feat: add magic link to core package

Author: Bccorb

packages/core/src/handlers/pollMagicLinkConfirmationHandler.ts

@@ -0,0 +1,102 @@
+import { authFetch } from "../authFetch.js";
+import type { CookiePayload } from "../ensureCookies.js";
+import { verifySignedAuthResponse } from "../verifySignedAuthResponse.js";
+
+export interface PollMagicLinkConfirmationInput {
+  authorization?: string;
+}
+
+export interface PollMagicLinkConfirmationOptions {
+  authServerUrl: string;
+  cookieDomain?: string;
+  accessCookieName: string;
+  refreshCookieName: string;
+}
+
+export interface PollMagicLinkConfirmationResult {
+  status: number;
+  body?: unknown;
+  error?: unknown;
+  setCookies?: {
+    name: string;
+    value: CookiePayload;
+    ttl: number;
+    domain?: string;
+  }[];
+}
+
+export async function pollMagicLinkConfirmationHandler(
+  input: PollMagicLinkConfirmationInput,
+  opts: PollMagicLinkConfirmationOptions,
+): Promise<PollMagicLinkConfirmationResult> {
+  const up = await authFetch(`${opts.authServerUrl}/magic-link/check`, {
+    method: "GET",
+    authorization: input.authorization,
+  });
+
+  // 👇 Pending state (important for polling UX)
+  if (up.status === 204) {
+    return {
+      status: 204,
+      body: { message: "Not verified." },
+    };
+  }
+
+  const data = await up.json();
+
+  if (!up.ok) {
+    return {
+      status: up.status,
+      error: data,
+    };
+  }
+
+  // 👇 Web mode: auth server already handled cookies
+  if (!data?.token || !data?.refreshToken || !data?.sub) {
+    return {
+      status: up.status,
+      body: data,
+    };
+  }
+
+  // 🔐 Verify signed response (same as WebAuthn flow)
+  const verifiedAccessToken = await verifySignedAuthResponse(
+    data.token,
+    opts.authServerUrl,
+  );
+
+  if (!verifiedAccessToken) {
+    throw new Error("Invalid signed response from Auth Server");
+  }
+
+  if (verifiedAccessToken.sub !== data.sub) {
+    throw new Error("Signature mismatch with data payload");
+  }
+
+  return {
+    status: 200,
+    body: data,
+    setCookies: [
+      {
+        name: opts.accessCookieName,
+        value: {
+          sub: data.sub,
+          roles: data.roles,
+          email: data.email,
+          phone: data.phone,
+        },
+        ttl: data.ttl,
+        domain: opts.cookieDomain,
+      },
+      {
+        name: opts.refreshCookieName,
+        value: {
+          sub: data.sub,
+          refreshToken: data.refreshToken,
+        },
+        ttl: data.refreshTtl,
+        domain: opts.cookieDomain,
+      },
+    ],
+  };
+}

packages/core/src/handlers/requestMagicLinkHandler.ts

@@ -0,0 +1,39 @@
+import { authFetch } from "../authFetch.js";
+
+export interface RequestMagicLinkInput {
+  authorization?: string;
+}
+
+export interface RequestMagicLinkOptions {
+  authServerUrl: string;
+}
+
+export interface RequestMagicLinkResult {
+  status: number;
+  body?: unknown;
+  error?: unknown;
+}
+
+export async function requestMagicLinkHandler(
+  input: RequestMagicLinkInput,
+  opts: RequestMagicLinkOptions,
+): Promise<RequestMagicLinkResult> {
+  const up = await authFetch(`${opts.authServerUrl}/magic-link`, {
+    method: "GET",
+    authorization: input.authorization,
+  });
+
+  const data = await up.json();
+
+  if (!up.ok) {
+    return {
+      status: up.status,
+      error: data,
+    };
+  }
+
+  return {
+    status: up.status,
+    body: data,
+  };
+}

packages/core/src/handlers/verifyMagicLinkHandler.ts

@@ -0,0 +1,41 @@
+import { authFetch } from "../authFetch.js";
+
+export interface VerifyMagicLinkInput {
+  token: string;
+}
+
+export interface VerifyMagicLinkOptions {
+  authServerUrl: string;
+}
+
+export interface VerifyMagicLinkResult {
+  status: number;
+  body?: unknown;
+  error?: unknown;
+}
+
+export async function verifyMagicLinkHandler(
+  input: VerifyMagicLinkInput,
+  opts: VerifyMagicLinkOptions,
+): Promise<VerifyMagicLinkResult> {
+  const up = await authFetch(
+    `${opts.authServerUrl}/magic-link/verify/${input.token}`,
+    {
+      method: "GET",
+    },
+  );
+
+  const data = await up.json();
+
+  if (!up.ok) {
+    return {
+      status: up.status,
+      error: data,
+    };
+  }
+
+  return {
+    status: up.status,
+    body: data,
+  };
+}

packages/core/src/index.ts

@@ -11,3 +11,6 @@ export * from "./handlers/register.js";
 export * from "./handlers/finishRegister.js";
 export * from "./handlers/logout.js";
 export * from "./handlers/me.js";
+export * from "./handlers/verifyMagicLinkHandler.js";
+export * from "./handlers/requestMagicLinkHandler.js";
+export * from "./handlers/pollMagicLinkConfirmationHandler.js";