@convex-dev/better-auth 0.7.0-alpha.12 → 0.7.0-alpha.3

package/src/component/lib.ts

@@ -1,532 +1,423 @@
-import { mutation, query, QueryCtx } from "../component/_generated/server";
+import {
+  action,
+  mutation,
+  query,
+  QueryCtx,
+} from "../component/_generated/server";
 import { asyncMap } from "convex-helpers";
-import { Infer, v } from "convex/values";
+import { v } from "convex/values";
+import { api } from "../component/_generated/api";
 import { Doc, Id, TableNames } from "../component/_generated/dataModel";
-import schema, { specialFields } from "../component/schema";
-import {
-  PaginationOptions,
-  paginationOptsValidator,
-  PaginationResult,
-} from "convex/server";
+import schema from "../component/schema";
+import { paginationOptsValidator, PaginationResult } from "convex/server";
 import { paginator } from "convex-helpers/server/pagination";
 import { partial } from "convex-helpers/validators";
 
-export const adapterWhereValidator = v.object({
-  field: v.string(),
-  operator: v.optional(
-    v.union(
-      v.literal("lt"),
-      v.literal("lte"),
-      v.literal("gt"),
-      v.literal("gte"),
-      v.literal("eq"),
-      v.literal("in"),
-      v.literal("ne"),
-      v.literal("contains"),
-      v.literal("starts_with"),
-      v.literal("ends_with")
-    )
-  ),
-  value: v.union(
-    v.string(),
-    v.number(),
-    v.boolean(),
-    v.array(v.string()),
-    v.array(v.number()),
-    v.null()
-  ),
-  connector: v.optional(v.union(v.literal("AND"), v.literal("OR"))),
-});
-
-export const adapterArgsValidator = v.object({
-  model: v.string(),
-  where: v.optional(v.array(adapterWhereValidator)),
-  sortBy: v.optional(
-    v.object({
-      field: v.string(),
-      direction: v.union(v.literal("asc"), v.literal("desc")),
-    })
-  ),
-  select: v.optional(v.array(v.string())),
-  limit: v.optional(v.number()),
-  unique: v.optional(v.boolean()),
-});
-
-const getUniqueFields = (table: TableNames, input: Record<string, any>) => {
-  const fields = specialFields[table as keyof typeof specialFields];
-  if (!fields) {
-    return [];
-  }
-  return Object.entries(fields)
-    .filter(
-      ([key, value]) =>
-        value.unique && Object.keys(input).includes(key as keyof typeof input)
-    )
-    .map(([key]) => key);
+export const transformInput = (model: string, data: Record<string, any>) => {
+  return {
+    ...Object.fromEntries(
+      Object.entries(data).map(([key, value]) => {
+        if (value instanceof Date) {
+          return [key, value.getTime()];
+        }
+        return [key, value];
+      })
+    ),
+  };
 };
 
-const checkUniqueFields = async (
-  ctx: QueryCtx,
-  table: TableNames,
-  input: Record<string, any>,
-  doc?: Doc<any>
+export const transformOutput = (
+  { _id, _creationTime, ...data }: Doc<TableNames>,
+  _model: string
 ) => {
-  const uniqueFields = getUniqueFields(table, input);
-  if (!uniqueFields.length) {
-    return;
-  }
-  for (const field of uniqueFields) {
-    const existingDoc = await ctx.db
-      .query(table as any)
-      .withIndex(field as any, (q) =>
-        q.eq(field, input[field as keyof typeof input])
-      )
-      .unique();
-    if (existingDoc && existingDoc._id !== doc?._id) {
-      throw new Error(`${table} ${field} already exists`);
-    }
-  }
+  // Provide the expected id field, but it can be overwritten if
+  // the model has an id field
+  return { id: _id, ...data };
 };
 
-const findIndex = async (args: {
-  model: string;
-  where?: {
+// Get the session via sessionId in jwt claims
+export const getCurrentSession = query({
+  args: {},
+  handler: async (ctx) => {
+    const identity = await ctx.auth.getUserIdentity();
+    if (!identity) {
+      return null;
+    }
+    return ctx.db.get(identity.sessionId as Id<"session">);
+  },
+});
+
+export const getByHelper = async (
+  ctx: QueryCtx,
+  args: {
+    table: string;
     field: string;
-    operator?: string;
     value: any;
-    connector?: "AND" | "OR";
-  }[];
-  sortBy?: {
-    field: string;
-    direction: "asc" | "desc";
-  };
-}) => {
-  if (!args.where && !args.sortBy) {
-    return;
-  }
-  if (args.where?.some((w) => w.field === "id")) {
-    throw new Error("id is not a valid index field");
+    unique?: boolean;
   }
-  if (args.where?.some((w) => w.connector && w.connector !== "AND")) {
-    throw new Error(
-      `OR connector not supported: ${JSON.stringify(args.where)}`
-    );
-  }
-  if (
-    args.where?.some(
-      (w) =>
-        w.operator &&
-        !["lt", "lte", "gt", "gte", "eq", "in"].includes(w.operator)
-    )
-  ) {
-    throw new Error(
-      `where clause not supported: ${JSON.stringify(args.where)}`
-    );
-  }
-  const lowerBounds =
-    args.where?.filter((w) => w.operator === "lt" || w.operator === "lte") ??
-    [];
-  if (lowerBounds.length > 1) {
-    throw new Error(
-      `cannot have more than one lower bound where clause: ${JSON.stringify(args.where)}`
-    );
-  }
-  const upperBounds =
-    args.where?.filter((w) => w.operator === "gt" || w.operator === "gte") ??
-    [];
-  if (upperBounds.length > 1) {
-    throw new Error(
-      `cannot have more than one upper bound where clause: ${JSON.stringify(args.where)}`
-    );
-  }
-  const lowerBound = lowerBounds[0];
-  const upperBound = upperBounds[0];
-  if (lowerBound && upperBound && lowerBound.field !== upperBound.field) {
-    throw new Error(
-      `lower bound and upper bound must have the same field: ${JSON.stringify(args.where)}`
-    );
-  }
-  const boundField = lowerBound?.field || upperBound?.field;
-  if (
-    boundField &&
-    args.where?.some(
-      (w) => w.field === boundField && w !== lowerBound && w !== upperBound
-    )
-  ) {
-    throw new Error(
-      `too many where clauses on the bound field: ${JSON.stringify(args.where)}`
-    );
-  }
-  const indexFields =
-    args.where
-      ?.filter((w) => !w.operator || w.operator === "eq")
-      .sort((a, b) => {
-        return a.field.localeCompare(b.field);
-      })
-      .map((w) => [w.field, w.value]) ?? [];
-  if (!indexFields?.length && !boundField && !args.sortBy) {
-    return;
-  }
-  const indexes =
-    schema.tables[args.model as keyof typeof schema.tables][" indexes"]();
-  const sortField = args.sortBy?.field;
-
-  // We internally use _creationTime in place of Better Auth's createdAt
-  const indexName = indexFields
-    .map(([field]) => field)
-    .join("_")
-    .concat(
-      boundField && boundField !== "createdAt"
-        ? `${indexFields.length ? "_" : ""}${boundField}`
-        : ""
-    )
-    .concat(
-      sortField && sortField !== "createdAt" && boundField !== sortField
-        ? `${indexFields.length || boundField ? "_" : ""}${sortField}`
-        : ""
-    );
-  if (!indexName && !boundField && !sortField) {
-    return;
-  }
-  // Use the built in creationTime index if bounding or sorting by createdAt
-  // with no other fields
-  const index = !indexName
-    ? {
-        indexDescriptor: "by_creation_time",
-        fields: [],
-      }
-    : indexes.find(({ indexDescriptor }) => {
-        return boundField === "createdAt" || sortField === "createdAt"
-          ? indexDescriptor === indexName
-          : indexDescriptor.startsWith(indexName);
-      });
-  if (!index) {
-    throw new Error(`Index ${indexName} not found for table ${args.model}`);
-  }
-  return {
-    index: {
-      indexDescriptor: index.indexDescriptor,
-      fields: [...index.fields, "_creationTime"],
-    },
-    boundField,
-    sortField,
-    values: {
-      eq: indexFields.map(([, value]) => value),
-      lt: lowerBound?.operator === "lt" ? lowerBound.value : undefined,
-      lte: lowerBound?.operator === "lte" ? lowerBound.value : undefined,
-      gt: upperBound?.operator === "gt" ? upperBound.value : undefined,
-      gte: upperBound?.operator === "gte" ? upperBound.value : undefined,
-    },
-  };
-};
-
-const selectFields = <T extends TableNames, D extends Doc<T>>(
-  doc: D | null,
-  select?: string[]
 ) => {
-  if (!doc) {
-    return null;
-  }
-  if (!select?.length) {
-    return doc;
+  if (args.field === "id") {
+    return ctx.db.get(args.value);
   }
-  return select.reduce((acc, field) => {
-    (acc as any)[field] = doc[field];
-    return acc;
-  }, {} as D);
+  const query = ctx.db
+    .query(args.table as any)
+    .withIndex(args.field as any, (q) => q.eq(args.field, args.value));
+  return args.unique ? await query.unique() : await query.first();
 };
 
-// This is the core function for reading from the database, it parses and
-// validates where conditions, selects indexes, and allows the caller to
-// optionally paginate as needed.
-const paginate = async (
-  ctx: QueryCtx,
-  args: Infer<typeof adapterArgsValidator> & {
-    paginationOpts: PaginationOptions;
-  }
-): Promise<PaginationResult<Doc<any>>> => {
-  // If any index is id, we can only return a single document
-  const idWhere = args.where?.find((w) => w.field === "id");
-  if (idWhere) {
-    const doc = await ctx.db.get(idWhere.value as Id<TableNames>);
-    return {
-      page: [selectFields(doc, args.select)].filter(Boolean),
-      isDone: true,
-      continueCursor: "",
-    };
-  }
-  const { index, values, boundField } = (await findIndex(args)) ?? {};
-  const query = paginator(ctx.db, schema).query(args.model as any);
-  const hasValues =
-    values?.eq?.length ||
-    values?.lt ||
-    values?.lte ||
-    values?.gt ||
-    values?.gte;
-  const indexedQuery =
-    index && index.indexDescriptor !== "by_creation_time"
-      ? query.withIndex(
-          index.indexDescriptor,
-          hasValues
-            ? (q: any) => {
-                for (const [idx, value] of (values?.eq ?? []).entries()) {
-                  q = q.eq(index.fields[idx], value);
-                }
-                if (values?.lt) {
-                  q = q.lt(boundField, values.lt);
-                }
-                if (values?.lte) {
-                  q = q.lte(boundField, values.lte);
-                }
-                if (values?.gt) {
-                  q = q.gt(boundField, values.gt);
-                }
-                if (values?.gte) {
-                  q = q.gte(boundField, values.gte);
-                }
-                return q;
-              }
-            : undefined
-        )
-      : query;
-
-  const orderedQuery = args.sortBy
-    ? indexedQuery.order(args.sortBy.direction === "asc" ? "asc" : "desc")
-    : indexedQuery;
-  const result = await orderedQuery.paginate(args.paginationOpts);
-  return {
-    ...result,
-    page: result.page.map((doc) => selectFields(doc, args.select)),
-  };
+export const getByArgsValidator = {
+  table: v.string(),
+  field: v.string(),
+  unique: v.optional(v.boolean()),
+  value: v.union(
+    v.string(),
+    v.number(),
+    v.boolean(),
+    v.array(v.string()),
+    v.array(v.number()),
+    v.null()
+  ),
 };
 
-const listOne = async (
-  ctx: QueryCtx,
-  args: Infer<typeof adapterArgsValidator>
-): Promise<Doc<any> | null> => {
-  return (
-    await paginate(ctx, {
-      ...args,
-      paginationOpts: {
-        numItems: 1,
-        cursor: null,
-      },
-    })
-  ).page[0];
-};
+// Generic functions
+export const getByQuery = query({
+  args: getByArgsValidator,
+  handler: async (ctx, args) => {
+    const doc = await getByHelper(ctx, args);
+    if (!doc) {
+      return;
+    }
+    return transformOutput(doc, args.table);
+  },
+});
+export { getByQuery as getBy };
 
 export const create = mutation({
-  args: {
+  args: v.object({
     input: v.union(
-      ...Object.entries(schema.tables).map(([model, table]) =>
+      ...Object.values(schema.tables).map((table) =>
         v.object({
-          model: v.literal(model),
-          where: v.optional(v.array(adapterWhereValidator)),
-          data: v.object(table.validator.fields),
+          table: v.string(),
+          ...table.validator.fields,
         })
       )
     ),
+  }),
+  handler: async (ctx, args) => {
+    const { table, ...input } = args.input;
+    const id = await ctx.db.insert(table as any, {
+      ...input,
+    });
+    const doc = await ctx.db.get(id);
+    if (!doc) {
+      throw new Error(`Failed to create ${table}`);
+    }
+    return transformOutput(doc, table);
   },
+});
+
+export const updateArgsInputValidator = <T extends TableNames>(table: T) => {
+  return v.object({
+    table: v.literal(table),
+    where: v.object({ field: v.string(), value: getByArgsValidator.value }),
+    value: v.record(v.string(), v.any()),
+  });
+};
+
+const updateArgsValidator = {
+  input: v.union(
+    updateArgsInputValidator("account"),
+    updateArgsInputValidator("session"),
+    updateArgsInputValidator("verification"),
+    updateArgsInputValidator("user")
+  ),
+};
+
+export const update = mutation({
+  args: updateArgsValidator,
   handler: async (ctx, args) => {
-    await checkUniqueFields(
-      ctx,
-      args.input.model as TableNames,
-      args.input.data
-    );
+    const { table, where, value } = args.input;
+    const doc =
+      where.field === "id"
+        ? await ctx.db.get(where.value as Id<any>)
+        : await getByHelper(ctx, { table, ...where });
+    if (!doc) {
+      throw new Error(`Failed to update ${table}`);
+    }
+    await ctx.db.patch(doc._id, value as any);
+    const updatedDoc = await ctx.db.get(doc._id);
+    if (!updatedDoc) {
+      throw new Error(`Failed to update ${table}`);
+    }
+    return transformOutput(updatedDoc, table);
+  },
+});
 
-    const id = await ctx.db.insert(args.input.model as any, args.input.data);
-    const doc = await ctx.db.get(id);
+export const deleteBy = mutation({
+  args: getByArgsValidator,
+  handler: async (ctx, args) => {
+    const doc = await getByHelper(ctx, args);
     if (!doc) {
-      throw new Error(`Failed to create ${args.input.model}`);
+      return;
     }
+    await ctx.db.delete(doc._id);
+    // onDeleteUser requires userId from the doc,
+    // so just return the whole thing
     return doc;
   },
 });
 
-export const findOne = query({
-  args: adapterArgsValidator,
+// Single purpose functions
+export const getAccountsByUserId = query({
+  args: { userId: v.string(), limit: v.optional(v.number()) },
+  handler: async (ctx, args) => {
+    const query = ctx.db
+      .query("account")
+      .withIndex("userId", (q) => q.eq("userId", args.userId));
+    const docs = args.limit
+      ? await query.take(args.limit)
+      : await query.collect();
+    return docs.map((doc) => transformOutput(doc, "account"));
+  },
+});
+
+export const getSessionsByUserId = query({
+  args: { userId: v.string(), limit: v.optional(v.number()) },
   handler: async (ctx, args) => {
-    return await listOne(ctx, args);
+    const query = ctx.db
+      .query("session")
+      .withIndex("userId", (q) => q.eq("userId", args.userId));
+    const docs = args.limit
+      ? await query.take(args.limit)
+      : await query.collect();
+    return docs.map((doc) => transformOutput(doc, "session"));
   },
 });
 
-export const findMany = query({
+export const getJwks = query({
   args: {
-    ...adapterArgsValidator.fields,
-    paginationOpts: paginationOptsValidator,
+    limit: v.optional(v.number()),
   },
   handler: async (ctx, args) => {
-    return await paginate(ctx, args);
+    const query = ctx.db.query("jwks");
+    const docs = args.limit
+      ? await query.take(args.limit)
+      : await query.collect();
+    return docs.map((doc) => transformOutput(doc, "jwks"));
   },
 });
 
-export const updateOne = mutation({
+export const listVerificationsByIdentifier = query({
   args: {
-    input: v.union(
-      ...Object.entries(schema.tables).map(([model, table]) =>
-        v.object({
-          model: v.literal(model),
-          where: v.optional(v.array(adapterWhereValidator)),
-          update: v.object(
-            Object.fromEntries(
-              Object.entries(table.validator.fields).map(([key, value]) => [
-                key,
-                value.isOptional === "required" ? v.optional(value) : value,
-              ])
-            )
-          ),
-        })
-      )
+    identifier: v.string(),
+    sortBy: v.optional(
+      v.object({
+        field: v.string(),
+        direction: v.union(v.literal("asc"), v.literal("desc")),
+      })
     ),
+    limit: v.optional(v.number()),
   },
   handler: async (ctx, args) => {
-    const doc = await listOne(ctx, args.input);
-    if (!doc) {
-      throw new Error(`Failed to update ${args.input.model}`);
-    }
-    await checkUniqueFields(
-      ctx,
-      args.input.model as TableNames,
-      args.input.update,
-      doc
-    );
-    await ctx.db.patch(doc._id, args.input.update as any);
-    const updatedDoc = await ctx.db.get(doc._id);
-    if (!updatedDoc) {
-      throw new Error(`Failed to update ${args.input.model}`);
+    if (args.sortBy && args.sortBy.field !== "createdAt") {
+      throw new Error(`Unsupported sortBy field: ${args.sortBy.field}`);
     }
-    return updatedDoc;
+    const query = ctx.db
+      .query("verification")
+      .withIndex("identifier", (q) => q.eq("identifier", args.identifier))
+      .order(
+        args.sortBy?.field === "createdAt" && args.sortBy?.direction
+          ? args.sortBy.direction
+          : "asc"
+      );
+    const docs = args.limit
+      ? await query.take(args.limit)
+      : await query.collect();
+    return docs.map((doc) => transformOutput(doc, "verification"));
   },
 });
 
-export const updateMany = mutation({
+export const deleteOldVerificationsPage = mutation({
   args: {
-    ...adapterArgsValidator.fields,
-    update: v.optional(v.object(partial(schema.tables.user.validator.fields))),
-    paginationOpts: paginationOptsValidator,
+    currentTimestamp: v.number(),
+    paginationOpts: v.optional(paginationOptsValidator),
   },
   handler: async (ctx, args) => {
-    const { page, ...result } = await paginate(ctx, args);
-    if (args.update) {
-      const uniqueFields = getUniqueFields(
-        args.model as TableNames,
-        args.update ?? {}
-      );
-      if (uniqueFields.length && page.length > 1) {
-        throw new Error(
-          `Attempted to set unique fields in multiple documents in ${args.model} with the same value. Fields: ${uniqueFields.join(", ")}`
-        );
-      }
-      await asyncMap(page, async (doc) => {
-        await checkUniqueFields(
-          ctx,
-          args.model as TableNames,
-          args.update ?? {},
-          doc
-        );
-        await ctx.db.patch(doc._id, args.update as any);
-      });
-    }
-    return {
-      ...result,
-      count: page.length,
+    const paginationOpts = args.paginationOpts ?? {
+      numItems: 500,
+      cursor: null,
     };
+    const { page, ...result } = await paginator(ctx.db, schema)
+      .query("verification")
+      .withIndex("expiresAt", (q) => q.lt("expiresAt", args.currentTimestamp))
+      .paginate(paginationOpts);
+    await asyncMap(page, async (doc) => {
+      await ctx.db.delete(doc._id);
+    });
+    return { ...result, count: page.length };
   },
 });
 
-export const deleteOne = mutation({
-  args: adapterArgsValidator,
+export const deleteOldVerifications = action({
+  args: {
+    currentTimestamp: v.number(),
+  },
   handler: async (ctx, args) => {
-    const doc = await listOne(ctx, args);
-    if (!doc) {
-      return;
-    }
-    await ctx.db.delete(doc._id);
-    return doc;
+    let count = 0;
+    let cursor = null;
+    let isDone = false;
+    do {
+      const result: Omit<PaginationResult<Doc<"verification">>, "page"> & {
+        count: number;
+      } = await ctx.runMutation(api.lib.deleteOldVerificationsPage, {
+        currentTimestamp: args.currentTimestamp,
+        paginationOpts: {
+          numItems: 500,
+          cursor,
+        },
+      });
+      count += result.count;
+      cursor =
+        result.pageStatus &&
+        result.splitCursor &&
+        ["SplitRecommended", "SplitRequired"].includes(result.pageStatus)
+          ? result.splitCursor
+          : result.continueCursor;
+      isDone = result.isDone;
+    } while (!isDone);
+    return count;
   },
 });
 
-export const deleteMany = mutation({
+export const deleteExpiredSessions = mutation({
   args: {
-    ...adapterArgsValidator.fields,
-    paginationOpts: paginationOptsValidator,
+    userId: v.string(),
+    expiresAt: v.number(),
   },
   handler: async (ctx, args) => {
-    const { page, ...result } = await paginate(ctx, args);
-    await asyncMap(page, async (doc) => {
+    const docs = await ctx.db
+      .query("session")
+      .withIndex("userId_expiresAt", (q) =>
+        q.eq("userId", args.userId).lt("expiresAt", args.expiresAt)
+      )
+      .collect();
+    await asyncMap(docs, async (doc) => {
       await ctx.db.delete(doc._id);
     });
-    return {
-      ...result,
-      count: page.length,
+    return docs.length;
+  },
+});
+
+export const deleteAllForUserPage = mutation({
+  args: {
+    table: v.string(),
+    userId: v.string(),
+    paginationOpts: v.optional(paginationOptsValidator),
+  },
+  handler: async (ctx, args) => {
+    const paginationOpts = args.paginationOpts ?? {
+      numItems: 500,
+      cursor: null,
     };
+    const { page, ...result } = await paginator(ctx.db, schema)
+      .query(args.table as any)
+      .withIndex("userId", (q) => q.eq("userId", args.userId))
+      .paginate(paginationOpts);
+    await asyncMap(page, async (doc) => {
+      await ctx.db.delete(doc._id);
+    });
+    return { ...result, count: page.length };
   },
 });
 
-// Get the session via sessionId in jwt claims
-// TODO: this needs a refresh, subquery only necessary for actions
-export const getCurrentSession = query({
-  args: {},
-  handler: async (ctx) => {
-    const identity = await ctx.auth.getUserIdentity();
-    if (!identity) {
-      return null;
-    }
-    return ctx.db.get(identity.sessionId as Id<"session">);
+export const deleteAllForUser = action({
+  args: {
+    table: v.string(),
+    userId: v.string(),
+  },
+  handler: async (ctx, args) => {
+    let count = 0;
+    let cursor = null;
+    let isDone = false;
+    do {
+      const result: Omit<PaginationResult<Doc<"session">>, "page"> & {
+        count: number;
+      } = await ctx.runMutation(api.lib.deleteAllForUserPage, {
+        table: args.table,
+        userId: args.userId,
+        paginationOpts: {
+          numItems: 500,
+          cursor,
+        },
+      });
+      count += result.count;
+      cursor =
+        result.pageStatus &&
+        result.splitCursor &&
+        ["SplitRecommended", "SplitRequired"].includes(result.pageStatus)
+          ? result.splitCursor
+          : result.continueCursor;
+      isDone = result.isDone;
+    } while (!isDone);
+    return count;
   },
 });
 
-// TODO: rewrite functions below here to be dynamic
+export const getAccountByAccountIdAndProviderId = query({
+  args: { accountId: v.string(), providerId: v.string() },
+  handler: async (ctx, args) => {
+    const doc = await ctx.db
+      .query("account")
+      .withIndex("providerId_accountId", (q) =>
+        q.eq("providerId", args.providerId).eq("accountId", args.accountId)
+      )
+      .unique();
+    if (!doc) {
+      return;
+    }
+    return transformOutput(doc, "account");
+  },
+});
 
-export const getIn = query({
-  args: adapterArgsValidator,
+export const updateUserProviderAccounts = mutation({
+  args: {
+    userId: v.string(),
+    providerId: v.string(),
+    update: v.object(partial(schema.tables.account.validator.fields)),
+  },
   handler: async (ctx, args) => {
-    const where = args.where?.[0];
-    if (!where || where.operator !== "in" || args.where?.length !== 1) {
-      throw new Error("where must be a single in clause");
+    const docs = await ctx.db
+      .query("account")
+      .withIndex("userId_providerId", (q) =>
+        q.eq("userId", args.userId).eq("providerId", args.providerId)
+      )
+      .collect();
+    if (docs.length === 0) {
+      return 0;
     }
-    return (
-      await asyncMap(where.value as any[], async (value) => {
-        if (where.field === "id") {
-          return [await ctx.db.get(value as Id<TableNames>)];
-        }
-        const query = ctx.db
-          .query(args.model as any)
-          .withIndex(where.field as any, (q) => q.eq(where.field, value));
-        if (args.limit) {
-          return await query.take(args.limit);
-        }
-        return await query.collect();
-      })
-    )
-      .flat()
-      .filter(Boolean);
+    await asyncMap(docs, async (doc) => {
+      await ctx.db.patch(doc._id, args.update);
+    });
+    return docs.length;
   },
 });
 
-export const deleteIn = mutation({
+export const updateTwoFactor = mutation({
   args: {
-    input: v.union(
-      v.object({
-        table: v.literal("session"),
-        field: v.literal("token"),
-        values: v.array(v.string()),
-      })
-    ),
+    userId: v.string(),
+    update: v.object(partial(schema.tables.twoFactor.validator.fields)),
   },
   handler: async (ctx, args) => {
-    const { table, field, values } = args.input;
-    const docs = await asyncMap(values, async (value) => {
-      const doc = await ctx.db
-        .query(table)
-        .withIndex(field as any, (q) => q.eq(field, value))
-        .unique();
-      if (!doc) {
-        return;
-      }
-      await ctx.db.delete(doc._id);
-      return doc;
+    const docs = await ctx.db
+      .query("twoFactor")
+      .withIndex("userId", (q) => q.eq("userId", args.userId))
+      .collect();
+    if (docs.length === 0) {
+      return 0;
+    }
+    await asyncMap(docs, async (doc) => {
+      await ctx.db.patch(doc._id, args.update);
     });
-    return docs.filter(Boolean).length;
+    return docs.length;
   },
 });