npm - @robelest/convex-auth - Versions diffs - 0.0.2 → 0.0.3-preview.1 - Mend

@robelest/convex-auth 0.0.2 → 0.0.3-preview.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (173) hide show

package/dist/bin.cjs +1 -1
package/dist/client/index.d.ts +33 -9
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +79 -13
package/dist/client/index.js.map +1 -1
package/dist/component/_generated/component.d.ts +48 -0
package/dist/component/_generated/component.d.ts.map +1 -1
package/dist/component/index.d.ts +10 -4
package/dist/component/index.d.ts.map +1 -1
package/dist/component/index.js +8 -3
package/dist/component/index.js.map +1 -1
package/dist/component/public.d.ts +163 -3
package/dist/component/public.d.ts.map +1 -1
package/dist/component/public.js +124 -0
package/dist/component/public.js.map +1 -1
package/dist/component/schema.d.ts +81 -2
package/dist/component/schema.d.ts.map +1 -1
package/dist/component/schema.js +45 -0
package/dist/component/schema.js.map +1 -1
package/dist/providers/anonymous.d.ts +3 -0
package/dist/providers/anonymous.d.ts.map +1 -1
package/dist/providers/anonymous.js +3 -0
package/dist/providers/anonymous.js.map +1 -1
package/dist/providers/credentials.d.ts +3 -0
package/dist/providers/credentials.d.ts.map +1 -1
package/dist/providers/credentials.js +3 -0
package/dist/providers/credentials.js.map +1 -1
package/dist/providers/email.d.ts +3 -0
package/dist/providers/email.d.ts.map +1 -1
package/dist/providers/email.js +3 -0
package/dist/providers/email.js.map +1 -1
package/dist/providers/passkey.d.ts +7 -1
package/dist/providers/passkey.d.ts.map +1 -1
package/dist/providers/passkey.js +7 -1
package/dist/providers/passkey.js.map +1 -1
package/dist/providers/password.d.ts +3 -0
package/dist/providers/password.d.ts.map +1 -1
package/dist/providers/password.js +3 -0
package/dist/providers/password.js.map +1 -1
package/dist/providers/phone.d.ts +3 -0
package/dist/providers/phone.d.ts.map +1 -1
package/dist/providers/phone.js +3 -0
package/dist/providers/phone.js.map +1 -1
package/dist/providers/totp.d.ts +8 -0
package/dist/providers/totp.d.ts.map +1 -1
package/dist/providers/totp.js +8 -0
package/dist/providers/totp.js.map +1 -1
package/dist/server/convex-auth.d.ts +185 -25
package/dist/server/convex-auth.d.ts.map +1 -1
package/dist/server/convex-auth.js +317 -58
package/dist/server/convex-auth.js.map +1 -1
package/dist/server/email-templates.d.ts +18 -0
package/dist/server/email-templates.d.ts.map +1 -0
package/dist/server/email-templates.js +74 -0
package/dist/server/email-templates.js.map +1 -0
package/dist/server/errors.d.ts +146 -0
package/dist/server/errors.d.ts.map +1 -0
package/dist/server/errors.js +176 -0
package/dist/server/errors.js.map +1 -0
package/dist/server/implementation/apiKey.d.ts +74 -0
package/dist/server/implementation/apiKey.d.ts.map +1 -0
package/dist/server/implementation/apiKey.js +139 -0
package/dist/server/implementation/apiKey.js.map +1 -0
package/dist/server/implementation/index.d.ts +151 -14
package/dist/server/implementation/index.d.ts.map +1 -1
package/dist/server/implementation/index.js +216 -24
package/dist/server/implementation/index.js.map +1 -1
package/dist/server/implementation/mutations/createAccountFromCredentials.d.ts.map +1 -1
package/dist/server/implementation/mutations/createAccountFromCredentials.js +2 -1
package/dist/server/implementation/mutations/createAccountFromCredentials.js.map +1 -1
package/dist/server/implementation/mutations/createVerificationCode.d.ts +2 -2
package/dist/server/implementation/mutations/index.d.ts +6 -6
package/dist/server/implementation/mutations/modifyAccount.d.ts.map +1 -1
package/dist/server/implementation/mutations/modifyAccount.js +2 -1
package/dist/server/implementation/mutations/modifyAccount.js.map +1 -1
package/dist/server/implementation/mutations/userOAuth.d.ts.map +1 -1
package/dist/server/implementation/mutations/userOAuth.js +2 -1
package/dist/server/implementation/mutations/userOAuth.js.map +1 -1
package/dist/server/implementation/mutations/verifierSignature.d.ts.map +1 -1
package/dist/server/implementation/mutations/verifierSignature.js +2 -1
package/dist/server/implementation/mutations/verifierSignature.js.map +1 -1
package/dist/server/implementation/passkey.d.ts.map +1 -1
package/dist/server/implementation/passkey.js +28 -29
package/dist/server/implementation/passkey.js.map +1 -1
package/dist/server/implementation/provider.d.ts.map +1 -1
package/dist/server/implementation/provider.js +5 -4
package/dist/server/implementation/provider.js.map +1 -1
package/dist/server/implementation/redirects.d.ts.map +1 -1
package/dist/server/implementation/redirects.js +2 -1
package/dist/server/implementation/redirects.js.map +1 -1
package/dist/server/implementation/refreshTokens.d.ts.map +1 -1
package/dist/server/implementation/refreshTokens.js +2 -1
package/dist/server/implementation/refreshTokens.js.map +1 -1
package/dist/server/implementation/signIn.d.ts.map +1 -1
package/dist/server/implementation/signIn.js +8 -18
package/dist/server/implementation/signIn.js.map +1 -1
package/dist/server/implementation/totp.d.ts.map +1 -1
package/dist/server/implementation/totp.js +16 -17
package/dist/server/implementation/totp.js.map +1 -1
package/dist/server/implementation/users.d.ts.map +1 -1
package/dist/server/implementation/users.js +3 -2
package/dist/server/implementation/users.js.map +1 -1
package/dist/server/index.d.ts +157 -3
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +180 -17
package/dist/server/index.js.map +1 -1
package/dist/server/oauth/authorizationUrl.d.ts.map +1 -1
package/dist/server/oauth/authorizationUrl.js +2 -1
package/dist/server/oauth/authorizationUrl.js.map +1 -1
package/dist/server/oauth/callback.d.ts.map +1 -1
package/dist/server/oauth/callback.js +5 -4
package/dist/server/oauth/callback.js.map +1 -1
package/dist/server/oauth/checks.d.ts.map +1 -1
package/dist/server/oauth/checks.js +2 -1
package/dist/server/oauth/checks.js.map +1 -1
package/dist/server/oauth/convexAuth.d.ts.map +1 -1
package/dist/server/oauth/convexAuth.js +3 -2
package/dist/server/oauth/convexAuth.js.map +1 -1
package/dist/server/provider_utils.d.ts +2 -0
package/dist/server/provider_utils.d.ts.map +1 -1
package/dist/server/types.d.ts +240 -5
package/dist/server/types.d.ts.map +1 -1
package/dist/server/utils.d.ts.map +1 -1
package/dist/server/utils.js +2 -1
package/dist/server/utils.js.map +1 -1
package/dist/server/version.d.ts +2 -0
package/dist/server/version.d.ts.map +1 -0
package/dist/server/version.js +3 -0
package/dist/server/version.js.map +1 -0
package/package.json +7 -2
package/src/cli/index.ts +1 -1
package/src/cli/utils.ts +248 -0
package/src/client/index.ts +105 -15
package/src/component/_generated/component.ts +61 -0
package/src/component/index.ts +11 -2
package/src/component/public.ts +142 -0
package/src/component/schema.ts +52 -0
package/src/providers/anonymous.ts +3 -0
package/src/providers/credentials.ts +3 -0
package/src/providers/email.ts +3 -0
package/src/providers/passkey.ts +8 -1
package/src/providers/password.ts +3 -0
package/src/providers/phone.ts +3 -0
package/src/providers/totp.ts +9 -0
package/src/server/convex-auth.ts +385 -73
package/src/server/email-templates.ts +77 -0
package/src/server/errors.ts +269 -0
package/src/server/implementation/apiKey.ts +186 -0
package/src/server/implementation/index.ts +288 -28
package/src/server/implementation/mutations/createAccountFromCredentials.ts +2 -1
package/src/server/implementation/mutations/modifyAccount.ts +2 -3
package/src/server/implementation/mutations/userOAuth.ts +2 -1
package/src/server/implementation/mutations/verifierSignature.ts +2 -1
package/src/server/implementation/passkey.ts +33 -35
package/src/server/implementation/provider.ts +5 -8
package/src/server/implementation/redirects.ts +2 -3
package/src/server/implementation/refreshTokens.ts +2 -1
package/src/server/implementation/signIn.ts +9 -18
package/src/server/implementation/totp.ts +18 -21
package/src/server/implementation/users.ts +4 -7
package/src/server/index.ts +240 -37
package/src/server/oauth/authorizationUrl.ts +2 -1
package/src/server/oauth/callback.ts +5 -4
package/src/server/oauth/checks.ts +3 -1
package/src/server/oauth/convexAuth.ts +6 -3
package/src/server/types.ts +254 -5
package/src/server/utils.ts +3 -1
package/src/server/version.ts +2 -0
package/dist/server/portal.d.ts +0 -116
package/dist/server/portal.d.ts.map +0 -1
package/dist/server/portal.js +0 -294
package/dist/server/portal.js.map +0 -1
package/src/server/portal.ts +0 -375

package/dist/server/portal.js DELETED Viewed

@@ -1,294 +0,0 @@
-import { queryGeneric, mutationGeneric, internalMutationGeneric, } from "convex/server";
-import { v } from "convex/values";
-import { registerStaticRoutes } from "@convex-dev/self-hosting";
-// ============================================================================
-// Helpers
-// ============================================================================
-/**
- * Check if the authenticated user is a portal admin.
- * Portal admins are identified by having an accepted invite
- * with `role: "portalAdmin"`.
- */
-async function requirePortalAdmin(ctx, authComponent, userId) {
-    const invites = await ctx.runQuery(authComponent.public.inviteList, {
-        status: "accepted",
-    });
-    const isAdmin = invites.some((invite) => invite.role === "portalAdmin" && invite.acceptedByUserId === userId);
-    if (!isAdmin) {
-        throw new Error("Not authorized: portal admin access required");
-    }
-}
-// ============================================================================
-// Portal() factory
-// ============================================================================
-/**
- * Configure the Convex Auth Portal. Returns all the functions needed to
- * serve the portal admin UI, manage invite links, and query auth data.
- *
- * The portal dogfoods the same `Auth()` instance as your app. Portal admins
- * sign in via email magic link and are identified by accepted invites with
- * `role: "portalAdmin"`.
- *
- * ```ts filename="convex/portal.ts"
- * import { Portal } from "@robelest/convex-auth/component";
- * import { auth } from "./auth";
- * import { components } from "./_generated/api";
- *
- * export const {
- *   hosting, getCurrentDeployment,
- *   portalQuery, portalMutation,
- *   validateInvite, acceptInvite, createPortalInvite,
- *   portal,
- * } = Portal(components.auth, components.selfHosting, auth);
- * ```
- *
- * ## Setup
- *
- * 1. Configure an email provider in your `Auth()` config (e.g. Resend).
- * 2. Generate an admin invite link:
- *    `npx @robelest/convex-auth portal link [--prod]`
- * 3. Visit the link, enter your email, click the magic link, and you're in.
- *
- * The portal URL is auto-derived from `CONVEX_SITE_URL` (always set by Convex).
- * Override with `options.portalUrl` if you need a custom URL.
- */
-export function Portal(authComponent, selfHostingComponent, auth, options) {
-    const portalUrl = options?.portalUrl ??
-        (process.env.CONVEX_SITE_URL
-            ? `${process.env.CONVEX_SITE_URL.replace(/\/$/, "")}/portal`
-            : "/portal");
-    return {
-        // ---- Self-hosting: combined internal mutation for CLI ----
-        /**
-         * Combined internal mutation for self-hosting operations.
-         * Used by the CLI (`@robelest/convex-auth portal upload`) to
-         * upload static assets and manage deployments.
-         */
-        hosting: internalMutationGeneric({
-            args: {
-                action: v.string(),
-                path: v.optional(v.string()),
-                storageId: v.optional(v.string()),
-                blobId: v.optional(v.string()),
-                contentType: v.optional(v.string()),
-                deploymentId: v.optional(v.string()),
-                currentDeploymentId: v.optional(v.string()),
-                limit: v.optional(v.number()),
-            },
-            handler: async (ctx, args) => {
-                switch (args.action) {
-                    case "generateUploadUrl": {
-                        return await ctx.storage.generateUploadUrl();
-                    }
-                    case "recordAsset": {
-                        const { oldStorageId, oldBlobId } = await ctx.runMutation(selfHostingComponent.lib.recordAsset, {
-                            path: args.path,
-                            ...(args.storageId ? { storageId: args.storageId } : {}),
-                            ...(args.blobId ? { blobId: args.blobId } : {}),
-                            contentType: args.contentType,
-                            deploymentId: args.deploymentId,
-                        });
-                        if (oldStorageId) {
-                            try {
-                                await ctx.storage.delete(oldStorageId);
-                            }
-                            catch {
-                                // Ignore — old file may have been in different storage
-                            }
-                        }
-                        return oldBlobId ?? null;
-                    }
-                    case "gcOldAssets": {
-                        const { storageIds, blobIds } = await ctx.runMutation(selfHostingComponent.lib.gcOldAssets, { currentDeploymentId: args.currentDeploymentId });
-                        for (const storageId of storageIds) {
-                            try {
-                                await ctx.storage.delete(storageId);
-                            }
-                            catch {
-                                // Ignore
-                            }
-                        }
-                        await ctx.runMutation(selfHostingComponent.lib.setCurrentDeployment, { deploymentId: args.currentDeploymentId });
-                        return { deleted: storageIds.length, blobIds };
-                    }
-                    case "listAssets": {
-                        return await ctx.runQuery(selfHostingComponent.lib.listAssets, {
-                            limit: args.limit,
-                        });
-                    }
-                    default:
-                        throw new Error(`Unknown hosting action: ${args.action}`);
-                }
-            },
-        }),
-        // ---- Deployment query (public, for client live-reload) ----
-        getCurrentDeployment: queryGeneric({
-            args: {},
-            handler: async (ctx) => {
-                return await ctx.runQuery(selfHostingComponent.lib.getCurrentDeployment, {});
-            },
-        }),
-        // ---- Invite management ----
-        /**
-         * Validate an invite token. Returns the invite if valid and pending,
-         * or `null` otherwise. Used by the portal UI to check if an invite
-         * link is valid before showing the registration form.
-         */
-        validateInvite: queryGeneric({
-            args: { tokenHash: v.string() },
-            handler: async (ctx, { tokenHash }) => {
-                const invite = await ctx.runQuery(authComponent.public.inviteGetByTokenHash, { tokenHash });
-                if (!invite || invite.status !== "pending") {
-                    return null;
-                }
-                if (invite.expiresTime && invite.expiresTime < Date.now()) {
-                    return null;
-                }
-                return { _id: invite._id, role: invite.role };
-            },
-        }),
-        /**
-         * Accept a portal invite. Must be called by an authenticated user.
-         * Marks the invite as accepted and records the accepting user's ID.
-         *
-         * The portal UI calls this after the user has signed in via magic link
-         * following an invite link.
-         */
-        acceptInvite: mutationGeneric({
-            args: { tokenHash: v.string() },
-            handler: async (ctx, { tokenHash }) => {
-                const userId = await auth.user.require(ctx);
-                const invite = await ctx.runQuery(authComponent.public.inviteGetByTokenHash, { tokenHash });
-                if (!invite) {
-                    throw new Error("Invalid invite token");
-                }
-                if (invite.status !== "pending") {
-                    throw new Error(`Invite already ${invite.status}`);
-                }
-                if (invite.expiresTime && invite.expiresTime < Date.now()) {
-                    throw new Error("Invite has expired");
-                }
-                await ctx.runMutation(authComponent.public.inviteAccept, {
-                    inviteId: invite._id,
-                    acceptedByUserId: userId,
-                });
-            },
-        }),
-        /**
-         * Create a portal admin invite. Internal mutation called by the CLI
-         * (`npx @robelest/convex-auth portal link`).
-         */
-        createPortalInvite: internalMutationGeneric({
-            args: { tokenHash: v.string() },
-            handler: async (ctx, { tokenHash }) => {
-                await ctx.runMutation(authComponent.public.inviteCreate, {
-                    tokenHash,
-                    role: "portalAdmin",
-                    status: "pending",
-                });
-                return { portalUrl };
-            },
-        }),
-        // ---- Portal data query (auth-gated) ----
-        /**
-         * Combined portal query for all auth data reads.
-         * Requires the caller to be an authenticated portal admin.
-         *
-         * Actions:
-         * - `listUsers` — List all users
-         * - `listSessions` — List all sessions
-         * - `getUser` — Get a single user by ID (requires `userId`)
-         * - `getUserSessions` — List sessions for a user (requires `userId`)
-         * - `getUserAccounts` — List auth accounts for a user (requires `userId`)
-         * - `isAdmin` — Check if the current user is a portal admin
-         */
-        portalQuery: queryGeneric({
-            args: {
-                action: v.string(),
-                userId: v.optional(v.string()),
-            },
-            handler: async (ctx, { action, userId }) => {
-                const currentUserId = await auth.user.require(ctx);
-                // Allow isAdmin check without admin requirement
-                if (action === "isAdmin") {
-                    try {
-                        await requirePortalAdmin(ctx, authComponent, currentUserId);
-                        return true;
-                    }
-                    catch {
-                        return false;
-                    }
-                }
-                await requirePortalAdmin(ctx, authComponent, currentUserId);
-                switch (action) {
-                    case "listUsers":
-                        return await ctx.runQuery(authComponent.public.userList);
-                    case "listSessions":
-                        return await ctx.runQuery(authComponent.public.sessionList);
-                    case "getUser":
-                        return await ctx.runQuery(authComponent.public.userGetById, {
-                            userId: userId,
-                        });
-                    case "getUserSessions":
-                        return await ctx.runQuery(authComponent.public.sessionListByUser, {
-                            userId: userId,
-                        });
-                    case "getUserAccounts": {
-                        const accounts = await ctx.runQuery(authComponent.public.accountListByUser, { userId: userId });
-                        // Strip secrets — never send password hashes to the frontend
-                        return accounts.map(({ secret: _, ...rest }) => rest);
-                    }
-                    default:
-                        throw new Error(`Unknown portal query action: ${action}`);
-                }
-            },
-        }),
-        // ---- Portal mutation (auth-gated) ----
-        /**
-         * Combined portal mutation for all auth data writes.
-         * Requires the caller to be an authenticated portal admin.
-         *
-         * Actions:
-         * - `revokeSession` — Revoke (delete) a session (requires `sessionId`)
-         */
-        portalMutation: mutationGeneric({
-            args: {
-                action: v.string(),
-                sessionId: v.optional(v.string()),
-            },
-            handler: async (ctx, { action, sessionId }) => {
-                const currentUserId = await auth.user.require(ctx);
-                await requirePortalAdmin(ctx, authComponent, currentUserId);
-                switch (action) {
-                    case "revokeSession":
-                        await ctx.runMutation(authComponent.public.sessionDelete, {
-                            sessionId: sessionId,
-                        });
-                        return;
-                    default:
-                        throw new Error(`Unknown portal mutation action: ${action}`);
-                }
-            },
-        }),
-        // ---- Portal namespace ----
-        portal: {
-            /**
-             * The URL where the portal is served. Used by the Svelte client
-             * as the `redirectTo` for magic link sign-in.
-             */
-            portalUrl,
-            /**
-             * Register HTTP routes that serve the portal static UI.
-             */
-            addHttpRoutes: (http, opts) => {
-                const prefix = opts?.pathPrefix ?? "/portal";
-                // Static file serving
-                registerStaticRoutes(http, selfHostingComponent, {
-                    pathPrefix: prefix,
-                    spaFallback: opts?.spaFallback ?? true,
-                });
-            },
-        },
-    };
-}
-//# sourceMappingURL=portal.js.map

package/dist/server/portal.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/server/portal.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,eAAe,EACf,uBAAuB,GACxB,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAElC,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhE,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E;;;;GAIG;AACH,KAAK,UAAU,kBAAkB,CAC/B,GAAQ,EACR,aAA+B,EAC/B,MAAc;IAEd,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,UAAU,EAAE;QAClE,MAAM,EAAE,UAAU;KACnB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAC1B,CAAC,MAAW,EAAE,EAAE,CACd,MAAM,CAAC,IAAI,KAAK,aAAa,IAAI,MAAM,CAAC,gBAAgB,KAAK,MAAM,CACtE,CAAC;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,UAAU,MAAM,CACpB,aAA+B,EAC/B,oBAAyB,EACzB,IAAS,EACT,OAAgC;IAEhC,MAAM,SAAS,GACb,OAAO,EAAE,SAAS;QAClB,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe;YAC1B,CAAC,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS;YAC5D,CAAC,CAAC,SAAS,CAAC,CAAC;IAEjB,OAAO;QACL,6DAA6D;QAE7D;;;;WAIG;QACH,OAAO,EAAE,uBAAuB,CAAC;YAC/B,IAAI,EAAE;gBACJ,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;gBAClB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC5B,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;gBACjC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC9B,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;gBACnC,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;gBACpC,mBAAmB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC3C,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;aAC9B;YACD,OAAO,EAAE,KAAK,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;gBACrC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;oBACpB,KAAK,mBAAmB,CAAC,CAAC,CAAC;wBACzB,OAAO,MAAM,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;oBAC/C,CAAC;oBAED,KAAK,aAAa,CAAC,CAAC,CAAC;wBACnB,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,MAAM,GAAG,CAAC,WAAW,CACvD,oBAAoB,CAAC,GAAG,CAAC,WAAW,EACpC;4BACE,IAAI,EAAE,IAAI,CAAC,IAAI;4BACf,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;4BACxD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;4BAC/C,WAAW,EAAE,IAAI,CAAC,WAAW;4BAC7B,YAAY,EAAE,IAAI,CAAC,YAAY;yBAChC,CACF,CAAC;wBACF,IAAI,YAAY,EAAE,CAAC;4BACjB,IAAI,CAAC;gCACH,MAAM,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;4BACzC,CAAC;4BAAC,MAAM,CAAC;gCACP,uDAAuD;4BACzD,CAAC;wBACH,CAAC;wBACD,OAAO,SAAS,IAAI,IAAI,CAAC;oBAC3B,CAAC;oBAED,KAAK,aAAa,CAAC,CAAC,CAAC;wBACnB,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,MAAM,GAAG,CAAC,WAAW,CACnD,oBAAoB,CAAC,GAAG,CAAC,WAAW,EACpC,EAAE,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,EAAE,CAClD,CAAC;wBACF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;4BACnC,IAAI,CAAC;gCACH,MAAM,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;4BACtC,CAAC;4BAAC,MAAM,CAAC;gCACP,SAAS;4BACX,CAAC;wBACH,CAAC;wBACD,MAAM,GAAG,CAAC,WAAW,CACnB,oBAAoB,CAAC,GAAG,CAAC,oBAAoB,EAC7C,EAAE,YAAY,EAAE,IAAI,CAAC,mBAAmB,EAAE,CAC3C,CAAC;wBACF,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;oBACjD,CAAC;oBAED,KAAK,YAAY,CAAC,CAAC,CAAC;wBAClB,OAAO,MAAM,GAAG,CAAC,QAAQ,CAAC,oBAAoB,CAAC,GAAG,CAAC,UAAU,EAAE;4BAC7D,KAAK,EAAE,IAAI,CAAC,KAAK;yBAClB,CAAC,CAAC;oBACL,CAAC;oBAED;wBACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;SACF,CAAC;QAEF,8DAA8D;QAE9D,oBAAoB,EAAE,YAAY,CAAC;YACjC,IAAI,EAAE,EAAE;YACR,OAAO,EAAE,KAAK,EAAE,GAAQ,EAAE,EAAE;gBAC1B,OAAO,MAAM,GAAG,CAAC,QAAQ,CACvB,oBAAoB,CAAC,GAAG,CAAC,oBAAoB,EAC7C,EAAE,CACH,CAAC;YACJ,CAAC;SACF,CAAC;QAEF,8BAA8B;QAE9B;;;;WAIG;QACH,cAAc,EAAE,YAAY,CAAC;YAC3B,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE;YAC/B,OAAO,EAAE,KAAK,EAAE,GAAQ,EAAE,EAAE,SAAS,EAAyB,EAAE,EAAE;gBAChE,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,QAAQ,CAC/B,aAAa,CAAC,MAAM,CAAC,oBAAoB,EACzC,EAAE,SAAS,EAAE,CACd,CAAC;gBACF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oBAC3C,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBAC1D,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;YAChD,CAAC;SACF,CAAC;QAEF;;;;;;WAMG;QACH,YAAY,EAAE,eAAe,CAAC;YAC5B,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE;YAC/B,OAAO,EAAE,KAAK,EAAE,GAAQ,EAAE,EAAE,SAAS,EAAyB,EAAE,EAAE;gBAChE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAE5C,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,QAAQ,CAC/B,aAAa,CAAC,MAAM,CAAC,oBAAoB,EACzC,EAAE,SAAS,EAAE,CACd,CAAC;gBACF,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;gBAC1C,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oBAChC,MAAM,IAAI,KAAK,CAAC,kBAAkB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBACrD,CAAC;gBACD,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBAC1D,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBACxC,CAAC;gBAED,MAAM,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,YAAY,EAAE;oBACvD,QAAQ,EAAE,MAAM,CAAC,GAAG;oBACpB,gBAAgB,EAAE,MAAM;iBACzB,CAAC,CAAC;YACL,CAAC;SACF,CAAC;QAEF;;;WAGG;QACH,kBAAkB,EAAE,uBAAuB,CAAC;YAC1C,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE;YAC/B,OAAO,EAAE,KAAK,EAAE,GAAQ,EAAE,EAAE,SAAS,EAAyB,EAAE,EAAE;gBAChE,MAAM,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,YAAY,EAAE;oBACvD,SAAS;oBACT,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,SAAkB;iBAC3B,CAAC,CAAC;gBACH,OAAO,EAAE,SAAS,EAAE,CAAC;YACvB,CAAC;SACF,CAAC;QAEF,2CAA2C;QAE3C;;;;;;;;;;;WAWG;QACH,WAAW,EAAE,YAAY,CAAC;YACxB,IAAI,EAAE;gBACJ,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;gBAClB,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;aAC/B;YACD,OAAO,EAAE,KAAK,EACZ,GAAQ,EACR,EAAE,MAAM,EAAE,MAAM,EAAuC,EACvD,EAAE;gBACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAEnD,gDAAgD;gBAChD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;oBACzB,IAAI,CAAC;wBACH,MAAM,kBAAkB,CAAC,GAAG,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;wBAC5D,OAAO,IAAI,CAAC;oBACd,CAAC;oBAAC,MAAM,CAAC;wBACP,OAAO,KAAK,CAAC;oBACf,CAAC;gBACH,CAAC;gBAED,MAAM,kBAAkB,CAAC,GAAG,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;gBAE5D,QAAQ,MAAM,EAAE,CAAC;oBACf,KAAK,WAAW;wBACd,OAAO,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;oBAE3D,KAAK,cAAc;wBACjB,OAAO,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;oBAE9D,KAAK,SAAS;wBACZ,OAAO,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,WAAW,EAAE;4BAC1D,MAAM,EAAE,MAAO;yBAChB,CAAC,CAAC;oBAEL,KAAK,iBAAiB;wBACpB,OAAO,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,iBAAiB,EAAE;4BAChE,MAAM,EAAE,MAAO;yBAChB,CAAC,CAAC;oBAEL,KAAK,iBAAiB,CAAC,CAAC,CAAC;wBACvB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,QAAQ,CACjC,aAAa,CAAC,MAAM,CAAC,iBAAiB,EACtC,EAAE,MAAM,EAAE,MAAO,EAAE,CACpB,CAAC;wBACF,6DAA6D;wBAC7D,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,IAAI,EAAO,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;oBAC7D,CAAC;oBAED;wBACE,MAAM,IAAI,KAAK,CAAC,gCAAgC,MAAM,EAAE,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;SACF,CAAC;QAEF,yCAAyC;QAEzC;;;;;;WAMG;QACH,cAAc,EAAE,eAAe,CAAC;YAC9B,IAAI,EAAE;gBACJ,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;gBAClB,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;aAClC;YACD,OAAO,EAAE,KAAK,EACZ,GAAQ,EACR,EAAE,MAAM,EAAE,SAAS,EAA0C,EAC7D,EAAE;gBACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACnD,MAAM,kBAAkB,CAAC,GAAG,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;gBAE5D,QAAQ,MAAM,EAAE,CAAC;oBACf,KAAK,eAAe;wBAClB,MAAM,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,aAAa,EAAE;4BACxD,SAAS,EAAE,SAAU;yBACtB,CAAC,CAAC;wBACH,OAAO;oBAET;wBACE,MAAM,IAAI,KAAK,CAAC,mCAAmC,MAAM,EAAE,CAAC,CAAC;gBACjE,CAAC;YACH,CAAC;SACF,CAAC;QAEF,6BAA6B;QAE7B,MAAM,EAAE;YACN;;;eAGG;YACH,SAAS;YAET;;eAEG;YACH,aAAa,EAAE,CACb,IAAgB,EAChB,IAAqD,EACrD,EAAE;gBACF,MAAM,MAAM,GAAG,IAAI,EAAE,UAAU,IAAI,SAAS,CAAC;gBAE7C,sBAAsB;gBACtB,oBAAoB,CAAC,IAAI,EAAE,oBAAoB,EAAE;oBAC/C,UAAU,EAAE,MAAM;oBAClB,WAAW,EAAE,IAAI,EAAE,WAAW,IAAI,IAAI;iBACvC,CAAC,CAAC;YACL,CAAC;SACF;KACF,CAAC;AACJ,CAAC"}

package/src/server/portal.ts DELETED Viewed

@@ -1,375 +0,0 @@
-import {
-  queryGeneric,
-  mutationGeneric,
-  internalMutationGeneric,
-} from "convex/server";
-import type { HttpRouter } from "convex/server";
-import { v } from "convex/values";
-import type { ComponentApi as AuthComponentApi } from "../component/_generated/component.js";
-import { registerStaticRoutes } from "@convex-dev/self-hosting";
-// ============================================================================
-// Helpers
-// ============================================================================
-/**
- * Check if the authenticated user is a portal admin.
- * Portal admins are identified by having an accepted invite
- * with `role: "portalAdmin"`.
- */
-async function requirePortalAdmin(
-  ctx: any,
-  authComponent: AuthComponentApi,
-  userId: string,
-): Promise<void> {
-  const invites = await ctx.runQuery(authComponent.public.inviteList, {
-    status: "accepted",
-  });
-  const isAdmin = invites.some(
-    (invite: any) =>
-      invite.role === "portalAdmin" && invite.acceptedByUserId === userId,
-  );
-  if (!isAdmin) {
-    throw new Error("Not authorized: portal admin access required");
-  }
-}
-// ============================================================================
-// Portal() factory
-// ============================================================================
-/**
- * Configure the Convex Auth Portal. Returns all the functions needed to
- * serve the portal admin UI, manage invite links, and query auth data.
- *
- * The portal dogfoods the same `Auth()` instance as your app. Portal admins
- * sign in via email magic link and are identified by accepted invites with
- * `role: "portalAdmin"`.
- *
- * ```ts filename="convex/portal.ts"
- * import { Portal } from "@robelest/convex-auth/component";
- * import { auth } from "./auth";
- * import { components } from "./_generated/api";
- *
- * export const {
- *   hosting, getCurrentDeployment,
- *   portalQuery, portalMutation,
- *   validateInvite, acceptInvite, createPortalInvite,
- *   portal,
- * } = Portal(components.auth, components.selfHosting, auth);
- * ```
- *
- * ## Setup
- *
- * 1. Configure an email provider in your `Auth()` config (e.g. Resend).
- * 2. Generate an admin invite link:
- *    `npx @robelest/convex-auth portal link [--prod]`
- * 3. Visit the link, enter your email, click the magic link, and you're in.
- *
- * The portal URL is auto-derived from `CONVEX_SITE_URL` (always set by Convex).
- * Override with `options.portalUrl` if you need a custom URL.
- */
-export function Portal(
-  authComponent: AuthComponentApi,
-  selfHostingComponent: any,
-  auth: any,
-  options?: { portalUrl?: string },
-) {
-  const portalUrl =
-    options?.portalUrl ??
-    (process.env.CONVEX_SITE_URL
-      ? `${process.env.CONVEX_SITE_URL.replace(/\/$/, "")}/portal`
-      : "/portal");
-  return {
-    // ---- Self-hosting: combined internal mutation for CLI ----
-    /**
-     * Combined internal mutation for self-hosting operations.
-     * Used by the CLI (`@robelest/convex-auth portal upload`) to
-     * upload static assets and manage deployments.
-     */
-    hosting: internalMutationGeneric({
-      args: {
-        action: v.string(),
-        path: v.optional(v.string()),
-        storageId: v.optional(v.string()),
-        blobId: v.optional(v.string()),
-        contentType: v.optional(v.string()),
-        deploymentId: v.optional(v.string()),
-        currentDeploymentId: v.optional(v.string()),
-        limit: v.optional(v.number()),
-      },
-      handler: async (ctx: any, args: any) => {
-        switch (args.action) {
-          case "generateUploadUrl": {
-            return await ctx.storage.generateUploadUrl();
-          }
-          case "recordAsset": {
-            const { oldStorageId, oldBlobId } = await ctx.runMutation(
-              selfHostingComponent.lib.recordAsset,
-              {
-                path: args.path,
-                ...(args.storageId ? { storageId: args.storageId } : {}),
-                ...(args.blobId ? { blobId: args.blobId } : {}),
-                contentType: args.contentType,
-                deploymentId: args.deploymentId,
-              },
-            );
-            if (oldStorageId) {
-              try {
-                await ctx.storage.delete(oldStorageId);
-              } catch {
-                // Ignore — old file may have been in different storage
-              }
-            }
-            return oldBlobId ?? null;
-          }
-          case "gcOldAssets": {
-            const { storageIds, blobIds } = await ctx.runMutation(
-              selfHostingComponent.lib.gcOldAssets,
-              { currentDeploymentId: args.currentDeploymentId },
-            );
-            for (const storageId of storageIds) {
-              try {
-                await ctx.storage.delete(storageId);
-              } catch {
-                // Ignore
-              }
-            }
-            await ctx.runMutation(
-              selfHostingComponent.lib.setCurrentDeployment,
-              { deploymentId: args.currentDeploymentId },
-            );
-            return { deleted: storageIds.length, blobIds };
-          }
-          case "listAssets": {
-            return await ctx.runQuery(selfHostingComponent.lib.listAssets, {
-              limit: args.limit,
-            });
-          }
-          default:
-            throw new Error(`Unknown hosting action: ${args.action}`);
-        }
-      },
-    }),
-    // ---- Deployment query (public, for client live-reload) ----
-    getCurrentDeployment: queryGeneric({
-      args: {},
-      handler: async (ctx: any) => {
-        return await ctx.runQuery(
-          selfHostingComponent.lib.getCurrentDeployment,
-          {},
-        );
-      },
-    }),
-    // ---- Invite management ----
-    /**
-     * Validate an invite token. Returns the invite if valid and pending,
-     * or `null` otherwise. Used by the portal UI to check if an invite
-     * link is valid before showing the registration form.
-     */
-    validateInvite: queryGeneric({
-      args: { tokenHash: v.string() },
-      handler: async (ctx: any, { tokenHash }: { tokenHash: string }) => {
-        const invite = await ctx.runQuery(
-          authComponent.public.inviteGetByTokenHash,
-          { tokenHash },
-        );
-        if (!invite || invite.status !== "pending") {
-          return null;
-        }
-        if (invite.expiresTime && invite.expiresTime < Date.now()) {
-          return null;
-        }
-        return { _id: invite._id, role: invite.role };
-      },
-    }),
-    /**
-     * Accept a portal invite. Must be called by an authenticated user.
-     * Marks the invite as accepted and records the accepting user's ID.
-     *
-     * The portal UI calls this after the user has signed in via magic link
-     * following an invite link.
-     */
-    acceptInvite: mutationGeneric({
-      args: { tokenHash: v.string() },
-      handler: async (ctx: any, { tokenHash }: { tokenHash: string }) => {
-        const userId = await auth.user.require(ctx);
-        const invite = await ctx.runQuery(
-          authComponent.public.inviteGetByTokenHash,
-          { tokenHash },
-        );
-        if (!invite) {
-          throw new Error("Invalid invite token");
-        }
-        if (invite.status !== "pending") {
-          throw new Error(`Invite already ${invite.status}`);
-        }
-        if (invite.expiresTime && invite.expiresTime < Date.now()) {
-          throw new Error("Invite has expired");
-        }
-        await ctx.runMutation(authComponent.public.inviteAccept, {
-          inviteId: invite._id,
-          acceptedByUserId: userId,
-        });
-      },
-    }),
-    /**
-     * Create a portal admin invite. Internal mutation called by the CLI
-     * (`npx @robelest/convex-auth portal link`).
-     */
-    createPortalInvite: internalMutationGeneric({
-      args: { tokenHash: v.string() },
-      handler: async (ctx: any, { tokenHash }: { tokenHash: string }) => {
-        await ctx.runMutation(authComponent.public.inviteCreate, {
-          tokenHash,
-          role: "portalAdmin",
-          status: "pending" as const,
-        });
-        return { portalUrl };
-      },
-    }),
-    // ---- Portal data query (auth-gated) ----
-    /**
-     * Combined portal query for all auth data reads.
-     * Requires the caller to be an authenticated portal admin.
-     *
-     * Actions:
-     * - `listUsers` — List all users
-     * - `listSessions` — List all sessions
-     * - `getUser` — Get a single user by ID (requires `userId`)
-     * - `getUserSessions` — List sessions for a user (requires `userId`)
-     * - `getUserAccounts` — List auth accounts for a user (requires `userId`)
-     * - `isAdmin` — Check if the current user is a portal admin
-     */
-    portalQuery: queryGeneric({
-      args: {
-        action: v.string(),
-        userId: v.optional(v.string()),
-      },
-      handler: async (
-        ctx: any,
-        { action, userId }: { action: string; userId?: string },
-      ) => {
-        const currentUserId = await auth.user.require(ctx);
-        // Allow isAdmin check without admin requirement
-        if (action === "isAdmin") {
-          try {
-            await requirePortalAdmin(ctx, authComponent, currentUserId);
-            return true;
-          } catch {
-            return false;
-          }
-        }
-        await requirePortalAdmin(ctx, authComponent, currentUserId);
-        switch (action) {
-          case "listUsers":
-            return await ctx.runQuery(authComponent.public.userList);
-          case "listSessions":
-            return await ctx.runQuery(authComponent.public.sessionList);
-          case "getUser":
-            return await ctx.runQuery(authComponent.public.userGetById, {
-              userId: userId!,
-            });
-          case "getUserSessions":
-            return await ctx.runQuery(authComponent.public.sessionListByUser, {
-              userId: userId!,
-            });
-          case "getUserAccounts": {
-            const accounts = await ctx.runQuery(
-              authComponent.public.accountListByUser,
-              { userId: userId! },
-            );
-            // Strip secrets — never send password hashes to the frontend
-            return accounts.map(({ secret: _, ...rest }: any) => rest);
-          }
-          default:
-            throw new Error(`Unknown portal query action: ${action}`);
-        }
-      },
-    }),
-    // ---- Portal mutation (auth-gated) ----
-    /**
-     * Combined portal mutation for all auth data writes.
-     * Requires the caller to be an authenticated portal admin.
-     *
-     * Actions:
-     * - `revokeSession` — Revoke (delete) a session (requires `sessionId`)
-     */
-    portalMutation: mutationGeneric({
-      args: {
-        action: v.string(),
-        sessionId: v.optional(v.string()),
-      },
-      handler: async (
-        ctx: any,
-        { action, sessionId }: { action: string; sessionId?: string },
-      ) => {
-        const currentUserId = await auth.user.require(ctx);
-        await requirePortalAdmin(ctx, authComponent, currentUserId);
-        switch (action) {
-          case "revokeSession":
-            await ctx.runMutation(authComponent.public.sessionDelete, {
-              sessionId: sessionId!,
-            });
-            return;
-          default:
-            throw new Error(`Unknown portal mutation action: ${action}`);
-        }
-      },
-    }),
-    // ---- Portal namespace ----
-    portal: {
-      /**
-       * The URL where the portal is served. Used by the Svelte client
-       * as the `redirectTo` for magic link sign-in.
-       */
-      portalUrl,
-      /**
-       * Register HTTP routes that serve the portal static UI.
-       */
-      addHttpRoutes: (
-        http: HttpRouter,
-        opts?: { pathPrefix?: string; spaFallback?: boolean },
-      ) => {
-        const prefix = opts?.pathPrefix ?? "/portal";
-        // Static file serving
-        registerStaticRoutes(http, selfHostingComponent, {
-          pathPrefix: prefix,
-          spaFallback: opts?.spaFallback ?? true,
-        });
-      },
-    },
-  };
-}