@robelest/convex-auth 0.0.3-preview → 0.0.3-preview.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin.cjs +15 -15
- package/dist/client/index.d.ts +40 -12
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +73 -12
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/api.d.ts +2 -2
- package/dist/component/_generated/api.d.ts.map +1 -1
- package/dist/component/_generated/component.d.ts +1 -1
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/{portalBridge.d.ts → bridge.d.ts} +2 -2
- package/dist/component/bridge.d.ts.map +1 -0
- package/dist/component/{portalBridge.js → bridge.js} +2 -2
- package/dist/component/bridge.js.map +1 -0
- package/dist/component/index.d.ts +11 -4
- package/dist/component/index.d.ts.map +1 -1
- package/dist/component/index.js +8 -2
- package/dist/component/index.js.map +1 -1
- package/dist/component/public.d.ts +24 -17
- package/dist/component/public.d.ts.map +1 -1
- package/dist/component/public.js +23 -4
- package/dist/component/public.js.map +1 -1
- package/dist/component/schema.d.ts +11 -7
- package/dist/component/schema.d.ts.map +1 -1
- package/dist/component/schema.js +4 -1
- package/dist/component/schema.js.map +1 -1
- package/dist/providers/anonymous.d.ts +3 -0
- package/dist/providers/anonymous.d.ts.map +1 -1
- package/dist/providers/anonymous.js +3 -0
- package/dist/providers/anonymous.js.map +1 -1
- package/dist/providers/credentials.d.ts +3 -0
- package/dist/providers/credentials.d.ts.map +1 -1
- package/dist/providers/credentials.js +3 -0
- package/dist/providers/credentials.js.map +1 -1
- package/dist/providers/email.d.ts +3 -0
- package/dist/providers/email.d.ts.map +1 -1
- package/dist/providers/email.js +3 -0
- package/dist/providers/email.js.map +1 -1
- package/dist/providers/passkey.d.ts +7 -1
- package/dist/providers/passkey.d.ts.map +1 -1
- package/dist/providers/passkey.js +7 -1
- package/dist/providers/passkey.js.map +1 -1
- package/dist/providers/password.d.ts +3 -0
- package/dist/providers/password.d.ts.map +1 -1
- package/dist/providers/password.js +3 -0
- package/dist/providers/password.js.map +1 -1
- package/dist/providers/phone.d.ts +3 -0
- package/dist/providers/phone.d.ts.map +1 -1
- package/dist/providers/phone.js +3 -0
- package/dist/providers/phone.js.map +1 -1
- package/dist/providers/totp.d.ts +8 -0
- package/dist/providers/totp.d.ts.map +1 -1
- package/dist/providers/totp.js +8 -0
- package/dist/providers/totp.js.map +1 -1
- package/dist/server/{convex-auth.d.ts → auth.d.ts} +226 -36
- package/dist/server/auth.d.ts.map +1 -0
- package/dist/server/{convex-auth.js → auth.js} +287 -111
- package/dist/server/auth.js.map +1 -0
- package/dist/server/errors.d.ts +148 -0
- package/dist/server/errors.d.ts.map +1 -0
- package/dist/server/errors.js +179 -0
- package/dist/server/errors.js.map +1 -0
- package/dist/server/implementation/index.d.ts +170 -48
- package/dist/server/implementation/index.d.ts.map +1 -1
- package/dist/server/implementation/index.js +383 -167
- package/dist/server/implementation/index.js.map +1 -1
- package/dist/server/implementation/{apiKey.d.ts → keys.d.ts} +1 -1
- package/dist/server/implementation/keys.d.ts.map +1 -0
- package/dist/server/implementation/{apiKey.js → keys.js} +4 -5
- package/dist/server/implementation/keys.js.map +1 -0
- package/dist/server/implementation/mutations/{modifyAccount.d.ts → account.d.ts} +3 -3
- package/dist/server/implementation/mutations/account.d.ts.map +1 -0
- package/dist/server/implementation/mutations/{modifyAccount.js → account.js} +4 -3
- package/dist/server/implementation/mutations/account.js.map +1 -0
- package/dist/server/implementation/mutations/{createVerificationCode.d.ts → code.d.ts} +1 -1
- package/dist/server/implementation/mutations/code.d.ts.map +1 -0
- package/dist/server/implementation/mutations/{createVerificationCode.js → code.js} +2 -2
- package/dist/server/implementation/mutations/code.js.map +1 -0
- package/dist/server/implementation/mutations/index.d.ts +33 -33
- package/dist/server/implementation/mutations/index.d.ts.map +1 -1
- package/dist/server/implementation/mutations/index.js +22 -22
- package/dist/server/implementation/mutations/index.js.map +1 -1
- package/dist/server/implementation/mutations/{invalidateSessions.d.ts → invalidate.d.ts} +1 -1
- package/dist/server/implementation/mutations/invalidate.d.ts.map +1 -0
- package/dist/server/implementation/mutations/{invalidateSessions.js → invalidate.js} +2 -2
- package/dist/server/implementation/mutations/invalidate.js.map +1 -0
- package/dist/server/implementation/mutations/{userOAuth.d.ts → oauth.d.ts} +3 -3
- package/dist/server/implementation/mutations/oauth.d.ts.map +1 -0
- package/dist/server/implementation/mutations/{userOAuth.js → oauth.js} +4 -3
- package/dist/server/implementation/mutations/oauth.js.map +1 -0
- package/dist/server/implementation/mutations/{refreshSession.d.ts → refresh.d.ts} +1 -1
- package/dist/server/implementation/mutations/refresh.d.ts.map +1 -0
- package/dist/server/implementation/mutations/{refreshSession.js → refresh.js} +3 -3
- package/dist/server/implementation/mutations/refresh.js.map +1 -0
- package/dist/server/implementation/mutations/{createAccountFromCredentials.d.ts → register.d.ts} +4 -4
- package/dist/server/implementation/mutations/register.d.ts.map +1 -0
- package/dist/server/implementation/mutations/{createAccountFromCredentials.js → register.js} +4 -3
- package/dist/server/implementation/mutations/register.js.map +1 -0
- package/dist/server/implementation/mutations/{retrieveAccountWithCredentials.d.ts → retrieve.d.ts} +3 -3
- package/dist/server/implementation/mutations/retrieve.d.ts.map +1 -0
- package/dist/server/implementation/mutations/{retrieveAccountWithCredentials.js → retrieve.js} +3 -3
- package/dist/server/implementation/mutations/retrieve.js.map +1 -0
- package/dist/server/implementation/mutations/{verifierSignature.d.ts → signature.d.ts} +1 -1
- package/dist/server/implementation/mutations/signature.d.ts.map +1 -0
- package/dist/server/implementation/mutations/{verifierSignature.js → signature.js} +4 -3
- package/dist/server/implementation/mutations/signature.js.map +1 -0
- package/dist/server/implementation/mutations/{signIn.d.ts → signin.d.ts} +1 -1
- package/dist/server/implementation/mutations/{signIn.d.ts.map → signin.d.ts.map} +1 -1
- package/dist/server/implementation/mutations/{signIn.js → signin.js} +2 -2
- package/dist/server/implementation/mutations/{signIn.js.map → signin.js.map} +1 -1
- package/dist/server/implementation/mutations/{signOut.d.ts → signout.d.ts} +1 -1
- package/dist/server/implementation/mutations/{signOut.d.ts.map → signout.d.ts.map} +1 -1
- package/dist/server/implementation/mutations/{signOut.js → signout.js} +2 -2
- package/dist/server/implementation/mutations/{signOut.js.map → signout.js.map} +1 -1
- package/dist/server/implementation/mutations/{storeRef.d.ts → store.d.ts} +1 -1
- package/dist/server/implementation/mutations/store.d.ts.map +1 -0
- package/dist/server/implementation/mutations/{storeRef.js → store.js} +1 -1
- package/dist/server/implementation/mutations/store.js.map +1 -0
- package/dist/server/implementation/mutations/verifier.js +1 -1
- package/dist/server/implementation/mutations/verifier.js.map +1 -1
- package/dist/server/implementation/mutations/{verifyCodeAndSignIn.d.ts → verify.d.ts} +1 -1
- package/dist/server/implementation/mutations/verify.d.ts.map +1 -0
- package/dist/server/implementation/mutations/{verifyCodeAndSignIn.js → verify.js} +3 -3
- package/dist/server/implementation/mutations/verify.js.map +1 -0
- package/dist/server/implementation/passkey.d.ts.map +1 -1
- package/dist/server/implementation/passkey.js +47 -55
- package/dist/server/implementation/passkey.js.map +1 -1
- package/dist/server/implementation/provider.d.ts.map +1 -1
- package/dist/server/implementation/provider.js +5 -4
- package/dist/server/implementation/provider.js.map +1 -1
- package/dist/server/implementation/{rateLimit.d.ts → ratelimit.d.ts} +1 -1
- package/dist/server/implementation/{rateLimit.d.ts.map → ratelimit.d.ts.map} +1 -1
- package/dist/server/implementation/{rateLimit.js → ratelimit.js} +1 -1
- package/dist/server/implementation/{rateLimit.js.map → ratelimit.js.map} +1 -1
- package/dist/server/implementation/redirects.d.ts.map +1 -1
- package/dist/server/implementation/redirects.js +2 -1
- package/dist/server/implementation/redirects.js.map +1 -1
- package/dist/server/implementation/{refreshTokens.d.ts → refresh.d.ts} +1 -1
- package/dist/server/implementation/refresh.d.ts.map +1 -0
- package/dist/server/implementation/{refreshTokens.js → refresh.js} +3 -2
- package/dist/server/implementation/refresh.js.map +1 -0
- package/dist/server/implementation/sessions.js +1 -1
- package/dist/server/implementation/sessions.js.map +1 -1
- package/dist/server/implementation/{signIn.d.ts → signin.d.ts} +1 -1
- package/dist/server/implementation/{signIn.d.ts.map → signin.d.ts.map} +1 -1
- package/dist/server/implementation/{signIn.js → signin.js} +12 -8
- package/dist/server/implementation/signin.js.map +1 -0
- package/dist/server/implementation/totp.d.ts.map +1 -1
- package/dist/server/implementation/totp.js +29 -29
- package/dist/server/implementation/totp.js.map +1 -1
- package/dist/server/implementation/types.d.ts +131 -1
- package/dist/server/implementation/types.d.ts.map +1 -1
- package/dist/server/implementation/types.js +65 -1
- package/dist/server/implementation/types.js.map +1 -1
- package/dist/server/implementation/users.d.ts.map +1 -1
- package/dist/server/implementation/users.js +3 -2
- package/dist/server/implementation/users.js.map +1 -1
- package/dist/server/index.d.ts +131 -1
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +117 -1
- package/dist/server/index.js.map +1 -1
- package/dist/server/oauth/{authorizationUrl.d.ts → authorization.d.ts} +1 -1
- package/dist/server/oauth/authorization.d.ts.map +1 -0
- package/dist/server/oauth/{authorizationUrl.js → authorization.js} +4 -3
- package/dist/server/oauth/authorization.js.map +1 -0
- package/dist/server/oauth/callback.d.ts.map +1 -1
- package/dist/server/oauth/callback.js +7 -6
- package/dist/server/oauth/callback.js.map +1 -1
- package/dist/server/oauth/checks.d.ts.map +1 -1
- package/dist/server/oauth/checks.js +2 -1
- package/dist/server/oauth/checks.js.map +1 -1
- package/dist/server/oauth/{convexAuth.d.ts → helpers.d.ts} +1 -1
- package/dist/server/oauth/helpers.d.ts.map +1 -0
- package/dist/server/oauth/{convexAuth.js → helpers.js} +6 -5
- package/dist/server/oauth/helpers.js.map +1 -0
- package/dist/server/oauth/lib/utils/{customFetch.d.ts → fetch.d.ts} +1 -1
- package/dist/server/oauth/lib/utils/fetch.d.ts.map +1 -0
- package/dist/server/oauth/lib/utils/{customFetch.js → fetch.js} +1 -1
- package/dist/server/oauth/lib/utils/fetch.js.map +1 -0
- package/dist/server/{provider_utils.d.ts → providers.d.ts} +1 -1
- package/dist/server/providers.d.ts.map +1 -0
- package/dist/server/{provider_utils.js → providers.js} +1 -1
- package/dist/server/providers.js.map +1 -0
- package/dist/server/{email-templates.d.ts → templates.d.ts} +8 -1
- package/dist/server/templates.d.ts.map +1 -0
- package/dist/server/{portal-email.js → templates.js} +74 -3
- package/dist/server/templates.js.map +1 -0
- package/dist/server/types.d.ts +88 -5
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/utils.d.ts.map +1 -1
- package/dist/server/utils.js +2 -1
- package/dist/server/utils.js.map +1 -1
- package/dist/server/version.d.ts +1 -1
- package/dist/server/version.d.ts.map +1 -1
- package/dist/server/version.js +1 -1
- package/dist/server/version.js.map +1 -1
- package/package.json +5 -1
- package/src/cli/index.ts +5 -5
- package/src/cli/{portal-link.ts → link.ts} +1 -1
- package/src/cli/utils.ts +1 -1
- package/src/client/index.ts +102 -17
- package/src/component/_generated/api.ts +2 -2
- package/src/component/_generated/component.ts +1 -1
- package/src/component/{portalBridge.ts → bridge.ts} +2 -2
- package/src/component/index.ts +10 -2
- package/src/component/public.ts +25 -4
- package/src/component/schema.ts +4 -1
- package/src/providers/anonymous.ts +3 -0
- package/src/providers/credentials.ts +3 -0
- package/src/providers/email.ts +3 -0
- package/src/providers/passkey.ts +8 -1
- package/src/providers/password.ts +3 -0
- package/src/providers/phone.ts +3 -0
- package/src/providers/totp.ts +9 -0
- package/src/server/auth.ts +969 -0
- package/src/server/errors.ts +275 -0
- package/src/server/implementation/index.ts +370 -88
- package/src/server/implementation/{apiKey.ts → keys.ts} +7 -6
- package/src/server/implementation/mutations/{modifyAccount.ts → account.ts} +3 -4
- package/src/server/implementation/mutations/{createVerificationCode.ts → code.ts} +1 -1
- package/src/server/implementation/mutations/index.ts +22 -22
- package/src/server/implementation/mutations/{invalidateSessions.ts → invalidate.ts} +1 -1
- package/src/server/implementation/mutations/{userOAuth.ts → oauth.ts} +3 -2
- package/src/server/implementation/mutations/{refreshSession.ts → refresh.ts} +2 -2
- package/src/server/implementation/mutations/{createAccountFromCredentials.ts → register.ts} +3 -2
- package/src/server/implementation/mutations/{retrieveAccountWithCredentials.ts → retrieve.ts} +2 -2
- package/src/server/implementation/mutations/{verifierSignature.ts → signature.ts} +3 -2
- package/src/server/implementation/mutations/{signIn.ts → signin.ts} +1 -1
- package/src/server/implementation/mutations/{signOut.ts → signout.ts} +1 -1
- package/src/server/implementation/mutations/verifier.ts +1 -1
- package/src/server/implementation/mutations/{verifyCodeAndSignIn.ts → verify.ts} +2 -2
- package/src/server/implementation/passkey.ts +86 -116
- package/src/server/implementation/provider.ts +5 -8
- package/src/server/implementation/redirects.ts +2 -3
- package/src/server/implementation/{refreshTokens.ts → refresh.ts} +2 -1
- package/src/server/implementation/sessions.ts +1 -1
- package/src/server/implementation/{signIn.ts → signin.ts} +13 -11
- package/src/server/implementation/totp.ts +60 -84
- package/src/server/implementation/types.ts +316 -1
- package/src/server/implementation/users.ts +4 -7
- package/src/server/index.ts +142 -3
- package/src/server/oauth/{authorizationUrl.ts → authorization.ts} +3 -2
- package/src/server/oauth/callback.ts +7 -6
- package/src/server/oauth/checks.ts +3 -1
- package/src/server/oauth/{convexAuth.ts → helpers.ts} +8 -5
- package/src/server/{portal-email.ts → templates.ts} +78 -2
- package/src/server/types.ts +133 -4
- package/src/server/utils.ts +3 -1
- package/src/server/version.ts +1 -1
- package/dist/component/portalBridge.d.ts.map +0 -1
- package/dist/component/portalBridge.js.map +0 -1
- package/dist/server/convex-auth.d.ts.map +0 -1
- package/dist/server/convex-auth.js.map +0 -1
- package/dist/server/convex_types.d.ts +0 -17
- package/dist/server/convex_types.d.ts.map +0 -1
- package/dist/server/convex_types.js +0 -2
- package/dist/server/convex_types.js.map +0 -1
- package/dist/server/email-templates.d.ts.map +0 -1
- package/dist/server/email-templates.js +0 -74
- package/dist/server/email-templates.js.map +0 -1
- package/dist/server/implementation/apiKey.d.ts.map +0 -1
- package/dist/server/implementation/apiKey.js.map +0 -1
- package/dist/server/implementation/mutations/createAccountFromCredentials.d.ts.map +0 -1
- package/dist/server/implementation/mutations/createAccountFromCredentials.js.map +0 -1
- package/dist/server/implementation/mutations/createVerificationCode.d.ts.map +0 -1
- package/dist/server/implementation/mutations/createVerificationCode.js.map +0 -1
- package/dist/server/implementation/mutations/invalidateSessions.d.ts.map +0 -1
- package/dist/server/implementation/mutations/invalidateSessions.js.map +0 -1
- package/dist/server/implementation/mutations/modifyAccount.d.ts.map +0 -1
- package/dist/server/implementation/mutations/modifyAccount.js.map +0 -1
- package/dist/server/implementation/mutations/refreshSession.d.ts.map +0 -1
- package/dist/server/implementation/mutations/refreshSession.js.map +0 -1
- package/dist/server/implementation/mutations/retrieveAccountWithCredentials.d.ts.map +0 -1
- package/dist/server/implementation/mutations/retrieveAccountWithCredentials.js.map +0 -1
- package/dist/server/implementation/mutations/storeRef.d.ts.map +0 -1
- package/dist/server/implementation/mutations/storeRef.js.map +0 -1
- package/dist/server/implementation/mutations/userOAuth.d.ts.map +0 -1
- package/dist/server/implementation/mutations/userOAuth.js.map +0 -1
- package/dist/server/implementation/mutations/verifierSignature.d.ts.map +0 -1
- package/dist/server/implementation/mutations/verifierSignature.js.map +0 -1
- package/dist/server/implementation/mutations/verifyCodeAndSignIn.d.ts.map +0 -1
- package/dist/server/implementation/mutations/verifyCodeAndSignIn.js.map +0 -1
- package/dist/server/implementation/refreshTokens.d.ts.map +0 -1
- package/dist/server/implementation/refreshTokens.js.map +0 -1
- package/dist/server/implementation/signIn.js.map +0 -1
- package/dist/server/oauth/authorizationUrl.d.ts.map +0 -1
- package/dist/server/oauth/authorizationUrl.js.map +0 -1
- package/dist/server/oauth/convexAuth.d.ts.map +0 -1
- package/dist/server/oauth/convexAuth.js.map +0 -1
- package/dist/server/oauth/lib/utils/customFetch.d.ts.map +0 -1
- package/dist/server/oauth/lib/utils/customFetch.js.map +0 -1
- package/dist/server/portal-email.d.ts +0 -19
- package/dist/server/portal-email.d.ts.map +0 -1
- package/dist/server/portal-email.js.map +0 -1
- package/dist/server/provider_utils.d.ts.map +0 -1
- package/dist/server/provider_utils.js.map +0 -1
- package/src/server/convex-auth.ts +0 -602
- package/src/server/convex_types.ts +0 -55
- package/src/server/email-templates.ts +0 -77
- /package/src/cli/{generateKeys.ts → keys.ts} +0 -0
- /package/src/cli/{portal-upload.ts → upload.ts} +0 -0
- /package/src/server/implementation/mutations/{storeRef.ts → store.ts} +0 -0
- /package/src/server/implementation/{rateLimit.ts → ratelimit.ts} +0 -0
- /package/src/server/oauth/lib/utils/{customFetch.ts → fetch.ts} +0 -0
- /package/src/server/{provider_utils.ts → providers.ts} +0 -0
package/src/client/index.ts
CHANGED
|
@@ -1,10 +1,22 @@
|
|
|
1
1
|
import { ConvexHttpClient } from "convex/browser";
|
|
2
|
-
import { Value } from "convex/values";
|
|
2
|
+
import { ConvexError, Value } from "convex/values";
|
|
3
|
+
|
|
4
|
+
// Re-export error utilities so consumers can import from `@robelest/convex-auth/client`.
|
|
5
|
+
export {
|
|
6
|
+
isAuthError,
|
|
7
|
+
parseAuthError,
|
|
8
|
+
AUTH_ERRORS,
|
|
9
|
+
type AuthErrorCode,
|
|
10
|
+
} from "../server/errors.js";
|
|
3
11
|
|
|
4
12
|
/**
|
|
5
13
|
* Structural interface for any Convex client.
|
|
6
|
-
* Satisfied by
|
|
7
|
-
* `ConvexReactClient` (`convex/react`).
|
|
14
|
+
* Satisfied by `ConvexClient` (`convex/browser`),
|
|
15
|
+
* `ConvexReactClient` (`convex/react`), and similar transports.
|
|
16
|
+
*
|
|
17
|
+
* `clearAuth` is present on `ConvexReactClient` and `BaseConvexClient`
|
|
18
|
+
* but not on the simplified `ConvexClient`. When available we call it
|
|
19
|
+
* during sign-out for a clean deauthentication.
|
|
8
20
|
*/
|
|
9
21
|
interface ConvexTransport {
|
|
10
22
|
action(action: any, args: any): Promise<any>;
|
|
@@ -14,7 +26,7 @@ interface ConvexTransport {
|
|
|
14
26
|
}) => Promise<string | null | undefined>,
|
|
15
27
|
onChange?: (isAuthenticated: boolean) => void,
|
|
16
28
|
): void;
|
|
17
|
-
clearAuth(): void;
|
|
29
|
+
clearAuth?(): void;
|
|
18
30
|
}
|
|
19
31
|
|
|
20
32
|
/** Pluggable key-value storage (defaults to `localStorage`). */
|
|
@@ -31,17 +43,32 @@ type AuthSession = {
|
|
|
31
43
|
refreshToken: string;
|
|
32
44
|
};
|
|
33
45
|
|
|
34
|
-
|
|
46
|
+
/**
|
|
47
|
+
* Result of a `signIn` call.
|
|
48
|
+
*
|
|
49
|
+
* - `signingIn: true` — credentials were accepted and the user is authenticated.
|
|
50
|
+
* - `redirect` — OAuth flow initiated; redirect the user to `redirect.toString()`.
|
|
51
|
+
* - `totpRequired` — credentials valid but 2FA is needed; call `auth.totp.verify()`.
|
|
52
|
+
* - `verifier` — opaque string for multi-step flows (TOTP, passkey).
|
|
53
|
+
*/
|
|
54
|
+
export type SignInResult = {
|
|
55
|
+
/** `true` when sign-in completed and the user is authenticated. */
|
|
35
56
|
signingIn: boolean;
|
|
57
|
+
/** OAuth redirect URL. Present when the provider requires a browser redirect. */
|
|
36
58
|
redirect?: URL;
|
|
59
|
+
/** `true` when the account has TOTP enabled and a code is required. */
|
|
37
60
|
totpRequired?: boolean;
|
|
61
|
+
/** Opaque verifier for multi-step flows (pass to `totp.verify` or passkey phase 2). */
|
|
38
62
|
verifier?: string;
|
|
39
63
|
};
|
|
40
64
|
|
|
41
65
|
/** Reactive auth state snapshot returned by `auth.state` and `auth.onChange`. */
|
|
42
66
|
export type AuthState = {
|
|
67
|
+
/** `true` during initial hydration before the first token is resolved. */
|
|
43
68
|
isLoading: boolean;
|
|
69
|
+
/** `true` when a valid JWT exists (user is signed in). */
|
|
44
70
|
isAuthenticated: boolean;
|
|
71
|
+
/** The raw JWT string, or `null` when not authenticated. */
|
|
45
72
|
token: string | null;
|
|
46
73
|
};
|
|
47
74
|
|
|
@@ -110,14 +137,17 @@ function resolveUrl(convex: ConvexTransport, explicit?: string): string {
|
|
|
110
137
|
/**
|
|
111
138
|
* Create a framework-agnostic auth client.
|
|
112
139
|
*
|
|
140
|
+
* Returns an object with `signIn`, `signOut`, `onChange`, `state`,
|
|
141
|
+
* `passkey`, and `totp` — everything needed for client-side auth.
|
|
142
|
+
*
|
|
113
143
|
* ### SPA mode (default)
|
|
114
144
|
*
|
|
115
145
|
* ```ts
|
|
116
|
-
* import { ConvexClient } from 'convex/browser'
|
|
117
|
-
* import { client } from '
|
|
146
|
+
* import { ConvexClient } from 'convex/browser';
|
|
147
|
+
* import { client } from '@robelest/convex-auth/client';
|
|
118
148
|
*
|
|
119
|
-
* const convex = new ConvexClient(CONVEX_URL)
|
|
120
|
-
* const auth = client({ convex })
|
|
149
|
+
* const convex = new ConvexClient(CONVEX_URL);
|
|
150
|
+
* const auth = client({ convex });
|
|
121
151
|
* ```
|
|
122
152
|
*
|
|
123
153
|
* ### SSR / proxy mode
|
|
@@ -126,13 +156,16 @@ function resolveUrl(convex: ConvexTransport, explicit?: string): string {
|
|
|
126
156
|
* const auth = client({
|
|
127
157
|
* convex,
|
|
128
158
|
* proxy: '/api/auth',
|
|
129
|
-
*
|
|
130
|
-
* })
|
|
159
|
+
* token: tokenFromServer, // JWT read from httpOnly cookie during SSR
|
|
160
|
+
* });
|
|
131
161
|
* ```
|
|
132
162
|
*
|
|
133
163
|
* In proxy mode all auth operations go through the proxy URL.
|
|
134
164
|
* Tokens are stored in httpOnly cookies server-side — the client
|
|
135
|
-
*
|
|
165
|
+
* holds the JWT in memory only.
|
|
166
|
+
*
|
|
167
|
+
* @param options - Client configuration. See {@link ClientOptions}.
|
|
168
|
+
* @returns Auth client with `signIn`, `signOut`, `onChange`, `state`, `passkey`, and `totp`.
|
|
136
169
|
*/
|
|
137
170
|
export function client(options: ClientOptions) {
|
|
138
171
|
const { convex, proxy } = options;
|
|
@@ -266,9 +299,19 @@ export function client(options: ClientOptions) {
|
|
|
266
299
|
body: JSON.stringify(body),
|
|
267
300
|
});
|
|
268
301
|
if (!response.ok) {
|
|
269
|
-
const
|
|
302
|
+
const errorBody = await response.json().catch(() => ({} as Record<string, unknown>));
|
|
303
|
+
// Reconstruct ConvexError when the proxy forwards structured auth error data.
|
|
304
|
+
if (
|
|
305
|
+
typeof errorBody === "object" &&
|
|
306
|
+
errorBody !== null &&
|
|
307
|
+
"authError" in errorBody &&
|
|
308
|
+
typeof (errorBody as Record<string, unknown>).authError === "object"
|
|
309
|
+
) {
|
|
310
|
+
throw new ConvexError((errorBody as Record<string, unknown>).authError as Value);
|
|
311
|
+
}
|
|
270
312
|
throw new Error(
|
|
271
|
-
(
|
|
313
|
+
(errorBody as Record<string, unknown>).error as string ??
|
|
314
|
+
`Proxy request failed: ${response.status}`,
|
|
272
315
|
);
|
|
273
316
|
}
|
|
274
317
|
return response.json();
|
|
@@ -319,6 +362,33 @@ export function client(options: ClientOptions) {
|
|
|
319
362
|
// signIn
|
|
320
363
|
// ---------------------------------------------------------------------------
|
|
321
364
|
|
|
365
|
+
/**
|
|
366
|
+
* Sign in with a provider.
|
|
367
|
+
*
|
|
368
|
+
* @param provider - Provider ID (e.g. `"email"`, `"password"`, `"google"`).
|
|
369
|
+
* Omit when exchanging an OAuth code (the code carries the provider info).
|
|
370
|
+
* @param args - Provider-specific arguments. Pass a `Record<string, Value>`
|
|
371
|
+
* or `FormData`. Common fields: `email`, `password`, `code`, `redirectTo`.
|
|
372
|
+
* @returns A {@link SignInResult} indicating the outcome.
|
|
373
|
+
*
|
|
374
|
+
* @example Email magic link
|
|
375
|
+
* ```ts
|
|
376
|
+
* await auth.signIn('email', { email: 'user@example.com' });
|
|
377
|
+
* ```
|
|
378
|
+
*
|
|
379
|
+
* @example Password
|
|
380
|
+
* ```ts
|
|
381
|
+
* const result = await auth.signIn('password', { email, password, flow: 'signIn' });
|
|
382
|
+
* if (result.totpRequired) {
|
|
383
|
+
* await auth.totp.verify({ code: totpCode, verifier: result.verifier! });
|
|
384
|
+
* }
|
|
385
|
+
* ```
|
|
386
|
+
*
|
|
387
|
+
* @example OAuth (triggers redirect)
|
|
388
|
+
* ```ts
|
|
389
|
+
* await auth.signIn('google'); // redirects to Google
|
|
390
|
+
* ```
|
|
391
|
+
*/
|
|
322
392
|
const signIn = async (
|
|
323
393
|
provider?: string,
|
|
324
394
|
args?: FormData | Record<string, Value>,
|
|
@@ -397,6 +467,13 @@ export function client(options: ClientOptions) {
|
|
|
397
467
|
// signOut
|
|
398
468
|
// ---------------------------------------------------------------------------
|
|
399
469
|
|
|
470
|
+
/**
|
|
471
|
+
* Sign out the current user.
|
|
472
|
+
*
|
|
473
|
+
* Invalidates the server session and clears local token state.
|
|
474
|
+
* Errors are silently caught — calling `signOut` on an already
|
|
475
|
+
* signed-out user is a no-op.
|
|
476
|
+
*/
|
|
400
477
|
const signOut = async () => {
|
|
401
478
|
if (proxy) {
|
|
402
479
|
try {
|
|
@@ -405,6 +482,7 @@ export function client(options: ClientOptions) {
|
|
|
405
482
|
// Already signed out is fine.
|
|
406
483
|
}
|
|
407
484
|
await setToken({ shouldStore: false, tokens: null });
|
|
485
|
+
if (convex.clearAuth) convex.clearAuth();
|
|
408
486
|
return;
|
|
409
487
|
}
|
|
410
488
|
|
|
@@ -415,6 +493,7 @@ export function client(options: ClientOptions) {
|
|
|
415
493
|
// Already signed out is fine.
|
|
416
494
|
}
|
|
417
495
|
await setToken({ shouldStore: true, tokens: null });
|
|
496
|
+
if (convex.clearAuth) convex.clearAuth();
|
|
418
497
|
};
|
|
419
498
|
|
|
420
499
|
// ---------------------------------------------------------------------------
|
|
@@ -509,12 +588,15 @@ export function client(options: ClientOptions) {
|
|
|
509
588
|
// ---------------------------------------------------------------------------
|
|
510
589
|
|
|
511
590
|
/**
|
|
512
|
-
* Subscribe to auth state changes.
|
|
513
|
-
* with the current state
|
|
591
|
+
* Subscribe to auth state changes. Invokes the callback immediately
|
|
592
|
+
* with the current state, then again on every state transition.
|
|
514
593
|
*
|
|
515
594
|
* ```ts
|
|
516
|
-
* const unsub = auth.onChange(setState)
|
|
595
|
+
* const unsub = auth.onChange(setState);
|
|
517
596
|
* ```
|
|
597
|
+
*
|
|
598
|
+
* @param cb - Callback receiving the latest {@link AuthState}.
|
|
599
|
+
* @returns An unsubscribe function.
|
|
518
600
|
*/
|
|
519
601
|
const onChange = (cb: (state: AuthState) => void): (() => void) => {
|
|
520
602
|
cb(snapshot);
|
|
@@ -1040,8 +1122,11 @@ export function client(options: ClientOptions) {
|
|
|
1040
1122
|
get state(): AuthState {
|
|
1041
1123
|
return snapshot;
|
|
1042
1124
|
},
|
|
1125
|
+
/** Sign in with a provider. See {@link SignInResult} for return shape. */
|
|
1043
1126
|
signIn,
|
|
1127
|
+
/** Sign out and clear all token state. */
|
|
1044
1128
|
signOut,
|
|
1129
|
+
/** Subscribe to auth state changes. Returns an unsubscribe function. */
|
|
1045
1130
|
onChange,
|
|
1046
1131
|
/** Passkey (WebAuthn) authentication helpers. */
|
|
1047
1132
|
passkey,
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
*/
|
|
10
10
|
|
|
11
11
|
import type * as index from "../index.js";
|
|
12
|
-
import type * as
|
|
12
|
+
import type * as bridge from "../bridge.js";
|
|
13
13
|
import type * as public_ from "../public.js";
|
|
14
14
|
|
|
15
15
|
import type {
|
|
@@ -21,7 +21,7 @@ import { anyApi, componentsGeneric } from "convex/server";
|
|
|
21
21
|
|
|
22
22
|
const fullApi: ApiFromModules<{
|
|
23
23
|
index: typeof index;
|
|
24
|
-
|
|
24
|
+
bridge: typeof bridge;
|
|
25
25
|
public: typeof public_;
|
|
26
26
|
}> = anyApi as any;
|
|
27
27
|
|
|
@@ -4,11 +4,11 @@
|
|
|
4
4
|
* The auth component uses self-hosting as a sub-component for serving
|
|
5
5
|
* portal static assets. These functions expose the self-hosting API
|
|
6
6
|
* as internal queries/mutations within the auth component, so the
|
|
7
|
-
* app layer can call them via `ctx.runQuery(components.auth.
|
|
7
|
+
* app layer can call them via `ctx.runQuery(components.auth.bridge.getByPath, ...)`.
|
|
8
8
|
*/
|
|
9
9
|
|
|
10
10
|
import { v } from "convex/values";
|
|
11
|
-
import { query, mutation
|
|
11
|
+
import { query, mutation } from "./_generated/server.js";
|
|
12
12
|
import { components } from "./_generated/api.js";
|
|
13
13
|
|
|
14
14
|
// ============================================================================
|
package/src/component/index.ts
CHANGED
|
@@ -9,13 +9,19 @@
|
|
|
9
9
|
*/
|
|
10
10
|
|
|
11
11
|
export {
|
|
12
|
+
/**
|
|
13
|
+
* The low-level factory function used internally by the `Auth` class.
|
|
14
|
+
* Re-exported as `AuthFactory` to avoid naming conflicts with the
|
|
15
|
+
* `Auth` class (the recommended public API). Prefer `new Auth(...)`.
|
|
16
|
+
*/
|
|
12
17
|
Auth as AuthFactory,
|
|
13
18
|
Tokens,
|
|
14
19
|
Doc,
|
|
15
20
|
SignInAction,
|
|
16
21
|
SignOutAction,
|
|
17
22
|
} from "../server/implementation/index.js";
|
|
18
|
-
export { Auth, Portal } from "../server/
|
|
23
|
+
export { Auth, Portal, AuthCtx } from "../server/auth.js";
|
|
24
|
+
export type { AuthCtxConfig, InferAuth, UserDoc } from "../server/auth.js";
|
|
19
25
|
export type {
|
|
20
26
|
ConvexAuthConfig,
|
|
21
27
|
AuthProviderConfig,
|
|
@@ -31,5 +37,7 @@ export type {
|
|
|
31
37
|
KeyScope,
|
|
32
38
|
ScopeChecker,
|
|
33
39
|
KeyRecord,
|
|
40
|
+
HttpKeyContext,
|
|
41
|
+
CorsConfig,
|
|
34
42
|
} from "../server/types.js";
|
|
35
|
-
export type { GenericDoc } from "../server/
|
|
43
|
+
export type { GenericDoc } from "../server/types.js";
|
package/src/component/public.ts
CHANGED
|
@@ -588,6 +588,7 @@ export const groupCreate = mutation({
|
|
|
588
588
|
args: {
|
|
589
589
|
name: v.string(),
|
|
590
590
|
slug: v.optional(v.string()),
|
|
591
|
+
type: v.optional(v.string()),
|
|
591
592
|
parentGroupId: v.optional(v.id("group")),
|
|
592
593
|
extend: v.optional(v.any()),
|
|
593
594
|
},
|
|
@@ -605,12 +606,32 @@ export const groupGet = query({
|
|
|
605
606
|
});
|
|
606
607
|
|
|
607
608
|
/**
|
|
608
|
-
* List groups.
|
|
609
|
-
*
|
|
609
|
+
* List groups. Supports filtering by `type`, `parentGroupId`, or both.
|
|
610
|
+
*
|
|
611
|
+
* - Both provided → compound index `typeAndParentGroupId`
|
|
612
|
+
* - Only `type` → `type` index
|
|
613
|
+
* - Only `parentGroupId` (or neither) → `parentGroupId` index (original behaviour)
|
|
610
614
|
*/
|
|
611
615
|
export const groupList = query({
|
|
612
|
-
args: {
|
|
613
|
-
|
|
616
|
+
args: {
|
|
617
|
+
type: v.optional(v.string()),
|
|
618
|
+
parentGroupId: v.optional(v.id("group")),
|
|
619
|
+
},
|
|
620
|
+
handler: async (ctx, { type, parentGroupId }) => {
|
|
621
|
+
if (type !== undefined && parentGroupId !== undefined) {
|
|
622
|
+
return await ctx.db
|
|
623
|
+
.query("group")
|
|
624
|
+
.withIndex("typeAndParentGroupId", (q) =>
|
|
625
|
+
q.eq("type", type).eq("parentGroupId", parentGroupId),
|
|
626
|
+
)
|
|
627
|
+
.collect();
|
|
628
|
+
}
|
|
629
|
+
if (type !== undefined) {
|
|
630
|
+
return await ctx.db
|
|
631
|
+
.query("group")
|
|
632
|
+
.withIndex("type", (q) => q.eq("type", type))
|
|
633
|
+
.collect();
|
|
634
|
+
}
|
|
614
635
|
return await ctx.db
|
|
615
636
|
.query("group")
|
|
616
637
|
.withIndex("parentGroupId", (q) => q.eq("parentGroupId", parentGroupId))
|
package/src/component/schema.ts
CHANGED
|
@@ -168,11 +168,14 @@ export default defineSchema({
|
|
|
168
168
|
group: defineTable({
|
|
169
169
|
name: v.string(),
|
|
170
170
|
slug: v.optional(v.string()),
|
|
171
|
+
type: v.optional(v.string()),
|
|
171
172
|
parentGroupId: v.optional(v.id("group")),
|
|
172
173
|
extend: v.optional(v.any()),
|
|
173
174
|
})
|
|
174
175
|
.index("slug", ["slug"])
|
|
175
|
-
.index("parentGroupId", ["parentGroupId"])
|
|
176
|
+
.index("parentGroupId", ["parentGroupId"])
|
|
177
|
+
.index("type", ["type"])
|
|
178
|
+
.index("typeAndParentGroupId", ["type", "parentGroupId"]),
|
|
176
179
|
|
|
177
180
|
/**
|
|
178
181
|
* Group membership. Links a user to a group with an application-defined
|
|
@@ -56,6 +56,9 @@ export interface AnonymousConfig<DataModel extends GenericDataModel> {
|
|
|
56
56
|
* An anonymous authentication provider.
|
|
57
57
|
*
|
|
58
58
|
* This provider doesn't require any user-provided information.
|
|
59
|
+
*
|
|
60
|
+
* @param config - Optional overrides (custom ID, profile, etc.).
|
|
61
|
+
* @returns A `ConvexCredentialsConfig` to include in your `providers` array.
|
|
59
62
|
*/
|
|
60
63
|
export default function anonymous<DataModel extends GenericDataModel>(
|
|
61
64
|
config: AnonymousConfig<DataModel> = {},
|
|
@@ -94,6 +94,9 @@ export interface CredentialsUserConfig<
|
|
|
94
94
|
/**
|
|
95
95
|
* The Credentials provider allows you to handle signing in with arbitrary credentials,
|
|
96
96
|
* such as a username and password, domain, or two factor authentication or hardware device (e.g. YubiKey U2F / FIDO).
|
|
97
|
+
*
|
|
98
|
+
* @param config - Credential-specific options (authorize callback, profile, etc.).
|
|
99
|
+
* @returns A `ConvexCredentialsConfig` to include in your `providers` array.
|
|
97
100
|
*/
|
|
98
101
|
export default function credentials<DataModel extends GenericDataModel>(
|
|
99
102
|
config: CredentialsUserConfig<DataModel>,
|
package/src/providers/email.ts
CHANGED
|
@@ -30,6 +30,9 @@ import { EmailConfig, EmailUserConfig } from "../server/types.js";
|
|
|
30
30
|
* ```
|
|
31
31
|
*
|
|
32
32
|
* Make sure the token has high enough entropy to be secure.
|
|
33
|
+
*
|
|
34
|
+
* @param config - Email provider options including `sendVerificationRequest`.
|
|
35
|
+
* @returns An `EmailConfig` to include in your `providers` array.
|
|
33
36
|
*/
|
|
34
37
|
export default function email<DataModel extends GenericDataModel>(
|
|
35
38
|
config: EmailUserConfig<DataModel> &
|
package/src/providers/passkey.ts
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Passkey (WebAuthn) authentication provider.
|
|
3
|
+
*
|
|
4
|
+
* @module
|
|
5
|
+
*/
|
|
6
|
+
|
|
1
7
|
import { PasskeyProviderConfig } from "../server/types.js";
|
|
2
8
|
|
|
3
9
|
/**
|
|
@@ -15,7 +21,8 @@ import { PasskeyProviderConfig } from "../server/types.js";
|
|
|
15
21
|
* });
|
|
16
22
|
* ```
|
|
17
23
|
*
|
|
18
|
-
* @param config Optional
|
|
24
|
+
* @param config - Optional relying party and credential options.
|
|
25
|
+
* @returns A `PasskeyProviderConfig` to include in your `providers` array.
|
|
19
26
|
*/
|
|
20
27
|
export default function passkey(
|
|
21
28
|
config?: Partial<PasskeyProviderConfig["options"]>,
|
|
@@ -105,6 +105,9 @@ export interface PasswordConfig<DataModel extends GenericDataModel> {
|
|
|
105
105
|
*
|
|
106
106
|
* Email verification is not required unless you pass
|
|
107
107
|
* an email provider to the `verify` option.
|
|
108
|
+
*
|
|
109
|
+
* @param config - Password options (custom ID, crypto, verify, profile, etc.).
|
|
110
|
+
* @returns A `ConvexCredentialsConfig` to include in your `providers` array.
|
|
108
111
|
*/
|
|
109
112
|
export default function password<DataModel extends GenericDataModel>(
|
|
110
113
|
config: PasswordConfig<DataModel> = {},
|
package/src/providers/phone.ts
CHANGED
|
@@ -19,6 +19,9 @@ import { PhoneConfig, PhoneUserConfig } from "../server/types.js";
|
|
|
19
19
|
* When you use this function to create your config, it
|
|
20
20
|
* checks that there is a `phone` field during token verification
|
|
21
21
|
* that matches the `phone` used during the initial `signIn` call.
|
|
22
|
+
*
|
|
23
|
+
* @param config - Phone provider options including `sendVerificationRequest`.
|
|
24
|
+
* @returns A `PhoneConfig` to include in your `providers` array.
|
|
22
25
|
*/
|
|
23
26
|
export default function phone<DataModel extends GenericDataModel>(
|
|
24
27
|
config: PhoneUserConfig & Pick<PhoneConfig, "sendVerificationRequest">,
|
package/src/providers/totp.ts
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TOTP (Time-based One-Time Password) two-factor authentication provider.
|
|
3
|
+
*
|
|
4
|
+
* @module
|
|
5
|
+
*/
|
|
6
|
+
|
|
1
7
|
import { TotpProviderConfig } from "../server/types.js";
|
|
2
8
|
|
|
3
9
|
/**
|
|
@@ -10,6 +16,9 @@ import { TotpProviderConfig } from "../server/types.js";
|
|
|
10
16
|
* providers: [TOTP({ issuer: "My App" })],
|
|
11
17
|
* });
|
|
12
18
|
* ```
|
|
19
|
+
*
|
|
20
|
+
* @param config - TOTP options: issuer name, digit count, and period.
|
|
21
|
+
* @returns A `TotpProviderConfig` to include in your `providers` array.
|
|
13
22
|
*/
|
|
14
23
|
export default function totp(
|
|
15
24
|
config?: Partial<TotpProviderConfig["options"]>,
|