829d365e80
Add complete auth backend (Workstream D): - Auth middleware for session/API key authentication - Signup with password or passkey (WebAuthn) - Login flow with device trust and email confirmation - Password reset and email verification - Session management and logout Utilities created: - cookies.ts: Cookie helpers and configuration - crypto.ts: Token generation and hashing - password.ts: zxcvbn validation, argon2id hashing - geo.ts: IP/location extraction from headers - email.ts: Stubbed email sending - session.ts: Session creation and device trust Code review improvements applied: - Use ORPCError instead of Error in procedures - Add ast-grep rule to enforce ORPCError usage - Remove error info leakage (generic messages) - Optimize N+1 query with JOIN in login-password - Extract signupWithPassword/signupWithPasskey for testability - Add 15-minute WebAuthn challenge expiry check - Strengthen CookieOptions type definitions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
32 lines
832 B
JSON
32 lines
832 B
JSON
{
|
|
"name": "api-server",
|
|
"version": "0.0.0",
|
|
"private": true,
|
|
"type": "module",
|
|
"scripts": {
|
|
"dev": "bun run --hot src/index.ts",
|
|
"build": "bun build src/index.ts --outdir dist",
|
|
"typecheck": "tsc --noEmit",
|
|
"lint": "eslint . --cache",
|
|
"clean": "rm -rf dist .eslintcache"
|
|
},
|
|
"dependencies": {
|
|
"@orpc/server": "^1.13.2",
|
|
"@reviq/api-contract": "workspace:*",
|
|
"@reviq/db": "workspace:*",
|
|
"@reviq/db-schema": "workspace:*",
|
|
"@simplewebauthn/server": "^13.2.2",
|
|
"@simplewebauthn/types": "^12.0.0",
|
|
"kysely": "^0.28.2",
|
|
"zxcvbn": "^4.4.2"
|
|
},
|
|
"devDependencies": {
|
|
"@macalinao/eslint-config": "catalog:",
|
|
"@macalinao/tsconfig": "catalog:",
|
|
"@types/bun": "catalog:",
|
|
"@types/zxcvbn": "^4.4.5",
|
|
"eslint": "catalog:",
|
|
"typescript": "catalog:"
|
|
}
|
|
}
|