void>;
+    /**
+     * Find or create an account for OAuth providers (Google, GitHub, etc.).
+     * Returns the account and whether it was newly created.
+     */
+    findOrCreateOAuthAccount(_provider: string, _providerId: string, email: string, name: string): Promise<{
+        account: typeof accounts.$inferSelect;
+        isNew: boolean;
+    }>;
+    private _createSession;
+}
+//# sourceMappingURL=auth.service.d.ts.map

package/dist/service/auth.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/service/auth.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAIjE,OAAO,EAAE,QAAQ,EAAmC,MAAM,cAAc,CAAA;AAOxE,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAID;;;;GAIG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,EAAE;IACnB,OAAO,CAAC,QAAQ,CAAC,SAAS;gBADT,EAAE,EAAE,kBAAkB,CAAC,cAAc,cAAc,CAAC,CAAC,EACrD,SAAS,EAAE,MAAM;IAKpC;;;OAGG;IACG,QAAQ,CACZ,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IA+BzC;;;OAGG;IACG,KAAK,CACT,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,EAAE,CAAC,EAAE,MAAM,EACX,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,UAAU,CAAC;IAyBtB;;;OAGG;IACG,OAAO,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IA8CxD;;OAEG;IACG,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO9C;;;OAGG;IACG,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwCpD;;;OAGG;IACG,aAAa,CACjB,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,EACX,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAkDhB;;;OAGG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,GACX,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,QAAQ,CAAC,YAAY,CAAC;QAAC,KAAK,EAAE,OAAO,CAAA;KAAE,CAAC;YAiCvD,cAAc;CA6B7B"}

package/dist/service/auth.service.js

@@ -0,0 +1,249 @@
+/**
+ * ──────────────────────────────────────────────────────────────────
+ * 🏢 Company Name: Bonifade Technologies
+ * 👨‍💻 Developer: Bowofade Oyerinde
+ * 🐙 GitHub: oyenet1
+ * 📅 Created Date: 2026-04-05
+ * 🔄 Updated Date: 2026-04-05
+ * ──────────────────────────────────────────────────────────────────
+ */
+import { eq, and, gt } from 'drizzle-orm';
+import { HTTPException } from 'hono/http-exception';
+import { generateId } from 'vonosan/server';
+import { Logger } from 'vonosan/server';
+import { accounts, authSessions, verificationCodes } from '../schema.js';
+import { hashPassword, verifyPassword } from '../lib/password.js';
+import { signAccessToken, signRefreshToken, verifyToken } from '../lib/jwt.js';
+import { generateOtp, hashOtp, verifyOtp } from '../lib/otp.js';
+// ─── AuthService ─────────────────────────────────────────────────────────────
+/**
+ * AuthService — handles all authentication flows.
+ *
+ * Inject via constructor with a Drizzle db instance and JWT secret.
+ */
+export class AuthService {
+    db;
+    jwtSecret;
+    constructor(db, jwtSecret) {
+        this.db = db;
+        this.jwtSecret = jwtSecret;
+    }
+    // ─── register ──────────────────────────────────────────────────────────────
+    /**
+     * Register a new account with email + password.
+     * Assigns the 'user' role by default.
+     */
+    async register(email, password, username) {
+        const existing = await this.db
+            .select({ id: accounts.id })
+            .from(accounts)
+            .where(eq(accounts.email, email.toLowerCase()))
+            .limit(1);
+        if (existing.length > 0) {
+            throw new HTTPException(409, { message: 'An account with this email already exists' });
+        }
+        const id = generateId();
+        const passwordHash = await hashPassword(password);
+        const resolvedUsername = username ?? email.split('@')[0];
+        await this.db.insert(accounts).values({
+            id,
+            email: email.toLowerCase(),
+            username: resolvedUsername,
+            password_hash: passwordHash,
+            status: 'active',
+            current_role: 'user',
+            language: 'en',
+        });
+        Logger.info('[auth] Account registered', { id, email });
+        return { id, email: email.toLowerCase() };
+    }
+    // ─── login ─────────────────────────────────────────────────────────────────
+    /**
+     * Authenticate with email + password.
+     * Creates a session and returns access + refresh tokens.
+     */
+    async login(email, password, ip, userAgent) {
+        const [account] = await this.db
+            .select()
+            .from(accounts)
+            .where(eq(accounts.email, email.toLowerCase()))
+            .limit(1);
+        if (!account || !account.password_hash) {
+            throw new HTTPException(401, { message: 'Invalid email or password' });
+        }
+        if (account.status !== 'active') {
+            throw new HTTPException(403, { message: 'Account is suspended' });
+        }
+        const valid = await verifyPassword(password, account.password_hash);
+        if (!valid) {
+            throw new HTTPException(401, { message: 'Invalid email or password' });
+        }
+        return this._createSession(account, ip, userAgent);
+    }
+    // ─── refresh ───────────────────────────────────────────────────────────────
+    /**
+     * Exchange a refresh token for a new access + refresh token pair.
+     * Rotates the refresh token (old session deleted, new one created).
+     */
+    async refresh(refreshToken) {
+        const payload = await verifyToken(refreshToken, this.jwtSecret);
+        if (!payload) {
+            throw new HTTPException(401, { message: 'Invalid or expired refresh token' });
+        }
+        if (!payload.sub) {
+            throw new HTTPException(401, { message: 'Invalid refresh token subject' });
+        }
+        // Verify session exists
+        const tokenHash = await hashOtp(refreshToken);
+        const [session] = await this.db
+            .select()
+            .from(authSessions)
+            .where(and(eq(authSessions.account_id, payload.sub), eq(authSessions.token_hash, tokenHash), gt(authSessions.expires_at, new Date())))
+            .limit(1);
+        if (!session) {
+            throw new HTTPException(401, { message: 'Session not found or expired' });
+        }
+        // Delete old session
+        await this.db.delete(authSessions).where(eq(authSessions.id, session.id));
+        const [account] = await this.db
+            .select()
+            .from(accounts)
+            .where(eq(accounts.id, payload.sub))
+            .limit(1);
+        if (!account || account.status !== 'active') {
+            throw new HTTPException(401, { message: 'Account not found or inactive' });
+        }
+        return this._createSession(account);
+    }
+    // ─── logout ────────────────────────────────────────────────────────────────
+    /**
+     * Invalidate a session by ID.
+     */
+    async logout(sessionId) {
+        await this.db.delete(authSessions).where(eq(authSessions.id, sessionId));
+        Logger.info('[auth] Session deleted', { sessionId });
+    }
+    // ─── forgotPassword ────────────────────────────────────────────────────────
+    /**
+     * Generate a 6-digit OTP for password reset.
+     * Stores the hash; returns the raw OTP so the caller can send it via email.
+     */
+    async forgotPassword(email) {
+        const [account] = await this.db
+            .select({ id: accounts.id })
+            .from(accounts)
+            .where(eq(accounts.email, email.toLowerCase()))
+            .limit(1);
+        if (!account) {
+            // Don't reveal whether the email exists
+            return generateOtp();
+        }
+        const otp = generateOtp();
+        const codeHash = await hashOtp(otp);
+        const expiresAt = new Date(Date.now() + 15 * 60 * 1000); // 15 minutes
+        // Remove any existing codes for this account
+        await this.db
+            .delete(verificationCodes)
+            .where(and(eq(verificationCodes.account_id, account.id), eq(verificationCodes.type, 'password_reset')));
+        await this.db.insert(verificationCodes).values({
+            id: generateId(),
+            account_id: account.id,
+            code_hash: codeHash,
+            type: 'password_reset',
+            expires_at: expiresAt,
+        });
+        Logger.info('[auth] Password reset OTP generated', { accountId: account.id });
+        return otp;
+    }
+    // ─── resetPassword ─────────────────────────────────────────────────────────
+    /**
+     * Verify OTP and update the account password.
+     * Invalidates all existing sessions after reset.
+     */
+    async resetPassword(email, otp, newPassword) {
+        const [account] = await this.db
+            .select()
+            .from(accounts)
+            .where(eq(accounts.email, email.toLowerCase()))
+            .limit(1);
+        if (!account) {
+            throw new HTTPException(400, { message: 'Invalid reset request' });
+        }
+        const [code] = await this.db
+            .select()
+            .from(verificationCodes)
+            .where(and(eq(verificationCodes.account_id, account.id), eq(verificationCodes.type, 'password_reset'), gt(verificationCodes.expires_at, new Date())))
+            .limit(1);
+        if (!code) {
+            throw new HTTPException(400, { message: 'OTP expired or not found' });
+        }
+        const valid = await verifyOtp(otp, code.code_hash);
+        if (!valid) {
+            throw new HTTPException(400, { message: 'Invalid OTP' });
+        }
+        const newHash = await hashPassword(newPassword);
+        await this.db
+            .update(accounts)
+            .set({ password_hash: newHash, updated_at: new Date() })
+            .where(eq(accounts.id, account.id));
+        // Delete the used code
+        await this.db.delete(verificationCodes).where(eq(verificationCodes.id, code.id));
+        // Invalidate all sessions
+        await this.db.delete(authSessions).where(eq(authSessions.account_id, account.id));
+        Logger.info('[auth] Password reset complete', { accountId: account.id });
+    }
+    // ─── findOrCreateOAuthAccount ──────────────────────────────────────────────
+    /**
+     * Find or create an account for OAuth providers (Google, GitHub, etc.).
+     * Returns the account and whether it was newly created.
+     */
+    async findOrCreateOAuthAccount(_provider, _providerId, email, name) {
+        const [existing] = await this.db
+            .select()
+            .from(accounts)
+            .where(eq(accounts.email, email.toLowerCase()))
+            .limit(1);
+        if (existing) {
+            return { account: existing, isNew: false };
+        }
+        const id = generateId();
+        const username = name.toLowerCase().replace(/\s+/g, '_') + '_' + id.slice(0, 6);
+        const [created] = await this.db
+            .insert(accounts)
+            .values({
+            id,
+            email: email.toLowerCase(),
+            username,
+            password_hash: null,
+            status: 'active',
+            current_role: 'user',
+            language: 'en',
+        })
+            .returning();
+        Logger.info('[auth] OAuth account created', { id, email, provider: _provider });
+        return { account: created, isNew: true };
+    }
+    // ─── Private helpers ───────────────────────────────────────────────────────
+    async _createSession(account, ip, userAgent) {
+        const payload = {
+            sub: account.id,
+            email: account.email,
+            role: account.current_role,
+        };
+        const accessToken = await signAccessToken(payload, this.jwtSecret);
+        const refreshToken = await signRefreshToken(payload, this.jwtSecret);
+        const sessionId = generateId();
+        const tokenHash = await hashOtp(refreshToken);
+        const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days
+        await this.db.insert(authSessions).values({
+            id: sessionId,
+            account_id: account.id,
+            token_hash: tokenHash,
+            ip: ip ?? null,
+            user_agent: userAgent ?? null,
+            expires_at: expiresAt,
+        });
+        return { accessToken, refreshToken, sessionId };
+    }
+}
+//# sourceMappingURL=auth.service.js.map

package/dist/service/auth.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../src/service/auth.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,aAAa,CAAA;AAEzC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AACvC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AACxE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACjE,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AAC9E,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AAgB/D,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,OAAO,WAAW;IAEH;IACA;IAFnB,YACmB,EAAqD,EACrD,SAAiB;QADjB,OAAE,GAAF,EAAE,CAAmD;QACrD,cAAS,GAAT,SAAS,CAAQ;IACjC,CAAC;IAEJ,8EAA8E;IAE9E;;;OAGG;IACH,KAAK,CAAC,QAAQ,CACZ,KAAa,EACb,QAAgB,EAChB,QAAiB;QAEjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE;aAC3B,MAAM,CAAC,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC;aAC3B,IAAI,CAAC,QAAQ,CAAC;aACd,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;aAC9C,KAAK,CAAC,CAAC,CAAC,CAAA;QAEX,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC,CAAA;QACxF,CAAC;QAED,MAAM,EAAE,GAAG,UAAU,EAAE,CAAA;QACvB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAA;QACjD,MAAM,gBAAgB,GAAG,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QAExD,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;YACpC,EAAE;YACF,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;YAC1B,QAAQ,EAAE,gBAAgB;YAC1B,aAAa,EAAE,YAAY;YAC3B,MAAM,EAAE,QAAQ;YAChB,YAAY,EAAE,MAAM;YACpB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAA;QAEF,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QACvD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,EAAE,CAAA;IAC3C,CAAC;IAED,8EAA8E;IAE9E;;;OAGG;IACH,KAAK,CAAC,KAAK,CACT,KAAa,EACb,QAAgB,EAChB,EAAW,EACX,SAAkB;QAElB,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE;aAC5B,MAAM,EAAE;aACR,IAAI,CAAC,QAAQ,CAAC;aACd,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;aAC9C,KAAK,CAAC,CAAC,CAAC,CAAA;QAEX,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YACvC,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC,CAAA;QACxE,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAA;QACnE,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAA;QACnE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC,CAAA;QACxE,CAAC;QAED,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,EAAE,EAAE,SAAS,CAAC,CAAA;IACpD,CAAC;IAED,8EAA8E;IAE9E;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAC,YAAoB;QAChC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAC/D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAA;QAC/E,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACjB,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAA;QAC5E,CAAC;QAED,wBAAwB;QACxB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,CAAA;QAC7C,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE;aAC5B,MAAM,EAAE;aACR,IAAI,CAAC,YAAY,CAAC;aAClB,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,EACxC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,SAAS,CAAC,EACtC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,CACxC,CACF;aACA,KAAK,CAAC,CAAC,CAAC,CAAA;QAEX,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC,CAAA;QAC3E,CAAC;QAED,qBAAqB;QACrB,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC,CAAA;QAEzE,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE;aAC5B,MAAM,EAAE;aACR,IAAI,CAAC,QAAQ,CAAC;aACd,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;aACnC,KAAK,CAAC,CAAC,CAAC,CAAA;QAEX,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAA;QAC5E,CAAC;QAED,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAA;IACrC,CAAC;IAED,8EAA8E;IAE9E;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC,CAAA;QACxE,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;IACtD,CAAC;IAED,8EAA8E;IAE9E;;;OAGG;IACH,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE;aAC5B,MAAM,CAAC,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC;aAC3B,IAAI,CAAC,QAAQ,CAAC;aACd,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;aAC9C,KAAK,CAAC,CAAC,CAAC,CAAA;QAEX,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,wCAAwC;YACxC,OAAO,WAAW,EAAE,CAAA;QACtB,CAAC;QAED,MAAM,GAAG,GAAG,WAAW,EAAE,CAAA;QACzB,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAA;QACnC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA,CAAC,aAAa;QAErE,6CAA6C;QAC7C,MAAM,IAAI,CAAC,EAAE;aACV,MAAM,CAAC,iBAAiB,CAAC;aACzB,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,iBAAiB,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC,EAC5C,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAC7C,CACF,CAAA;QAEH,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC;YAC7C,EAAE,EAAE,UAAU,EAAE;YAChB,UAAU,EAAE,OAAO,CAAC,EAAE;YACtB,SAAS,EAAE,QAAQ;YACnB,IAAI,EAAE,gBAAgB;YACtB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAA;QAEF,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAA;QAC7E,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,8EAA8E;IAE9E;;;OAGG;IACH,KAAK,CAAC,aAAa,CACjB,KAAa,EACb,GAAW,EACX,WAAmB;QAEnB,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE;aAC5B,MAAM,EAAE;aACR,IAAI,CAAC,QAAQ,CAAC;aACd,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;aAC9C,KAAK,CAAC,CAAC,CAAC,CAAA;QAEX,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAA;QACpE,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE;aACzB,MAAM,EAAE;aACR,IAAI,CAAC,iBAAiB,CAAC;aACvB,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,iBAAiB,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC,EAC5C,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,CAAC,EAC5C,EAAE,CAAC,iBAAiB,CAAC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,CAC7C,CACF;aACA,KAAK,CAAC,CAAC,CAAC,CAAA;QAEX,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC,CAAA;QACvE,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAClD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,aAAa,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAA;QAC1D,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,CAAA;QAE/C,MAAM,IAAI,CAAC,EAAE;aACV,MAAM,CAAC,QAAQ,CAAC;aAChB,GAAG,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;aACvD,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC,CAAA;QAErC,uBAAuB;QACvB,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;QAEhF,0BAA0B;QAC1B,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC,CAAA;QAEjF,MAAM,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAA;IAC1E,CAAC;IAED,8EAA8E;IAE9E;;;OAGG;IACH,KAAK,CAAC,wBAAwB,CAC5B,SAAiB,EACjB,WAAmB,EACnB,KAAa,EACb,IAAY;QAEZ,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE;aAC7B,MAAM,EAAE;aACR,IAAI,CAAC,QAAQ,CAAC;aACd,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;aAC9C,KAAK,CAAC,CAAC,CAAC,CAAA;QAEX,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA;QAC5C,CAAC;QAED,MAAM,EAAE,GAAG,UAAU,EAAE,CAAA;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAE/E,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE;aAC5B,MAAM,CAAC,QAAQ,CAAC;aAChB,MAAM,CAAC;YACN,EAAE;YACF,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;YAC1B,QAAQ;YACR,aAAa,EAAE,IAAI;YACnB,MAAM,EAAE,QAAQ;YAChB,YAAY,EAAE,MAAM;YACpB,QAAQ,EAAE,IAAI;SACf,CAAC;aACD,SAAS,EAAE,CAAA;QAEd,MAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAA;QAC/E,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;IAC1C,CAAC;IAED,8EAA8E;IAEtE,KAAK,CAAC,cAAc,CAC1B,OAAqC,EACrC,EAAW,EACX,SAAkB;QAElB,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,OAAO,CAAC,EAAE;YACf,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,YAAY;SAC3B,CAAA;QAED,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAClE,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAEpE,MAAM,SAAS,GAAG,UAAU,EAAE,CAAA;QAC9B,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,CAAA;QAC7C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA,CAAC,SAAS;QAE1E,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;YACxC,EAAE,EAAE,SAAS;YACb,UAAU,EAAE,OAAO,CAAC,EAAE;YACtB,UAAU,EAAE,SAAS;YACrB,EAAE,EAAE,EAAE,IAAI,IAAI;YACd,UAAU,EAAE,SAAS,IAAI,IAAI;YAC7B,UAAU,EAAE,SAAS;SACtB,CAAC,CAAA;QAEF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,SAAS,EAAE,CAAA;IACjD,CAAC;CACF"}

package/dist/service/passkey.service.d.ts

@@ -0,0 +1,65 @@
+/**
+ * ──────────────────────────────────────────────────────────────────
+ * 🏢 Company Name: Bonifade Technologies
+ * 👨‍💻 Developer: Bowofade Oyerinde
+ * 🐙 GitHub: oyenet1
+ * 📅 Created Date: 2026-04-05
+ * 🔄 Updated Date: 2026-04-05
+ * ──────────────────────────────────────────────────────────────────
+ */
+import { type RegistrationResponse, type AuthenticationResponse } from '../lib/passkey.js';
+export interface PasskeyServiceConfig {
+    rpId: string;
+    rpName: string;
+    origin: string;
+    jwtSecret: string;
+}
+export declare class PasskeyService {
+    private readonly db;
+    private readonly config;
+    constructor(db: {
+        select: (...args: unknown[]) => unknown;
+        insert: (...args: unknown[]) => unknown;
+        update: (...args: unknown[]) => unknown;
+        delete: (...args: unknown[]) => unknown;
+        query: Record<string, unknown>;
+    }, config: PasskeyServiceConfig);
+    /**
+     * Begin passkey registration — generates a challenge and returns
+     * PublicKeyCredentialCreationOptions for the client.
+     */
+    beginRegistration(accountId: string, userName: string, displayName: string): Promise<Record<string, unknown>>;
+    /**
+     * Finish passkey registration — verifies the authenticator response
+     * and stores the credential.
+     */
+    finishRegistration(accountId: string, response: RegistrationResponse, credentialName?: string): Promise<{
+        credentialId: string;
+        deviceType: "platform" | "cross-platform";
+    }>;
+    /**
+     * Begin passkey authentication — generates a challenge.
+     * If accountId is provided, only that account's credentials are allowed.
+     * If null, any registered credential is allowed (usernameless flow).
+     */
+    beginAuthentication(accountId?: string): Promise<Record<string, unknown>>;
+    /**
+     * Finish passkey authentication — verifies the authenticator response
+     * and returns JWT tokens.
+     */
+    finishAuthentication(response: AuthenticationResponse): Promise<{
+        accountId: string;
+        accessToken: string;
+        refreshToken: string;
+        userVerified: boolean;
+    }>;
+    /** List all passkeys for an account */
+    listCredentials(accountId: string): Promise<any>;
+    /** Rename a passkey */
+    renameCredential(credentialId: string, accountId: string, name: string): Promise<void>;
+    /** Delete a passkey */
+    deleteCredential(credentialId: string, accountId: string): Promise<void>;
+    private getAndDeleteChallenge;
+    private cleanExpiredChallenges;
+}
+//# sourceMappingURL=passkey.service.d.ts.map

package/dist/service/passkey.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey.service.d.ts","sourceRoot":"","sources":["../../src/service/passkey.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAQL,KAAK,oBAAoB,EACzB,KAAK,sBAAsB,EAC5B,MAAM,mBAAmB,CAAA;AAM1B,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB;AAID,qBAAa,cAAc;IAEvB,OAAO,CAAC,QAAQ,CAAC,EAAE;IAOnB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAPN,EAAE,EAAE;QACnB,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAA;QACvC,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAA;QACvC,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAA;QACvC,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAA;QACvC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAC/B,EACgB,MAAM,EAAE,oBAAoB;IAK/C;;;OAGG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM;IAgChF;;;OAGG;IACG,kBAAkB,CACtB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,oBAAoB,EAC9B,cAAc,CAAC,EAAE,MAAM;;;;IA0CzB;;;;OAIG;IACG,mBAAmB,CAAC,SAAS,CAAC,EAAE,MAAM;IAsC5C;;;OAGG;IACG,oBAAoB,CAAC,QAAQ,EAAE,sBAAsB;;;;;;IAsE3D,uCAAuC;IACjC,eAAe,CAAC,SAAS,EAAE,MAAM;IAMvC,uBAAuB;IACjB,gBAAgB,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;IAW5E,uBAAuB;IACjB,gBAAgB,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;YAWhD,qBAAqB;YAgCrB,sBAAsB;CAKrC"}

package/dist/service/passkey.service.js

@@ -0,0 +1,202 @@
+/**
+ * ──────────────────────────────────────────────────────────────────
+ * 🏢 Company Name: Bonifade Technologies
+ * 👨‍💻 Developer: Bowofade Oyerinde
+ * 🐙 GitHub: oyenet1
+ * 📅 Created Date: 2026-04-05
+ * 🔄 Updated Date: 2026-04-05
+ * ──────────────────────────────────────────────────────────────────
+ */
+import { eq, and, lt } from 'drizzle-orm';
+import { generateChallenge, buildRegistrationOptions, buildAuthenticationOptions, verifyRegistration, verifyAuthentication, bufferToBase64url, base64urlToBuffer, } from '../lib/passkey.js';
+import { passkeyCredentials, passkeyChallenges } from '../passkey-schema.js';
+import { signAccessToken, signRefreshToken } from '../lib/jwt.js';
+// ─── PasskeyService ───────────────────────────────────────────────────────────
+export class PasskeyService {
+    db;
+    config;
+    constructor(db, config) {
+        this.db = db;
+        this.config = config;
+    }
+    // ── Registration ────────────────────────────────────────────────────────────
+    /**
+     * Begin passkey registration — generates a challenge and returns
+     * PublicKeyCredentialCreationOptions for the client.
+     */
+    async beginRegistration(accountId, userName, displayName) {
+        // Clean up expired challenges
+        await this.cleanExpiredChallenges();
+        const { challenge, expiresAt } = generateChallenge();
+        // Store challenge in DB
+        await this.db.insert(passkeyChallenges).values({
+            challenge,
+            type: 'registration',
+            account_id: accountId,
+            expires_at: new Date(expiresAt),
+        });
+        const userIdBytes = new TextEncoder().encode(accountId);
+        const userId = bufferToBase64url(userIdBytes);
+        return buildRegistrationOptions({
+            rpId: this.config.rpId,
+            rpName: this.config.rpName,
+            userId,
+            userName,
+            userDisplayName: displayName,
+            challenge,
+            authenticatorSelection: {
+                residentKey: 'preferred',
+                userVerification: 'preferred',
+                authenticatorAttachment: 'platform',
+            },
+        });
+    }
+    /**
+     * Finish passkey registration — verifies the authenticator response
+     * and stores the credential.
+     */
+    async finishRegistration(accountId, response, credentialName) {
+        // Retrieve and validate challenge
+        const challengeRecord = await this.getAndDeleteChallenge(response.response.clientDataJSON, 'registration');
+        if (!challengeRecord) {
+            throw new Error('Invalid or expired challenge');
+        }
+        if (challengeRecord.account_id !== accountId) {
+            throw new Error('Challenge account mismatch');
+        }
+        // Verify the registration response
+        const verified = await verifyRegistration(response, challengeRecord.challenge, this.config.origin, this.config.rpId);
+        // Store the credential
+        await this.db.insert(passkeyCredentials).values({
+            account_id: accountId,
+            credential_id: verified.credentialId,
+            public_key: verified.publicKey,
+            sign_count: verified.signCount,
+            device_type: verified.deviceType,
+            backed_up: verified.backedUp,
+            aaguid: verified.aaguid,
+            transports: verified.transports.join(','),
+            name: credentialName ?? `Passkey ${new Date().toLocaleDateString()}`,
+        });
+        return { credentialId: verified.credentialId, deviceType: verified.deviceType };
+    }
+    // ── Authentication ──────────────────────────────────────────────────────────
+    /**
+     * Begin passkey authentication — generates a challenge.
+     * If accountId is provided, only that account's credentials are allowed.
+     * If null, any registered credential is allowed (usernameless flow).
+     */
+    async beginAuthentication(accountId) {
+        await this.cleanExpiredChallenges();
+        const { challenge, expiresAt } = generateChallenge();
+        await this.db.insert(passkeyChallenges).values({
+            challenge,
+            type: 'authentication',
+            account_id: accountId ?? null,
+            expires_at: new Date(expiresAt),
+        });
+        // If accountId provided, include their credentials as allowCredentials
+        let allowCredentials = [];
+        if (accountId) {
+            const creds = await this.db.select()
+                .from(passkeyCredentials)
+                .where(eq(passkeyCredentials.account_id, accountId));
+            allowCredentials = creds.map((c) => ({
+                id: c.credential_id,
+                type: 'public-key',
+                transports: c.transports ? c.transports.split(',') : undefined,
+            }));
+        }
+        return buildAuthenticationOptions({
+            rpId: this.config.rpId,
+            challenge,
+            userVerification: 'preferred',
+            allowCredentials,
+        });
+    }
+    /**
+     * Finish passkey authentication — verifies the authenticator response
+     * and returns JWT tokens.
+     */
+    async finishAuthentication(response) {
+        // Retrieve and validate challenge
+        const challengeRecord = await this.getAndDeleteChallenge(response.response.clientDataJSON, 'authentication');
+        if (!challengeRecord) {
+            throw new Error('Invalid or expired challenge');
+        }
+        // Find the credential by ID
+        const [cred] = await this.db.select()
+            .from(passkeyCredentials)
+            .where(eq(passkeyCredentials.credential_id, response.id))
+            .limit(1);
+        if (!cred) {
+            throw new Error('Credential not found');
+        }
+        // Verify the authentication response
+        const verified = await verifyAuthentication(response, challengeRecord.challenge, this.config.origin, this.config.rpId, {
+            credentialId: cred.credential_id,
+            publicKey: cred.public_key,
+            signCount: cred.sign_count,
+            deviceType: cred.device_type,
+            backedUp: cred.backed_up,
+            transports: [],
+            aaguid: '',
+        });
+        // Update sign count and last_used_at
+        await this.db.update(passkeyCredentials)
+            .set({
+            sign_count: verified.newSignCount,
+            last_used_at: new Date(),
+            updated_at: new Date(),
+        })
+            .where(eq(passkeyCredentials.credential_id, cred.credential_id));
+        // Issue JWT tokens
+        const payload = { accountId: cred.account_id, email: '' };
+        const accessToken = await signAccessToken(payload, this.config.jwtSecret);
+        const refreshToken = await signRefreshToken(payload, this.config.jwtSecret);
+        return {
+            accountId: cred.account_id,
+            accessToken,
+            refreshToken,
+            userVerified: verified.userVerified,
+        };
+    }
+    // ── Credential management ───────────────────────────────────────────────────
+    /** List all passkeys for an account */
+    async listCredentials(accountId) {
+        return this.db.select()
+            .from(passkeyCredentials)
+            .where(eq(passkeyCredentials.account_id, accountId));
+    }
+    /** Rename a passkey */
+    async renameCredential(credentialId, accountId, name) {
+        await this.db.update(passkeyCredentials)
+            .set({ name, updated_at: new Date() })
+            .where(and(eq(passkeyCredentials.credential_id, credentialId), eq(passkeyCredentials.account_id, accountId)));
+    }
+    /** Delete a passkey */
+    async deleteCredential(credentialId, accountId) {
+        await this.db.delete(passkeyCredentials).where(and(eq(passkeyCredentials.credential_id, credentialId), eq(passkeyCredentials.account_id, accountId)));
+    }
+    // ── Helpers ─────────────────────────────────────────────────────────────────
+    async getAndDeleteChallenge(clientDataJSONBase64, type) {
+        // Decode challenge from clientDataJSON
+        const bytes = base64urlToBuffer(clientDataJSONBase64);
+        const clientData = JSON.parse(new TextDecoder().decode(bytes));
+        const [record] = await this.db.select()
+            .from(passkeyChallenges)
+            .where(and(eq(passkeyChallenges.challenge, clientData.challenge), eq(passkeyChallenges.type, type)))
+            .limit(1);
+        if (!record)
+            return null;
+        if (record.expires_at < new Date())
+            return null;
+        // Delete challenge (single-use)
+        await this.db.delete(passkeyChallenges).where(eq(passkeyChallenges.id, record.id));
+        return record;
+    }
+    async cleanExpiredChallenges() {
+        await this.db.delete(passkeyChallenges).where(lt(passkeyChallenges.expires_at, new Date()));
+    }
+}
+//# sourceMappingURL=passkey.service.js.map

package/dist/service/passkey.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passkey.service.js","sourceRoot":"","sources":["../../src/service/passkey.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,0BAA0B,EAC1B,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,GAGlB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAC5E,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAA;AAWjE,iFAAiF;AAEjF,MAAM,OAAO,cAAc;IAEN;IAOA;IARnB,YACmB,EAMhB,EACgB,MAA4B;QAP5B,OAAE,GAAF,EAAE,CAMlB;QACgB,WAAM,GAAN,MAAM,CAAsB;IAC5C,CAAC;IAEJ,+EAA+E;IAE/E;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,SAAiB,EAAE,QAAgB,EAAE,WAAmB;QAC9E,8BAA8B;QAC9B,MAAM,IAAI,CAAC,sBAAsB,EAAE,CAAA;QAEnC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,iBAAiB,EAAE,CAAA;QAEpD,wBAAwB;QACxB,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC;YAC3D,SAAS;YACT,IAAI,EAAE,cAAc;YACpB,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC;SAChC,CAAC,CAAA;QAEF,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACvD,MAAM,MAAM,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAA;QAE7C,OAAO,wBAAwB,CAAC;YAC9B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YACtB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC1B,MAAM;YACN,QAAQ;YACR,eAAe,EAAE,WAAW;YAC5B,SAAS;YACT,sBAAsB,EAAE;gBACtB,WAAW,EAAE,WAAW;gBACxB,gBAAgB,EAAE,WAAW;gBAC7B,uBAAuB,EAAE,UAAU;aACpC;SACF,CAAC,CAAA;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,kBAAkB,CACtB,SAAiB,EACjB,QAA8B,EAC9B,cAAuB;QAEvB,kCAAkC;QAClC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,qBAAqB,CACtD,QAAQ,CAAC,QAAQ,CAAC,cAAc,EAChC,cAAc,CACf,CAAA;QAED,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;QACjD,CAAC;QAED,IAAI,eAAe,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;QAC/C,CAAC;QAED,mCAAmC;QACnC,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CACvC,QAAQ,EACR,eAAe,CAAC,SAAS,EACzB,IAAI,CAAC,MAAM,CAAC,MAAM,EAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CACjB,CAAA;QAED,uBAAuB;QACvB,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC;YAC5D,UAAU,EAAE,SAAS;YACrB,aAAa,EAAE,QAAQ,CAAC,YAAY;YACpC,UAAU,EAAE,QAAQ,CAAC,SAAS;YAC9B,UAAU,EAAE,QAAQ,CAAC,SAAS;YAC9B,WAAW,EAAE,QAAQ,CAAC,UAAU;YAChC,SAAS,EAAE,QAAQ,CAAC,QAAQ;YAC5B,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC;YACzC,IAAI,EAAE,cAAc,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC,kBAAkB,EAAE,EAAE;SACrE,CAAC,CAAA;QAEF,OAAO,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,EAAE,CAAA;IACjF,CAAC;IAED,+EAA+E;IAE/E;;;;OAIG;IACH,KAAK,CAAC,mBAAmB,CAAC,SAAkB;QAC1C,MAAM,IAAI,CAAC,sBAAsB,EAAE,CAAA;QAEnC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,iBAAiB,EAAE,CAAA;QAEpD,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC;YAC3D,SAAS;YACT,IAAI,EAAE,gBAAgB;YACtB,UAAU,EAAE,SAAS,IAAI,IAAI;YAC7B,UAAU,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC;SAChC,CAAC,CAAA;QAEF,uEAAuE;QACvE,IAAI,gBAAgB,GAAqE,EAAE,CAAA;QAE3F,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,KAAK,GAAG,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,EAAE;iBAC/C,IAAI,CAAC,kBAAkB,CAAC;iBACxB,KAAK,CAAC,EAAE,CAAC,kBAAkB,CAAC,UAAU,EAAE,SAAS,CAAC,CAGjD,CAAA;YAEJ,gBAAgB,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACnC,EAAE,EAAE,CAAC,CAAC,aAAa;gBACnB,IAAI,EAAE,YAAqB;gBAC3B,UAAU,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAa,CAAC,CAAC,CAAC,SAAS;aAC3E,CAAC,CAAC,CAAA;QACL,CAAC;QAED,OAAO,0BAA0B,CAAC;YAChC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI;YACtB,SAAS;YACT,gBAAgB,EAAE,WAAW;YAC7B,gBAAgB;SACjB,CAAC,CAAA;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,oBAAoB,CAAC,QAAgC;QACzD,kCAAkC;QAClC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,qBAAqB,CACtD,QAAQ,CAAC,QAAQ,CAAC,cAAc,EAChC,gBAAgB,CACjB,CAAA;QAED,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;QACjD,CAAC;QAED,4BAA4B;QAC5B,MAAM,CAAC,IAAI,CAAC,GAAG,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,EAAE;aAChD,IAAI,CAAC,kBAAkB,CAAC;aACxB,KAAK,CAAC,EAAE,CAAC,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;aACxD,KAAK,CAAC,CAAC,CAQN,CAAA;QAEJ,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;QACzC,CAAC;QAED,qCAAqC;QACrC,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CACzC,QAAQ,EACR,eAAe,CAAC,SAAS,EACzB,IAAI,CAAC,MAAM,CAAC,MAAM,EAClB,IAAI,CAAC,MAAM,CAAC,IAAI,EAChB;YACE,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,UAAU,EAAE,IAAI,CAAC,WAA4C;YAC7D,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,UAAU,EAAE,EAAE;YACd,MAAM,EAAE,EAAE;SACX,CACF,CAAA;QAED,qCAAqC;QACrC,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,CAAC,kBAAkB,CAAC;aACnD,GAAG,CAAC;YACH,UAAU,EAAE,QAAQ,CAAC,YAAY;YACjC,YAAY,EAAE,IAAI,IAAI,EAAE;YACxB,UAAU,EAAE,IAAI,IAAI,EAAE;SACvB,CAAC;aACD,KAAK,CAAC,EAAE,CAAC,kBAAkB,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAA;QAElE,mBAAmB;QACnB,MAAM,OAAO,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,EAAE,EAAE,CAAA;QACzD,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACzE,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAE3E,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,WAAW;YACX,YAAY;YACZ,YAAY,EAAE,QAAQ,CAAC,YAAY;SACpC,CAAA;IACH,CAAC;IAED,+EAA+E;IAE/E,uCAAuC;IACvC,KAAK,CAAC,eAAe,CAAC,SAAiB;QACrC,OAAQ,IAAI,CAAC,EAAE,CAAC,MAAmB,EAAE;aAClC,IAAI,CAAC,kBAAkB,CAAC;aACxB,KAAK,CAAC,EAAE,CAAC,kBAAkB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAA;IACxD,CAAC;IAED,uBAAuB;IACvB,KAAK,CAAC,gBAAgB,CAAC,YAAoB,EAAE,SAAiB,EAAE,IAAY;QAC1E,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,CAAC,kBAAkB,CAAC;aACnD,GAAG,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;aACrC,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,kBAAkB,CAAC,aAAa,EAAE,YAAY,CAAC,EAClD,EAAE,CAAC,kBAAkB,CAAC,UAAU,EAAE,SAAS,CAAC,CAC7C,CACF,CAAA;IACL,CAAC;IAED,uBAAuB;IACvB,KAAK,CAAC,gBAAgB,CAAC,YAAoB,EAAE,SAAiB;QAC5D,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,CAAC,kBAAkB,CAAC,CAAC,KAAK,CAC1D,GAAG,CACD,EAAE,CAAC,kBAAkB,CAAC,aAAa,EAAE,YAAY,CAAC,EAClD,EAAE,CAAC,kBAAkB,CAAC,UAAU,EAAE,SAAS,CAAC,CAC7C,CACF,CAAA;IACH,CAAC;IAED,+EAA+E;IAEvE,KAAK,CAAC,qBAAqB,CAAC,oBAA4B,EAAE,IAAY;QAC5E,uCAAuC;QACvC,MAAM,KAAK,GAAG,iBAAiB,CAAC,oBAAoB,CAAC,CAAA;QACrD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAA0B,CAAA;QAEvF,MAAM,CAAC,MAAM,CAAC,GAAG,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,EAAE;aAClD,IAAI,CAAC,iBAAiB,CAAC;aACvB,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,EACrD,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,CACjC,CACF;aACA,KAAK,CAAC,CAAC,CAMN,CAAA;QAEJ,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,IAAI,MAAM,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE;YAAE,OAAO,IAAI,CAAA;QAE/C,gCAAgC;QAChC,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,CAAC,iBAAiB,CAAC,CAAC,KAAK,CACzD,EAAE,CAAC,iBAAiB,CAAC,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CACpC,CAAA;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAEO,KAAK,CAAC,sBAAsB;QAClC,MAAO,IAAI,CAAC,EAAE,CAAC,MAAmB,CAAC,iBAAiB,CAAC,CAAC,KAAK,CACzD,EAAE,CAAC,iBAAiB,CAAC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,CAC7C,CAAA;IACH,CAAC;CACF"}