@robelest/convex-auth 0.0.2 → 0.0.3-preview.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin.cjs +1 -1
- package/dist/client/index.d.ts +33 -9
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +79 -13
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/component.d.ts +48 -0
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/index.d.ts +10 -4
- package/dist/component/index.d.ts.map +1 -1
- package/dist/component/index.js +8 -3
- package/dist/component/index.js.map +1 -1
- package/dist/component/public.d.ts +163 -3
- package/dist/component/public.d.ts.map +1 -1
- package/dist/component/public.js +124 -0
- package/dist/component/public.js.map +1 -1
- package/dist/component/schema.d.ts +81 -2
- package/dist/component/schema.d.ts.map +1 -1
- package/dist/component/schema.js +45 -0
- package/dist/component/schema.js.map +1 -1
- package/dist/providers/anonymous.d.ts +3 -0
- package/dist/providers/anonymous.d.ts.map +1 -1
- package/dist/providers/anonymous.js +3 -0
- package/dist/providers/anonymous.js.map +1 -1
- package/dist/providers/credentials.d.ts +3 -0
- package/dist/providers/credentials.d.ts.map +1 -1
- package/dist/providers/credentials.js +3 -0
- package/dist/providers/credentials.js.map +1 -1
- package/dist/providers/email.d.ts +3 -0
- package/dist/providers/email.d.ts.map +1 -1
- package/dist/providers/email.js +3 -0
- package/dist/providers/email.js.map +1 -1
- package/dist/providers/passkey.d.ts +7 -1
- package/dist/providers/passkey.d.ts.map +1 -1
- package/dist/providers/passkey.js +7 -1
- package/dist/providers/passkey.js.map +1 -1
- package/dist/providers/password.d.ts +3 -0
- package/dist/providers/password.d.ts.map +1 -1
- package/dist/providers/password.js +3 -0
- package/dist/providers/password.js.map +1 -1
- package/dist/providers/phone.d.ts +3 -0
- package/dist/providers/phone.d.ts.map +1 -1
- package/dist/providers/phone.js +3 -0
- package/dist/providers/phone.js.map +1 -1
- package/dist/providers/totp.d.ts +8 -0
- package/dist/providers/totp.d.ts.map +1 -1
- package/dist/providers/totp.js +8 -0
- package/dist/providers/totp.js.map +1 -1
- package/dist/server/convex-auth.d.ts +185 -25
- package/dist/server/convex-auth.d.ts.map +1 -1
- package/dist/server/convex-auth.js +317 -58
- package/dist/server/convex-auth.js.map +1 -1
- package/dist/server/email-templates.d.ts +18 -0
- package/dist/server/email-templates.d.ts.map +1 -0
- package/dist/server/email-templates.js +74 -0
- package/dist/server/email-templates.js.map +1 -0
- package/dist/server/errors.d.ts +146 -0
- package/dist/server/errors.d.ts.map +1 -0
- package/dist/server/errors.js +176 -0
- package/dist/server/errors.js.map +1 -0
- package/dist/server/implementation/apiKey.d.ts +74 -0
- package/dist/server/implementation/apiKey.d.ts.map +1 -0
- package/dist/server/implementation/apiKey.js +139 -0
- package/dist/server/implementation/apiKey.js.map +1 -0
- package/dist/server/implementation/index.d.ts +151 -14
- package/dist/server/implementation/index.d.ts.map +1 -1
- package/dist/server/implementation/index.js +216 -24
- package/dist/server/implementation/index.js.map +1 -1
- package/dist/server/implementation/mutations/createAccountFromCredentials.d.ts.map +1 -1
- package/dist/server/implementation/mutations/createAccountFromCredentials.js +2 -1
- package/dist/server/implementation/mutations/createAccountFromCredentials.js.map +1 -1
- package/dist/server/implementation/mutations/createVerificationCode.d.ts +2 -2
- package/dist/server/implementation/mutations/index.d.ts +6 -6
- package/dist/server/implementation/mutations/modifyAccount.d.ts.map +1 -1
- package/dist/server/implementation/mutations/modifyAccount.js +2 -1
- package/dist/server/implementation/mutations/modifyAccount.js.map +1 -1
- package/dist/server/implementation/mutations/userOAuth.d.ts.map +1 -1
- package/dist/server/implementation/mutations/userOAuth.js +2 -1
- package/dist/server/implementation/mutations/userOAuth.js.map +1 -1
- package/dist/server/implementation/mutations/verifierSignature.d.ts.map +1 -1
- package/dist/server/implementation/mutations/verifierSignature.js +2 -1
- package/dist/server/implementation/mutations/verifierSignature.js.map +1 -1
- package/dist/server/implementation/passkey.d.ts.map +1 -1
- package/dist/server/implementation/passkey.js +28 -29
- package/dist/server/implementation/passkey.js.map +1 -1
- package/dist/server/implementation/provider.d.ts.map +1 -1
- package/dist/server/implementation/provider.js +5 -4
- package/dist/server/implementation/provider.js.map +1 -1
- package/dist/server/implementation/redirects.d.ts.map +1 -1
- package/dist/server/implementation/redirects.js +2 -1
- package/dist/server/implementation/redirects.js.map +1 -1
- package/dist/server/implementation/refreshTokens.d.ts.map +1 -1
- package/dist/server/implementation/refreshTokens.js +2 -1
- package/dist/server/implementation/refreshTokens.js.map +1 -1
- package/dist/server/implementation/signIn.d.ts.map +1 -1
- package/dist/server/implementation/signIn.js +8 -18
- package/dist/server/implementation/signIn.js.map +1 -1
- package/dist/server/implementation/totp.d.ts.map +1 -1
- package/dist/server/implementation/totp.js +16 -17
- package/dist/server/implementation/totp.js.map +1 -1
- package/dist/server/implementation/users.d.ts.map +1 -1
- package/dist/server/implementation/users.js +3 -2
- package/dist/server/implementation/users.js.map +1 -1
- package/dist/server/index.d.ts +157 -3
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +180 -17
- package/dist/server/index.js.map +1 -1
- package/dist/server/oauth/authorizationUrl.d.ts.map +1 -1
- package/dist/server/oauth/authorizationUrl.js +2 -1
- package/dist/server/oauth/authorizationUrl.js.map +1 -1
- package/dist/server/oauth/callback.d.ts.map +1 -1
- package/dist/server/oauth/callback.js +5 -4
- package/dist/server/oauth/callback.js.map +1 -1
- package/dist/server/oauth/checks.d.ts.map +1 -1
- package/dist/server/oauth/checks.js +2 -1
- package/dist/server/oauth/checks.js.map +1 -1
- package/dist/server/oauth/convexAuth.d.ts.map +1 -1
- package/dist/server/oauth/convexAuth.js +3 -2
- package/dist/server/oauth/convexAuth.js.map +1 -1
- package/dist/server/provider_utils.d.ts +2 -0
- package/dist/server/provider_utils.d.ts.map +1 -1
- package/dist/server/types.d.ts +240 -5
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/utils.d.ts.map +1 -1
- package/dist/server/utils.js +2 -1
- package/dist/server/utils.js.map +1 -1
- package/dist/server/version.d.ts +2 -0
- package/dist/server/version.d.ts.map +1 -0
- package/dist/server/version.js +3 -0
- package/dist/server/version.js.map +1 -0
- package/package.json +7 -2
- package/src/cli/index.ts +1 -1
- package/src/cli/utils.ts +248 -0
- package/src/client/index.ts +105 -15
- package/src/component/_generated/component.ts +61 -0
- package/src/component/index.ts +11 -2
- package/src/component/public.ts +142 -0
- package/src/component/schema.ts +52 -0
- package/src/providers/anonymous.ts +3 -0
- package/src/providers/credentials.ts +3 -0
- package/src/providers/email.ts +3 -0
- package/src/providers/passkey.ts +8 -1
- package/src/providers/password.ts +3 -0
- package/src/providers/phone.ts +3 -0
- package/src/providers/totp.ts +9 -0
- package/src/server/convex-auth.ts +385 -73
- package/src/server/email-templates.ts +77 -0
- package/src/server/errors.ts +269 -0
- package/src/server/implementation/apiKey.ts +186 -0
- package/src/server/implementation/index.ts +288 -28
- package/src/server/implementation/mutations/createAccountFromCredentials.ts +2 -1
- package/src/server/implementation/mutations/modifyAccount.ts +2 -3
- package/src/server/implementation/mutations/userOAuth.ts +2 -1
- package/src/server/implementation/mutations/verifierSignature.ts +2 -1
- package/src/server/implementation/passkey.ts +33 -35
- package/src/server/implementation/provider.ts +5 -8
- package/src/server/implementation/redirects.ts +2 -3
- package/src/server/implementation/refreshTokens.ts +2 -1
- package/src/server/implementation/signIn.ts +9 -18
- package/src/server/implementation/totp.ts +18 -21
- package/src/server/implementation/users.ts +4 -7
- package/src/server/index.ts +240 -37
- package/src/server/oauth/authorizationUrl.ts +2 -1
- package/src/server/oauth/callback.ts +5 -4
- package/src/server/oauth/checks.ts +3 -1
- package/src/server/oauth/convexAuth.ts +6 -3
- package/src/server/types.ts +254 -5
- package/src/server/utils.ts +3 -1
- package/src/server/version.ts +2 -0
- package/dist/server/portal.d.ts +0 -116
- package/dist/server/portal.d.ts.map +0 -1
- package/dist/server/portal.js +0 -294
- package/dist/server/portal.js.map +0 -1
- package/src/server/portal.ts +0 -375
|
@@ -14,6 +14,7 @@ import { verifyTOTPWithGracePeriod, createTOTPKeyURI, } from "@oslojs/otp";
|
|
|
14
14
|
import { encodeBase32LowerCaseNoPadding } from "@oslojs/encoding";
|
|
15
15
|
import { callSignIn, callVerifier } from "./mutations/index.js";
|
|
16
16
|
import { callVerifierSignature } from "./mutations/verifierSignature.js";
|
|
17
|
+
import { throwAuthError } from "../errors.js";
|
|
17
18
|
// ============================================================================
|
|
18
19
|
// Setup flow
|
|
19
20
|
// ============================================================================
|
|
@@ -28,8 +29,7 @@ async function handleSetup(ctx, provider, params) {
|
|
|
28
29
|
// TOTP enrollment requires an authenticated user
|
|
29
30
|
const identity = await ctx.auth.getUserIdentity();
|
|
30
31
|
if (identity === null) {
|
|
31
|
-
|
|
32
|
-
"Sign in first, then add TOTP to your account.");
|
|
32
|
+
throwAuthError("TOTP_AUTH_REQUIRED");
|
|
33
33
|
}
|
|
34
34
|
const [userId] = identity.subject.split("|");
|
|
35
35
|
// Generate a 20-byte random secret (160 bits, per RFC 4226 recommendation)
|
|
@@ -87,33 +87,32 @@ async function handleConfirm(ctx, provider, params, verifierValue) {
|
|
|
87
87
|
// TOTP confirmation requires an authenticated user
|
|
88
88
|
const identity = await ctx.auth.getUserIdentity();
|
|
89
89
|
if (identity === null) {
|
|
90
|
-
|
|
91
|
-
"Sign in first, then confirm your TOTP enrollment.");
|
|
90
|
+
throwAuthError("TOTP_AUTH_REQUIRED");
|
|
92
91
|
}
|
|
93
92
|
const [userId] = identity.subject.split("|");
|
|
94
93
|
if (!verifierValue) {
|
|
95
|
-
|
|
94
|
+
throwAuthError("TOTP_MISSING_VERIFIER");
|
|
96
95
|
}
|
|
97
96
|
if (!params.code) {
|
|
98
|
-
|
|
97
|
+
throwAuthError("TOTP_MISSING_CODE");
|
|
99
98
|
}
|
|
100
99
|
if (!params.totpId) {
|
|
101
|
-
|
|
100
|
+
throwAuthError("TOTP_MISSING_ID");
|
|
102
101
|
}
|
|
103
102
|
// Look up the TOTP record
|
|
104
103
|
const totpDoc = await ctx.runQuery(ctx.auth.config.component.public.totpGetById, { totpId: params.totpId });
|
|
105
104
|
if (!totpDoc) {
|
|
106
|
-
|
|
105
|
+
throwAuthError("TOTP_NOT_FOUND");
|
|
107
106
|
}
|
|
108
107
|
if (totpDoc.verified) {
|
|
109
|
-
|
|
108
|
+
throwAuthError("TOTP_ALREADY_VERIFIED");
|
|
110
109
|
}
|
|
111
110
|
// Extract the secret from the TOTP record
|
|
112
111
|
const secret = new Uint8Array(totpDoc.secret);
|
|
113
112
|
// Verify the code with a 30-second grace period
|
|
114
113
|
const valid = verifyTOTPWithGracePeriod(secret, provider.options.period, provider.options.digits, params.code, 30);
|
|
115
114
|
if (!valid) {
|
|
116
|
-
|
|
115
|
+
throwAuthError("TOTP_INVALID_CODE");
|
|
117
116
|
}
|
|
118
117
|
// Mark the enrollment as verified
|
|
119
118
|
await ctx.runMutation(ctx.auth.config.component.public.totpMarkVerified, { totpId: params.totpId, lastUsedAt: Date.now() });
|
|
@@ -137,15 +136,15 @@ async function handleConfirm(ctx, provider, params, verifierValue) {
|
|
|
137
136
|
*/
|
|
138
137
|
async function handleVerify(ctx, provider, params, verifierValue) {
|
|
139
138
|
if (!verifierValue) {
|
|
140
|
-
|
|
139
|
+
throwAuthError("TOTP_MISSING_VERIFIER");
|
|
141
140
|
}
|
|
142
141
|
if (!params.code) {
|
|
143
|
-
|
|
142
|
+
throwAuthError("TOTP_MISSING_CODE");
|
|
144
143
|
}
|
|
145
144
|
// Look up the verifier to retrieve the stored userId
|
|
146
145
|
const verifierDoc = await ctx.runQuery(ctx.auth.config.component.public.verifierGetById, { verifierId: verifierValue });
|
|
147
146
|
if (!verifierDoc) {
|
|
148
|
-
|
|
147
|
+
throwAuthError("TOTP_INVALID_VERIFIER");
|
|
149
148
|
}
|
|
150
149
|
// Parse the signature to extract userId
|
|
151
150
|
const signatureData = JSON.parse(verifierDoc.signature);
|
|
@@ -153,14 +152,14 @@ async function handleVerify(ctx, provider, params, verifierValue) {
|
|
|
153
152
|
// Look up the user's verified TOTP enrollment
|
|
154
153
|
const totpDoc = await ctx.runQuery(ctx.auth.config.component.public.totpGetVerifiedByUserId, { userId: userId });
|
|
155
154
|
if (!totpDoc) {
|
|
156
|
-
|
|
155
|
+
throwAuthError("TOTP_NO_ENROLLMENT");
|
|
157
156
|
}
|
|
158
157
|
// Extract the secret from the TOTP record
|
|
159
158
|
const secret = new Uint8Array(totpDoc.secret);
|
|
160
159
|
// Verify the code with a 30-second grace period
|
|
161
160
|
const valid = verifyTOTPWithGracePeriod(secret, totpDoc.period, totpDoc.digits, params.code, 30);
|
|
162
161
|
if (!valid) {
|
|
163
|
-
|
|
162
|
+
throwAuthError("TOTP_INVALID_CODE");
|
|
164
163
|
}
|
|
165
164
|
// Update last used timestamp
|
|
166
165
|
await ctx.runMutation(ctx.auth.config.component.public.totpUpdateLastUsed, { totpId: totpDoc._id, lastUsedAt: Date.now() });
|
|
@@ -184,7 +183,7 @@ async function handleVerify(ctx, provider, params, verifierValue) {
|
|
|
184
183
|
export async function handleTotp(ctx, provider, args) {
|
|
185
184
|
const flow = args.params?.flow;
|
|
186
185
|
if (!flow) {
|
|
187
|
-
|
|
186
|
+
throwAuthError("TOTP_MISSING_FLOW", "Missing `flow` parameter. Expected one of: setup, confirm, verify");
|
|
188
187
|
}
|
|
189
188
|
switch (flow) {
|
|
190
189
|
case "setup":
|
|
@@ -194,7 +193,7 @@ export async function handleTotp(ctx, provider, args) {
|
|
|
194
193
|
case "verify":
|
|
195
194
|
return handleVerify(ctx, provider, args.params ?? {}, args.verifier);
|
|
196
195
|
default:
|
|
197
|
-
|
|
196
|
+
throwAuthError("TOTP_UNKNOWN_FLOW", `Unknown TOTP flow: ${flow}. Expected one of: setup, confirm, verify`);
|
|
198
197
|
}
|
|
199
198
|
}
|
|
200
199
|
// ============================================================================
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"totp.js","sourceRoot":"","sources":["../../../src/server/implementation/totp.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAEL,yBAAyB,EACzB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,8BAA8B,EAAE,MAAM,kBAAkB,CAAC;AAMlE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;
|
|
1
|
+
{"version":3,"file":"totp.js","sourceRoot":"","sources":["../../../src/server/implementation/totp.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAEL,yBAAyB,EACzB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,8BAA8B,EAAE,MAAM,kBAAkB,CAAC;AAMlE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACzE,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAI9C,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E;;;;;;GAMG;AACH,KAAK,UAAU,WAAW,CACxB,GAAsB,EACtB,QAA4B,EAC5B,MAA2B;IAQ3B,iDAAiD;IACjD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;IAClD,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,cAAc,CAAC,oBAAoB,CAAC,CAAC;IACvC,CAAC;IACD,MAAM,CAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE7C,2EAA2E;IAC3E,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IAE/B,kDAAkD;IAClD,IAAI,WAAW,GAAW,MAAM,CAAC,WAAqB,CAAC;IACvD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,QAAQ,CAC7B,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,EAC5C,EAAE,MAAM,EAAE,MAAO,EAAE,CACpB,CAAC;QACF,WAAW,GAAI,IAAY,EAAE,KAAK,IAAI,MAAM,CAAC;IAC/C,CAAC;IAED,gDAAgD;IAChD,MAAM,GAAG,GAAG,gBAAgB,CAC1B,QAAQ,CAAC,OAAO,CAAC,MAAM,EACvB,WAAW,EACX,MAAM,EACN,QAAQ,CAAC,OAAO,CAAC,MAAM,EACvB,QAAQ,CAAC,OAAO,CAAC,MAAM,CACxB,CAAC;IAEF,gDAAgD;IAChD,MAAM,YAAY,GAAG,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAE5D,8EAA8E;IAC9E,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;IACzC,MAAM,qBAAqB,CAAC,GAAG,EAAE;QAC/B,QAAQ;QACR,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC;YACxB,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;YAC1B,MAAM;YACN,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM;YAC/B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM;SAChC,CAAC;KACH,CAAC,CAAC;IAEH,6CAA6C;IAC7C,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,WAAW,CAClC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAC3C;QACE,MAAM,EAAE,MAAa;QACrB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CACzB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CACtC;QACD,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM;QAC/B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM;QAC/B,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CACF,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,WAAoB;QAC1B,GAAG;QACH,MAAM,EAAE,YAAY;QACpB,QAAQ;QACR,MAAM,EAAE,MAAgB;KACzB,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,eAAe;AACf,+EAA+E;AAE/E;;;;;GAKG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAsB,EACtB,QAA4B,EAC5B,MAA2B,EAC3B,aAAiC;IAEjC,mDAAmD;IACnD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;IAClD,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,cAAc,CAAC,oBAAoB,CAAC,CAAC;IACvC,CAAC;IACD,MAAM,CAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE7C,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,cAAc,CAAC,uBAAuB,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjB,cAAc,CAAC,mBAAmB,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,cAAc,CAAC,iBAAiB,CAAC,CAAC;IACpC,CAAC;IAED,0BAA0B;IAC1B,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAChC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,EAC5C,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAC1B,CAAC;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,cAAc,CAAC,gBAAgB,CAAC,CAAC;IACnC,CAAC;IACD,IAAK,OAAe,CAAC,QAAQ,EAAE,CAAC;QAC9B,cAAc,CAAC,uBAAuB,CAAC,CAAC;IAC1C,CAAC;IAED,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAI,UAAU,CAAE,OAAe,CAAC,MAAM,CAAC,CAAC;IAEvD,gDAAgD;IAChD,MAAM,KAAK,GAAG,yBAAyB,CACrC,MAAM,EACN,QAAQ,CAAC,OAAO,CAAC,MAAM,EACvB,QAAQ,CAAC,OAAO,CAAC,MAAM,EACvB,MAAM,CAAC,IAAI,EACX,EAAE,CACH,CAAC;IACF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,cAAc,CAAC,mBAAmB,CAAC,CAAC;IACtC,CAAC;IAED,kCAAkC;IAClC,MAAM,GAAG,CAAC,WAAW,CACnB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,gBAAgB,EACjD,EAAE,MAAM,EAAE,MAAM,CAAC,MAAa,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CACzD,CAAC;IAEF,wBAAwB;IACxB,MAAM,GAAG,CAAC,WAAW,CACnB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,cAAc,EAC/C,EAAE,UAAU,EAAE,aAAa,EAAE,CAC9B,CAAC;IAEF,yCAAyC;IACzC,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE;QACzC,MAAM,EAAE,MAAO;QACf,cAAc,EAAE,IAAI;KACrB,CAAC,CAAC;IAEH,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AACtD,CAAC;AAED,+EAA+E;AAC/E,mCAAmC;AACnC,+EAA+E;AAE/E;;;;;GAKG;AACH,KAAK,UAAU,YAAY,CACzB,GAAsB,EACtB,QAA4B,EAC5B,MAA2B,EAC3B,aAAiC;IAEjC,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,cAAc,CAAC,uBAAuB,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjB,cAAc,CAAC,mBAAmB,CAAC,CAAC;IACtC,CAAC;IAED,qDAAqD;IACrD,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,QAAQ,CACpC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,EAChD,EAAE,UAAU,EAAE,aAAa,EAAE,CAC9B,CAAC;IACF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,cAAc,CAAC,uBAAuB,CAAC,CAAC;IAC1C,CAAC;IAED,wCAAwC;IACxC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAE,WAAmB,CAAC,SAAS,CAAC,CAAC;IACjE,MAAM,MAAM,GAAG,aAAa,CAAC,MAAgB,CAAC;IAE9C,8CAA8C;IAC9C,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAChC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,uBAAuB,EACxD,EAAE,MAAM,EAAE,MAAa,EAAE,CAC1B,CAAC;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,cAAc,CAAC,oBAAoB,CAAC,CAAC;IACvC,CAAC;IAED,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAI,UAAU,CAAE,OAAe,CAAC,MAAM,CAAC,CAAC;IAEvD,gDAAgD;IAChD,MAAM,KAAK,GAAG,yBAAyB,CACrC,MAAM,EACL,OAAe,CAAC,MAAM,EACtB,OAAe,CAAC,MAAM,EACvB,MAAM,CAAC,IAAI,EACX,EAAE,CACH,CAAC;IACF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,cAAc,CAAC,mBAAmB,CAAC,CAAC;IACtC,CAAC;IAED,6BAA6B;IAC7B,MAAM,GAAG,CAAC,WAAW,CACnB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,kBAAkB,EACnD,EAAE,MAAM,EAAG,OAAe,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CACzD,CAAC;IAEF,wBAAwB;IACxB,MAAM,GAAG,CAAC,WAAW,CACnB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,cAAc,EAC/C,EAAE,UAAU,EAAE,aAAa,EAAE,CAC9B,CAAC;IAEF,+BAA+B;IAC/B,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE;QACzC,MAAM;QACN,cAAc,EAAE,IAAI;KACrB,CAAC,CAAC;IAEH,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AACtD,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAsB,EACtB,QAA4B,EAC5B,IAGC;IAWD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;IAC/B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,cAAc,CACZ,mBAAmB,EACnB,mEAAmE,CACpE,CAAC;IACJ,CAAC;IAED,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,WAAW,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;QACvD,KAAK,SAAS;YACZ,OAAO,aAAa,CAClB,GAAG,EACH,QAAQ,EACR,IAAI,CAAC,MAAM,IAAI,EAAE,EACjB,IAAI,CAAC,QAAQ,CACd,CAAC;QACJ,KAAK,QAAQ;YACX,OAAO,YAAY,CACjB,GAAG,EACH,QAAQ,EACR,IAAI,CAAC,MAAM,IAAI,EAAE,EACjB,IAAI,CAAC,QAAQ,CACd,CAAC;QACJ;YACE,cAAc,CACZ,mBAAmB,EACnB,sBAAsB,IAAI,2CAA2C,CACtE,CAAC;IACN,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAsB,EACtB,MAAc;IAEd,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAChC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,uBAAuB,EACxD,EAAE,MAAM,EAAE,MAAa,EAAE,CAC1B,CAAC;IACF,OAAO,OAAO,KAAK,IAAI,CAAC;AAC1B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,8BAA8B,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../../src/server/implementation/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,8BAA8B,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAK/E,KAAK,sBAAsB,GAAG;IAC5B,IAAI,EAAE,OAAO,GAAG,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,cAAc,CAAC;IACnE,QAAQ,EAAE,8BAA8B,CAAC;IACzC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;QACjC,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B,CAAC;AAEF,wBAAsB,oBAAoB,CACxC,GAAG,EAAE,WAAW,EAChB,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,GAAG,IAAI,EACtC,OAAO,EACH;IAAE,eAAe,EAAE,GAAG,CAAC,SAAS,CAAC,CAAA;CAAE,GACnC;IACE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,EACL,IAAI,EAAE,sBAAsB,EAC5B,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC;IACT,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1B,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;CACjC,CAAC,CAUD;AAqLD,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,WAAW,EAChB,iBAAiB,EAAE,SAAS,CAAC,SAAS,CAAC,EACvC,MAAM,EAAE,gBAAgB,gBAOzB"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { LOG_LEVELS, logWithLevel } from "./utils.js";
|
|
2
2
|
import { authDb } from "./db.js";
|
|
3
|
+
import { throwAuthError } from "../errors.js";
|
|
3
4
|
export async function upsertUserAndAccount(ctx, sessionId, account, args, config) {
|
|
4
5
|
const userId = await defaultCreateOrUpdateUser(ctx, sessionId, "existingAccount" in account ? account.existingAccount : null, args, config);
|
|
5
6
|
const accountId = await createOrUpdateAccount(ctx, userId, account, args, config);
|
|
@@ -68,7 +69,7 @@ async function defaultCreateOrUpdateUser(ctx, existingSessionId, existingAccount
|
|
|
68
69
|
await db.users.patch(userId, userData);
|
|
69
70
|
}
|
|
70
71
|
catch (error) {
|
|
71
|
-
|
|
72
|
+
throwAuthError("USER_UPDATE_FAILED", `Could not update user document with ID \`${userId}\`, ` +
|
|
72
73
|
`either the user has been deleted but their account has not, ` +
|
|
73
74
|
`or the profile data doesn't match the \`users\` table schema: ` +
|
|
74
75
|
`${error.message}`);
|
|
@@ -126,7 +127,7 @@ async function createOrUpdateAccount(ctx, userId, account, args, config) {
|
|
|
126
127
|
export async function getAccountOrThrow(ctx, existingAccountId, config) {
|
|
127
128
|
const existingAccount = await authDb(ctx, config).accounts.getById(existingAccountId);
|
|
128
129
|
if (existingAccount === null) {
|
|
129
|
-
|
|
130
|
+
throwAuthError("ACCOUNT_NOT_FOUND", `Expected an account to exist for ID "${existingAccountId}"`);
|
|
130
131
|
}
|
|
131
132
|
return existingAccount;
|
|
132
133
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../src/server/implementation/users.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../src/server/implementation/users.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAe9C,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,GAAgB,EAChB,SAAsC,EACtC,OAKK,EACL,IAA4B,EAC5B,MAAwB;IAKxB,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAC5C,GAAG,EACH,SAAS,EACT,iBAAiB,IAAI,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,EAC7D,IAAI,EACJ,MAAM,CACP,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAClF,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AAC/B,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,GAAgB,EAChB,iBAA8C,EAC9C,eAAsC,EACtC,IAA4B,EAC5B,MAAwB;IAExB,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,iCAAiC,EAAE;QAChE,iBAAiB,EAAE,eAAe,EAAE,GAAG;QACvC,iBAAiB;QACjB,IAAI;KACL,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,eAAe,EAAE,MAAM,IAAI,IAAI,CAAC;IACvD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,IAAI,MAAM,CAAC,SAAS,EAAE,kBAAkB,KAAK,SAAS,EAAE,CAAC;QACvD,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,0CAA0C,CAAC,CAAC;QAC3E,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE;YACpD,cAAc;YACd,GAAG,IAAI;SACR,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EACJ,QAAQ,EACR,OAAO,EAAE,EACP,aAAa,EAAE,oBAAoB,EACnC,aAAa,EAAE,oBAAoB,EACnC,GAAG,OAAO,EACX,GACF,GAAG,IAAI,CAAC;IACT,MAAM,aAAa,GACjB,oBAAoB;QACpB,CAAC,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,MAAM,CAAC;YACtD,QAAQ,CAAC,iCAAiC,KAAK,KAAK,CAAC,CAAC;IAC1D,MAAM,aAAa,GAAG,oBAAoB,IAAI,KAAK,CAAC;IACpD,MAAM,kBAAkB,GACtB,IAAI,CAAC,kBAAkB,IAAI,aAAa,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,CAAC;IACxE,MAAM,kBAAkB,GACtB,IAAI,CAAC,kBAAkB,IAAI,aAAa,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,CAAC;IAExE,IAAI,MAAM,GAAG,cAAc,CAAC;IAC5B,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAC5B,MAAM,+BAA+B,GACnC,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,IAAI,kBAAkB;YACrD,CAAC,CAAC,CAAC,MAAM,2BAA2B,CAAC,GAAG,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,EAAE,GAAG;gBACpE,IAAI;YACN,CAAC,CAAC,IAAI,CAAC;QAEX,MAAM,+BAA+B,GACnC,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,IAAI,kBAAkB;YACrD,CAAC,CAAC,CAAC,MAAM,2BAA2B,CAAC,GAAG,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,EAAE,GAAG;gBACpE,IAAI;YACN,CAAC,CAAC,IAAI,CAAC;QACX,iDAAiD;QACjD,yBAAyB;QACzB,IACE,+BAA+B,KAAK,IAAI;YACxC,+BAA+B,KAAK,IAAI,EACxC,CAAC;YACD,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,yEAAyE,+BAA+B,YAAY,+BAA+B,EAAE,CACtJ,CAAC;YACF,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;aAAM,IAAI,+BAA+B,KAAK,IAAI,EAAE,CAAC;YACpD,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,gDAAgD,+BAA+B,EAAE,CAClF,CAAC;YACF,MAAM,GAAG,+BAA+B,CAAC;QAC3C,CAAC;aAAM,IAAI,+BAA+B,KAAK,IAAI,EAAE,CAAC;YACpD,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,gDAAgD,+BAA+B,EAAE,CAClF,CAAC;YACF,MAAM,GAAG,+BAA+B,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,qDAAqD,CACtD,CAAC;YACF,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,GAAG;QACf,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACjE,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACjE,GAAG,OAAO;KACX,CAAC;IACF,MAAM,sBAAsB,GAAG,MAAM,CAAC;IACtC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACzC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,cAAc,CAAC,oBAAoB,EAAE,4CAA4C,MAAM,MAAM;gBACzF,8DAA8D;gBAC9D,gEAAgE;gBAChE,GAAI,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAsB,CAAC;IAClE,CAAC;IACD,MAAM,yBAAyB,GAAG,MAAM,CAAC,SAAS,EAAE,yBAAyB,CAAC;IAC9E,IAAI,yBAAyB,KAAK,SAAS,EAAE,CAAC;QAC5C,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,mDAAmD,CACpD,CAAC;QACF,MAAM,yBAAyB,CAAC,GAAG,EAAE;YACnC,MAAM;YACN,cAAc,EAAE,sBAAsB;YACtC,GAAG,IAAI;SACR,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,YAAY,CACV,UAAU,CAAC,KAAK,EAChB,wDAAwD,CACzD,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,GAAgB,EAChB,KAAa,EACb,MAAwB;IAExB,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,OAAO,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAuB,CAAC;AAC3E,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,GAAgB,EAChB,KAAa,EACb,MAAwB;IAExB,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,OAAO,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAuB,CAAC;AAC3E,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,GAAgB,EAChB,MAAyB,EACzB,OAKK,EACL,IAA4B,EAC5B,MAAwB;IAExB,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,SAAS,GACb,iBAAiB,IAAI,OAAO;QAC1B,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG;QAC7B,CAAC,CAAE,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzB,MAAM;YACN,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC1B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAA0B,CAAC;IACnC,2EAA2E;IAC3E,qEAAqE;IACrE,IACE,iBAAiB,IAAI,OAAO;QAC5B,OAAO,CAAC,eAAe,CAAC,MAAM,KAAK,MAAM,EACzC,CAAC;QACD,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC/B,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC/B,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAgB,EAChB,iBAAuC,EACvC,MAAwB;IAExB,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACtF,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;QAC7B,cAAc,CAAC,mBAAmB,EAAE,wCAAwC,iBAAiB,GAAG,CAAC,CAAC;IACpG,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC"}
|
package/dist/server/index.d.ts
CHANGED
|
@@ -1,35 +1,189 @@
|
|
|
1
|
+
/** Cookie lifetime configuration for auth tokens. */
|
|
1
2
|
export type AuthCookieConfig = {
|
|
3
|
+
/** Maximum age in seconds, or `null` for session cookies. */
|
|
2
4
|
maxAge: number | null;
|
|
3
5
|
};
|
|
6
|
+
/** Raw cookie values extracted from a request. */
|
|
4
7
|
export type AuthCookies = {
|
|
8
|
+
/** The JWT access token, or `null` when absent. */
|
|
5
9
|
token: string | null;
|
|
10
|
+
/** The refresh token, or `null` when absent. */
|
|
6
11
|
refreshToken: string | null;
|
|
12
|
+
/** The OAuth PKCE verifier, or `null` when absent. */
|
|
7
13
|
verifier: string | null;
|
|
8
14
|
};
|
|
15
|
+
/** A structured cookie ready to be set via any framework's cookie API. */
|
|
16
|
+
export type AuthCookie = {
|
|
17
|
+
name: string;
|
|
18
|
+
value: string;
|
|
19
|
+
options: {
|
|
20
|
+
path: string;
|
|
21
|
+
httpOnly: boolean;
|
|
22
|
+
secure: boolean;
|
|
23
|
+
sameSite: "lax" | "strict" | "none";
|
|
24
|
+
maxAge?: number;
|
|
25
|
+
expires?: Date;
|
|
26
|
+
};
|
|
27
|
+
};
|
|
28
|
+
/**
|
|
29
|
+
* Options for the SSR auth helper returned by {@link server}.
|
|
30
|
+
*/
|
|
9
31
|
export type ServerOptions = {
|
|
10
|
-
/** Convex deployment URL. */
|
|
32
|
+
/** Convex deployment URL (e.g. `https://your-app.convex.cloud`). */
|
|
11
33
|
url: string;
|
|
34
|
+
/**
|
|
35
|
+
* Path the client POSTs auth actions to. Defaults to `"/api/auth"`.
|
|
36
|
+
* Must match the `proxy` option on the client.
|
|
37
|
+
*/
|
|
12
38
|
apiRoute?: string;
|
|
39
|
+
/** Cookie `maxAge` in seconds, or `null` for session cookies. */
|
|
13
40
|
cookieMaxAge?: number | null;
|
|
41
|
+
/** Enable verbose debug logging for token refresh and cookie operations. */
|
|
14
42
|
verbose?: boolean;
|
|
43
|
+
/**
|
|
44
|
+
* Control whether `refresh()` handles OAuth `?code=` query parameters.
|
|
45
|
+
*
|
|
46
|
+
* - `true` (default): always exchange the code on GET requests with `text/html` accept.
|
|
47
|
+
* - `false`: never exchange — useful when only the client handles codes.
|
|
48
|
+
* - A function: called with the `Request` for per-request decisions.
|
|
49
|
+
*/
|
|
15
50
|
shouldHandleCode?: ((request: Request) => boolean | Promise<boolean>) | boolean;
|
|
16
51
|
};
|
|
17
52
|
export type RefreshResult = {
|
|
18
|
-
response
|
|
19
|
-
cookies
|
|
53
|
+
/** Structured cookies to set on the response. */
|
|
54
|
+
cookies: AuthCookie[];
|
|
55
|
+
/** URL to redirect to (set after OAuth code exchange). */
|
|
56
|
+
redirect?: string;
|
|
57
|
+
/** JWT for SSR hydration, or `null` if not authenticated. */
|
|
58
|
+
token: string | null;
|
|
20
59
|
};
|
|
60
|
+
/**
|
|
61
|
+
* Derive the cookie names used for auth tokens.
|
|
62
|
+
*
|
|
63
|
+
* On localhost the names are unprefixed; on production hosts they
|
|
64
|
+
* use the `__Host-` prefix for tighter security.
|
|
65
|
+
*
|
|
66
|
+
* @param host - The `Host` header value. Omit to use unprefixed names.
|
|
67
|
+
* @returns An object with `token`, `refreshToken`, and `verifier` cookie names.
|
|
68
|
+
*/
|
|
21
69
|
export declare function authCookieNames(host?: string): {
|
|
22
70
|
token: string;
|
|
23
71
|
refreshToken: string;
|
|
24
72
|
verifier: string;
|
|
25
73
|
};
|
|
74
|
+
/**
|
|
75
|
+
* Parse auth cookie values from a raw `Cookie` header string.
|
|
76
|
+
*
|
|
77
|
+
* @param cookieHeader - The raw `Cookie` header, or `null`/`undefined`.
|
|
78
|
+
* @param host - The `Host` header, used to determine cookie name prefixes.
|
|
79
|
+
* @returns Parsed {@link AuthCookies} with `token`, `refreshToken`, and `verifier`.
|
|
80
|
+
*/
|
|
26
81
|
export declare function parseAuthCookies(cookieHeader: string | null | undefined, host?: string): AuthCookies;
|
|
82
|
+
/**
|
|
83
|
+
* Serialize auth cookies into `Set-Cookie` header strings.
|
|
84
|
+
*
|
|
85
|
+
* Nulled-out values produce deletion cookies (maxAge 0, expired date).
|
|
86
|
+
*
|
|
87
|
+
* @param cookies - The auth cookie values to serialize.
|
|
88
|
+
* @param host - The `Host` header, used for cookie name prefixes and `Secure` flag.
|
|
89
|
+
* @param config - Cookie lifetime config. Defaults to session cookies.
|
|
90
|
+
* @returns An array of three `Set-Cookie` header strings.
|
|
91
|
+
*/
|
|
27
92
|
export declare function serializeAuthCookies(cookies: AuthCookies, host?: string, config?: AuthCookieConfig): string[];
|
|
93
|
+
/**
|
|
94
|
+
* Build structured cookie objects for any SSR framework.
|
|
95
|
+
*
|
|
96
|
+
* Use with SvelteKit's `event.cookies.set()`, TanStack Start's `setCookie()`,
|
|
97
|
+
* Next.js's `cookies().set()`, or any other framework cookie API.
|
|
98
|
+
*/
|
|
99
|
+
export declare function structuredAuthCookies(cookies: AuthCookies, host?: string, config?: AuthCookieConfig): AuthCookie[];
|
|
100
|
+
/**
|
|
101
|
+
* Check whether a request pathname matches the auth proxy route.
|
|
102
|
+
*
|
|
103
|
+
* Handles trailing-slash ambiguity: both `/api/auth` and `/api/auth/`
|
|
104
|
+
* match regardless of how `apiRoute` is configured.
|
|
105
|
+
*
|
|
106
|
+
* @param pathname - The request URL pathname.
|
|
107
|
+
* @param apiRoute - The configured proxy route (e.g. `"/api/auth"`).
|
|
108
|
+
* @returns `true` when the pathname matches the proxy route.
|
|
109
|
+
*/
|
|
28
110
|
export declare function shouldProxyAuthAction(pathname: string, apiRoute: string): boolean;
|
|
111
|
+
/**
|
|
112
|
+
* Create an SSR auth helper for server-side frameworks.
|
|
113
|
+
*
|
|
114
|
+
* Handles cookie-based token management, OAuth code exchange,
|
|
115
|
+
* and automatic JWT refresh on page loads. Works with any
|
|
116
|
+
* framework that gives you a `Request` object — SvelteKit,
|
|
117
|
+
* TanStack Start, Remix, Next.js, etc.
|
|
118
|
+
*
|
|
119
|
+
* @param options - SSR configuration (Convex URL, proxy route, cookie lifetime).
|
|
120
|
+
* @returns An object with `token`, `verify`, `proxy`, and `refresh` methods.
|
|
121
|
+
*
|
|
122
|
+
* @example SvelteKit hooks
|
|
123
|
+
* ```ts
|
|
124
|
+
* // src/hooks.server.ts
|
|
125
|
+
* import { server } from '@robelest/convex-auth/server';
|
|
126
|
+
*
|
|
127
|
+
* const auth = server({ url: CONVEX_URL });
|
|
128
|
+
*
|
|
129
|
+
* export const handle = async ({ event, resolve }) => {
|
|
130
|
+
* const { cookies, token } = await auth.refresh(event.request);
|
|
131
|
+
* for (const c of cookies) event.cookies.set(c.name, c.value, c.options);
|
|
132
|
+
* event.locals.token = token;
|
|
133
|
+
* return resolve(event);
|
|
134
|
+
* };
|
|
135
|
+
* ```
|
|
136
|
+
*
|
|
137
|
+
* @example Generic proxy endpoint
|
|
138
|
+
* ```ts
|
|
139
|
+
* if (shouldProxyAuthAction(url.pathname, '/api/auth')) {
|
|
140
|
+
* return auth.proxy(request);
|
|
141
|
+
* }
|
|
142
|
+
* ```
|
|
143
|
+
*/
|
|
29
144
|
export declare function server(options: ServerOptions): {
|
|
145
|
+
/**
|
|
146
|
+
* Read the JWT from the request cookies without any validation.
|
|
147
|
+
*
|
|
148
|
+
* @param request - The incoming HTTP request.
|
|
149
|
+
* @returns The raw JWT string, or `null` when no token cookie exists.
|
|
150
|
+
*/
|
|
30
151
|
token(request: Request): string | null;
|
|
152
|
+
/**
|
|
153
|
+
* Check whether the request carries a non-expired JWT.
|
|
154
|
+
*
|
|
155
|
+
* Performs local expiration checking only (no network call).
|
|
156
|
+
* Use for lightweight auth guards in middleware.
|
|
157
|
+
*
|
|
158
|
+
* @param request - The incoming HTTP request.
|
|
159
|
+
* @returns `true` when a valid, non-expired JWT exists in the cookies.
|
|
160
|
+
*/
|
|
31
161
|
verify(request: Request): Promise<boolean>;
|
|
162
|
+
/**
|
|
163
|
+
* Handle a proxied `signIn` or `signOut` POST from the client.
|
|
164
|
+
*
|
|
165
|
+
* Validates the route, method, and origin, then forwards the
|
|
166
|
+
* action to Convex and returns a `Response` with updated
|
|
167
|
+
* `Set-Cookie` headers. The client never sees the real
|
|
168
|
+
* refresh token — it stays in httpOnly cookies.
|
|
169
|
+
*
|
|
170
|
+
* @param request - The incoming POST request from the client.
|
|
171
|
+
* @returns A JSON `Response` with auth result and cookie headers.
|
|
172
|
+
*/
|
|
32
173
|
proxy(request: Request): Promise<Response>;
|
|
174
|
+
/**
|
|
175
|
+
* Refresh auth tokens on page load.
|
|
176
|
+
*
|
|
177
|
+
* Call this in your server hooks/middleware on every request.
|
|
178
|
+
* It handles three scenarios:
|
|
179
|
+
*
|
|
180
|
+
* 1. **OAuth code exchange** — exchanges a `?code=` query param for tokens and returns a redirect URL.
|
|
181
|
+
* 2. **Token refresh** — refreshes the JWT if it's close to expiry.
|
|
182
|
+
* 3. **No-op** — returns the existing token when no refresh is needed.
|
|
183
|
+
*
|
|
184
|
+
* @param request - The incoming HTTP request.
|
|
185
|
+
* @returns Structured cookies to set on the response, an optional redirect URL, and the current JWT.
|
|
186
|
+
*/
|
|
33
187
|
refresh(request: Request): Promise<RefreshResult>;
|
|
34
188
|
};
|
|
35
189
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAUA,qDAAqD;AACrD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,6DAA6D;IAC7D,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF,kDAAkD;AAClD,MAAM,MAAM,WAAW,GAAG;IACxB,mDAAmD;IACnD,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,gDAAgD;IAChD,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,sDAAsD;IACtD,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC;AAEF,0EAA0E;AAC1E,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,OAAO,CAAC;QAClB,MAAM,EAAE,OAAO,CAAC;QAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;QACpC,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,IAAI,CAAC;KAChB,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,oEAAoE;IACpE,GAAG,EAAE,MAAM,CAAC;IACZ;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iEAAiE;IACjE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,4EAA4E;IAC5E,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,OAAO,CAAC;CACjF,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,iDAAiD;IACjD,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6DAA6D;IAC7D,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,IAAI,CAAC,EAAE,MAAM;;;;EAO5C;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACvC,IAAI,CAAC,EAAE,MAAM,GACZ,WAAW,CAQb;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,WAAW,EACpB,IAAI,CAAC,EAAE,MAAM,EACb,MAAM,GAAE,gBAAmC,YA4B5C;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,WAAW,EACpB,IAAI,CAAC,EAAE,MAAM,EACb,MAAM,GAAE,gBAAmC,GAC1C,UAAU,EAAE,CAuCd;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,WAKvE;AAOD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,MAAM,CAAC,OAAO,EAAE,aAAa;IAsHzC;;;;;OAKG;mBACY,OAAO,GAAG,MAAM,GAAG,IAAI;IAItC;;;;;;;;OAQG;oBACmB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAYhD;;;;;;;;;;OAUG;mBACkB,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IA0HhD;;;;;;;;;;;;OAYG;qBACoB,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;EA6F1D"}
|