@robelest/convex-auth 0.0.2-preview.0 → 0.0.2-preview.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin.cjs +17 -15
- package/dist/client/index.d.ts +84 -30
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +259 -59
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/component.d.ts +46 -120
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/index.d.ts +2 -4
- package/dist/component/index.d.ts.map +1 -1
- package/dist/component/index.js +2 -4
- package/dist/component/index.js.map +1 -1
- package/dist/component/public.d.ts +233 -167
- package/dist/component/public.d.ts.map +1 -1
- package/dist/component/public.js +328 -155
- package/dist/component/public.js.map +1 -1
- package/dist/component/schema.d.ts +127 -12
- package/dist/component/schema.d.ts.map +1 -1
- package/dist/component/schema.js +136 -10
- package/dist/component/schema.js.map +1 -1
- package/dist/providers/{Anonymous.d.ts → anonymous.d.ts} +8 -8
- package/dist/providers/{Anonymous.d.ts.map → anonymous.d.ts.map} +1 -1
- package/dist/providers/{Anonymous.js → anonymous.js} +9 -10
- package/dist/providers/anonymous.js.map +1 -0
- package/dist/providers/{ConvexCredentials.d.ts → credentials.d.ts} +11 -11
- package/dist/providers/credentials.d.ts.map +1 -0
- package/dist/providers/{ConvexCredentials.js → credentials.js} +8 -8
- package/dist/providers/credentials.js.map +1 -0
- package/dist/providers/{Email.d.ts → email.d.ts} +6 -6
- package/dist/providers/email.d.ts.map +1 -0
- package/dist/providers/{Email.js → email.js} +6 -6
- package/dist/providers/email.js.map +1 -0
- package/dist/providers/{Password.d.ts → password.d.ts} +10 -10
- package/dist/providers/{Password.d.ts.map → password.d.ts.map} +1 -1
- package/dist/providers/{Password.js → password.js} +19 -20
- package/dist/providers/password.js.map +1 -0
- package/dist/providers/{Phone.d.ts → phone.d.ts} +3 -3
- package/dist/providers/{Phone.d.ts.map → phone.d.ts.map} +1 -1
- package/dist/providers/{Phone.js → phone.js} +3 -3
- package/dist/providers/{Phone.js.map → phone.js.map} +1 -1
- package/dist/server/implementation/db.d.ts +5 -2
- package/dist/server/implementation/db.d.ts.map +1 -1
- package/dist/server/implementation/db.js +2 -1
- package/dist/server/implementation/db.js.map +1 -1
- package/dist/server/implementation/index.d.ts +285 -180
- package/dist/server/implementation/index.d.ts.map +1 -1
- package/dist/server/implementation/index.js +280 -173
- package/dist/server/implementation/index.js.map +1 -1
- package/dist/server/implementation/mutations/createAccountFromCredentials.d.ts.map +1 -1
- package/dist/server/implementation/mutations/createAccountFromCredentials.js +8 -18
- package/dist/server/implementation/mutations/createAccountFromCredentials.js.map +1 -1
- package/dist/server/implementation/mutations/createVerificationCode.d.ts.map +1 -1
- package/dist/server/implementation/mutations/createVerificationCode.js +16 -44
- package/dist/server/implementation/mutations/createVerificationCode.js.map +1 -1
- package/dist/server/implementation/mutations/invalidateSessions.d.ts.map +1 -1
- package/dist/server/implementation/mutations/invalidateSessions.js +4 -8
- package/dist/server/implementation/mutations/invalidateSessions.js.map +1 -1
- package/dist/server/implementation/mutations/modifyAccount.d.ts.map +1 -1
- package/dist/server/implementation/mutations/modifyAccount.js +8 -19
- package/dist/server/implementation/mutations/modifyAccount.js.map +1 -1
- package/dist/server/implementation/mutations/refreshSession.d.ts.map +1 -1
- package/dist/server/implementation/mutations/refreshSession.js +9 -23
- package/dist/server/implementation/mutations/refreshSession.js.map +1 -1
- package/dist/server/implementation/mutations/retrieveAccountWithCredentials.d.ts.map +1 -1
- package/dist/server/implementation/mutations/retrieveAccountWithCredentials.js +6 -12
- package/dist/server/implementation/mutations/retrieveAccountWithCredentials.js.map +1 -1
- package/dist/server/implementation/mutations/signIn.d.ts.map +1 -1
- package/dist/server/implementation/mutations/signIn.js +2 -1
- package/dist/server/implementation/mutations/signIn.js.map +1 -1
- package/dist/server/implementation/mutations/signOut.d.ts.map +1 -1
- package/dist/server/implementation/mutations/signOut.js +5 -6
- package/dist/server/implementation/mutations/signOut.js.map +1 -1
- package/dist/server/implementation/mutations/storeRef.d.ts +8 -0
- package/dist/server/implementation/mutations/storeRef.d.ts.map +1 -0
- package/dist/server/implementation/mutations/storeRef.js +8 -0
- package/dist/server/implementation/mutations/storeRef.js.map +1 -0
- package/dist/server/implementation/mutations/userOAuth.d.ts.map +1 -1
- package/dist/server/implementation/mutations/userOAuth.js +16 -53
- package/dist/server/implementation/mutations/userOAuth.js.map +1 -1
- package/dist/server/implementation/mutations/verifier.d.ts.map +1 -1
- package/dist/server/implementation/mutations/verifier.js +4 -8
- package/dist/server/implementation/mutations/verifier.js.map +1 -1
- package/dist/server/implementation/mutations/verifierSignature.d.ts.map +1 -1
- package/dist/server/implementation/mutations/verifierSignature.js +6 -10
- package/dist/server/implementation/mutations/verifierSignature.js.map +1 -1
- package/dist/server/implementation/mutations/verifyCodeAndSignIn.d.ts.map +1 -1
- package/dist/server/implementation/mutations/verifyCodeAndSignIn.js +7 -16
- package/dist/server/implementation/mutations/verifyCodeAndSignIn.js.map +1 -1
- package/dist/server/implementation/provider.d.ts +2 -1
- package/dist/server/implementation/provider.d.ts.map +1 -1
- package/dist/server/implementation/provider.js.map +1 -1
- package/dist/server/implementation/rateLimit.d.ts.map +1 -1
- package/dist/server/implementation/rateLimit.js +13 -39
- package/dist/server/implementation/rateLimit.js.map +1 -1
- package/dist/server/implementation/refreshTokens.d.ts +1 -8
- package/dist/server/implementation/refreshTokens.d.ts.map +1 -1
- package/dist/server/implementation/refreshTokens.js +14 -58
- package/dist/server/implementation/refreshTokens.js.map +1 -1
- package/dist/server/implementation/sessions.d.ts +2 -20
- package/dist/server/implementation/sessions.d.ts.map +1 -1
- package/dist/server/implementation/sessions.js +8 -35
- package/dist/server/implementation/sessions.js.map +1 -1
- package/dist/server/implementation/types.d.ts +11 -267
- package/dist/server/implementation/types.d.ts.map +1 -1
- package/dist/server/implementation/types.js +1 -181
- package/dist/server/implementation/types.js.map +1 -1
- package/dist/server/implementation/users.d.ts.map +1 -1
- package/dist/server/implementation/users.js +19 -67
- package/dist/server/implementation/users.js.map +1 -1
- package/dist/server/index.d.ts +18 -0
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +255 -0
- package/dist/server/index.js.map +1 -1
- package/dist/server/provider_utils.d.ts +1 -1
- package/dist/server/provider_utils.d.ts.map +1 -1
- package/dist/server/provider_utils.js +2 -2
- package/dist/server/provider_utils.js.map +1 -1
- package/dist/server/types.d.ts +91 -52
- package/dist/server/types.d.ts.map +1 -1
- package/package.json +3 -6
- package/src/cli/index.ts +20 -19
- package/src/client/index.ts +347 -110
- package/src/component/_generated/component.ts +55 -214
- package/src/component/index.ts +1 -11
- package/src/component/public.ts +366 -178
- package/src/component/schema.ts +150 -19
- package/src/providers/{Anonymous.ts → anonymous.ts} +10 -11
- package/src/providers/{ConvexCredentials.ts → credentials.ts} +11 -11
- package/src/providers/{Email.ts → email.ts} +5 -5
- package/src/providers/{Password.ts → password.ts} +22 -27
- package/src/providers/{Phone.ts → phone.ts} +2 -2
- package/src/server/implementation/db.ts +5 -2
- package/src/server/implementation/index.ts +368 -313
- package/src/server/implementation/mutations/createAccountFromCredentials.ts +11 -25
- package/src/server/implementation/mutations/createVerificationCode.ts +16 -47
- package/src/server/implementation/mutations/invalidateSessions.ts +4 -9
- package/src/server/implementation/mutations/modifyAccount.ts +8 -22
- package/src/server/implementation/mutations/refreshSession.ts +11 -24
- package/src/server/implementation/mutations/retrieveAccountWithCredentials.ts +9 -17
- package/src/server/implementation/mutations/signIn.ts +2 -1
- package/src/server/implementation/mutations/signOut.ts +5 -8
- package/src/server/implementation/mutations/storeRef.ts +7 -0
- package/src/server/implementation/mutations/userOAuth.ts +10 -50
- package/src/server/implementation/mutations/verifier.ts +4 -9
- package/src/server/implementation/mutations/verifierSignature.ts +6 -12
- package/src/server/implementation/mutations/verifyCodeAndSignIn.ts +7 -18
- package/src/server/implementation/provider.ts +2 -1
- package/src/server/implementation/rateLimit.ts +15 -41
- package/src/server/implementation/refreshTokens.ts +26 -76
- package/src/server/implementation/sessions.ts +8 -39
- package/src/server/implementation/types.ts +16 -191
- package/src/server/implementation/users.ts +19 -66
- package/src/server/index.ts +373 -0
- package/src/server/provider_utils.ts +2 -2
- package/src/server/types.ts +116 -51
- package/dist/providers/Anonymous.js.map +0 -1
- package/dist/providers/ConvexCredentials.d.ts.map +0 -1
- package/dist/providers/ConvexCredentials.js.map +0 -1
- package/dist/providers/Email.d.ts.map +0 -1
- package/dist/providers/Email.js.map +0 -1
- package/dist/providers/Password.js.map +0 -1
- package/providers/Anonymous/package.json +0 -6
- package/providers/ConvexCredentials/package.json +0 -6
- package/providers/Email/package.json +0 -6
- package/providers/Password/package.json +0 -6
- package/providers/Phone/package.json +0 -6
- package/server/package.json +0 -6
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { v } from "convex/values";
|
|
2
2
|
import { upsertUserAndAccount } from "../users.js";
|
|
3
3
|
import { generateRandomString, logWithLevel, sha256 } from "../utils.js";
|
|
4
|
-
import {
|
|
4
|
+
import { authDb } from "../db.js";
|
|
5
|
+
import { AUTH_STORE_REF } from "./storeRef.js";
|
|
5
6
|
const OAUTH_SIGN_IN_EXPIRATION_MS = 1000 * 60 * 2; // 2 minutes
|
|
6
7
|
export const userOAuthArgs = v.object({
|
|
7
8
|
provider: v.string(),
|
|
@@ -12,69 +13,31 @@ export const userOAuthArgs = v.object({
|
|
|
12
13
|
export async function userOAuthImpl(ctx, args, getProviderOrThrow, config) {
|
|
13
14
|
logWithLevel("DEBUG", "userOAuthImpl args:", args);
|
|
14
15
|
const { profile, provider, providerAccountId, signature } = args;
|
|
15
|
-
const
|
|
16
|
+
const db = authDb(ctx, config);
|
|
16
17
|
const providerConfig = getProviderOrThrow(provider);
|
|
17
|
-
const existingAccount =
|
|
18
|
-
|
|
19
|
-
: await ctx.db
|
|
20
|
-
.query("account")
|
|
21
|
-
.withIndex("providerAndAccountId", (q) => q.eq("provider", provider).eq("providerAccountId", providerAccountId))
|
|
22
|
-
.unique();
|
|
23
|
-
const verifier = authDb !== null
|
|
24
|
-
? await authDb.verifiers.getBySignature(signature)
|
|
25
|
-
: await ctx.db
|
|
26
|
-
.query("verifier")
|
|
27
|
-
.withIndex("signature", (q) => q.eq("signature", signature))
|
|
28
|
-
.unique();
|
|
18
|
+
const existingAccount = await db.accounts.get(provider, providerAccountId);
|
|
19
|
+
const verifier = await db.verifiers.getBySignature(signature);
|
|
29
20
|
if (verifier === null) {
|
|
30
21
|
throw new Error("Invalid state");
|
|
31
22
|
}
|
|
32
23
|
const { accountId } = await upsertUserAndAccount(ctx, verifier.sessionId ?? null, existingAccount !== null ? { existingAccount } : { providerAccountId }, { type: "oauth", provider: providerConfig, profile }, config);
|
|
33
24
|
const code = generateRandomString(8, "0123456789");
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
}
|
|
37
|
-
else {
|
|
38
|
-
await ctx.db.delete(verifier._id);
|
|
39
|
-
}
|
|
40
|
-
const existingVerificationCode = authDb !== null
|
|
41
|
-
? await authDb.verificationCodes.getByAccountId(accountId)
|
|
42
|
-
: await ctx.db
|
|
43
|
-
.query("verification")
|
|
44
|
-
.withIndex("accountId", (q) => q.eq("accountId", accountId))
|
|
45
|
-
.unique();
|
|
25
|
+
await db.verifiers.delete(verifier._id);
|
|
26
|
+
const existingVerificationCode = await db.verificationCodes.getByAccountId(accountId);
|
|
46
27
|
if (existingVerificationCode !== null) {
|
|
47
|
-
|
|
48
|
-
await authDb.verificationCodes.delete(existingVerificationCode._id);
|
|
49
|
-
}
|
|
50
|
-
else {
|
|
51
|
-
await ctx.db.delete(existingVerificationCode._id);
|
|
52
|
-
}
|
|
53
|
-
}
|
|
54
|
-
if (authDb !== null) {
|
|
55
|
-
await authDb.verificationCodes.create({
|
|
56
|
-
code: await sha256(code),
|
|
57
|
-
accountId,
|
|
58
|
-
provider,
|
|
59
|
-
expirationTime: Date.now() + OAUTH_SIGN_IN_EXPIRATION_MS,
|
|
60
|
-
verifier: verifier._id,
|
|
61
|
-
});
|
|
62
|
-
}
|
|
63
|
-
else {
|
|
64
|
-
await ctx.db.insert("verification", {
|
|
65
|
-
code: await sha256(code),
|
|
66
|
-
accountId,
|
|
67
|
-
provider,
|
|
68
|
-
expirationTime: Date.now() + OAUTH_SIGN_IN_EXPIRATION_MS,
|
|
69
|
-
// The use of a verifier means we don't need an identifier
|
|
70
|
-
// during verification.
|
|
71
|
-
verifier: verifier._id,
|
|
72
|
-
});
|
|
28
|
+
await db.verificationCodes.delete(existingVerificationCode._id);
|
|
73
29
|
}
|
|
30
|
+
await db.verificationCodes.create({
|
|
31
|
+
code: await sha256(code),
|
|
32
|
+
accountId,
|
|
33
|
+
provider,
|
|
34
|
+
expirationTime: Date.now() + OAUTH_SIGN_IN_EXPIRATION_MS,
|
|
35
|
+
verifier: verifier._id,
|
|
36
|
+
});
|
|
74
37
|
return code;
|
|
75
38
|
}
|
|
76
39
|
export const callUserOAuth = async (ctx, args) => {
|
|
77
|
-
return ctx.runMutation(
|
|
40
|
+
return ctx.runMutation(AUTH_STORE_REF, {
|
|
78
41
|
args: {
|
|
79
42
|
type: "userOAuth",
|
|
80
43
|
...args,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"userOAuth.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/userOAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAS,CAAC,EAAE,MAAM,eAAe,CAAC;AAIzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"userOAuth.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/userOAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAS,CAAC,EAAE,MAAM,eAAe,CAAC;AAIzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,2BAA2B,GAAG,IAAI,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,YAAY;AAE/D,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC7B,OAAO,EAAE,CAAC,CAAC,GAAG,EAAE;IAChB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAIH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAgB,EAChB,IAAiC,EACjC,kBAAmD,EACnD,MAAuB;IAEvB,YAAY,CAAC,OAAO,EAAE,qBAAqB,EAAE,IAAI,CAAC,CAAC;IACnD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IACjE,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,cAAc,GAAG,kBAAkB,CAAC,QAAQ,CAAqB,CAAC;IACxE,MAAM,eAAe,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IAE3E,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IAC9D,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;IACnC,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,oBAAoB,CAC9C,GAAG,EACH,QAAQ,CAAC,SAAS,IAAI,IAAI,EAC1B,eAAe,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,EACtE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,EACpD,MAAM,CACP,CAAC;IAEF,MAAM,IAAI,GAAG,oBAAoB,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IACnD,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,wBAAwB,GAAG,MAAM,EAAE,CAAC,iBAAiB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IACtF,IAAI,wBAAwB,KAAK,IAAI,EAAE,CAAC;QACtC,MAAM,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC;QAC9B,IAAI,EAAE,MAAM,MAAM,CAAC,IAAI,CAAC;QACxB,SAAS;QACT,QAAQ;QACR,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,2BAA2B;QACxD,QAAQ,EAAE,QAAQ,CAAC,GAAG;KACvB,CAAC,CAAC;IACL,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,GAAc,EACd,IAAiC,EACZ,EAAE;IACvB,OAAO,GAAG,CAAC,WAAW,CAAC,cAAc,EAAE;QACrC,IAAI,EAAE;YACJ,IAAI,EAAE,WAAW;YACjB,GAAG,IAAI;SACR;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAErD,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAErD,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAI3C,KAAK,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;AAExC,wBAAsB,YAAY,CAChC,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,QAAQ,CAAC,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CAGrB;AAED,eAAO,MAAM,YAAY,GAAU,KAAK,SAAS,KAAG,OAAO,CAAC,UAAU,CAMrE,CAAC"}
|
|
@@ -1,16 +1,12 @@
|
|
|
1
1
|
import { getAuthSessionId } from "../sessions.js";
|
|
2
|
-
import {
|
|
2
|
+
import { authDb } from "../db.js";
|
|
3
|
+
import { AUTH_STORE_REF } from "./storeRef.js";
|
|
3
4
|
export async function verifierImpl(ctx, config) {
|
|
4
5
|
const sessionId = (await getAuthSessionId(ctx)) ?? undefined;
|
|
5
|
-
|
|
6
|
-
return (await createAuthDb(ctx, config.component).verifiers.create(sessionId));
|
|
7
|
-
}
|
|
8
|
-
return await ctx.db.insert("verifier", {
|
|
9
|
-
sessionId,
|
|
10
|
-
});
|
|
6
|
+
return (await authDb(ctx, config).verifiers.create(sessionId));
|
|
11
7
|
}
|
|
12
8
|
export const callVerifier = async (ctx) => {
|
|
13
|
-
return ctx.runMutation(
|
|
9
|
+
return ctx.runMutation(AUTH_STORE_REF, {
|
|
14
10
|
args: {
|
|
15
11
|
type: "verifier",
|
|
16
12
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifier.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAElD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifier.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAElD,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAI/C,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,GAAgB,EAChB,MAAuB;IAEvB,MAAM,SAAS,GAAG,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC,IAAI,SAAS,CAAC;IAC7D,OAAO,CAAC,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAe,CAAC;AAC/E,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,GAAc,EAAuB,EAAE;IACxE,OAAO,GAAG,CAAC,WAAW,CAAC,cAAc,EAAE;QACrC,IAAI,EAAE;YACJ,IAAI,EAAE,UAAU;SACjB;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifierSignature.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifierSignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,KAAK,EAAK,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"verifierSignature.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifierSignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,KAAK,EAAK,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAI3C,eAAO,MAAM,qBAAqB;;;;;;wCAGhC,CAAC;AAEH,KAAK,UAAU,GAAG,IAAI,CAAC;AAEvB,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,KAAK,CAAC,OAAO,qBAAqB,CAAC,EACzC,MAAM,EAAE,QAAQ,CAAC,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CAQrB;AAED,eAAO,MAAM,qBAAqB,GAChC,KAAK,SAAS,EACd,MAAM,KAAK,CAAC,OAAO,qBAAqB,CAAC,KACxC,OAAO,CAAC,IAAI,CAOd,CAAC"}
|
|
@@ -1,25 +1,21 @@
|
|
|
1
1
|
import { v } from "convex/values";
|
|
2
|
-
import {
|
|
2
|
+
import { authDb } from "../db.js";
|
|
3
|
+
import { AUTH_STORE_REF } from "./storeRef.js";
|
|
3
4
|
export const verifierSignatureArgs = v.object({
|
|
4
5
|
verifier: v.string(),
|
|
5
6
|
signature: v.string(),
|
|
6
7
|
});
|
|
7
8
|
export async function verifierSignatureImpl(ctx, args, config) {
|
|
8
9
|
const { verifier, signature } = args;
|
|
9
|
-
const
|
|
10
|
-
const verifierDoc =
|
|
11
|
-
? await authDb.verifiers.getById(verifier)
|
|
12
|
-
: await ctx.db.get(verifier);
|
|
10
|
+
const db = authDb(ctx, config);
|
|
11
|
+
const verifierDoc = await db.verifiers.getById(verifier);
|
|
13
12
|
if (verifierDoc === null) {
|
|
14
13
|
throw new Error("Invalid verifier");
|
|
15
14
|
}
|
|
16
|
-
|
|
17
|
-
return await authDb.verifiers.patch(verifierDoc._id, { signature });
|
|
18
|
-
}
|
|
19
|
-
return await ctx.db.patch(verifierDoc._id, { signature });
|
|
15
|
+
return await db.verifiers.patch(verifierDoc._id, { signature });
|
|
20
16
|
}
|
|
21
17
|
export const callVerifierSignature = async (ctx, args) => {
|
|
22
|
-
return ctx.runMutation(
|
|
18
|
+
return ctx.runMutation(AUTH_STORE_REF, {
|
|
23
19
|
args: {
|
|
24
20
|
type: "verifierSignature",
|
|
25
21
|
...args,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifierSignature.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifierSignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,CAAC,EAAE,MAAM,eAAe,CAAC;AAGpD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"verifierSignature.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifierSignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,CAAC,EAAE,MAAM,eAAe,CAAC;AAGpD,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAIH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAgB,EAChB,IAAyC,EACzC,MAAuB;IAEvB,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IACrC,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,QAAiC,CAAC,CAAC;IAClF,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,MAAM,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;AAClE,CAAC;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,GAAc,EACd,IAAyC,EAC1B,EAAE;IACjB,OAAO,GAAG,CAAC,WAAW,CAAC,cAAc,EAAE;QACrC,IAAI,EAAE;YACJ,IAAI,EAAE,mBAAmB;YACzB,GAAG,IAAI;SACR;KACF,CAAC,CAAC;AACL,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyCodeAndSignIn.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifyCodeAndSignIn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,KAAK,EAAK,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAMlE,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"verifyCodeAndSignIn.d.ts","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifyCodeAndSignIn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,KAAK,EAAK,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAMlE,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAY3C,eAAO,MAAM,uBAAuB;;;;;;;;;;;;kHAMlC,CAAC;AAEH,KAAK,UAAU,GAAG,IAAI,GAAG,WAAW,CAAC;AAErC,wBAAsB,uBAAuB,CAC3C,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,KAAK,CAAC,OAAO,uBAAuB,CAAC,EAC3C,kBAAkB,EAAE,QAAQ,CAAC,sBAAsB,EACnD,MAAM,EAAE,QAAQ,CAAC,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CAkDrB;AAED,eAAO,MAAM,uBAAuB,GAClC,KAAK,SAAS,EACd,MAAM,KAAK,CAAC,OAAO,uBAAuB,CAAC,KAC1C,OAAO,CAAC,UAAU,CAOpB,CAAC"}
|
|
@@ -3,7 +3,8 @@ import { isSignInRateLimited, recordFailedSignIn, resetSignInRateLimit, } from "
|
|
|
3
3
|
import { createNewAndDeleteExistingSession, getAuthSessionId, maybeGenerateTokensForSession, } from "../sessions.js";
|
|
4
4
|
import { LOG_LEVELS, logWithLevel, sha256 } from "../utils.js";
|
|
5
5
|
import { upsertUserAndAccount } from "../users.js";
|
|
6
|
-
import {
|
|
6
|
+
import { authDb } from "../db.js";
|
|
7
|
+
import { AUTH_STORE_REF } from "./storeRef.js";
|
|
7
8
|
export const verifyCodeAndSignInArgs = v.object({
|
|
8
9
|
params: v.any(),
|
|
9
10
|
provider: v.optional(v.string()),
|
|
@@ -42,7 +43,7 @@ export async function verifyCodeAndSignInImpl(ctx, args, getProviderOrThrow, con
|
|
|
42
43
|
return await maybeGenerateTokensForSession(ctx, config, userId, sessionId, generateTokens);
|
|
43
44
|
}
|
|
44
45
|
export const callVerifyCodeAndSignIn = async (ctx, args) => {
|
|
45
|
-
return ctx.runMutation(
|
|
46
|
+
return ctx.runMutation(AUTH_STORE_REF, {
|
|
46
47
|
args: {
|
|
47
48
|
type: "verifyCodeAndSignIn",
|
|
48
49
|
...args,
|
|
@@ -59,25 +60,15 @@ async function verifyCodeOnly(ctx, args,
|
|
|
59
60
|
* This is the first provider.
|
|
60
61
|
*/
|
|
61
62
|
methodProviderId, getProviderOrThrow, allowExtraProviders, config, sessionId) {
|
|
62
|
-
const
|
|
63
|
+
const db = authDb(ctx, config);
|
|
63
64
|
const { params, verifier } = args;
|
|
64
65
|
const codeHash = await sha256(params.code);
|
|
65
|
-
const verificationCode =
|
|
66
|
-
? await authDb.verificationCodes.getByCode(codeHash)
|
|
67
|
-
: await ctx.db
|
|
68
|
-
.query("verification")
|
|
69
|
-
.withIndex("code", (q) => q.eq("code", codeHash))
|
|
70
|
-
.unique();
|
|
66
|
+
const verificationCode = await db.verificationCodes.getByCode(codeHash);
|
|
71
67
|
if (verificationCode === null) {
|
|
72
68
|
logWithLevel(LOG_LEVELS.ERROR, "Invalid verification code");
|
|
73
69
|
return null;
|
|
74
70
|
}
|
|
75
|
-
|
|
76
|
-
await authDb.verificationCodes.delete(verificationCode._id);
|
|
77
|
-
}
|
|
78
|
-
else {
|
|
79
|
-
await ctx.db.delete(verificationCode._id);
|
|
80
|
-
}
|
|
71
|
+
await db.verificationCodes.delete(verificationCode._id);
|
|
81
72
|
if (verificationCode.verifier !== verifier) {
|
|
82
73
|
logWithLevel(LOG_LEVELS.ERROR, "Invalid verifier");
|
|
83
74
|
return null;
|
|
@@ -87,7 +78,7 @@ methodProviderId, getProviderOrThrow, allowExtraProviders, config, sessionId) {
|
|
|
87
78
|
return null;
|
|
88
79
|
}
|
|
89
80
|
const { accountId, emailVerified, phoneVerified } = verificationCode;
|
|
90
|
-
const account =
|
|
81
|
+
const account = await db.accounts.getById(accountId);
|
|
91
82
|
if (account === null) {
|
|
92
83
|
logWithLevel(LOG_LEVELS.ERROR, "Account associated with this email has been deleted");
|
|
93
84
|
return null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyCodeAndSignIn.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifyCodeAndSignIn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,CAAC,EAAE,MAAM,eAAe,CAAC;AAEpD,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,iCAAiC,EACjC,gBAAgB,EAChB,6BAA6B,GAC9B,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"verifyCodeAndSignIn.js","sourceRoot":"","sources":["../../../../src/server/implementation/mutations/verifyCodeAndSignIn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,CAAC,EAAE,MAAM,eAAe,CAAC;AAEpD,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,iCAAiC,EACjC,gBAAgB,EAChB,6BAA6B,GAC9B,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE;IACf,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAChC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAChC,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE;IAC3B,mBAAmB,EAAE,CAAC,CAAC,OAAO,EAAE;CACjC,CAAC,CAAC;AAIH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAgB,EAChB,IAA2C,EAC3C,kBAAmD,EACnD,MAAuB;IAEvB,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,+BAA+B,EAAE;QAC9D,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;QAC9D,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;KAC9C,CAAC,CAAC;IACH,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,mBAAmB,EAAE,GAAG,IAAI,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;IAC1D,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,IAAI,MAAM,mBAAmB,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;YACvD,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,wDAAwD,CACzD,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,MAAM,cAAc,CACvC,GAAG,EACH,IAAI,EACJ,QAAQ,IAAI,IAAI,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,MAAM,EACN,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAC5B,CAAC;IACF,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QAC1B,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,kBAAkB,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,oBAAoB,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,EAAE,MAAM,EAAE,GAAG,YAAY,CAAC;IAChC,MAAM,SAAS,GAAG,MAAM,iCAAiC,CACvD,GAAG,EACH,MAAM,EACN,MAAM,CACP,CAAC;IACF,OAAO,MAAM,6BAA6B,CACxC,GAAG,EACH,MAAM,EACN,MAAM,EACN,SAAS,EACT,cAAc,CACf,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,uBAAuB,GAAG,KAAK,EAC1C,GAAc,EACd,IAA2C,EACtB,EAAE;IACvB,OAAO,GAAG,CAAC,WAAW,CAAC,cAAc,EAAE;QACrC,IAAI,EAAE;YACJ,IAAI,EAAE,qBAAqB;YAC3B,GAAG,IAAI;SACR;KACF,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,KAAK,UAAU,cAAc,CAC3B,GAAgB,EAChB,IAIC;AACD;;;;;;;GAOG;AACH,gBAA+B,EAC/B,kBAAmD,EACnD,mBAA4B,EAC5B,MAAwB,EACxB,SAAsC;IAEtC,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;IAClC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,gBAAgB,GAAG,MAAM,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IACxE,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,2BAA2B,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACxD,IAAI,gBAAgB,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC3C,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,gBAAgB,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACjD,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,2BAA2B,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,gBAAgB,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACrD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,qDAAqD,CACtD,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IACE,gBAAgB,KAAK,IAAI;QACzB,gBAAgB,CAAC,QAAQ,KAAK,gBAAgB,EAC9C,CAAC;QACD,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,qBAAqB,gBAAgB,wBAAwB;YAC3D,oCAAoC,gBAAgB,CAAC,QAAQ,GAAG,CACnE,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IACD,iEAAiE;IACjE,UAAU;IACV,MAAM,cAAc,GAAG,kBAAkB,CACvC,gBAAgB,CAAC,QAAQ,EACzB,mBAAmB,CACpB,CAAC;IACF,IACE,cAAc,KAAK,IAAI;QACvB,CAAC,cAAc,CAAC,IAAI,KAAK,OAAO,IAAI,cAAc,CAAC,IAAI,KAAK,OAAO,CAAC;QACpE,cAAc,CAAC,SAAS,KAAK,SAAS,EACtC,CAAC;QACD,MAAM,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC5B,MAAM,QAAQ,GAAG,kBAAkB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACtD,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,CAAC;QAC7D,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,oBAAoB,CACtC,GAAG,EACH,SAAS,EACT,EAAE,eAAe,EAAE,OAAO,EAAE,EAC5B;YACE,IAAI,EAAE,cAAc;YACpB,QAAQ;YACR,OAAO,EAAE;gBACP,GAAG,CAAC,aAAa,KAAK,SAAS;oBAC7B,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,IAAI,EAAE;oBAC/C,CAAC,CAAC,EAAE,CAAC;gBACP,GAAG,CAAC,aAAa,KAAK,SAAS;oBAC7B,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,IAAI,EAAE;oBAC/C,CAAC,CAAC,EAAE,CAAC;aACR;SACF,EACD,MAAM,CACP,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC;AAClE,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { AuthProviderMaterializedConfig } from "../types.js";
|
|
2
|
+
import { ConvexAuthMaterializedConfig } from "../types.js";
|
|
2
3
|
export declare function hash(provider: any, secret: string): Promise<any>;
|
|
3
4
|
export declare function verify(provider: AuthProviderMaterializedConfig, secret: string, hash: string): Promise<boolean>;
|
|
4
5
|
export type GetProviderOrThrowFunc = (provider: string, allowExtraProviders?: boolean) => AuthProviderMaterializedConfig;
|
|
5
|
-
export type Config =
|
|
6
|
+
export type Config = ConvexAuthMaterializedConfig;
|
|
6
7
|
//# sourceMappingURL=provider.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,8BAA8B,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,8BAA8B,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAE3D,wBAAsB,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,gBAWvD;AAED,wBAAsB,MAAM,CAC1B,QAAQ,EAAE,8BAA8B,EACxC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,oBAYb;AAED,MAAM,MAAM,sBAAsB,GAAG,CACnC,QAAQ,EAAE,MAAM,EAChB,mBAAmB,CAAC,EAAE,OAAO,KAC1B,8BAA8B,CAAC;AAEpC,MAAM,MAAM,MAAM,GAAG,4BAA4B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../../src/server/implementation/provider.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../../src/server/implementation/provider.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,QAAa,EAAE,MAAc;IACtD,IAAI,QAAQ,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,YAAY,QAAQ,CAAC,EAAE,gCAAgC,CAAC,CAAC;IAC3E,CAAC;IACD,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IACjD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CACb,YAAY,QAAQ,CAAC,EAAE,iDAAiD,CACzE,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,QAAwC,EACxC,MAAc,EACd,IAAY;IAEZ,IAAI,QAAQ,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,YAAY,QAAQ,CAAC,EAAE,gCAAgC,CAAC,CAAC;IAC3E,CAAC;IACD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IACrD,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,YAAY,QAAQ,CAAC,EAAE,mDAAmD,CAC3E,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAC5C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rateLimit.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/rateLimit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAO,WAAW,EAAE,MAAM,YAAY,CAAC;AAK9C,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,WAAW,EAChB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,oBAOzB;AAED,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,WAAW,EAChB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,
|
|
1
|
+
{"version":3,"file":"rateLimit.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/rateLimit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAO,WAAW,EAAE,MAAM,YAAY,CAAC;AAK9C,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,WAAW,EAChB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,oBAOzB;AAED,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,WAAW,EAChB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,iBAiBzB;AAED,wBAAsB,oBAAoB,CACxC,GAAG,EAAE,WAAW,EAChB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,iBAMzB"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { authDb } from "./db.js";
|
|
2
2
|
const DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR = 10;
|
|
3
3
|
export async function isSignInRateLimited(ctx, identifier, config) {
|
|
4
4
|
const state = await getRateLimitState(ctx, identifier, config);
|
|
@@ -8,59 +8,33 @@ export async function isSignInRateLimited(ctx, identifier, config) {
|
|
|
8
8
|
return state.attempsLeft < 1;
|
|
9
9
|
}
|
|
10
10
|
export async function recordFailedSignIn(ctx, identifier, config) {
|
|
11
|
+
const db = authDb(ctx, config);
|
|
11
12
|
const state = await getRateLimitState(ctx, identifier, config);
|
|
12
13
|
if (state !== null) {
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
});
|
|
18
|
-
}
|
|
19
|
-
else {
|
|
20
|
-
await ctx.db.patch(state.limit._id, {
|
|
21
|
-
attemptsLeft: state.attempsLeft - 1,
|
|
22
|
-
lastAttemptTime: Date.now(),
|
|
23
|
-
});
|
|
24
|
-
}
|
|
14
|
+
await db.rateLimits.patch(state.limit._id, {
|
|
15
|
+
attemptsLeft: state.attempsLeft - 1,
|
|
16
|
+
lastAttemptTime: Date.now(),
|
|
17
|
+
});
|
|
25
18
|
}
|
|
26
19
|
else {
|
|
27
20
|
const maxAttempsPerHour = configuredMaxAttempsPerHour(config);
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
});
|
|
34
|
-
}
|
|
35
|
-
else {
|
|
36
|
-
await ctx.db.insert("limit", {
|
|
37
|
-
identifier,
|
|
38
|
-
attemptsLeft: maxAttempsPerHour - 1,
|
|
39
|
-
lastAttemptTime: Date.now(),
|
|
40
|
-
});
|
|
41
|
-
}
|
|
21
|
+
await db.rateLimits.create({
|
|
22
|
+
identifier,
|
|
23
|
+
attemptsLeft: maxAttempsPerHour - 1,
|
|
24
|
+
lastAttemptTime: Date.now(),
|
|
25
|
+
});
|
|
42
26
|
}
|
|
43
27
|
}
|
|
44
28
|
export async function resetSignInRateLimit(ctx, identifier, config) {
|
|
45
29
|
const existingState = await getRateLimitState(ctx, identifier, config);
|
|
46
30
|
if (existingState !== null) {
|
|
47
|
-
|
|
48
|
-
await createAuthDb(ctx, config.component).rateLimits.delete(existingState.limit._id);
|
|
49
|
-
}
|
|
50
|
-
else {
|
|
51
|
-
await ctx.db.delete(existingState.limit._id);
|
|
52
|
-
}
|
|
31
|
+
await authDb(ctx, config).rateLimits.delete(existingState.limit._id);
|
|
53
32
|
}
|
|
54
33
|
}
|
|
55
34
|
async function getRateLimitState(ctx, identifier, config) {
|
|
56
35
|
const now = Date.now();
|
|
57
36
|
const maxAttempsPerHour = configuredMaxAttempsPerHour(config);
|
|
58
|
-
const limit = config.
|
|
59
|
-
? (await createAuthDb(ctx, config.component).rateLimits.get(identifier))
|
|
60
|
-
: await ctx.db
|
|
61
|
-
.query("limit")
|
|
62
|
-
.withIndex("identifier", (q) => q.eq("identifier", identifier))
|
|
63
|
-
.unique();
|
|
37
|
+
const limit = (await authDb(ctx, config).rateLimits.get(identifier));
|
|
64
38
|
if (limit === null) {
|
|
65
39
|
return null;
|
|
66
40
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rateLimit.js","sourceRoot":"","sources":["../../../src/server/implementation/rateLimit.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"rateLimit.js","sourceRoot":"","sources":["../../../src/server/implementation/rateLimit.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEjC,MAAM,qCAAqC,GAAG,EAAE,CAAC;AAEjD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAgB,EAChB,UAAkB,EAClB,MAAwB;IAExB,MAAM,KAAK,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC/D,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,GAAgB,EAChB,UAAkB,EAClB,MAAwB;IAExB,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC/D,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,MAAM,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE;YACzC,YAAY,EAAE,KAAK,CAAC,WAAW,GAAG,CAAC;YACnC,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE;SAC5B,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,iBAAiB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;YACzB,UAAU;YACV,YAAY,EAAE,iBAAiB,GAAG,CAAC;YACnC,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE;SAC5B,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,GAAgB,EAChB,UAAkB,EAClB,MAAwB;IAExB,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACvE,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QAC3B,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,GAAgB,EAChB,UAAkB,EAClB,MAAwB;IAExB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,iBAAiB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,CAAC,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAE3D,CAAC;IACT,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,GAAG,KAAK,CAAC,eAAe,CAAC;IAC5C,MAAM,eAAe,GAAG,iBAAiB,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7D,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAC1B,iBAAiB,EACjB,KAAK,CAAC,YAAY,GAAG,OAAO,GAAG,eAAe,CAC/C,CAAC;IACF,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;AAChC,CAAC;AAED,SAAS,2BAA2B,CAAC,MAAwB;IAC3D,OAAO,CACL,MAAM,CAAC,MAAM,EAAE,uBAAuB;QACtC,qCAAqC,CACtC,CAAC;AACJ,CAAC"}
|
|
@@ -29,12 +29,5 @@ export declare function refreshTokenIfValid(ctx: MutationCtx, refreshTokenId: st
|
|
|
29
29
|
* @param ctx
|
|
30
30
|
* @param sessionId
|
|
31
31
|
*/
|
|
32
|
-
export declare function loadActiveRefreshToken(ctx: MutationCtx, sessionId: GenericId<"session">, config: ConvexAuthConfig): Promise<
|
|
33
|
-
_id: GenericId<"token">;
|
|
34
|
-
_creationTime: number;
|
|
35
|
-
firstUsedTime?: number | undefined;
|
|
36
|
-
parentRefreshTokenId?: GenericId<"token"> | undefined;
|
|
37
|
-
expirationTime: number;
|
|
38
|
-
sessionId: GenericId<"session">;
|
|
39
|
-
} | null>;
|
|
32
|
+
export declare function loadActiveRefreshToken(ctx: MutationCtx, sessionId: GenericId<"session">, config: ConvexAuthConfig): Promise<Doc<"token"> | null>;
|
|
40
33
|
//# sourceMappingURL=refreshTokens.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"refreshTokens.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/refreshTokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAW9C,eAAO,MAAM,6BAA6B,QAAY,CAAC;AACvD,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,EAC/B,oBAAoB,EAAE,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI
|
|
1
|
+
{"version":3,"file":"refreshTokens.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/refreshTokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAW9C,eAAO,MAAM,6BAA6B,QAAY,CAAC;AACvD,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,EAC/B,oBAAoB,EAAE,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,GAC9C,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAa7B;AAED,eAAO,MAAM,kBAAkB,GAC7B,gBAAgB,SAAS,CAAC,OAAO,CAAC,EAClC,WAAW,SAAS,CAAC,SAAS,CAAC,WAGhC,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAC5B,cAAc,MAAM,KACnB;IACD,cAAc,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;IACnC,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;CAUjC,CAAC;AAEF;;;;;;;GAOG;AACH,wBAAsB,gCAAgC,CACpD,GAAG,EAAE,WAAW,EAChB,YAAY,EAAE,GAAG,CAAC,OAAO,CAAC,EAC1B,MAAM,EAAE,gBAAgB,2BA6BzB;AAED,wBAAsB,sBAAsB,CAC1C,GAAG,EAAE,WAAW,EAChB,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,EAC/B,MAAM,EAAE,gBAAgB,iBAGzB;AAED,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,WAAW,EAChB,cAAc,EAAE,MAAM,EACtB,cAAc,EAAE,MAAM,EACtB,MAAM,EAAE,gBAAgB;;;UA2CzB;AACD;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,GAAG,EAAE,WAAW,EAChB,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,EAC/B,MAAM,EAAE,gBAAgB,gCAKzB"}
|
|
@@ -1,24 +1,18 @@
|
|
|
1
1
|
import { LOG_LEVELS, REFRESH_TOKEN_DIVIDER, logWithLevel, maybeRedact, stringToNumber, } from "./utils.js";
|
|
2
|
-
import {
|
|
2
|
+
import { authDb } from "./db.js";
|
|
3
3
|
const DEFAULT_SESSION_INACTIVE_DURATION_MS = 1000 * 60 * 60 * 24 * 30; // 30 days
|
|
4
4
|
export const REFRESH_TOKEN_REUSE_WINDOW_MS = 10 * 1000; // 10 seconds
|
|
5
5
|
export async function createRefreshToken(ctx, config, sessionId, parentRefreshTokenId) {
|
|
6
|
+
const db = authDb(ctx, config);
|
|
6
7
|
const expirationTime = Date.now() +
|
|
7
8
|
(config.session?.inactiveDurationMs ??
|
|
8
9
|
stringToNumber(process.env.AUTH_SESSION_INACTIVE_DURATION_MS) ??
|
|
9
10
|
DEFAULT_SESSION_INACTIVE_DURATION_MS);
|
|
10
|
-
|
|
11
|
-
return (await createAuthDb(ctx, config.component).refreshTokens.create({
|
|
12
|
-
sessionId,
|
|
13
|
-
expirationTime,
|
|
14
|
-
parentRefreshTokenId: parentRefreshTokenId ?? undefined,
|
|
15
|
-
}));
|
|
16
|
-
}
|
|
17
|
-
const newRefreshTokenId = await ctx.db.insert("token", {
|
|
11
|
+
const newRefreshTokenId = (await db.refreshTokens.create({
|
|
18
12
|
sessionId,
|
|
19
13
|
expirationTime,
|
|
20
14
|
parentRefreshTokenId: parentRefreshTokenId ?? undefined,
|
|
21
|
-
});
|
|
15
|
+
}));
|
|
22
16
|
return newRefreshTokenId;
|
|
23
17
|
}
|
|
24
18
|
export const formatRefreshToken = (refreshTokenId, sessionId) => {
|
|
@@ -43,20 +37,13 @@ export const parseRefreshToken = (refreshToken) => {
|
|
|
43
37
|
* @param refreshToken
|
|
44
38
|
*/
|
|
45
39
|
export async function invalidateRefreshTokensInSubtree(ctx, refreshToken, config) {
|
|
46
|
-
const
|
|
40
|
+
const db = authDb(ctx, config);
|
|
47
41
|
const tokensToInvalidate = [refreshToken];
|
|
48
42
|
let frontier = [refreshToken._id];
|
|
49
43
|
while (frontier.length > 0) {
|
|
50
44
|
const nextFrontier = [];
|
|
51
45
|
for (const currentTokenId of frontier) {
|
|
52
|
-
const children =
|
|
53
|
-
? (await authDb.refreshTokens.getChildren(refreshToken.sessionId, currentTokenId))
|
|
54
|
-
: await ctx.db
|
|
55
|
-
.query("token")
|
|
56
|
-
.withIndex("sessionIdAndParentRefreshTokenId", (q) => q
|
|
57
|
-
.eq("sessionId", refreshToken.sessionId)
|
|
58
|
-
.eq("parentRefreshTokenId", currentTokenId))
|
|
59
|
-
.collect();
|
|
46
|
+
const children = (await db.refreshTokens.getChildren(refreshToken.sessionId, currentTokenId));
|
|
60
47
|
tokensToInvalidate.push(...children);
|
|
61
48
|
nextFrontier.push(...children.map((child) => child._id));
|
|
62
49
|
}
|
|
@@ -66,41 +53,21 @@ export async function invalidateRefreshTokensInSubtree(ctx, refreshToken, config
|
|
|
66
53
|
// Mark these as used so they can't be used again (even within the reuse window)
|
|
67
54
|
if (token.firstUsedTime === undefined ||
|
|
68
55
|
token.firstUsedTime > Date.now() - REFRESH_TOKEN_REUSE_WINDOW_MS) {
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
});
|
|
73
|
-
}
|
|
74
|
-
else {
|
|
75
|
-
await ctx.db.patch(token._id, {
|
|
76
|
-
firstUsedTime: Date.now() - REFRESH_TOKEN_REUSE_WINDOW_MS,
|
|
77
|
-
});
|
|
78
|
-
}
|
|
56
|
+
await db.refreshTokens.patch(token._id, {
|
|
57
|
+
firstUsedTime: Date.now() - REFRESH_TOKEN_REUSE_WINDOW_MS,
|
|
58
|
+
});
|
|
79
59
|
}
|
|
80
60
|
}
|
|
81
61
|
return tokensToInvalidate;
|
|
82
62
|
}
|
|
83
63
|
export async function deleteAllRefreshTokens(ctx, sessionId, config) {
|
|
84
|
-
|
|
85
|
-
await createAuthDb(ctx, config.component).refreshTokens.deleteAll(sessionId);
|
|
86
|
-
return;
|
|
87
|
-
}
|
|
88
|
-
const existingRefreshTokens = await ctx.db
|
|
89
|
-
.query("token")
|
|
90
|
-
.withIndex("sessionIdAndParentRefreshTokenId", (q) => q.eq("sessionId", sessionId))
|
|
91
|
-
.collect();
|
|
92
|
-
for (const refreshTokenDoc of existingRefreshTokens) {
|
|
93
|
-
await ctx.db.delete(refreshTokenDoc._id);
|
|
94
|
-
}
|
|
64
|
+
await authDb(ctx, config).refreshTokens.deleteAll(sessionId);
|
|
95
65
|
}
|
|
96
66
|
export async function refreshTokenIfValid(ctx, refreshTokenId, tokenSessionId, config) {
|
|
97
|
-
const
|
|
67
|
+
const db = authDb(ctx, config);
|
|
98
68
|
let refreshTokenDoc;
|
|
99
69
|
try {
|
|
100
|
-
refreshTokenDoc =
|
|
101
|
-
authDb !== null
|
|
102
|
-
? (await authDb.refreshTokens.getById(refreshTokenId))
|
|
103
|
-
: await ctx.db.get(refreshTokenId);
|
|
70
|
+
refreshTokenDoc = (await db.refreshTokens.getById(refreshTokenId));
|
|
104
71
|
}
|
|
105
72
|
catch {
|
|
106
73
|
logWithLevel(LOG_LEVELS.ERROR, "Invalid refresh token format");
|
|
@@ -120,10 +87,7 @@ export async function refreshTokenIfValid(ctx, refreshTokenId, tokenSessionId, c
|
|
|
120
87
|
}
|
|
121
88
|
let session;
|
|
122
89
|
try {
|
|
123
|
-
session =
|
|
124
|
-
authDb !== null
|
|
125
|
-
? (await authDb.sessions.getById(refreshTokenDoc.sessionId))
|
|
126
|
-
: await ctx.db.get(refreshTokenDoc.sessionId);
|
|
90
|
+
session = (await db.sessions.getById(refreshTokenDoc.sessionId));
|
|
127
91
|
}
|
|
128
92
|
catch {
|
|
129
93
|
logWithLevel(LOG_LEVELS.ERROR, "Invalid refresh token session format");
|
|
@@ -147,14 +111,6 @@ export async function refreshTokenIfValid(ctx, refreshTokenId, tokenSessionId, c
|
|
|
147
111
|
* @param sessionId
|
|
148
112
|
*/
|
|
149
113
|
export async function loadActiveRefreshToken(ctx, sessionId, config) {
|
|
150
|
-
|
|
151
|
-
return (await createAuthDb(ctx, config.component).refreshTokens.getActive(sessionId));
|
|
152
|
-
}
|
|
153
|
-
return ctx.db
|
|
154
|
-
.query("token")
|
|
155
|
-
.withIndex("sessionId", (q) => q.eq("sessionId", sessionId))
|
|
156
|
-
.filter((q) => q.eq(q.field("firstUsedTime"), undefined))
|
|
157
|
-
.order("desc")
|
|
158
|
-
.first();
|
|
114
|
+
return (await authDb(ctx, config).refreshTokens.getActive(sessionId));
|
|
159
115
|
}
|
|
160
116
|
//# sourceMappingURL=refreshTokens.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"refreshTokens.js","sourceRoot":"","sources":["../../../src/server/implementation/refreshTokens.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,UAAU,EACV,qBAAqB,EACrB,YAAY,EACZ,WAAW,EACX,cAAc,GACf,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"refreshTokens.js","sourceRoot":"","sources":["../../../src/server/implementation/refreshTokens.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,UAAU,EACV,qBAAqB,EACrB,YAAY,EACZ,WAAW,EACX,cAAc,GACf,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEjC,MAAM,oCAAoC,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;AACjF,MAAM,CAAC,MAAM,6BAA6B,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;AACrE,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,GAAgB,EAChB,MAAwB,EACxB,SAA+B,EAC/B,oBAA+C;IAE/C,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,cAAc,GAClB,IAAI,CAAC,GAAG,EAAE;QACV,CAAC,MAAM,CAAC,OAAO,EAAE,kBAAkB;YACjC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC;YAC7D,oCAAoC,CAAC,CAAC;IAC1C,MAAM,iBAAiB,GAAG,CAAC,MAAM,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;QACvD,SAAS;QACT,cAAc;QACd,oBAAoB,EAAE,oBAAoB,IAAI,SAAS;KACxD,CAAC,CAAuB,CAAC;IAC1B,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,cAAkC,EAClC,SAA+B,EAC/B,EAAE;IACF,OAAO,GAAG,cAAc,GAAG,qBAAqB,GAAG,SAAS,EAAE,CAAC;AACjE,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,YAAoB,EAIpB,EAAE;IACF,MAAM,CAAC,cAAc,EAAE,SAAS,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC9E,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,8BAA8B,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO;QACL,cAAc,EAAE,cAAoC;QACpD,SAAS,EAAE,SAAiC;KAC7C,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,GAAgB,EAChB,YAA0B,EAC1B,MAAwB;IAExB,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,kBAAkB,GAAG,CAAC,YAAY,CAAC,CAAC;IAC1C,IAAI,QAAQ,GAAyB,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACxD,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,YAAY,GAAyB,EAAE,CAAC;QAC9C,KAAK,MAAM,cAAc,IAAI,QAAQ,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC,aAAa,CAAC,WAAW,CAClD,YAAY,CAAC,SAAS,EACtB,cAAc,CACf,CAAmB,CAAC;YACrB,kBAAkB,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;YACrC,YAAY,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;QAC3D,CAAC;QACD,QAAQ,GAAG,YAAY,CAAC;IAC1B,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,kBAAkB,EAAE,CAAC;QACvC,gFAAgF;QAChF,IACE,KAAK,CAAC,aAAa,KAAK,SAAS;YACjC,KAAK,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,6BAA6B,EAChE,CAAC;YACD,MAAM,EAAE,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE;gBACtC,aAAa,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,6BAA6B;aAC1D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,GAAgB,EAChB,SAA+B,EAC/B,MAAwB;IAExB,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAgB,EAChB,cAAsB,EACtB,cAAsB,EACtB,MAAwB;IAExB,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,IAAI,eAAoC,CAAC;IACzC,IAAI,CAAC;QACH,eAAe,GAAG,CAAC,MAAM,EAAE,CAAC,aAAa,CAAC,OAAO,CAC/C,cAAoC,CACrC,CAAwB,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,8BAA8B,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,uBAAuB,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,eAAe,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAChD,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,uBAAuB,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,eAAe,CAAC,SAAS,KAAK,cAAc,EAAE,CAAC;QACjD,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,kCAAkC,CAAC,CAAC;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAA8B,CAAC;IACnC,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC,CAEvD,CAAC;IACX,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,sCAAsC,CAAC,CAAC;QACvE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,+BAA+B,CAAC,CAAC;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACxC,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,+BAA+B,CAAC,CAAC;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC;AACtC,CAAC;AACD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,GAAgB,EAChB,SAA+B,EAC/B,MAAwB;IAExB,OAAO,CAAC,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAE5D,CAAC;AACX,CAAC"}
|
|
@@ -15,27 +15,9 @@ export declare function generateTokensForSession(ctx: MutationCtx, config: Conve
|
|
|
15
15
|
}>;
|
|
16
16
|
export declare function deleteSession(ctx: MutationCtx, session: Doc<"session">, config: ConvexAuthConfig): Promise<void>;
|
|
17
17
|
/**
|
|
18
|
-
* Return the current session ID.
|
|
18
|
+
* Return the current session ID from the auth identity subject.
|
|
19
19
|
*
|
|
20
|
-
*
|
|
21
|
-
* import { mutation } from "./_generated/server";
|
|
22
|
-
* import { getAuthSessionId } from "@robelest/convex-auth/component";
|
|
23
|
-
*
|
|
24
|
-
* export const doSomething = mutation({
|
|
25
|
-
* args: {/* ... *\/},
|
|
26
|
-
* handler: async (ctx, args) => {
|
|
27
|
-
* const sessionId = await getAuthSessionId(ctx);
|
|
28
|
-
* if (sessionId === null) {
|
|
29
|
-
* throw new Error("Client is not authenticated!")
|
|
30
|
-
* }
|
|
31
|
-
* const session = await ctx.db.get(sessionId);
|
|
32
|
-
* // ...
|
|
33
|
-
* },
|
|
34
|
-
* });
|
|
35
|
-
* ```
|
|
36
|
-
*
|
|
37
|
-
* @param ctx query, mutation or action `ctx`
|
|
38
|
-
* @returns the session ID or `null` if the client isn't authenticated
|
|
20
|
+
* Internal helper used by auth runtime internals and `auth.session.current`.
|
|
39
21
|
*/
|
|
40
22
|
export declare function getAuthSessionId(ctx: {
|
|
41
23
|
auth: Auth;
|