@robelest/convex-auth 0.0.1

package/dist/server/implementation/types.js

@@ -0,0 +1,182 @@
+import { defineTable, } from "convex/server";
+import { v } from "convex/values";
+/**
+ * The table definitions required by the library.
+ *
+ * Your schema must include these so that the indexes
+ * are set up:
+ *
+ *
+ * ```ts filename="convex/schema.ts"
+ * import { defineSchema } from "convex/server";
+ * import { authTables } from "@robelest/convex-auth/component";
+ *
+ * const schema = defineSchema({
+ *   ...authTables,
+ * });
+ *
+ * export default schema;
+ * ```
+ *
+ * You can inline the table definitions into your schema
+ * and extend them with additional optional and required
+ * fields. See https://labs.convex.dev/auth/setup/schema
+ * for more details.
+ */
+export const authTables = {
+    /**
+     * Users.
+     */
+    user: defineTable({
+        name: v.optional(v.string()),
+        image: v.optional(v.string()),
+        email: v.optional(v.string()),
+        emailVerificationTime: v.optional(v.number()),
+        phone: v.optional(v.string()),
+        phoneVerificationTime: v.optional(v.number()),
+        isAnonymous: v.optional(v.boolean()),
+    })
+        .index("email", ["email"])
+        .index("phone", ["phone"]),
+    /**
+     * Sessions.
+     * A single user can have multiple active sessions.
+     * See [Session document lifecycle](https://labs.convex.dev/auth/advanced#session-document-lifecycle).
+     */
+    session: defineTable({
+        userId: v.id("user"),
+        expirationTime: v.number(),
+    }).index("userId", ["userId"]),
+    /**
+     * Accounts. An account corresponds to
+     * a single authentication provider.
+     * A single user can have multiple accounts linked.
+     */
+    account: defineTable({
+        userId: v.id("user"),
+        provider: v.string(),
+        providerAccountId: v.string(),
+        secret: v.optional(v.string()),
+        emailVerified: v.optional(v.string()),
+        phoneVerified: v.optional(v.string()),
+    })
+        .index("userIdAndProvider", ["userId", "provider"])
+        .index("providerAndAccountId", ["provider", "providerAccountId"]),
+    /**
+     * Refresh tokens.
+     * Refresh tokens are generally meant to be used once, to be exchanged for another
+     * refresh token and a JWT access token, but with a few exceptions:
+     * - The "active refresh token" is the most recently created refresh token that has
+     *   not been used yet. The parent of the active refresh token can always be used to
+     *   obtain the active refresh token.
+     * - A refresh token can be used within a 10 second window ("reuse window") to
+     *   obtain a new refresh token.
+     * - On any invalid use of a refresh token, the token itself and all its descendants
+     *   are invalidated.
+     */
+    token: defineTable({
+        sessionId: v.id("session"),
+        expirationTime: v.number(),
+        firstUsedTime: v.optional(v.number()),
+        // This is the ID of the refresh token that was exchanged to create this one.
+        parentRefreshTokenId: v.optional(v.id("token")),
+    })
+        // Sort by creationTime
+        .index("sessionId", ["sessionId"])
+        .index("sessionIdAndParentRefreshTokenId", [
+        "sessionId",
+        "parentRefreshTokenId",
+    ]),
+    /**
+     * Verification codes:
+     * - OTP tokens
+     * - magic link tokens
+     * - OAuth codes
+     */
+    verification: defineTable({
+        accountId: v.id("account"),
+        provider: v.string(),
+        code: v.string(),
+        expirationTime: v.number(),
+        verifier: v.optional(v.string()),
+        emailVerified: v.optional(v.string()),
+        phoneVerified: v.optional(v.string()),
+    })
+        .index("accountId", ["accountId"])
+        .index("code", ["code"]),
+    /**
+     * PKCE verifiers for OAuth.
+     */
+    verifier: defineTable({
+        sessionId: v.optional(v.id("session")),
+        signature: v.optional(v.string()),
+    }).index("signature", ["signature"]),
+    /**
+     * Rate limits for OTP and password sign-in.
+     */
+    limit: defineTable({
+        identifier: v.string(),
+        lastAttemptTime: v.number(),
+        attemptsLeft: v.number(),
+    }).index("identifier", ["identifier"]),
+    organization: defineTable({
+        name: v.string(),
+        slug: v.optional(v.string()),
+        ownerUserId: v.optional(v.id("user")),
+        parentOrganizationId: v.optional(v.id("organization")),
+        metadata: v.optional(v.any()),
+    })
+        .index("slug", ["slug"])
+        .index("ownerUserId", ["ownerUserId"])
+        .index("parentOrganizationId", ["parentOrganizationId"]),
+    team: defineTable({
+        organizationId: v.id("organization"),
+        name: v.string(),
+        slug: v.optional(v.string()),
+        parentTeamId: v.optional(v.id("team")),
+        metadata: v.optional(v.any()),
+    })
+        .index("organizationId", ["organizationId"])
+        .index("organizationIdAndSlug", ["organizationId", "slug"])
+        .index("parentTeamId", ["parentTeamId"]),
+    teamRelation: defineTable({
+        organizationId: v.id("organization"),
+        parentTeamId: v.id("team"),
+        childTeamId: v.id("team"),
+        relation: v.optional(v.string()),
+    })
+        .index("organizationId", ["organizationId"])
+        .index("organizationIdAndParentTeamId", ["organizationId", "parentTeamId"])
+        .index("organizationIdAndChildTeamId", ["organizationId", "childTeamId"]),
+    member: defineTable({
+        organizationId: v.id("organization"),
+        userId: v.id("user"),
+        teamId: v.optional(v.id("team")),
+        role: v.optional(v.string()),
+        status: v.optional(v.string()),
+        metadata: v.optional(v.any()),
+    })
+        .index("organizationId", ["organizationId"])
+        .index("organizationIdAndUserId", ["organizationId", "userId"])
+        .index("teamId", ["teamId"])
+        .index("userId", ["userId"]),
+    invite: defineTable({
+        organizationId: v.optional(v.id("organization")),
+        teamId: v.optional(v.id("team")),
+        invitedByUserId: v.id("user"),
+        email: v.string(),
+        tokenHash: v.string(),
+        role: v.optional(v.string()),
+        status: v.union(v.literal("pending"), v.literal("accepted"), v.literal("revoked"), v.literal("expired")),
+        expiresTime: v.number(),
+        acceptedByUserId: v.optional(v.id("user")),
+        acceptedTime: v.optional(v.number()),
+        metadata: v.optional(v.any()),
+    })
+        .index("tokenHash", ["tokenHash"])
+        .index("emailAndStatus", ["email", "status"])
+        .index("invitedByUserIdAndStatus", ["invitedByUserId", "status"])
+        .index("organizationId", ["organizationId"])
+        .index("organizationIdAndStatus", ["organizationId", "status"]),
+};
+//# sourceMappingURL=types.js.map

package/dist/server/implementation/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/server/implementation/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAOL,WAAW,GACZ,MAAM,eAAe,CAAC;AACvB,OAAO,EAAa,CAAC,EAAE,MAAM,eAAe,CAAC;AAG7C;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB;;OAEG;IACH,IAAI,EAAE,WAAW,CAAC;QAChB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7C,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7C,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;KACrC,CAAC;SACC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC;SACzB,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC;IAC5B;;;;OAIG;IACH,OAAO,EAAE,WAAW,CAAC;QACnB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;KAC3B,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;IAC9B;;;;OAIG;IACH,OAAO,EAAE,WAAW,CAAC;QACnB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC9B,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACrC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACtC,CAAC;SACC,KAAK,CAAC,mBAAmB,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;SAClD,KAAK,CAAC,sBAAsB,EAAE,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;IACnE;;;;;;;;;;;OAWG;IACH,KAAK,EAAE,WAAW,CAAC;QACjB,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC;QAC1B,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;QAC1B,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACrC,6EAA6E;QAC7E,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;KAChD,CAAC;QACA,uBAAuB;SACtB,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;SACjC,KAAK,CAAC,kCAAkC,EAAE;QACzC,WAAW;QACX,sBAAsB;KACvB,CAAC;IACJ;;;;;OAKG;IACH,YAAY,EAAE,WAAW,CAAC;QACxB,SAAS,EAAE,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC;QAC1B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;QAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAChC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACrC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACtC,CAAC;SACC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;SACjC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC;IAC1B;;OAEG;IACH,QAAQ,EAAE,WAAW,CAAC;QACpB,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;QACtC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KAClC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;IACpC;;OAEG;IACH,KAAK,EAAE,WAAW,CAAC;QACjB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE;QAC3B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;KACzB,CAAC,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,YAAY,CAAC,CAAC;IAEtC,YAAY,EAAE,WAAW,CAAC;QACxB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QACrC,oBAAoB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC;QACtD,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC9B,CAAC;SACC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC;SACvB,KAAK,CAAC,aAAa,EAAE,CAAC,aAAa,CAAC,CAAC;SACrC,KAAK,CAAC,sBAAsB,EAAE,CAAC,sBAAsB,CAAC,CAAC;IAC1D,IAAI,EAAE,WAAW,CAAC;QAChB,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC;QACpC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QACtC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC9B,CAAC;SACC,KAAK,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;SAC3C,KAAK,CAAC,uBAAuB,EAAE,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;SAC1D,KAAK,CAAC,cAAc,EAAE,CAAC,cAAc,CAAC,CAAC;IAC1C,YAAY,EAAE,WAAW,CAAC;QACxB,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC;QACpC,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QAC1B,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACzB,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACjC,CAAC;SACC,KAAK,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;SAC3C,KAAK,CAAC,+BAA+B,EAAE,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC;SAC1E,KAAK,CAAC,8BAA8B,EAAE,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;IAC3E,MAAM,EAAE,WAAW,CAAC;QAClB,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC;QACpC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QACpB,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC9B,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC9B,CAAC;SACC,KAAK,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;SAC3C,KAAK,CAAC,yBAAyB,EAAE,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;SAC9D,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;SAC3B,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;IAC9B,MAAM,EAAE,WAAW,CAAC;QAClB,cAAc,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC;QAChD,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAChC,eAAe,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC;QAC7B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;QACjB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,CAAC,KAAK,CACb,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EACpB,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EACrB,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EACpB,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CACrB;QACD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;QACvB,gBAAgB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAC1C,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACpC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;KAC9B,CAAC;SACC,KAAK,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,CAAC;SACjC,KAAK,CAAC,gBAAgB,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;SAC5C,KAAK,CAAC,0BAA0B,EAAE,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC;SAChE,KAAK,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;SAC3C,KAAK,CAAC,yBAAyB,EAAE,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;CAClE,CAAC"}

package/dist/server/implementation/users.d.ts

@@ -0,0 +1,27 @@
+import { GenericId } from "convex/values";
+import { Doc, MutationCtx } from "./types.js";
+import { AuthProviderMaterializedConfig, ConvexAuthConfig } from "../types.js";
+type CreateOrUpdateUserArgs = {
+    type: "oauth" | "credentials" | "email" | "phone" | "verification";
+    provider: AuthProviderMaterializedConfig;
+    profile: Record<string, unknown> & {
+        email?: string;
+        phone?: string;
+        emailVerified?: boolean;
+        phoneVerified?: boolean;
+    };
+    shouldLinkViaEmail?: boolean;
+    shouldLinkViaPhone?: boolean;
+};
+export declare function upsertUserAndAccount(ctx: MutationCtx, sessionId: GenericId<"session"> | null, account: {
+    existingAccount: Doc<"account">;
+} | {
+    providerAccountId: string;
+    secret?: string;
+}, args: CreateOrUpdateUserArgs, config: ConvexAuthConfig): Promise<{
+    userId: GenericId<"user">;
+    accountId: GenericId<"account">;
+}>;
+export declare function getAccountOrThrow(ctx: MutationCtx, existingAccountId: GenericId<"account">, config: ConvexAuthConfig): Promise<any>;
+export {};
+//# sourceMappingURL=users.d.ts.map

package/dist/server/implementation/users.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,8BAA8B,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAI/E,KAAK,sBAAsB,GAAG;IAC5B,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,cAAc,CAAC;IACnE,QAAQ,EAAE,8BAA8B,CAAC;IACzC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;QACjC,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B,CAAC;AAEF,wBAAsB,oBAAoB,CACxC,GAAG,EAAE,WAAW,EAChB,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,GAAG,IAAI,EACtC,OAAO,EACH;IAAE,eAAe,EAAE,GAAG,CAAC,SAAS,CAAC,CAAA;CAAE,GACnC;IACE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,EACL,IAAI,EAAE,sBAAsB,EAC5B,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC;IACT,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1B,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;CACjC,CAAC,CAUD;AAmOD,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,WAAW,EAChB,iBAAiB,EAAE,SAAS,CAAC,SAAS,CAAC,EACvC,MAAM,EAAE,gBAAgB,gBAYzB"}

package/dist/server/implementation/users.js

@@ -0,0 +1,181 @@
+import { LOG_LEVELS, logWithLevel } from "./utils.js";
+import { createAuthDb } from "./db.js";
+export async function upsertUserAndAccount(ctx, sessionId, account, args, config) {
+    const userId = await defaultCreateOrUpdateUser(ctx, sessionId, "existingAccount" in account ? account.existingAccount : null, args, config);
+    const accountId = await createOrUpdateAccount(ctx, userId, account, args, config);
+    return { userId, accountId };
+}
+async function defaultCreateOrUpdateUser(ctx, existingSessionId, existingAccount, args, config) {
+    logWithLevel(LOG_LEVELS.DEBUG, "defaultCreateOrUpdateUser args:", {
+        existingAccountId: existingAccount?._id,
+        existingSessionId,
+        args,
+    });
+    const existingUserId = existingAccount?.userId ?? null;
+    const authDb = config.component !== undefined ? createAuthDb(ctx, config.component) : null;
+    if (config.callbacks?.createOrUpdateUser !== undefined) {
+        logWithLevel(LOG_LEVELS.DEBUG, "Using custom createOrUpdateUser callback");
+        return await config.callbacks.createOrUpdateUser(ctx, {
+            existingUserId,
+            ...args,
+        });
+    }
+    const { provider, profile: { emailVerified: profileEmailVerified, phoneVerified: profilePhoneVerified, ...profile }, } = args;
+    const emailVerified = profileEmailVerified ??
+        ((provider.type === "oauth" || provider.type === "oidc") &&
+            provider.allowDangerousEmailAccountLinking !== false);
+    const phoneVerified = profilePhoneVerified ?? false;
+    const shouldLinkViaEmail = args.shouldLinkViaEmail || emailVerified || provider.type === "email";
+    const shouldLinkViaPhone = args.shouldLinkViaPhone || phoneVerified || provider.type === "phone";
+    let userId = existingUserId;
+    if (existingUserId === null) {
+        const existingUserWithVerifiedEmailId = typeof profile.email === "string" && shouldLinkViaEmail
+            ? (await uniqueUserWithVerifiedEmail(ctx, profile.email, config))?._id ??
+                null
+            : null;
+        const existingUserWithVerifiedPhoneId = typeof profile.phone === "string" && shouldLinkViaPhone
+            ? (await uniqueUserWithVerifiedPhone(ctx, profile.phone, config))?._id ??
+                null
+            : null;
+        // If there is both email and phone verified user
+        // already we can't link.
+        if (existingUserWithVerifiedEmailId !== null &&
+            existingUserWithVerifiedPhoneId !== null) {
+            logWithLevel(LOG_LEVELS.DEBUG, `Found existing email and phone verified users, so not linking: email: ${existingUserWithVerifiedEmailId}, phone: ${existingUserWithVerifiedPhoneId}`);
+            userId = null;
+        }
+        else if (existingUserWithVerifiedEmailId !== null) {
+            logWithLevel(LOG_LEVELS.DEBUG, `Found existing email verified user, linking: ${existingUserWithVerifiedEmailId}`);
+            userId = existingUserWithVerifiedEmailId;
+        }
+        else if (existingUserWithVerifiedPhoneId !== null) {
+            logWithLevel(LOG_LEVELS.DEBUG, `Found existing phone verified user, linking: ${existingUserWithVerifiedPhoneId}`);
+            userId = existingUserWithVerifiedPhoneId;
+        }
+        else {
+            logWithLevel(LOG_LEVELS.DEBUG, "No existing verified users found, creating new user");
+            userId = null;
+        }
+    }
+    const userData = {
+        ...(emailVerified ? { emailVerificationTime: Date.now() } : null),
+        ...(phoneVerified ? { phoneVerificationTime: Date.now() } : null),
+        ...profile,
+    };
+    const existingOrLinkedUserId = userId;
+    if (userId !== null) {
+        try {
+            if (authDb !== null) {
+                await authDb.users.patch(userId, userData);
+            }
+            else {
+                await ctx.db.patch(userId, userData);
+            }
+        }
+        catch (error) {
+            throw new Error(`Could not update user document with ID \`${userId}\`, ` +
+                `either the user has been deleted but their account has not, ` +
+                `or the profile data doesn't match the \`users\` table schema: ` +
+                `${error.message}`);
+        }
+    }
+    else {
+        userId =
+            authDb !== null
+                ? (await authDb.users.insert(userData))
+                : await ctx.db.insert("user", userData);
+    }
+    const afterUserCreatedOrUpdated = config.callbacks?.afterUserCreatedOrUpdated;
+    if (afterUserCreatedOrUpdated !== undefined) {
+        logWithLevel(LOG_LEVELS.DEBUG, "Calling custom afterUserCreatedOrUpdated callback");
+        await afterUserCreatedOrUpdated(ctx, {
+            userId,
+            existingUserId: existingOrLinkedUserId,
+            ...args,
+        });
+    }
+    else {
+        logWithLevel(LOG_LEVELS.DEBUG, "No custom afterUserCreatedOrUpdated callback, skipping");
+    }
+    return userId;
+}
+async function uniqueUserWithVerifiedEmail(ctx, email, config) {
+    if (config.component !== undefined) {
+        const authDb = createAuthDb(ctx, config.component);
+        return (await authDb.users.findByVerifiedEmail(email));
+    }
+    const users = await ctx.db
+        .query("user")
+        .withIndex("email", (q) => q.eq("email", email))
+        .filter((q) => q.neq(q.field("emailVerificationTime"), undefined))
+        .take(2);
+    return users.length === 1 ? users[0] : null;
+}
+async function uniqueUserWithVerifiedPhone(ctx, phone, config) {
+    if (config.component !== undefined) {
+        const authDb = createAuthDb(ctx, config.component);
+        return (await authDb.users.findByVerifiedPhone(phone));
+    }
+    const users = await ctx.db
+        .query("user")
+        .withIndex("phone", (q) => q.eq("phone", phone))
+        .filter((q) => q.neq(q.field("phoneVerificationTime"), undefined))
+        .take(2);
+    return users.length === 1 ? users[0] : null;
+}
+async function createOrUpdateAccount(ctx, userId, account, args, config) {
+    const authDb = config.component !== undefined ? createAuthDb(ctx, config.component) : null;
+    const accountId = "existingAccount" in account
+        ? account.existingAccount._id
+        : authDb !== null
+            ? (await authDb.accounts.create({
+                userId,
+                provider: args.provider.id,
+                providerAccountId: account.providerAccountId,
+                secret: account.secret,
+            }))
+            : await ctx.db.insert("account", {
+                userId,
+                provider: args.provider.id,
+                providerAccountId: account.providerAccountId,
+                secret: account.secret,
+            });
+    // This is never used with the default `createOrUpdateUser` implementation,
+    // but it is used for manual linking via custom `createOrUpdateUser`:
+    if ("existingAccount" in account &&
+        account.existingAccount.userId !== userId) {
+        if (authDb !== null) {
+            await authDb.accounts.patch(accountId, { userId });
+        }
+        else {
+            await ctx.db.patch(accountId, { userId });
+        }
+    }
+    if (args.profile.emailVerified) {
+        if (authDb !== null) {
+            await authDb.accounts.patch(accountId, { emailVerified: args.profile.email });
+        }
+        else {
+            await ctx.db.patch(accountId, { emailVerified: args.profile.email });
+        }
+    }
+    if (args.profile.phoneVerified) {
+        if (authDb !== null) {
+            await authDb.accounts.patch(accountId, { phoneVerified: args.profile.phone });
+        }
+        else {
+            await ctx.db.patch(accountId, { phoneVerified: args.profile.phone });
+        }
+    }
+    return accountId;
+}
+export async function getAccountOrThrow(ctx, existingAccountId, config) {
+    const existingAccount = config.component !== undefined
+        ? await createAuthDb(ctx, config.component).accounts.getById(existingAccountId)
+        : await ctx.db.get(existingAccountId);
+    if (existingAccount === null) {
+        throw new Error(`Expected an account to exist for ID "${existingAccountId}"`);
+    }
+    return existingAccount;
+}
+//# sourceMappingURL=users.js.map

package/dist/server/implementation/users.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../src/server/implementation/users.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAevC,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,GAAgB,EAChB,SAAsC,EACtC,OAKK,EACL,IAA4B,EAC5B,MAAwB;IAKxB,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAC5C,GAAG,EACH,SAAS,EACT,iBAAiB,IAAI,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,EAC7D,IAAI,EACJ,MAAM,CACP,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAClF,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AAC/B,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,GAAgB,EAChB,iBAA8C,EAC9C,eAAsC,EACtC,IAA4B,EAC5B,MAAwB;IAExB,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,iCAAiC,EAAE;QAChE,iBAAiB,EAAE,eAAe,EAAE,GAAG;QACvC,iBAAiB;QACjB,IAAI;KACL,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,eAAe,EAAE,MAAM,IAAI,IAAI,CAAC;IACvD,MAAM,MAAM,GACV,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9E,IAAI,MAAM,CAAC,SAAS,EAAE,kBAAkB,KAAK,SAAS,EAAE,CAAC;QACvD,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,0CAA0C,CAAC,CAAC;QAC3E,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE;YACpD,cAAc;YACd,GAAG,IAAI;SACR,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EACJ,QAAQ,EACR,OAAO,EAAE,EACP,aAAa,EAAE,oBAAoB,EACnC,aAAa,EAAE,oBAAoB,EACnC,GAAG,OAAO,EACX,GACF,GAAG,IAAI,CAAC;IACT,MAAM,aAAa,GACjB,oBAAoB;QACpB,CAAC,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,MAAM,CAAC;YACtD,QAAQ,CAAC,iCAAiC,KAAK,KAAK,CAAC,CAAC;IAC1D,MAAM,aAAa,GAAG,oBAAoB,IAAI,KAAK,CAAC;IACpD,MAAM,kBAAkB,GACtB,IAAI,CAAC,kBAAkB,IAAI,aAAa,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,CAAC;IACxE,MAAM,kBAAkB,GACtB,IAAI,CAAC,kBAAkB,IAAI,aAAa,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,CAAC;IAExE,IAAI,MAAM,GAAG,cAAc,CAAC;IAC5B,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAC5B,MAAM,+BAA+B,GACnC,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,IAAI,kBAAkB;YACrD,CAAC,CAAC,CAAC,MAAM,2BAA2B,CAAC,GAAG,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,EAAE,GAAG;gBACpE,IAAI;YACN,CAAC,CAAC,IAAI,CAAC;QAEX,MAAM,+BAA+B,GACnC,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,IAAI,kBAAkB;YACrD,CAAC,CAAC,CAAC,MAAM,2BAA2B,CAAC,GAAG,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,EAAE,GAAG;gBACpE,IAAI;YACN,CAAC,CAAC,IAAI,CAAC;QACX,iDAAiD;QACjD,yBAAyB;QACzB,IACE,+BAA+B,KAAK,IAAI;YACxC,+BAA+B,KAAK,IAAI,EACxC,CAAC;YACD,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,yEAAyE,+BAA+B,YAAY,+BAA+B,EAAE,CACtJ,CAAC;YACF,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;aAAM,IAAI,+BAA+B,KAAK,IAAI,EAAE,CAAC;YACpD,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,gDAAgD,+BAA+B,EAAE,CAClF,CAAC;YACF,MAAM,GAAG,+BAA+B,CAAC;QAC3C,CAAC;aAAM,IAAI,+BAA+B,KAAK,IAAI,EAAE,CAAC;YACpD,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,gDAAgD,+BAA+B,EAAE,CAClF,CAAC;YACF,MAAM,GAAG,+BAA+B,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,qDAAqD,CACtD,CAAC;YACF,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,GAAG;QACf,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACjE,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACjE,GAAG,OAAO;KACX,CAAC;IACF,MAAM,sBAAsB,GAAG,MAAM,CAAC;IACtC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gBACpB,MAAM,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,4CAA4C,MAAM,MAAM;gBACtD,8DAA8D;gBAC9D,gEAAgE;gBAChE,GAAI,KAAe,CAAC,OAAO,EAAE,CAChC,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM;YACJ,MAAM,KAAK,IAAI;gBACb,CAAC,CAAE,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAuB;gBAC9D,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,MAAM,yBAAyB,GAAG,MAAM,CAAC,SAAS,EAAE,yBAAyB,CAAC;IAC9E,IAAI,yBAAyB,KAAK,SAAS,EAAE,CAAC;QAC5C,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,mDAAmD,CACpD,CAAC;QACF,MAAM,yBAAyB,CAAC,GAAG,EAAE;YACnC,MAAM;YACN,cAAc,EAAE,sBAAsB;YACtC,GAAG,IAAI;SACR,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,wDAAwD,CACzD,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,GAAgB,EAChB,KAAa,EACb,MAAwB;IAExB,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QACnD,OAAO,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAuB,CAAC;IAC/E,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,EAAE;SACvB,KAAK,CAAC,MAAM,CAAC;SACb,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;SAC/C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,EAAE,SAAS,CAAC,CAAC;SACjE,IAAI,CAAC,CAAC,CAAC,CAAC;IACX,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC9C,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,GAAgB,EAChB,KAAa,EACb,MAAwB;IAExB,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QACnD,OAAO,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAuB,CAAC;IAC/E,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,EAAE;SACvB,KAAK,CAAC,MAAM,CAAC;SACb,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;SAC/C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,EAAE,SAAS,CAAC,CAAC;SACjE,IAAI,CAAC,CAAC,CAAC,CAAC;IACX,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC9C,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,GAAgB,EAChB,MAAyB,EACzB,OAKK,EACL,IAA4B,EAC5B,MAAwB;IAExB,MAAM,MAAM,GACV,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9E,MAAM,SAAS,GACb,iBAAiB,IAAI,OAAO;QAC1B,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG;QAC7B,CAAC,CAAC,MAAM,KAAK,IAAI;YACf,CAAC,CAAE,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAC7B,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE;gBAC1B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;gBAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAA0B;YAC9B,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,EAAE;gBAC7B,MAAM;gBACN,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE;gBAC1B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;gBAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAAC;IACX,2EAA2E;IAC3E,qEAAqE;IACrE,IACE,iBAAiB,IAAI,OAAO;QAC5B,OAAO,CAAC,eAAe,CAAC,MAAM,KAAK,MAAM,EACzC,CAAC;QACD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACrD,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IACD,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC/B,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IACD,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC/B,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,MAAM,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAgB,EAChB,iBAAuC,EACvC,MAAwB;IAExB,MAAM,eAAe,GACnB,MAAM,CAAC,SAAS,KAAK,SAAS;QAC5B,CAAC,CAAC,MAAM,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,iBAAiB,CAAC;QAC/E,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC1C,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACb,wCAAwC,iBAAiB,GAAG,CAC7D,CAAC;IACJ,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/dist/server/implementation/utils.d.ts

@@ -0,0 +1,17 @@
+export declare const TOKEN_SUB_CLAIM_DIVIDER = "|";
+export declare const REFRESH_TOKEN_DIVIDER = "|";
+export declare function stringToNumber(value: string | undefined): number | undefined;
+export declare function sha256(input: string): Promise<string>;
+export declare function generateRandomString(length: number, alphabet: string): string;
+export declare function logError(error: unknown): void;
+export declare const LOG_LEVELS: {
+    readonly ERROR: "ERROR";
+    readonly WARN: "WARN";
+    readonly INFO: "INFO";
+    readonly DEBUG: "DEBUG";
+};
+type LogLevel = keyof typeof LOG_LEVELS;
+export declare function logWithLevel(level: LogLevel, ...args: unknown[]): void;
+export declare function maybeRedact(value: string): string;
+export {};
+//# sourceMappingURL=utils.d.ts.map

package/dist/server/implementation/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/utils.ts"],"names":[],"mappings":"AAOA,eAAO,MAAM,uBAAuB,MAAM,CAAC;AAC3C,eAAO,MAAM,qBAAqB,MAAM,CAAC;AAEzC,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,sBAEvD;AAED,wBAAsB,MAAM,CAAC,KAAK,EAAE,MAAM,mBAEzC;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,UAQpE;AAED,wBAAgB,QAAQ,CAAC,KAAK,EAAE,OAAO,QAOtC;AAED,eAAO,MAAM,UAAU;;;;;CAKb,CAAC;AACX,KAAK,QAAQ,GAAG,MAAM,OAAO,UAAU,CAAC;AAExC,wBAAgB,YAAY,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,QAyB/D;AAGD,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,UAiBxC"}

package/dist/server/implementation/utils.js

@@ -0,0 +1,72 @@
+import { sha256 as rawSha256 } from "@oslojs/crypto/sha2";
+import { encodeHexLowerCase } from "@oslojs/encoding";
+import { generateRandomString as osloGenerateRandomString, } from "@oslojs/crypto/random";
+export const TOKEN_SUB_CLAIM_DIVIDER = "|";
+export const REFRESH_TOKEN_DIVIDER = "|";
+export function stringToNumber(value) {
+    return value !== undefined ? Number(value) : undefined;
+}
+export async function sha256(input) {
+    return encodeHexLowerCase(rawSha256(new TextEncoder().encode(input)));
+}
+export function generateRandomString(length, alphabet) {
+    const random = {
+        read(bytes) {
+            crypto.getRandomValues(bytes);
+        },
+    };
+    return osloGenerateRandomString(random, alphabet, length);
+}
+export function logError(error) {
+    logWithLevel(LOG_LEVELS.ERROR, error instanceof Error
+        ? error.message + "\n" + error.stack?.replace("\\n", "\n")
+        : error);
+}
+export const LOG_LEVELS = {
+    ERROR: "ERROR",
+    WARN: "WARN",
+    INFO: "INFO",
+    DEBUG: "DEBUG",
+};
+export function logWithLevel(level, ...args) {
+    const configuredLogLevel = LOG_LEVELS[process.env.AUTH_LOG_LEVEL ?? "INFO"] ?? "INFO";
+    switch (level) {
+        case "ERROR":
+            console.error(...args);
+            break;
+        case "WARN":
+            if (configuredLogLevel !== "ERROR") {
+                console.warn(...args);
+            }
+            break;
+        case "INFO":
+            if (configuredLogLevel === "INFO" || configuredLogLevel === "DEBUG") {
+                console.info(...args);
+            }
+            break;
+        case "DEBUG":
+            if (configuredLogLevel === "DEBUG") {
+                console.debug(...args);
+            }
+            break;
+    }
+}
+const UNREDACTED_LENGTH = 5;
+export function maybeRedact(value) {
+    if (value === "") {
+        return "";
+    }
+    const shouldRedact = process.env.AUTH_LOG_SECRETS !== "true";
+    if (shouldRedact) {
+        if (value.length < UNREDACTED_LENGTH * 2) {
+            return "<redacted>";
+        }
+        return (value.substring(0, UNREDACTED_LENGTH) +
+            "<redacted>" +
+            value.substring(value.length - UNREDACTED_LENGTH));
+    }
+    else {
+        return value;
+    }
+}
+//# sourceMappingURL=utils.js.map

package/dist/server/implementation/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/server/implementation/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAEL,oBAAoB,IAAI,wBAAwB,GACjD,MAAM,uBAAuB,CAAC;AAE/B,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAAG,CAAC;AAC3C,MAAM,CAAC,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAEzC,MAAM,UAAU,cAAc,CAAC,KAAyB;IACtD,OAAO,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AACzD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,KAAa;IACxC,OAAO,kBAAkB,CAAC,SAAS,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAAc,EAAE,QAAgB;IACnE,MAAM,MAAM,GAAiB;QAC3B,IAAI,CAAC,KAAK;YACR,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;KACF,CAAC;IAEF,OAAO,wBAAwB,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,KAAc;IACrC,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,KAAK,YAAY,KAAK;QACpB,CAAC,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,GAAG,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC;QAC1D,CAAC,CAAC,KAAK,CACV,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,KAAK,EAAE,OAAO;IACd,IAAI,EAAE,MAAM;IACZ,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,OAAO;CACN,CAAC;AAGX,MAAM,UAAU,YAAY,CAAC,KAAe,EAAE,GAAG,IAAe;IAC9D,MAAM,kBAAkB,GACtB,UAAU,CACP,OAAO,CAAC,GAAG,CAAC,cAAuC,IAAI,MAAM,CAC/D,IAAI,MAAM,CAAC;IACd,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,OAAO;YACV,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;YACvB,MAAM;QACR,KAAK,MAAM;YACT,IAAI,kBAAkB,KAAK,OAAO,EAAE,CAAC;gBACnC,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YACxB,CAAC;YACD,MAAM;QACR,KAAK,MAAM;YACT,IAAI,kBAAkB,KAAK,MAAM,IAAI,kBAAkB,KAAK,OAAO,EAAE,CAAC;gBACpE,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YACxB,CAAC;YACD,MAAM;QACR,KAAK,OAAO;YACV,IAAI,kBAAkB,KAAK,OAAO,EAAE,CAAC;gBACnC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;YACzB,CAAC;YACD,MAAM;IACV,CAAC;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;QACjB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,MAAM,CAAC;IAC7D,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,KAAK,CAAC,MAAM,GAAG,iBAAiB,GAAG,CAAC,EAAE,CAAC;YACzC,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,OAAO,CACL,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,iBAAiB,CAAC;YACrC,YAAY;YACZ,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,iBAAiB,CAAC,CAClD,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/server/index.d.ts

@@ -0,0 +1,17 @@
+export type AuthCookieConfig = {
+    maxAge: number | null;
+};
+export type AuthCookies = {
+    token: string | null;
+    refreshToken: string | null;
+    verifier: string | null;
+};
+export declare function authCookieNames(host?: string): {
+    token: string;
+    refreshToken: string;
+    verifier: string;
+};
+export declare function parseAuthCookies(cookieHeader: string | null | undefined, host?: string): AuthCookies;
+export declare function serializeAuthCookies(cookies: AuthCookies, host?: string, config?: AuthCookieConfig): string[];
+export declare function shouldProxyAuthAction(pathname: string, apiRoute: string): boolean;
+//# sourceMappingURL=index.d.ts.map

package/dist/server/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,gBAAgB,GAAG;IAC7B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC;AAEF,wBAAgB,eAAe,CAAC,IAAI,CAAC,EAAE,MAAM;;;;EAO5C;AAED,wBAAgB,gBAAgB,CAC9B,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACvC,IAAI,CAAC,EAAE,MAAM,GACZ,WAAW,CAQb;AAED,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,WAAW,EACpB,IAAI,CAAC,EAAE,MAAM,EACb,MAAM,GAAE,gBAAmC,YA4B5C;AAED,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,WAKvE"}

package/dist/server/index.js

@@ -0,0 +1,54 @@
+import { parse, serialize } from "cookie";
+import { isLocalHost } from "./utils.js";
+export function authCookieNames(host) {
+    const prefix = isLocalHost(host) ? "" : "__Host-";
+    return {
+        token: `${prefix}__convexAuthJWT`,
+        refreshToken: `${prefix}__convexAuthRefreshToken`,
+        verifier: `${prefix}__convexAuthOAuthVerifier`,
+    };
+}
+export function parseAuthCookies(cookieHeader, host) {
+    const names = authCookieNames(host);
+    const parsed = parse(cookieHeader ?? "");
+    return {
+        token: parsed[names.token] ?? null,
+        refreshToken: parsed[names.refreshToken] ?? null,
+        verifier: parsed[names.verifier] ?? null,
+    };
+}
+export function serializeAuthCookies(cookies, host, config = { maxAge: null }) {
+    const names = authCookieNames(host);
+    const secure = !isLocalHost(host);
+    const base = {
+        path: "/",
+        httpOnly: true,
+        sameSite: "lax",
+        secure,
+    };
+    const maxAge = config.maxAge ?? undefined;
+    return [
+        serialize(names.token, cookies.token ?? "", {
+            ...base,
+            maxAge: cookies.token === null ? 0 : maxAge,
+            expires: cookies.token === null ? new Date(0) : undefined,
+        }),
+        serialize(names.refreshToken, cookies.refreshToken ?? "", {
+            ...base,
+            maxAge: cookies.refreshToken === null ? 0 : maxAge,
+            expires: cookies.refreshToken === null ? new Date(0) : undefined,
+        }),
+        serialize(names.verifier, cookies.verifier ?? "", {
+            ...base,
+            maxAge: cookies.verifier === null ? 0 : maxAge,
+            expires: cookies.verifier === null ? new Date(0) : undefined,
+        }),
+    ];
+}
+export function shouldProxyAuthAction(pathname, apiRoute) {
+    if (apiRoute.endsWith("/")) {
+        return pathname === apiRoute || pathname === apiRoute.slice(0, -1);
+    }
+    return pathname === apiRoute || pathname === `${apiRoute}/`;
+}
+//# sourceMappingURL=index.js.map

package/dist/server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAYzC,MAAM,UAAU,eAAe,CAAC,IAAa;IAC3C,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAClD,OAAO;QACL,KAAK,EAAE,GAAG,MAAM,iBAAiB;QACjC,YAAY,EAAE,GAAG,MAAM,0BAA0B;QACjD,QAAQ,EAAE,GAAG,MAAM,2BAA2B;KAC/C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,YAAuC,EACvC,IAAa;IAEb,MAAM,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,MAAM,GAAG,KAAK,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;IACzC,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,IAAI;QAClC,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,IAAI;QAChD,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,IAAI;KACzC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,OAAoB,EACpB,IAAa,EACb,SAA2B,EAAE,MAAM,EAAE,IAAI,EAAE;IAE3C,MAAM,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,MAAM,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,IAAI,GAAG;QACX,IAAI,EAAE,GAAG;QACT,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,KAAc;QACxB,MAAM;KACP,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,SAAS,CAAC;IAC1C,OAAO;QACL,SAAS,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE,EAAE;YAC1C,GAAG,IAAI;YACP,MAAM,EAAE,OAAO,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM;YAC3C,OAAO,EAAE,OAAO,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;SAC1D,CAAC;QACF,SAAS,CAAC,KAAK,CAAC,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,EAAE,EAAE;YACxD,GAAG,IAAI;YACP,MAAM,EAAE,OAAO,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM;YAClD,OAAO,EAAE,OAAO,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;SACjE,CAAC;QACF,SAAS,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE,EAAE;YAChD,GAAG,IAAI;YACP,MAAM,EAAE,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM;YAC9C,OAAO,EAAE,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;SAC7D,CAAC;KACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,QAAgB,EAAE,QAAgB;IACtE,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,GAAG,QAAQ,GAAG,CAAC;AAC9D,CAAC"}

package/dist/server/oauth/authorizationUrl.d.ts

@@ -0,0 +1,13 @@
+import { InternalOptions } from "./types.js";
+import { Cookie } from "@auth/core/lib/utils/cookie.js";
+/**
+ * Generates an authorization/request token URL.
+ *
+ * [OAuth 2](https://www.oauth.com/oauth2-servers/authorization/the-authorization-request/)
+ */
+export declare function getAuthorizationUrl(options: InternalOptions<"oauth" | "oidc">): Promise<{
+    redirect: string;
+    cookies: Cookie[];
+    signature: string;
+}>;
+//# sourceMappingURL=authorizationUrl.d.ts.map

package/dist/server/oauth/authorizationUrl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorizationUrl.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/authorizationUrl.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAK7C,OAAO,EAAE,MAAM,EAAE,MAAM,gCAAgC,CAAC;AAGxD;;;;GAIG;AACH,wBAAsB,mBAAmB,CAEvC,OAAO,EAAE,eAAe,CAAC,OAAO,GAAG,MAAM,CAAC;;;;GA+F3C"}