npm - @gaganref/convex-api-keys - Versions diffs - 0.1.0 - Mend

@gaganref/convex-api-keys 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (102) hide show

package/LICENSE +201 -0
package/README.md +419 -0
package/dist/client/_generated/_ignore.d.ts +1 -0
package/dist/client/_generated/_ignore.d.ts.map +1 -0
package/dist/client/_generated/_ignore.js +3 -0
package/dist/client/_generated/_ignore.js.map +1 -0
package/dist/client/crypto.d.ts +4 -0
package/dist/client/crypto.d.ts.map +1 -0
package/dist/client/crypto.js +48 -0
package/dist/client/crypto.js.map +1 -0
package/dist/client/errors.d.ts +32 -0
package/dist/client/errors.d.ts.map +1 -0
package/dist/client/errors.js +43 -0
package/dist/client/errors.js.map +1 -0
package/dist/client/index.d.ts +7 -0
package/dist/client/index.d.ts.map +1 -0
package/dist/client/index.js +4 -0
package/dist/client/index.js.map +1 -0
package/dist/client/operations.d.ts +240 -0
package/dist/client/operations.d.ts.map +1 -0
package/dist/client/operations.js +700 -0
package/dist/client/operations.js.map +1 -0
package/dist/client/options.d.ts +79 -0
package/dist/client/options.d.ts.map +1 -0
package/dist/client/options.js +51 -0
package/dist/client/options.js.map +1 -0
package/dist/client/types.d.ts +269 -0
package/dist/client/types.d.ts.map +1 -0
package/dist/client/types.js +24 -0
package/dist/client/types.js.map +1 -0
package/dist/component/_generated/api.d.ts +40 -0
package/dist/component/_generated/api.d.ts.map +1 -0
package/dist/component/_generated/api.js +31 -0
package/dist/component/_generated/api.js.map +1 -0
package/dist/component/_generated/component.d.ts +253 -0
package/dist/component/_generated/component.d.ts.map +1 -0
package/dist/component/_generated/component.js +11 -0
package/dist/component/_generated/component.js.map +1 -0
package/dist/component/_generated/dataModel.d.ts +46 -0
package/dist/component/_generated/dataModel.d.ts.map +1 -0
package/dist/component/_generated/dataModel.js +11 -0
package/dist/component/_generated/dataModel.js.map +1 -0
package/dist/component/_generated/server.d.ts +121 -0
package/dist/component/_generated/server.d.ts.map +1 -0
package/dist/component/_generated/server.js +78 -0
package/dist/component/_generated/server.js.map +1 -0
package/dist/component/cleanup.d.ts +29 -0
package/dist/component/cleanup.d.ts.map +1 -0
package/dist/component/cleanup.js +70 -0
package/dist/component/cleanup.js.map +1 -0
package/dist/component/convex.config.d.ts +3 -0
package/dist/component/convex.config.d.ts.map +1 -0
package/dist/component/convex.config.js +3 -0
package/dist/component/convex.config.js.map +1 -0
package/dist/component/crons.d.ts +3 -0
package/dist/component/crons.d.ts.map +1 -0
package/dist/component/crons.js +7 -0
package/dist/component/crons.js.map +1 -0
package/dist/component/lib.d.ts +323 -0
package/dist/component/lib.d.ts.map +1 -0
package/dist/component/lib.js +659 -0
package/dist/component/lib.js.map +1 -0
package/dist/component/schema.d.ts +82 -0
package/dist/component/schema.d.ts.map +1 -0
package/dist/component/schema.js +38 -0
package/dist/component/schema.js.map +1 -0
package/dist/component/sweep.d.ts +27 -0
package/dist/component/sweep.d.ts.map +1 -0
package/dist/component/sweep.js +94 -0
package/dist/component/sweep.js.map +1 -0
package/dist/shared.d.ts +11 -0
package/dist/shared.d.ts.map +1 -0
package/dist/shared.js +11 -0
package/dist/shared.js.map +1 -0
package/package.json +116 -0
package/src/client/__tests__/contracts.test.ts +109 -0
package/src/client/__tests__/errors.test.ts +133 -0
package/src/client/__tests__/hooks.test.ts +154 -0
package/src/client/__tests__/operations.test.ts +742 -0
package/src/client/__tests__/setup.test.ts +31 -0
package/src/client/_generated/_ignore.ts +1 -0
package/src/client/crypto.ts +64 -0
package/src/client/errors.ts +67 -0
package/src/client/index.ts +44 -0
package/src/client/operations.ts +881 -0
package/src/client/options.ts +146 -0
package/src/client/types.ts +313 -0
package/src/component/__tests__/cleanup.test.ts +472 -0
package/src/component/__tests__/lib.test.ts +676 -0
package/src/component/__tests__/setup.test.ts +11 -0
package/src/component/_generated/api.ts +56 -0
package/src/component/_generated/component.ts +300 -0
package/src/component/_generated/dataModel.ts +60 -0
package/src/component/_generated/server.ts +156 -0
package/src/component/cleanup.ts +85 -0
package/src/component/convex.config.ts +3 -0
package/src/component/crons.ts +20 -0
package/src/component/lib.ts +843 -0
package/src/component/schema.ts +49 -0
package/src/component/sweep.ts +117 -0
package/src/shared.ts +18 -0
package/src/test.ts +18 -0

package/src/client/options.ts ADDED Viewed

@@ -0,0 +1,146 @@
+import { optionsError } from "./errors.js";
+import type { ApiKeysTypeOptions } from "./types.js";
+/**
+ * Initialization options for the API keys client.
+ *
+ * Type-level concerns (namespace shape, metadata shape, permissions shape,
+ * requireName) are passed via the generic parameter of `ApiKeys<TOptions>`.
+ */
+export type ApiKeysOptions<
+  TOptions extends ApiKeysTypeOptions = Record<never, never>,
+> = {
+  /**
+   * Default permissions applied when create args do not include permissions.
+   *
+   * Typed against the `permissions` field of `TOptions` when provided.
+   * This is a convenience default — not a runtime allowlist validator.
+   */
+  permissionDefaults?: TOptions extends {
+    permissions: infer P extends Record<string, string[]>;
+  }
+    ? { [K in keyof P]?: P[K] }
+    : Record<string, string[]>;
+  /**
+   * Default key behavior applied when operation-level values are omitted.
+   */
+  keyDefaults?: {
+    /**
+     * Token prefix used when creating keys.
+     *
+     * @default "ak_"
+     */
+    prefix?: string;
+    /**
+     * Default absolute expiration in milliseconds.
+     *
+     * Set `null` for no expiration.
+     *
+     * @default null
+     */
+    ttlMs?: number | null;
+    /**
+     * Default idle timeout in milliseconds.
+     *
+     * Set `null` to disable idle expiration.
+     *
+     * @default null
+     */
+    idleTimeoutMs?: number | null;
+  };
+  /**
+   * Minimum log level for console output.
+   *
+   * - `"debug"` — logs all operations including successes
+   * - `"warn"` — logs warnings and errors only (default)
+   * - `"error"` — logs infrastructure failures only
+   * - `"none"` — disables all logging
+   *
+   * @default "warn"
+   */
+  logLevel?: "debug" | "warn" | "error" | "none";
+};
+/**
+ * Fully validated options shape used by runtime internals.
+ */
+export type NormalizedApiKeysOptions = {
+  permissionDefaults: Record<string, string[]> | undefined;
+  keyDefaults: {
+    prefix: string;
+    keyLengthBytes: number;
+    ttlMs: number | null;
+    idleTimeoutMs: number | null;
+  };
+  logLevel: "debug" | "warn" | "error" | "none";
+};
+const KEY_DEFAULTS = {
+  prefix: "ak_",
+  keyLengthBytes: 32,
+  ttlMs: null as number | null,
+  idleTimeoutMs: null as number | null,
+};
+const LOG_LEVELS = ["debug", "warn", "error", "none"] as const;
+/**
+ * Normalize and validate API keys options.
+ *
+ * @throws {ApiKeysClientError} If any option value is invalid.
+ */
+export function normalizeApiKeysOptions(
+  options: ApiKeysOptions<ApiKeysTypeOptions>,
+): NormalizedApiKeysOptions {
+  const keyDefaults = {
+    prefix: options.keyDefaults?.prefix ?? KEY_DEFAULTS.prefix,
+    keyLengthBytes: KEY_DEFAULTS.keyLengthBytes,
+    ttlMs: options.keyDefaults?.ttlMs ?? KEY_DEFAULTS.ttlMs,
+    idleTimeoutMs:
+      options.keyDefaults?.idleTimeoutMs ?? KEY_DEFAULTS.idleTimeoutMs,
+  };
+  if (keyDefaults.prefix.length > 32) {
+    throw optionsError(`keyDefaults.prefix exceeds max allowed length (32)`);
+  }
+  if (keyDefaults.prefix.length === 0) {
+    throw optionsError("keyDefaults.prefix must not be empty");
+  }
+  assertNullableNonNegativeInteger(keyDefaults.ttlMs, "keyDefaults.ttlMs");
+  assertNullableNonNegativeInteger(
+    keyDefaults.idleTimeoutMs,
+    "keyDefaults.idleTimeoutMs",
+  );
+  const logLevel = normalizeLogLevel(options.logLevel);
+  return {
+    permissionDefaults: options.permissionDefaults as
+      | Record<string, string[]>
+      | undefined,
+    keyDefaults,
+    logLevel,
+  };
+}
+function normalizeLogLevel(
+  level: "debug" | "warn" | "error" | "none" | undefined,
+): "debug" | "warn" | "error" | "none" {
+  const resolved = level ?? "warn";
+  if (!LOG_LEVELS.includes(resolved)) {
+    throw optionsError(`logLevel must be one of: ${LOG_LEVELS.join(", ")}`);
+  }
+  return resolved;
+}
+export function assertNullableNonNegativeInteger(
+  value: number | null,
+  path: string,
+) {
+  if (value === null) {
+    return;
+  }
+  if (!Number.isInteger(value) || value < 0) {
+    throw optionsError(`${path} must be null or a non-negative integer`);
+  }
+}

package/src/client/types.ts ADDED Viewed

@@ -0,0 +1,313 @@
+import type {
+  FunctionArgs,
+  FunctionReference,
+  FunctionReturnType,
+  FunctionVisibility,
+} from "convex/server";
+import { v, type Infer } from "convex/values";
+import type { ComponentApi } from "../component/_generated/component.js";
+type CreateMutationResult = FunctionReturnType<ComponentApi["lib"]["create"]>;
+type ValidateQueryResult = FunctionReturnType<ComponentApi["lib"]["validate"]>;
+type RefreshMutationResult = FunctionReturnType<ComponentApi["lib"]["refresh"]>;
+type GetKeyQueryResult = FunctionReturnType<ComponentApi["lib"]["getKey"]>;
+type CleanupExpiredMutationResult = FunctionReturnType<
+  ComponentApi["cleanup"]["cleanupExpired"]
+>;
+/**
+ * Type-level options passed as the generic parameter to `ApiKeys`.
+ *
+ * All fields are TypeScript-only — they are phantom types cast over `v.any()`
+ * / `v.string()` storage. You are responsible for keeping your type param
+ * consistent with the data already stored in the database.
+ *
+ * - `namespace` — any `string` subtype (literals, template literals).
+ *   Presence implies namespace is required in `create` args.
+ * - `requireName` — set to `true` to require `name` in `create` args.
+ * - `metadata` — shape of the metadata object stored with each key.
+ * - `permissions` — shape of the permissions object; values must be `string[]`
+ *   subtypes (including literal arrays).
+ */
+export type ApiKeysTypeOptions = {
+  namespace?: string;
+  requireName?: true;
+  metadata?: Record<string, unknown>;
+  permissions?: Record<string, string[]>;
+};
+/**
+ * Freeform metadata stored with an API key.
+ */
+export type ApiKeyMetadata = Record<string, unknown>;
+/**
+ * Metadata attached to lifecycle events (invalidate, refresh, bulk invalidate).
+ */
+export type ApiKeyEventMetadata = Record<string, unknown>;
+// --- Internal arg shape helpers ---
+type NamespaceArg<TOptions extends ApiKeysTypeOptions> = TOptions extends {
+  namespace: infer N extends string;
+}
+  ? { namespace: N }
+  : { namespace?: string };
+type NamespaceFilterArg<TOptions extends ApiKeysTypeOptions> =
+  TOptions extends { namespace: infer N extends string }
+    ? { namespace?: N }
+    : object;
+type NameArg<TOptions extends ApiKeysTypeOptions> = TOptions extends {
+  requireName: true;
+}
+  ? { name: string }
+  : { name?: string };
+type PermissionsInputArg<TOptions extends ApiKeysTypeOptions> =
+  TOptions extends { permissions: infer P extends Record<string, string[]> }
+    ? { permissions?: { [K in keyof P]?: P[K] } }
+    : { permissions?: Record<string, string[]> };
+// --- Internal result shape helpers ---
+type NamespaceOutput<TOptions extends ApiKeysTypeOptions> = TOptions extends {
+  namespace: infer N extends string;
+}
+  ? N | undefined
+  : string | undefined;
+type MetadataOutput<TOptions extends ApiKeysTypeOptions> = TOptions extends {
+  metadata: infer M extends Record<string, unknown>;
+}
+  ? M | undefined
+  : Record<string, unknown> | undefined;
+type PermissionsOutput<TOptions extends ApiKeysTypeOptions> = TOptions extends {
+  permissions: infer P extends Record<string, string[]>;
+}
+  ? P | undefined
+  : Record<string, string[]> | undefined;
+// --- Public types ---
+export type ApiKeyId = CreateMutationResult["keyId"];
+/**
+ * Plaintext API key token.
+ *
+ * Tokens are only available at creation/refresh time.
+ */
+export type ApiKeyToken = string;
+export type CreateArgs<
+  TOptions extends ApiKeysTypeOptions = Record<never, never>,
+> = NamespaceArg<TOptions> &
+  NameArg<TOptions> &
+  PermissionsInputArg<TOptions> & {
+    metadata?: TOptions extends {
+      metadata: infer M extends Record<string, unknown>;
+    }
+      ? M
+      : ApiKeyMetadata;
+    prefix?: string;
+    ttlMs?: number | null;
+    idleTimeoutMs?: number | null;
+  };
+export type CreateResult = {
+  keyId: ApiKeyId;
+  token: ApiKeyToken;
+  tokenPrefix: string;
+  tokenLast4: string;
+  createdAt: CreateMutationResult["createdAt"];
+  expiresAt?: number;
+};
+export type ValidateArgs = {
+  token: ApiKeyToken;
+};
+export type TouchArgs = {
+  keyId: ApiKeyId;
+};
+export type TouchResult = FunctionReturnType<ComponentApi["lib"]["touch"]>;
+export type PaginationOptions = {
+  numItems: number;
+  cursor: string | null;
+};
+export type ListKeysArgs<
+  TOptions extends ApiKeysTypeOptions = Record<never, never>,
+> = {
+  paginationOpts: PaginationOptions;
+  status?: "active" | "revoked";
+  order?: "asc" | "desc";
+} & NamespaceFilterArg<TOptions>;
+export type ListKeysResult = FunctionReturnType<
+  ComponentApi["lib"]["listKeys"]
+>;
+export type ListEventsArgs<
+  TOptions extends ApiKeysTypeOptions = Record<never, never>,
+> = {
+  paginationOpts: PaginationOptions;
+  order?: "asc" | "desc";
+} & NamespaceFilterArg<TOptions>;
+export type ListEventsResult = FunctionReturnType<
+  ComponentApi["lib"]["listEvents"]
+>;
+export type ListKeyEventsArgs = {
+  keyId: ApiKeyId;
+  paginationOpts: PaginationOptions;
+  order?: "asc" | "desc";
+};
+export type ListKeyEventsResult = FunctionReturnType<
+  ComponentApi["lib"]["listKeyEvents"]
+>;
+export type GetKeyArgs = {
+  keyId: ApiKeyId;
+};
+export type GetKeyResult = GetKeyQueryResult;
+export type InvalidateArgs = {
+  keyId: ApiKeyId;
+  reason?: string;
+  metadata?: ApiKeyEventMetadata;
+};
+export type InvalidateResult = FunctionReturnType<
+  ComponentApi["lib"]["invalidate"]
+>;
+export type InvalidateAllArgs<
+  TOptions extends ApiKeysTypeOptions = Record<never, never>,
+> = {
+  before?: number;
+  after?: number;
+  reason?: string;
+  metadata?: ApiKeyEventMetadata;
+  pageSize?: number;
+} & NamespaceFilterArg<TOptions>;
+export type InvalidateAllResult = {
+  processed: number;
+  revoked: number;
+  pages: number;
+};
+export type InvalidateAllPageResult = FunctionReturnType<
+  ComponentApi["lib"]["invalidateAll"]
+>;
+export const onInvalidateHookPayloadValidator = v.union(
+  v.object({
+    trigger: v.literal("invalidate"),
+    at: v.number(),
+    keyId: v.string(),
+    reason: v.optional(v.string()),
+  }),
+  v.object({
+    trigger: v.literal("refresh"),
+    at: v.number(),
+    keyId: v.string(),
+    replacementKeyId: v.string(),
+    reason: v.optional(v.string()),
+  }),
+  v.object({
+    trigger: v.literal("invalidateAll"),
+    at: v.number(),
+    namespace: v.optional(v.string()),
+    before: v.optional(v.number()),
+    after: v.optional(v.number()),
+    reason: v.optional(v.string()),
+    processed: v.number(),
+    revoked: v.number(),
+    pages: v.number(),
+  }),
+);
+export type OnInvalidateHookPayload = Infer<
+  typeof onInvalidateHookPayloadValidator
+>;
+export type UpdateArgs = {
+  keyId: ApiKeyId;
+  name?: string;
+  metadata?: ApiKeyMetadata;
+  /** Pass `null` to remove the expiry entirely. */
+  expiresAt?: number | null;
+  /** Pass `null` to remove the idle timeout entirely. */
+  maxIdleMs?: number | null;
+};
+export type UpdateResult = FunctionReturnType<ComponentApi["lib"]["update"]>;
+export type CleanupExpiredArgs = {
+  /**
+   * How long to retain revoked keys before hard-deleting them and their
+   * audit events. Must be a positive finite number.
+   *
+   * @default 30 days
+   */
+  retentionMs?: number;
+};
+export type CleanupExpiredResult = CleanupExpiredMutationResult;
+export type RefreshArgs = {
+  keyId: ApiKeyId;
+  /** Override the token prefix for the new key. Falls back to `keyDefaults.prefix`. */
+  prefix?: string;
+  reason?: string;
+  metadata?: ApiKeyEventMetadata;
+};
+type RefreshMutationSuccess = Extract<RefreshMutationResult, { ok: true }>;
+type RefreshMutationFailure = Extract<RefreshMutationResult, { ok: false }>;
+export type RefreshResult =
+  | (RefreshMutationSuccess & {
+      token: ApiKeyToken;
+      tokenPrefix: string;
+      tokenLast4: string;
+    })
+  | RefreshMutationFailure;
+type ValidateSuccessBase = Extract<ValidateQueryResult, { ok: true }>;
+type ValidateFailure = Extract<ValidateQueryResult, { ok: false }>;
+export type ValidateResult<
+  TOptions extends ApiKeysTypeOptions = Record<never, never>,
+> =
+  | (Omit<ValidateSuccessBase, "permissions" | "namespace" | "metadata"> & {
+      namespace: NamespaceOutput<TOptions>;
+      permissions: PermissionsOutput<TOptions>;
+      metadata: MetadataOutput<TOptions>;
+    })
+  | ValidateFailure;
+export type RunMutationCtx = {
+  runMutation: <
+    Mutation extends FunctionReference<"mutation", FunctionVisibility>,
+  >(
+    mutation: Mutation,
+    args: FunctionArgs<Mutation>,
+  ) => Promise<FunctionReturnType<Mutation>>;
+};
+export type RunQueryCtx = {
+  runQuery: <Query extends FunctionReference<"query", "internal">>(
+    query: Query,
+    args: FunctionArgs<Query>,
+  ) => Promise<FunctionReturnType<Query>>;
+};