@robelest/convex-auth 0.0.1

package/dist/component/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/component/schema.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAeA,wBAmBG"}

package/dist/component/schema.js

@@ -0,0 +1,26 @@
+import { defineSchema, defineTable } from "convex/server";
+import { v } from "convex/values";
+import { authTables } from "../server/implementation/types.js";
+const { user, account, session, token, verification, verifier, limit, } = authTables;
+void user;
+export default defineSchema({
+    user: defineTable({
+        name: v.optional(v.string()),
+        image: v.optional(v.string()),
+        email: v.optional(v.string()),
+        emailVerificationTime: v.optional(v.number()),
+        phone: v.optional(v.string()),
+        phoneVerificationTime: v.optional(v.number()),
+        isAnonymous: v.optional(v.boolean()),
+        favoriteColor: v.optional(v.string()),
+    })
+        .index("email", ["email"])
+        .index("phone", ["phone"]),
+    account,
+    session,
+    token,
+    verification,
+    verifier,
+    limit,
+});
+//# sourceMappingURL=schema.js.map

package/dist/component/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/component/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC1D,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,mCAAmC,CAAC;AAE/D,MAAM,EACJ,IAAI,EACJ,OAAO,EACP,OAAO,EACP,KAAK,EACL,YAAY,EACZ,QAAQ,EACR,KAAK,GACN,GAAG,UAAU,CAAC;AACf,KAAK,IAAI,CAAC;AAEV,eAAe,YAAY,CAAC;IAC1B,IAAI,EAAE,WAAW,CAAC;QAChB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC5B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7C,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,qBAAqB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7C,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACpC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACtC,CAAC;SACC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC;SACzB,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC;IAC5B,OAAO;IACP,OAAO;IACP,KAAK;IACL,YAAY;IACZ,QAAQ;IACR,KAAK;CACN,CAAC,CAAC"}

package/dist/providers/Anonymous.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Configure {@link Anonymous} provider given an {@link AnonymousConfig}.
+ *
+ * ```ts
+ * import { Anonymous } from "@robelest/convex-auth/providers/Anonymous";
+ * import { convexAuth } from "@robelest/convex-auth/component";
+ *
+ * export const { auth, signIn, signOut, store } = convexAuth({
+ *   providers: [Anonymous],
+ * });
+ * ```
+ *
+ * @module
+ */
+import { GenericActionCtxWithAuthConfig } from "@robelest/convex-auth/component";
+import { DocumentByName, GenericDataModel, WithoutSystemFields } from "convex/server";
+import { Value } from "convex/values";
+/**
+ * The available options to an {@link Anonymous} provider for Convex Auth.
+ */
+export interface AnonymousConfig<DataModel extends GenericDataModel> {
+    /**
+     * Uniquely identifies the provider, allowing to use
+     * multiple different {@link Anonymous} providers.
+     */
+    id?: string;
+    /**
+     * Perform checks on provided params and customize the user
+     * information stored after sign in.
+     */
+    profile?: (
+    /**
+     * The values passed to the `signIn` function.
+     */
+    params: Record<string, Value | undefined>, 
+    /**
+     * Convex ActionCtx in case you want to read from or write to
+     * the database.
+     */
+    ctx: GenericActionCtxWithAuthConfig<DataModel>) => WithoutSystemFields<DocumentByName<DataModel, "user">> & {
+        isAnonymous: true;
+    };
+}
+/**
+ * An anonymous authentication provider.
+ *
+ * This provider doesn't require any user-provided information.
+ */
+export default function anonymous<DataModel extends GenericDataModel>(config?: AnonymousConfig<DataModel>): import("@robelest/convex-auth/component").ConvexCredentialsConfig;
+//# sourceMappingURL=Anonymous.d.ts.map

package/dist/providers/Anonymous.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Anonymous.d.ts","sourceRoot":"","sources":["../../src/providers/Anonymous.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EACL,8BAA8B,EAE/B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACpB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAEtC;;GAEG;AACH,MAAM,WAAW,eAAe,CAAC,SAAS,SAAS,gBAAgB;IACjE;;;OAGG;IACH,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ;;;OAGG;IACH,OAAO,CAAC,EAAE;IACR;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,GAAG,SAAS,CAAC;IACzC;;;OAGG;IACH,GAAG,EAAE,8BAA8B,CAAC,SAAS,CAAC,KAC3C,mBAAmB,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,GAAG;QAC5D,WAAW,EAAE,IAAI,CAAC;KACnB,CAAC;CACH;AAED;;;;GAIG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,SAAS,SAAS,gBAAgB,EAClE,MAAM,GAAE,eAAe,CAAC,SAAS,CAAM,qEAiBxC"}

package/dist/providers/Anonymous.js

@@ -0,0 +1,39 @@
+/**
+ * Configure {@link Anonymous} provider given an {@link AnonymousConfig}.
+ *
+ * ```ts
+ * import { Anonymous } from "@robelest/convex-auth/providers/Anonymous";
+ * import { convexAuth } from "@robelest/convex-auth/component";
+ *
+ * export const { auth, signIn, signOut, store } = convexAuth({
+ *   providers: [Anonymous],
+ * });
+ * ```
+ *
+ * @module
+ */
+import convexCredentials from "@robelest/convex-auth/providers/ConvexCredentials";
+import { createAccount, } from "@robelest/convex-auth/component";
+/**
+ * An anonymous authentication provider.
+ *
+ * This provider doesn't require any user-provided information.
+ */
+export default function anonymous(config = {}) {
+    const provider = config.id ?? "anonymous";
+    return convexCredentials({
+        id: "anonymous",
+        authorize: async (params, ctx) => {
+            const profile = config.profile?.(params, ctx) ?? { isAnonymous: true };
+            const { user } = await createAccount(ctx, {
+                provider,
+                account: { id: crypto.randomUUID() },
+                profile: profile,
+            });
+            // END
+            return { userId: user._id };
+        },
+        ...config,
+    });
+}
+//# sourceMappingURL=Anonymous.js.map

package/dist/providers/Anonymous.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Anonymous.js","sourceRoot":"","sources":["../../src/providers/Anonymous.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,iBAAiB,MAAM,mDAAmD,CAAC;AAClF,OAAO,EAEL,aAAa,GACd,MAAM,iCAAiC,CAAC;AAoCzC;;;;GAIG;AACH,MAAM,CAAC,OAAO,UAAU,SAAS,CAC/B,SAAqC,EAAE;IAEvC,MAAM,QAAQ,GAAG,MAAM,CAAC,EAAE,IAAI,WAAW,CAAC;IAC1C,OAAO,iBAAiB,CAAY;QAClC,EAAE,EAAE,WAAW;QACf,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;YAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;YACvE,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE;gBACxC,QAAQ;gBACR,OAAO,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE,EAAE;gBACpC,OAAO,EAAE,OAAc;aACxB,CAAC,CAAC;YACH,MAAM;YACN,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;QAC9B,CAAC;QACD,GAAG,MAAM;KACV,CAAC,CAAC;AACL,CAAC"}

package/dist/providers/ConvexCredentials.d.ts

@@ -0,0 +1,88 @@
+/**
+ * Configure {@link ConvexCredentials} provider given a {@link ConvexCredentialsUserConfig}.
+ *
+ * This is for a very custom authentication implementation, often you can
+ * use the [`Password`](https://labs.convex.dev/auth/api_reference/providers/Password) provider instead.
+ *
+ * ```ts
+ * import ConvexCredentials from "@robelest/convex-auth/providers/ConvexCredentials";
+ * import { convexAuth } from "@robelest/convex-auth/component";
+ *
+ * export const { auth, signIn, signOut, store } = convexAuth({
+ *   providers: [
+ *     ConvexCredentials({
+ *       authorize: async (credentials, ctx) => {
+ *         // Your custom logic here...
+ *       },
+ *     }),
+ *   ],
+ * });
+ * ```
+ *
+ * @module
+ */
+import { AuthProviderConfig, ConvexCredentialsConfig, GenericActionCtxWithAuthConfig } from "@robelest/convex-auth/component";
+import { GenericDataModel } from "convex/server";
+import { GenericId, Value } from "convex/values";
+/**
+ * The available options to a {@link ConvexCredentials} provider for Convex Auth.
+ */
+export interface ConvexCredentialsUserConfig<DataModel extends GenericDataModel = GenericDataModel> {
+    /**
+     * Uniquely identifies the provider, allowing to use
+     * multiple different {@link ConvexCredentials} providers.
+     */
+    id?: string;
+    /**
+     * Gives full control over how you handle the credentials received from the user
+     * via the client-side `signIn` function.
+     *
+     * @returns This method expects a user ID to be returned for a successful login.
+     * A session ID can be also returned and that session will be used.
+     * If an error is thrown or `null` is returned, the sign-in will fail.
+     */
+    authorize: (
+    /**
+     * The available keys are determined by your call to `signIn()` on the client.
+     *
+     * You can add basic validation depending on your use case,
+     * or you can use a popular library like [Zod](https://zod.dev) for validating
+     * the input.
+     */
+    credentials: Partial<Record<string, Value | undefined>>, ctx: GenericActionCtxWithAuthConfig<DataModel>) => Promise<{
+        userId: GenericId<"user">;
+        sessionId?: GenericId<"session">;
+    } | null>;
+    /**
+     * Provide hashing and verification functions if you're
+     * storing account secrets and want to control
+     * how they're hashed.
+     *
+     * These functions will be called during
+     * the `createAccount` and `retrieveAccount` execution when the
+     * `secret` option is used.
+     */
+    crypto?: {
+        /**
+         * Function used to hash the secret.
+         */
+        hashSecret: (secret: string) => Promise<string>;
+        /**
+         * Function used to verify that the secret
+         * matches the stored hash.
+         */
+        verifySecret: (secret: string, hash: string) => Promise<boolean>;
+    };
+    /**
+     * Register extra providers used in the implementation of the credentials
+     * provider. They will only be available to the `signInViaProvider`
+     * function, and not to the `signIn` function exposed to clients.
+     */
+    extraProviders?: (AuthProviderConfig | undefined)[];
+}
+/**
+ * The Credentials provider allows you to handle signing in with arbitrary credentials,
+ * such as a username and password, domain, or two factor authentication or hardware device (e.g. YubiKey U2F / FIDO).
+ */
+export default function convexCredentials<DataModel extends GenericDataModel>(config: ConvexCredentialsUserConfig<DataModel>): ConvexCredentialsConfig;
+//# sourceMappingURL=ConvexCredentials.d.ts.map

package/dist/providers/ConvexCredentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ConvexCredentials.d.ts","sourceRoot":"","sources":["../../src/providers/ConvexCredentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,8BAA8B,EAC/B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAEjD;;GAEG;AACH,MAAM,WAAW,2BAA2B,CAC1C,SAAS,SAAS,gBAAgB,GAAG,gBAAgB;IAErD;;;OAGG;IACH,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ;;;;;;;OAOG;IACH,SAAS,EAAE;IACT;;;;;;OAMG;IACH,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,GAAG,SAAS,CAAC,CAAC,EACvD,GAAG,EAAE,8BAA8B,CAAC,SAAS,CAAC,KAC3C,OAAO,CAAC;QACX,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;QAC1B,SAAS,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;KAClC,GAAG,IAAI,CAAC,CAAC;IACV;;;;;;;;OAQG;IACH,MAAM,CAAC,EAAE;QACP;;WAEG;QACH,UAAU,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;QAChD;;;WAGG;QACH,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KAClE,CAAC;IACF;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,kBAAkB,GAAG,SAAS,CAAC,EAAE,CAAC;CACrD;AAED;;;GAGG;AACH,MAAM,CAAC,OAAO,UAAU,iBAAiB,CAAC,SAAS,SAAS,gBAAgB,EAC1E,MAAM,EAAE,2BAA2B,CAAC,SAAS,CAAC,GAC7C,uBAAuB,CAQzB"}

package/dist/providers/ConvexCredentials.js

@@ -0,0 +1,37 @@
+/**
+ * Configure {@link ConvexCredentials} provider given a {@link ConvexCredentialsUserConfig}.
+ *
+ * This is for a very custom authentication implementation, often you can
+ * use the [`Password`](https://labs.convex.dev/auth/api_reference/providers/Password) provider instead.
+ *
+ * ```ts
+ * import ConvexCredentials from "@robelest/convex-auth/providers/ConvexCredentials";
+ * import { convexAuth } from "@robelest/convex-auth/component";
+ *
+ * export const { auth, signIn, signOut, store } = convexAuth({
+ *   providers: [
+ *     ConvexCredentials({
+ *       authorize: async (credentials, ctx) => {
+ *         // Your custom logic here...
+ *       },
+ *     }),
+ *   ],
+ * });
+ * ```
+ *
+ * @module
+ */
+/**
+ * The Credentials provider allows you to handle signing in with arbitrary credentials,
+ * such as a username and password, domain, or two factor authentication or hardware device (e.g. YubiKey U2F / FIDO).
+ */
+export default function convexCredentials(config) {
+    return {
+        id: "credentials",
+        type: "credentials",
+        authorize: async () => null,
+        // @ts-expect-error Internal
+        options: config,
+    };
+}
+//# sourceMappingURL=ConvexCredentials.js.map

package/dist/providers/ConvexCredentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ConvexCredentials.js","sourceRoot":"","sources":["../../src/providers/ConvexCredentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAuEH;;;GAGG;AACH,MAAM,CAAC,OAAO,UAAU,iBAAiB,CACvC,MAA8C;IAE9C,OAAO;QACL,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,aAAa;QACnB,SAAS,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI;QAC3B,4BAA4B;QAC5B,OAAO,EAAE,MAAM;KAChB,CAAC;AACJ,CAAC"}

package/dist/providers/Email.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Simplifies creating custom email providers, such as for sending OTPs.
+ *
+ * @module
+ */
+import { GenericDataModel } from "convex/server";
+import { EmailConfig, EmailUserConfig } from "../server/types.js";
+/**
+ * Email providers send a token to the user's email address
+ * for sign-in.
+ *
+ * When you use this function to create your config, by default it
+ * checks that there is an `email` field during token verification
+ * that matches the `email` used during the initial `signIn` call.
+ *
+ * If you want the "magic link behavior", where only the token is needed,
+ * you can override the `authorize` method to skip the check:
+ *
+ * ```ts
+ * import Email from "@robelest/convex-auth/providers/Email";
+ * import { convexAuth } from "@robelest/convex-auth/component";
+ *
+ * export const { auth, signIn, signOut, store } = convexAuth({
+ *   providers: [
+ *     Email({ authorize: undefined }),
+ *   ],
+ * });
+ * ```
+ *
+ * Make sure the token has high enough entropy to be secure.
+ */
+export declare function Email<DataModel extends GenericDataModel>(config: EmailUserConfig<DataModel> & Pick<EmailConfig, "sendVerificationRequest">): EmailConfig<DataModel>;
+//# sourceMappingURL=Email.d.ts.map

package/dist/providers/Email.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Email.d.ts","sourceRoot":"","sources":["../../src/providers/Email.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAElE;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,KAAK,CAAC,SAAS,SAAS,gBAAgB,EACtD,MAAM,EAAE,eAAe,CAAC,SAAS,CAAC,GAChC,IAAI,CAAC,WAAW,EAAE,yBAAyB,CAAC,GAC7C,WAAW,CAAC,SAAS,CAAC,CAuBxB"}

package/dist/providers/Email.js

@@ -0,0 +1,50 @@
+/**
+ * Simplifies creating custom email providers, such as for sending OTPs.
+ *
+ * @module
+ */
+/**
+ * Email providers send a token to the user's email address
+ * for sign-in.
+ *
+ * When you use this function to create your config, by default it
+ * checks that there is an `email` field during token verification
+ * that matches the `email` used during the initial `signIn` call.
+ *
+ * If you want the "magic link behavior", where only the token is needed,
+ * you can override the `authorize` method to skip the check:
+ *
+ * ```ts
+ * import Email from "@robelest/convex-auth/providers/Email";
+ * import { convexAuth } from "@robelest/convex-auth/component";
+ *
+ * export const { auth, signIn, signOut, store } = convexAuth({
+ *   providers: [
+ *     Email({ authorize: undefined }),
+ *   ],
+ * });
+ * ```
+ *
+ * Make sure the token has high enough entropy to be secure.
+ */
+export function Email(config) {
+    return {
+        id: "email",
+        type: "email",
+        name: "Email",
+        from: "Auth.js <no-reply@authjs.dev>",
+        maxAge: 60 * 60, // 1 hour
+        authorize: async (params, account) => {
+            if (typeof params.email !== "string") {
+                throw new Error("Token verification requires an `email` in params of `signIn`.");
+            }
+            if (account.providerAccountId !== params.email) {
+                throw new Error("Short verification code requires a matching `email` " +
+                    "in params of `signIn`.");
+            }
+        },
+        sendVerificationRequest: config.sendVerificationRequest,
+        options: config,
+    };
+}
+//# sourceMappingURL=Email.js.map

package/dist/providers/Email.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Email.js","sourceRoot":"","sources":["../../src/providers/Email.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,KAAK,CACnB,MAC8C;IAE9C,OAAO;QACL,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,+BAA+B;QACrC,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,SAAS;QAC1B,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE;YACnC,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CACb,+DAA+D,CAChE,CAAC;YACJ,CAAC;YACD,IAAI,OAAO,CAAC,iBAAiB,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;gBAC/C,MAAM,IAAI,KAAK,CACb,sDAAsD;oBACpD,wBAAwB,CAC3B,CAAC;YACJ,CAAC;QACH,CAAC;QACD,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;QACvD,OAAO,EAAE,MAAM;KAChB,CAAC;AACJ,CAAC"}

package/dist/providers/Password.d.ts

@@ -0,0 +1,95 @@
+/**
+ * Configure {@link Password} provider given a {@link PasswordConfig}.
+ *
+ * The `Password` provider supports the following flows, determined
+ * by the `flow` parameter:
+ *
+ * - `"signUp"`: Create a new account with a password.
+ * - `"signIn"`: Sign in with an existing account and password.
+ * - `"reset"`: Request a password reset.
+ * - `"reset-verification"`: Verify a password reset code and change password.
+ * - `"email-verification"`: If email verification is enabled and `code` is
+ *    included in params, verify an OTP.
+ *
+ * ```ts
+ * import Password from "@robelest/convex-auth/providers/Password";
+ * import { convexAuth } from "@robelest/convex-auth/component";
+ *
+ * export const { auth, signIn, signOut, store } = convexAuth({
+ *   providers: [Password],
+ * });
+ * ```
+ *
+ * @module
+ */
+import { ConvexCredentialsUserConfig } from "@robelest/convex-auth/providers/ConvexCredentials";
+import { EmailConfig, GenericActionCtxWithAuthConfig } from "@robelest/convex-auth/component";
+import { DocumentByName, GenericDataModel, WithoutSystemFields } from "convex/server";
+import { Value } from "convex/values";
+/**
+ * The available options to a {@link Password} provider for Convex Auth.
+ */
+export interface PasswordConfig<DataModel extends GenericDataModel> {
+    /**
+     * Uniquely identifies the provider, allowing to use
+     * multiple different {@link Password} providers.
+     */
+    id?: string;
+    /**
+     * Perform checks on provided params and customize the user
+     * information stored after sign up, including email normalization.
+     *
+     * Called for every flow ("signUp", "signIn", "reset",
+     * "reset-verification" and "email-verification").
+     */
+    profile?: (
+    /**
+     * The values passed to the `signIn` function.
+     */
+    params: Record<string, Value | undefined>, 
+    /**
+     * Convex ActionCtx in case you want to read from or write to
+     * the database.
+     */
+    ctx: GenericActionCtxWithAuthConfig<DataModel>) => WithoutSystemFields<DocumentByName<DataModel, "user">> & {
+        email: string;
+    };
+    /**
+     * Performs custom validation on password provided during sign up or reset.
+     *
+     * Otherwise the default validation is used (password is not empty and
+     * at least 8 characters in length).
+     *
+     * If the provided password is invalid, implementations must throw an Error.
+     *
+     * @param password the password supplied during "signUp" or
+     *                 "reset-verification" flows.
+     */
+    validatePasswordRequirements?: (password: string) => void;
+    /**
+     * Provide hashing and verification functions if you want to control
+     * how passwords are hashed.
+     */
+    crypto?: ConvexCredentialsUserConfig["crypto"];
+    /**
+     * An Auth.js email provider used to require verification
+     * before password reset.
+     */
+    reset?: EmailConfig | ((...args: any) => EmailConfig);
+    /**
+     * An Auth.js email provider used to require verification
+     * before sign up / sign in.
+     */
+    verify?: EmailConfig | ((...args: any) => EmailConfig);
+}
+/**
+ * Email and password authentication provider.
+ *
+ * Passwords are by default hashed using Scrypt from Lucia.
+ * You can customize the hashing via the `crypto` option.
+ *
+ * Email verification is not required unless you pass
+ * an email provider to the `verify` option.
+ */
+export default function password<DataModel extends GenericDataModel>(config?: PasswordConfig<DataModel>): import("@robelest/convex-auth/component").ConvexCredentialsConfig;
+//# sourceMappingURL=Password.d.ts.map

package/dist/providers/Password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Password.d.ts","sourceRoot":"","sources":["../../src/providers/Password.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAA0B,EACxB,2BAA2B,EAC5B,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EACL,WAAW,EACX,8BAA8B,EAO/B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACpB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAGtC;;GAEG;AACH,MAAM,WAAW,cAAc,CAAC,SAAS,SAAS,gBAAgB;IAChE;;;OAGG;IACH,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ;;;;;;OAMG;IACH,OAAO,CAAC,EAAE;IACR;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,GAAG,SAAS,CAAC;IACzC;;;OAGG;IACH,GAAG,EAAE,8BAA8B,CAAC,SAAS,CAAC,KAC3C,mBAAmB,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,GAAG;QAC5D,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF;;;;;;;;;;OAUG;IACH,4BAA4B,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IAC1D;;;OAGG;IACH,MAAM,CAAC,EAAE,2BAA2B,CAAC,QAAQ,CAAC,CAAC;IAC/C;;;OAGG;IACH,KAAK,CAAC,EAAE,WAAW,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,KAAK,WAAW,CAAC,CAAC;IACtD;;;OAGG;IACH,MAAM,CAAC,EAAE,WAAW,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,KAAK,WAAW,CAAC,CAAC;CACxD;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,SAAS,SAAS,gBAAgB,EACjE,MAAM,GAAE,cAAc,CAAC,SAAS,CAAM,qEA8HvC"}

package/dist/providers/Password.js

@@ -0,0 +1,174 @@
+/**
+ * Configure {@link Password} provider given a {@link PasswordConfig}.
+ *
+ * The `Password` provider supports the following flows, determined
+ * by the `flow` parameter:
+ *
+ * - `"signUp"`: Create a new account with a password.
+ * - `"signIn"`: Sign in with an existing account and password.
+ * - `"reset"`: Request a password reset.
+ * - `"reset-verification"`: Verify a password reset code and change password.
+ * - `"email-verification"`: If email verification is enabled and `code` is
+ *    included in params, verify an OTP.
+ *
+ * ```ts
+ * import Password from "@robelest/convex-auth/providers/Password";
+ * import { convexAuth } from "@robelest/convex-auth/component";
+ *
+ * export const { auth, signIn, signOut, store } = convexAuth({
+ *   providers: [Password],
+ * });
+ * ```
+ *
+ * @module
+ */
+import convexCredentials from "@robelest/convex-auth/providers/ConvexCredentials";
+import { createAccount, invalidateSessions, modifyAccountCredentials, retrieveAccount, signInViaProvider, } from "@robelest/convex-auth/component";
+import { Scrypt } from "lucia";
+/**
+ * Email and password authentication provider.
+ *
+ * Passwords are by default hashed using Scrypt from Lucia.
+ * You can customize the hashing via the `crypto` option.
+ *
+ * Email verification is not required unless you pass
+ * an email provider to the `verify` option.
+ */
+export default function password(config = {}) {
+    const provider = config.id ?? "password";
+    return convexCredentials({
+        id: "password",
+        authorize: async (params, ctx) => {
+            const flow = params.flow;
+            const passwordToValidate = flow === "signUp"
+                ? params.password
+                : flow === "reset-verification"
+                    ? params.newPassword
+                    : null;
+            if (passwordToValidate !== null) {
+                if (config.validatePasswordRequirements !== undefined) {
+                    config.validatePasswordRequirements(passwordToValidate);
+                }
+                else {
+                    validateDefaultPasswordRequirements(passwordToValidate);
+                }
+            }
+            const profile = config.profile?.(params, ctx) ?? defaultProfile(params);
+            const { email } = profile;
+            const secret = params.password;
+            let account;
+            let user;
+            if (flow === "signUp") {
+                if (secret === undefined) {
+                    throw new Error("Missing `password` param for `signUp` flow");
+                }
+                const created = await createAccount(ctx, {
+                    provider,
+                    account: { id: email, secret },
+                    profile: profile,
+                    shouldLinkViaEmail: config.verify !== undefined,
+                    shouldLinkViaPhone: false,
+                });
+                ({ account, user } = created);
+            }
+            else if (flow === "signIn") {
+                if (secret === undefined) {
+                    throw new Error("Missing `password` param for `signIn` flow");
+                }
+                const retrieved = await retrieveAccount(ctx, {
+                    provider,
+                    account: { id: email, secret },
+                });
+                if (retrieved === null) {
+                    throw new Error("Invalid credentials");
+                }
+                ({ account, user } = retrieved);
+                // START: Optional, support password reset
+            }
+            else if (flow === "reset") {
+                if (!config.reset) {
+                    throw new Error(`Password reset is not enabled for ${provider}`);
+                }
+                const { account } = await retrieveAccount(ctx, {
+                    provider,
+                    account: { id: email },
+                });
+                return await signInViaProvider(ctx, config.reset, {
+                    accountId: account._id,
+                    params,
+                });
+            }
+            else if (flow === "reset-verification") {
+                if (!config.reset) {
+                    throw new Error(`Password reset is not enabled for ${provider}`);
+                }
+                if (params.newPassword === undefined) {
+                    throw new Error("Missing `newPassword` param for `reset-verification` flow");
+                }
+                const result = await signInViaProvider(ctx, config.reset, { params });
+                if (result === null) {
+                    throw new Error("Invalid code");
+                }
+                const { userId, sessionId } = result;
+                const secret = params.newPassword;
+                await modifyAccountCredentials(ctx, {
+                    provider,
+                    account: { id: email, secret },
+                });
+                await invalidateSessions(ctx, { userId, except: [sessionId] });
+                return { userId, sessionId };
+                // END
+                // START: Optional, email verification during sign in
+            }
+            else if (flow === "email-verification") {
+                if (!config.verify) {
+                    throw new Error(`Email verification is not enabled for ${provider}`);
+                }
+                const { account } = await retrieveAccount(ctx, {
+                    provider,
+                    account: { id: email },
+                });
+                return await signInViaProvider(ctx, config.verify, {
+                    accountId: account._id,
+                    params,
+                });
+                // END
+            }
+            else {
+                throw new Error("Missing `flow` param, it must be one of " +
+                    '"signUp", "signIn", "reset", "reset-verification" or ' +
+                    '"email-verification"!');
+            }
+            // START: Optional, email verification during sign in
+            if (config.verify && !account.emailVerified) {
+                return await signInViaProvider(ctx, config.verify, {
+                    accountId: account._id,
+                    params,
+                });
+            }
+            // END
+            return { userId: user._id };
+        },
+        crypto: {
+            async hashSecret(password) {
+                return await new Scrypt().hash(password);
+            },
+            async verifySecret(password, hash) {
+                return await new Scrypt().verify(hash, password);
+            },
+        },
+        extraProviders: [config.reset, config.verify],
+        ...config,
+    });
+}
+function validateDefaultPasswordRequirements(password) {
+    if (!password || password.length < 8) {
+        throw new Error("Invalid password");
+    }
+}
+function defaultProfile(params) {
+    return {
+        email: params.email,
+    };
+}
+//# sourceMappingURL=Password.js.map

package/dist/providers/Password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Password.js","sourceRoot":"","sources":["../../src/providers/Password.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,iBAEN,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EAIL,aAAa,EACb,kBAAkB,EAClB,wBAAwB,EACxB,eAAe,EACf,iBAAiB,GAClB,MAAM,iCAAiC,CAAC;AAOzC,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AA4D/B;;;;;;;;GAQG;AACH,MAAM,CAAC,OAAO,UAAU,QAAQ,CAC9B,SAAoC,EAAE;IAEtC,MAAM,QAAQ,GAAG,MAAM,CAAC,EAAE,IAAI,UAAU,CAAC;IACzC,OAAO,iBAAiB,CAAY;QAClC,EAAE,EAAE,UAAU;QACd,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE;YAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAc,CAAC;YACnC,MAAM,kBAAkB,GACtB,IAAI,KAAK,QAAQ;gBACf,CAAC,CAAE,MAAM,CAAC,QAAmB;gBAC7B,CAAC,CAAC,IAAI,KAAK,oBAAoB;oBAC7B,CAAC,CAAE,MAAM,CAAC,WAAsB;oBAChC,CAAC,CAAC,IAAI,CAAC;YACb,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAChC,IAAI,MAAM,CAAC,4BAA4B,KAAK,SAAS,EAAE,CAAC;oBACtD,MAAM,CAAC,4BAA4B,CAAC,kBAAkB,CAAC,CAAC;gBAC1D,CAAC;qBAAM,CAAC;oBACN,mCAAmC,CAAC,kBAAkB,CAAC,CAAC;gBAC1D,CAAC;YACH,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;YACxE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;YAC1B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAkB,CAAC;YACzC,IAAI,OAAyC,CAAC;YAC9C,IAAI,IAAmC,CAAC;YACxC,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACtB,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;oBACzB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;gBAChE,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE;oBACvC,QAAQ;oBACR,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE;oBAC9B,OAAO,EAAE,OAAc;oBACvB,kBAAkB,EAAE,MAAM,CAAC,MAAM,KAAK,SAAS;oBAC/C,kBAAkB,EAAE,KAAK;iBAC1B,CAAC,CAAC;gBACH,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,CAAC;YAChC,CAAC;iBAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;oBACzB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;gBAChE,CAAC;gBACD,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE;oBAC3C,QAAQ;oBACR,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE;iBAC/B,CAAC,CAAC;gBACH,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;gBACzC,CAAC;gBACD,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC,CAAC;gBAChC,0CAA0C;YAC5C,CAAC;iBAAM,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBAC5B,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,EAAE,CAAC,CAAC;gBACnE,CAAC;gBACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE;oBAC7C,QAAQ;oBACR,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE;iBACvB,CAAC,CAAC;gBACH,OAAO,MAAM,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,EAAE;oBAChD,SAAS,EAAE,OAAO,CAAC,GAAG;oBACtB,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,IAAI,KAAK,oBAAoB,EAAE,CAAC;gBACzC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,EAAE,CAAC,CAAC;gBACnE,CAAC;gBACD,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;oBACrC,MAAM,IAAI,KAAK,CACb,2DAA2D,CAC5D,CAAC;gBACJ,CAAC;gBACD,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;gBACtE,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;gBAClC,CAAC;gBACD,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;gBACrC,MAAM,MAAM,GAAG,MAAM,CAAC,WAAqB,CAAC;gBAC5C,MAAM,wBAAwB,CAAC,GAAG,EAAE;oBAClC,QAAQ;oBACR,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE;iBAC/B,CAAC,CAAC;gBACH,MAAM,kBAAkB,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;gBAC/D,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;gBAC7B,MAAM;gBACN,qDAAqD;YACvD,CAAC;iBAAM,IAAI,IAAI,KAAK,oBAAoB,EAAE,CAAC;gBACzC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACnB,MAAM,IAAI,KAAK,CAAC,yCAAyC,QAAQ,EAAE,CAAC,CAAC;gBACvE,CAAC;gBACD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE;oBAC7C,QAAQ;oBACR,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE;iBACvB,CAAC,CAAC;gBACH,OAAO,MAAM,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE;oBACjD,SAAS,EAAE,OAAO,CAAC,GAAG;oBACtB,MAAM;iBACP,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,0CAA0C;oBACxC,uDAAuD;oBACvD,uBAAuB,CAC1B,CAAC;YACJ,CAAC;YACD,qDAAqD;YACrD,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;gBAC5C,OAAO,MAAM,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE;oBACjD,SAAS,EAAE,OAAO,CAAC,GAAG;oBACtB,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;YACD,MAAM;YACN,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;QAC9B,CAAC;QACD,MAAM,EAAE;YACN,KAAK,CAAC,UAAU,CAAC,QAAgB;gBAC/B,OAAO,MAAM,IAAI,MAAM,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC3C,CAAC;YACD,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,IAAY;gBAC/C,OAAO,MAAM,IAAI,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACnD,CAAC;SACF;QACD,cAAc,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC;QAC7C,GAAG,MAAM;KACV,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mCAAmC,CAAC,QAAgB;IAC3D,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,MAA+B;IACrD,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,KAAe;KAC9B,CAAC;AACJ,CAAC"}