@robelest/convex-auth 0.0.1

package/dist/server/types.d.ts

@@ -0,0 +1,412 @@
+import { Provider as AuthjsProviderConfig, CredentialsConfig, EmailConfig as AuthjsEmailConfig, OAuth2Config, OIDCConfig } from "@auth/core/providers";
+import { Theme } from "@auth/core/types";
+import { AnyDataModel, FunctionReference, GenericActionCtx, GenericDataModel, GenericMutationCtx } from "convex/server";
+import { GenericId, Value } from "convex/values";
+import { ConvexCredentialsUserConfig } from "../providers/ConvexCredentials.js";
+import { GenericDoc } from "./convex_types.js";
+/**
+ * The config for the Convex Auth library, passed to `convexAuth`.
+ */
+export type ConvexAuthConfig = {
+    /**
+     * A list of authentication provider configs.
+     *
+     * You can import existing configs from
+     * - `@auth/core/providers/<provider-name>`
+     * - `@robelest/convex-auth/providers/<provider-name>`
+     */
+    providers: AuthProviderConfig[];
+    /**
+     * Optional auth component reference from `components.auth`.
+     *
+     * When provided, core auth storage operations are executed through
+     * the component API boundary instead of direct table access.
+     */
+    component?: AuthComponentApi;
+    /**
+     * Theme used for emails.
+     * See [Auth.js theme docs](https://authjs.dev/reference/core/types#theme).
+     */
+    theme?: Theme;
+    /**
+     * Session configuration.
+     */
+    session?: {
+        /**
+         * How long can a user session last without the user reauthenticating.
+         *
+         * Defaults to 30 days.
+         */
+        totalDurationMs?: number;
+        /**
+         * How long can a user session last without the user being active.
+         *
+         * Defaults to 30 days.
+         */
+        inactiveDurationMs?: number;
+    };
+    /**
+     * JWT configuration.
+     */
+    jwt?: {
+        /**
+         * How long is the JWT valid for after it is signed initially.
+         *
+         * Defaults to 1 hour.
+         */
+        durationMs?: number;
+    };
+    /**
+     * Sign-in configuration.
+     */
+    signIn?: {
+        /**
+         * How many times can the user fail to provide the correct credentials
+         * (password, OTP) per hour.
+         *
+         * Defaults to 10 times per hour (that is 10 failed attempts, and then
+         * allow another one every 6 minutes).
+         */
+        maxFailedAttempsPerHour?: number;
+    };
+    callbacks?: {
+        /**
+         * Control which URLs are allowed as a destination after OAuth sign-in
+         * and for magic links:
+         *
+         * ```ts
+         * import GitHub from "@auth/core/providers/github";
+         * import { convexAuth } from "@robelest/convex-auth/component";
+         *
+         * export const { auth, signIn, signOut, store } = convexAuth({
+         *   providers: [GitHub],
+         *   callbacks: {
+         *     async redirect({ redirectTo }) {
+         *       // Check that `redirectTo` is valid
+         *       // and return the relative or absolute URL
+         *       // to redirect to.
+         *     },
+         *   },
+         * });
+         * ```
+         *
+         * Convex Auth performs redirect only during OAuth sign-in. By default,
+         * it redirects back to the URL specified via the `SITE_URL` environment
+         * variable. Similarly magic links link to `SITE_URL`.
+         *
+         * You can customize that behavior by providing a `redirectTo` param
+         * to the `signIn` function:
+         *
+         * ```ts
+         * signIn("google", { redirectTo: "/dashboard" })
+         * ```
+         *
+         * You can even redirect to a different site.
+         *
+         * This callback, if specified, is then called with the provided
+         * `redirectTo` param. Otherwise, only query params, relative paths
+         * and URLs starting with `SITE_URL` are allowed.
+         */
+        redirect?: (params: {
+            /**
+             * The param value passed to the `signIn` function.
+             */
+            redirectTo: string;
+        }) => Promise<string>;
+        /**
+         * Completely control account linking via this callback.
+         *
+         * This callback is called during the sign-in process,
+         * before account creation and token generation.
+         * If specified, this callback is responsible for creating
+         * or updating the user document.
+         *
+         * For "credentials" providers, the callback is only called
+         * when `createAccount` is called.
+         */
+        createOrUpdateUser?: (ctx: GenericMutationCtx<AnyDataModel>, args: {
+            /**
+             * If this is a sign-in to an existing account,
+             * this is the existing user ID linked to that account.
+             */
+            existingUserId: GenericId<"user"> | null;
+            /**
+             * The provider type or "verification" if this callback is called
+             * after an email or phone token verification.
+             */
+            type: "oauth" | "credentials" | "email" | "phone" | "verification";
+            /**
+             * The provider used for the sign-in, or the provider
+             * tied to the account which is having the email or phone verified.
+             */
+            provider: AuthProviderMaterializedConfig;
+            /**
+             * - The profile returned by the OAuth provider's `profile` method.
+             * - The profile passed to `createAccount` from a ConvexCredentials
+             * config.
+             * - The email address to which an email will be sent.
+             * - The phone number to which a text will be sent.
+             */
+            profile: Record<string, unknown> & {
+                email?: string;
+                phone?: string;
+                emailVerified?: boolean;
+                phoneVerified?: boolean;
+            };
+            /**
+             * The `shouldLink` argument passed to `createAccount`.
+             */
+            shouldLink?: boolean;
+        }) => Promise<GenericId<"user">>;
+        /**
+         * Perform additional writes after a user is created.
+         *
+         * This callback is called during the sign-in process,
+         * after the user is created or updated,
+         * before account creation and token generation.
+         *
+         * **This callback is only called if `createOrUpdateUser`
+         * is not specified.** If `createOrUpdateUser` is specified,
+         * you can perform any additional writes in that callback.
+         *
+         * For "credentials" providers, the callback is only called
+         * when `createAccount` is called.
+         */
+        afterUserCreatedOrUpdated?: (ctx: GenericMutationCtx<AnyDataModel>, args: {
+            /**
+             * The ID of the user that is being signed in.
+             */
+            userId: GenericId<"user">;
+            /**
+             * If this is a sign-in to an existing account,
+             * this is the existing user ID linked to that account.
+             */
+            existingUserId: GenericId<"user"> | null;
+            /**
+             * The provider type or "verification" if this callback is called
+             * after an email or phone token verification.
+             */
+            type: "oauth" | "credentials" | "email" | "phone" | "verification";
+            /**
+             * The provider used for the sign-in, or the provider
+             * tied to the account which is having the email or phone verified.
+             */
+            provider: AuthProviderMaterializedConfig;
+            /**
+             * - The profile returned by the OAuth provider's `profile` method.
+             * - The profile passed to `createAccount` from a ConvexCredentials
+             * config.
+             * - The email address to which an email will be sent.
+             * - The phone number to which a text will be sent.
+             */
+            profile: Record<string, unknown> & {
+                email?: string;
+                phone?: string;
+                emailVerified?: boolean;
+                phoneVerified?: boolean;
+            };
+            /**
+             * The `shouldLink` argument passed to `createAccount`.
+             */
+            shouldLink?: boolean;
+        }) => Promise<void>;
+    };
+};
+/**
+ * Same as Auth.js provider configs, but adds phone provider
+ * for verification via SMS or another phone-number-connected messaging
+ * service.
+ */
+export type AuthProviderConfig = Exclude<AuthjsProviderConfig, CredentialsConfig | ((...args: any) => CredentialsConfig)> | ConvexCredentialsConfig | ((...args: any) => ConvexCredentialsConfig) | PhoneConfig | ((...args: any) => PhoneConfig);
+/**
+ * Extends the standard Auth.js email provider config
+ * to allow additional checks during token verification.
+ */
+export interface EmailConfig<DataModel extends GenericDataModel = GenericDataModel> extends AuthjsEmailConfig {
+    /**
+     * Before the token is verified, check other
+     * provided parameters.
+     *
+     * Used to make sure tha OTPs are accompanied
+     * with the correct email address.
+     */
+    authorize?: (
+    /**
+     * The values passed to the `signIn` function.
+     */
+    params: Record<string, Value | undefined>, account: GenericDoc<DataModel, "account">) => Promise<void>;
+}
+/**
+ * Configurable options for an email provider config.
+ */
+export type EmailUserConfig<DataModel extends GenericDataModel = GenericDataModel> = Omit<Partial<EmailConfig<DataModel>>, "options" | "type">;
+/**
+ * Same as email provider config, but verifies
+ * phone number instead of the email address.
+ */
+export interface PhoneConfig<DataModel extends GenericDataModel = GenericDataModel> {
+    id: string;
+    type: "phone";
+    /**
+     * Token expiration in seconds.
+     */
+    maxAge: number;
+    /**
+     * Send the phone number verification request.
+     */
+    sendVerificationRequest: (params: {
+        identifier: string;
+        url: string;
+        expires: Date;
+        provider: PhoneConfig;
+        token: string;
+    }, ctx: GenericActionCtxWithAuthConfig<DataModel>) => Promise<void>;
+    /**
+     * Defaults to `process.env.AUTH_<PROVIDER_ID>_KEY`.
+     */
+    apiKey?: string;
+    /**
+     * Override this to generate a custom token.
+     * Note that the tokens are assumed to be cryptographically secure.
+     * Any tokens shorter than 24 characters are assumed to not
+     * be secure enough on their own, and require providing
+     * the original `phone` used in the initial `signIn` call.
+     * @returns
+     */
+    generateVerificationToken?: () => Promise<string>;
+    /**
+     * Normalize the phone number.
+     * @param identifier Passed as `phone` in params of `signIn`.
+     * @returns The phone number used in `sendVerificationRequest`.
+     */
+    normalizeIdentifier?: (identifier: string) => string;
+    /**
+     * Before the token is verified, check other
+     * provided parameters.
+     *
+     * Used to make sure tha OTPs are accompanied
+     * with the correct phone number.
+     */
+    authorize?: (
+    /**
+     * The values passed to the `signIn` function.
+     */
+    params: Record<string, Value | undefined>, account: GenericDoc<DataModel, "account">) => Promise<void>;
+    options: PhoneUserConfig<DataModel>;
+}
+/**
+ * Configurable options for a phone provider config.
+ */
+export type PhoneUserConfig<DataModel extends GenericDataModel = GenericDataModel> = Omit<Partial<PhoneConfig<DataModel>>, "options" | "type">;
+/**
+ * Similar to Auth.js Credentials config.
+ */
+export type ConvexCredentialsConfig = ConvexCredentialsUserConfig<any> & {
+    type: "credentials";
+    id: string;
+};
+/**
+ * Your `ActionCtx` enriched with `ctx.auth.config` field with
+ * the config passed to `convexAuth`.
+ */
+export type GenericActionCtxWithAuthConfig<DataModel extends GenericDataModel> = GenericActionCtx<DataModel> & {
+    auth: {
+        config: ConvexAuthMaterializedConfig;
+    };
+};
+/**
+ * The config for the Convex Auth library, passed to `convexAuth`,
+ * with defaults and initialized providers.
+ *
+ * See {@link ConvexAuthConfig}
+ */
+export type ConvexAuthMaterializedConfig = {
+    providers: AuthProviderMaterializedConfig[];
+    theme: Theme;
+} & Pick<ConvexAuthConfig, "component" | "session" | "jwt" | "signIn" | "callbacks">;
+/**
+ * Materialized Auth.js provider config.
+ */
+export type AuthProviderMaterializedConfig = OIDCConfig<any> | OAuth2Config<any> | EmailConfig | PhoneConfig | ConvexCredentialsConfig;
+/**
+ * Component function references required by core auth runtime.
+ */
+export type AuthComponentApi = {
+    public: {
+        userGetById: FunctionReference<"query", "internal">;
+        userFindByVerifiedEmail: FunctionReference<"query", "internal">;
+        userFindByVerifiedPhone: FunctionReference<"query", "internal">;
+        userInsert: FunctionReference<"mutation", "internal">;
+        userUpsert: FunctionReference<"mutation", "internal">;
+        userPatch: FunctionReference<"mutation", "internal">;
+        accountGet: FunctionReference<"query", "internal">;
+        accountGetById: FunctionReference<"query", "internal">;
+        accountInsert: FunctionReference<"mutation", "internal">;
+        accountPatch: FunctionReference<"mutation", "internal">;
+        accountDelete: FunctionReference<"mutation", "internal">;
+        sessionCreate: FunctionReference<"mutation", "internal">;
+        sessionGetById: FunctionReference<"query", "internal">;
+        sessionDelete: FunctionReference<"mutation", "internal">;
+        sessionListByUser: FunctionReference<"query", "internal">;
+        verifierCreate: FunctionReference<"mutation", "internal">;
+        verifierGetById: FunctionReference<"query", "internal">;
+        verifierGetBySignature: FunctionReference<"query", "internal">;
+        verifierPatch: FunctionReference<"mutation", "internal">;
+        verifierDelete: FunctionReference<"mutation", "internal">;
+        verificationCodeGetByAccountId: FunctionReference<"query", "internal">;
+        verificationCodeGetByCode: FunctionReference<"query", "internal">;
+        verificationCodeCreate: FunctionReference<"mutation", "internal">;
+        verificationCodeDelete: FunctionReference<"mutation", "internal">;
+        verificationGetByAccountId?: FunctionReference<"query", "internal">;
+        verificationGetByCode?: FunctionReference<"query", "internal">;
+        verificationCreate?: FunctionReference<"mutation", "internal">;
+        verificationDelete?: FunctionReference<"mutation", "internal">;
+        refreshTokenCreate: FunctionReference<"mutation", "internal">;
+        refreshTokenGetById: FunctionReference<"query", "internal">;
+        refreshTokenPatch: FunctionReference<"mutation", "internal">;
+        refreshTokenGetChildren: FunctionReference<"query", "internal">;
+        refreshTokenListBySession: FunctionReference<"query", "internal">;
+        refreshTokenDeleteAll: FunctionReference<"mutation", "internal">;
+        refreshTokenGetActive: FunctionReference<"query", "internal">;
+        tokenCreate?: FunctionReference<"mutation", "internal">;
+        tokenGetById?: FunctionReference<"query", "internal">;
+        tokenPatch?: FunctionReference<"mutation", "internal">;
+        tokenGetChildren?: FunctionReference<"query", "internal">;
+        tokenListBySession?: FunctionReference<"query", "internal">;
+        tokenDeleteAll?: FunctionReference<"mutation", "internal">;
+        tokenGetActive?: FunctionReference<"query", "internal">;
+        rateLimitGet: FunctionReference<"query", "internal">;
+        rateLimitCreate: FunctionReference<"mutation", "internal">;
+        rateLimitPatch: FunctionReference<"mutation", "internal">;
+        rateLimitDelete: FunctionReference<"mutation", "internal">;
+        limitGet?: FunctionReference<"query", "internal">;
+        limitCreate?: FunctionReference<"mutation", "internal">;
+        limitPatch?: FunctionReference<"mutation", "internal">;
+        limitDelete?: FunctionReference<"mutation", "internal">;
+        organizationCreate?: FunctionReference<"mutation", "internal">;
+        organizationGet?: FunctionReference<"query", "internal">;
+        organizationList?: FunctionReference<"query", "internal">;
+        organizationUpdate?: FunctionReference<"mutation", "internal">;
+        organizationDelete?: FunctionReference<"mutation", "internal">;
+        teamCreate?: FunctionReference<"mutation", "internal">;
+        teamGet?: FunctionReference<"query", "internal">;
+        teamListByOrganization?: FunctionReference<"query", "internal">;
+        teamUpdate?: FunctionReference<"mutation", "internal">;
+        teamDelete?: FunctionReference<"mutation", "internal">;
+        teamRelationCreate?: FunctionReference<"mutation", "internal">;
+        teamRelationGet?: FunctionReference<"query", "internal">;
+        teamRelationListByParent?: FunctionReference<"query", "internal">;
+        teamRelationDelete?: FunctionReference<"mutation", "internal">;
+        memberAdd?: FunctionReference<"mutation", "internal">;
+        memberRemove?: FunctionReference<"mutation", "internal">;
+        memberList?: FunctionReference<"query", "internal">;
+        memberRoleSet?: FunctionReference<"mutation", "internal">;
+        memberRoleGet?: FunctionReference<"query", "internal">;
+        inviteCreate?: FunctionReference<"mutation", "internal">;
+        inviteGet?: FunctionReference<"query", "internal">;
+        inviteList?: FunctionReference<"query", "internal">;
+        inviteAccept?: FunctionReference<"mutation", "internal">;
+        inviteRevoke?: FunctionReference<"mutation", "internal">;
+    };
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/server/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/server/types.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,QAAQ,IAAI,oBAAoB,EAChC,iBAAiB,EACjB,WAAW,IAAI,iBAAiB,EAChC,YAAY,EACZ,UAAU,EACX,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACzC,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EACnB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,2BAA2B,EAAE,MAAM,mCAAmC,CAAC;AAChF,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;;;;;OAMG;IACH,SAAS,EAAE,kBAAkB,EAAE,CAAC;IAChC;;;;;OAKG;IACH,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B;;;OAGG;IACH,KAAK,CAAC,EAAE,KAAK,CAAC;IACd;;OAEG;IACH,OAAO,CAAC,EAAE;QACR;;;;WAIG;QACH,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB;;;;WAIG;QACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;IACF;;OAEG;IACH,GAAG,CAAC,EAAE;QACJ;;;;WAIG;QACH,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF;;OAEG;IACH,MAAM,CAAC,EAAE;QACP;;;;;;WAMG;QACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;KAClC,CAAC;IACF,SAAS,CAAC,EAAE;QACV;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoCG;QACH,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE;YAClB;;eAEG;YACH,UAAU,EAAE,MAAM,CAAC;SACpB,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QACtB;;;;;;;;;;WAUG;QACH,kBAAkB,CAAC,EAAE,CACnB,GAAG,EAAE,kBAAkB,CAAC,YAAY,CAAC,EACrC,IAAI,EAAE;YACJ;;;eAGG;YACH,cAAc,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;YACzC;;;eAGG;YACH,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,cAAc,CAAC;YACnE;;;eAGG;YACH,QAAQ,EAAE,8BAA8B,CAAC;YACzC;;;;;;eAMG;YACH,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;gBACjC,KAAK,CAAC,EAAE,MAAM,CAAC;gBACf,KAAK,CAAC,EAAE,MAAM,CAAC;gBACf,aAAa,CAAC,EAAE,OAAO,CAAC;gBACxB,aAAa,CAAC,EAAE,OAAO,CAAC;aACzB,CAAC;YACF;;eAEG;YACH,UAAU,CAAC,EAAE,OAAO,CAAC;SACtB,KACE,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAChC;;;;;;;;;;;;;WAaG;QACH,yBAAyB,CAAC,EAAE,CAC1B,GAAG,EAAE,kBAAkB,CAAC,YAAY,CAAC,EACrC,IAAI,EAAE;YACJ;;eAEG;YACH,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;YAC1B;;;eAGG;YACH,cAAc,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;YACzC;;;eAGG;YACH,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,cAAc,CAAC;YACnE;;;eAGG;YACH,QAAQ,EAAE,8BAA8B,CAAC;YACzC;;;;;;eAMG;YACH,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;gBACjC,KAAK,CAAC,EAAE,MAAM,CAAC;gBACf,KAAK,CAAC,EAAE,MAAM,CAAC;gBACf,aAAa,CAAC,EAAE,OAAO,CAAC;gBACxB,aAAa,CAAC,EAAE,OAAO,CAAC;aACzB,CAAC;YACF;;eAEG;YACH,UAAU,CAAC,EAAE,OAAO,CAAC;SACtB,KACE,OAAO,CAAC,IAAI,CAAC,CAAC;KACpB,CAAC;CACH,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAC1B,OAAO,CACL,oBAAoB,EACpB,iBAAiB,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,KAAK,iBAAiB,CAAC,CAC1D,GACD,uBAAuB,GACvB,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,KAAK,uBAAuB,CAAC,GAC3C,WAAW,GACX,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,KAAK,WAAW,CAAC,CAAC;AAEpC;;;GAGG;AACH,MAAM,WAAW,WAAW,CAC1B,SAAS,SAAS,gBAAgB,GAAG,gBAAgB,CACrD,SAAQ,iBAAiB;IACzB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE;IACV;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,GAAG,SAAS,CAAC,EACzC,OAAO,EAAE,UAAU,CAAC,SAAS,EAAE,SAAS,CAAC,KACtC,OAAO,CAAC,IAAI,CAAC,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,CACzB,SAAS,SAAS,gBAAgB,GAAG,gBAAgB,IACnD,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,GAAG,MAAM,CAAC,CAAC;AAE9D;;;GAGG;AACH,MAAM,WAAW,WAAW,CAC1B,SAAS,SAAS,gBAAgB,GAAG,gBAAgB;IAErD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,OAAO,CAAC;IACd;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,uBAAuB,EAAE,CACvB,MAAM,EAAE;QACN,UAAU,EAAE,MAAM,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,OAAO,EAAE,IAAI,CAAC;QACd,QAAQ,EAAE,WAAW,CAAC;QACtB,KAAK,EAAE,MAAM,CAAC;KACf,EACD,GAAG,EAAE,8BAA8B,CAAC,SAAS,CAAC,KAC3C,OAAO,CAAC,IAAI,CAAC,CAAC;IACnB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;;;;OAOG;IACH,yBAAyB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,MAAM,CAAC;IACrD;;;;;;OAMG;IACH,SAAS,CAAC,EAAE;IACV;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,GAAG,SAAS,CAAC,EACzC,OAAO,EAAE,UAAU,CAAC,SAAS,EAAE,SAAS,CAAC,KACtC,OAAO,CAAC,IAAI,CAAC,CAAC;IACnB,OAAO,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,CACzB,SAAS,SAAS,gBAAgB,GAAG,gBAAgB,IACnD,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,GAAG,MAAM,CAAC,CAAC;AAE9D;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,2BAA2B,CAAC,GAAG,CAAC,GAAG;IACvE,IAAI,EAAE,aAAa,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,8BAA8B,CAAC,SAAS,SAAS,gBAAgB,IAC3E,gBAAgB,CAAC,SAAS,CAAC,GAAG;IAC5B,IAAI,EAAE;QAAE,MAAM,EAAE,4BAA4B,CAAA;KAAE,CAAC;CAChD,CAAC;AAEJ;;;;;GAKG;AACH,MAAM,MAAM,4BAA4B,GAAG;IACzC,SAAS,EAAE,8BAA8B,EAAE,CAAC;IAC5C,KAAK,EAAE,KAAK,CAAC;CACd,GAAG,IAAI,CACN,gBAAgB,EAChB,WAAW,GAAG,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,WAAW,CACzD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,8BAA8B,GACtC,UAAU,CAAC,GAAG,CAAC,GACf,YAAY,CAAC,GAAG,CAAC,GACjB,WAAW,GACX,WAAW,GACX,uBAAuB,CAAC;AAE5B;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,MAAM,EAAE;QACN,WAAW,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACpD,uBAAuB,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAChE,uBAAuB,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAChE,UAAU,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACtD,UAAU,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACtD,SAAS,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACrD,UAAU,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACnD,cAAc,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACvD,aAAa,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACzD,YAAY,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACxD,aAAa,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACzD,aAAa,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACzD,cAAc,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACvD,aAAa,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACzD,iBAAiB,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC1D,cAAc,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC1D,eAAe,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACxD,sBAAsB,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC/D,aAAa,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACzD,cAAc,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC1D,8BAA8B,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACvE,yBAAyB,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAClE,sBAAsB,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAClE,sBAAsB,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAClE,0BAA0B,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACpE,qBAAqB,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC/D,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC/D,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC/D,kBAAkB,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC9D,mBAAmB,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC5D,iBAAiB,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC7D,uBAAuB,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAChE,yBAAyB,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAClE,qBAAqB,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACjE,qBAAqB,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC9D,WAAW,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACxD,YAAY,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACtD,UAAU,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACvD,gBAAgB,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC1D,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC5D,cAAc,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC3D,cAAc,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACxD,YAAY,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACrD,eAAe,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC3D,cAAc,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC1D,eAAe,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC3D,QAAQ,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAClD,WAAW,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACxD,UAAU,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACvD,WAAW,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACxD,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC/D,eAAe,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACzD,gBAAgB,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC1D,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC/D,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC/D,UAAU,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACvD,OAAO,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACjD,sBAAsB,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAChE,UAAU,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACvD,UAAU,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACvD,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC/D,eAAe,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACzD,wBAAwB,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAClE,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC/D,SAAS,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACtD,YAAY,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACzD,UAAU,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACpD,aAAa,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC1D,aAAa,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACvD,YAAY,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACzD,SAAS,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACnD,UAAU,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACpD,YAAY,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACzD,YAAY,CAAC,EAAE,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;KAC1D,CAAC;CACH,CAAC"}

package/dist/server/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/server/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/server/types.ts"],"names":[],"mappings":""}

package/dist/server/utils.d.ts

@@ -0,0 +1,3 @@
+export declare function requireEnv(name: string): string;
+export declare function isLocalHost(host?: string): boolean;
+//# sourceMappingURL=utils.d.ts.map

package/dist/server/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/server/utils.ts"],"names":[],"mappings":"AAAA,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,UAMtC;AAED,wBAAgB,WAAW,CAAC,IAAI,CAAC,EAAE,MAAM,WAGxC"}

package/dist/server/utils.js

@@ -0,0 +1,11 @@
+export function requireEnv(name) {
+    const value = process.env[name];
+    if (value === undefined) {
+        throw new Error(`Missing environment variable \`${name}\``);
+    }
+    return value;
+}
+export function isLocalHost(host) {
+    return /(localhost|127\.0\.0\.1):\d+/.test(host ?? "");
+}
+//# sourceMappingURL=utils.js.map

package/dist/server/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/server/utils.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,UAAU,CAAC,IAAY;IACrC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,kCAAkC,IAAI,IAAI,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,OAAO,8BAA8B,CAAC,IAAI,CAC1C,IAAI,IAAI,EAAE,CAAC,CAAC;AACd,CAAC"}

package/package.json

@@ -0,0 +1,126 @@
+{
+  "name": "@robelest/convex-auth",
+  "version": "0.0.1",
+  "description": "Authentication for Convex",
+  "keywords": [
+    "authentication",
+    "authorization",
+    "auth",
+    "login",
+    "sign",
+    "convex"
+  ],
+  "homepage": "https://labs.convex.dev/auth",
+  "bugs": "https://github.com/robelest/convex-auth/issues",
+  "repository": "https://github.com/robelest/convex-auth",
+  "license": "Apache-2.0",
+  "author": "xixixao",
+  "files": [
+    "dist",
+    "providers",
+    "server",
+    "src"
+  ],
+  "type": "module",
+  "bin": "./dist/bin.cjs",
+  "sideEffects": false,
+  "scripts": {
+    "build:bin": "esbuild src/cli/index.ts --bundle --platform=node --format=cjs --outfile=dist/bin.cjs",
+    "build:server": "tsc --project tsconfig.server.json",
+    "build:client": "tsc --project tsconfig.client.json",
+    "build:component": "tsc --project tsconfig.component.json",
+    "build": "rm -rf dist && bun run build:bin && bun run build:server && bun run build:client && bun run build:component",
+    "docs": "bun run --cwd ../../docs dev",
+    "lint": "tsc && bun run --cwd ../.. lint",
+    "spellcheck": "cspell \"docs/pages/**/*.md*\"",
+    "prepare": "bun run build",
+    "prepublishOnly": "bun run lint && bun run build && bun run test:once",
+    "publish:example": "node publishExample.mjs",
+    "test": "bun run --cwd ../../examples/vite test",
+    "test:once": "bun run --cwd ../../examples/vite test:once",
+    "convex:dev": "bunx convex dev",
+    "convex:codegen": "bunx convex codegen && bun run convex:codegen:component",
+    "convex:codegen:component": "bunx convex codegen --component-dir ./src/component",
+    "convex:dashboard": "bunx convex dashboard",
+    "convex:run": "bunx convex run"
+  },
+  "exports": {
+    "./_generated/component.js": {
+      "types": "./dist/component/_generated/component.d.ts"
+    },
+    "./test": "./src/test.ts",
+    "./client": {
+      "types": "./dist/client/index.d.ts",
+      "import": "./dist/client/index.js"
+    },
+    "./server": {
+      "types": "./dist/server/index.d.ts",
+      "import": "./dist/server/index.js"
+    },
+    "./component": {
+      "types": "./dist/component/index.d.ts",
+      "import": "./dist/component/index.js"
+    },
+    "./convex.config": {
+      "types": "./dist/component/convex.config.d.ts",
+      "default": "./dist/component/convex.config.js"
+    },
+    "./convex.config.js": {
+      "types": "./dist/component/convex.config.d.ts",
+      "default": "./dist/component/convex.config.js"
+    },
+    "./providers/*": {
+      "types": "./dist/providers/*.d.ts",
+      "import": "./dist/providers/*.js"
+    }
+  },
+  "dependencies": {
+    "@oslojs/crypto": "^1.0.1",
+    "@oslojs/encoding": "^1.1.0",
+    "cookie": "^1.1.1",
+    "jose": "^6.1.3",
+    "jwt-decode": "^4.0.0",
+    "lucia": "^3.2.2",
+    "oauth4webapi": "^3.8.4",
+    "path-to-regexp": "^6.3.0"
+  },
+  "peerDependencies": {
+    "@auth/core": "^0.37.0",
+    "convex": "^1.31.7"
+  },
+  "@comment devDependencies": [
+    "The dependencies of the CLI are also in devDependencies, built into",
+    "a bundle."
+  ],
+  "devDependencies": {
+    "@auth/core": "0.37.3",
+    "@convex-dev/resend": "^0.2.3",
+    "@commander-js/extra-typings": "^14.0.0",
+    "@edge-runtime/vm": "^5.0.0",
+    "@types/inquirer": "^9.0.9",
+    "@types/node": "25.2.2",
+    "@types/react": "^19.2.13",
+    "@typescript-eslint/eslint-plugin": "^8.55.0",
+    "chalk": "^5.6.2",
+    "convex": "^1.31.7",
+    "convex-test": "^0.0.41",
+    "cspell": "^9.6.4",
+    "dotenv": "^17.2.4",
+    "esbuild": "^0.27.3",
+    "eslint": "^9.39.0",
+    "inquirer": "^13.2.2",
+    "next": "^16.1.6",
+    "npm-run-all": "^4.1.5",
+    "react-dom": "^19.2.4",
+    "shelljs": "^0.10.0",
+    "tsup": "^8.5.1",
+    "twilio": "^5.2.0",
+    "typescript": "^5.9.3",
+    "valibot": "^1.2.0",
+    "vitest": "^4.0.18"
+  },
+  "overrides": {
+    "@auth/core": "0.37.3",
+    "path-to-regexp": "^6.3.0"
+  }
+}

package/providers/Anonymous/package.json

@@ -0,0 +1,6 @@
+{
+  "type": "module",
+  "main": "../../dist/providers/Anonymous/index.js",
+  "module": "../../dist/providers/Anonymous/index.js",
+  "types": "../../dist/providers/Anonymous/index.d.ts"
+}

package/providers/ConvexCredentials/package.json

@@ -0,0 +1,6 @@
+{
+  "type": "module",
+  "main": "../../dist/providers/ConvexCredentials/index.js",
+  "module": "../../dist/providers/ConvexCredentials/index.js",
+  "types": "../../dist/providers/ConvexCredentials/index.d.ts"
+}

package/providers/Email/package.json

@@ -0,0 +1,6 @@
+{
+  "type": "module",
+  "main": "../../dist/providers/Email/index.js",
+  "module": "../../dist/providers/Email/index.js",
+  "types": "../../dist/providers/Email/index.d.ts"
+}

package/providers/Password/package.json

@@ -0,0 +1,6 @@
+{
+  "type": "module",
+  "main": "../../dist/providers/Password/index.js",
+  "module": "../../dist/providers/Password/index.js",
+  "types": "../../dist/providers/Password/index.d.ts"
+}

package/providers/Phone/package.json

@@ -0,0 +1,6 @@
+{
+  "type": "module",
+  "main": "../../dist/providers/Phone/index.js",
+  "module": "../../dist/providers/Phone/index.js",
+  "types": "../../dist/providers/Phone/index.d.ts"
+}

package/server/package.json

@@ -0,0 +1,6 @@
+{
+  "type": "module",
+  "main": "../dist/server/index.js",
+  "module": "../dist/server/index.js",
+  "types": "../dist/server/index.d.ts"
+}