@ramonclaudio/create-vexpo 0.1.0 → 0.1.2

package/dist/templates/default/convex/auth.ts

@@ -31,9 +31,6 @@ const FIVE_MINUTES = 5 * ONE_MINUTE;
 
 const authFunctions: AuthFunctions = internal.auth;
 
-/**
- * Get the app user doc by Better Auth id, using the indexed lookup.
- */
 export async function getUserByAuthId(
   ctx: QueryCtx | MutationCtx,
   authId: string,
@@ -44,15 +41,6 @@ export async function getUserByAuthId(
     .unique();
 }
 
-/**
- * Merged representation of the authenticated user.
- *
- * Identity fields (email, name, username, image, emailVerified) come from the
- * Better Auth user. App-specific fields (_id, bio, avatar, timestamps) come
- * from our users table. `avatarUrl` is resolved: user-uploaded storage id
- * takes precedence, otherwise falls back to Better Auth's `image` (e.g. OAuth
- * provider avatar).
- */
 export type AuthUser = Doc<"users"> & {
   authUserId: string;
   email: string;
@@ -65,15 +53,11 @@ export type AuthUser = Doc<"users"> & {
   hasUploadedAvatar: boolean;
 };
 
-// The component client has methods needed for integrating Convex with Better
-// Auth, plus helper methods for general use.
 export const authComponent = createClient<DataModel>(components.betterAuth, {
   authFunctions,
   triggers: {
     user: {
       onCreate: async (ctx, authUser) => {
-        // Create the app user row with defaults. Identity fields live on the
-        // Better Auth user record, not here.
         await ctx.db.insert("users", {
           authId: authUser._id,
           createdAt: Date.now(),
@@ -91,10 +75,8 @@ export const authComponent = createClient<DataModel>(components.betterAuth, {
   },
 });
 
-// Export trigger handlers - these become available at internal.auth
 export const { onCreate, onDelete } = authComponent.triggersApi();
 
-// Export client API for AuthBoundary and other client-side auth checks
 export const { getAuthUser } = authComponent.clientApi();
 
 export const createAuth = (ctx: GenericCtx<DataModel>) =>
@@ -114,11 +96,11 @@ export const createAuth = (ctx: GenericCtx<DataModel>) =>
     emailAndPassword: {
       enabled: true,
       // Email verification is gated on the `REQUIRE_EMAIL_VERIFICATION`
-      // Convex env var. The lite-mode setup (`bunx vexpo lite`) leaves it
+      // Convex env var. The lite-mode setup (`npx vexpo lite`) leaves it
       // unset (default `false`) so sign-up creates verified accounts
       // immediately and the user can sign in without an OTP. No Resend
       // configuration needed to get up and running on the iOS Simulator.
-      // `bunx vexpo full` flips this to `true` when it provisions Resend.
+      // `npx vexpo full` flips this to `true` when it provisions Resend.
       // Production runs with verification on.
       requireEmailVerification: env.requireEmailVerification,
       minPasswordLength: 10,
@@ -178,7 +160,6 @@ export const createAuth = (ctx: GenericCtx<DataModel>) =>
     },
     plugins: [
       convex({ authConfig }),
-      // Email OTP for sign-in, verification, password reset, and change-email.
       emailOTP({
         otpLength: 6,
         expiresIn: FIVE_MINUTES,
@@ -208,11 +189,6 @@ export const createAuth = (ctx: GenericCtx<DataModel>) =>
     ],
   } satisfies BetterAuthOptions);
 
-/**
- * Safely get the current authenticated user. Returns undefined if not
- * authenticated or if the app user row is missing (shouldn't happen in
- * practice, but we handle it gracefully).
- */
 export async function safeGetAuthenticatedUser(
   ctx: QueryCtx | MutationCtx,
 ): Promise<AuthUser | undefined> {
@@ -222,7 +198,6 @@ export async function safeGetAuthenticatedUser(
   const user = await getUserByAuthId(ctx, authUser._id);
   if (!user) return undefined;
 
-  // Resolve avatar: user upload takes precedence over Better Auth image.
   const hasUploadedAvatar = !!user.avatar;
   const avatarUrl = hasUploadedAvatar
     ? await ctx.storage.getUrl(user.avatar!)
@@ -242,18 +217,12 @@ export async function safeGetAuthenticatedUser(
   };
 }
 
-/**
- * Get the current authenticated user, throwing if not authenticated.
- */
 export async function requireAuthenticatedUser(ctx: QueryCtx | MutationCtx): Promise<AuthUser> {
   const user = await safeGetAuthenticatedUser(ctx);
   if (!user) throw authenticationRequired();
   return user;
 }
 
-/**
- * Validator for AuthUser return type.
- */
 export const authUserValidator = v.object({
   _id: v.id("users"),
   _creationTime: v.number(),
@@ -262,6 +231,10 @@ export const authUserValidator = v.object({
   avatar: v.optional(v.id("_storage")),
   createdAt: v.number(),
   updatedAt: v.number(),
+  // Set when the user has requested account deletion. Within the 30-day
+  // grace window the user is still authenticated; the client routes
+  // these users to a "restore or continue with deletion" surface.
+  deletedAt: v.optional(v.number()),
   authUserId: v.string(),
   email: v.string(),
   name: v.string(),
@@ -273,18 +246,10 @@ export const authUserValidator = v.object({
   hasUploadedAvatar: v.boolean(),
 });
 
-// ============================================================================
-// Queries
-// ============================================================================
 // These use the raw `query` builder because this file IS the auth primitive
 // that functions.ts depends on. Importing wrappers from ./functions would
 // create a circular dependency.
 
-/**
- * Check if the current user has a password-based account.
- * Useful for detecting social-only accounts that need password setup.
- * Returns false if not authenticated.
- */
 export const hasPassword = query({
   args: {},
   returns: v.boolean(),
@@ -319,10 +284,6 @@ export const getEnabledProviders = query({
   },
 });
 
-/**
- * Rotate JWKS keys for JWT signing.
- * Run with: bunx convex run auth:rotateKeys
- */
 export const rotateKeys = internalAction({
   args: {},
   // Better Auth's `rotateKeys()` returns implementation-specific JWKS metadata

package/dist/templates/default/convex/constants.ts

@@ -1,16 +1,11 @@
-// Shared constants and pure helpers.
 // Safe to import from Convex functions AND React routes.
 // Do not add imports from `convex/server`, `./_generated/*`, or React here.
 
-// ============================================================================
-// Username validation (Better Auth `username` plugin)
-// ============================================================================
-
 export const USERNAME_MIN_LENGTH = 3;
 export const USERNAME_MAX_LENGTH = 30;
 
-// Alphanumerics, underscores, dots. Must match the server-side
-// `usernameValidator` in convex/auth.ts to avoid client/server drift.
+// Must match the server-side `usernameValidator` in convex/auth.ts to avoid
+// client/server drift.
 export const USERNAME_FORMAT_REGEX = /^[a-zA-Z0-9_.]+$/;
 
 export const RESERVED_USERNAMES = [

package/dist/templates/default/convex/crons.ts

@@ -5,14 +5,24 @@ import { internalMutation } from "./_generated/server";
 
 const crons = cronJobs();
 
-// Drop push tokens that haven't refreshed in 30 days (stale device or app
-// uninstalled). Bounded batches via `internal.pushTokens.cleanupStale`.
 crons.daily(
   "cleanup stale push tokens",
   { hourUTC: 3, minuteUTC: 0 },
   internal.pushTokens.cleanupStale,
 );
 
+crons.daily(
+  "hard-delete expired account tombstones",
+  { hourUTC: 4, minuteUTC: 0 },
+  internal.users.hardDeleteExpired,
+);
+
+crons.hourly(
+  "cleanup expired app attest challenges",
+  { minuteUTC: 17 },
+  internal.appAttestStore.cleanupChallenges,
+);
+
 // The Resend component retains finalized (delivered, cancelled, bounced)
 // emails and it's our job to clear them. Run hourly to keep the emails table
 // bounded. See @convex-dev/resend README → "Data retention".
@@ -27,12 +37,9 @@ const ONE_WEEK_MS = 7 * 24 * 60 * 60 * 1000;
 export const cleanupResend = internalMutation({
   args: {},
   handler: async (ctx) => {
-    // Delivered/cancelled/bounced: 7 day retention.
     await ctx.scheduler.runAfter(0, components.resend.lib.cleanupOldEmails, {
       olderThan: ONE_WEEK_MS,
     });
-    // Abandoned emails usually indicate a bug, so keep them around longer
-    // (4 weeks) for debugging before purging.
     await ctx.scheduler.runAfter(0, components.resend.lib.cleanupAbandonedEmails, {
       olderThan: 4 * ONE_WEEK_MS,
     });

package/dist/templates/default/convex/email.ts

@@ -8,12 +8,10 @@ import type { DataModel } from "./_generated/dataModel";
 import { internalMutation } from "./_generated/server";
 import { env } from "./env";
 
-// testMode defaults to true so dev can't accidentally email real users.
-// Set RESEND_TEST_MODE=false in production to send to real addresses.
-// Note: @convex-dev/resend's testMode only permits @resend.dev sandbox
-// addresses and throws otherwise. To keep dev sign-up working with real-shaped
-// emails, sendAuthOTP below short-circuits when testMode is on and logs the
-// OTP to the Convex deployment console instead of calling sendEmail.
+// @convex-dev/resend's testMode only permits @resend.dev sandbox addresses and
+// throws otherwise. To keep dev sign-up working with real-shaped emails,
+// sendAuthOTP below short-circuits when testMode is on and logs the OTP to the
+// Convex deployment console instead of calling sendEmail.
 // Explicit `: Resend` annotation is required because `onEmailEvent` references
 // a function in this same module, which would otherwise cause TS inference to
 // loop on itself.
@@ -24,15 +22,6 @@ export const resend: Resend = new Resend(components.resend, {
   onEmailEvent: internal.email.handleEmailEvent,
 });
 
-/**
- * Receives delivery events from the Resend webhook (mounted in convex/http.ts).
- * The event payload is also automatically persisted to the component's
- * `deliveryEvents` table for inspection in the Convex dashboard.
- *
- * Logs the 4 actionable failure events (bounced, complained, suppressed,
- * failed). Extend this handler to flag the user's email as unreachable if
- * you want to stop sending auth OTPs to addresses that will never arrive.
- */
 const ACTIONABLE_FAILURE_EVENTS = new Set([
   "email.bounced",
   "email.complained",
@@ -76,15 +65,6 @@ const OTP_COPY: Record<OTPType, { subject: string; heading: string; body: string
   },
 };
 
-/**
- * Send an auth OTP email via Resend. Used by Better Auth's emailOTP plugin
- * inside the `sendVerificationOTP` callback in convex/auth.ts.
- *
- * In test mode (dev default), logs the OTP to the Convex deployment console
- * instead of calling Resend. Read it from `bunx convex dev` output or the
- * deployment logs in the Convex dashboard. Production sets RESEND_TEST_MODE
- * to "false" and sends real emails.
- */
 export async function sendAuthOTP(
   ctx: GenericCtx<DataModel>,
   { email, otp, type }: { email: string; otp: string; type: OTPType },

package/dist/templates/default/convex/env.ts

@@ -23,9 +23,5 @@ export const env = {
       return required("EMAIL_FROM");
     },
   },
-  // Email verification policy. Default `false` (minimal-tier setup, no Resend
-  // configured). sign-up creates verified-immediately accounts so the user
-  // can sign in without ever seeing an OTP. `bunx vexpo full` flips
-  // this to `true` on the Convex env when it provisions Resend.
   requireEmailVerification: bool("REQUIRE_EMAIL_VERIFICATION", false),
 } as const;

package/dist/templates/default/convex/errors.ts

@@ -1,10 +1,3 @@
-/**
- * Structured Errors
- *
- * Error factories emit ConvexError with a stable code so clients can
- * branch on `error.data.code` without parsing messages.
- */
-
 import { ConvexError } from "convex/values";
 
 export const ErrorCode = {

package/dist/templates/default/convex/functions.ts

@@ -1,26 +1,11 @@
-/**
- * Custom Function Wrappers
- *
- * Authenticated query/mutation wrappers that inject the current user into
- * the context. Uses the centralized helpers from auth.ts to avoid duplication.
- */
-
 import { customCtx, customMutation, customQuery } from "convex-helpers/server/customFunctions";
 
 import { mutation, query } from "./_generated/server";
 import { requireAuthenticatedUser, safeGetAuthenticatedUser } from "./auth";
 import type { AuthUser } from "./auth";
 
-// Re-export AuthUser type for convenience
 export type { AuthUser };
 
-// ============================================================================
-// Query Wrappers
-// ============================================================================
-
-/**
- * Authenticated query - throws ConvexError if user is not logged in.
- */
 export const authQuery = customQuery(
   query,
   customCtx(async (ctx) => ({
@@ -28,10 +13,6 @@ export const authQuery = customQuery(
   })),
 );
 
-/**
- * Optional auth query - user may be undefined.
- * Use for endpoints that work for both authenticated and anonymous users.
- */
 export const optionalAuthQuery = customQuery(
   query,
   customCtx(async (ctx) => ({
@@ -39,13 +20,6 @@ export const optionalAuthQuery = customQuery(
   })),
 );
 
-// ============================================================================
-// Mutation Wrappers
-// ============================================================================
-
-/**
- * Authenticated mutation - throws ConvexError if user is not logged in.
- */
 export const authMutation = customMutation(
   mutation,
   customCtx(async (ctx) => ({

package/dist/templates/default/convex/http.ts

@@ -51,9 +51,9 @@ http.route({
 // EAS Build / Submit webhook receiver.
 //
 // Wire it up once with:
-//   bunx eas webhook:create --event BUILD  --url https://<your-deployment>.convex.site/eas-webhook --secret <strong-secret>
-//   bunx eas webhook:create --event SUBMIT --url https://<your-deployment>.convex.site/eas-webhook --secret <strong-secret>
-//   bunx convex env set EAS_WEBHOOK_SECRET <strong-secret>
+//   npx eas webhook:create --event BUILD  --url https://<your-deployment>.convex.site/eas-webhook --secret <strong-secret>
+//   npx eas webhook:create --event SUBMIT --url https://<your-deployment>.convex.site/eas-webhook --secret <strong-secret>
+//   npx convex env set EAS_WEBHOOK_SECRET <strong-secret>
 //
 // Per https://docs.expo.dev/eas/webhooks/, EAS signs every POST with
 // HMAC-SHA1 in `expo-signature: sha1=<hex>`. The factory below handles
@@ -90,8 +90,6 @@ http.route({
           appName: payload.metadata?.appName,
           detailsUrl: payload.buildDetailsPageUrl,
         });
-        // Extend: dispatch on `payload.status === "errored"` to a Slack
-        // notifier, persist the build/submit row to a Convex table, etc.
         return new Response(JSON.stringify({ ok: true, requestId }), {
           status: 200,
           headers: { "Content-Type": "application/json", "X-Request-Id": requestId },

package/dist/templates/default/convex/log.ts

@@ -1,24 +1,3 @@
-// Structured one-line JSON logger for Convex HTTP handlers.
-//
-// Convex's web dashboard renders `console.log` output line-by-line. Plain
-// strings work for narrative logs but lose context once volume grows. The
-// helpers below emit single-line JSON with a stable shape so dashboards
-// and log aggregators can filter on fields directly:
-//
-//   { "ts": "...", "level": "info", "event": "webhook.ok", "requestId": "...",
-//     "durationMs": 12, "platform": "ios", "status": "finished" }
-//
-// Keep the field set small and predictable:
-//   - ts           ISO timestamp (UTC)
-//   - level        info | warn | error
-//   - event        dot-namespaced verb ("webhook.ok", "aasa.served")
-//   - requestId    set per HTTP request via `newRequestId()`
-//   - durationMs   numeric (preferred over Date arithmetic in queries)
-//   - err          { message, name, stack? } when level === "error"
-//
-// Anything else is merged in as-is. Field order is alphabetical except `ts`
-// and `level` come first for readability when scrolling raw log output.
-
 export type LogLevel = "info" | "warn" | "error";
 
 export type LogFields = Record<string, unknown> & {
@@ -44,7 +23,7 @@ function emit(level: LogLevel, fields: LogFields): void {
   }
 }
 
-// JSON.stringify replacer: errors don't serialize by default. Pull
+// JSON.stringify replacer: Errors don't serialize by default. Pull
 // `message`, `name`, and (only in development) `stack`.
 function replacer(_key: string, value: unknown): unknown {
   if (value instanceof Error) {
@@ -69,9 +48,7 @@ export const log = {
   },
 };
 
-// Cryptographically-random short request ID. Web crypto is available in
-// Convex's runtime. 9 bytes → 12-char base64url, plenty for correlation
-// without bloating every log line.
+// Web crypto is available in Convex's runtime. 9 bytes → 12-char base64url.
 export function newRequestId(): string {
   const bytes = new Uint8Array(9);
   crypto.getRandomValues(bytes);

package/dist/templates/default/convex/pushSender.ts

@@ -0,0 +1,145 @@
+import { v } from "convex/values";
+
+import type { Id } from "./_generated/dataModel";
+import { internal } from "./_generated/api";
+import { internalAction } from "./_generated/server";
+
+const EXPO_PUSH_URL = "https://exp.host/--/api/v2/push/send";
+
+// Permanent failure codes from the Expo Push Service. A receipt or ticket
+// with one of these means the device or app install will never accept a
+// push again, so the token is tombstoned. Transient codes (rate limit,
+// message-too-big, server error) are not in this set; those just log.
+//
+// https://docs.expo.dev/push-notifications/sending-notifications/#individual-push-notification-errors
+const PERMANENT_ERROR_CODES = new Set([
+  "DeviceNotRegistered",
+  "InvalidCredentials",
+  "MismatchSenderId",
+]);
+
+type ExpoMessage = {
+  to: string;
+  title?: string;
+  body?: string;
+  data?: Record<string, unknown>;
+  sound?: "default" | null;
+  badge?: number;
+  // `content-available: 1`-style silent push. Wakes the background task
+  // without showing a banner. Pair with `priority: "high"` so iOS doesn't
+  // throttle delivery.
+  _contentAvailable?: boolean;
+  priority?: "default" | "normal" | "high";
+};
+
+type ExpoTicket =
+  | { status: "ok"; id: string }
+  | { status: "error"; message: string; details?: { error?: string } };
+
+type ExpoResponse = { data?: ExpoTicket[]; errors?: Array<{ code?: string; message?: string }> };
+
+/**
+ * Fan out a push to every active token of `userId`. Tickets returned with
+ * a permanent error code mark the originating token revoked so subsequent
+ * sends skip it. Transient errors are logged but kept.
+ *
+ * Best-effort: a single network failure logs and returns; the caller is
+ * always a mutation that already committed (account-event hook, scheduled
+ * job, etc.), so we never want a push send to surface as a user-facing
+ * error.
+ */
+export const sendToUser = internalAction({
+  args: {
+    userId: v.id("users"),
+    title: v.optional(v.string()),
+    body: v.optional(v.string()),
+    data: v.optional(v.record(v.string(), v.any())),
+    silent: v.optional(v.boolean()),
+  },
+  returns: v.object({
+    sent: v.number(),
+    revoked: v.number(),
+  }),
+  handler: async (ctx, args) => {
+    const tokens = await ctx.runQuery(internal.pushTokens.listActiveByUser, {
+      userId: args.userId as Id<"users">,
+    });
+    if (tokens.length === 0) return { sent: 0, revoked: 0 };
+
+    const messages: ExpoMessage[] = tokens.map((t) => {
+      const m: ExpoMessage = { to: t.token, priority: "high" };
+      if (args.silent) {
+        m._contentAvailable = true;
+        if (args.data) m.data = args.data;
+      } else {
+        if (args.title) m.title = args.title;
+        if (args.body) m.body = args.body;
+        if (args.data) m.data = args.data;
+        m.sound = "default";
+      }
+      return m;
+    });
+
+    let payload: ExpoResponse | null = null;
+    try {
+      const res = await fetch(EXPO_PUSH_URL, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Accept: "application/json",
+          "Accept-Encoding": "gzip, deflate",
+        },
+        body: JSON.stringify(messages),
+      });
+      payload = (await res.json()) as ExpoResponse;
+      if (!res.ok) {
+        console.warn(`[push] send non-2xx ${res.status}: ${JSON.stringify(payload?.errors)}`);
+      }
+    } catch (err) {
+      console.warn(`[push] send threw: ${err instanceof Error ? err.message : String(err)}`);
+      return { sent: 0, revoked: 0 };
+    }
+
+    const tickets = payload?.data ?? [];
+    const revoked = await reconcileTickets(ctx, tokens, tickets);
+    return { sent: tickets.length, revoked };
+  },
+});
+
+/**
+ * Match each ticket back to its originating token and tombstone tokens
+ * whose ticket reported a permanent error. The Expo API preserves order:
+ * `tickets[i]` corresponds to `messages[i]`, which corresponds to
+ * `tokens[i]`.
+ */
+async function reconcileTickets(
+  ctx: {
+    runMutation: (
+      ref: typeof internal.pushTokens.markRevoked,
+      args: { tokenIds: Id<"pushTokens">[]; errorCode: string },
+    ) => Promise<number>;
+  },
+  tokens: Array<{ _id: Id<"pushTokens">; token: string }>,
+  tickets: ExpoTicket[],
+): Promise<number> {
+  const buckets = new Map<string, Id<"pushTokens">[]>();
+  tickets.forEach((ticket, index) => {
+    if (ticket.status !== "error") return;
+    const code = ticket.details?.error;
+    if (!code || !PERMANENT_ERROR_CODES.has(code)) return;
+    const tokenId = tokens[index]?._id;
+    if (!tokenId) return;
+    const list = buckets.get(code) ?? [];
+    list.push(tokenId);
+    buckets.set(code, list);
+  });
+
+  let revoked = 0;
+  for (const [code, tokenIds] of buckets) {
+    revoked += await ctx.runMutation(internal.pushTokens.markRevoked, {
+      tokenIds,
+      errorCode: code,
+    });
+  }
+  return revoked;
+}