@robelest/convex-auth 0.0.1

package/dist/server/implementation/mutations/modifyAccount.js

@@ -0,0 +1,48 @@
+import { v } from "convex/values";
+import { hash } from "../provider.js";
+import { LOG_LEVELS, logWithLevel, maybeRedact } from "../utils.js";
+import { createAuthDb } from "../db.js";
+export const modifyAccountArgs = v.object({
+    provider: v.string(),
+    account: v.object({ id: v.string(), secret: v.string() }),
+});
+export async function modifyAccountImpl(ctx, args, getProviderOrThrow, config) {
+    const { provider, account } = args;
+    const authDb = config.component !== undefined ? createAuthDb(ctx, config.component) : null;
+    logWithLevel(LOG_LEVELS.DEBUG, "retrieveAccountWithCredentialsImpl args:", {
+        provider: provider,
+        account: {
+            id: account.id,
+            secret: maybeRedact(account.secret ?? ""),
+        },
+    });
+    const existingAccount = authDb !== null
+        ? await authDb.accounts.get(provider, account.id)
+        : await ctx.db
+            .query("account")
+            .withIndex("providerAndAccountId", (q) => q.eq("provider", provider).eq("providerAccountId", account.id))
+            .unique();
+    if (existingAccount === null) {
+        throw new Error(`Cannot modify account with ID ${account.id} because it does not exist`);
+    }
+    if (authDb !== null) {
+        await authDb.accounts.patch(existingAccount._id, {
+            secret: await hash(getProviderOrThrow(provider), account.secret),
+        });
+    }
+    else {
+        await ctx.db.patch(existingAccount._id, {
+            secret: await hash(getProviderOrThrow(provider), account.secret),
+        });
+    }
+    return;
+}
+export const callModifyAccount = async (ctx, args) => {
+    return ctx.runMutation("auth:store", {
+        args: {
+            type: "modifyAccount",
+            ...args,
+        },
+    });
+};
+//# sourceMappingURL=modifyAccount.js.map

package/dist/server/implementation/mutations/modifyAccount.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"modifyAccount.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/modifyAccount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAS,CAAC,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EAA0B,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEpE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;CAC1D,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAgB,EAChB,IAAqC,EACrC,kBAA0C,EAC1C,MAAuB;IAEvB,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACnC,MAAM,MAAM,GACV,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9E,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,0CAA0C,EAAE;QACzE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE;YACP,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;SAC1C;KACF,CAAC,CAAC;IACH,MAAM,eAAe,GACnB,MAAM,KAAK,IAAI;QACb,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;QACjD,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;aACT,KAAK,CAAC,SAAS,CAAC;aAChB,SAAS,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,EAAE,CAAC,mBAAmB,EAAE,OAAO,CAAC,EAAE,CAAC,CAC/D;aACA,MAAM,EAAE,CAAC;IAClB,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACb,iCAAiC,OAAO,CAAC,EAAE,4BAA4B,CACxE,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,EAAE;YAC/C,MAAM,EAAE,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC;SACjE,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,EAAE;YACtC,MAAM,EAAE,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC;SACjE,CAAC,CAAC;IACL,CAAC;IACD,OAAO;AACT,CAAC;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,GAAc,EACd,IAAqC,EACtB,EAAE;IACjB,OAAO,GAAG,CAAC,WAAW,CAAC,YAAmB,EAAE;QAC1C,IAAI,EAAE;YACJ,IAAI,EAAE,eAAe;YACrB,GAAG,IAAI;SACR;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}

package/dist/server/implementation/mutations/refreshSession.d.ts

@@ -0,0 +1,16 @@
+import { Infer } from "convex/values";
+import { ActionCtx, MutationCtx } from "../types.js";
+import * as Provider from "../provider.js";
+export declare const refreshSessionArgs: import("convex/values").VObject<{
+    refreshToken: string;
+}, {
+    refreshToken: import("convex/values").VString<string, "required">;
+}, "required", "refreshToken">;
+type ReturnType = null | {
+    token: string;
+    refreshToken: string;
+};
+export declare function refreshSessionImpl(ctx: MutationCtx, args: Infer<typeof refreshSessionArgs>, getProviderOrThrow: Provider.GetProviderOrThrowFunc, config: Provider.Config): Promise<ReturnType>;
+export declare const callRefreshSession: (ctx: ActionCtx, args: Infer<typeof refreshSessionArgs>) => Promise<ReturnType>;
+export {};
+//# sourceMappingURL=refreshSession.d.ts.map

package/dist/server/implementation/mutations/refreshSession.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refreshSession.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/refreshSession.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAK,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAa3C,eAAO,MAAM,kBAAkB;;;;8BAE7B,CAAC;AAEH,KAAK,UAAU,GAAG,IAAI,GAAG;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,KAAK,CAAC,OAAO,kBAAkB,CAAC,EACtC,kBAAkB,EAAE,QAAQ,CAAC,sBAAsB,EACnD,MAAM,EAAE,QAAQ,CAAC,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CAkJrB;AAED,eAAO,MAAM,kBAAkB,GAC7B,KAAK,SAAS,EACd,MAAM,KAAK,CAAC,OAAO,kBAAkB,CAAC,KACrC,OAAO,CAAC,UAAU,CAOpB,CAAC"}

package/dist/server/implementation/mutations/refreshSession.js

@@ -0,0 +1,116 @@
+import { v } from "convex/values";
+import { logWithLevel, maybeRedact } from "../utils.js";
+import { deleteAllRefreshTokens, invalidateRefreshTokensInSubtree, loadActiveRefreshToken, parseRefreshToken, REFRESH_TOKEN_REUSE_WINDOW_MS, refreshTokenIfValid, } from "../refreshTokens.js";
+import { generateTokensForSession } from "../sessions.js";
+import { createAuthDb } from "../db.js";
+export const refreshSessionArgs = v.object({
+    refreshToken: v.string(),
+});
+export async function refreshSessionImpl(ctx, args, getProviderOrThrow, config) {
+    const authDb = config.component !== undefined ? createAuthDb(ctx, config.component) : null;
+    const { refreshToken } = args;
+    const { refreshTokenId, sessionId: tokenSessionId } = parseRefreshToken(refreshToken);
+    logWithLevel("DEBUG", `refreshSessionImpl args: Token ID: ${maybeRedact(refreshTokenId)} Session ID: ${maybeRedact(tokenSessionId)}`);
+    const validationResult = await refreshTokenIfValid(ctx, refreshTokenId, tokenSessionId, config);
+    if (validationResult === null) {
+        // Replicating `deleteSession` but ensuring that we delete both the session
+        // and the refresh token, even if one of them is missing.
+        let session = null;
+        try {
+            session =
+                authDb !== null
+                    ? await authDb.sessions.getById(tokenSessionId)
+                    : await ctx.db.get(tokenSessionId);
+        }
+        catch {
+            logWithLevel("DEBUG", "Skipping invalid session id during refresh cleanup");
+        }
+        if (session !== null) {
+            if (authDb !== null) {
+                await authDb.sessions.delete(session._id);
+            }
+            else {
+                await ctx.db.delete(session._id);
+            }
+        }
+        try {
+            await deleteAllRefreshTokens(ctx, tokenSessionId, config);
+        }
+        catch {
+            logWithLevel("DEBUG", "Skipping invalid token session id during refresh token cleanup");
+        }
+        return null;
+    }
+    const { session } = validationResult;
+    const sessionId = session._id;
+    const userId = session.userId;
+    const tokenFirstUsed = validationResult.refreshTokenDoc.firstUsedTime;
+    // First use -- mark as used and generate new refresh token
+    if (tokenFirstUsed === undefined) {
+        if (authDb !== null) {
+            await authDb.refreshTokens.patch(refreshTokenId, {
+                firstUsedTime: Date.now(),
+            });
+        }
+        else {
+            await ctx.db.patch(refreshTokenId, {
+                firstUsedTime: Date.now(),
+            });
+        }
+        const result = await generateTokensForSession(ctx, config, {
+            userId,
+            sessionId,
+            issuedRefreshTokenId: null,
+            parentRefreshTokenId: refreshTokenId,
+        });
+        const { refreshTokenId: newRefreshTokenId } = parseRefreshToken(result.refreshToken);
+        logWithLevel("DEBUG", `Exchanged ${maybeRedact(validationResult.refreshTokenDoc._id)} (first use) for new refresh token ${maybeRedact(newRefreshTokenId)}`);
+        return result;
+    }
+    // Token has been used before
+    // Check if parent of active refresh token
+    const activeRefreshToken = await loadActiveRefreshToken(ctx, tokenSessionId, config);
+    logWithLevel("DEBUG", `Active refresh token: ${maybeRedact(activeRefreshToken?._id ?? "(none)")}, parent ${maybeRedact(activeRefreshToken?.parentRefreshTokenId ?? "(none)")}`);
+    if (activeRefreshToken !== null &&
+        activeRefreshToken.parentRefreshTokenId === refreshTokenId) {
+        logWithLevel("DEBUG", `Token ${maybeRedact(validationResult.refreshTokenDoc._id)} is parent of active refresh token ${maybeRedact(activeRefreshToken._id)}, so returning that token`);
+        const result = await generateTokensForSession(ctx, config, {
+            userId,
+            sessionId,
+            issuedRefreshTokenId: activeRefreshToken._id,
+            parentRefreshTokenId: refreshTokenId,
+        });
+        return result;
+    }
+    // Check if within reuse window
+    if (tokenFirstUsed + REFRESH_TOKEN_REUSE_WINDOW_MS > Date.now()) {
+        const result = await generateTokensForSession(ctx, config, {
+            userId,
+            sessionId,
+            issuedRefreshTokenId: null,
+            parentRefreshTokenId: refreshTokenId,
+        });
+        const { refreshTokenId: newRefreshTokenId } = parseRefreshToken(result.refreshToken);
+        logWithLevel("DEBUG", `Exchanged ${maybeRedact(validationResult.refreshTokenDoc._id)} (reuse) for new refresh token ${maybeRedact(newRefreshTokenId)}`);
+        return result;
+    }
+    else {
+        // Outside of reuse window -- invalidate all refresh tokens in subtree
+        logWithLevel("ERROR", "Refresh token used outside of reuse window");
+        logWithLevel("DEBUG", `Token ${maybeRedact(validationResult.refreshTokenDoc._id)} being used outside of reuse window, so invalidating all refresh tokens in subtree`);
+        const tokensToInvalidate = await invalidateRefreshTokensInSubtree(ctx, validationResult.refreshTokenDoc, config);
+        logWithLevel("DEBUG", `Invalidated ${tokensToInvalidate.length} refresh tokens in subtree: ${tokensToInvalidate
+            .map((token) => maybeRedact(token._id))
+            .join(", ")}`);
+        return null;
+    }
+}
+export const callRefreshSession = async (ctx, args) => {
+    return ctx.runMutation("auth:store", {
+        args: {
+            type: "refreshSession",
+            ...args,
+        },
+    });
+};
+//# sourceMappingURL=refreshSession.js.map

package/dist/server/implementation/mutations/refreshSession.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refreshSession.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/refreshSession.ts"],"names":[],"mappings":"AAAA,OAAO,EAAS,CAAC,EAAE,MAAM,eAAe,CAAC;AAGzC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EACL,sBAAsB,EACtB,gCAAgC,EAChC,sBAAsB,EACtB,iBAAiB,EACjB,6BAA6B,EAC7B,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;CACzB,CAAC,CAAC;AAOH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,GAAgB,EAChB,IAAsC,EACtC,kBAAmD,EACnD,MAAuB;IAEvB,MAAM,MAAM,GACV,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9E,MAAM,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;IAC9B,MAAM,EAAE,cAAc,EAAE,SAAS,EAAE,cAAc,EAAE,GACjD,iBAAiB,CAAC,YAAY,CAAC,CAAC;IAClC,YAAY,CACV,OAAO,EACP,sCAAsC,WAAW,CAAC,cAAc,CAAC,gBAAgB,WAAW,CAC1F,cAAc,CACf,EAAE,CACJ,CAAC;IACF,MAAM,gBAAgB,GAAG,MAAM,mBAAmB,CAChD,GAAG,EACH,cAAc,EACd,cAAc,EACd,MAAM,CACP,CAAC;IAEF,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,2EAA2E;QAC3E,yDAAyD;QACzD,IAAI,OAAO,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC;YACH,OAAO;gBACL,MAAM,KAAK,IAAI;oBACb,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC;oBAC/C,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,YAAY,CAAC,OAAO,EAAE,oDAAoD,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gBACpB,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QACD,IAAI,CAAC;YACH,MAAM,sBAAsB,CAAC,GAAG,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;QAC5D,CAAC;QAAC,MAAM,CAAC;YACP,YAAY,CACV,OAAO,EACP,gEAAgE,CACjE,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,EAAE,OAAO,EAAE,GAAG,gBAAgB,CAAC;IACrC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC;IAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAE9B,MAAM,cAAc,GAAG,gBAAgB,CAAC,eAAe,CAAC,aAAa,CAAC;IAEtE,2DAA2D;IAC3D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,cAAc,EAAE;gBAC/C,aAAa,EAAE,IAAI,CAAC,GAAG,EAAE;aAC1B,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,cAAc,EAAE;gBACjC,aAAa,EAAE,IAAI,CAAC,GAAG,EAAE;aAC1B,CAAC,CAAC;QACL,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE;YACzD,MAAM;YACN,SAAS;YACT,oBAAoB,EAAE,IAAI;YAC1B,oBAAoB,EAAE,cAAc;SACrC,CAAC,CAAC;QACH,MAAM,EAAE,cAAc,EAAE,iBAAiB,EAAE,GAAG,iBAAiB,CAC7D,MAAM,CAAC,YAAY,CACpB,CAAC;QACF,YAAY,CACV,OAAO,EACP,aAAa,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,sCAAsC,WAAW,CAAC,iBAAiB,CAAC,EAAE,CACrI,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6BAA6B;IAC7B,0CAA0C;IAC1C,MAAM,kBAAkB,GAAG,MAAM,sBAAsB,CACrD,GAAG,EACH,cAAc,EACd,MAAM,CACP,CAAC;IACF,YAAY,CACV,OAAO,EACP,yBAAyB,WAAW,CAAC,kBAAkB,EAAE,GAAG,IAAI,QAAQ,CAAC,YAAY,WAAW,CAAC,kBAAkB,EAAE,oBAAoB,IAAI,QAAQ,CAAC,EAAE,CACzJ,CAAC;IACF,IACE,kBAAkB,KAAK,IAAI;QAC3B,kBAAkB,CAAC,oBAAoB,KAAK,cAAc,EAC1D,CAAC;QACD,YAAY,CACV,OAAO,EACP,SAAS,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,sCAAsC,WAAW,CAAC,kBAAkB,CAAC,GAAG,CAAC,2BAA2B,CAC/J,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE;YACzD,MAAM;YACN,SAAS;YACT,oBAAoB,EAAE,kBAAkB,CAAC,GAAG;YAC5C,oBAAoB,EAAE,cAAc;SACrC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,+BAA+B;IAC/B,IAAI,cAAc,GAAG,6BAA6B,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAChE,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE;YACzD,MAAM;YACN,SAAS;YACT,oBAAoB,EAAE,IAAI;YAC1B,oBAAoB,EAAE,cAAc;SACrC,CAAC,CAAC;QACH,MAAM,EAAE,cAAc,EAAE,iBAAiB,EAAE,GAAG,iBAAiB,CAC7D,MAAM,CAAC,YAAY,CACpB,CAAC;QACF,YAAY,CACV,OAAO,EACP,aAAa,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,kCAAkC,WAAW,CAAC,iBAAiB,CAAC,EAAE,CACjI,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;SAAM,CAAC;QACN,sEAAsE;QACtE,YAAY,CAAC,OAAO,EAAE,4CAA4C,CAAC,CAAC;QACpE,YAAY,CACV,OAAO,EACP,SAAS,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,oFAAoF,CAC/I,CAAC;QACF,MAAM,kBAAkB,GAAG,MAAM,gCAAgC,CAC/D,GAAG,EACH,gBAAgB,CAAC,eAAe,EAChC,MAAM,CACP,CAAC;QACF,YAAY,CACV,OAAO,EACP,eAAe,kBAAkB,CAAC,MAAM,+BAA+B,kBAAkB;aACtF,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aACtC,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACrC,GAAc,EACd,IAAsC,EACjB,EAAE;IACvB,OAAO,GAAG,CAAC,WAAW,CAAC,YAAmB,EAAE;QAC1C,IAAI,EAAE;YACJ,IAAI,EAAE,gBAAgB;YACtB,GAAG,IAAI;SACR;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}

package/dist/server/implementation/mutations/retrieveAccountWithCredentials.d.ts

@@ -0,0 +1,27 @@
+import { Infer } from "convex/values";
+import { ActionCtx, Doc, MutationCtx } from "../types.js";
+import * as Provider from "../provider.js";
+export declare const retrieveAccountWithCredentialsArgs: import("convex/values").VObject<{
+    account: {
+        secret?: string | undefined;
+        id: string;
+    };
+    provider: string;
+}, {
+    provider: import("convex/values").VString<string, "required">;
+    account: import("convex/values").VObject<{
+        secret?: string | undefined;
+        id: string;
+    }, {
+        id: import("convex/values").VString<string, "required">;
+        secret: import("convex/values").VString<string | undefined, "optional">;
+    }, "required", "id" | "secret">;
+}, "required", "account" | "provider" | "account.id" | "account.secret">;
+type ReturnType = "InvalidAccountId" | "TooManyFailedAttempts" | "InvalidSecret" | {
+    account: Doc<"account">;
+    user: Doc<"user">;
+};
+export declare function retrieveAccountWithCredentialsImpl(ctx: MutationCtx, args: Infer<typeof retrieveAccountWithCredentialsArgs>, getProviderOrThrow: Provider.GetProviderOrThrowFunc, config: Provider.Config): Promise<ReturnType>;
+export declare const callRetreiveAccountWithCredentials: (ctx: ActionCtx, args: Infer<typeof retrieveAccountWithCredentialsArgs>) => Promise<ReturnType>;
+export {};
+//# sourceMappingURL=retrieveAccountWithCredentials.d.ts.map

package/dist/server/implementation/mutations/retrieveAccountWithCredentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"retrieveAccountWithCredentials.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/retrieveAccountWithCredentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAK,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM1D,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAI3C,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;wEAG7C,CAAC;AAEH,KAAK,UAAU,GACX,kBAAkB,GAClB,uBAAuB,GACvB,eAAe,GACf;IAAE,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;CAAE,CAAC;AAEnD,wBAAsB,kCAAkC,CACtD,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,KAAK,CAAC,OAAO,kCAAkC,CAAC,EACtD,kBAAkB,EAAE,QAAQ,CAAC,sBAAsB,EACnD,MAAM,EAAE,QAAQ,CAAC,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CA+CrB;AAED,eAAO,MAAM,kCAAkC,GAC7C,KAAK,SAAS,EACd,MAAM,KAAK,CAAC,OAAO,kCAAkC,CAAC,KACrD,OAAO,CAAC,UAAU,CAOpB,CAAC"}

package/dist/server/implementation/mutations/retrieveAccountWithCredentials.js

@@ -0,0 +1,55 @@
+import { v } from "convex/values";
+import { isSignInRateLimited, recordFailedSignIn, resetSignInRateLimit, } from "../rateLimit.js";
+import * as Provider from "../provider.js";
+import { LOG_LEVELS, logWithLevel, maybeRedact } from "../utils.js";
+import { createAuthDb } from "../db.js";
+export const retrieveAccountWithCredentialsArgs = v.object({
+    provider: v.string(),
+    account: v.object({ id: v.string(), secret: v.optional(v.string()) }),
+});
+export async function retrieveAccountWithCredentialsImpl(ctx, args, getProviderOrThrow, config) {
+    const { provider: providerId, account } = args;
+    const authDb = config.component !== undefined ? createAuthDb(ctx, config.component) : null;
+    logWithLevel(LOG_LEVELS.DEBUG, "retrieveAccountWithCredentialsImpl args:", {
+        provider: providerId,
+        account: {
+            id: account.id,
+            secret: maybeRedact(account.secret ?? ""),
+        },
+    });
+    const existingAccount = authDb !== null
+        ? (await authDb.accounts.get(providerId, account.id))
+        : await ctx.db
+            .query("account")
+            .withIndex("providerAndAccountId", (q) => q.eq("provider", providerId).eq("providerAccountId", account.id))
+            .unique();
+    if (existingAccount === null) {
+        return "InvalidAccountId";
+    }
+    if (account.secret !== undefined) {
+        if (await isSignInRateLimited(ctx, existingAccount._id, config)) {
+            return "TooManyFailedAttempts";
+        }
+        if (!(await Provider.verify(getProviderOrThrow(providerId), account.secret, existingAccount.secret ?? ""))) {
+            await recordFailedSignIn(ctx, existingAccount._id, config);
+            return "InvalidSecret";
+        }
+        await resetSignInRateLimit(ctx, existingAccount._id, config);
+    }
+    return {
+        account: existingAccount,
+        // TODO: Ian removed this
+        user: authDb !== null
+            ? (await authDb.users.getById(existingAccount.userId))
+            : (await ctx.db.get(existingAccount.userId)),
+    };
+}
+export const callRetreiveAccountWithCredentials = async (ctx, args) => {
+    return ctx.runMutation("auth:store", {
+        args: {
+            type: "retrieveAccountWithCredentials",
+            ...args,
+        },
+    });
+};
+//# sourceMappingURL=retrieveAccountWithCredentials.js.map

package/dist/server/implementation/mutations/retrieveAccountWithCredentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"retrieveAccountWithCredentials.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/retrieveAccountWithCredentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAS,CAAC,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AACzB,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,CAAC,MAAM,kCAAkC,GAAG,CAAC,CAAC,MAAM,CAAC;IACzD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;CACtE,CAAC,CAAC;AAQH,MAAM,CAAC,KAAK,UAAU,kCAAkC,CACtD,GAAgB,EAChB,IAAsD,EACtD,kBAAmD,EACnD,MAAuB;IAEvB,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAC/C,MAAM,MAAM,GACV,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9E,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,0CAA0C,EAAE;QACzE,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE;YACP,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;SAC1C;KACF,CAAC,CAAC;IACH,MAAM,eAAe,GACnB,MAAM,KAAK,IAAI;QACb,CAAC,CAAE,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC,CAA2B;QAChF,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;aACT,KAAK,CAAC,SAAS,CAAC;aAChB,SAAS,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC,mBAAmB,EAAE,OAAO,CAAC,EAAE,CAAC,CACjE;aACA,MAAM,EAAE,CAAC;IAClB,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,MAAM,mBAAmB,CAAC,GAAG,EAAE,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC;YAChE,OAAO,uBAAuB,CAAC;QACjC,CAAC;QACD,IACE,CAAC,CAAC,MAAM,QAAQ,CAAC,MAAM,CACrB,kBAAkB,CAAC,UAAU,CAAC,EAC9B,OAAO,CAAC,MAAM,EACd,eAAe,CAAC,MAAM,IAAI,EAAE,CAC7B,CAAC,EACF,CAAC;YACD,MAAM,kBAAkB,CAAC,GAAG,EAAE,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC3D,OAAO,eAAe,CAAC;QACzB,CAAC;QACD,MAAM,oBAAoB,CAAC,GAAG,EAAE,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO;QACL,OAAO,EAAE,eAAe;QACxB,yBAAyB;QACzB,IAAI,EACF,MAAM,KAAK,IAAI;YACb,CAAC,CAAE,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAA4B;YAClF,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,CAAE;KAClD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,kCAAkC,GAAG,KAAK,EACrD,GAAc,EACd,IAAsD,EACjC,EAAE;IACvB,OAAO,GAAG,CAAC,WAAW,CAAC,YAAmB,EAAE;QAC1C,IAAI,EAAE;YACJ,IAAI,EAAE,gCAAgC;YACtC,GAAG,IAAI;SACR;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}

package/dist/server/implementation/mutations/signIn.d.ts

@@ -0,0 +1,17 @@
+import { Infer } from "convex/values";
+import { ActionCtx, MutationCtx, SessionInfo } from "../types.js";
+import * as Provider from "../provider.js";
+export declare const signInArgs: import("convex/values").VObject<{
+    sessionId?: string | undefined;
+    userId: string;
+    generateTokens: boolean;
+}, {
+    userId: import("convex/values").VString<string, "required">;
+    sessionId: import("convex/values").VString<string | undefined, "optional">;
+    generateTokens: import("convex/values").VBoolean<boolean, "required">;
+}, "required", "userId" | "sessionId" | "generateTokens">;
+type ReturnType = SessionInfo;
+export declare function signInImpl(ctx: MutationCtx, args: Infer<typeof signInArgs>, config: Provider.Config): Promise<ReturnType>;
+export declare const callSignIn: (ctx: ActionCtx, args: Infer<typeof signInArgs>) => Promise<ReturnType>;
+export {};
+//# sourceMappingURL=signIn.d.ts.map

package/dist/server/implementation/mutations/signIn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signIn.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/signIn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,KAAK,EAAK,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAO3C,eAAO,MAAM,UAAU;;;;;;;;yDAIrB,CAAC;AAEH,KAAK,UAAU,GAAG,WAAW,CAAC;AAE9B,wBAAsB,UAAU,CAC9B,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,KAAK,CAAC,OAAO,UAAU,CAAC,EAC9B,MAAM,EAAE,QAAQ,CAAC,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CAiBrB;AAED,eAAO,MAAM,UAAU,GACrB,KAAK,SAAS,EACd,MAAM,KAAK,CAAC,OAAO,UAAU,CAAC,KAC7B,OAAO,CAAC,UAAU,CAOpB,CAAC"}

package/dist/server/implementation/mutations/signIn.js

@@ -0,0 +1,26 @@
+import { v } from "convex/values";
+import { createNewAndDeleteExistingSession, maybeGenerateTokensForSession, } from "../sessions.js";
+import { LOG_LEVELS, logWithLevel } from "../utils.js";
+export const signInArgs = v.object({
+    userId: v.string(),
+    sessionId: v.optional(v.string()),
+    generateTokens: v.boolean(),
+});
+export async function signInImpl(ctx, args, config) {
+    logWithLevel(LOG_LEVELS.DEBUG, "signInImpl args:", args);
+    const { userId, sessionId: existingSessionId, generateTokens } = args;
+    const typedUserId = userId;
+    const typedExistingSessionId = existingSessionId;
+    const sessionId = typedExistingSessionId ??
+        (await createNewAndDeleteExistingSession(ctx, config, typedUserId));
+    return await maybeGenerateTokensForSession(ctx, config, typedUserId, sessionId, generateTokens);
+}
+export const callSignIn = async (ctx, args) => {
+    return ctx.runMutation("auth:store", {
+        args: {
+            type: "signIn",
+            ...args,
+        },
+    });
+};
+//# sourceMappingURL=signIn.js.map

package/dist/server/implementation/mutations/signIn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signIn.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/signIn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,CAAC,EAAE,MAAM,eAAe,CAAC;AAGpD,OAAO,EACL,iCAAiC,EACjC,6BAA6B,GAC9B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEvD,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACjC,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE;CAC5B,CAAC,CAAC;AAIH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAgB,EAChB,IAA8B,EAC9B,MAAuB;IAEvB,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,kBAAkB,EAAE,IAAI,CAAC,CAAC;IACzD,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC;IACtE,MAAM,WAAW,GAAG,MAA2B,CAAC;IAChD,MAAM,sBAAsB,GAAG,iBAElB,CAAC;IACd,MAAM,SAAS,GACb,sBAAsB;QACtB,CAAC,MAAM,iCAAiC,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;IACtE,OAAO,MAAM,6BAA6B,CACxC,GAAG,EACH,MAAM,EACN,WAAW,EACX,SAAS,EACT,cAAc,CACf,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAC7B,GAAc,EACd,IAA8B,EACT,EAAE;IACvB,OAAO,GAAG,CAAC,WAAW,CAAC,YAAmB,EAAE;QAC1C,IAAI,EAAE;YACJ,IAAI,EAAE,QAAQ;YACd,GAAG,IAAI;SACR;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}

package/dist/server/implementation/mutations/signOut.d.ts

@@ -0,0 +1,11 @@
+import { GenericId } from "convex/values";
+import { ActionCtx, MutationCtx } from "../types.js";
+import * as Provider from "../provider.js";
+type ReturnType = {
+    userId: GenericId<"user">;
+    sessionId: GenericId<"session">;
+} | null;
+export declare function signOutImpl(ctx: MutationCtx, config: Provider.Config): Promise<ReturnType>;
+export declare const callSignOut: (ctx: ActionCtx) => Promise<void>;
+export {};
+//# sourceMappingURL=signOut.d.ts.map

package/dist/server/implementation/mutations/signOut.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signOut.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/signOut.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAErD,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAG3C,KAAK,UAAU,GAAG;IAChB,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1B,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;CACjC,GAAG,IAAI,CAAC;AAET,wBAAsB,WAAW,CAC/B,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,QAAQ,CAAC,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CAerB;AAED,eAAO,MAAM,WAAW,GAAU,KAAK,SAAS,KAAG,OAAO,CAAC,IAAI,CAM9D,CAAC"}

package/dist/server/implementation/mutations/signOut.js

@@ -0,0 +1,24 @@
+import { deleteSession, getAuthSessionId } from "../sessions.js";
+import { createAuthDb } from "../db.js";
+export async function signOutImpl(ctx, config) {
+    const authDb = config.component !== undefined ? createAuthDb(ctx, config.component) : null;
+    const sessionId = await getAuthSessionId(ctx);
+    if (sessionId !== null) {
+        const session = authDb !== null
+            ? await authDb.sessions.getById(sessionId)
+            : await ctx.db.get(sessionId);
+        if (session !== null) {
+            await deleteSession(ctx, session, config);
+            return { userId: session.userId, sessionId: session._id };
+        }
+    }
+    return null;
+}
+export const callSignOut = async (ctx) => {
+    return ctx.runMutation("auth:store", {
+        args: {
+            type: "signOut",
+        },
+    });
+};
+//# sourceMappingURL=signOut.js.map

package/dist/server/implementation/mutations/signOut.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signOut.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/signOut.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAEjE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAOxC,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,GAAgB,EAChB,MAAuB;IAEvB,MAAM,MAAM,GACV,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9E,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC9C,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,MAAM,OAAO,GACX,MAAM,KAAK,IAAI;YACb,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC;YAC1C,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,MAAM,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;YAC1C,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;QAC5D,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAAE,GAAc,EAAiB,EAAE;IACjE,OAAO,GAAG,CAAC,WAAW,CAAC,YAAmB,EAAE;QAC1C,IAAI,EAAE;YACJ,IAAI,EAAE,SAAS;SAChB;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}

package/dist/server/implementation/mutations/userOAuth.d.ts

@@ -0,0 +1,19 @@
+import { Infer } from "convex/values";
+import { ActionCtx, MutationCtx } from "../types.js";
+import * as Provider from "../provider.js";
+export declare const userOAuthArgs: import("convex/values").VObject<{
+    profile: any;
+    provider: string;
+    providerAccountId: string;
+    signature: string;
+}, {
+    provider: import("convex/values").VString<string, "required">;
+    providerAccountId: import("convex/values").VString<string, "required">;
+    profile: import("convex/values").VAny<any, "required", string>;
+    signature: import("convex/values").VString<string, "required">;
+}, "required", "profile" | "provider" | "providerAccountId" | "signature" | `profile.${string}`>;
+type ReturnType = string;
+export declare function userOAuthImpl(ctx: MutationCtx, args: Infer<typeof userOAuthArgs>, getProviderOrThrow: Provider.GetProviderOrThrowFunc, config: Provider.Config): Promise<ReturnType>;
+export declare const callUserOAuth: (ctx: ActionCtx, args: Infer<typeof userOAuthArgs>) => Promise<ReturnType>;
+export {};
+//# sourceMappingURL=userOAuth.d.ts.map

package/dist/server/implementation/mutations/userOAuth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"userOAuth.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/userOAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAK,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAQ3C,eAAO,MAAM,aAAa;;;;;;;;;;gGAKxB,CAAC;AAEH,KAAK,UAAU,GAAG,MAAM,CAAC;AAEzB,wBAAsB,aAAa,CACjC,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,KAAK,CAAC,OAAO,aAAa,CAAC,EACjC,kBAAkB,EAAE,QAAQ,CAAC,sBAAsB,EACnD,MAAM,EAAE,QAAQ,CAAC,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CA2ErB;AAED,eAAO,MAAM,aAAa,GACxB,KAAK,SAAS,EACd,MAAM,KAAK,CAAC,OAAO,aAAa,CAAC,KAChC,OAAO,CAAC,UAAU,CAOpB,CAAC"}

package/dist/server/implementation/mutations/userOAuth.js

@@ -0,0 +1,84 @@
+import { v } from "convex/values";
+import { upsertUserAndAccount } from "../users.js";
+import { generateRandomString, logWithLevel, sha256 } from "../utils.js";
+import { createAuthDb } from "../db.js";
+const OAUTH_SIGN_IN_EXPIRATION_MS = 1000 * 60 * 2; // 2 minutes
+export const userOAuthArgs = v.object({
+    provider: v.string(),
+    providerAccountId: v.string(),
+    profile: v.any(),
+    signature: v.string(),
+});
+export async function userOAuthImpl(ctx, args, getProviderOrThrow, config) {
+    logWithLevel("DEBUG", "userOAuthImpl args:", args);
+    const { profile, provider, providerAccountId, signature } = args;
+    const authDb = config.component !== undefined ? createAuthDb(ctx, config.component) : null;
+    const providerConfig = getProviderOrThrow(provider);
+    const existingAccount = authDb !== null
+        ? await authDb.accounts.get(provider, providerAccountId)
+        : await ctx.db
+            .query("account")
+            .withIndex("providerAndAccountId", (q) => q.eq("provider", provider).eq("providerAccountId", providerAccountId))
+            .unique();
+    const verifier = authDb !== null
+        ? await authDb.verifiers.getBySignature(signature)
+        : await ctx.db
+            .query("verifier")
+            .withIndex("signature", (q) => q.eq("signature", signature))
+            .unique();
+    if (verifier === null) {
+        throw new Error("Invalid state");
+    }
+    const { accountId } = await upsertUserAndAccount(ctx, verifier.sessionId ?? null, existingAccount !== null ? { existingAccount } : { providerAccountId }, { type: "oauth", provider: providerConfig, profile }, config);
+    const code = generateRandomString(8, "0123456789");
+    if (authDb !== null) {
+        await authDb.verifiers.delete(verifier._id);
+    }
+    else {
+        await ctx.db.delete(verifier._id);
+    }
+    const existingVerificationCode = authDb !== null
+        ? await authDb.verificationCodes.getByAccountId(accountId)
+        : await ctx.db
+            .query("verification")
+            .withIndex("accountId", (q) => q.eq("accountId", accountId))
+            .unique();
+    if (existingVerificationCode !== null) {
+        if (authDb !== null) {
+            await authDb.verificationCodes.delete(existingVerificationCode._id);
+        }
+        else {
+            await ctx.db.delete(existingVerificationCode._id);
+        }
+    }
+    if (authDb !== null) {
+        await authDb.verificationCodes.create({
+            code: await sha256(code),
+            accountId,
+            provider,
+            expirationTime: Date.now() + OAUTH_SIGN_IN_EXPIRATION_MS,
+            verifier: verifier._id,
+        });
+    }
+    else {
+        await ctx.db.insert("verification", {
+            code: await sha256(code),
+            accountId,
+            provider,
+            expirationTime: Date.now() + OAUTH_SIGN_IN_EXPIRATION_MS,
+            // The use of a verifier means we don't need an identifier
+            // during verification.
+            verifier: verifier._id,
+        });
+    }
+    return code;
+}
+export const callUserOAuth = async (ctx, args) => {
+    return ctx.runMutation("auth:store", {
+        args: {
+            type: "userOAuth",
+            ...args,
+        },
+    });
+};
+//# sourceMappingURL=userOAuth.js.map

package/dist/server/implementation/mutations/userOAuth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"userOAuth.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/userOAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAS,CAAC,EAAE,MAAM,eAAe,CAAC;AAIzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,2BAA2B,GAAG,IAAI,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,YAAY;AAE/D,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC7B,OAAO,EAAE,CAAC,CAAC,GAAG,EAAE;IAChB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAIH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAgB,EAChB,IAAiC,EACjC,kBAAmD,EACnD,MAAuB;IAEvB,YAAY,CAAC,OAAO,EAAE,qBAAqB,EAAE,IAAI,CAAC,CAAC;IACnD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IACjE,MAAM,MAAM,GACV,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9E,MAAM,cAAc,GAAG,kBAAkB,CAAC,QAAQ,CAAqB,CAAC;IACxE,MAAM,eAAe,GACnB,MAAM,KAAK,IAAI;QACb,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,iBAAiB,CAAC;QACxD,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;aACT,KAAK,CAAC,SAAS,CAAC;aAChB,SAAS,CAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CACtE;aACA,MAAM,EAAE,CAAC;IAElB,MAAM,QAAQ,GACZ,MAAM,KAAK,IAAI;QACb,CAAC,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC;QAClD,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;aACT,KAAK,CAAC,UAAU,CAAC;aACjB,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;aAC3D,MAAM,EAAE,CAAC;IAClB,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;IACnC,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,oBAAoB,CAC9C,GAAG,EACH,QAAQ,CAAC,SAAS,IAAI,IAAI,EAC1B,eAAe,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,EACtE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,EACpD,MAAM,CACP,CAAC;IAEF,MAAM,IAAI,GAAG,oBAAoB,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IACnD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,wBAAwB,GAC5B,MAAM,KAAK,IAAI;QACb,CAAC,CAAC,MAAM,MAAM,CAAC,iBAAiB,CAAC,cAAc,CAAC,SAAS,CAAC;QAC1D,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;aACT,KAAK,CAAC,cAAc,CAAC;aACrB,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;aAC3D,MAAM,EAAE,CAAC;IAClB,IAAI,wBAAwB,KAAK,IAAI,EAAE,CAAC;QACtC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;QACtE,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IACD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC;YACpC,IAAI,EAAE,MAAM,MAAM,CAAC,IAAI,CAAC;YACxB,SAAS;YACT,QAAQ;YACR,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,2BAA2B;YACxD,QAAQ,EAAE,QAAQ,CAAC,GAAG;SACvB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE;YAClC,IAAI,EAAE,MAAM,MAAM,CAAC,IAAI,CAAC;YACxB,SAAS;YACT,QAAQ;YACR,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,2BAA2B;YACxD,0DAA0D;YAC1D,uBAAuB;YACvB,QAAQ,EAAE,QAAQ,CAAC,GAAG;SACvB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,GAAc,EACd,IAAiC,EACZ,EAAE;IACvB,OAAO,GAAG,CAAC,WAAW,CAAC,YAAmB,EAAE;QAC1C,IAAI,EAAE;YACJ,IAAI,EAAE,WAAW;YACjB,GAAG,IAAI;SACR;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}

package/dist/server/implementation/mutations/verifier.d.ts

@@ -0,0 +1,8 @@
+import { GenericId } from "convex/values";
+import { ActionCtx, MutationCtx } from "../types.js";
+import * as Provider from "../provider.js";
+type ReturnType = GenericId<"verifier">;
+export declare function verifierImpl(ctx: MutationCtx, config: Provider.Config): Promise<ReturnType>;
+export declare const callVerifier: (ctx: ActionCtx) => Promise<ReturnType>;
+export {};
+//# sourceMappingURL=verifier.d.ts.map

package/dist/server/implementation/mutations/verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAErD,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAG3C,KAAK,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;AAExC,wBAAsB,YAAY,CAChC,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,QAAQ,CAAC,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CASrB;AAED,eAAO,MAAM,YAAY,GAAU,KAAK,SAAS,KAAG,OAAO,CAAC,UAAU,CAMrE,CAAC"}

package/dist/server/implementation/mutations/verifier.js

@@ -0,0 +1,19 @@
+import { getAuthSessionId } from "../sessions.js";
+import { createAuthDb } from "../db.js";
+export async function verifierImpl(ctx, config) {
+    const sessionId = (await getAuthSessionId(ctx)) ?? undefined;
+    if (config.component !== undefined) {
+        return (await createAuthDb(ctx, config.component).verifiers.create(sessionId));
+    }
+    return await ctx.db.insert("verifier", {
+        sessionId,
+    });
+}
+export const callVerifier = async (ctx) => {
+    return ctx.runMutation("auth:store", {
+        args: {
+            type: "verifier",
+        },
+    });
+};
+//# sourceMappingURL=verifier.js.map

package/dist/server/implementation/mutations/verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifier.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAElD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAIxC,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,GAAgB,EAChB,MAAuB;IAEvB,MAAM,SAAS,GAAG,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC,IAAI,SAAS,CAAC;IAC7D,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,OAAO,CAAC,MAAM,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CACjE,CAAC;IACf,CAAC;IACD,OAAO,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE;QACrC,SAAS;KACV,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,GAAc,EAAuB,EAAE;IACxE,OAAO,GAAG,CAAC,WAAW,CAAC,YAAmB,EAAE;QAC1C,IAAI,EAAE;YACJ,IAAI,EAAE,UAAU;SACjB;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}

package/dist/server/implementation/mutations/verifierSignature.d.ts

@@ -0,0 +1,15 @@
+import { Infer } from "convex/values";
+import { ActionCtx, MutationCtx } from "../types.js";
+import * as Provider from "../provider.js";
+export declare const verifierSignatureArgs: import("convex/values").VObject<{
+    verifier: string;
+    signature: string;
+}, {
+    verifier: import("convex/values").VString<string, "required">;
+    signature: import("convex/values").VString<string, "required">;
+}, "required", "verifier" | "signature">;
+type ReturnType = void;
+export declare function verifierSignatureImpl(ctx: MutationCtx, args: Infer<typeof verifierSignatureArgs>, config: Provider.Config): Promise<ReturnType>;
+export declare const callVerifierSignature: (ctx: ActionCtx, args: Infer<typeof verifierSignatureArgs>) => Promise<void>;
+export {};
+//# sourceMappingURL=verifierSignature.d.ts.map

package/dist/server/implementation/mutations/verifierSignature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifierSignature.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifierSignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,KAAK,EAAK,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAG3C,eAAO,MAAM,qBAAqB;;;;;;wCAGhC,CAAC;AAEH,KAAK,UAAU,GAAG,IAAI,CAAC;AAEvB,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,KAAK,CAAC,OAAO,qBAAqB,CAAC,EACzC,MAAM,EAAE,QAAQ,CAAC,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CAerB;AAED,eAAO,MAAM,qBAAqB,GAChC,KAAK,SAAS,EACd,MAAM,KAAK,CAAC,OAAO,qBAAqB,CAAC,KACxC,OAAO,CAAC,IAAI,CAOd,CAAC"}

package/dist/server/implementation/mutations/verifierSignature.js

@@ -0,0 +1,29 @@
+import { v } from "convex/values";
+import { createAuthDb } from "../db.js";
+export const verifierSignatureArgs = v.object({
+    verifier: v.string(),
+    signature: v.string(),
+});
+export async function verifierSignatureImpl(ctx, args, config) {
+    const { verifier, signature } = args;
+    const authDb = config.component !== undefined ? createAuthDb(ctx, config.component) : null;
+    const verifierDoc = authDb !== null
+        ? await authDb.verifiers.getById(verifier)
+        : await ctx.db.get(verifier);
+    if (verifierDoc === null) {
+        throw new Error("Invalid verifier");
+    }
+    if (authDb !== null) {
+        return await authDb.verifiers.patch(verifierDoc._id, { signature });
+    }
+    return await ctx.db.patch(verifierDoc._id, { signature });
+}
+export const callVerifierSignature = async (ctx, args) => {
+    return ctx.runMutation("auth:store", {
+        args: {
+            type: "verifierSignature",
+            ...args,
+        },
+    });
+};
+//# sourceMappingURL=verifierSignature.js.map

package/dist/server/implementation/mutations/verifierSignature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifierSignature.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifierSignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,CAAC,EAAE,MAAM,eAAe,CAAC;AAGpD,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAExC,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAIH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAgB,EAChB,IAAyC,EACzC,MAAuB;IAEvB,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IACrC,MAAM,MAAM,GACV,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9E,MAAM,WAAW,GACf,MAAM,KAAK,IAAI;QACb,CAAC,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,QAAiC,CAAC;QACnE,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,QAAiC,CAAC,CAAC;IAC1D,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,GAAc,EACd,IAAyC,EAC1B,EAAE;IACjB,OAAO,GAAG,CAAC,WAAW,CAAC,YAAmB,EAAE;QAC1C,IAAI,EAAE;YACJ,IAAI,EAAE,mBAAmB;YACzB,GAAG,IAAI;SACR;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}