chore: update versions (#3124)

This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @nhost/hasura-auth-js@2.10.0

### Minor Changes

-   04d2ce1: feat: add signin security key with user handle

### Patch Changes

-   44c1e17: chore: update `msw` to v1.3.5 to fix vulnerabilities

## @nhost/react@3.9.0

### Minor Changes

-   04d2ce1: feat: add signin security key with user handle

### Patch Changes

-   @nhost/nhost-js@3.2.3

## @nhost/vue@2.9.0

### Minor Changes

-   04d2ce1: feat: add signin security key with user handle

### Patch Changes

-   @nhost/nhost-js@3.2.3

## @nhost/apollo@8.0.3

### Patch Changes

-   @nhost/nhost-js@3.2.3

## @nhost/react-apollo@16.0.0

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/react@3.9.0
    -   @nhost/apollo@8.0.3

## @nhost/react-urql@13.0.0

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/react@3.9.0

## @nhost/nextjs@2.2.1

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/react@3.9.0

## @nhost/nhost-js@3.2.3

### Patch Changes

-   Updated dependencies [44c1e17]
-   Updated dependencies [04d2ce1]
    -   @nhost/hasura-auth-js@2.10.0

## @nhost/dashboard@2.14.0

### Minor Changes

- d43931e: fix: invalid organization slug/project subdomain doesn't open
404 page
- 5df6fa2: feat: add unencrypted disk warning in storage capacity
settings

### Patch Changes

-   44c1e17: chore: update `msw` to v1.3.5 to fix vulnerabilities
    -   @nhost/react-apollo@16.0.0
    -   @nhost/nextjs@2.2.1

## @nhost/docs@2.26.0

### Minor Changes

-   04d2ce1: feat: add reference documentation for signin security key

### Patch Changes

-   1fa6cc4: chore: added docs for pg_jsonschema

## @nhost-examples/react-apollo@1.2.0

### Minor Changes

- 04d2ce1: feat: update signin components to use `useSignInSecuritykey`
with user handle

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/react@3.9.0
    -   @nhost/react-apollo@16.0.0

## @nhost-examples/vue-apollo@0.8.0

### Minor Changes

- 04d2ce1: feat: update signin components to use `useSignInSecuritykey`
with user handle

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/vue@2.9.0
    -   @nhost/nhost-js@3.2.3
    -   @nhost/apollo@8.0.3

## @nhost-examples/cli@0.3.16

### Patch Changes

-   @nhost/nhost-js@3.2.3

## @nhost-examples/codegen-react-apollo@0.4.17

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/react@3.9.0
    -   @nhost/react-apollo@16.0.0

## @nhost-examples/codegen-react-query@0.4.17

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/react@3.9.0

## @nhost-examples/codegen-react-urql@0.3.17

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/react@3.9.0
    -   @nhost/react-urql@13.0.0

## @nhost-examples/multi-tenant-one-to-many@2.2.17

### Patch Changes

-   @nhost/nhost-js@3.2.3

## @nhost-examples/nextjs@0.4.1

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/react@3.9.0
    -   @nhost/react-apollo@16.0.0
    -   @nhost/nextjs@2.2.1

## @nhost-examples/node-storage@0.2.16

### Patch Changes

-   @nhost/nhost-js@3.2.3

## @nhost-examples/nextjs-server-components@0.5.1

### Patch Changes

-   @nhost/nhost-js@3.2.3

## @nhost-examples/react-gqty@1.2.17

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/react@3.9.0

## @nhost-examples/react-native@0.1.2

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/react@3.9.0
    -   @nhost/react-apollo@16.0.0

## @nhost-examples/vue-quickstart@0.2.17

### Patch Changes

-   Updated dependencies [04d2ce1]
    -   @nhost/vue@2.9.0
    -   @nhost/apollo@8.0.3

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

audit-ci.jsonc

@@ -2,5 +2,5 @@
   // $schema provides code completion hints to IDEs.
   "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
   "moderate": true,
-  "allowlist": ["vue-template-compiler", "micromatch", "path-to-regexp"]
+  "allowlist": ["vue-template-compiler"]
 }

dashboard/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @nhost/dashboard
 
+## 2.14.0
+
+### Minor Changes
+
+- d43931e: fix: invalid organization slug/project subdomain doesn't open 404 page
+- 5df6fa2: feat: add unencrypted disk warning in storage capacity settings
+
+### Patch Changes
+
+- 44c1e17: chore: update `msw` to v1.3.5 to fix vulnerabilities
+  - @nhost/react-apollo@16.0.0
+  - @nhost/nextjs@2.2.1
+
 ## 2.13.0
 
 ### Minor Changes

dashboard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/dashboard",
-  "version": "2.13.0",
+  "version": "2.14.0",
   "private": true,
   "scripts": {
     "preinstall": "npx only-allow pnpm",
@@ -177,7 +177,7 @@
     "eslint-plugin-react-hooks": "^4.6.0",
     "jsdom": "^22.1.0",
     "lint-staged": "^15.2.2",
-    "msw": "^1.3.3",
+    "msw": "^1.3.5",
     "msw-storybook-addon": "^1.10.0",
     "node-fetch": "^3.3.2",
     "postcss": "^8.4.38",

dashboard/src/features/orgs/projects/database/settings/components/DatabaseStorageCapacity/DatabaseStorageCapacity.tsx

@@ -2,9 +2,12 @@ import { useUI } from '@/components/common/UIProvider';
 import { Form } from '@/components/form/Form';
 import { SettingsContainer } from '@/components/layout/SettingsContainer';
 import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
+import { Alert } from '@/components/ui/v2/Alert';
 import { Box } from '@/components/ui/v2/Box';
 import { Input } from '@/components/ui/v2/Input';
 import { InputAdornment } from '@/components/ui/v2/InputAdornment';
+import { Link } from '@/components/ui/v2/Link';
+import { Text } from '@/components/ui/v2/Text';
 import { UpgradeNotification } from '@/features/orgs/projects/common/components/UpgradeNotification';
 import { useAppState } from '@/features/orgs/projects/common/hooks/useAppState';
 import { useIsPlatform } from '@/features/orgs/projects/common/hooks/useIsPlatform';
@@ -14,6 +17,7 @@ import { useLocalMimirClient } from '@/features/orgs/projects/hooks/useLocalMimi
 import { useProject } from '@/features/orgs/projects/hooks/useProject';
 import { execPromiseWithErrorToast } from '@/features/orgs/utils/execPromiseWithErrorToast';
 import {
+  useGetPersistentVolumesEncryptedQuery,
   useGetPostgresSettingsQuery,
   useUpdateConfigMutation,
 } from '@/generated/graphql';
@@ -57,6 +61,15 @@ export default function DatabaseStorageCapacity() {
       org?.plan?.featureMaxDbSize) ||
     0;
 
+  const { data: encryptedVolumesData } = useGetPersistentVolumesEncryptedQuery({
+    variables: { appId: project?.id },
+    skip: !isPlatform,
+  });
+
+  const showEncryptionWarning = encryptedVolumesData
+    ? !encryptedVolumesData?.systemConfig?.persistentVolumesEncrypted
+    : false;
+
   const [updateConfig] = useUpdateConfigMutation({
     ...(!isPlatform ? { client: localMimirClient } : {}),
   });
@@ -187,6 +200,28 @@ export default function DatabaseStorageCapacity() {
               isDirty={isDirty}
             />
           )}
+          {showEncryptionWarning ? (
+            <Alert severity="warning" className="flex flex-col gap-3 text-left">
+              <div className="flex flex-col gap-2 lg:flex-row lg:justify-between">
+                <Text className="flex items-start gap-1 font-semibold">
+                  Disk encryption is now available!
+                </Text>
+              </div>
+              <div>
+                <Text>
+                  To enable encryption in this project all you have to do is
+                  pause & unpause it in{' '}
+                  <Link
+                    href={`/orgs/${org?.slug}/projects/${project?.subdomain}/settings`}
+                    underline="hover"
+                  >
+                    General Settings
+                  </Link>
+                  .
+                </Text>
+              </div>
+            </Alert>
+          ) : null}
         </SettingsContainer>
       </Form>
     </FormProvider>

dashboard/src/features/orgs/projects/database/settings/gql/getPersistentVolumesEncrypted.gql

@@ -0,0 +1,5 @@
+query GetPersistentVolumesEncrypted($appId: uuid!) {
+  systemConfig(appID: $appId) {
+    persistentVolumesEncrypted
+  }
+}

dashboard/src/features/projects/common/hooks/useNotFoundRedirect/useNotFoundRedirect.ts

@@ -1,3 +1,5 @@
+import { useCurrentOrg } from '@/features/orgs/projects/hooks/useCurrentOrg';
+import { useProject } from '@/features/orgs/projects/hooks/useProject';
 import { useCurrentWorkspaceAndProject } from '@/features/projects/common/hooks/useCurrentWorkspaceAndProject';
 import { useRouter } from 'next/router';
 import { useEffect } from 'react';
@@ -8,10 +10,22 @@ import { useEffect } from 'react';
 export default function useNotFoundRedirect() {
   const router = useRouter();
   const {
-    query: { orgSlug, workspaceSlug, appSubdomain, updating, appSlug },
+    query: {
+      orgSlug: urlOrgSlug,
+      workspaceSlug: urlWorkspaceSlug,
+      appSubdomain: urlAppSubdomain,
+      updating,
+      appSlug: urlAppSlug,
+    },
     isReady,
   } = router;
 
+  const { project, loading: projectLoading } = useProject();
+  const { org, loading: orgLoading } = useCurrentOrg();
+
+  const { subdomain: projectSubdomain } = project || {};
+  const { slug: currentOrgSlug } = org || {};
+
   const { currentProject, currentWorkspace, loading } =
     useCurrentWorkspaceAndProject();
 
@@ -23,6 +37,10 @@ export default function useNotFoundRedirect() {
       !isReady ||
       // If the current workspace and project are not loaded, we don't want to redirect to 404
       loading ||
+      // If the project is loading, we don't want to redirect to 404
+      projectLoading ||
+      // If the org is loading, we don't want to redirect to 404
+      orgLoading ||
       // If we're already on the 404 page, we don't want to redirect to 404
       router.pathname === '/404' ||
       router.pathname === '/' ||
@@ -31,12 +49,12 @@ export default function useNotFoundRedirect() {
       router.pathname === '/run-one-click-install' ||
       router.pathname.includes('/orgs/_') ||
       router.pathname.includes('/orgs/_/projects/_') ||
-      orgSlug ||
+      (urlOrgSlug === currentOrgSlug && !urlAppSubdomain) ||
-      (orgSlug && appSubdomain) ||
+      (urlOrgSlug === currentOrgSlug && urlAppSubdomain === projectSubdomain) ||
       // If we are on a valid workspace and project, we don't want to redirect to 404
-      (workspaceSlug && currentWorkspace && appSlug && currentProject) ||
+      (urlWorkspaceSlug && currentWorkspace && urlAppSlug && currentProject) ||
       // If we are on a valid workspace and no project is selected, we don't want to redirect to 404
-      (workspaceSlug && currentWorkspace && !appSlug && !currentProject)
+      (urlWorkspaceSlug && currentWorkspace && !urlAppSlug && !currentProject)
     ) {
       return;
     }
@@ -47,11 +65,15 @@ export default function useNotFoundRedirect() {
     currentWorkspace,
     isReady,
     loading,
-    appSubdomain,
+    urlAppSubdomain,
-    appSlug,
+    urlAppSlug,
     router,
     updating,
-    workspaceSlug,
+    projectLoading,
-    orgSlug,
+    orgLoading,
+    currentOrgSlug,
+    projectSubdomain,
+    urlWorkspaceSlug,
+    urlOrgSlug,
   ]);
 }

dashboard/src/utils/__generated__/graphql.ts

@@ -27682,6 +27682,13 @@ export type GetBackupPresignedUrlQueryVariables = Exact<{
 
 export type GetBackupPresignedUrlQuery = { __typename?: 'query_root', getBackupPresignedUrl: { __typename?: 'BackupPresignedURL', url: string, expiresAt: any } };
 
+export type GetPersistentVolumesEncryptedQueryVariables = Exact<{
+  appId: Scalars['uuid'];
+}>;
+
+
+export type GetPersistentVolumesEncryptedQuery = { __typename?: 'query_root', systemConfig?: { __typename?: 'ConfigSystemConfig', persistentVolumesEncrypted?: boolean | null } | null };
+
 export type GetJwtSecretsQueryVariables = Exact<{
   appId: Scalars['uuid'];
 }>;
@@ -29656,6 +29663,44 @@ export type GetBackupPresignedUrlQueryResult = Apollo.QueryResult<GetBackupPresi
 export function refetchGetBackupPresignedUrlQuery(variables: GetBackupPresignedUrlQueryVariables) {
       return { query: GetBackupPresignedUrlDocument, variables: variables }
     }
+export const GetPersistentVolumesEncryptedDocument = gql`
+    query GetPersistentVolumesEncrypted($appId: uuid!) {
+  systemConfig(appID: $appId) {
+    persistentVolumesEncrypted
+  }
+}
+    `;
+
+/**
+ * __useGetPersistentVolumesEncryptedQuery__
+ *
+ * To run a query within a React component, call `useGetPersistentVolumesEncryptedQuery` and pass it any options that fit your needs.
+ * When your component renders, `useGetPersistentVolumesEncryptedQuery` returns an object from Apollo Client that contains loading, error, and data properties
+ * you can use to render your UI.
+ *
+ * @param baseOptions options that will be passed into the query, supported options are listed on: https://www.apollographql.com/docs/react/api/react-hooks/#options;
+ *
+ * @example
+ * const { data, loading, error } = useGetPersistentVolumesEncryptedQuery({
+ *   variables: {
+ *      appId: // value for 'appId'
+ *   },
+ * });
+ */
+export function useGetPersistentVolumesEncryptedQuery(baseOptions: Apollo.QueryHookOptions<GetPersistentVolumesEncryptedQuery, GetPersistentVolumesEncryptedQueryVariables>) {
+        const options = {...defaultOptions, ...baseOptions}
+        return Apollo.useQuery<GetPersistentVolumesEncryptedQuery, GetPersistentVolumesEncryptedQueryVariables>(GetPersistentVolumesEncryptedDocument, options);
+      }
+export function useGetPersistentVolumesEncryptedLazyQuery(baseOptions?: Apollo.LazyQueryHookOptions<GetPersistentVolumesEncryptedQuery, GetPersistentVolumesEncryptedQueryVariables>) {
+          const options = {...defaultOptions, ...baseOptions}
+          return Apollo.useLazyQuery<GetPersistentVolumesEncryptedQuery, GetPersistentVolumesEncryptedQueryVariables>(GetPersistentVolumesEncryptedDocument, options);
+        }
+export type GetPersistentVolumesEncryptedQueryHookResult = ReturnType<typeof useGetPersistentVolumesEncryptedQuery>;
+export type GetPersistentVolumesEncryptedLazyQueryHookResult = ReturnType<typeof useGetPersistentVolumesEncryptedLazyQuery>;
+export type GetPersistentVolumesEncryptedQueryResult = Apollo.QueryResult<GetPersistentVolumesEncryptedQuery, GetPersistentVolumesEncryptedQueryVariables>;
+export function refetchGetPersistentVolumesEncryptedQuery(variables: GetPersistentVolumesEncryptedQueryVariables) {
+      return { query: GetPersistentVolumesEncryptedDocument, variables: variables }
+    }
 export const GetJwtSecretsDocument = gql`
     query GetJWTSecrets($appId: uuid!) {
   config(appID: $appId, resolve: false) {

docs/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @nhost/docs
 
+## 2.26.0
+
+### Minor Changes
+
+- 04d2ce1: feat: add reference documentation for signin security key
+
+### Patch Changes
+
+- 1fa6cc4: chore: added docs for pg_jsonschema
+
 ## 2.25.0
 
 ### Minor Changes

docs/guides/database/extensions.mdx

@@ -44,6 +44,7 @@ In the table below you can find a list of available extensions with Nhost Postgr
 | pg_freespacemap              | 1.2     | examine the free space map (FSM) |
 | pg_hashids                   | 1.3     | pg_hashids |
 | pg_ivm                       | 1.9     | incremental view maintenance on PostgreSQL |
+| pg_jsonschema                | 0.3.3   | pg_jsonschema |
 | pg_prewarm                   | 1.2     | prewarm relation data |
 | pg_repack                    | 1.5.1   | Reorganize tables in PostgreSQL databases with minimal locks |
 | pg_squeeze                   | 1.7     | A tool to remove unused space from a relation. |
@@ -75,7 +76,6 @@ In the table below you can find a list of available extensions with Nhost Postgr
 
 In addition, you can find more information about some of the extensions below
 
-
 ## hypopg
 
 HypoPG is a PostgreSQL extension adding support for hypothetical indexes.
@@ -277,6 +277,30 @@ DROP EXTENSION pg_ivm;
 
 - [GitHub](https://github.com/sraoss/pg_ivm)
 
+## pg_jsonschema
+
+pg_jsonschema is a PostgreSQL extension adding support for JSON schema validation on json and jsonb data types.
+
+### Managing
+
+To install the extension you can create a migration with the following contents:
+
+```sql SQL
+SET ROLE postgres;
+CREATE EXTENSION pg_jsonschema;
+```
+
+To uninstall it, you can use the following migration:
+
+```sql SQL
+SET ROLE postgres;
+DROP EXTENSION pg_jsonschema;
+```
+
+### Resources
+
+- [GitHub](https://github.com/supabase/pg_jsonschema)
+
 ## pg_repack
 
 pg_repack is a PostgreSQL extension which lets you remove bloat from tables and indexes, and optionally restore the physical order of clustered indexes. Unlike CLUSTER and VACUUM FULL it works online, without holding an exclusive lock on the processed tables during processing. pg_repack is efficient to boot, with performance comparable to using CLUSTER directly.

docs/mint.json

@@ -354,7 +354,8 @@
                 "reference/javascript/auth/sign-in-email-otp",
                 "reference/javascript/auth/verify-email-otp",
                 "reference/javascript/auth/sign-in-id-token",
-                "reference/javascript/auth/link-id-token"
+                "reference/javascript/auth/link-id-token",
+                "reference/javascript/auth/sign-in-security-key"
               ]
             },
             {
@@ -440,7 +441,8 @@
             "reference/react/use-user-roles",
             "reference/react/use-sign-in-email-otp",
             "reference/react/use-sign-in-id-token",
-            "reference/react/use-link-id-token"
+            "reference/react/use-link-id-token",
+            "reference/react/use-sign-in-security-key"
           ]
         },
         {
@@ -490,7 +492,8 @@
             "reference/nextjs/use-user-roles",
             "reference/nextjs/use-sign-in-email-otp",
             "reference/nextjs/use-sign-in-id-token",
-            "reference/nextjs/use-link-id-token"
+            "reference/nextjs/use-link-id-token",
+            "reference/nextjs/use-sign-in-security-key"
           ]
         },
         {
@@ -535,7 +538,8 @@
             "reference/vue/use-sign-up-email-security-key",
             "reference/vue/use-sign-in-email-otp",
             "reference/vue/use-sign-in-id-token",
-            "reference/vue/use-link-id-token"
+            "reference/vue/use-link-id-token",
+            "reference/vue/use-sign-in-security-key"
           ]
         },
         {

docs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/docs",
-  "version": "2.25.0",
+  "version": "2.26.0",
   "private": true,
   "scripts": {
     "start": "mintlify dev"

docs/reference/javascript/auth/sign-in-security-key.mdx

@@ -0,0 +1,10 @@
+---
+title: signInSecurityKey()
+sidebarTitle: signInSecurityKey()
+---
+
+Use `nhost.auth.signInSecurityKey` to sign in a user with a security key using the WebAuthn API
+
+```ts
+nhost.auth.signInSecurityKey()
+```

docs/reference/javascript/nhost-js/sign-in-security-key.mdx

@@ -0,0 +1,10 @@
+---
+title: signInSecurityKey()
+sidebarTitle: signInSecurityKey()
+---
+
+Use `nhost.auth.signInSecurityKey` to sign in a user with a security key using the WebAuthn API
+
+```ts
+nhost.auth.signInSecurityKey()
+```

docs/reference/nextjs/use-sign-in-security-key.mdx

@@ -0,0 +1,25 @@
+---
+title: useSignInSecurityKey()
+sidebarTitle: useSignInSecurityKey()
+---
+
+Use the hook `useSignInSecurityKey` to sign in a user with a security key using the WebAuthn API.
+
+```tsx
+const {
+  signInSecurityKey,
+  needsEmailVerification,
+  isLoading,
+  isSuccess,
+  isError,
+  error
+} = useSignInSecurityKey()
+
+console.log({ needsEmailVerification, isLoading, isSuccess, isError, error })
+
+const handleFormSubmit = async (e) => {
+  e.preventDefault()
+
+  await signInSecurityKey()
+}
+```

docs/reference/react/use-sign-in-security-key.mdx

@@ -0,0 +1,25 @@
+---
+title: useSignInSecurityKey()
+sidebarTitle: useSignInSecurityKey()
+---
+
+Use the hook `useSignInSecurityKey` to sign in a user with a security key using the WebAuthn API.
+
+```tsx
+const {
+  signInSecurityKey,
+  needsEmailVerification,
+  isLoading,
+  isSuccess,
+  isError,
+  error
+} = useSignInSecurityKey()
+
+console.log({ needsEmailVerification, isLoading, isSuccess, isError, error })
+
+const handleFormSubmit = async (e) => {
+  e.preventDefault()
+
+  await signInSecurityKey()
+}
+```

docs/reference/vue/use-sign-in-security-key.mdx

@@ -0,0 +1,25 @@
+---
+title: useSignInSecurityKey()
+sidebarTitle: useSignInSecurityKey()
+---
+
+Use the composable `useSignInSecurityKey` to sign in a user with a security key using the WebAuthn API
+
+```tsx
+const {
+  signInSecurityKey,
+  needsEmailVerification,
+  isLoading,
+  isSuccess,
+  isError,
+  error
+} = useSignInSecurityKey()
+
+console.log({ needsEmailVerification, isLoading, isSuccess, isError, error })
+
+const handleFormSubmit = async (e) => {
+  e.preventDefault()
+
+  await signInSecurityKey()
+}
+```

examples/cli/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost-examples/cli
 
+## 0.3.16
+
+### Patch Changes
+
+- @nhost/nhost-js@3.2.3
+
 ## 0.3.15
 
 ### Patch Changes

examples/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/cli",
-  "version": "0.3.15",
+  "version": "0.3.16",
   "main": "src/index.mjs",
   "private": true,
   "scripts": {

examples/codegen-react-apollo/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @nhost-examples/codegen-react-apollo
 
+## 0.4.17
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/react@3.9.0
+  - @nhost/react-apollo@16.0.0
+
 ## 0.4.16
 
 ### Patch Changes

examples/codegen-react-apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/codegen-react-apollo",
-  "version": "0.4.16",
+  "version": "0.4.17",
   "private": true,
   "scripts": {
     "codegen": "graphql-codegen",

examples/codegen-react-query/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @nhost-examples/codegen-react-query
 
+## 0.4.17
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/react@3.9.0
+
 ## 0.4.16
 
 ### Patch Changes

examples/codegen-react-query/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/codegen-react-query",
-  "version": "0.4.16",
+  "version": "0.4.17",
   "private": true,
   "scripts": {
     "codegen": "graphql-codegen",

examples/codegen-react-urql/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @nhost-examples/react-urql
 
+## 0.3.17
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/react@3.9.0
+  - @nhost/react-urql@13.0.0
+
 ## 0.3.16
 
 ### Patch Changes

examples/codegen-react-urql/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nhost-examples/codegen-react-urql",
   "private": true,
-  "version": "0.3.16",
+  "version": "0.3.17",
   "scripts": {
     "dev": "vite",
     "build": "tsc && vite build",

examples/multi-tenant-one-to-many/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost-examples/multi-tenant-one-to-many
 
+## 2.2.17
+
+### Patch Changes
+
+- @nhost/nhost-js@3.2.3
+
 ## 2.2.16
 
 ### Patch Changes

examples/multi-tenant-one-to-many/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nhost-examples/multi-tenant-one-to-many",
   "private": true,
-  "version": "2.2.16",
+  "version": "2.2.17",
   "description": "",
   "main": "index.js",
   "scripts": {},

examples/nextjs/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @nhost-examples/nextjs
 
+## 0.4.1
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/react@3.9.0
+  - @nhost/react-apollo@16.0.0
+  - @nhost/nextjs@2.2.1
+
 ## 0.4.0
 
 ### Minor Changes

examples/nextjs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/nextjs",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "private": true,
   "scripts": {
     "dev": "next dev",

examples/node-storage/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost-examples/node-storage
 
+## 0.2.16
+
+### Patch Changes
+
+- @nhost/nhost-js@3.2.3
+
 ## 0.2.15
 
 ### Patch Changes

examples/node-storage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/node-storage",
-  "version": "0.2.15",
+  "version": "0.2.16",
   "private": true,
   "description": "This is an example of how to use the Storage with Node.js",
   "main": "src/index.mjs",

examples/quickstarts/nextjs-server-components/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost-examples/nextjs-server-components
 
+## 0.5.1
+
+### Patch Changes
+
+- @nhost/nhost-js@3.2.3
+
 ## 0.5.0
 
 ### Minor Changes

examples/quickstarts/nextjs-server-components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/nextjs-server-components",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "private": true,
   "scripts": {
     "dev": "next dev",

examples/react-apollo/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @nhost-examples/react-apollo
 
+## 1.2.0
+
+### Minor Changes
+
+- 04d2ce1: feat: update signin components to use `useSignInSecuritykey` with user handle
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/react@3.9.0
+  - @nhost/react-apollo@16.0.0
+
 ## 1.1.2
 
 ### Patch Changes

examples/react-apollo/nhost/nhost.toml

@@ -29,7 +29,7 @@ httpPoolSize = 100
 version = 18
 
 [auth]
-version = '0.32.1'
+version = '0.37.0-beta1'
 
 [auth.elevatedPrivileges]
 mode = 'required'
@@ -47,6 +47,27 @@ disableNewUsers = false
 default = 'user'
 allowed = ['user', 'me']
 
+[auth.rateLimit]
+[auth.rateLimit.emails]
+limit = 100
+interval = '1h'
+
+[auth.rateLimit.sms]
+limit = 100
+interval = '1h'
+
+[auth.rateLimit.bruteForce]
+limit = 100
+interval = '5m'
+
+[auth.rateLimit.signups]
+limit = 100
+interval = '5m'
+
+[auth.rateLimit.global]
+limit = 1000
+interval = '1m'
+
 [auth.user.locale]
 default = 'en'
 allowed = ['en']
@@ -158,6 +179,14 @@ issuer = 'nhost'
 version = '16.2-20240718-1'
 
 [provider]
+[provider.smtp]
+host = "smtp.test.com"
+method = "LOGIN"
+password = "test123123"
+port = 587
+secure = false
+sender = "test@nhost.io"
+user = "test"
 
 [storage]
 version = '0.6.1'

examples/react-apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/react-apollo",
-  "version": "1.1.2",
+  "version": "1.2.0",
   "private": true,
   "type": "module",
   "scripts": {

examples/react-apollo/src/components/routes/auth/sign-in/sign-in-security-key.tsx

@@ -1,41 +1,21 @@
-import { zodResolver } from '@hookform/resolvers/zod'
-import { useSignInEmailSecurityKey } from '@nhost/react'
-import { ArrowLeft } from 'lucide-react'
-import { useState } from 'react'
-import { useForm } from 'react-hook-form'
-import { Link, useNavigate } from 'react-router-dom'
-import { toast } from 'sonner'
-import { z } from 'zod'
-import { cn } from '@/lib/utils'
 import SignInFooter from '@/components/auth/sign-in-footer'
 import { Button, buttonVariants } from '@/components/ui/button'
 import { Dialog, DialogContent, DialogHeader, DialogTitle } from '@/components/ui/dialog'
-import { Form, FormControl, FormField, FormItem, FormMessage } from '@/components/ui/form'
-import { Input } from '@/components/ui/input'
 import { Separator } from '@/components/ui/separator'
-
+import { cn } from '@/lib/utils'
-const formSchema = z.object({
+import { useSignInSecurityKey } from '@nhost/react'
-  email: z.string().email()
+import { ArrowLeft } from 'lucide-react'
-})
+import { useState } from 'react'
+import { Link, useNavigate } from 'react-router-dom'
+import { toast } from 'sonner'
 
 export default function SignInSecurityKey() {
   const navigate = useNavigate()
-  const { signInEmailSecurityKey } = useSignInEmailSecurityKey()
+  const { signInSecurityKey } = useSignInSecurityKey()
   const [showEmailVerificationDialog, setShowEmailVerificationDialog] = useState(false)
 
-  const form = useForm<z.infer<typeof formSchema>>({
+  const handleSignInSecurityKey = async () => {
-    resolver: zodResolver(formSchema),
+    const { isError, isSuccess, needsEmailVerification, error } = await signInSecurityKey()
-    defaultValues: {
-      email: ''
-    }
-  })
-
-  const onSubmit = async (values: z.infer<typeof formSchema>) => {
-    const { email } = values
-
-    const { isError, isSuccess, needsEmailVerification, error } = await signInEmailSecurityKey(
-      email
-    )
 
     if (isError) {
       toast.error(error?.message)
@@ -51,24 +31,9 @@ export default function SignInSecurityKey() {
       <div className="flex flex-col items-center justify-center w-full max-w-md p-8 bg-white rounded-md shadow">
         <h1 className="mb-8 text-3xl">Sign in with a security key</h1>
 
-        <Form {...form}>
+        <Button onClick={handleSignInSecurityKey} className="w-full">
-          <form onSubmit={form.handleSubmit(onSubmit)} className="flex flex-col w-full space-y-4">
+          Sign In
-            <FormField
+        </Button>
-              control={form.control}
-              name="email"
-              render={({ field }) => (
-                <FormItem>
-                  <FormControl>
-                    <Input placeholder="email" type="email" {...field} />
-                  </FormControl>
-                  <FormMessage className="text-xs" />
-                </FormItem>
-              )}
-            />
-
-            <Button type="submit">Sign In</Button>
-          </form>
-        </Form>
 
         <Link to="/sign-in" className={cn(buttonVariants({ variant: 'link' }), 'my-2')}>
           <ArrowLeft className="w-4 h-4" />

examples/react-gqty/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @nhost-examples/react-gqty
 
+## 1.2.17
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/react@3.9.0
+
 ## 1.2.16
 
 ### Patch Changes

examples/react-gqty/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nhost-examples/react-gqty",
   "private": true,
-  "version": "1.2.16",
+  "version": "1.2.17",
   "type": "module",
   "scripts": {
     "dev": "vite",

examples/react_native/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @nhost-examples/react-native
 
+## 0.1.2
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/react@3.9.0
+  - @nhost/react-apollo@16.0.0
+
 ## 0.1.1
 
 ### Patch Changes

examples/react_native/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/react-native",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "private": true,
   "scripts": {
     "android": "react-native run-android",

examples/vue-apollo/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @nhost-examples/vue-apollo
 
+## 0.8.0
+
+### Minor Changes
+
+- 04d2ce1: feat: update signin components to use `useSignInSecuritykey` with user handle
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/vue@2.9.0
+  - @nhost/nhost-js@3.2.3
+  - @nhost/apollo@8.0.3
+
 ## 0.7.2
 
 ### Patch Changes

examples/vue-apollo/nhost/nhost.toml

@@ -29,7 +29,7 @@ httpPoolSize = 100
 version = 18
 
 [auth]
-version = '0.27.0-beta13'
+version = '0.37.0-beta1'
 
 [auth.elevatedPrivileges]
 mode = 'required'

examples/vue-apollo/nhost/overlays/local.json

@@ -0,0 +1,60 @@
+[
+  {
+    "value": "disabled",
+    "op": "replace",
+    "path": "/auth/elevatedPrivileges/mode"
+  },
+  {
+    "value": "localhost",
+    "op": "replace",
+    "path": "/auth/method/webauthn/relyingParty/id"
+  },
+  {
+    "value": "http://localhost:5173",
+    "op": "replace",
+    "path": "/auth/method/webauthn/relyingParty/origins/0"
+  },
+  {
+    "value": "http://localhost:5173",
+    "op": "replace",
+    "path": "/auth/redirections/allowedUrls/0"
+  },
+  {
+    "value": "http://localhost:5173/profile",
+    "op": "replace",
+    "path": "/auth/redirections/allowedUrls/1"
+  },
+  {
+    "op": "remove",
+    "path": "/auth/redirections/allowedUrls/2"
+  },
+  {
+    "op": "remove",
+    "path": "/auth/redirections/allowedUrls/2"
+  },
+  {
+    "op": "remove",
+    "path": "/auth/redirections/allowedUrls/2"
+  },
+  {
+    "op": "remove",
+    "path": "/auth/redirections/allowedUrls/2"
+  },
+  {
+    "op": "remove",
+    "path": "/auth/redirections/allowedUrls/2"
+  },
+  {
+    "op": "remove",
+    "path": "/auth/redirections/allowedUrls/2"
+  },
+  {
+    "op": "remove",
+    "path": "/auth/redirections/allowedUrls/2"
+  },
+  {
+    "value": "http://localhost:5173",
+    "op": "replace",
+    "path": "/auth/redirections/clientUrl"
+  }
+]

examples/vue-apollo/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nhost-examples/vue-apollo",
   "private": true,
-  "version": "0.7.2",
+  "version": "0.8.0",
   "scripts": {
     "dev": "vite",
     "build": "vite build",

examples/vue-apollo/src/pages/sign-in/SecurityKey.vue

@@ -1,6 +1,5 @@
 <template>
   <form @submit="handleSignIn">
-    <v-text-field v-model="email" label="Email" />
     <v-btn
       block
       color="primary"
@@ -23,17 +22,15 @@
 import { ref } from 'vue'
 import { useRouter } from 'vue-router'
 
-import { useSignInEmailSecurityKey } from '@nhost/vue'
+import { useSignInSecurityKey } from '@nhost/vue'
-
-const email = ref('')
 const emailVerificationDialog = ref(false)
 
 const router = useRouter()
-const { signInEmailSecurityKey, error, isLoading } = useSignInEmailSecurityKey()
+const { signInSecurityKey, error, isLoading } = useSignInSecurityKey()
 
 const handleSignIn = async (e: Event) => {
   e.preventDefault()
-  const { isSuccess, needsEmailVerification } = await signInEmailSecurityKey(email)
+  const { isSuccess, needsEmailVerification } = await signInSecurityKey()
   if (isSuccess) {
     router.replace('/')
   }

examples/vue-apollo/tsconfig.json

@@ -1,5 +1,5 @@
 {
-  // "extends": "../../config/tsconfig.base.json",
+  "extends": "../../config/tsconfig.base.json",
   "compilerOptions": {
     "target": "ESNext",
     "useDefineForClassFields": true,

examples/vue-quickstart/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @nhost-examples/vue-quickstart
 
+## 0.2.17
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/vue@2.9.0
+  - @nhost/apollo@8.0.3
+
 ## 0.2.16
 
 ### Patch Changes

examples/vue-quickstart/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/vue-quickstart",
-  "version": "0.2.16",
+  "version": "0.2.17",
   "private": true,
   "scripts": {
     "build": "vite build",

integrations/apollo/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @nhost/apollo
 
+## 8.0.3
+
+### Patch Changes
+
+- @nhost/nhost-js@3.2.3
+
 ## 8.0.2
 
 ### Patch Changes

integrations/apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/apollo",
-  "version": "8.0.2",
+  "version": "8.0.3",
   "description": "Nhost Apollo Client library",
   "license": "MIT",
   "keywords": [

integrations/react-apollo/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @nhost/react-apollo
 
+## 16.0.0
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/react@3.9.0
+  - @nhost/apollo@8.0.3
+
 ## 15.0.1
 
 ### Patch Changes

integrations/react-apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/react-apollo",
-  "version": "15.0.1",
+  "version": "16.0.0",
   "description": "Nhost React Apollo client",
   "license": "MIT",
   "keywords": [

integrations/react-urql/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @nhost/react-urql
 
+## 13.0.0
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/react@3.9.0
+
 ## 12.0.1
 
 ### Patch Changes

integrations/react-urql/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/react-urql",
-  "version": "12.0.1",
+  "version": "13.0.0",
   "description": "Nhost React URQL client",
   "license": "MIT",
   "keywords": [

nix/nhost-cli.nix

@@ -0,0 +1,63 @@
+{ final }:
+let
+  version = "v1.28.3";
+  dist = {
+    aarch64-darwin = {
+      url = "https://github.com/nhost/cli/releases/download/${version}/cli-${version}-darwin-arm64.tar.gz";
+      sha256 = "042qkyv94x5iinqphqrh01gvlr5cy26855g6x03mr8zw96rnz1hg";
+    };
+    x86_64-darwin = {
+      url = "https://github.com/nhost/cli/releases/download/${version}/cli-${version}-darwin-amd64.tar.gz";
+      sha256 = "1p8ji6l1a2nbf7na9agzfpklvfyh8gvnhfx0ib1w8gn69y337060";
+    };
+    aarch64-linux = {
+      url = "https://github.com/nhost/cli/releases/download/${version}/cli-${version}-linux-arm64.tar.gz";
+      sha256 = "0vr7qp9wr49cgbcw45zl3x26yhl7vmraymqqzxbg3pk8ifkvm505";
+    };
+    x86_64-linux = {
+      url = "https://github.com/nhost/cli/releases/download/${version}/cli-${version}-linux-amd64.tar.gz";
+      sha256 = "17niy09gr9pf8wy1361pnq7p3ic53asrl6x32g151jhary0yy84r";
+    };
+  };
+
+in
+final.stdenvNoCC.mkDerivation {
+  pname = "nhost-cli";
+  inherit version;
+
+  src = final.fetchurl {
+    inherit (dist.${final.stdenvNoCC.hostPlatform.system} or
+      (throw "Unsupported system: ${final.stdenvNoCC.hostPlatform.system}")) url sha256;
+  };
+
+
+  sourceRoot = ".";
+
+  nativeBuildInputs = [
+    final.unzip
+    final.makeWrapper
+    final.installShellFiles
+  ];
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out/bin
+    mv cli $out/bin/nhost
+
+    # installShellCompletion --cmd nhost \
+    #   --bash <($out/bin/nhost completion bash) \
+    #   --fish <($out/bin/nhost completion fish) \
+    #   --zsh <($out/bin/nhost completion zsh)
+
+    runHook postInstall
+  '';
+
+  meta = with final.lib; {
+    description = "Nhost CLI";
+    homepage = "https://nhost.io";
+    license = licenses.mit;
+    maintainers = [ "@nhost" ];
+  };
+
+}

nix/overlay.nix

@@ -1,4 +1,5 @@
 (final: prev: rec {
   nodejs = final.nodejs-18_x;
   nodePackages = nodejs.pkgs;
+  nhost-cli = final.callPackage ./nhost-cli.nix { inherit final; };
 })

package.json

@@ -22,7 +22,7 @@
     "build:all": "turbo run build",
     "build:@nhost-examples/nextjs-server-components": "turbo run build --filter=@nhost-examples/nextjs-server-components",
     "build:@nhost-examples/sveltekit": "turbo run build --filter=@nhost-examples/sveltekit",
-    "dev": "turbo run dev --filter=!@nhost/dashboard --filter=!@nhost/docs --filter=!@nhost-examples/* --filter=!@nhost/docgen --no-deps",
+    "dev": "turbo run dev --filter=!@nhost/dashboard --filter=!@nhost/docs --filter=!@nhost-examples/* --filter=!@nhost/docgen",
     "clean:all": "pnpm clean && rm -rf ./{{packages,examples/**,templates/**}/*,docs,dashboard}/{.nhost,node_modules} node_modules",
     "clean": "rm -rf ./{{packages,examples/**}/*,docs,dashboard}/{dist,umd,.next,.turbo,coverage}",
     "ci:version": "changeset version && pnpm install --frozen-lockfile false",
@@ -36,14 +36,14 @@
     "prerelease": "pnpm clean && pnpm install && pnpm build",
     "release": "pnpm run prerelease && changeset publish",
     "snapshot": "pnpm prerelease && changeset version --snapshot preview && pnpm install && changeset publish --tag preview",
-    "test": "turbo run test --filter=!@nhost/dashboard --filter=!@nhost/docs --filter=!@nhost-examples/* --no-deps",
+    "test": "turbo run test --filter=!@nhost/dashboard --filter=!@nhost/docs --filter=!@nhost-examples/*",
     "test:all": "turbo run test",
     "test:dashboard": "turbo run test --filter=@nhost/dashboard",
     "e2e:dashboard": "turbo run e2e --filter=@nhost/dashboard",
     "e2e": "turbo run e2e --concurrency=1",
     "changeset": "changeset",
-    "docgen": "turbo run build --filter=@nhost/docgen --no-deps && pnpm i && turbo run docgen --filter=!@nhost/docgen --filter=@nhost/* && :",
+    "docgen": "turbo run build --filter=@nhost/docgen && pnpm i && turbo run docgen --filter=!@nhost/docgen --filter=@nhost/* && :",
-    "sync-versions": "turbo run start --filter=@nhost/sync-versions --no-deps",
+    "sync-versions": "turbo run start --filter=@nhost/sync-versions",
     "audit-ci": "pnpx audit-ci --config ./audit-ci.jsonc"
   },
   "workspaces": [

packages/hasura-auth-js/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @nhost/hasura-auth-js
 
+## 2.10.0
+
+### Minor Changes
+
+- 04d2ce1: feat: add signin security key with user handle
+
+### Patch Changes
+
+- 44c1e17: chore: update `msw` to v1.3.5 to fix vulnerabilities
+
 ## 2.9.0
 
 ### Minor Changes

packages/hasura-auth-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/hasura-auth-js",
-  "version": "2.9.0",
+  "version": "2.10.0",
   "description": "Hasura-auth client",
   "license": "MIT",
   "keywords": [
@@ -76,6 +76,6 @@
     "@types/js-cookie": "^3.0.6",
     "cheerio": "1.0.0-rc.12",
     "mailhog": "^4.16.0",
-    "msw": "^1.3.3"
+    "msw": "^1.3.5"
   }
 }

packages/hasura-auth-js/src/hasura-auth-client.ts

@@ -29,6 +29,7 @@ import {
   signInEmailSecurityKeyPromise,
   signInMfaTotpPromise,
   signInPATPromise,
+  signInSecurityKeyPromise,
   signInSmsPasswordlessOtpPromise,
   signInSmsPasswordlessPromise,
   signOutPromise,
@@ -426,6 +427,24 @@ export class HasuraAuthClient {
     return { ...getAuthenticationResult(res), mfa: null }
   }
 
+  /**
+   * Use `nhost.auth.signInSecurityKey` to sign in a user with a security key using the WebAuthn API
+   *
+   * @example
+   * ```ts
+   * nhost.auth.signInSecurityKey()
+   * ```
+   *
+   * @docs https://docs.nhost.io/reference/javascript/auth/sign-in-security-key
+   */
+  async signInSecurityKey(): Promise<SignInResponse> {
+    const interpreter = await this.waitUntilReady()
+
+    const res = await signInSecurityKeyPromise(interpreter)
+
+    return { ...getAuthenticationResult(res), mfa: null }
+  }
+
   /**
    * Use `nhost.auth.signOut` to sign out the user.
    *

packages/hasura-auth-js/src/machines/authentication/events.ts

@@ -13,6 +13,7 @@ export type AuthEvents =
   | { type: 'SIGNIN_ANONYMOUS' }
   | { type: 'SIGNIN_PAT'; pat: string }
   | { type: 'SIGNIN_SECURITY_KEY_EMAIL'; email?: string }
+  | { type: 'SIGNIN_SECURITY_KEY' }
   | { type: 'SIGNIN_PASSWORD'; email?: string; password?: string }
   | {
       type: 'PASSWORDLESS_EMAIL'

packages/hasura-auth-js/src/machines/authentication/machine.ts

@@ -76,6 +76,7 @@ type AuthServices = {
   signInIdToken: { data: SignInResponse }
   signInMfaTotp: { data: SignInMfaTotpResponse }
   signInSecurityKeyEmail: { data: SignInResponse }
+  signInSecurityKey: { data: SignInResponse }
   refreshToken: { data: NhostSessionResponse }
   signout: { data: SignOutResponse }
   signUpEmailPassword: { data: SignUpResponse }
@@ -191,6 +192,7 @@ export const createAuthMachine = ({
                 SIGNIN_PASSWORD: 'authenticating.password',
                 SIGNIN_ANONYMOUS: 'authenticating.anonymous',
                 SIGNIN_SECURITY_KEY_EMAIL: 'authenticating.securityKeyEmail',
+                SIGNIN_SECURITY_KEY: 'authenticating.securityKey',
                 SIGNIN_MFA_TOTP: 'authenticating.mfa.totp',
                 SIGNIN_PAT: 'authenticating.pat',
                 SIGNIN_ID_TOKEN: 'authenticating.idToken'
@@ -311,6 +313,29 @@ export const createAuthMachine = ({
                       }
                     ]
                   }
+                },
+                securityKey: {
+                  invoke: {
+                    src: 'signInSecurityKey',
+                    id: 'authenticateUserWithSecurityKey',
+                    onDone: {
+                      actions: ['saveSession', 'reportTokenChanged'],
+                      target: '#nhost.authentication.signedIn'
+                    },
+                    onError: [
+                      {
+                        cond: 'unverified',
+                        target: [
+                          '#nhost.authentication.signedOut',
+                          '#nhost.registration.incomplete.needsEmailVerification'
+                        ]
+                      },
+                      {
+                        actions: 'saveAuthenticationError',
+                        target: '#nhost.authentication.signedOut.failed'
+                      }
+                    ]
+                  }
                 }
               }
             },
@@ -965,11 +990,29 @@ export const createAuthMachine = ({
         },
         refreshToken: async (ctx, event) => {
           const refreshToken = event.type === 'TRY_TOKEN' ? event.token : ctx.refreshToken.value
-          const session = await postRequest<RefreshSessionResponse>('/token', {
+          const session: NhostSession = await postRequest<RefreshSessionResponse>('/token', {
             refreshToken
           })
           return { session, error: null }
         },
+        signInSecurityKey: async (): Promise<SignInResponse> => {
+          try {
+            const options: PublicKeyCredentialRequestOptionsJSON = await postRequest(
+              '/signin/webauthn',
+              {}
+            )
+
+            let credential: AuthenticationCredentialJSON
+            try {
+              credential = await startAuthentication(options)
+            } catch (e) {
+              throw new CodifiedError(e as Error)
+            }
+            return postRequest<SignInResponse>('/signin/webauthn/verify', { credential })
+          } catch (error) {
+            throw new CodifiedError(error as Error)
+          }
+        },
         signout: async (ctx, e) => {
           const signOutResponse = await postRequest(
             '/signout',

packages/hasura-auth-js/src/machines/authentication/machine.typegen.ts

@@ -1,133 +1,508 @@
+// This file was automatically generated. Edits will be overwritten
 
-  // This file was automatically generated. Edits will be overwritten
+export interface Typegen0 {
-
+  '@@xstate/typegen': true
-  export interface Typegen0 {
+  internalEvents: {
-        '@@xstate/typegen': true;
+    '': { type: '' }
-        internalEvents: {
+    'done.invoke.authenticateAnonymously': {
-          "": { type: "" };
+      type: 'done.invoke.authenticateAnonymously'
-"done.invoke.authenticateAnonymously": { type: "done.invoke.authenticateAnonymously"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      data: unknown
-"done.invoke.authenticateUserWithPassword": { type: "done.invoke.authenticateUserWithPassword"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"done.invoke.authenticateUserWithSecurityKey": { type: "done.invoke.authenticateUserWithSecurityKey"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+    }
-"done.invoke.authenticateWithIdToken": { type: "done.invoke.authenticateWithIdToken"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+    'done.invoke.authenticateUserWithPassword': {
-"done.invoke.authenticateWithPAT": { type: "done.invoke.authenticateWithPAT"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      type: 'done.invoke.authenticateUserWithPassword'
-"done.invoke.authenticateWithToken": { type: "done.invoke.authenticateWithToken"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      data: unknown
-"done.invoke.importRefreshToken": { type: "done.invoke.importRefreshToken"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"done.invoke.passwordlessEmail": { type: "done.invoke.passwordlessEmail"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+    }
-"done.invoke.passwordlessSms": { type: "done.invoke.passwordlessSms"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+    'done.invoke.authenticateUserWithSecurityKey': {
-"done.invoke.passwordlessSmsOtp": { type: "done.invoke.passwordlessSmsOtp"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      type: 'done.invoke.authenticateUserWithSecurityKey'
-"done.invoke.refreshToken": { type: "done.invoke.refreshToken"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      data: unknown
-"done.invoke.signInEmailOTP": { type: "done.invoke.signInEmailOTP"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"done.invoke.signInMfaTotp": { type: "done.invoke.signInMfaTotp"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+    }
-"done.invoke.signUpEmailPassword": { type: "done.invoke.signUpEmailPassword"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+    'done.invoke.authenticateWithIdToken': {
-"done.invoke.signUpSecurityKey": { type: "done.invoke.signUpSecurityKey"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      type: 'done.invoke.authenticateWithIdToken'
-"done.invoke.signingOut": { type: "done.invoke.signingOut"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      data: unknown
-"done.invoke.verifyEmailOTP": { type: "done.invoke.verifyEmailOTP"; data: unknown; __tip: "See the XState TS docs to learn how to strongly type this." };
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"error.platform.authenticateAnonymously": { type: "error.platform.authenticateAnonymously"; data: unknown };
+    }
-"error.platform.authenticateUserWithPassword": { type: "error.platform.authenticateUserWithPassword"; data: unknown };
+    'done.invoke.authenticateWithPAT': {
-"error.platform.authenticateUserWithSecurityKey": { type: "error.platform.authenticateUserWithSecurityKey"; data: unknown };
+      type: 'done.invoke.authenticateWithPAT'
-"error.platform.authenticateWithIdToken": { type: "error.platform.authenticateWithIdToken"; data: unknown };
+      data: unknown
-"error.platform.authenticateWithPAT": { type: "error.platform.authenticateWithPAT"; data: unknown };
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"error.platform.authenticateWithToken": { type: "error.platform.authenticateWithToken"; data: unknown };
+    }
-"error.platform.importRefreshToken": { type: "error.platform.importRefreshToken"; data: unknown };
+    'done.invoke.authenticateWithToken': {
-"error.platform.passwordlessEmail": { type: "error.platform.passwordlessEmail"; data: unknown };
+      type: 'done.invoke.authenticateWithToken'
-"error.platform.passwordlessSms": { type: "error.platform.passwordlessSms"; data: unknown };
+      data: unknown
-"error.platform.passwordlessSmsOtp": { type: "error.platform.passwordlessSmsOtp"; data: unknown };
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"error.platform.refreshToken": { type: "error.platform.refreshToken"; data: unknown };
+    }
-"error.platform.signInEmailOTP": { type: "error.platform.signInEmailOTP"; data: unknown };
+    'done.invoke.importRefreshToken': {
-"error.platform.signInMfaTotp": { type: "error.platform.signInMfaTotp"; data: unknown };
+      type: 'done.invoke.importRefreshToken'
-"error.platform.signUpEmailPassword": { type: "error.platform.signUpEmailPassword"; data: unknown };
+      data: unknown
-"error.platform.signUpSecurityKey": { type: "error.platform.signUpSecurityKey"; data: unknown };
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"error.platform.signingOut": { type: "error.platform.signingOut"; data: unknown };
+    }
-"error.platform.verifyEmailOTP": { type: "error.platform.verifyEmailOTP"; data: unknown };
+    'done.invoke.passwordlessEmail': {
-"xstate.after(1000)#nhost.authentication.signedIn.refreshTimer.running.pending": { type: "xstate.after(1000)#nhost.authentication.signedIn.refreshTimer.running.pending" };
+      type: 'done.invoke.passwordlessEmail'
-"xstate.after(RETRY_IMPORT_TOKEN_DELAY)#nhost.authentication.retryTokenImport": { type: "xstate.after(RETRY_IMPORT_TOKEN_DELAY)#nhost.authentication.retryTokenImport" };
+      data: unknown
-"xstate.init": { type: "xstate.init" };
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"xstate.stop": { type: "xstate.stop" };
+    }
-        };
+    'done.invoke.passwordlessSms': {
-        invokeSrcNameMap: {
+      type: 'done.invoke.passwordlessSms'
-          "importRefreshToken": "done.invoke.importRefreshToken";
+      data: unknown
-"passwordlessEmail": "done.invoke.passwordlessEmail";
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"passwordlessSms": "done.invoke.passwordlessSms";
+    }
-"passwordlessSmsOtp": "done.invoke.passwordlessSmsOtp";
+    'done.invoke.passwordlessSmsOtp': {
-"refreshToken": "done.invoke.authenticateWithToken" | "done.invoke.refreshToken";
+      type: 'done.invoke.passwordlessSmsOtp'
-"signInAnonymous": "done.invoke.authenticateAnonymously";
+      data: unknown
-"signInEmailOTP": "done.invoke.signInEmailOTP";
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"signInIdToken": "done.invoke.authenticateWithIdToken";
+    }
-"signInMfaTotp": "done.invoke.signInMfaTotp";
+    'done.invoke.refreshToken': {
-"signInPAT": "done.invoke.authenticateWithPAT";
+      type: 'done.invoke.refreshToken'
-"signInPassword": "done.invoke.authenticateUserWithPassword";
+      data: unknown
-"signInSecurityKeyEmail": "done.invoke.authenticateUserWithSecurityKey";
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"signUpEmailPassword": "done.invoke.signUpEmailPassword";
+    }
-"signUpSecurityKey": "done.invoke.signUpSecurityKey";
+    'done.invoke.signInEmailOTP': {
-"signout": "done.invoke.signingOut";
+      type: 'done.invoke.signInEmailOTP'
-"verifyEmailOTP": "done.invoke.verifyEmailOTP";
+      data: unknown
-        };
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-        missingImplementations: {
+    }
-          actions: never;
+    'done.invoke.signInMfaTotp': {
-          delays: never;
+      type: 'done.invoke.signInMfaTotp'
-          guards: never;
+      data: unknown
-          services: never;
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-        };
+    }
-        eventsCausingActions: {
+    'done.invoke.signUpEmailPassword': {
-          "broadcastToken": "" | "SESSION_UPDATE" | "done.invoke.authenticateAnonymously" | "done.invoke.authenticateUserWithPassword" | "done.invoke.authenticateUserWithSecurityKey" | "done.invoke.authenticateWithIdToken" | "done.invoke.authenticateWithPAT" | "done.invoke.authenticateWithToken" | "done.invoke.importRefreshToken" | "done.invoke.passwordlessSmsOtp" | "done.invoke.signInMfaTotp" | "done.invoke.signUpEmailPassword" | "done.invoke.signUpSecurityKey" | "done.invoke.verifyEmailOTP";
+      type: 'done.invoke.signUpEmailPassword'
-"cleanUrl": "" | "SESSION_UPDATE" | "done.invoke.authenticateAnonymously" | "done.invoke.authenticateUserWithPassword" | "done.invoke.authenticateUserWithSecurityKey" | "done.invoke.authenticateWithIdToken" | "done.invoke.authenticateWithPAT" | "done.invoke.authenticateWithToken" | "done.invoke.importRefreshToken" | "done.invoke.passwordlessSmsOtp" | "done.invoke.signInMfaTotp" | "done.invoke.signUpEmailPassword" | "done.invoke.signUpSecurityKey" | "done.invoke.verifyEmailOTP";
+      data: unknown
-"clearContext": "done.invoke.passwordlessEmail" | "done.invoke.passwordlessSms" | "done.invoke.signInEmailOTP" | "done.invoke.signUpEmailPassword" | "done.invoke.signUpSecurityKey";
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"clearContextExceptTokens": "SIGNOUT";
+    }
-"destroyAccessToken": "SESSION_UPDATE" | "SIGNIN_ANONYMOUS" | "SIGNIN_ID_TOKEN" | "SIGNIN_MFA_TOTP" | "SIGNIN_PASSWORD" | "SIGNIN_PAT" | "SIGNIN_SECURITY_KEY_EMAIL" | "done.invoke.signingOut" | "error.platform.signingOut" | "xstate.stop";
+    'done.invoke.signUpSecurityKey': {
-"destroyRefreshToken": "SESSION_UPDATE" | "SIGNIN_ANONYMOUS" | "SIGNIN_ID_TOKEN" | "SIGNIN_MFA_TOTP" | "SIGNIN_PASSWORD" | "SIGNIN_PAT" | "SIGNIN_SECURITY_KEY_EMAIL" | "done.invoke.signingOut" | "error.platform.signingOut" | "xstate.stop";
+      type: 'done.invoke.signUpSecurityKey'
-"incrementTokenImportAttempts": "error.platform.importRefreshToken";
+      data: unknown
-"reportSignedIn": "" | "SESSION_UPDATE" | "done.invoke.authenticateAnonymously" | "done.invoke.authenticateUserWithPassword" | "done.invoke.authenticateUserWithSecurityKey" | "done.invoke.authenticateWithIdToken" | "done.invoke.authenticateWithPAT" | "done.invoke.authenticateWithToken" | "done.invoke.importRefreshToken" | "done.invoke.passwordlessSmsOtp" | "done.invoke.signInMfaTotp" | "done.invoke.signUpEmailPassword" | "done.invoke.signUpSecurityKey" | "done.invoke.verifyEmailOTP";
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"reportSignedOut": "SIGNOUT" | "done.invoke.authenticateUserWithPassword" | "done.invoke.importRefreshToken" | "done.invoke.passwordlessEmail" | "done.invoke.passwordlessSms" | "done.invoke.signInEmailOTP" | "done.invoke.signUpEmailPassword" | "done.invoke.signUpSecurityKey" | "error.platform.authenticateAnonymously" | "error.platform.authenticateUserWithPassword" | "error.platform.authenticateUserWithSecurityKey" | "error.platform.authenticateWithIdToken" | "error.platform.authenticateWithPAT" | "error.platform.authenticateWithToken" | "error.platform.importRefreshToken" | "error.platform.refreshToken" | "error.platform.signInMfaTotp";
+    }
-"reportTokenChanged": "SESSION_UPDATE" | "SIGNIN_ANONYMOUS" | "SIGNIN_ID_TOKEN" | "SIGNIN_MFA_TOTP" | "SIGNIN_PASSWORD" | "SIGNIN_PAT" | "SIGNIN_SECURITY_KEY_EMAIL" | "done.invoke.authenticateAnonymously" | "done.invoke.authenticateUserWithPassword" | "done.invoke.authenticateUserWithSecurityKey" | "done.invoke.authenticateWithIdToken" | "done.invoke.authenticateWithPAT" | "done.invoke.authenticateWithToken" | "done.invoke.importRefreshToken" | "done.invoke.passwordlessSmsOtp" | "done.invoke.refreshToken" | "done.invoke.signInMfaTotp" | "done.invoke.signUpEmailPassword" | "done.invoke.signUpSecurityKey" | "done.invoke.signingOut" | "done.invoke.verifyEmailOTP" | "error.platform.signingOut" | "xstate.stop";
+    'done.invoke.signingOut': {
-"resetErrors": "" | "PASSWORDLESS_EMAIL" | "PASSWORDLESS_SMS" | "PASSWORDLESS_SMS_OTP" | "SESSION_UPDATE" | "SIGNIN_ANONYMOUS" | "SIGNIN_EMAIL_OTP" | "SIGNIN_ID_TOKEN" | "SIGNIN_MFA_TOTP" | "SIGNIN_PASSWORD" | "SIGNIN_PAT" | "SIGNIN_SECURITY_KEY_EMAIL" | "SIGNUP_EMAIL_PASSWORD" | "SIGNUP_SECURITY_KEY" | "VERIFY_EMAIL_OTP" | "done.invoke.authenticateAnonymously" | "done.invoke.authenticateUserWithPassword" | "done.invoke.authenticateUserWithSecurityKey" | "done.invoke.authenticateWithIdToken" | "done.invoke.authenticateWithPAT" | "done.invoke.authenticateWithToken" | "done.invoke.importRefreshToken" | "done.invoke.passwordlessSmsOtp" | "done.invoke.signInMfaTotp" | "done.invoke.signUpEmailPassword" | "done.invoke.signUpSecurityKey" | "done.invoke.verifyEmailOTP";
+      type: 'done.invoke.signingOut'
-"resetTimer": "" | "SESSION_UPDATE" | "done.invoke.refreshToken";
+      data: unknown
-"saveAuthenticationError": "error.platform.authenticateAnonymously" | "error.platform.authenticateUserWithPassword" | "error.platform.authenticateUserWithSecurityKey" | "error.platform.authenticateWithIdToken" | "error.platform.authenticateWithPAT" | "error.platform.authenticateWithToken" | "error.platform.importRefreshToken" | "error.platform.signInMfaTotp" | "error.platform.signingOut";
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-"saveMfaTicket": "done.invoke.authenticateUserWithPassword";
+    }
-"savePATSession": "done.invoke.authenticateWithPAT";
+    'done.invoke.verifyEmailOTP': {
-"saveRefreshAttempt": "error.platform.refreshToken";
+      type: 'done.invoke.verifyEmailOTP'
-"saveRegistrationError": "error.platform.passwordlessEmail" | "error.platform.passwordlessSms" | "error.platform.passwordlessSmsOtp" | "error.platform.signInEmailOTP" | "error.platform.signUpEmailPassword" | "error.platform.signUpSecurityKey" | "error.platform.verifyEmailOTP";
+      data: unknown
-"saveSession": "SESSION_UPDATE" | "done.invoke.authenticateAnonymously" | "done.invoke.authenticateUserWithPassword" | "done.invoke.authenticateUserWithSecurityKey" | "done.invoke.authenticateWithIdToken" | "done.invoke.authenticateWithToken" | "done.invoke.importRefreshToken" | "done.invoke.passwordlessSmsOtp" | "done.invoke.refreshToken" | "done.invoke.signInMfaTotp" | "done.invoke.signUpEmailPassword" | "done.invoke.signUpSecurityKey" | "done.invoke.verifyEmailOTP";
+      __tip: 'See the XState TS docs to learn how to strongly type this.'
-        };
+    }
-        eventsCausingDelays: {
+    'error.platform.authenticateAnonymously': {
-          "RETRY_IMPORT_TOKEN_DELAY": "error.platform.importRefreshToken";
+      type: 'error.platform.authenticateAnonymously'
-        };
+      data: unknown
-        eventsCausingGuards: {
+    }
-          "hasMfaTicket": "done.invoke.authenticateUserWithPassword";
+    'error.platform.authenticateUserWithPassword': {
-"hasRefreshToken": "";
+      type: 'error.platform.authenticateUserWithPassword'
-"hasSession": "SESSION_UPDATE" | "done.invoke.importRefreshToken" | "done.invoke.signUpEmailPassword" | "done.invoke.signUpSecurityKey";
+      data: unknown
-"isAnonymous": "SIGNED_IN";
+    }
-"isAutoRefreshDisabled": "";
+    'error.platform.authenticateUserWithSecurityKey': {
-"isRefreshTokenPAT": "";
+      type: 'error.platform.authenticateUserWithSecurityKey'
-"isSignedIn": "" | "error.platform.authenticateWithToken";
+      data: unknown
-"isUnauthorizedError": "error.platform.refreshToken";
+    }
-"noToken": "";
+    'error.platform.authenticateWithIdToken': {
-"refreshTimerShouldRefresh": "";
+      type: 'error.platform.authenticateWithIdToken'
-"shouldRetryImportToken": "error.platform.importRefreshToken";
+      data: unknown
-"unverified": "error.platform.authenticateUserWithPassword" | "error.platform.authenticateUserWithSecurityKey" | "error.platform.signUpEmailPassword" | "error.platform.signUpSecurityKey";
+    }
-        };
+    'error.platform.authenticateWithPAT': {
-        eventsCausingServices: {
+      type: 'error.platform.authenticateWithPAT'
-          "importRefreshToken": "done.invoke.authenticateWithToken" | "done.invoke.passwordlessEmail" | "done.invoke.passwordlessSms" | "done.invoke.passwordlessSmsOtp" | "done.invoke.signInEmailOTP" | "done.invoke.signUpEmailPassword" | "done.invoke.signUpSecurityKey" | "done.invoke.verifyEmailOTP" | "error.platform.authenticateWithToken" | "xstate.after(RETRY_IMPORT_TOKEN_DELAY)#nhost.authentication.retryTokenImport" | "xstate.init";
+      data: unknown
-"passwordlessEmail": "PASSWORDLESS_EMAIL";
+    }
-"passwordlessSms": "PASSWORDLESS_SMS";
+    'error.platform.authenticateWithToken': {
-"passwordlessSmsOtp": "PASSWORDLESS_SMS_OTP";
+      type: 'error.platform.authenticateWithToken'
-"refreshToken": "" | "TRY_TOKEN";
+      data: unknown
-"signInAnonymous": "SIGNIN_ANONYMOUS";
+    }
-"signInEmailOTP": "SIGNIN_EMAIL_OTP";
+    'error.platform.importRefreshToken': {
-"signInIdToken": "SIGNIN_ID_TOKEN";
+      type: 'error.platform.importRefreshToken'
-"signInMfaTotp": "SIGNIN_MFA_TOTP";
+      data: unknown
-"signInPAT": "SIGNIN_PAT";
+    }
-"signInPassword": "SIGNIN_PASSWORD";
+    'error.platform.passwordlessEmail': { type: 'error.platform.passwordlessEmail'; data: unknown }
-"signInSecurityKeyEmail": "SIGNIN_SECURITY_KEY_EMAIL";
+    'error.platform.passwordlessSms': { type: 'error.platform.passwordlessSms'; data: unknown }
-"signUpEmailPassword": "SIGNUP_EMAIL_PASSWORD";
+    'error.platform.passwordlessSmsOtp': {
-"signUpSecurityKey": "SIGNUP_SECURITY_KEY";
+      type: 'error.platform.passwordlessSmsOtp'
-"signout": "SIGNOUT";
+      data: unknown
-"verifyEmailOTP": "VERIFY_EMAIL_OTP";
+    }
-        };
+    'error.platform.refreshToken': { type: 'error.platform.refreshToken'; data: unknown }
-        matchesStates: "authentication" | "authentication.authenticating" | "authentication.authenticating.anonymous" | "authentication.authenticating.idToken" | "authentication.authenticating.mfa" | "authentication.authenticating.mfa.totp" | "authentication.authenticating.password" | "authentication.authenticating.pat" | "authentication.authenticating.securityKeyEmail" | "authentication.retryTokenImport" | "authentication.signedIn" | "authentication.signedIn.refreshTimer" | "authentication.signedIn.refreshTimer.disabled" | "authentication.signedIn.refreshTimer.idle" | "authentication.signedIn.refreshTimer.running" | "authentication.signedIn.refreshTimer.running.pending" | "authentication.signedIn.refreshTimer.running.refreshing" | "authentication.signedIn.refreshTimer.stopped" | "authentication.signedOut" | "authentication.signedOut.failed" | "authentication.signedOut.needsMfa" | "authentication.signedOut.needsSmsOtp" | "authentication.signedOut.noErrors" | "authentication.signedOut.signingOut" | "authentication.signedOut.success" | "authentication.starting" | "registration" | "registration.complete" | "registration.emailPassword" | "registration.incomplete" | "registration.incomplete.failed" | "registration.incomplete.needsEmailVerification" | "registration.incomplete.needsOtp" | "registration.incomplete.noErrors" | "registration.passwordlessEmail" | "registration.passwordlessSms" | "registration.passwordlessSmsOtp" | "registration.securityKey" | "registration.signInEmailOTP" | "registration.verifyEmailOTP" | "token" | "token.idle" | "token.idle.error" | "token.idle.noErrors" | "token.running" | { "authentication"?: "authenticating" | "retryTokenImport" | "signedIn" | "signedOut" | "starting" | { "authenticating"?: "anonymous" | "idToken" | "mfa" | "password" | "pat" | "securityKeyEmail" | { "mfa"?: "totp"; };
+    'error.platform.signInEmailOTP': { type: 'error.platform.signInEmailOTP'; data: unknown }
-"signedIn"?: "refreshTimer" | { "refreshTimer"?: "disabled" | "idle" | "running" | "stopped" | { "running"?: "pending" | "refreshing"; }; };
+    'error.platform.signInMfaTotp': { type: 'error.platform.signInMfaTotp'; data: unknown }
-"signedOut"?: "failed" | "needsMfa" | "needsSmsOtp" | "noErrors" | "signingOut" | "success"; };
+    'error.platform.signUpEmailPassword': {
-"registration"?: "complete" | "emailPassword" | "incomplete" | "passwordlessEmail" | "passwordlessSms" | "passwordlessSmsOtp" | "securityKey" | "signInEmailOTP" | "verifyEmailOTP" | { "incomplete"?: "failed" | "needsEmailVerification" | "needsOtp" | "noErrors"; };
+      type: 'error.platform.signUpEmailPassword'
-"token"?: "idle" | "running" | { "idle"?: "error" | "noErrors"; }; };
+      data: unknown
-        tags: "loading";
+    }
+    'error.platform.signUpSecurityKey': { type: 'error.platform.signUpSecurityKey'; data: unknown }
+    'error.platform.signingOut': { type: 'error.platform.signingOut'; data: unknown }
+    'error.platform.verifyEmailOTP': { type: 'error.platform.verifyEmailOTP'; data: unknown }
+    'xstate.after(1000)#nhost.authentication.signedIn.refreshTimer.running.pending': {
+      type: 'xstate.after(1000)#nhost.authentication.signedIn.refreshTimer.running.pending'
+    }
+    'xstate.after(RETRY_IMPORT_TOKEN_DELAY)#nhost.authentication.retryTokenImport': {
+      type: 'xstate.after(RETRY_IMPORT_TOKEN_DELAY)#nhost.authentication.retryTokenImport'
+    }
+    'xstate.init': { type: 'xstate.init' }
+    'xstate.stop': { type: 'xstate.stop' }
+  }
+  invokeSrcNameMap: {
+    importRefreshToken: 'done.invoke.importRefreshToken'
+    passwordlessEmail: 'done.invoke.passwordlessEmail'
+    passwordlessSms: 'done.invoke.passwordlessSms'
+    passwordlessSmsOtp: 'done.invoke.passwordlessSmsOtp'
+    refreshToken: 'done.invoke.authenticateWithToken' | 'done.invoke.refreshToken'
+    signInAnonymous: 'done.invoke.authenticateAnonymously'
+    signInEmailOTP: 'done.invoke.signInEmailOTP'
+    signInIdToken: 'done.invoke.authenticateWithIdToken'
+    signInMfaTotp: 'done.invoke.signInMfaTotp'
+    signInPAT: 'done.invoke.authenticateWithPAT'
+    signInPassword: 'done.invoke.authenticateUserWithPassword'
+    signInSecurityKey: 'done.invoke.authenticateUserWithSecurityKey'
+    signInSecurityKeyEmail: 'done.invoke.authenticateUserWithSecurityKey'
+    signUpEmailPassword: 'done.invoke.signUpEmailPassword'
+    signUpSecurityKey: 'done.invoke.signUpSecurityKey'
+    signout: 'done.invoke.signingOut'
+    verifyEmailOTP: 'done.invoke.verifyEmailOTP'
+  }
+  missingImplementations: {
+    actions: never
+    delays: never
+    guards: never
+    services: never
+  }
+  eventsCausingActions: {
+    broadcastToken:
+      | ''
+      | 'SESSION_UPDATE'
+      | 'done.invoke.authenticateAnonymously'
+      | 'done.invoke.authenticateUserWithPassword'
+      | 'done.invoke.authenticateUserWithSecurityKey'
+      | 'done.invoke.authenticateWithIdToken'
+      | 'done.invoke.authenticateWithPAT'
+      | 'done.invoke.authenticateWithToken'
+      | 'done.invoke.importRefreshToken'
+      | 'done.invoke.passwordlessSmsOtp'
+      | 'done.invoke.signInMfaTotp'
+      | 'done.invoke.signUpEmailPassword'
+      | 'done.invoke.signUpSecurityKey'
+      | 'done.invoke.verifyEmailOTP'
+    cleanUrl:
+      | ''
+      | 'SESSION_UPDATE'
+      | 'done.invoke.authenticateAnonymously'
+      | 'done.invoke.authenticateUserWithPassword'
+      | 'done.invoke.authenticateUserWithSecurityKey'
+      | 'done.invoke.authenticateWithIdToken'
+      | 'done.invoke.authenticateWithPAT'
+      | 'done.invoke.authenticateWithToken'
+      | 'done.invoke.importRefreshToken'
+      | 'done.invoke.passwordlessSmsOtp'
+      | 'done.invoke.signInMfaTotp'
+      | 'done.invoke.signUpEmailPassword'
+      | 'done.invoke.signUpSecurityKey'
+      | 'done.invoke.verifyEmailOTP'
+    clearContext:
+      | 'done.invoke.passwordlessEmail'
+      | 'done.invoke.passwordlessSms'
+      | 'done.invoke.signInEmailOTP'
+      | 'done.invoke.signUpEmailPassword'
+      | 'done.invoke.signUpSecurityKey'
+    clearContextExceptTokens: 'SIGNOUT'
+    destroyAccessToken:
+      | 'SESSION_UPDATE'
+      | 'SIGNIN_ANONYMOUS'
+      | 'SIGNIN_ID_TOKEN'
+      | 'SIGNIN_MFA_TOTP'
+      | 'SIGNIN_PASSWORD'
+      | 'SIGNIN_PAT'
+      | 'SIGNIN_SECURITY_KEY'
+      | 'SIGNIN_SECURITY_KEY_EMAIL'
+      | 'done.invoke.signingOut'
+      | 'error.platform.signingOut'
+      | 'xstate.stop'
+    destroyRefreshToken:
+      | 'SESSION_UPDATE'
+      | 'SIGNIN_ANONYMOUS'
+      | 'SIGNIN_ID_TOKEN'
+      | 'SIGNIN_MFA_TOTP'
+      | 'SIGNIN_PASSWORD'
+      | 'SIGNIN_PAT'
+      | 'SIGNIN_SECURITY_KEY'
+      | 'SIGNIN_SECURITY_KEY_EMAIL'
+      | 'done.invoke.signingOut'
+      | 'error.platform.signingOut'
+      | 'xstate.stop'
+    incrementTokenImportAttempts: 'error.platform.importRefreshToken'
+    reportSignedIn:
+      | ''
+      | 'SESSION_UPDATE'
+      | 'done.invoke.authenticateAnonymously'
+      | 'done.invoke.authenticateUserWithPassword'
+      | 'done.invoke.authenticateUserWithSecurityKey'
+      | 'done.invoke.authenticateWithIdToken'
+      | 'done.invoke.authenticateWithPAT'
+      | 'done.invoke.authenticateWithToken'
+      | 'done.invoke.importRefreshToken'
+      | 'done.invoke.passwordlessSmsOtp'
+      | 'done.invoke.signInMfaTotp'
+      | 'done.invoke.signUpEmailPassword'
+      | 'done.invoke.signUpSecurityKey'
+      | 'done.invoke.verifyEmailOTP'
+    reportSignedOut:
+      | 'SIGNOUT'
+      | 'done.invoke.authenticateUserWithPassword'
+      | 'done.invoke.importRefreshToken'
+      | 'done.invoke.passwordlessEmail'
+      | 'done.invoke.passwordlessSms'
+      | 'done.invoke.signInEmailOTP'
+      | 'done.invoke.signUpEmailPassword'
+      | 'done.invoke.signUpSecurityKey'
+      | 'error.platform.authenticateAnonymously'
+      | 'error.platform.authenticateUserWithPassword'
+      | 'error.platform.authenticateUserWithSecurityKey'
+      | 'error.platform.authenticateWithIdToken'
+      | 'error.platform.authenticateWithPAT'
+      | 'error.platform.authenticateWithToken'
+      | 'error.platform.importRefreshToken'
+      | 'error.platform.refreshToken'
+      | 'error.platform.signInMfaTotp'
+    reportTokenChanged:
+      | 'SESSION_UPDATE'
+      | 'SIGNIN_ANONYMOUS'
+      | 'SIGNIN_ID_TOKEN'
+      | 'SIGNIN_MFA_TOTP'
+      | 'SIGNIN_PASSWORD'
+      | 'SIGNIN_PAT'
+      | 'SIGNIN_SECURITY_KEY'
+      | 'SIGNIN_SECURITY_KEY_EMAIL'
+      | 'done.invoke.authenticateAnonymously'
+      | 'done.invoke.authenticateUserWithPassword'
+      | 'done.invoke.authenticateUserWithSecurityKey'
+      | 'done.invoke.authenticateWithIdToken'
+      | 'done.invoke.authenticateWithPAT'
+      | 'done.invoke.authenticateWithToken'
+      | 'done.invoke.importRefreshToken'
+      | 'done.invoke.passwordlessSmsOtp'
+      | 'done.invoke.refreshToken'
+      | 'done.invoke.signInMfaTotp'
+      | 'done.invoke.signUpEmailPassword'
+      | 'done.invoke.signUpSecurityKey'
+      | 'done.invoke.signingOut'
+      | 'done.invoke.verifyEmailOTP'
+      | 'error.platform.signingOut'
+      | 'xstate.stop'
+    resetErrors:
+      | ''
+      | 'PASSWORDLESS_EMAIL'
+      | 'PASSWORDLESS_SMS'
+      | 'PASSWORDLESS_SMS_OTP'
+      | 'SESSION_UPDATE'
+      | 'SIGNIN_ANONYMOUS'
+      | 'SIGNIN_EMAIL_OTP'
+      | 'SIGNIN_ID_TOKEN'
+      | 'SIGNIN_MFA_TOTP'
+      | 'SIGNIN_PASSWORD'
+      | 'SIGNIN_PAT'
+      | 'SIGNIN_SECURITY_KEY'
+      | 'SIGNIN_SECURITY_KEY_EMAIL'
+      | 'SIGNUP_EMAIL_PASSWORD'
+      | 'SIGNUP_SECURITY_KEY'
+      | 'VERIFY_EMAIL_OTP'
+      | 'done.invoke.authenticateAnonymously'
+      | 'done.invoke.authenticateUserWithPassword'
+      | 'done.invoke.authenticateUserWithSecurityKey'
+      | 'done.invoke.authenticateWithIdToken'
+      | 'done.invoke.authenticateWithPAT'
+      | 'done.invoke.authenticateWithToken'
+      | 'done.invoke.importRefreshToken'
+      | 'done.invoke.passwordlessSmsOtp'
+      | 'done.invoke.signInMfaTotp'
+      | 'done.invoke.signUpEmailPassword'
+      | 'done.invoke.signUpSecurityKey'
+      | 'done.invoke.verifyEmailOTP'
+    resetTimer: '' | 'SESSION_UPDATE' | 'done.invoke.refreshToken'
+    saveAuthenticationError:
+      | 'error.platform.authenticateAnonymously'
+      | 'error.platform.authenticateUserWithPassword'
+      | 'error.platform.authenticateUserWithSecurityKey'
+      | 'error.platform.authenticateWithIdToken'
+      | 'error.platform.authenticateWithPAT'
+      | 'error.platform.authenticateWithToken'
+      | 'error.platform.importRefreshToken'
+      | 'error.platform.signInMfaTotp'
+      | 'error.platform.signingOut'
+    saveMfaTicket: 'done.invoke.authenticateUserWithPassword'
+    savePATSession: 'done.invoke.authenticateWithPAT'
+    saveRefreshAttempt: 'error.platform.refreshToken'
+    saveRegistrationError:
+      | 'error.platform.passwordlessEmail'
+      | 'error.platform.passwordlessSms'
+      | 'error.platform.passwordlessSmsOtp'
+      | 'error.platform.signInEmailOTP'
+      | 'error.platform.signUpEmailPassword'
+      | 'error.platform.signUpSecurityKey'
+      | 'error.platform.verifyEmailOTP'
+    saveSession:
+      | 'SESSION_UPDATE'
+      | 'done.invoke.authenticateAnonymously'
+      | 'done.invoke.authenticateUserWithPassword'
+      | 'done.invoke.authenticateUserWithSecurityKey'
+      | 'done.invoke.authenticateWithIdToken'
+      | 'done.invoke.authenticateWithToken'
+      | 'done.invoke.importRefreshToken'
+      | 'done.invoke.passwordlessSmsOtp'
+      | 'done.invoke.refreshToken'
+      | 'done.invoke.signInMfaTotp'
+      | 'done.invoke.signUpEmailPassword'
+      | 'done.invoke.signUpSecurityKey'
+      | 'done.invoke.verifyEmailOTP'
+  }
+  eventsCausingDelays: {
+    RETRY_IMPORT_TOKEN_DELAY: 'error.platform.importRefreshToken'
+  }
+  eventsCausingGuards: {
+    hasMfaTicket: 'done.invoke.authenticateUserWithPassword'
+    hasRefreshToken: ''
+    hasSession:
+      | 'SESSION_UPDATE'
+      | 'done.invoke.importRefreshToken'
+      | 'done.invoke.signUpEmailPassword'
+      | 'done.invoke.signUpSecurityKey'
+    isAnonymous: 'SIGNED_IN'
+    isAutoRefreshDisabled: ''
+    isRefreshTokenPAT: ''
+    isSignedIn: '' | 'error.platform.authenticateWithToken'
+    isUnauthorizedError: 'error.platform.refreshToken'
+    noToken: ''
+    refreshTimerShouldRefresh: ''
+    shouldRetryImportToken: 'error.platform.importRefreshToken'
+    unverified:
+      | 'error.platform.authenticateUserWithPassword'
+      | 'error.platform.authenticateUserWithSecurityKey'
+      | 'error.platform.signUpEmailPassword'
+      | 'error.platform.signUpSecurityKey'
+  }
+  eventsCausingServices: {
+    importRefreshToken:
+      | 'done.invoke.authenticateWithToken'
+      | 'done.invoke.passwordlessEmail'
+      | 'done.invoke.passwordlessSms'
+      | 'done.invoke.passwordlessSmsOtp'
+      | 'done.invoke.signInEmailOTP'
+      | 'done.invoke.signUpEmailPassword'
+      | 'done.invoke.signUpSecurityKey'
+      | 'done.invoke.verifyEmailOTP'
+      | 'error.platform.authenticateWithToken'
+      | 'xstate.after(RETRY_IMPORT_TOKEN_DELAY)#nhost.authentication.retryTokenImport'
+      | 'xstate.init'
+    passwordlessEmail: 'PASSWORDLESS_EMAIL'
+    passwordlessSms: 'PASSWORDLESS_SMS'
+    passwordlessSmsOtp: 'PASSWORDLESS_SMS_OTP'
+    refreshToken: '' | 'TRY_TOKEN'
+    signInAnonymous: 'SIGNIN_ANONYMOUS'
+    signInEmailOTP: 'SIGNIN_EMAIL_OTP'
+    signInIdToken: 'SIGNIN_ID_TOKEN'
+    signInMfaTotp: 'SIGNIN_MFA_TOTP'
+    signInPAT: 'SIGNIN_PAT'
+    signInPassword: 'SIGNIN_PASSWORD'
+    signInSecurityKey: 'SIGNIN_SECURITY_KEY'
+    signInSecurityKeyEmail: 'SIGNIN_SECURITY_KEY_EMAIL'
+    signUpEmailPassword: 'SIGNUP_EMAIL_PASSWORD'
+    signUpSecurityKey: 'SIGNUP_SECURITY_KEY'
+    signout: 'SIGNOUT'
+    verifyEmailOTP: 'VERIFY_EMAIL_OTP'
+  }
+  matchesStates:
+    | 'authentication'
+    | 'authentication.authenticating'
+    | 'authentication.authenticating.anonymous'
+    | 'authentication.authenticating.idToken'
+    | 'authentication.authenticating.mfa'
+    | 'authentication.authenticating.mfa.totp'
+    | 'authentication.authenticating.password'
+    | 'authentication.authenticating.pat'
+    | 'authentication.authenticating.securityKey'
+    | 'authentication.authenticating.securityKeyEmail'
+    | 'authentication.retryTokenImport'
+    | 'authentication.signedIn'
+    | 'authentication.signedIn.refreshTimer'
+    | 'authentication.signedIn.refreshTimer.disabled'
+    | 'authentication.signedIn.refreshTimer.idle'
+    | 'authentication.signedIn.refreshTimer.running'
+    | 'authentication.signedIn.refreshTimer.running.pending'
+    | 'authentication.signedIn.refreshTimer.running.refreshing'
+    | 'authentication.signedIn.refreshTimer.stopped'
+    | 'authentication.signedOut'
+    | 'authentication.signedOut.failed'
+    | 'authentication.signedOut.needsMfa'
+    | 'authentication.signedOut.needsSmsOtp'
+    | 'authentication.signedOut.noErrors'
+    | 'authentication.signedOut.signingOut'
+    | 'authentication.signedOut.success'
+    | 'authentication.starting'
+    | 'registration'
+    | 'registration.complete'
+    | 'registration.emailPassword'
+    | 'registration.incomplete'
+    | 'registration.incomplete.failed'
+    | 'registration.incomplete.needsEmailVerification'
+    | 'registration.incomplete.needsOtp'
+    | 'registration.incomplete.noErrors'
+    | 'registration.passwordlessEmail'
+    | 'registration.passwordlessSms'
+    | 'registration.passwordlessSmsOtp'
+    | 'registration.securityKey'
+    | 'registration.signInEmailOTP'
+    | 'registration.verifyEmailOTP'
+    | 'token'
+    | 'token.idle'
+    | 'token.idle.error'
+    | 'token.idle.noErrors'
+    | 'token.running'
+    | {
+        authentication?:
+          | 'authenticating'
+          | 'retryTokenImport'
+          | 'signedIn'
+          | 'signedOut'
+          | 'starting'
+          | {
+              authenticating?:
+                | 'anonymous'
+                | 'idToken'
+                | 'mfa'
+                | 'password'
+                | 'pat'
+                | 'securityKey'
+                | 'securityKeyEmail'
+                | { mfa?: 'totp' }
+              signedIn?:
+                | 'refreshTimer'
+                | {
+                    refreshTimer?:
+                      | 'disabled'
+                      | 'idle'
+                      | 'running'
+                      | 'stopped'
+                      | { running?: 'pending' | 'refreshing' }
+                  }
+              signedOut?:
+                | 'failed'
+                | 'needsMfa'
+                | 'needsSmsOtp'
+                | 'noErrors'
+                | 'signingOut'
+                | 'success'
+            }
+        registration?:
+          | 'complete'
+          | 'emailPassword'
+          | 'incomplete'
+          | 'passwordlessEmail'
+          | 'passwordlessSms'
+          | 'passwordlessSmsOtp'
+          | 'securityKey'
+          | 'signInEmailOTP'
+          | 'verifyEmailOTP'
+          | { incomplete?: 'failed' | 'needsEmailVerification' | 'needsOtp' | 'noErrors' }
+        token?: 'idle' | 'running' | { idle?: 'error' | 'noErrors' }
       }
-  
+  tags: 'loading'
+}

packages/hasura-auth-js/src/promises/index.ts

@@ -20,3 +20,4 @@ export * from './signInEmailOTP'
 export * from './signInIdToken'
 export * from './linkIdToken'
 export * from './types'
+export * from './signInSecurityKey'

packages/hasura-auth-js/src/promises/signInSecurityKey.ts

@@ -0,0 +1,70 @@
+import { USER_ALREADY_SIGNED_IN } from '../errors'
+import { AuthInterpreter } from '../machines'
+
+import {
+  AuthActionLoadingState,
+  NeedsEmailVerificationState,
+  SessionActionHandlerResult
+} from './types'
+
+export interface SignInSecurityKeyHandlerResult
+  extends SessionActionHandlerResult,
+    NeedsEmailVerificationState {}
+
+export interface SignInSecurityKeyState
+  extends SignInSecurityKeyHandlerResult,
+    AuthActionLoadingState {}
+
+export const signInSecurityKeyPromise = (interpreter: AuthInterpreter) =>
+  new Promise<SignInSecurityKeyHandlerResult>((resolve) => {
+    const { changed, context } = interpreter.send({ type: 'SIGNIN_SECURITY_KEY' })
+    if (!changed) {
+      return resolve({
+        accessToken: context.accessToken.value,
+        refreshToken: context.refreshToken.value,
+        error: USER_ALREADY_SIGNED_IN,
+        isError: true,
+        isSuccess: false,
+        needsEmailVerification: false,
+        user: context.user
+      })
+    }
+    interpreter.onTransition((state) => {
+      if (
+        state.matches({
+          authentication: { signedOut: 'noErrors' },
+          registration: { incomplete: 'needsEmailVerification' }
+        })
+      ) {
+        resolve({
+          accessToken: null,
+          refreshToken: null,
+          error: null,
+          isError: false,
+          isSuccess: false,
+          needsEmailVerification: true,
+          user: null
+        })
+      } else if (state.matches({ authentication: { signedOut: 'failed' } })) {
+        resolve({
+          accessToken: null,
+          refreshToken: null,
+          error: state.context.errors.authentication || null,
+          isError: true,
+          isSuccess: false,
+          needsEmailVerification: false,
+          user: null
+        })
+      } else if (state.matches({ authentication: 'signedIn' })) {
+        resolve({
+          accessToken: state.context.accessToken.value,
+          refreshToken: state.context.refreshToken.value,
+          error: null,
+          isError: false,
+          isSuccess: true,
+          needsEmailVerification: false,
+          user: state.context.user
+        })
+      }
+    })
+  })

packages/nextjs/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @nhost/nextjs
 
+## 2.2.1
+
+### Patch Changes
+
+- Updated dependencies [04d2ce1]
+  - @nhost/react@3.9.0
+
 ## 2.2.0
 
 ### Minor Changes

packages/nextjs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/nextjs",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "description": "Nhost NextJS library",
   "license": "MIT",
   "keywords": [

packages/nhost-js/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @nhost/nhost-js
 
+## 3.2.3
+
+### Patch Changes
+
+- Updated dependencies [44c1e17]
+- Updated dependencies [04d2ce1]
+  - @nhost/hasura-auth-js@2.10.0
+
 ## 3.2.2
 
 ### Patch Changes

packages/nhost-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/nhost-js",
-  "version": "3.2.2",
+  "version": "3.2.3",
   "description": "Nhost JavaScript SDK",
   "license": "MIT",
   "keywords": [

packages/react/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @nhost/react
 
+## 3.9.0
+
+### Minor Changes
+
+- 04d2ce1: feat: add signin security key with user handle
+
+### Patch Changes
+
+- @nhost/nhost-js@3.2.3
+
 ## 3.8.1
 
 ### Patch Changes

packages/react/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/react",
-  "version": "3.8.1",
+  "version": "3.9.0",
   "description": "Nhost React library",
   "license": "MIT",
   "keywords": [

packages/react/src/index.ts

@@ -41,3 +41,4 @@ export * from './useUserRoles'
 export * from './useSignInEmailOTP'
 export * from './useSignInIdToken'
 export * from './useLinkIdToken'
+export * from './useSignInSecurityKey'

packages/react/src/useSignInSecurityKey.ts

@@ -0,0 +1,94 @@
+import {
+  signInSecurityKeyPromise,
+  SignInSecurityKeyHandlerResult,
+  SignInSecurityKeyState
+} from '@nhost/nhost-js'
+import { useSelector } from '@xstate/react'
+import { useAuthInterpreter } from './useAuthInterpreter'
+
+interface SignInSecurityKeyHandler {
+  (): Promise<SignInSecurityKeyHandlerResult>
+}
+
+export interface SignInSecurityKeyHookResult extends SignInSecurityKeyState {
+  signInSecurityKey: SignInSecurityKeyHandler
+}
+
+interface SignInSecurityKeyHook {
+  (): SignInSecurityKeyHookResult
+}
+
+/**
+ * Use the hook `useSignInSecurityKey` to sign in a user with a security key using the WebAuthn API.
+ *
+ * @example
+ * ```tsx
+ * const { signInSecurityKey, needsEmailVerification, isLoading, isSuccess, isError, error } = useSignInSecurityKey()
+ *
+ * console.log({ needsEmailVerification, isLoading, isSuccess, isError, error });
+ *
+ * const handleFormSubmit = async (e) => {
+ *   e.preventDefault();
+ *
+ *   await signInSecurityKey()
+ * }
+ * ```
+ *
+ * @docs https://docs.nhost.io/reference/react/use-sign-in-security-key
+ */
+export const useSignInSecurityKey: SignInSecurityKeyHook = () => {
+  const service = useAuthInterpreter()
+
+  const signInSecurityKey: SignInSecurityKeyHandler = () => signInSecurityKeyPromise(service)
+
+  const user = useSelector(
+    service,
+    (state) => state.context.user,
+    (a, b) => a?.id === b?.id
+  )
+  const accessToken = useSelector(service, (state) => state.context.accessToken.value)
+
+  const refreshToken = useSelector(service, (state) => state.context.refreshToken.value)
+
+  const error = useSelector(
+    service,
+    (state) => state.context.errors.authentication || null,
+    (a, b) => a?.error === b?.error
+  )
+  const isSuccess = useSelector(service, (state) =>
+    state.matches({
+      authentication: 'signedIn'
+    })
+  )
+  const isLoading = useSelector(
+    service,
+    (state) => state.matches({ authentication: { authenticating: 'securityKeyEmail' } }),
+    (a, b) => a === b
+  )
+  const needsEmailVerification = useSelector(
+    service,
+    (state) =>
+      state.matches({
+        authentication: { signedOut: 'noErrors' },
+        registration: { incomplete: 'needsEmailVerification' }
+      }),
+    (a, b) => a === b
+  )
+  const isError = useSelector(
+    service,
+    (state) => state.matches({ authentication: { signedOut: 'failed' } }),
+    (a, b) => a === b
+  )
+
+  return {
+    accessToken,
+    refreshToken,
+    error,
+    isError,
+    isLoading,
+    isSuccess,
+    needsEmailVerification,
+    signInSecurityKey,
+    user
+  }
+}

packages/vue/CHANGELOG.md

@@ -1,5 +1,15 @@
 # @nhost/vue
 
+## 2.9.0
+
+### Minor Changes
+
+- 04d2ce1: feat: add signin security key with user handle
+
+### Patch Changes
+
+- @nhost/nhost-js@3.2.3
+
 ## 2.8.1
 
 ### Patch Changes

packages/vue/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/vue",
-  "version": "2.8.1",
+  "version": "2.9.0",
   "description": "Nhost Vue library",
   "license": "MIT",
   "keywords": [

packages/vue/src/index.ts

@@ -38,3 +38,4 @@ export * from './useAddSecurityKey'
 export * from './useSignInEmailOTP'
 export * from './useSignInIdToken'
 export * from './useLinkIdToken'
+export * from './useSignInSecurityKey'

packages/vue/src/useSignInSecurityKey.ts

@@ -0,0 +1,95 @@
+import {
+  SignInSecurityKeyHandlerResult,
+  signInSecurityKeyPromise,
+  SignInSecurityKeyState
+} from '@nhost/nhost-js'
+import { useSelector } from '@xstate/vue'
+import { ToRefs } from 'vue'
+import { useAuthInterpreter } from './useAuthInterpreter'
+
+interface SignInSecurityKeyHandler {
+  (): Promise<SignInSecurityKeyHandlerResult>
+}
+
+export interface SignInSecurityKeyHookResult extends ToRefs<SignInSecurityKeyState> {
+  signInSecurityKey: SignInSecurityKeyHandler
+}
+
+interface SignInSecurityKeyResult {
+  (): SignInSecurityKeyHookResult
+}
+
+/**
+ * Use the composable `useSignInSecurityKey` to sign in a user with a security key using the WebAuthn API
+ *
+ * @example
+ * ```tsx
+ * const { signInSecurityKey, needsEmailVerification, isLoading, isSuccess, isError, error } = useSignInSecurityKey()
+ *
+ * console.log({ needsEmailVerification, isLoading, isSuccess, isError, error });
+ *
+ * const handleFormSubmit = async (e) => {
+ *   e.preventDefault();
+ *
+ *   await signInSecurityKey()
+ * }
+ * ```
+ *
+ * @docs https://docs.nhost.io/reference/vue/use-sign-in-security-key
+ */
+export const useSignInSecurityKey: SignInSecurityKeyResult = () => {
+  const service = useAuthInterpreter()
+  const signInSecurityKey: SignInSecurityKeyHandler = () => signInSecurityKeyPromise(service.value)
+
+  const user = useSelector(
+    service.value,
+    (state) => state.context.user,
+    (a, b) => a?.id === b?.id
+  )
+  const accessToken = useSelector(service.value, (state) => state.context.accessToken.value)
+
+  const refreshToken = useSelector(service.value, (state) => state.context.refreshToken.value)
+
+  const error = useSelector(
+    service.value,
+    (state) => state.context.errors.authentication || null,
+    (a, b) => a?.error === b?.error
+  )
+  const isSuccess = useSelector(service.value, (state) =>
+    state.matches({
+      authentication: 'signedIn'
+    })
+  )
+  const isLoading = useSelector(
+    service.value,
+    (state) => state.matches({ authentication: { authenticating: 'securityKeyEmail' } }),
+    (a, b) => a === b
+  )
+
+  const needsEmailVerification = useSelector(
+    service.value,
+    (state) =>
+      state.matches({
+        authentication: { signedOut: 'noErrors' },
+        registration: { incomplete: 'needsEmailVerification' }
+      }),
+    (a, b) => a === b
+  )
+  const isError = useSelector(
+    service.value,
+    (state) => state.matches({ authentication: { signedOut: 'failed' } }),
+    (a, b) => a === b
+  )
+
+  return {
+    accessToken,
+    refreshToken,
+    error,
+    isError,
+    isLoading,
+    isSuccess,
+    needsEmailVerification,
+    signInSecurityKey,
+    user
+  }
+}

pnpm-lock.yaml

@@ -642,11 +642,11 @@ importers:
         specifier: ^15.2.2
         version: 15.2.5
       msw:
-        specifier: ^1.3.3
+        specifier: ^1.3.5
-        version: 1.3.3(encoding@0.1.13)(typescript@5.7.2)
+        version: 1.3.5(encoding@0.1.13)(typescript@5.7.2)
       msw-storybook-addon:
         specifier: ^1.10.0
-        version: 1.10.0(msw@1.3.3(encoding@0.1.13)(typescript@5.7.2))
+        version: 1.10.0(msw@1.3.5(encoding@0.1.13)(typescript@5.7.2))
       node-fetch:
         specifier: ^3.3.2
         version: 3.3.2
@@ -1936,8 +1936,8 @@ importers:
         specifier: ^4.16.0
         version: 4.16.0
       msw:
-        specifier: ^1.3.3
+        specifier: ^1.3.5
-        version: 1.3.3(encoding@0.1.13)(typescript@5.7.2)
+        version: 1.3.5(encoding@0.1.13)(typescript@5.7.2)
 
   packages/hasura-storage-js:
     dependencies:
@@ -2477,7 +2477,7 @@ packages:
     resolution: {integrity: sha512-9anThAaj1dQr6IGmzBMcfzOQKTa5artjuPmw8NYK/fiGEMjADbSguBY2FMDykt+QhilR3wc9VA/3yVju7JHg7Q==}
     hasBin: true
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@ardatan/sync-fetch@0.0.1':
     resolution: {integrity: sha512-xhlTqH0m31mnsG0tIP4ETgfSB6gXDaYYsUWTrlUV93fFQPI9dd8hE0Ot6MHLCtqgB32hwJAC3YZMWlXZw7AleA==}
@@ -4273,7 +4273,7 @@ packages:
     hasBin: true
     peerDependencies:
       '@parcel/watcher': ^2.1.0
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
     peerDependenciesMeta:
       '@parcel/watcher':
         optional: true
@@ -4281,7 +4281,7 @@ packages:
   '@graphql-codegen/client-preset@1.3.0':
     resolution: {integrity: sha512-aUdOvpFszAvDu4TdiucO/Jl1d/spCwZaYLnmrYFD6wKjzLlRAuHiLYV/UEcviTiLNX5vxpJ9lLMnoeuJXnBw2w==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-codegen/client-preset@4.2.5':
     resolution: {integrity: sha512-hAdB6HN8EDmkoBtr0bPUN/7NH6svzqbcTDMWBCRXPESXkl7y80po+IXrXUjsSrvhKG8xkNXgJNz/2mjwHzywcA==}
@@ -4317,7 +4317,7 @@ packages:
   '@graphql-codegen/plugin-helpers@4.2.0':
     resolution: {integrity: sha512-THFTCfg+46PXlXobYJ/OoCX6pzjI+9woQqCjdyKtgoI0tn3Xq2HUUCiidndxUpEYVrXb5pRiRXb7b/ZbMQqD0A==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-codegen/plugin-helpers@5.0.3':
     resolution: {integrity: sha512-yZ1rpULIWKBZqCDlvGIJRSyj1B2utkEdGmXZTBT/GVayP4hyRYlkd36AJV/LfEsVD8dnsKL5rLz2VTYmRNlJ5Q==}
@@ -4398,7 +4398,7 @@ packages:
   '@graphql-codegen/visitor-plugin-common@3.1.1':
     resolution: {integrity: sha512-uAfp+zu/009R3HUAuTK2AamR1bxIltM6rrYYI6EXSmkM3rFtFsLTuJhjUDj98HcUCszJZrADppz8KKLGRUVlNg==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-codegen/visitor-plugin-common@5.1.0':
     resolution: {integrity: sha512-eamQxtA9bjJqI2lU5eYoA1GbdMIRT2X8m8vhWYsVQVWD3qM7sx/IqJU0kx0J3Vd4/CSd36BzL6RKwksibytDIg==}
@@ -4450,7 +4450,7 @@ packages:
     resolution: {integrity: sha512-+NXaZd2MWbbrWHqU4EhXcrDbogeiCDmEbrAN+rMn4Nu2okDjn2MTFDbTIab87oEubQCH4Te1wDkWPKrzXup7+Q==}
     engines: {node: '>=16.0.0'}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-tools/executor-legacy-ws@1.0.6':
     resolution: {integrity: sha512-lDSxz9VyyquOrvSuCCnld3256Hmd+QI2lkmkEv7d4mdzkxkK4ddAWW1geQiWrQvWmdsmcnGGlZ7gDGbhEExwqg==}
@@ -4491,7 +4491,7 @@ packages:
     resolution: {integrity: sha512-gNqukC+s7iHC7vQZmx1SEJQmLnOguBq+aqE2zV2+o1hxkExvKqyFli1SY/9gmukFIKpKutCIj+8yLOM+jARutw==}
     engines: {node: '>=16.0.0'}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-tools/import@7.0.1':
     resolution: {integrity: sha512-935uAjAS8UAeXThqHfYVr4HEAp6nHJ2sximZKO1RzUTq5WoALMAhhGARl0+ecm6X+cqNUwIChJbjtaa6P/ML0w==}
@@ -4520,12 +4520,12 @@ packages:
     resolution: {integrity: sha512-FeKv9lKLMwqDu0pQjPpF59GY3HReUkWXKsMIuMuJQOKh9BETu7zPEFUELvcw8w+lwZkl4ileJsHXC9+AnsT2Lw==}
     engines: {node: '>=16.0.0'}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-tools/optimize@1.4.0':
     resolution: {integrity: sha512-dJs/2XvZp+wgHH8T5J2TqptT9/6uVzIYvA6uFACha+ufvdMBedkfR4b4GbT8jAKLRARiqRTxy3dctnwkTM2tdw==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-tools/optimize@2.0.0':
     resolution: {integrity: sha512-nhdT+CRGDZ+bk68ic+Jw1OZ99YCDIKYA5AlVAnBHJvMawSx9YQqQAIj4refNc1/LRieGiuWvhbG3jvPVYho0Dg==}
@@ -4542,7 +4542,7 @@ packages:
   '@graphql-tools/relay-operation-optimizer@6.5.18':
     resolution: {integrity: sha512-mc5VPyTeV+LwiM+DNvoDQfPqwQYhPV/cl5jOBjTgSniyaq8/86aODfMkrE2OduhQ5E00hqrkuL2Fdrgk0w1QJg==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-tools/relay-operation-optimizer@7.0.1':
     resolution: {integrity: sha512-y0ZrQ/iyqWZlsS/xrJfSir3TbVYJTYmMOu4TaSz6F4FRDTQ3ie43BlKkhf04rC28pnUOS4BO9pDcAo1D30l5+A==}
@@ -4554,7 +4554,7 @@ packages:
     resolution: {integrity: sha512-p28Oh9EcOna6i0yLaCFOnkcBDQECVf3SCexT6ktb86QNj9idnkhI+tCxnwZDh58Qvjd2nURdkbevvoZkvxzCog==}
     engines: {node: '>=16.0.0'}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-tools/schema@9.0.19':
     resolution: {integrity: sha512-oBRPoNBtCkk0zbUsyP4GaIzCt8C0aCI4ycIRUL67KK5pOHljKLBBtGT+Jr6hkzA74C8Gco8bpZPe7aWFjiaK2w==}
@@ -4581,7 +4581,7 @@ packages:
   '@graphql-tools/utils@9.2.1':
     resolution: {integrity: sha512-WUw506Ql6xzmOORlriNrD6Ugx+HjVgYxt9KCXD9mHAak+eaXSwuGGPyE60hy9xaDEoXKBsG7SkG69ybitaVl6A==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-tools/wrap@10.0.5':
     resolution: {integrity: sha512-Cbr5aYjr3HkwdPvetZp1cpDWTGdD1Owgsb3z/ClzhmrboiK86EnQDxDvOJiQkDCPWE9lNBwj8Y4HfxroY0D9DQ==}
@@ -4610,7 +4610,7 @@ packages:
   '@graphql-yoga/node@2.13.13':
     resolution: {integrity: sha512-3NmdEq3BkuVLRbo5yUi401sBiwowSKgY8O1DN1RwYdHRr0nu2dXzlYEETf4XLymyP6mKsVfQgsy7HQjwsc1oNw==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@graphql-yoga/subscription@2.2.3':
     resolution: {integrity: sha512-It/Dfh+nW2ClTtmOylAa+o7fbKIRYRTH6jfKLj3YB75tkv/rFZ70bjlChDCrEMa46I+zDMg7+cdkrQOXov2fDg==}
@@ -5388,7 +5388,7 @@ packages:
   '@nhost/graphql-js@0.3.0':
     resolution: {integrity: sha512-CVYq6wx0VbaYdpUBmfNO/6mZatHB5+YBCqFjWyxhpN1nzHCHEO6rgdL7j0qk31OFE6XAX0z7AQZSXg1Pn63GUw==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@nhost/hasura-auth-js@2.5.5':
     resolution: {integrity: sha512-+7IfhWwUHtq+ZNnTYYDWHpvAbGzSH9yvOrtILZeMxuA9rrkpNPVghR9uiFg8D2qoTpyTOszmCP0wJyEyO8pXSQ==}
@@ -5575,7 +5575,7 @@ packages:
   '@pothos/core@3.41.0':
     resolution: {integrity: sha512-Nb7uPDTXVjdrWqHs5aoD1r6JEdQ9FnJYlf7gv47o1b/bb8rVDAZQaviVvaChal7YQcyFGgCFb0/YNNHLNBEjNw==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   '@protobufjs/aspromise@1.1.2':
     resolution: {integrity: sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==}
@@ -8205,19 +8205,19 @@ packages:
     resolution: {integrity: sha512-AfgcRL8ZBhAlc3BFdigClmTUMISmmzHn7sB2h9U1odvc5U/MjWXsAaz18b/WoppUTDBzxOJwo2VdClfUcItu9g==}
     engines: {node: ^14.18.0 || >=16.0.0}
     peerDependencies:
-      vite: '>=4.3.9'
+      vite: '>=4.5.1'
 
   '@vitejs/plugin-react@4.3.1':
     resolution: {integrity: sha512-m/V2syj5CuVnaxcUJOQRel/Wr31FFXRFlnOoq1TVtkCxsY5veGMTEmpWHndrhB2U8ScHtCQB1e+4hWYExQc6Lg==}
     engines: {node: ^14.18.0 || >=16.0.0}
     peerDependencies:
-      vite: '>=4.3.9'
+      vite: '>=4.5.1'
 
   '@vitejs/plugin-vue@4.6.2':
     resolution: {integrity: sha512-kqf7SGFoG+80aZG6Pf+gsZIVvGSCKE98JbiWqcCV9cThtg91Jav0yvYFC9Zb+jKetNGF6ZKeoaxgZfND21fWKw==}
     engines: {node: ^14.18.0 || >=16.0.0}
     peerDependencies:
-      vite: '>=4.3.9'
+      vite: '>=4.5.1'
       vue: ^3.2.25
 
   '@vitest/coverage-v8@0.32.4':
@@ -8268,7 +8268,7 @@ packages:
     peerDependencies:
       '@apollo/client': ^3.4.13
       '@vue/composition-api': ^1.0.0
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
       vue: ^2.6.0 || ^3.1.0
     peerDependenciesMeta:
       '@vue/composition-api':
@@ -11529,12 +11529,12 @@ packages:
     resolution: {integrity: sha512-gCQIIy7lM9CB1KPLEb+DNZLczA9zuTLEOJE2hEQZTFYInogdmMDRa6RAkvM4LL0LcgcS+3uPs6KtHlcjCqRbUg==}
     hasBin: true
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   graphql-request@6.1.0:
     resolution: {integrity: sha512-p+XPfS4q7aIpKVcgmnZKhMNqhltk20hfXtkaIkTfjjmiKMJ5xrt5c743cL03y/K7y1rg3WrIC49xGiEQ4mxdNw==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
 
   graphql-scalars@1.23.0:
     resolution: {integrity: sha512-YTRNcwitkn8CqYcleKOx9IvedA8JIERn8BRq21nlKgOr4NEcTaWEG0sT+H92eF3ALTFbPgsqfft4cw+MGgv0Gg==}
@@ -13925,8 +13925,8 @@ packages:
     peerDependencies:
       msw: '>=0.35.0 <2.0.0'
 
-  msw@1.3.3:
+  msw@1.3.5:
-    resolution: {integrity: sha512-CiPyRFiYJCXYyH/vwxT7m+sa4VZHuUH6cGwRBj0kaTjBGpsk4EnL47YzhoA859htVCF2vzqZuOsomIUlFqg9GQ==}
+    resolution: {integrity: sha512-nG3fpmBXxFbKSIdk6miPuL3KjU6WMxgoW4tG1YgnP1M+TRG3Qn7b7R0euKAHq4vpwARHb18ZyfZljSxsTnMX2w==}
     engines: {node: '>=14'}
     hasBin: true
     peerDependencies:
@@ -14439,8 +14439,8 @@ packages:
   path-to-regexp@0.1.12:
     resolution: {integrity: sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==}
 
-  path-to-regexp@6.2.1:
+  path-to-regexp@6.3.0:
-    resolution: {integrity: sha512-JLyh7xT1kizaEvcaXOQwOc2/Yhw6KZOvPf1S8401UyLk86CU79LN3vl7ztXGm/pZ+YjoyAJ4rxmHwbkBXJX+yw==}
+    resolution: {integrity: sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==}
 
   path-type@3.0.0:
     resolution: {integrity: sha512-T2ZUsdZFHgA3u4e5PfPbjd7HDDpxPnQb5jN0SrDsjNSuVXHJqtwTnWqG0B1jZrgmJ/7lj1EmVIByWt1gxGkWvg==}
@@ -17659,7 +17659,7 @@ packages:
   urql@3.0.4:
     resolution: {integrity: sha512-okmQKQ9pF4t8O8iCC5gH9acqfFji5lkhW3nLBjx8WKDd2zZG7PXoUpUK19VQEMK87L6VFBOO/XZ52MMKFEI0AA==}
     peerDependencies:
-      graphql: '>=16.8.1'
+      graphql: 16.8.1
       react: 18.2.0
 
   use-callback-ref@1.3.2:
@@ -17864,7 +17864,7 @@ packages:
   vite-tsconfig-paths@4.3.2:
     resolution: {integrity: sha512-0Vd/a6po6Q+86rPlntHye7F31zA2URZMbH8M3saAZ/xR9QoGN/L21bxEGfXdWmFdNkqPpRdxFT7nmNe12e9/uA==}
     peerDependencies:
-      vite: '>=4.3.9'
+      vite: '>=4.5.1'
     peerDependenciesMeta:
       vite:
         optional: true
@@ -18815,7 +18815,7 @@ snapshots:
       '@babel/traverse': 7.24.7
       '@babel/types': 7.26.3
       convert-source-map: 1.9.0
-      debug: 4.3.5
+      debug: 4.4.0
       gensync: 1.0.0-beta.2
       json5: 2.2.3
       lodash: 4.17.21
@@ -18908,7 +18908,7 @@ snapshots:
       '@babel/helper-module-imports': 7.24.7
       '@babel/helper-plugin-utils': 7.24.8
       '@babel/traverse': 7.24.7
-      debug: 4.3.5
+      debug: 4.4.0
       lodash.debounce: 4.0.8
       resolve: 1.22.9
       semver: 7.6.3
@@ -18920,7 +18920,7 @@ snapshots:
       '@babel/core': 7.24.7
       '@babel/helper-compilation-targets': 7.24.7
       '@babel/helper-plugin-utils': 7.24.8
-      debug: 4.3.5
+      debug: 4.4.0
       lodash.debounce: 4.0.8
       resolve: 1.22.9
     transitivePeerDependencies:
@@ -21872,7 +21872,7 @@ snapshots:
       '@antfu/install-pkg': 0.1.1
       '@antfu/utils': 0.7.10
       '@iconify/types': 1.1.0
-      debug: 4.3.5
+      debug: 4.4.0
       kolorist: 1.8.0
       local-pkg: 0.4.3
     transitivePeerDependencies:
@@ -22812,7 +22812,7 @@ snapshots:
       '@open-draft/until': 1.0.3
       '@types/debug': 4.1.12
       '@xmldom/xmldom': 0.8.10
-      debug: 4.3.5
+      debug: 4.4.0
       headers-polyfill: 3.2.5
       outvariant: 1.4.2
       strict-event-emitter: 0.2.8
@@ -26555,7 +26555,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/typescript-estree': 5.62.0(typescript@4.9.5)
       '@typescript-eslint/utils': 5.62.0(eslint@8.57.0)(typescript@4.9.5)
-      debug: 4.3.5
+      debug: 4.4.0
       eslint: 8.57.0
       tsutils: 3.21.0(typescript@4.9.5)
     optionalDependencies:
@@ -26567,7 +26567,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/typescript-estree': 5.62.0(typescript@5.0.4)
       '@typescript-eslint/utils': 5.62.0(eslint@8.57.0)(typescript@5.0.4)
-      debug: 4.3.5
+      debug: 4.4.0
       eslint: 8.57.0
       tsutils: 3.21.0(typescript@5.0.4)
     optionalDependencies:
@@ -26579,7 +26579,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/typescript-estree': 6.21.0(typescript@5.7.2)
       '@typescript-eslint/utils': 6.21.0(eslint@8.57.0)(typescript@5.7.2)
-      debug: 4.3.5
+      debug: 4.4.0
       eslint: 8.57.0
       ts-api-utils: 1.4.3(typescript@5.7.2)
     optionalDependencies:
@@ -26591,7 +26591,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/typescript-estree': 8.18.0(typescript@5.7.2)
       '@typescript-eslint/utils': 8.18.0(eslint@9.9.0(jiti@1.21.6))(typescript@5.7.2)
-      debug: 4.3.5
+      debug: 4.4.0
       eslint: 9.9.0(jiti@1.21.6)
       ts-api-utils: 1.4.3(typescript@5.7.2)
       typescript: 5.7.2
@@ -26608,7 +26608,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/types': 5.62.0
       '@typescript-eslint/visitor-keys': 5.62.0
-      debug: 4.3.5
+      debug: 4.4.0
       globby: 11.1.0
       is-glob: 4.0.3
       semver: 7.6.3
@@ -26622,7 +26622,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/types': 5.62.0
       '@typescript-eslint/visitor-keys': 5.62.0
-      debug: 4.3.5
+      debug: 4.4.0
       globby: 11.1.0
       is-glob: 4.0.3
       semver: 7.6.3
@@ -26636,7 +26636,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/types': 6.21.0
       '@typescript-eslint/visitor-keys': 6.21.0
-      debug: 4.3.5
+      debug: 4.4.0
       globby: 11.1.0
       is-glob: 4.0.3
       minimatch: 9.0.3
@@ -26651,7 +26651,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/types': 6.21.0
       '@typescript-eslint/visitor-keys': 6.21.0
-      debug: 4.3.5
+      debug: 4.4.0
       globby: 11.1.0
       is-glob: 4.0.3
       minimatch: 9.0.3
@@ -26666,7 +26666,7 @@ snapshots:
     dependencies:
       '@typescript-eslint/types': 8.18.0
       '@typescript-eslint/visitor-keys': 8.18.0
-      debug: 4.3.5
+      debug: 4.4.0
       fast-glob: 3.3.2
       is-glob: 4.0.3
       minimatch: 9.0.4
@@ -27451,13 +27451,13 @@ snapshots:
 
   agent-base@6.0.2:
     dependencies:
-      debug: 4.3.5
+      debug: 4.4.0
     transitivePeerDependencies:
       - supports-color
 
   agent-base@7.1.1:
     dependencies:
-      debug: 4.3.5
+      debug: 4.4.0
     transitivePeerDependencies:
       - supports-color
 
@@ -29213,7 +29213,7 @@ snapshots:
   detect-port@1.5.1:
     dependencies:
       address: 1.2.2
-      debug: 4.3.5
+      debug: 4.4.0
     transitivePeerDependencies:
       - supports-color
 
@@ -29595,7 +29595,7 @@ snapshots:
 
   esbuild-register@3.5.0(esbuild@0.18.20):
     dependencies:
-      debug: 4.3.5
+      debug: 4.4.0
       esbuild: 0.18.20
     transitivePeerDependencies:
       - supports-color
@@ -29747,7 +29747,7 @@ snapshots:
       '@typescript-eslint/parser': 5.62.0(eslint@9.9.0(jiti@1.21.6))(typescript@4.9.5)
       eslint: 9.9.0(jiti@1.21.6)
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 2.7.1(eslint-plugin-import@2.29.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint@8.57.0))(eslint@9.9.0(jiti@1.21.6))
+      eslint-import-resolver-typescript: 2.7.1(eslint-plugin-import@2.29.1)(eslint@9.9.0(jiti@1.21.6))
       eslint-plugin-import: 2.29.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint-import-resolver-typescript@2.7.1)(eslint@9.9.0(jiti@1.21.6))
       eslint-plugin-jsx-a11y: 6.8.0(eslint@9.9.0(jiti@1.21.6))
       eslint-plugin-react: 7.34.3(eslint@9.9.0(jiti@1.21.6))
@@ -29766,7 +29766,7 @@ snapshots:
       '@typescript-eslint/parser': 6.21.0(eslint@8.48.0)(typescript@5.2.2)
       eslint: 8.48.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@6.21.0(eslint@8.48.0)(typescript@5.2.2))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint@8.57.0))(eslint@8.48.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@6.21.0(eslint@8.48.0)(typescript@5.2.2))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1)(eslint@8.48.0)
       eslint-plugin-import: 2.29.1(@typescript-eslint/parser@6.21.0(eslint@8.48.0)(typescript@5.2.2))(eslint-import-resolver-typescript@3.6.1)(eslint@8.48.0)
       eslint-plugin-jsx-a11y: 6.8.0(eslint@8.48.0)
       eslint-plugin-react: 7.34.3(eslint@8.48.0)
@@ -29834,7 +29834,7 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@2.7.1(eslint-plugin-import@2.29.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint@8.57.0))(eslint@9.9.0(jiti@1.21.6)):
+  eslint-import-resolver-typescript@2.7.1(eslint-plugin-import@2.29.1)(eslint@9.9.0(jiti@1.21.6)):
     dependencies:
       debug: 4.3.5
       eslint: 9.9.0(jiti@1.21.6)
@@ -29846,7 +29846,7 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@6.21.0(eslint@8.48.0)(typescript@5.2.2))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint@8.57.0))(eslint@8.48.0):
+  eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@6.21.0(eslint@8.48.0)(typescript@5.2.2))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1)(eslint@8.48.0):
     dependencies:
       debug: 4.3.5
       enhanced-resolve: 5.17.1
@@ -29880,14 +29880,14 @@ snapshots:
       - eslint-import-resolver-webpack
       - supports-color
 
-  eslint-module-utils@2.8.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@2.7.1(eslint-plugin-import@2.29.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint@8.57.0))(eslint@9.9.0(jiti@1.21.6)))(eslint@9.9.0(jiti@1.21.6)):
+  eslint-module-utils@2.8.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@2.7.1)(eslint@9.9.0(jiti@1.21.6)):
     dependencies:
       debug: 3.2.7
     optionalDependencies:
       '@typescript-eslint/parser': 5.62.0(eslint@8.57.0)(typescript@4.9.5)
       eslint: 9.9.0(jiti@1.21.6)
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 2.7.1(eslint-plugin-import@2.29.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint@8.57.0))(eslint@9.9.0(jiti@1.21.6))
+      eslint-import-resolver-typescript: 2.7.1(eslint-plugin-import@2.29.1)(eslint@9.9.0(jiti@1.21.6))
     transitivePeerDependencies:
       - supports-color
 
@@ -29908,7 +29908,7 @@ snapshots:
       '@typescript-eslint/parser': 6.21.0(eslint@8.48.0)(typescript@5.2.2)
       eslint: 8.48.0
       eslint-import-resolver-node: 0.3.9
-      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@6.21.0(eslint@8.48.0)(typescript@5.2.2))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint@8.57.0))(eslint@8.48.0)
+      eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@6.21.0(eslint@8.48.0)(typescript@5.2.2))(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1)(eslint@8.48.0)
     transitivePeerDependencies:
       - supports-color
 
@@ -29978,7 +29978,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 9.9.0(jiti@1.21.6)
       eslint-import-resolver-node: 0.3.9
-      eslint-module-utils: 2.8.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@2.7.1(eslint-plugin-import@2.29.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint@8.57.0))(eslint@9.9.0(jiti@1.21.6)))(eslint@9.9.0(jiti@1.21.6))
+      eslint-module-utils: 2.8.1(@typescript-eslint/parser@5.62.0(eslint@8.57.0)(typescript@4.9.5))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@2.7.1)(eslint@9.9.0(jiti@1.21.6))
       hasown: 2.0.2
       is-core-module: 2.16.0
       is-glob: 4.0.3
@@ -30376,7 +30376,7 @@ snapshots:
 
   eslint-plugin-yml@0.14.0(eslint@8.57.0):
     dependencies:
-      debug: 4.3.5
+      debug: 4.4.0
       eslint: 8.57.0
       lodash: 4.17.21
       natural-compare: 1.4.0
@@ -32028,7 +32028,7 @@ snapshots:
     dependencies:
       '@tootallnate/once': 1.1.2
       agent-base: 6.0.2
-      debug: 4.3.5
+      debug: 4.4.0
     transitivePeerDependencies:
       - supports-color
 
@@ -32036,14 +32036,14 @@ snapshots:
     dependencies:
       '@tootallnate/once': 2.0.0
       agent-base: 6.0.2
-      debug: 4.3.5
+      debug: 4.4.0
     transitivePeerDependencies:
       - supports-color
 
   http-proxy-agent@7.0.2:
     dependencies:
       agent-base: 7.1.1
-      debug: 4.3.5
+      debug: 4.4.0
     transitivePeerDependencies:
       - supports-color
 
@@ -32075,14 +32075,14 @@ snapshots:
   https-proxy-agent@5.0.1:
     dependencies:
       agent-base: 6.0.2
-      debug: 4.3.5
+      debug: 4.4.0
     transitivePeerDependencies:
       - supports-color
 
   https-proxy-agent@7.0.4:
     dependencies:
       agent-base: 7.1.1
-      debug: 4.3.5
+      debug: 4.4.0
     transitivePeerDependencies:
       - supports-color
 
@@ -35045,7 +35045,7 @@ snapshots:
 
   micromark@2.11.4:
     dependencies:
-      debug: 4.3.5
+      debug: 4.4.0
       parse-entities: 2.0.0
     transitivePeerDependencies:
       - supports-color
@@ -35053,7 +35053,7 @@ snapshots:
   micromark@3.2.0:
     dependencies:
       '@types/debug': 4.1.12
-      debug: 4.3.5
+      debug: 4.4.0
       decode-named-character-reference: 1.0.2
       micromark-core-commonmark: 1.1.0
       micromark-factory-space: 1.1.0
@@ -35075,7 +35075,7 @@ snapshots:
   micromark@4.0.0:
     dependencies:
       '@types/debug': 4.1.12
-      debug: 4.3.5
+      debug: 4.4.0
       decode-named-character-reference: 1.0.2
       devlop: 1.1.0
       micromark-core-commonmark: 2.0.1
@@ -35222,12 +35222,12 @@ snapshots:
 
   ms@2.1.3: {}
 
-  msw-storybook-addon@1.10.0(msw@1.3.3(encoding@0.1.13)(typescript@5.7.2)):
+  msw-storybook-addon@1.10.0(msw@1.3.5(encoding@0.1.13)(typescript@5.7.2)):
     dependencies:
       is-node-process: 1.2.0
-      msw: 1.3.3(encoding@0.1.13)(typescript@5.7.2)
+      msw: 1.3.5(encoding@0.1.13)(typescript@5.7.2)
 
-  msw@1.3.3(encoding@0.1.13)(typescript@5.7.2):
+  msw@1.3.5(encoding@0.1.13)(typescript@5.7.2):
     dependencies:
       '@mswjs/cookies': 0.2.2
       '@mswjs/interceptors': 0.17.10
@@ -35244,7 +35244,7 @@ snapshots:
       js-levenshtein: 1.1.6
       node-fetch: 2.6.13(encoding@0.1.13)
       outvariant: 1.4.2
-      path-to-regexp: 6.2.1
+      path-to-regexp: 6.3.0
       strict-event-emitter: 0.4.6
       type-fest: 2.19.0
       yargs: 17.7.2
@@ -35790,7 +35790,7 @@ snapshots:
 
   path-to-regexp@0.1.12: {}
 
-  path-to-regexp@6.2.1: {}
+  path-to-regexp@6.3.0: {}
 
   path-type@3.0.0:
     dependencies:
@@ -38227,7 +38227,7 @@ snapshots:
 
   spdy-transport@3.0.0:
     dependencies:
-      debug: 4.3.5
+      debug: 4.4.0
       detect-node: 2.1.0
       hpack.js: 2.1.6
       obuf: 1.1.2
@@ -38238,7 +38238,7 @@ snapshots:
 
   spdy@4.0.2:
     dependencies:
-      debug: 4.3.5
+      debug: 4.4.0
       handle-thing: 2.0.1
       http-deceiver: 1.2.7
       select-hose: 2.0.0
@@ -39964,7 +39964,7 @@ snapshots:
   vite-node@0.32.4(@types/node@16.18.105)(sass@1.32.0)(terser@5.37.0):
     dependencies:
       cac: 6.7.14
-      debug: 4.3.5
+      debug: 4.4.0
       mlly: 1.7.3
       pathe: 1.1.2
       picocolors: 1.1.1
@@ -40208,7 +40208,7 @@ snapshots:
 
   vue-eslint-parser@8.3.0(eslint@8.57.0):
     dependencies:
-      debug: 4.3.5
+      debug: 4.4.0
       eslint: 8.57.0
       eslint-scope: 7.2.2
       eslint-visitor-keys: 3.4.3
@@ -40221,7 +40221,7 @@ snapshots:
 
   vue-eslint-parser@9.4.3(eslint@8.57.0):
     dependencies:
-      debug: 4.3.5
+      debug: 4.4.0
       eslint: 8.57.0
       eslint-scope: 7.2.2
       eslint-visitor-keys: 3.4.3