ts-ag 0.0.1-dev.2 → 1.0.0

package/dist/utils/fs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fs.d.ts","sourceRoot":"","sources":["../../src/utils/fs.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,wBAAsB,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAO/D;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,iBAsBvE"}
+{"version":3,"file":"fs.d.ts","sourceRoot":"","sources":["../../src/utils/fs.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,wBAAsB,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAO/D;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAuB1F"}

package/dist/utils/fs.js

@@ -15,6 +15,7 @@ export async function exists(filePath) {
 }
 /**
  * Writes data to a filepath if it is different
+ * @returns true if the file is written to
  */
 export async function writeIfDifferent(filePath, newData) {
     // Ensure the directory exists
@@ -29,10 +30,11 @@ export async function writeIfDifferent(filePath, newData) {
         // Compare the existing data with the new data
         if (existingData === newData) {
             // console.log('File contents are identical. No write needed.');
-            return;
+            return false;
         }
     }
     // Write the new data if it's different or the file doesn't exist
     await writeFile(filePath, newData, 'utf8');
     console.log(chalk.green('Writing to'), filePath);
+    return true;
 }

package/package.json

@@ -1,44 +1,51 @@
 {
   "name": "ts-ag",
   "description": "Useful TS stuff",
-  "version": "0.0.1-dev.2",
+  "version": "1.0.0",
   "author": "Alexander Hornung",
   "bugs": "https://github.com/ageorgeh/ts-ag/issues",
   "bin": {
-    "ts-alias": "dist/ts-alias.js",
+    "ts-alias": "dist/scripts/ts-alias.js",
     "clean-dist": "dist/scripts/clean.js"
   },
   "dependencies": {
+    "@aws-sdk/client-cognito-identity-provider": "3.872.0",
+    "@aws-sdk/client-s3": "3.872.0",
+    "@aws-sdk/s3-request-presigner": "3.872.0",
+    "cookie": "1.0.2",
     "dequal": "^2.0.3",
-    "glob": "11.0.2",
+    "glob": "11.0.3",
     "chokidar": "4.0.3",
     "tsc-alias": "1.8.16",
     "valibot": "1.1.0",
     "cycle": "1.0.3",
     "@ungap/structured-clone": "1.3.0",
-    "jose": "6.0.11",
+    "jose": "6.0.12",
     "rehype-parse": "9.0.1",
-    "@types/hast": "3.0.4",
     "unified": "11.0.5",
     "vfile": "6.0.3",
-    "chalk": "5.4.1",
-    "neverthrow": "8.2.0"
+    "chalk": "5.6.0",
+    "neverthrow": "8.2.0",
+    "tsconfck": "3.1.6",
+    "devalue": "5.1.1"
   },
   "peerDependencies": {},
   "devDependencies": {
-    "jiti": "2.4.2",
-    "@eslint/js": "^9.26.0",
-    "eslint": "^9.26.0",
-    "eslint-plugin-import": "^2.31.0",
-    "globals": "^16.1.0",
-    "prettier": "^3.5.3",
-    "typescript": "^5.8.3",
-    "typescript-eslint": "^8.32.0",
-    "typescript-svelte-plugin": "0.3.47",
-    "npm-check-updates": "^18.0.1",
-    "@types/node": "^22.15.17",
-    "@types/aws-lambda": "8.10.149",
-    "@types/ungap__structured-clone": "1.2.0"
+    "jiti": "2.5.1",
+    "@eslint/js": "^9.33.0",
+    "eslint": "^9.33.0",
+    "eslint-plugin-import": "^2.32.0",
+    "globals": "^16.3.0",
+    "prettier": "^3.6.2",
+    "typescript": "^5.9.2",
+    "typescript-eslint": "^8.40.0",
+    "typescript-svelte-plugin": "0.3.50",
+    "npm-check-updates": "^18.0.2",
+    "concurrently": "^9.2.0",
+    "@types/node": "^24.3.0",
+    "@types/aws-lambda": "8.10.152",
+    "@types/ungap__structured-clone": "1.2.0",
+    "@types/hast": "3.0.4"
   },
   "type": "module",
   "files": [
@@ -61,9 +68,11 @@
   "repository": "ageorgeh/ts-ag",
   "scripts": {
     "tsc:build": "tsc",
-    "tsc:watch": "tsc --watch",
+    "tsc:watch": "concurrently \" npx tsc -w \" \" npx ts-alias -w \"",
+    "login": "npm login --registry=https://registry.npmjs.org/",
     "publish:local": "pnpm version prerelease --preid dev --no-git-tag-version && pnpm publish --registry http://localhost:4873 --tag dev --access public --no-git-checks --json > ./publishLocal.json",
     "publish:prerelease": "pnpm publish --tag dev --access public --no-git-checks --registry=https://registry.npmjs.org/ --json > ./publish.json",
-    "version:prerelease": "pnpm version prerelease --preid dev --no-git-tag-version"
+    "version:prerelease": "pnpm version prerelease --preid dev --no-git-tag-version",
+    "version": "pnpm version --no-git-tag-version"
   }
 }

package/src/browser.ts

@@ -1,2 +1,4 @@
 export * from './lambda/browser.js';
-export * from './rehype/browser.js'
+export * from './rehype/browser.js';
+
+export * from './types/index.js';

package/src/cognito/client.ts

@@ -0,0 +1,11 @@
+import { CognitoIdentityProviderClient } from '@aws-sdk/client-cognito-identity-provider';
+
+/**
+ * Convenience function if process.env.REGION is set
+ */
+export function getCognitoClient() {
+  return new CognitoIdentityProviderClient({
+    region: process.env.REGION,
+    endpoint: `https://cognito-idp.${process.env.REGION}.amazonaws.com`
+  });
+}

package/src/cognito/errors.ts

@@ -0,0 +1,175 @@
+import {
+  error_lambda_badRequest,
+  error_lambda_conflict,
+  error_lambda_internal,
+  error_lambda_unauthorized,
+  error_lambda_forbidden,
+  error_lambda_notFound
+} from '$lambda/errors.js';
+
+export const error_cognito_forbidden = {
+  type: 'cognito_forbidden' as const
+};
+export const error_cognito_internal = {
+  type: 'cognito_internal' as const
+};
+export const error_cognito_role = {
+  type: 'cognito_role' as const
+};
+export const error_cognito_input = {
+  type: 'cognito_input' as const
+};
+export const error_cognito_auth = {
+  type: 'cognito_auth' as const
+};
+export const error_cognito_notFound = {
+  type: 'cognito_notFound' as const
+};
+export const error_cognito_userNotFound = {
+  type: 'cognito_userNotFound' as const
+};
+export const error_cognito_tooManyRequests = {
+  type: 'cognito_tooManyRequests' as const
+};
+export const error_cognito_passwordPolicy = {
+  type: 'cognito_passwordPolicy' as const
+};
+export const error_cognito_passwordHistory = {
+  type: 'cognito_passwordHistory' as const
+};
+export const error_cognito_passwordResetRequired = {
+  type: 'cognito_passwordResetRequired' as const
+};
+
+// Confirm forgot password
+export const error_cognito_codeExpired = {
+  type: 'cognito_codeExpired' as const
+};
+export const error_cognito_codeMismatch = {
+  type: 'cognito_codeMismatch' as const
+};
+
+// Forgot password
+export const error_cognito_delivery = {
+  type: 'cognito_delivery' as const
+};
+// Confirm signup
+export const error_cognito_userExists = {
+  type: 'cognito_userExists' as const
+};
+
+export type type_error_cognito_forbidden = typeof error_cognito_forbidden;
+export type type_error_cognito_internal = typeof error_cognito_internal;
+export type type_error_cognito_role = typeof error_cognito_role;
+export type type_error_cognito_input = typeof error_cognito_input;
+export type type_error_cognito_auth = typeof error_cognito_auth;
+export type type_error_cognito_notFound = typeof error_cognito_notFound;
+export type type_error_cognito_userNotFound = typeof error_cognito_userNotFound;
+export type type_error_cognito_tooManyRequests = typeof error_cognito_tooManyRequests;
+export type type_error_cognito_passwordPolicy = typeof error_cognito_passwordPolicy;
+export type type_error_cognito_passwordHistory = typeof error_cognito_passwordHistory;
+export type type_error_cognito_passwordResetRequired = typeof error_cognito_passwordResetRequired;
+export type type_error_cognito_codeExpired = typeof error_cognito_codeExpired;
+export type type_error_cognito_codeMismatch = typeof error_cognito_codeMismatch;
+export type type_error_cognito_delivery = typeof error_cognito_delivery;
+export type type_error_cognito_userExists = typeof error_cognito_userExists;
+
+export type type_error_cognito =
+  | type_error_cognito_forbidden
+  | type_error_cognito_internal
+  | type_error_cognito_role
+  | type_error_cognito_input
+  | type_error_cognito_auth
+  | type_error_cognito_notFound
+  | type_error_cognito_userNotFound
+  | type_error_cognito_tooManyRequests
+  | type_error_cognito_passwordPolicy
+  | type_error_cognito_passwordHistory
+  | type_error_cognito_passwordResetRequired
+  | type_error_cognito_codeExpired
+  | type_error_cognito_codeMismatch
+  | type_error_cognito_delivery
+  | type_error_cognito_userExists;
+
+const awsToCognitoErrorMap = {
+  ForbiddenException: error_cognito_forbidden,
+  NotAuthorizedException: error_cognito_auth,
+  UserNotConfirmedException: error_cognito_auth,
+  UserNotFoundException: error_cognito_userNotFound,
+  ResourceNotFoundException: error_cognito_notFound,
+  InvalidParameterException: error_cognito_input,
+  InvalidPasswordException: error_cognito_passwordPolicy,
+  PasswordHistoryPolicyViolationException: error_cognito_passwordHistory,
+  PasswordResetRequiredException: error_cognito_passwordResetRequired,
+  LimitExceededException: error_cognito_tooManyRequests,
+  TooManyRequestsException: error_cognito_tooManyRequests,
+  InternalErrorException: error_cognito_internal,
+  // Confirm forgot password
+  CodeMismatchException: error_cognito_codeMismatch,
+  ExpiredCodeException: error_cognito_codeExpired,
+  TooManyFailedAttemptsException: error_cognito_tooManyRequests,
+  UnexpectedLambdaException: error_cognito_internal,
+  InvalidLambdaResponseException: error_cognito_internal,
+  UserLambdaValidationException: error_cognito_internal,
+  // Forgot password
+  InvalidEmailRoleAccessPolicyException: error_cognito_role,
+  InvalidSmsRoleAccessPolicyException: error_cognito_role,
+  InvalidSmsRoleTrustRelationshipException: error_cognito_role,
+  CodeDelliveryFailureException: error_cognito_delivery,
+  // Confirm signup
+  AliasExistsException: error_cognito_userExists,
+  // Login
+  InvalidUserPoolConfigurationException: error_cognito_internal,
+  MFAMethodNotFoundException: error_cognito_notFound,
+  UnsupportedOperationException: error_cognito_internal,
+  // Reset password
+  SoftwareTokenMFANotFoundException: error_cognito_notFound,
+  // Sign up
+  UsernameExistsException: error_cognito_userExists
+} as const;
+
+/**
+ * Gets a generic error from the name of the aws error
+ */
+export function error_cognito(error: Error): type_error_cognito {
+  const type = error.name as keyof typeof awsToCognitoErrorMap;
+  if (awsToCognitoErrorMap[type] === undefined) console.warn(`${type} is not present in the cognito error map`);
+
+  console.error(`Cognito error: ${type}`, error);
+
+  return awsToCognitoErrorMap[type] || error_cognito_internal;
+}
+
+/**
+ * Converts a cognito error to a lambda error.
+ * Basically just for narrowing it down a bit
+ */
+export function error_lambda_fromCognito(e: type_error_cognito) {
+  switch (e.type) {
+    case 'cognito_auth':
+      return error_lambda_unauthorized('Not authorized');
+    case 'cognito_forbidden':
+      return error_lambda_forbidden('Forbidden');
+    case 'cognito_internal':
+    case 'cognito_role':
+      return error_lambda_internal('Internal server error');
+    case 'cognito_input':
+      return error_lambda_badRequest('There is an issue with your request');
+    case 'cognito_notFound':
+      return error_lambda_notFound('Resource not found');
+    case 'cognito_userNotFound':
+      return error_lambda_notFound('User not found');
+    case 'cognito_tooManyRequests':
+      return error_lambda_badRequest('Too many requests');
+    case 'cognito_passwordPolicy':
+      return error_lambda_badRequest('Password does not meet policy requirements');
+    case 'cognito_passwordHistory':
+      return error_lambda_conflict('Password was used recently');
+    case 'cognito_passwordResetRequired':
+      return error_lambda_badRequest('Password reset required');
+    case 'cognito_delivery':
+      return error_lambda_internal('Delivery failed for the provided email or phone number');
+    default:
+      return error_lambda_internal('Unknown error');
+  }
+}

package/src/cognito/index.ts

@@ -0,0 +1,5 @@
+export * from './client.js';
+export * from './errors.js';
+
+export * from './user.js';
+export * from './password.js';

package/src/cognito/password.ts

@@ -0,0 +1,233 @@
+import {
+  AdminInitiateAuthCommand,
+  ChangePasswordCommand,
+  ConfirmForgotPasswordCommand,
+  ConfirmSignUpCommand,
+  ForgotPasswordCommand,
+  GlobalSignOutCommand,
+  RespondToAuthChallengeCommand,
+  SignUpCommand
+} from '@aws-sdk/client-cognito-identity-provider';
+import type { type_error_cognito } from './errors.js';
+import { error_cognito } from './errors.js';
+import { getCognitoClient } from './client.js';
+import { ResultAsync } from 'neverthrow';
+import { createHmac } from 'crypto';
+
+const clientId = process.env.COGNITO_CLIENT_ID!;
+const clientSecret = process.env.COGNITO_CLIENT_SECRET!;
+const userPoolId = process.env.COGNITO_USER_POOL_ID!;
+
+export function computeSecretHash(username: string, clientId: string, clientSecret: string): string {
+  return createHmac('SHA256', clientSecret)
+    .update(username + clientId)
+    .digest('base64');
+}
+
+// ---- Change password ---- //
+
+/**
+ * Changes a users password
+ * Wraps the cognito sdk to use neverthrow
+ */
+export const changePassword = ResultAsync.fromThrowable(
+  async (accessToken: string, oldPassword: string, newPassword: string) => {
+    const cognitoClient = getCognitoClient();
+    return cognitoClient.send(
+      new ChangePasswordCommand({
+        AccessToken: accessToken,
+        PreviousPassword: oldPassword,
+        ProposedPassword: newPassword
+      })
+    );
+  },
+  (e) => {
+    console.error('ChangePasswordCommand error', e);
+    return error_cognito(e as Error) as type_error_cognito;
+  }
+);
+
+// ---- Confirm Forgot password ---- //
+
+/**
+ * Changes the password with the confirmation code sent to the email.
+ * Assumes the existence of process.env.COGNITO_CLIENT_ID and COGNITO_CLIENT_SECRET
+ * @param username - username or any of their alias attributes
+ * @param confirmationCode
+ * @param newPassword
+ */
+export const confirmForgotPassword = ResultAsync.fromThrowable(
+  (data: { username: string; confirmationCode: string; newPassword: string }) => {
+    const cognitoClient = getCognitoClient();
+    return cognitoClient.send(
+      new ConfirmForgotPasswordCommand({
+        ClientId: clientId,
+        Username: data.username,
+        ConfirmationCode: data.confirmationCode,
+        Password: data.newPassword,
+        SecretHash: computeSecretHash(data.username, clientId!, clientSecret!)
+      })
+    );
+  },
+  (e) => {
+    console.error('ConfirmForgotPasswordCommand error', e);
+    return error_cognito(e as Error) as type_error_cognito;
+  }
+);
+
+// ---- Confirm Signup ---- //
+
+/**
+ * Confirms signup
+ * @param username - username or any alias attribute
+ */
+export const confirmSignup = ResultAsync.fromThrowable(
+  (data: { username: string; confirmationCode: string }) => {
+    const cognitoClient = getCognitoClient();
+    return cognitoClient.send(
+      new ConfirmSignUpCommand({
+        ClientId: clientId,
+        Username: data.username,
+        ConfirmationCode: data.confirmationCode,
+        SecretHash: computeSecretHash(data.username, clientId, clientSecret)
+      })
+    );
+  },
+  (e) => {
+    console.error('ConfirmSignUpCommand error', e);
+    return error_cognito(e as Error) as type_error_cognito;
+  }
+);
+
+// ---- Forgot password ---- //
+
+/**
+ * Sends an email for you to reset your password
+ */
+export const forgotPassword = ResultAsync.fromThrowable(
+  (data: { username: string }) => {
+    const cognitoClient = getCognitoClient();
+    return cognitoClient.send(
+      new ForgotPasswordCommand({
+        ClientId: clientId,
+        Username: data.username,
+        SecretHash: computeSecretHash(data.username, clientId, clientSecret)
+      })
+    );
+  },
+  (e) => {
+    console.error('ForgotPasswordCommand error', e);
+    return error_cognito(e as Error) as type_error_cognito;
+  }
+);
+
+// ---- Login ---- //
+
+export const login = ResultAsync.fromThrowable(
+  (data: { username: string; password: string }) => {
+    const cognitoClient = getCognitoClient();
+    return cognitoClient.send(
+      new AdminInitiateAuthCommand({
+        AuthFlow: 'ADMIN_USER_PASSWORD_AUTH',
+        ClientId: clientId,
+        UserPoolId: userPoolId,
+        AuthParameters: {
+          USERNAME: data.username,
+          PASSWORD: data.password,
+          SECRET_HASH: computeSecretHash(data.username, clientId, clientSecret)
+        }
+      })
+    );
+  },
+  (e) => {
+    console.error('AdminInitiateAuthCommand error', e);
+    return error_cognito(e as Error) as type_error_cognito;
+  }
+);
+
+// ---- Refresh token ---- //
+
+export const refreshTokens = ResultAsync.fromThrowable(
+  (data: { username: string; refreshToken: string }) => {
+    const cognitoClient = getCognitoClient();
+    return cognitoClient.send(
+      new AdminInitiateAuthCommand({
+        AuthFlow: 'REFRESH_TOKEN_AUTH',
+        ClientId: clientId,
+        UserPoolId: userPoolId,
+        AuthParameters: {
+          REFRESH_TOKEN: data.refreshToken,
+          SECRET_HASH: computeSecretHash(data.username, clientId, clientSecret)
+        }
+      })
+    );
+  },
+  (e) => {
+    console.error('AdminInitiateAuthCommand error', e);
+    return error_cognito(e as Error) as type_error_cognito;
+  }
+);
+
+// ---- Logout ---- //
+export const logout = ResultAsync.fromThrowable(
+  (accessToken: string) => {
+    const cognitoClient = getCognitoClient();
+    // GlobalSignOut invalidates all refresh tokens associated with user
+    return cognitoClient.send(new GlobalSignOutCommand({ AccessToken: accessToken }));
+  },
+  (e) => {
+    console.error('GlobalSignOutCommand error', e);
+    return error_cognito(e as Error);
+  }
+);
+
+// ---- Reset password ---- //
+
+export const resetPassword = ResultAsync.fromThrowable(
+  (data: { session: string; newPassword: string; username: string }) => {
+    const cognitoClient = getCognitoClient();
+    return cognitoClient.send(
+      new RespondToAuthChallengeCommand({
+        ChallengeName: 'NEW_PASSWORD_REQUIRED',
+        ClientId: clientId,
+        Session: data.session,
+        ChallengeResponses: {
+          SECRET_HASH: computeSecretHash(data.username, clientId, clientSecret),
+          NEW_PASSWORD: data.newPassword,
+          USERNAME: data.username
+        }
+      })
+    );
+  },
+  (e) => {
+    console.error('RespondToAuthChallengeCommand error', e);
+    return error_cognito(e as Error) as type_error_cognito;
+  }
+);
+
+// ---- Sign up ---- //
+export const signUp = ResultAsync.fromThrowable(
+  (data: { username: string; password: string } & Record<string, unknown>) => {
+    const cognitoClient = getCognitoClient();
+    const secretHash = computeSecretHash(data.username, clientId, clientSecret);
+
+    return cognitoClient.send(
+      new SignUpCommand({
+        ClientId: clientId,
+        Username: data.username,
+        Password: data.password,
+        SecretHash: secretHash,
+        UserAttributes: Object.entries(data)
+          .filter(([key]) => key !== 'username' && key !== 'password')
+          .map(([key, value]) => ({
+            Name: key,
+            Value: value as string
+          }))
+      })
+    );
+  },
+  (e) => {
+    console.error('SignUpCommand error', e);
+    return error_cognito(e as Error) as type_error_cognito;
+  }
+);

package/src/cognito/user.ts

@@ -0,0 +1,46 @@
+import type {
+  AdminGetUserCommandOutput,
+  AttributeType,
+  CognitoIdentityProviderServiceException
+} from '@aws-sdk/client-cognito-identity-provider';
+import { AdminGetUserCommand } from '@aws-sdk/client-cognito-identity-provider';
+import { getCognitoClient } from './client.js';
+import { ResultAsync } from 'neverthrow';
+import { error_cognito } from './errors.js';
+
+export type UserRes = Omit<AdminGetUserCommandOutput, 'UserAttributes'> & { UserAttributes: Record<string, string> };
+
+/**
+ * Performs an AdminGetUserCommand and extracts the user attributes into an object
+ */
+export const getUserDetails = ResultAsync.fromThrowable(
+  async (username: string) => {
+    console.log('getUserDetails: Getting details for user: ', username);
+    const UserPoolId = process.env.COGNITO_USER_POOL_ID;
+    const cognitoClient = getCognitoClient();
+    const res = await cognitoClient.send(new AdminGetUserCommand({ UserPoolId, Username: username }));
+    return {
+      ...res,
+      UserAttributes: extractAttributes(res.UserAttributes)
+    } as UserRes;
+  },
+  (e) => {
+    console.error('getUserDetails:error:', e);
+    return error_cognito(e as CognitoIdentityProviderServiceException);
+  }
+);
+
+/**
+ * @returns An object of attributes with their names as keys and values as values.
+ */
+export function extractAttributes(attrs: AttributeType[] | undefined) {
+  const attributes: Record<string, string> = {};
+  if (attrs) {
+    for (const attr of attrs) {
+      if (attr.Name && attr.Value) {
+        attributes[attr.Name] = attr.Value;
+      }
+    }
+  }
+  return attributes;
+}

package/src/dynamo/errors.ts

@@ -0,0 +1,11 @@
+import { error_lambda_internal } from '$lambda/errors.js';
+
+export const error_dynamo = {
+  type: 'dynamo' as const
+};
+
+export type type_error_dynamo = typeof error_dynamo;
+
+export function error_lambda_fromDynamo(e: type_error_dynamo) {
+  return error_lambda_internal('Internal server error');
+}

package/src/dynamo/index.ts

@@ -0,0 +1 @@
+export * from './errors.js';

package/src/index.ts

@@ -1,3 +1,11 @@
+// AWS
 export * from './lambda/index.js';
+export * from './cognito/index.js';
+export * from './s3/index.js';
+export * from './dynamo/index.js';
+export * from './ses/index.js';
+
 export * from './rehype/index.js';
 export * from './utils/index.js';
+
+export * from './types/index.js';

package/src/lambda/browser.ts

@@ -1,3 +1,5 @@
 export * from './client-types.js';
 export * from './client.js';
 export * from './handlerUtils.js';
+export * from './serializer.js';
+export * from './deserializer.js';