Initial implementation (#1)

This is a first-pass implementation for the NodeJS SDK:

- Core API calls to register and authenticate
- Error handling
- Type exports
- API key auto-detection
- License

Author: Firehed

.gitignore

@@ -0,0 +1,2 @@
+dist/
+node_modules/

LICENSE

@@ -0,0 +1,28 @@
+BSD 3-Clause License
+
+Copyright (c) 2023-2034, SnapAuth
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -1 +1,109 @@
 # SnapAuth SDK for NodeJS
+
+The official NodeJS SDK for SnapAuth 🫰
+
+This is for _server_ code.
+If you're looking for the _client_ integration, check out `@snapauth/sdk`.
+
+- [SnapAuth Homepage](https://www.snapauth.app)
+- [Docs](https://docs.snapauth.app)
+- [Dashboard](https://dashboard.snapauth.app)
+- [Github](https://github.com/snapauthapp/sdk-node)
+
+## Installation and Setup
+
+```bash
+npm i --save @snapauth/node-sdk
+# yarn add @snapauth/sdk
+# etc
+```
+
+```typescript
+import SnapAuth from '@snapauth/node-sdk'
+const snapAuth = new SnapAuth(process.env.SNAPAUTH_SECRET_KEY)
+```
+> [!TIP]
+> The SDK will auto-detect a `SNAPAUTH_SECRET_KEY` environment variable.
+> If that's where you've set up your Secret Key, you can simplify this to
+> `const snapAuth = new SnapAuth()`.
+
+
+## Usage
+
+All examples are in TypeScript, based roughly on an ExpressJS app.
+
+General usage is as follows:
+
+```typescript
+const response = await snapAuth.someApiCall(param1, ...)
+if (response.ok) {
+  // Got back a 2xx
+  // console.assert(response.result !== null)
+  useDataFrom(response.result)
+} else {
+  // Any other response, or network error
+  // console.assert(response.result === null)
+  // console.assert(response.errors.length > 0)
+  console.error(response.errors)
+}
+```
+
+This is similar to `fetch()` which you're probably already familiar with.
+
+If the API call succeeded, the [response](https://docs.snapauth.app/server.html) will be in `response.result`.
+
+> [!NOTE]
+> Even on successful responses, `response.errors` may contain information, such as deprecation or usage warnings.
+> We suggest always examining this value.
+
+### Completing credential registration
+
+```typescript
+app.post('/register', async (request, response) => {
+  // You should have POSTed something like this:
+  // {
+  //  token: string
+  //  username: string
+  // }
+  const token = request.body.token
+  const username = request.body.username
+  // Do whatever you normally do to create a new User record
+  const user = createUserWithUsername(username)
+  // Then save the new passkey
+  const credentialInfo = await snapAuth.attachRegistration(token, {
+    id: user.id, // You may need to cast this to a string first, e.g. `String(user.id)`
+    handle: user.username, // Probably the value from above
+  })
+  // That's it. Proceed as normal.
+})
+```
+
+> [!NOTE]
+> The `id` is what you should use during authentication; it can not be changed.
+> The `handle` is to make client code more straightforward, and is typically the value the user would type in to a username field.
+>
+> You MAY hash or obfuscate the `handle`, or omit it entirely.
+> If you do, you'll need to either a) repeat the procedure in client code during authentication or b) rely on the user's id instead.
+
+### Authenticating
+
+```typescript
+app.post('/signin', async (request, response) => {
+  // { token: string }
+  const token = request.body.token
+  const auth = await snapAuth.signIn(token)
+  if (auth.ok) {
+    signInUserWithId(auth.result.user.id)
+  } else {
+    // Look at auth.errors and decide what, if anything, to display to the user.
+  }
+})
+```
+
+## Building the SDK
+
+Run `npm run watch` to keep the build running continually on file change.
+
+To make the local version available for linking, run `npm link` in this directory.
+
+In the project that should _use_ the local version, run `npm link '@snapauth/node-sdk'` which will set up the symlinking.