@robelest/convex-auth 0.0.1

package/dist/server/implementation/sessions.js

@@ -0,0 +1,94 @@
+import { LOG_LEVELS, TOKEN_SUB_CLAIM_DIVIDER, logWithLevel, maybeRedact, stringToNumber, } from "./utils.js";
+import { generateToken } from "./tokens.js";
+import { createRefreshToken, formatRefreshToken, deleteAllRefreshTokens, } from "./refreshTokens.js";
+import { createAuthDb } from "./db.js";
+const DEFAULT_SESSION_TOTAL_DURATION_MS = 1000 * 60 * 60 * 24 * 30; // 30 days
+export async function maybeGenerateTokensForSession(ctx, config, userId, sessionId, generateTokens) {
+    return {
+        userId,
+        sessionId,
+        tokens: generateTokens
+            ? await generateTokensForSession(ctx, config, {
+                userId,
+                sessionId,
+                issuedRefreshTokenId: null,
+                parentRefreshTokenId: null,
+            })
+            : null,
+    };
+}
+export async function createNewAndDeleteExistingSession(ctx, config, userId) {
+    const authDb = config.component !== undefined ? createAuthDb(ctx, config.component) : null;
+    const existingSessionId = await getAuthSessionId(ctx);
+    if (existingSessionId !== null) {
+        const existingSession = authDb !== null
+            ? await authDb.sessions.getById(existingSessionId)
+            : await ctx.db.get(existingSessionId);
+        if (existingSession !== null) {
+            await deleteSession(ctx, existingSession, config);
+        }
+    }
+    return await createSession(ctx, userId, config);
+}
+export async function generateTokensForSession(ctx, config, args) {
+    const ids = { userId: args.userId, sessionId: args.sessionId };
+    const refreshTokenId = args.issuedRefreshTokenId ??
+        (await createRefreshToken(ctx, config, args.sessionId, args.parentRefreshTokenId));
+    const result = {
+        token: await generateToken(ids, config),
+        refreshToken: formatRefreshToken(refreshTokenId, args.sessionId),
+    };
+    logWithLevel(LOG_LEVELS.DEBUG, `Generated token ${maybeRedact(result.token)} and refresh token ${maybeRedact(refreshTokenId)} for session ${maybeRedact(args.sessionId)}`);
+    return result;
+}
+async function createSession(ctx, userId, config) {
+    const expirationTime = Date.now() +
+        (config.session?.totalDurationMs ??
+            stringToNumber(process.env.AUTH_SESSION_TOTAL_DURATION_MS) ??
+            DEFAULT_SESSION_TOTAL_DURATION_MS);
+    if (config.component !== undefined) {
+        return (await createAuthDb(ctx, config.component).sessions.create(userId, expirationTime));
+    }
+    return await ctx.db.insert("session", { expirationTime, userId });
+}
+export async function deleteSession(ctx, session, config) {
+    if (config.component !== undefined) {
+        await createAuthDb(ctx, config.component).sessions.delete(session._id);
+    }
+    else {
+        await ctx.db.delete(session._id);
+    }
+    await deleteAllRefreshTokens(ctx, session._id, config);
+}
+/**
+ * Return the current session ID.
+ *
+ * ```ts filename="convex/myFunctions.tsx"
+ * import { mutation } from "./_generated/server";
+ * import { getAuthSessionId } from "@robelest/convex-auth/component";
+ *
+ * export const doSomething = mutation({
+ *   args: {/* ... *\/},
+ *   handler: async (ctx, args) => {
+ *     const sessionId = await getAuthSessionId(ctx);
+ *     if (sessionId === null) {
+ *       throw new Error("Client is not authenticated!")
+ *     }
+ *     const session = await ctx.db.get(sessionId);
+ *     // ...
+ *   },
+ * });
+ * ```
+ *
+ * @param ctx query, mutation or action `ctx`
+ * @returns the session ID or `null` if the client isn't authenticated
+ */
+export async function getAuthSessionId(ctx) {
+    const identity = await ctx.auth.getUserIdentity();
+    if (identity === null) {
+        return null;
+    }
+    const [, sessionId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);
+    return sessionId;
+}
+//# sourceMappingURL=sessions.js.map

package/dist/server/implementation/sessions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessions.js","sourceRoot":"","sources":["../../../src/server/implementation/sessions.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,UAAU,EACV,uBAAuB,EACvB,YAAY,EACZ,WAAW,EACX,cAAc,GACf,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,MAAM,iCAAiC,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;AAE9E,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,GAAgB,EAChB,MAAwB,EACxB,MAAyB,EACzB,SAA+B,EAC/B,cAAuB;IAEvB,OAAO;QACL,MAAM;QACN,SAAS;QACT,MAAM,EAAE,cAAc;YACpB,CAAC,CAAC,MAAM,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE;gBAC1C,MAAM;gBACN,SAAS;gBACT,oBAAoB,EAAE,IAAI;gBAC1B,oBAAoB,EAAE,IAAI;aAC3B,CAAC;YACJ,CAAC,CAAC,IAAI;KACT,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iCAAiC,CACrD,GAAgB,EAChB,MAAwB,EACxB,MAAyB;IAEzB,MAAM,MAAM,GACV,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9E,MAAM,iBAAiB,GAAG,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACtD,IAAI,iBAAiB,KAAK,IAAI,EAAE,CAAC;QAC/B,MAAM,eAAe,GACnB,MAAM,KAAK,IAAI;YACb,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,iBAAiB,CAAC;YAClD,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAC1C,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;YAC7B,MAAM,aAAa,CAAC,GAAG,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IACD,OAAO,MAAM,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,GAAgB,EAChB,MAAwB,EACxB,IAKC;IAED,MAAM,GAAG,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;IAC/D,MAAM,cAAc,GAClB,IAAI,CAAC,oBAAoB;QACzB,CAAC,MAAM,kBAAkB,CACvB,GAAG,EACH,MAAM,EACN,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,oBAAoB,CAC1B,CAAC,CAAC;IACL,MAAM,MAAM,GAAG;QACb,KAAK,EAAE,MAAM,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC;QACvC,YAAY,EAAE,kBAAkB,CAAC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC;KACjE,CAAC;IACF,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,mBAAmB,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,WAAW,CAAC,cAAc,CAAC,gBAAgB,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAC3I,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,GAAgB,EAChB,MAAyB,EACzB,MAAwB;IAExB,MAAM,cAAc,GAClB,IAAI,CAAC,GAAG,EAAE;QACV,CAAC,MAAM,CAAC,OAAO,EAAE,eAAe;YAC9B,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC;YAC1D,iCAAiC,CAAC,CAAC;IACvC,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,OAAO,CAAC,MAAM,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAC/D,MAAM,EACN,cAAc,CACf,CAAyB,CAAC;IAC7B,CAAC;IACD,OAAO,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAgB,EAChB,OAAuB,EACvB,MAAwB;IAExB,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACzE,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IACD,MAAM,sBAAsB,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AACzD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,GAAmB;IACxD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;IAClD,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,CAAC,EAAE,SAAS,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACtE,OAAO,SAAiC,CAAC;AAC3C,CAAC"}

package/dist/server/implementation/signIn.d.ts

@@ -0,0 +1,31 @@
+import { GenericId } from "convex/values";
+import { AuthProviderMaterializedConfig, GenericActionCtxWithAuthConfig } from "../types.js";
+import { AuthDataModel, SessionInfo, Tokens } from "./types.js";
+type EnrichedActionCtx = GenericActionCtxWithAuthConfig<AuthDataModel>;
+export declare function signInImpl(ctx: EnrichedActionCtx, provider: AuthProviderMaterializedConfig | null, args: {
+    accountId?: GenericId<"account">;
+    params?: Record<string, any>;
+    verifier?: string;
+    refreshToken?: string;
+    calledBy?: string;
+}, options: {
+    generateTokens: boolean;
+    allowExtraProviders: boolean;
+}): Promise<{
+    kind: "signedIn";
+    signedIn: SessionInfo | null;
+} | {
+    kind: "refreshTokens";
+    signedIn: {
+        tokens: Tokens;
+    };
+} | {
+    kind: "started";
+    started: true;
+} | {
+    kind: "redirect";
+    redirect: string;
+    verifier: string;
+}>;
+export {};
+//# sourceMappingURL=signIn.d.ts.map

package/dist/server/implementation/signIn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signIn.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/signIn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EACL,8BAA8B,EAG9B,8BAA8B,EAE/B,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,EACb,WAAW,EAEX,MAAM,EACP,MAAM,YAAY,CAAC;AAepB,KAAK,iBAAiB,GAAG,8BAA8B,CAAC,aAAa,CAAC,CAAC;AAEvE,wBAAsB,UAAU,CAC9B,GAAG,EAAE,iBAAiB,EACtB,QAAQ,EAAE,8BAA8B,GAAG,IAAI,EAC/C,IAAI,EAAE;IACJ,SAAS,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,EACD,OAAO,EAAE;IACP,cAAc,EAAE,OAAO,CAAC;IACxB,mBAAmB,EAAE,OAAO,CAAC;CAC9B,GACA,OAAO,CACN;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,QAAQ,EAAE,WAAW,GAAG,IAAI,CAAA;CAAE,GAElD;IAAE,IAAI,EAAE,eAAe,CAAC;IAAC,QAAQ,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,GAEvD;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,IAAI,CAAA;CAAE,GAElC;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAC3D,CAsCA"}

package/dist/server/implementation/signIn.js

@@ -0,0 +1,148 @@
+import { callCreateVerificationCode, callRefreshSession, callSignIn, callVerifier, callVerifyCodeAndSignIn, } from "./mutations/index.js";
+import { redirectAbsoluteUrl, setURLSearchParam } from "./redirects.js";
+import { requireEnv } from "../utils.js";
+import { generateRandomString } from "./utils.js";
+const DEFAULT_EMAIL_VERIFICATION_CODE_DURATION_S = 60 * 60 * 24; // 24 hours
+export async function signInImpl(ctx, provider, args, options) {
+    if (provider === null && args.refreshToken) {
+        const tokens = (await callRefreshSession(ctx, {
+            refreshToken: args.refreshToken,
+        }));
+        return { kind: "refreshTokens", signedIn: { tokens } };
+    }
+    if (provider === null && args.params?.code !== undefined) {
+        const result = await callVerifyCodeAndSignIn(ctx, {
+            params: args.params,
+            verifier: args.verifier,
+            generateTokens: true,
+            allowExtraProviders: options.allowExtraProviders,
+        });
+        return {
+            kind: "signedIn",
+            signedIn: result,
+        };
+    }
+    if (provider === null) {
+        throw new Error("Cannot sign in: Missing `provider`, `params.code` or `refreshToken`");
+    }
+    if (provider.type === "email" || provider.type === "phone") {
+        return handleEmailAndPhoneProvider(ctx, provider, args, options);
+    }
+    if (provider.type === "credentials") {
+        return handleCredentials(ctx, provider, args, options);
+    }
+    if (provider.type === "oauth" || provider.type === "oidc") {
+        return handleOAuthProvider(ctx, provider, args, options);
+    }
+    const _typecheck = provider;
+    throw new Error(`Provider type ${provider.type} is not supported yet`);
+}
+async function handleEmailAndPhoneProvider(ctx, provider, args, options) {
+    if (args.params?.code !== undefined) {
+        const result = await callVerifyCodeAndSignIn(ctx, {
+            params: args.params,
+            provider: provider.id,
+            generateTokens: options.generateTokens,
+            allowExtraProviders: options.allowExtraProviders,
+        });
+        if (result === null) {
+            throw new Error("Could not verify code");
+        }
+        return {
+            kind: "signedIn",
+            signedIn: result,
+        };
+    }
+    const alphabet = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+    const code = provider.generateVerificationToken
+        ? await provider.generateVerificationToken()
+        : generateRandomString(32, alphabet);
+    const expirationTime = Date.now() +
+        (provider.maxAge ?? DEFAULT_EMAIL_VERIFICATION_CODE_DURATION_S) * 1000;
+    const identifier = await callCreateVerificationCode(ctx, {
+        provider: provider.id,
+        accountId: args.accountId,
+        email: args.params?.email,
+        phone: args.params?.phone,
+        code,
+        expirationTime,
+        allowExtraProviders: options.allowExtraProviders,
+    });
+    const destination = await redirectAbsoluteUrl(ctx.auth.config, (args.params ?? {}));
+    const verificationArgs = {
+        identifier,
+        url: setURLSearchParam(destination, "code", code),
+        token: code,
+        expires: new Date(expirationTime),
+    };
+    if (provider.type === "email") {
+        await provider.sendVerificationRequest({
+            ...verificationArgs,
+            provider: {
+                ...provider,
+                from: 
+                // Simplifies demo configuration of Resend
+                provider.from === "Auth.js <no-reply@authjs.dev>" &&
+                    provider.id === "resend"
+                    ? "My App <onboarding@resend.dev>"
+                    : provider.from,
+            },
+            request: new Request("http://localhost"), // TODO: Document
+            theme: ctx.auth.config.theme,
+        }, 
+        // @ts-expect-error Figure out typing for email providers so they can
+        // access ctx.
+        ctx);
+    }
+    else if (provider.type === "phone") {
+        await provider.sendVerificationRequest({ ...verificationArgs, provider }, ctx);
+    }
+    return { kind: "started", started: true };
+}
+async function handleCredentials(ctx, provider, args, options) {
+    const result = await provider.authorize(args.params ?? {}, ctx);
+    if (result === null) {
+        return { kind: "signedIn", signedIn: null };
+    }
+    const idsAndTokens = await callSignIn(ctx, {
+        userId: result.userId,
+        sessionId: result.sessionId,
+        generateTokens: options.generateTokens,
+    });
+    return {
+        kind: "signedIn",
+        signedIn: idsAndTokens,
+    };
+}
+async function handleOAuthProvider(ctx, provider, args, options) {
+    // We have this action because:
+    // 1. We remember the current sessionId if any, so we can link accounts
+    // 2. The client doesn't need to know the HTTP Actions URL
+    //    of the backend (this simplifies using local backend)
+    // 3. The client doesn't need to know which provider is of which type,
+    //    and hence which provider requires client-side redirect
+    // 4. On mobile the client can complete the flow manually
+    if (args.params?.code !== undefined) {
+        const result = await callVerifyCodeAndSignIn(ctx, {
+            params: args.params,
+            verifier: args.verifier,
+            generateTokens: true,
+            allowExtraProviders: options.allowExtraProviders,
+        });
+        return {
+            kind: "signedIn",
+            signedIn: result,
+        };
+    }
+    const redirect = new URL((process.env.CUSTOM_AUTH_SITE_URL ?? requireEnv("CONVEX_SITE_URL")) + `/api/auth/signin/${provider.id}`);
+    const verifier = await callVerifier(ctx);
+    redirect.searchParams.set("code", verifier);
+    if (args.params?.redirectTo !== undefined) {
+        if (typeof args.params.redirectTo !== "string") {
+            throw new Error(`Expected \`redirectTo\` to be a string, got ${args.params.redirectTo}`);
+        }
+        redirect.searchParams.set("redirectTo", args.params.redirectTo);
+    }
+    return { kind: "redirect", redirect: redirect.toString(), verifier };
+}
+//# sourceMappingURL=signIn.js.map

package/dist/server/implementation/signIn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signIn.js","sourceRoot":"","sources":["../../../src/server/implementation/signIn.ts"],"names":[],"mappings":"AAcA,OAAO,EACL,0BAA0B,EAC1B,kBAAkB,EAClB,UAAU,EACV,YAAY,EACZ,uBAAuB,GACxB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAElD,MAAM,0CAA0C,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,WAAW;AAI5E,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAsB,EACtB,QAA+C,EAC/C,IAMC,EACD,OAGC;IAUD,IAAI,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAW,CAAC,MAAM,kBAAkB,CAAC,GAAG,EAAE;YACpD,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,CAAE,CAAC;QACL,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC;IACzD,CAAC;IACD,IAAI,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;QACzD,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE,IAAI;YACpB,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;SACjD,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,MAAM;SACjB,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC3D,OAAO,2BAA2B,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACpC,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC1D,OAAO,mBAAmB,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,UAAU,GAAU,QAAQ,CAAC;IACnC,MAAM,IAAI,KAAK,CACb,iBAAkB,QAAgB,CAAC,IAAI,uBAAuB,CAC/D,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,GAAsB,EACtB,QAAmC,EACnC,IAGC,EACD,OAGC;IAKD,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,QAAQ,CAAC,EAAE;YACrB,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;SACjD,CAAC,CAAC;QACH,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,MAA+B;SAC1C,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GACZ,gEAAgE,CAAC;IACnE,MAAM,IAAI,GAAG,QAAQ,CAAC,yBAAyB;QAC7C,CAAC,CAAC,MAAM,QAAQ,CAAC,yBAAyB,EAAE;QAC5C,CAAC,CAAC,oBAAoB,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;IACvC,MAAM,cAAc,GAClB,IAAI,CAAC,GAAG,EAAE;QACV,CAAC,QAAQ,CAAC,MAAM,IAAI,0CAA0C,CAAC,GAAG,IAAI,CAAC;IAEzE,MAAM,UAAU,GAAG,MAAM,0BAA0B,CAAC,GAAG,EAAE;QACvD,QAAQ,EAAE,QAAQ,CAAC,EAAE;QACrB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK;QACzB,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK;QACzB,IAAI;QACJ,cAAc;QACd,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;KACjD,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,MAAM,mBAAmB,CAC3C,GAAG,CAAC,IAAI,CAAC,MAAM,EACf,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAA4B,CAC/C,CAAC;IACF,MAAM,gBAAgB,GAAG;QACvB,UAAU;QACV,GAAG,EAAE,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC;QACjD,KAAK,EAAE,IAAI;QACX,OAAO,EAAE,IAAI,IAAI,CAAC,cAAc,CAAC;KAClC,CAAC;IACF,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC9B,MAAM,QAAQ,CAAC,uBAAuB,CACpC;YACE,GAAG,gBAAgB;YACnB,QAAQ,EAAE;gBACR,GAAG,QAAQ;gBACX,IAAI;gBACF,0CAA0C;gBAC1C,QAAQ,CAAC,IAAI,KAAK,+BAA+B;oBACjD,QAAQ,CAAC,EAAE,KAAK,QAAQ;oBACtB,CAAC,CAAC,gCAAgC;oBAClC,CAAC,CAAC,QAAQ,CAAC,IAAI;aACpB;YACD,OAAO,EAAE,IAAI,OAAO,CAAC,kBAAkB,CAAC,EAAE,iBAAiB;YAC3D,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK;SAC7B;QACD,qEAAqE;QACrE,cAAc;QACd,GAAG,CACJ,CAAC;IACJ,CAAC;SAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACrC,MAAM,QAAQ,CAAC,uBAAuB,CACpC,EAAE,GAAG,gBAAgB,EAAE,QAAQ,EAAE,EACjC,GAAG,CACJ,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,GAAsB,EACtB,QAAiC,EACjC,IAEC,EACD,OAEC;IAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;IAChE,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC9C,CAAC;IACD,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE;QACzC,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,cAAc,EAAE,OAAO,CAAC,cAAc;KACvC,CAAC,CAAC;IACH,OAAO;QACL,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,YAAY;KACvB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,GAAsB,EACtB,QAA6C,EAC7C,IAGC,EACD,OAEC;IAKD,+BAA+B;IAC/B,uEAAuE;IACvE,0DAA0D;IAC1D,0DAA0D;IAC1D,sEAAsE;IACtE,4DAA4D;IAC5D,yDAAyD;IACzD,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAAC,GAAG,EAAE;YAChD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE,IAAI;YACpB,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;SACjD,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,MAAsC;SACjD,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,GAAG,CACtB,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC,GAAG,oBAAoB,QAAQ,CAAC,EAAE,EAAE,CACxG,CAAC;IACF,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;IACzC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC5C,IAAI,IAAI,CAAC,MAAM,EAAE,UAAU,KAAK,SAAS,EAAE,CAAC;QAC1C,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CACb,+CAA+C,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CACxE,CAAC;QACJ,CAAC;QACD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,CAAC;AACvE,CAAC"}

package/dist/server/implementation/tokens.d.ts

@@ -0,0 +1,7 @@
+import { GenericId } from "convex/values";
+import { ConvexAuthConfig } from "../types.js";
+export declare function generateToken(args: {
+    userId: GenericId<"user">;
+    sessionId: GenericId<"session">;
+}, config: ConvexAuthConfig): Promise<string>;
+//# sourceMappingURL=tokens.d.ts.map

package/dist/server/implementation/tokens.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/tokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAO/C,wBAAsB,aAAa,CACjC,IAAI,EAAE;IACJ,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1B,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;CACjC,EACD,MAAM,EAAE,gBAAgB,mBAezB"}

package/dist/server/implementation/tokens.js

@@ -0,0 +1,18 @@
+import { SignJWT, importPKCS8 } from "jose";
+import { requireEnv } from "../utils.js";
+import { TOKEN_SUB_CLAIM_DIVIDER } from "./utils.js";
+const DEFAULT_JWT_DURATION_MS = 1000 * 60 * 60; // 1 hour
+export async function generateToken(args, config) {
+    const privateKey = await importPKCS8(requireEnv("JWT_PRIVATE_KEY"), "RS256");
+    const expirationTime = new Date(Date.now() + (config.jwt?.durationMs ?? DEFAULT_JWT_DURATION_MS));
+    return await new SignJWT({
+        sub: args.userId + TOKEN_SUB_CLAIM_DIVIDER + args.sessionId,
+    })
+        .setProtectedHeader({ alg: "RS256" })
+        .setIssuedAt()
+        .setIssuer(requireEnv("CONVEX_SITE_URL"))
+        .setAudience("convex")
+        .setExpirationTime(expirationTime)
+        .sign(privateKey);
+}
+//# sourceMappingURL=tokens.js.map

package/dist/server/implementation/tokens.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../../../src/server/implementation/tokens.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAErD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,SAAS;AAEzD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAGC,EACD,MAAwB;IAExB,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,IAAI,IAAI,CAC7B,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,IAAI,uBAAuB,CAAC,CACjE,CAAC;IACF,OAAO,MAAM,IAAI,OAAO,CAAC;QACvB,GAAG,EAAE,IAAI,CAAC,MAAM,GAAG,uBAAuB,GAAG,IAAI,CAAC,SAAS;KAC5D,CAAC;SACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpC,WAAW,EAAE;SACb,SAAS,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;SACxC,WAAW,CAAC,QAAQ,CAAC;SACrB,iBAAiB,CAAC,cAAc,CAAC;SACjC,IAAI,CAAC,UAAU,CAAC,CAAC;AACtB,CAAC"}

package/dist/server/implementation/types.d.ts

@@ -0,0 +1,288 @@
+import { DataModelFromSchemaDefinition, GenericActionCtx, GenericMutationCtx, GenericQueryCtx, TableNamesInDataModel, defineSchema } from "convex/server";
+import { GenericId } from "convex/values";
+import { GenericDoc } from "../convex_types.js";
+/**
+ * The table definitions required by the library.
+ *
+ * Your schema must include these so that the indexes
+ * are set up:
+ *
+ *
+ * ```ts filename="convex/schema.ts"
+ * import { defineSchema } from "convex/server";
+ * import { authTables } from "@robelest/convex-auth/component";
+ *
+ * const schema = defineSchema({
+ *   ...authTables,
+ * });
+ *
+ * export default schema;
+ * ```
+ *
+ * You can inline the table definitions into your schema
+ * and extend them with additional optional and required
+ * fields. See https://labs.convex.dev/auth/setup/schema
+ * for more details.
+ */
+export declare const authTables: {
+    /**
+     * Users.
+     */
+    user: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        name?: string | undefined;
+        email?: string | undefined;
+        phone?: string | undefined;
+        image?: string | undefined;
+        emailVerificationTime?: number | undefined;
+        phoneVerificationTime?: number | undefined;
+        isAnonymous?: boolean | undefined;
+    }, {
+        name: import("convex/values").VString<string | undefined, "optional">;
+        image: import("convex/values").VString<string | undefined, "optional">;
+        email: import("convex/values").VString<string | undefined, "optional">;
+        emailVerificationTime: import("convex/values").VFloat64<number | undefined, "optional">;
+        phone: import("convex/values").VString<string | undefined, "optional">;
+        phoneVerificationTime: import("convex/values").VFloat64<number | undefined, "optional">;
+        isAnonymous: import("convex/values").VBoolean<boolean | undefined, "optional">;
+    }, "required", "name" | "email" | "phone" | "image" | "emailVerificationTime" | "phoneVerificationTime" | "isAnonymous">, {
+        email: ["email", "_creationTime"];
+        phone: ["phone", "_creationTime"];
+    }, {}, {}>;
+    /**
+     * Sessions.
+     * A single user can have multiple active sessions.
+     * See [Session document lifecycle](https://labs.convex.dev/auth/advanced#session-document-lifecycle).
+     */
+    session: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        userId: GenericId<"user">;
+        expirationTime: number;
+    }, {
+        userId: import("convex/values").VId<GenericId<"user">, "required">;
+        expirationTime: import("convex/values").VFloat64<number, "required">;
+    }, "required", "userId" | "expirationTime">, {
+        userId: ["userId", "_creationTime"];
+    }, {}, {}>;
+    /**
+     * Accounts. An account corresponds to
+     * a single authentication provider.
+     * A single user can have multiple accounts linked.
+     */
+    account: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        secret?: string | undefined;
+        emailVerified?: string | undefined;
+        phoneVerified?: string | undefined;
+        userId: GenericId<"user">;
+        provider: string;
+        providerAccountId: string;
+    }, {
+        userId: import("convex/values").VId<GenericId<"user">, "required">;
+        provider: import("convex/values").VString<string, "required">;
+        providerAccountId: import("convex/values").VString<string, "required">;
+        secret: import("convex/values").VString<string | undefined, "optional">;
+        emailVerified: import("convex/values").VString<string | undefined, "optional">;
+        phoneVerified: import("convex/values").VString<string | undefined, "optional">;
+    }, "required", "secret" | "userId" | "provider" | "providerAccountId" | "emailVerified" | "phoneVerified">, {
+        userIdAndProvider: ["userId", "provider", "_creationTime"];
+        providerAndAccountId: ["provider", "providerAccountId", "_creationTime"];
+    }, {}, {}>;
+    /**
+     * Refresh tokens.
+     * Refresh tokens are generally meant to be used once, to be exchanged for another
+     * refresh token and a JWT access token, but with a few exceptions:
+     * - The "active refresh token" is the most recently created refresh token that has
+     *   not been used yet. The parent of the active refresh token can always be used to
+     *   obtain the active refresh token.
+     * - A refresh token can be used within a 10 second window ("reuse window") to
+     *   obtain a new refresh token.
+     * - On any invalid use of a refresh token, the token itself and all its descendants
+     *   are invalidated.
+     */
+    token: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        firstUsedTime?: number | undefined;
+        parentRefreshTokenId?: GenericId<"token"> | undefined;
+        expirationTime: number;
+        sessionId: GenericId<"session">;
+    }, {
+        sessionId: import("convex/values").VId<GenericId<"session">, "required">;
+        expirationTime: import("convex/values").VFloat64<number, "required">;
+        firstUsedTime: import("convex/values").VFloat64<number | undefined, "optional">;
+        parentRefreshTokenId: import("convex/values").VId<GenericId<"token"> | undefined, "optional">;
+    }, "required", "expirationTime" | "sessionId" | "firstUsedTime" | "parentRefreshTokenId">, {
+        sessionId: ["sessionId", "_creationTime"];
+        sessionIdAndParentRefreshTokenId: ["sessionId", "parentRefreshTokenId", "_creationTime"];
+    }, {}, {}>;
+    /**
+     * Verification codes:
+     * - OTP tokens
+     * - magic link tokens
+     * - OAuth codes
+     */
+    verification: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        emailVerified?: string | undefined;
+        phoneVerified?: string | undefined;
+        verifier?: string | undefined;
+        expirationTime: number;
+        provider: string;
+        accountId: GenericId<"account">;
+        code: string;
+    }, {
+        accountId: import("convex/values").VId<GenericId<"account">, "required">;
+        provider: import("convex/values").VString<string, "required">;
+        code: import("convex/values").VString<string, "required">;
+        expirationTime: import("convex/values").VFloat64<number, "required">;
+        verifier: import("convex/values").VString<string | undefined, "optional">;
+        emailVerified: import("convex/values").VString<string | undefined, "optional">;
+        phoneVerified: import("convex/values").VString<string | undefined, "optional">;
+    }, "required", "expirationTime" | "provider" | "emailVerified" | "phoneVerified" | "accountId" | "code" | "verifier">, {
+        accountId: ["accountId", "_creationTime"];
+        code: ["code", "_creationTime"];
+    }, {}, {}>;
+    /**
+     * PKCE verifiers for OAuth.
+     */
+    verifier: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        sessionId?: GenericId<"session"> | undefined;
+        signature?: string | undefined;
+    }, {
+        sessionId: import("convex/values").VId<GenericId<"session"> | undefined, "optional">;
+        signature: import("convex/values").VString<string | undefined, "optional">;
+    }, "required", "sessionId" | "signature">, {
+        signature: ["signature", "_creationTime"];
+    }, {}, {}>;
+    /**
+     * Rate limits for OTP and password sign-in.
+     */
+    limit: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        identifier: string;
+        lastAttemptTime: number;
+        attemptsLeft: number;
+    }, {
+        identifier: import("convex/values").VString<string, "required">;
+        lastAttemptTime: import("convex/values").VFloat64<number, "required">;
+        attemptsLeft: import("convex/values").VFloat64<number, "required">;
+    }, "required", "identifier" | "lastAttemptTime" | "attemptsLeft">, {
+        identifier: ["identifier", "_creationTime"];
+    }, {}, {}>;
+    organization: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        slug?: string | undefined;
+        ownerUserId?: GenericId<"user"> | undefined;
+        parentOrganizationId?: GenericId<"organization"> | undefined;
+        metadata?: any;
+        name: string;
+    }, {
+        name: import("convex/values").VString<string, "required">;
+        slug: import("convex/values").VString<string | undefined, "optional">;
+        ownerUserId: import("convex/values").VId<GenericId<"user"> | undefined, "optional">;
+        parentOrganizationId: import("convex/values").VId<GenericId<"organization"> | undefined, "optional">;
+        metadata: import("convex/values").VAny<any, "optional", string>;
+    }, "required", "name" | "slug" | "ownerUserId" | "parentOrganizationId" | "metadata" | `metadata.${string}`>, {
+        slug: ["slug", "_creationTime"];
+        ownerUserId: ["ownerUserId", "_creationTime"];
+        parentOrganizationId: ["parentOrganizationId", "_creationTime"];
+    }, {}, {}>;
+    team: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        slug?: string | undefined;
+        metadata?: any;
+        parentTeamId?: GenericId<"team"> | undefined;
+        name: string;
+        organizationId: GenericId<"organization">;
+    }, {
+        organizationId: import("convex/values").VId<GenericId<"organization">, "required">;
+        name: import("convex/values").VString<string, "required">;
+        slug: import("convex/values").VString<string | undefined, "optional">;
+        parentTeamId: import("convex/values").VId<GenericId<"team"> | undefined, "optional">;
+        metadata: import("convex/values").VAny<any, "optional", string>;
+    }, "required", "name" | "slug" | "metadata" | `metadata.${string}` | "organizationId" | "parentTeamId">, {
+        organizationId: ["organizationId", "_creationTime"];
+        organizationIdAndSlug: ["organizationId", "slug", "_creationTime"];
+        parentTeamId: ["parentTeamId", "_creationTime"];
+    }, {}, {}>;
+    teamRelation: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        relation?: string | undefined;
+        organizationId: GenericId<"organization">;
+        parentTeamId: GenericId<"team">;
+        childTeamId: GenericId<"team">;
+    }, {
+        organizationId: import("convex/values").VId<GenericId<"organization">, "required">;
+        parentTeamId: import("convex/values").VId<GenericId<"team">, "required">;
+        childTeamId: import("convex/values").VId<GenericId<"team">, "required">;
+        relation: import("convex/values").VString<string | undefined, "optional">;
+    }, "required", "organizationId" | "parentTeamId" | "childTeamId" | "relation">, {
+        organizationId: ["organizationId", "_creationTime"];
+        organizationIdAndParentTeamId: ["organizationId", "parentTeamId", "_creationTime"];
+        organizationIdAndChildTeamId: ["organizationId", "childTeamId", "_creationTime"];
+    }, {}, {}>;
+    member: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        metadata?: any;
+        teamId?: GenericId<"team"> | undefined;
+        role?: string | undefined;
+        status?: string | undefined;
+        userId: GenericId<"user">;
+        organizationId: GenericId<"organization">;
+    }, {
+        organizationId: import("convex/values").VId<GenericId<"organization">, "required">;
+        userId: import("convex/values").VId<GenericId<"user">, "required">;
+        teamId: import("convex/values").VId<GenericId<"team"> | undefined, "optional">;
+        role: import("convex/values").VString<string | undefined, "optional">;
+        status: import("convex/values").VString<string | undefined, "optional">;
+        metadata: import("convex/values").VAny<any, "optional", string>;
+    }, "required", "userId" | "metadata" | `metadata.${string}` | "organizationId" | "teamId" | "role" | "status">, {
+        organizationId: ["organizationId", "_creationTime"];
+        organizationIdAndUserId: ["organizationId", "userId", "_creationTime"];
+        teamId: ["teamId", "_creationTime"];
+        userId: ["userId", "_creationTime"];
+    }, {}, {}>;
+    invite: import("convex/server").TableDefinition<import("convex/values").VObject<{
+        metadata?: any;
+        organizationId?: GenericId<"organization"> | undefined;
+        teamId?: GenericId<"team"> | undefined;
+        role?: string | undefined;
+        acceptedByUserId?: GenericId<"user"> | undefined;
+        acceptedTime?: number | undefined;
+        email: string;
+        status: "pending" | "accepted" | "revoked" | "expired";
+        invitedByUserId: GenericId<"user">;
+        tokenHash: string;
+        expiresTime: number;
+    }, {
+        organizationId: import("convex/values").VId<GenericId<"organization"> | undefined, "optional">;
+        teamId: import("convex/values").VId<GenericId<"team"> | undefined, "optional">;
+        invitedByUserId: import("convex/values").VId<GenericId<"user">, "required">;
+        email: import("convex/values").VString<string, "required">;
+        tokenHash: import("convex/values").VString<string, "required">;
+        role: import("convex/values").VString<string | undefined, "optional">;
+        status: import("convex/values").VUnion<"pending" | "accepted" | "revoked" | "expired", [import("convex/values").VLiteral<"pending", "required">, import("convex/values").VLiteral<"accepted", "required">, import("convex/values").VLiteral<"revoked", "required">, import("convex/values").VLiteral<"expired", "required">], "required", never>;
+        expiresTime: import("convex/values").VFloat64<number, "required">;
+        acceptedByUserId: import("convex/values").VId<GenericId<"user"> | undefined, "optional">;
+        acceptedTime: import("convex/values").VFloat64<number | undefined, "optional">;
+        metadata: import("convex/values").VAny<any, "optional", string>;
+    }, "required", "email" | "metadata" | `metadata.${string}` | "organizationId" | "teamId" | "role" | "status" | "invitedByUserId" | "tokenHash" | "expiresTime" | "acceptedByUserId" | "acceptedTime">, {
+        tokenHash: ["tokenHash", "_creationTime"];
+        emailAndStatus: ["email", "status", "_creationTime"];
+        invitedByUserIdAndStatus: ["invitedByUserId", "status", "_creationTime"];
+        organizationId: ["organizationId", "_creationTime"];
+        organizationIdAndStatus: ["organizationId", "status", "_creationTime"];
+    }, {}, {}>;
+};
+type DefaultSchema = ReturnType<typeof defineSchema<typeof authTables>>;
+export type AuthDataModel = DataModelFromSchemaDefinition<DefaultSchema>;
+export type ActionCtx = GenericActionCtx<AuthDataModel>;
+export type MutationCtx = GenericMutationCtx<AuthDataModel>;
+export type QueryCtx = GenericQueryCtx<AuthDataModel>;
+export type Doc<T extends TableNamesInDataModel<AuthDataModel>> = GenericDoc<AuthDataModel, T>;
+export type Tokens = {
+    token: string;
+    refreshToken: string;
+};
+export type SessionInfo = {
+    userId: GenericId<"user">;
+    sessionId: GenericId<"session">;
+    tokens: Tokens | null;
+};
+export type SessionInfoWithTokens = {
+    userId: GenericId<"user">;
+    sessionId: GenericId<"session">;
+    tokens: Tokens;
+};
+export {};
+//# sourceMappingURL=types.d.ts.map

package/dist/server/implementation/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/types.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAC7B,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,qBAAqB,EACrB,YAAY,EAEb,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,SAAS,EAAK,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,UAAU;IACrB;;OAEG;;;;;;;;;;;;;;;;;;;;;IAYH;;;;OAIG;;;;;;;;;;IAKH;;;;OAIG;;;;;;;;;;;;;;;;;;;IAWH;;;;;;;;;;;OAWG;;;;;;;;;;;;;;;IAcH;;;;;OAKG;;;;;;;;;;;;;;;;;;;;;IAYH;;OAEG;;;;;;;;;;IAKH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuEJ,CAAC;AAEF,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,OAAO,UAAU,CAAC,CAAC,CAAC;AAExE,MAAM,MAAM,aAAa,GAAG,6BAA6B,CAAC,aAAa,CAAC,CAAC;AACzE,MAAM,MAAM,SAAS,GAAG,gBAAgB,CAAC,aAAa,CAAC,CAAC;AACxD,MAAM,MAAM,WAAW,GAAG,kBAAkB,CAAC,aAAa,CAAC,CAAC;AAC5D,MAAM,MAAM,QAAQ,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;AACtD,MAAM,MAAM,GAAG,CAAC,CAAC,SAAS,qBAAqB,CAAC,aAAa,CAAC,IAAI,UAAU,CAC1E,aAAa,EACb,CAAC,CACF,CAAC;AAEF,MAAM,MAAM,MAAM,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC;AAC7D,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1B,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AACF,MAAM,MAAM,qBAAqB,GAAG;IAClC,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1B,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC"}