passkey-magic 0.1.0

package/dist/index-Cqqpr_uS.d.mts

@@ -0,0 +1,176 @@
+import { a as AuthResult, c as Credential, d as QRSessionStatus, f as RegistrationResponseJSON, h as User, l as EmailAdapter, n as AuthEventHandler, o as AuthenticationResponseJSON, p as Session, r as AuthEventMap, t as AuthConfig, u as MagicLinkMethods } from "./types-BjM1f6uu.mjs";
+
+//#region src/server/index.d.ts
+/** Methods available on every `createAuth()` instance regardless of config. */
+interface BaseAuthMethods {
+  /**
+   * Generate WebAuthn registration options. Send the `options` to the browser.
+   * If `userId` is omitted, a new ID is generated.
+   */
+  generateRegistrationOptions(params: {
+    userId?: string;
+    email?: string;
+    userName?: string;
+  }): Promise<{
+    options: PublicKeyCredentialCreationOptionsJSON;
+    userId: string;
+  }>;
+  /**
+   * Verify a WebAuthn registration response and create a session.
+   * Creates a new user if the `userId` doesn't exist yet.
+   */
+  verifyRegistration(params: {
+    userId: string;
+    response: RegistrationResponseJSON;
+  }): Promise<AuthResult & {
+    method: 'passkey';
+    credential: Credential;
+  }>;
+  /** Generate WebAuthn authentication options. Send the `options` to the browser. */
+  generateAuthenticationOptions(params?: {
+    userId?: string;
+  }): Promise<{
+    options: PublicKeyCredentialRequestOptionsJSON;
+  }>;
+  /** Verify a WebAuthn authentication response and create a session. */
+  verifyAuthentication(params: {
+    response: AuthenticationResponseJSON;
+  }): Promise<AuthResult & {
+    method: 'passkey';
+  }>;
+  /**
+   * Generate registration options for adding a passkey to an existing account.
+   * Excludes the user's existing credentials.
+   */
+  addPasskey(params: {
+    userId: string;
+    userName?: string;
+  }): Promise<{
+    options: PublicKeyCredentialCreationOptionsJSON;
+  }>;
+  /**
+   * Verify and store a new passkey for an existing user.
+   * Does not create a session — the user is already authenticated.
+   */
+  verifyAddPasskey(params: {
+    userId: string;
+    response: RegistrationResponseJSON;
+  }): Promise<{
+    credential: Credential;
+  }>;
+  /**
+   * Update a credential's metadata (e.g. label).
+   * @throws If the credential doesn't exist.
+   */
+  updateCredential(params: {
+    credentialId: string;
+    label: string;
+  }): Promise<void>;
+  /** Remove a passkey. Verifies the credential exists and cleans up. */
+  removeCredential(credentialId: string): Promise<void>;
+  /** List all passkeys for a user. */
+  getUserCredentials(userId: string): Promise<Credential[]>;
+  /** Create a new QR login session. Returns a `sessionId` to encode in a QR code. */
+  createQRSession(): Promise<{
+    sessionId: string;
+  }>;
+  /** Poll the status of a QR session. */
+  getQRSessionStatus(sessionId: string): Promise<QRSessionStatus>;
+  /** Mark a QR session as scanned (called from the phone after scanning). */
+  markQRSessionScanned(sessionId: string): Promise<void>;
+  /**
+   * Complete a QR session — authenticates on the phone, creates a session
+   * for the desktop. Called from the phone after passkey auth.
+   */
+  completeQRSession(params: {
+    sessionId: string;
+    response: AuthenticationResponseJSON;
+  }): Promise<AuthResult & {
+    method: 'qr';
+  }>;
+  /** Validate a session token. Returns user + session if valid, null if expired/invalid. */
+  validateSession(token: string): Promise<{
+    user: User;
+    session: Session;
+  } | null>;
+  /** List all active sessions for a user. */
+  getUserSessions(userId: string): Promise<Session[]>;
+  /** Revoke a single session by token. */
+  revokeSession(token: string): Promise<void>;
+  /** Revoke a single session by ID. */
+  revokeSessionById(sessionId: string): Promise<void>;
+  /** Revoke all sessions for a user. */
+  revokeAllSessions(userId: string): Promise<void>;
+  /** Get a user by ID. Returns `null` if not found. */
+  getUser(userId: string): Promise<User | null>;
+  /**
+   * Check if an email is available (not already linked to a user).
+   * Useful before showing a registration form.
+   */
+  isEmailAvailable(email: string): Promise<boolean>;
+  /**
+   * Link an email to a user account.
+   * @throws If the email is already linked to another user.
+   * @throws If the email format is invalid.
+   */
+  linkEmail(params: {
+    userId: string;
+    email: string;
+  }): Promise<{
+    user: User;
+  }>;
+  /**
+   * Unlink the email from a user account.
+   * @throws If the user has no email linked.
+   */
+  unlinkEmail(params: {
+    userId: string;
+  }): Promise<{
+    user: User;
+  }>;
+  /**
+   * Delete a user account and all associated data (credentials, sessions).
+   * This action is irreversible.
+   */
+  deleteAccount(userId: string): Promise<void>;
+  /** Subscribe to typed auth events. Returns an unsubscribe function. */
+  on<K extends keyof AuthEventMap>(event: K, handler: AuthEventHandler<K>): () => void;
+  /**
+   * Create a Web Standard `Request → Response` handler for all auth routes.
+   * Works with any framework that speaks `Request`/`Response` (Bun, Deno, CF Workers, Hono, etc.).
+   */
+  createHandler(opts?: {
+    pathPrefix?: string;
+  }): (request: Request) => Promise<Response>;
+}
+/** Full auth instance type. Magic link methods are present only when `EmailAdapter` is configured. */
+type AuthInstance<TEmail> = BaseAuthMethods & (TEmail extends EmailAdapter ? MagicLinkMethods : unknown);
+/**
+ * Create a passkey-magic auth instance.
+ *
+ * @example
+ * ```ts
+ * const auth = createAuth({
+ *   rpName: 'My App',
+ *   rpID: 'example.com',
+ *   origin: 'https://example.com',
+ *   storage: memoryAdapter(),
+ * })
+ * ```
+ *
+ * @example With magic link fallback:
+ * ```ts
+ * const auth = createAuth({
+ *   rpName: 'My App',
+ *   rpID: 'example.com',
+ *   origin: 'https://example.com',
+ *   storage: memoryAdapter(),
+ *   email: myEmailAdapter,
+ *   magicLinkURL: 'https://example.com/auth/verify',
+ * })
+ * auth.sendMagicLink({ email: 'user@example.com' }) // ✓ type-safe
+ * ```
+ */
+declare function createAuth<TEmail extends EmailAdapter | undefined = undefined>(config: AuthConfig<TEmail>): AuthInstance<TEmail>;
+//#endregion
+export { BaseAuthMethods as n, createAuth as r, AuthInstance as t };

package/dist/nitro/index.d.mts

@@ -0,0 +1,89 @@
+import { i as AuthHooks, l as EmailAdapter, m as StorageAdapter } from "../types-BjM1f6uu.mjs";
+import { n as BaseAuthMethods, t as AuthInstance } from "../index-Cqqpr_uS.mjs";
+import { Storage } from "unstorage";
+
+//#region src/nitro/plugin.d.ts
+interface PasskeyMagicNitroOptions<TEmail extends EmailAdapter | undefined = undefined> {
+  /** Relying party name shown to users during passkey prompts */
+  rpName: string;
+  /** Relying party ID — typically the domain (e.g. "example.com") */
+  rpID: string;
+  /** Expected origin(s) for WebAuthn verification */
+  origin: string | string[];
+  /**
+   * Storage for auth data. Accepts either:
+   * - An unstorage `Storage` instance (e.g. from `useStorage()`) — automatically wrapped
+   * - A passkey-magic `StorageAdapter` for full control
+   */
+  storage?: Storage | StorageAdapter;
+  /** Optional email adapter to enable magic link fallback */
+  email?: TEmail;
+  /** Base URL for magic link verification (required if email is provided) */
+  magicLinkURL?: string;
+  /** Route prefix for the auth handler. Defaults to "/auth" */
+  pathPrefix?: string;
+  /** unstorage key prefix for all auth data. Defaults to "auth" */
+  storageBase?: string;
+  /** Session TTL in ms. Defaults to 7 days */
+  sessionTTL?: number;
+  /** Challenge TTL in ms. Defaults to 60 seconds */
+  challengeTTL?: number;
+  /** Magic link TTL in ms. Defaults to 15 minutes */
+  magicLinkTTL?: number;
+  /** QR session TTL in ms. Defaults to 5 minutes */
+  qrSessionTTL?: number;
+  /** Custom ID generator */
+  generateId?: () => string;
+  /** Lifecycle hooks */
+  hooks?: AuthHooks;
+}
+/**
+ * Get the auth instance created by the Nitro plugin.
+ * Use this in route handlers to access auth methods.
+ *
+ * @example
+ * ```ts
+ * import { useAuth } from 'passkey-magic/nitro'
+ *
+ * export default defineHandler(async (event) => {
+ *   const auth = useAuth()
+ *   const session = await auth.validateSession(token)
+ * })
+ * ```
+ */
+declare function useAuth<TEmail extends EmailAdapter | undefined = undefined>(): AuthInstance<TEmail>;
+/**
+ * Create a passkey-magic Nitro plugin.
+ *
+ * Registers auth routes under the configured path prefix and makes
+ * the auth instance available via `useAuth()` in route handlers.
+ *
+ * @example
+ * ```ts
+ * // plugins/auth.ts
+ * import { definePlugin } from 'nitro'
+ * import { useStorage } from 'nitro/storage'
+ * import { passkeyMagic } from 'passkey-magic/nitro'
+ *
+ * export default definePlugin((nitroApp) => {
+ *   passkeyMagic({
+ *     rpName: 'My App',
+ *     rpID: 'example.com',
+ *     origin: 'https://example.com',
+ *     storage: useStorage(),
+ *   }).setup(nitroApp)
+ * })
+ * ```
+ */
+declare function passkeyMagic<TEmail extends EmailAdapter | undefined = undefined>(options: PasskeyMagicNitroOptions<TEmail>): {
+  setup: (nitroApp: NitroApp) => BaseAuthMethods;
+};
+interface NitroApp {
+  hooks: {
+    hook: (event: string, handler: (...args: any[]) => any) => () => void;
+  };
+  h3?: any;
+  fetch?: any;
+}
+//#endregion
+export { type PasskeyMagicNitroOptions, passkeyMagic, useAuth };

package/dist/nitro/index.mjs

@@ -0,0 +1,117 @@
+import "../crypto-KHRNe6EL.mjs";
+import { t as createAuth } from "../server-BXkm8lU0.mjs";
+import { unstorageAdapter } from "../adapters/unstorage.mjs";
+//#region src/nitro/plugin.ts
+let _authInstance = null;
+/**
+* Get the auth instance created by the Nitro plugin.
+* Use this in route handlers to access auth methods.
+*
+* @example
+* ```ts
+* import { useAuth } from 'passkey-magic/nitro'
+*
+* export default defineHandler(async (event) => {
+*   const auth = useAuth()
+*   const session = await auth.validateSession(token)
+* })
+* ```
+*/
+function useAuth() {
+	if (!_authInstance) throw new Error("passkey-magic: auth not initialized. Make sure the Nitro plugin is registered.");
+	return _authInstance;
+}
+function isUnstorageInstance(obj) {
+	return obj && typeof obj.getItem === "function" && typeof obj.setItem === "function" && typeof obj.removeItem === "function" && !("createUser" in obj);
+}
+function resolveStorageAdapter(storage, storageBase) {
+	if (!storage) throw new Error("passkey-magic: storage is required. Pass a unstorage instance (e.g. useStorage()) or a passkey-magic StorageAdapter.");
+	if (isUnstorageInstance(storage)) return unstorageAdapter(storage, { base: storageBase });
+	return storage;
+}
+/**
+* Create a passkey-magic Nitro plugin.
+*
+* Registers auth routes under the configured path prefix and makes
+* the auth instance available via `useAuth()` in route handlers.
+*
+* @example
+* ```ts
+* // plugins/auth.ts
+* import { definePlugin } from 'nitro'
+* import { useStorage } from 'nitro/storage'
+* import { passkeyMagic } from 'passkey-magic/nitro'
+*
+* export default definePlugin((nitroApp) => {
+*   passkeyMagic({
+*     rpName: 'My App',
+*     rpID: 'example.com',
+*     origin: 'https://example.com',
+*     storage: useStorage(),
+*   }).setup(nitroApp)
+* })
+* ```
+*/
+function passkeyMagic(options) {
+	const pathPrefix = options.pathPrefix ?? "/auth";
+	function setup(nitroApp) {
+		const adapter = resolveStorageAdapter(options.storage, options.storageBase);
+		const auth = createAuth({
+			rpName: options.rpName,
+			rpID: options.rpID,
+			origin: options.origin,
+			storage: adapter,
+			email: options.email,
+			magicLinkURL: options.magicLinkURL,
+			sessionTTL: options.sessionTTL,
+			challengeTTL: options.challengeTTL,
+			magicLinkTTL: options.magicLinkTTL,
+			qrSessionTTL: options.qrSessionTTL,
+			generateId: options.generateId,
+			hooks: options.hooks
+		});
+		_authInstance = auth;
+		const handler = auth.createHandler({ pathPrefix });
+		nitroApp.hooks.hook("request", async (event) => {
+			if (!(event.path ?? event.req?.url ?? "/").startsWith(pathPrefix)) return;
+			await writeWebResponse(event, await handler(toWebRequest(event)));
+		});
+		nitroApp.hooks.hook("close", async () => {
+			_authInstance = null;
+		});
+		return auth;
+	}
+	return { setup };
+}
+function toWebRequest(event) {
+	const req = event.req ?? event.node?.req;
+	const method = req?.method ?? event.method ?? "GET";
+	const url = `http://localhost${event.path ?? req?.url ?? "/"}`;
+	const headers = new Headers();
+	if (req?.headers) {
+		for (const [key, value] of Object.entries(req.headers)) if (value) headers.set(key, Array.isArray(value) ? value.join(", ") : value);
+	}
+	const init = {
+		method,
+		headers
+	};
+	if (method !== "GET" && method !== "HEAD") {
+		if (event._body !== void 0) init.body = JSON.stringify(event._body);
+		else if (req?.body) init.body = req.body;
+	}
+	return new Request(url, init);
+}
+async function writeWebResponse(event, response) {
+	const res = event.res ?? event.node?.res;
+	if (res && typeof res.writeHead === "function") {
+		const headers = {};
+		response.headers.forEach((value, key) => {
+			headers[key] = value;
+		});
+		res.writeHead(response.status, headers);
+		const body = await response.text();
+		res.end(body);
+	} else if (event.respondWith) await event.respondWith(response);
+}
+//#endregion
+export { passkeyMagic, useAuth };

package/dist/server/index.d.mts

@@ -0,0 +1,3 @@
+import { a as AuthResult, c as Credential, d as QRSessionStatus, f as RegistrationResponseJSON, h as User, i as AuthHooks, l as EmailAdapter, m as StorageAdapter, n as AuthEventHandler, o as AuthenticationResponseJSON, p as Session, r as AuthEventMap, t as AuthConfig, u as MagicLinkMethods } from "../types-BjM1f6uu.mjs";
+import { n as BaseAuthMethods, r as createAuth, t as AuthInstance } from "../index-Cqqpr_uS.mjs";
+export { AuthConfig, AuthEventHandler, AuthEventMap, AuthHooks, AuthInstance, AuthResult, AuthenticationResponseJSON, BaseAuthMethods, Credential, EmailAdapter, MagicLinkMethods, QRSessionStatus, RegistrationResponseJSON, Session, StorageAdapter, User, createAuth };

package/dist/server/index.mjs

@@ -0,0 +1,3 @@
+import "../crypto-KHRNe6EL.mjs";
+import { t as createAuth } from "../server-BXkm8lU0.mjs";
+export { createAuth };