@robelest/convex-auth 0.0.4-preview.13 → 0.0.4-preview.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +140 -9
- package/dist/bin.cjs +5957 -5478
- package/dist/client/index.d.ts +3 -7
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +27 -26
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/api.d.ts +14 -0
- package/dist/component/_generated/api.d.ts.map +1 -1
- package/dist/component/_generated/api.js.map +1 -1
- package/dist/component/_generated/component.d.ts +1672 -24
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/convex.config.d.ts.map +1 -1
- package/dist/component/index.d.ts +1 -1
- package/dist/component/index.js +2 -2
- package/dist/component/model.d.ts +153 -0
- package/dist/component/model.d.ts.map +1 -0
- package/dist/component/model.js +343 -0
- package/dist/component/model.js.map +1 -0
- package/dist/component/providers/sso.d.ts +1 -1
- package/dist/component/public/enterprise.d.ts +54 -0
- package/dist/component/public/enterprise.d.ts.map +1 -0
- package/dist/component/public/enterprise.js +515 -0
- package/dist/component/public/enterprise.js.map +1 -0
- package/dist/component/public/factors.d.ts +52 -0
- package/dist/component/public/factors.d.ts.map +1 -0
- package/dist/component/public/factors.js +285 -0
- package/dist/component/public/factors.js.map +1 -0
- package/dist/component/public/groups.d.ts +116 -0
- package/dist/component/public/groups.d.ts.map +1 -0
- package/dist/component/public/groups.js +596 -0
- package/dist/component/public/groups.js.map +1 -0
- package/dist/component/public/identity.d.ts +93 -0
- package/dist/component/public/identity.d.ts.map +1 -0
- package/dist/component/public/identity.js +426 -0
- package/dist/component/public/identity.js.map +1 -0
- package/dist/component/public/keys.d.ts +41 -0
- package/dist/component/public/keys.d.ts.map +1 -0
- package/dist/component/public/keys.js +157 -0
- package/dist/component/public/keys.js.map +1 -0
- package/dist/component/public/shared.d.ts +26 -0
- package/dist/component/public/shared.d.ts.map +1 -0
- package/dist/component/public/shared.js +32 -0
- package/dist/component/public/shared.js.map +1 -0
- package/dist/component/public.d.ts +9 -321
- package/dist/component/public.d.ts.map +1 -1
- package/dist/component/public.js +6 -2145
- package/dist/component/schema.d.ts +406 -260
- package/dist/component/schema.js +37 -32
- package/dist/component/schema.js.map +1 -1
- package/dist/component/server/auth.d.ts +161 -15
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +100 -7
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/cookies.js +3 -0
- package/dist/component/server/cookies.js.map +1 -1
- package/dist/component/server/db.js +1 -0
- package/dist/component/server/db.js.map +1 -1
- package/dist/component/server/device.js +3 -1
- package/dist/component/server/device.js.map +1 -1
- package/dist/component/server/domains/core.js +629 -0
- package/dist/component/server/domains/core.js.map +1 -0
- package/dist/component/server/domains/sso.js +884 -0
- package/dist/component/server/domains/sso.js.map +1 -0
- package/dist/component/server/factory.d.ts +136 -0
- package/dist/component/server/factory.d.ts.map +1 -0
- package/dist/component/server/factory.js +1134 -0
- package/dist/component/server/factory.js.map +1 -0
- package/dist/component/server/fx.js +2 -1
- package/dist/component/server/fx.js.map +1 -1
- package/dist/component/server/http.js +287 -0
- package/dist/component/server/http.js.map +1 -0
- package/dist/component/server/identity.js +13 -0
- package/dist/component/server/identity.js.map +1 -0
- package/dist/component/server/keys.js +4 -0
- package/dist/component/server/keys.js.map +1 -1
- package/dist/component/server/mutations/account.js +1 -1
- package/dist/component/server/mutations/index.js +2 -2
- package/dist/component/server/mutations/index.js.map +1 -1
- package/dist/component/server/mutations/invalidate.js +1 -1
- package/dist/component/server/mutations/oauth.js +10 -7
- package/dist/component/server/mutations/oauth.js.map +1 -1
- package/dist/component/server/mutations/refresh.js +1 -1
- package/dist/component/server/mutations/register.js +1 -1
- package/dist/component/server/mutations/retrieve.js +1 -1
- package/dist/component/server/mutations/signature.js +1 -1
- package/dist/component/server/mutations/store.js +6 -3
- package/dist/component/server/mutations/store.js.map +1 -1
- package/dist/component/server/mutations/verify.js +1 -1
- package/dist/component/server/oauth.js +3 -0
- package/dist/component/server/oauth.js.map +1 -1
- package/dist/component/server/passkey.js +3 -2
- package/dist/component/server/passkey.js.map +1 -1
- package/dist/component/server/provider.js +2 -0
- package/dist/component/server/provider.js.map +1 -1
- package/dist/component/server/providers.js +10 -0
- package/dist/component/server/providers.js.map +1 -1
- package/dist/component/server/ratelimit.js +3 -0
- package/dist/component/server/ratelimit.js.map +1 -1
- package/dist/component/server/redirects.js +2 -0
- package/dist/component/server/redirects.js.map +1 -1
- package/dist/component/server/refresh.js +5 -0
- package/dist/component/server/refresh.js.map +1 -1
- package/dist/component/server/sessions.js +5 -0
- package/dist/component/server/sessions.js.map +1 -1
- package/dist/component/server/signin.js +2 -1
- package/dist/component/server/signin.js.map +1 -1
- package/dist/component/server/sso.js +166 -19
- package/dist/component/server/sso.js.map +1 -1
- package/dist/component/server/tokens.js +1 -0
- package/dist/component/server/tokens.js.map +1 -1
- package/dist/component/server/totp.js +4 -2
- package/dist/component/server/totp.js.map +1 -1
- package/dist/component/server/types.d.ts +106 -38
- package/dist/component/server/types.d.ts.map +1 -1
- package/dist/component/server/types.js.map +1 -1
- package/dist/component/server/users.js +1 -0
- package/dist/component/server/users.js.map +1 -1
- package/dist/component/server/utils.js +44 -2
- package/dist/component/server/utils.js.map +1 -1
- package/dist/providers/anonymous.d.ts +1 -1
- package/dist/providers/credentials.d.ts +1 -1
- package/dist/providers/password.d.ts +1 -1
- package/dist/providers/sso.d.ts +1 -1
- package/dist/providers/sso.js.map +1 -1
- package/dist/server/auth.d.ts +163 -17
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +100 -7
- package/dist/server/auth.js.map +1 -1
- package/dist/server/cookies.d.ts +1 -38
- package/dist/server/cookies.js +3 -0
- package/dist/server/cookies.js.map +1 -1
- package/dist/server/db.d.ts +1 -125
- package/dist/server/db.js +1 -0
- package/dist/server/db.js.map +1 -1
- package/dist/server/device.d.ts +1 -24
- package/dist/server/device.js +3 -1
- package/dist/server/device.js.map +1 -1
- package/dist/server/domains/core.d.ts +434 -0
- package/dist/server/domains/core.d.ts.map +1 -0
- package/dist/server/domains/core.js +629 -0
- package/dist/server/domains/core.js.map +1 -0
- package/dist/server/domains/sso.d.ts +409 -0
- package/dist/server/domains/sso.d.ts.map +1 -0
- package/dist/server/domains/sso.js +884 -0
- package/dist/server/domains/sso.js.map +1 -0
- package/dist/server/enterpriseValidators.d.ts +1 -0
- package/dist/server/enterpriseValidators.js +60 -0
- package/dist/server/enterpriseValidators.js.map +1 -0
- package/dist/server/factory.d.ts +136 -0
- package/dist/server/factory.d.ts.map +1 -0
- package/dist/server/factory.js +1134 -0
- package/dist/server/factory.js.map +1 -0
- package/dist/server/fx.d.ts +1 -16
- package/dist/server/fx.d.ts.map +1 -1
- package/dist/server/fx.js +1 -0
- package/dist/server/fx.js.map +1 -1
- package/dist/server/http.d.ts +59 -0
- package/dist/server/http.d.ts.map +1 -0
- package/dist/server/http.js +287 -0
- package/dist/server/http.js.map +1 -0
- package/dist/server/identity.d.ts +1 -0
- package/dist/server/identity.js +13 -0
- package/dist/server/identity.js.map +1 -0
- package/dist/server/index.d.ts +468 -1
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +530 -36
- package/dist/server/index.js.map +1 -1
- package/dist/server/keys.d.ts +1 -57
- package/dist/server/keys.js +4 -0
- package/dist/server/keys.js.map +1 -1
- package/dist/server/mutations/account.d.ts +7 -7
- package/dist/server/mutations/account.d.ts.map +1 -1
- package/dist/server/mutations/code.d.ts +13 -13
- package/dist/server/mutations/code.d.ts.map +1 -1
- package/dist/server/mutations/index.d.ts +107 -107
- package/dist/server/mutations/index.d.ts.map +1 -1
- package/dist/server/mutations/index.js +1 -1
- package/dist/server/mutations/index.js.map +1 -1
- package/dist/server/mutations/invalidate.d.ts +5 -5
- package/dist/server/mutations/invalidate.d.ts.map +1 -1
- package/dist/server/mutations/oauth.d.ts +10 -10
- package/dist/server/mutations/oauth.d.ts.map +1 -1
- package/dist/server/mutations/oauth.js +9 -6
- package/dist/server/mutations/oauth.js.map +1 -1
- package/dist/server/mutations/refresh.d.ts +4 -4
- package/dist/server/mutations/register.d.ts +12 -12
- package/dist/server/mutations/register.d.ts.map +1 -1
- package/dist/server/mutations/retrieve.d.ts +7 -7
- package/dist/server/mutations/signature.d.ts +5 -5
- package/dist/server/mutations/signin.d.ts +6 -6
- package/dist/server/mutations/signin.d.ts.map +1 -1
- package/dist/server/mutations/signout.d.ts +1 -1
- package/dist/server/mutations/store.d.ts +3 -2
- package/dist/server/mutations/store.d.ts.map +1 -1
- package/dist/server/mutations/store.js +6 -3
- package/dist/server/mutations/store.js.map +1 -1
- package/dist/server/mutations/verifier.d.ts +1 -1
- package/dist/server/mutations/verify.d.ts +11 -11
- package/dist/server/mutations/verify.d.ts.map +1 -1
- package/dist/server/oauth.d.ts +1 -59
- package/dist/server/oauth.js +3 -0
- package/dist/server/oauth.js.map +1 -1
- package/dist/server/passkey.d.ts.map +1 -1
- package/dist/server/passkey.js +3 -2
- package/dist/server/passkey.js.map +1 -1
- package/dist/server/provider.d.ts +1 -14
- package/dist/server/provider.d.ts.map +1 -1
- package/dist/server/provider.js +2 -0
- package/dist/server/provider.js.map +1 -1
- package/dist/server/providers.js +10 -0
- package/dist/server/providers.js.map +1 -1
- package/dist/server/ratelimit.d.ts +1 -22
- package/dist/server/ratelimit.js +3 -0
- package/dist/server/ratelimit.js.map +1 -1
- package/dist/server/redirects.d.ts +1 -10
- package/dist/server/redirects.js +2 -0
- package/dist/server/redirects.js.map +1 -1
- package/dist/server/refresh.d.ts +1 -37
- package/dist/server/refresh.js +5 -0
- package/dist/server/refresh.js.map +1 -1
- package/dist/server/sessions.d.ts +1 -28
- package/dist/server/sessions.js +5 -0
- package/dist/server/sessions.js.map +1 -1
- package/dist/server/signin.d.ts +1 -55
- package/dist/server/signin.js +2 -1
- package/dist/server/signin.js.map +1 -1
- package/dist/server/sso.d.ts +1 -348
- package/dist/server/sso.js +165 -18
- package/dist/server/sso.js.map +1 -1
- package/dist/server/templates.d.ts +1 -21
- package/dist/server/templates.js +1 -0
- package/dist/server/templates.js.map +1 -1
- package/dist/server/tokens.d.ts +1 -11
- package/dist/server/tokens.js +1 -0
- package/dist/server/tokens.js.map +1 -1
- package/dist/server/totp.d.ts +1 -23
- package/dist/server/totp.js +4 -2
- package/dist/server/totp.js.map +1 -1
- package/dist/server/types.d.ts +114 -77
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/types.js.map +1 -1
- package/dist/server/users.d.ts +1 -31
- package/dist/server/users.js +1 -0
- package/dist/server/users.js.map +1 -1
- package/dist/server/utils.d.ts +1 -27
- package/dist/server/utils.js +44 -2
- package/dist/server/utils.js.map +1 -1
- package/dist/server/version.d.ts +1 -1
- package/dist/server/version.js +1 -1
- package/dist/server/version.js.map +1 -1
- package/package.json +4 -5
- package/src/cli/bin.ts +5 -0
- package/src/cli/index.ts +22 -9
- package/src/cli/keys.ts +3 -0
- package/src/client/index.ts +36 -37
- package/src/component/_generated/api.ts +14 -0
- package/src/component/_generated/component.ts +2106 -9
- package/src/component/index.ts +3 -1
- package/src/component/model.ts +441 -0
- package/src/component/public/enterprise.ts +753 -0
- package/src/component/public/factors.ts +332 -0
- package/src/component/public/groups.ts +932 -0
- package/src/component/public/identity.ts +566 -0
- package/src/component/public/keys.ts +209 -0
- package/src/component/public/shared.ts +119 -0
- package/src/component/public.ts +5 -2965
- package/src/component/schema.ts +68 -63
- package/src/providers/sso.ts +1 -1
- package/src/server/auth.ts +413 -18
- package/src/server/cookies.ts +3 -0
- package/src/server/db.ts +3 -0
- package/src/server/device.ts +3 -1
- package/src/server/domains/core.ts +1071 -0
- package/src/server/domains/sso.ts +1749 -0
- package/src/server/enterpriseValidators.ts +93 -0
- package/src/server/factory.ts +2181 -0
- package/src/server/fx.ts +1 -0
- package/src/server/http.ts +529 -0
- package/src/server/identity.ts +18 -0
- package/src/server/index.ts +806 -40
- package/src/server/keys.ts +4 -0
- package/src/server/mutations/index.ts +1 -1
- package/src/server/mutations/oauth.ts +36 -8
- package/src/server/mutations/store.ts +6 -3
- package/src/server/oauth.ts +6 -0
- package/src/server/passkey.ts +3 -2
- package/src/server/provider.ts +2 -0
- package/src/server/providers.ts +20 -0
- package/src/server/ratelimit.ts +3 -0
- package/src/server/redirects.ts +2 -0
- package/src/server/refresh.ts +5 -0
- package/src/server/sessions.ts +5 -0
- package/src/server/signin.ts +1 -0
- package/src/server/sso.ts +259 -17
- package/src/server/templates.ts +1 -0
- package/src/server/tokens.ts +1 -0
- package/src/server/totp.ts +4 -2
- package/src/server/types.ts +178 -83
- package/src/server/users.ts +1 -0
- package/src/server/utils.ts +71 -1
- package/src/server/version.ts +1 -1
- package/dist/component/public.js.map +0 -1
- package/dist/component/server/implementation.d.ts +0 -1264
- package/dist/component/server/implementation.d.ts.map +0 -1
- package/dist/component/server/implementation.js +0 -2365
- package/dist/component/server/implementation.js.map +0 -1
- package/dist/server/cookies.d.ts.map +0 -1
- package/dist/server/db.d.ts.map +0 -1
- package/dist/server/device.d.ts.map +0 -1
- package/dist/server/implementation.d.ts +0 -1264
- package/dist/server/implementation.d.ts.map +0 -1
- package/dist/server/implementation.js +0 -2365
- package/dist/server/implementation.js.map +0 -1
- package/dist/server/keys.d.ts.map +0 -1
- package/dist/server/oauth.d.ts.map +0 -1
- package/dist/server/ratelimit.d.ts.map +0 -1
- package/dist/server/redirects.d.ts.map +0 -1
- package/dist/server/refresh.d.ts.map +0 -1
- package/dist/server/sessions.d.ts.map +0 -1
- package/dist/server/signin.d.ts.map +0 -1
- package/dist/server/sso.d.ts.map +0 -1
- package/dist/server/templates.d.ts.map +0 -1
- package/dist/server/tokens.d.ts.map +0 -1
- package/dist/server/totp.d.ts.map +0 -1
- package/dist/server/users.d.ts.map +0 -1
- package/dist/server/utils.d.ts.map +0 -1
- package/src/server/implementation.ts +0 -5336
|
@@ -0,0 +1,932 @@
|
|
|
1
|
+
import {
|
|
2
|
+
ConvexError,
|
|
3
|
+
Id,
|
|
4
|
+
mutation,
|
|
5
|
+
normalizeTag,
|
|
6
|
+
normalizeTags,
|
|
7
|
+
query,
|
|
8
|
+
TagPair,
|
|
9
|
+
v,
|
|
10
|
+
vGroupDoc,
|
|
11
|
+
vGroupInviteDoc,
|
|
12
|
+
vGroupMemberDoc,
|
|
13
|
+
vInviteAcceptByTokenResult,
|
|
14
|
+
vInviteStatus,
|
|
15
|
+
vPaginated,
|
|
16
|
+
vTag,
|
|
17
|
+
} from "./shared";
|
|
18
|
+
|
|
19
|
+
// ============================================================================
|
|
20
|
+
// Groups
|
|
21
|
+
// ============================================================================
|
|
22
|
+
|
|
23
|
+
/**
|
|
24
|
+
* Create a new group. Groups are hierarchical — set `parentGroupId` to nest
|
|
25
|
+
* under an existing group, or omit it to create a root-level group.
|
|
26
|
+
*
|
|
27
|
+
* @returns The ID of the newly created group.
|
|
28
|
+
*/
|
|
29
|
+
export const groupCreate = mutation({
|
|
30
|
+
args: {
|
|
31
|
+
name: v.string(),
|
|
32
|
+
slug: v.optional(v.string()),
|
|
33
|
+
type: v.optional(v.string()),
|
|
34
|
+
parentGroupId: v.optional(v.id("Group")),
|
|
35
|
+
tags: v.optional(v.array(vTag)),
|
|
36
|
+
extend: v.optional(v.any()),
|
|
37
|
+
},
|
|
38
|
+
returns: v.id("Group"),
|
|
39
|
+
handler: async (ctx, args) => {
|
|
40
|
+
const { tags: rawTags, ...rest } = args;
|
|
41
|
+
const normalizedTags = rawTags ? normalizeTags(rawTags) : undefined;
|
|
42
|
+
const groupId = await ctx.db.insert("Group", {
|
|
43
|
+
...rest,
|
|
44
|
+
tags: normalizedTags,
|
|
45
|
+
});
|
|
46
|
+
// Sync companion group_tag rows
|
|
47
|
+
if (normalizedTags) {
|
|
48
|
+
for (const tag of normalizedTags) {
|
|
49
|
+
await ctx.db.insert("GroupTag", {
|
|
50
|
+
group_id: groupId,
|
|
51
|
+
key: tag.key,
|
|
52
|
+
value: tag.value,
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
return groupId;
|
|
57
|
+
},
|
|
58
|
+
});
|
|
59
|
+
|
|
60
|
+
/** Retrieve a group by its document ID. Returns `null` if not found. */
|
|
61
|
+
export const groupGet = query({
|
|
62
|
+
args: { groupId: v.id("Group") },
|
|
63
|
+
returns: v.union(vGroupDoc, v.null()),
|
|
64
|
+
handler: async (ctx, { groupId }) => {
|
|
65
|
+
return await ctx.db.get("Group", groupId);
|
|
66
|
+
},
|
|
67
|
+
});
|
|
68
|
+
|
|
69
|
+
/**
|
|
70
|
+
* List groups with optional filtering, sorting, and pagination.
|
|
71
|
+
*
|
|
72
|
+
* Returns `{ items, nextCursor }`. Empty `where` returns **all** groups.
|
|
73
|
+
*/
|
|
74
|
+
export const groupList = query({
|
|
75
|
+
args: {
|
|
76
|
+
where: v.optional(
|
|
77
|
+
v.object({
|
|
78
|
+
slug: v.optional(v.string()),
|
|
79
|
+
type: v.optional(v.string()),
|
|
80
|
+
parentGroupId: v.optional(v.id("Group")),
|
|
81
|
+
name: v.optional(v.string()),
|
|
82
|
+
isRoot: v.optional(v.boolean()),
|
|
83
|
+
tagsAll: v.optional(v.array(vTag)),
|
|
84
|
+
tagsAny: v.optional(v.array(vTag)),
|
|
85
|
+
}),
|
|
86
|
+
),
|
|
87
|
+
limit: v.optional(v.number()),
|
|
88
|
+
cursor: v.optional(v.union(v.string(), v.null())),
|
|
89
|
+
orderBy: v.optional(
|
|
90
|
+
v.union(
|
|
91
|
+
v.literal("_creationTime"),
|
|
92
|
+
v.literal("name"),
|
|
93
|
+
v.literal("slug"),
|
|
94
|
+
v.literal("type"),
|
|
95
|
+
),
|
|
96
|
+
),
|
|
97
|
+
order: v.optional(v.union(v.literal("asc"), v.literal("desc"))),
|
|
98
|
+
},
|
|
99
|
+
returns: vPaginated(vGroupDoc),
|
|
100
|
+
handler: async (ctx, args) => {
|
|
101
|
+
const where = args.where ?? {};
|
|
102
|
+
const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);
|
|
103
|
+
const order = args.order ?? "desc";
|
|
104
|
+
|
|
105
|
+
// ---- Resolve tag filters into a Set<Id<"Group">> ----
|
|
106
|
+
let tagFilteredIds: Set<string> | null = null;
|
|
107
|
+
|
|
108
|
+
if (where.tagsAll && where.tagsAll.length > 0) {
|
|
109
|
+
// Intersect: group must have ALL specified tags
|
|
110
|
+
let allSet: Set<string> | null = null;
|
|
111
|
+
for (const rawTag of where.tagsAll) {
|
|
112
|
+
const t = normalizeTag(rawTag);
|
|
113
|
+
const rows = await ctx.db
|
|
114
|
+
.query("GroupTag")
|
|
115
|
+
.withIndex("by_key_value", (idx) =>
|
|
116
|
+
idx.eq("key", t.key).eq("value", t.value),
|
|
117
|
+
)
|
|
118
|
+
.collect();
|
|
119
|
+
const ids = new Set(rows.map((r) => r.group_id as string));
|
|
120
|
+
if (allSet === null) {
|
|
121
|
+
allSet = ids;
|
|
122
|
+
} else {
|
|
123
|
+
// Intersect
|
|
124
|
+
for (const id of allSet) {
|
|
125
|
+
if (!ids.has(id)) allSet.delete(id);
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
// Short-circuit: empty intersection
|
|
129
|
+
if (allSet.size === 0) break;
|
|
130
|
+
}
|
|
131
|
+
tagFilteredIds = allSet ?? new Set();
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
if (where.tagsAny && where.tagsAny.length > 0) {
|
|
135
|
+
// Union: group must have at least one of the specified tags
|
|
136
|
+
const anySet = new Set<string>();
|
|
137
|
+
for (const rawTag of where.tagsAny) {
|
|
138
|
+
const t = normalizeTag(rawTag);
|
|
139
|
+
const rows = await ctx.db
|
|
140
|
+
.query("GroupTag")
|
|
141
|
+
.withIndex("by_key_value", (idx) =>
|
|
142
|
+
idx.eq("key", t.key).eq("value", t.value),
|
|
143
|
+
)
|
|
144
|
+
.collect();
|
|
145
|
+
for (const r of rows) {
|
|
146
|
+
anySet.add(r.group_id as string);
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
if (tagFilteredIds !== null) {
|
|
150
|
+
// AND with tagsAll result
|
|
151
|
+
for (const id of tagFilteredIds) {
|
|
152
|
+
if (!anySet.has(id)) tagFilteredIds.delete(id);
|
|
153
|
+
}
|
|
154
|
+
} else {
|
|
155
|
+
tagFilteredIds = anySet;
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
// ---- Pick best index based on non-tag where fields ----
|
|
160
|
+
let q;
|
|
161
|
+
if (where.type !== undefined && where.parentGroupId !== undefined) {
|
|
162
|
+
q = ctx.db
|
|
163
|
+
.query("Group")
|
|
164
|
+
.withIndex("type_parent_group_id", (idx) =>
|
|
165
|
+
idx.eq("type", where.type!).eq("parentGroupId", where.parentGroupId!),
|
|
166
|
+
);
|
|
167
|
+
} else if (where.slug !== undefined) {
|
|
168
|
+
q = ctx.db
|
|
169
|
+
.query("Group")
|
|
170
|
+
.withIndex("slug", (idx) => idx.eq("slug", where.slug!));
|
|
171
|
+
} else if (where.type !== undefined) {
|
|
172
|
+
q = ctx.db
|
|
173
|
+
.query("Group")
|
|
174
|
+
.withIndex("type", (idx) => idx.eq("type", where.type!));
|
|
175
|
+
} else if (where.parentGroupId !== undefined) {
|
|
176
|
+
q = ctx.db
|
|
177
|
+
.query("Group")
|
|
178
|
+
.withIndex("parent_group_id", (idx) =>
|
|
179
|
+
idx.eq("parentGroupId", where.parentGroupId!),
|
|
180
|
+
);
|
|
181
|
+
} else {
|
|
182
|
+
q = ctx.db.query("Group");
|
|
183
|
+
}
|
|
184
|
+
|
|
185
|
+
// Apply remaining non-tag filters not covered by index
|
|
186
|
+
if (where.name !== undefined) {
|
|
187
|
+
q = q.filter((f) => f.eq(f.field("name"), where.name!));
|
|
188
|
+
}
|
|
189
|
+
if (where.isRoot === true) {
|
|
190
|
+
q = q.filter((f) => f.eq(f.field("parentGroupId"), undefined));
|
|
191
|
+
} else if (where.isRoot === false) {
|
|
192
|
+
q = q.filter((f) => f.neq(f.field("parentGroupId"), undefined));
|
|
193
|
+
}
|
|
194
|
+
// slug filter when not used as index
|
|
195
|
+
if (where.slug !== undefined && where.type !== undefined) {
|
|
196
|
+
q = q.filter((f) => f.eq(f.field("slug"), where.slug!));
|
|
197
|
+
}
|
|
198
|
+
|
|
199
|
+
q = q.order(order);
|
|
200
|
+
|
|
201
|
+
let all = await q.collect();
|
|
202
|
+
|
|
203
|
+
// Apply tag filter (intersect with resolved groupIds)
|
|
204
|
+
if (tagFilteredIds !== null) {
|
|
205
|
+
all = all.filter((doc) => tagFilteredIds!.has(doc._id as string));
|
|
206
|
+
}
|
|
207
|
+
|
|
208
|
+
// Cursor-based pagination
|
|
209
|
+
let startIdx = 0;
|
|
210
|
+
if (args.cursor) {
|
|
211
|
+
const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);
|
|
212
|
+
if (cursorIdx !== -1) {
|
|
213
|
+
startIdx = cursorIdx + 1;
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
const page = all.slice(startIdx, startIdx + limit + 1);
|
|
217
|
+
const hasMore = page.length > limit;
|
|
218
|
+
const items = hasMore ? page.slice(0, limit) : page;
|
|
219
|
+
const nextCursor = hasMore ? items[items.length - 1]._id : null;
|
|
220
|
+
return { items, nextCursor };
|
|
221
|
+
},
|
|
222
|
+
});
|
|
223
|
+
|
|
224
|
+
/** Update a group's fields (name, slug, tags, extend, parentGroupId). */
|
|
225
|
+
export const groupUpdate = mutation({
|
|
226
|
+
args: { groupId: v.id("Group"), data: v.any() },
|
|
227
|
+
returns: v.null(),
|
|
228
|
+
handler: async (ctx, { groupId, data }) => {
|
|
229
|
+
// If tags are being updated, normalize and replace the full tag set
|
|
230
|
+
if (data.tags !== undefined) {
|
|
231
|
+
const normalizedTags: TagPair[] = Array.isArray(data.tags)
|
|
232
|
+
? normalizeTags(data.tags as TagPair[])
|
|
233
|
+
: [];
|
|
234
|
+
// Delete existing group_tag rows for this group
|
|
235
|
+
const existingTags = await ctx.db
|
|
236
|
+
.query("GroupTag")
|
|
237
|
+
.withIndex("by_group", (idx) => idx.eq("group_id", groupId))
|
|
238
|
+
.collect();
|
|
239
|
+
for (const existing of existingTags) {
|
|
240
|
+
await ctx.db.delete("GroupTag", existing._id);
|
|
241
|
+
}
|
|
242
|
+
// Insert new normalized group_tag rows
|
|
243
|
+
for (const tag of normalizedTags) {
|
|
244
|
+
await ctx.db.insert("GroupTag", {
|
|
245
|
+
group_id: groupId,
|
|
246
|
+
key: tag.key,
|
|
247
|
+
value: tag.value,
|
|
248
|
+
});
|
|
249
|
+
}
|
|
250
|
+
// Patch group with normalized tags (empty array = clear all)
|
|
251
|
+
await ctx.db.patch("Group", groupId, {
|
|
252
|
+
...data,
|
|
253
|
+
tags: normalizedTags.length > 0 ? normalizedTags : undefined,
|
|
254
|
+
});
|
|
255
|
+
} else {
|
|
256
|
+
await ctx.db.patch("Group", groupId, data);
|
|
257
|
+
}
|
|
258
|
+
return null;
|
|
259
|
+
},
|
|
260
|
+
});
|
|
261
|
+
|
|
262
|
+
/**
|
|
263
|
+
* Delete a group and all of its descendants. This cascades to:
|
|
264
|
+
* - All child groups (recursively)
|
|
265
|
+
* - All members of this group and its descendants
|
|
266
|
+
* - All invites for this group and its descendants
|
|
267
|
+
*/
|
|
268
|
+
export const groupDelete = mutation({
|
|
269
|
+
args: { groupId: v.id("Group") },
|
|
270
|
+
returns: v.null(),
|
|
271
|
+
handler: async (ctx, { groupId }) => {
|
|
272
|
+
const deleteGroup = async (id: typeof groupId) => {
|
|
273
|
+
const children = await ctx.db
|
|
274
|
+
.query("Group")
|
|
275
|
+
.withIndex("parent_group_id", (q) => q.eq("parentGroupId", id))
|
|
276
|
+
.collect();
|
|
277
|
+
for (const child of children) {
|
|
278
|
+
await deleteGroup(child._id);
|
|
279
|
+
}
|
|
280
|
+
|
|
281
|
+
const members = await ctx.db
|
|
282
|
+
.query("GroupMember")
|
|
283
|
+
.withIndex("group_id", (q) => q.eq("groupId", id))
|
|
284
|
+
.collect();
|
|
285
|
+
for (const member of members) {
|
|
286
|
+
await ctx.db.delete("GroupMember", member._id);
|
|
287
|
+
}
|
|
288
|
+
|
|
289
|
+
const invites = await ctx.db
|
|
290
|
+
.query("GroupInvite")
|
|
291
|
+
.withIndex("group_id", (q) => q.eq("groupId", id))
|
|
292
|
+
.collect();
|
|
293
|
+
for (const invite of invites) {
|
|
294
|
+
await ctx.db.delete("GroupInvite", invite._id);
|
|
295
|
+
}
|
|
296
|
+
|
|
297
|
+
// Delete companion group_tag rows
|
|
298
|
+
const tags = await ctx.db
|
|
299
|
+
.query("GroupTag")
|
|
300
|
+
.withIndex("by_group", (q) => q.eq("group_id", id))
|
|
301
|
+
.collect();
|
|
302
|
+
for (const tag of tags) {
|
|
303
|
+
await ctx.db.delete("GroupTag", tag._id);
|
|
304
|
+
}
|
|
305
|
+
|
|
306
|
+
await ctx.db.delete("Group", id);
|
|
307
|
+
};
|
|
308
|
+
|
|
309
|
+
await deleteGroup(groupId);
|
|
310
|
+
return null;
|
|
311
|
+
},
|
|
312
|
+
});
|
|
313
|
+
|
|
314
|
+
// ============================================================================
|
|
315
|
+
// Members
|
|
316
|
+
// ============================================================================
|
|
317
|
+
|
|
318
|
+
/**
|
|
319
|
+
* Add a user as a member of a group.
|
|
320
|
+
*
|
|
321
|
+
* The `roleIds` field stores application-defined role identifiers. The auth
|
|
322
|
+
* component stores assignments but does not enforce access control — your
|
|
323
|
+
* application defines what each role means.
|
|
324
|
+
*
|
|
325
|
+
* Throws `ConvexError` with code `DUPLICATE_MEMBERSHIP` when the user is
|
|
326
|
+
* already a member of the target group.
|
|
327
|
+
*
|
|
328
|
+
* @returns The ID of the new member record.
|
|
329
|
+
*/
|
|
330
|
+
export const memberAdd = mutation({
|
|
331
|
+
args: {
|
|
332
|
+
groupId: v.id("Group"),
|
|
333
|
+
userId: v.id("User"),
|
|
334
|
+
roleIds: v.optional(v.array(v.string())),
|
|
335
|
+
status: v.optional(v.string()),
|
|
336
|
+
extend: v.optional(v.any()),
|
|
337
|
+
},
|
|
338
|
+
returns: v.id("GroupMember"),
|
|
339
|
+
handler: async (ctx, args) => {
|
|
340
|
+
const existingMembership = await ctx.db
|
|
341
|
+
.query("GroupMember")
|
|
342
|
+
.withIndex("group_id_user_id", (q) =>
|
|
343
|
+
q.eq("groupId", args.groupId).eq("userId", args.userId),
|
|
344
|
+
)
|
|
345
|
+
.unique();
|
|
346
|
+
if (existingMembership !== null) {
|
|
347
|
+
throw new ConvexError({
|
|
348
|
+
code: "DUPLICATE_MEMBERSHIP",
|
|
349
|
+
message: "User is already a member of this group",
|
|
350
|
+
groupId: args.groupId,
|
|
351
|
+
userId: args.userId,
|
|
352
|
+
existingMemberId: existingMembership._id,
|
|
353
|
+
});
|
|
354
|
+
}
|
|
355
|
+
return await ctx.db.insert("GroupMember", args);
|
|
356
|
+
},
|
|
357
|
+
});
|
|
358
|
+
|
|
359
|
+
/** Retrieve a member record by its document ID. Returns `null` if not found. */
|
|
360
|
+
export const memberGet = query({
|
|
361
|
+
args: { memberId: v.id("GroupMember") },
|
|
362
|
+
returns: v.union(vGroupMemberDoc, v.null()),
|
|
363
|
+
handler: async (ctx, { memberId }) => {
|
|
364
|
+
return await ctx.db.get("GroupMember", memberId);
|
|
365
|
+
},
|
|
366
|
+
});
|
|
367
|
+
|
|
368
|
+
/**
|
|
369
|
+
* List members with optional filtering, sorting, and pagination.
|
|
370
|
+
*
|
|
371
|
+
* Returns `{ items, nextCursor }`. Supports filtering by `groupId`,
|
|
372
|
+
* `userId`, `roleId`, and `status`.
|
|
373
|
+
*/
|
|
374
|
+
export const memberList = query({
|
|
375
|
+
args: {
|
|
376
|
+
where: v.optional(
|
|
377
|
+
v.object({
|
|
378
|
+
groupId: v.optional(v.id("Group")),
|
|
379
|
+
userId: v.optional(v.id("User")),
|
|
380
|
+
roleId: v.optional(v.string()),
|
|
381
|
+
status: v.optional(v.string()),
|
|
382
|
+
}),
|
|
383
|
+
),
|
|
384
|
+
limit: v.optional(v.number()),
|
|
385
|
+
cursor: v.optional(v.union(v.string(), v.null())),
|
|
386
|
+
orderBy: v.optional(
|
|
387
|
+
v.union(v.literal("_creationTime"), v.literal("status")),
|
|
388
|
+
),
|
|
389
|
+
order: v.optional(v.union(v.literal("asc"), v.literal("desc"))),
|
|
390
|
+
},
|
|
391
|
+
returns: vPaginated(vGroupMemberDoc),
|
|
392
|
+
handler: async (ctx, args) => {
|
|
393
|
+
const where = args.where ?? {};
|
|
394
|
+
const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);
|
|
395
|
+
const order = args.order ?? "desc";
|
|
396
|
+
|
|
397
|
+
let q;
|
|
398
|
+
if (where.groupId !== undefined && where.userId !== undefined) {
|
|
399
|
+
q = ctx.db
|
|
400
|
+
.query("GroupMember")
|
|
401
|
+
.withIndex("group_id_user_id", (idx) =>
|
|
402
|
+
idx.eq("groupId", where.groupId!).eq("userId", where.userId!),
|
|
403
|
+
);
|
|
404
|
+
} else if (where.groupId !== undefined) {
|
|
405
|
+
q = ctx.db
|
|
406
|
+
.query("GroupMember")
|
|
407
|
+
.withIndex("group_id", (idx) => idx.eq("groupId", where.groupId!));
|
|
408
|
+
} else if (where.userId !== undefined) {
|
|
409
|
+
q = ctx.db
|
|
410
|
+
.query("GroupMember")
|
|
411
|
+
.withIndex("user_id", (idx) => idx.eq("userId", where.userId!));
|
|
412
|
+
} else {
|
|
413
|
+
q = ctx.db.query("GroupMember");
|
|
414
|
+
}
|
|
415
|
+
|
|
416
|
+
if (where.status !== undefined) {
|
|
417
|
+
q = q.filter((f) => f.eq(f.field("status"), where.status!));
|
|
418
|
+
}
|
|
419
|
+
|
|
420
|
+
q = q.order(order);
|
|
421
|
+
|
|
422
|
+
let all = await q.collect();
|
|
423
|
+
if (where.roleId !== undefined) {
|
|
424
|
+
all = all.filter((doc) => (doc.roleIds ?? []).includes(where.roleId!));
|
|
425
|
+
}
|
|
426
|
+
let startIdx = 0;
|
|
427
|
+
if (args.cursor) {
|
|
428
|
+
const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);
|
|
429
|
+
if (cursorIdx !== -1) {
|
|
430
|
+
startIdx = cursorIdx + 1;
|
|
431
|
+
}
|
|
432
|
+
}
|
|
433
|
+
const page = all.slice(startIdx, startIdx + limit + 1);
|
|
434
|
+
const hasMore = page.length > limit;
|
|
435
|
+
const items = hasMore ? page.slice(0, limit) : page;
|
|
436
|
+
const nextCursor = hasMore ? items[items.length - 1]._id : null;
|
|
437
|
+
return { items, nextCursor };
|
|
438
|
+
},
|
|
439
|
+
});
|
|
440
|
+
|
|
441
|
+
/**
|
|
442
|
+
* @deprecated Use `memberList` with `where: { userId }` instead.
|
|
443
|
+
* Kept for backward compatibility with generated component types.
|
|
444
|
+
*/
|
|
445
|
+
export const memberListByUser = query({
|
|
446
|
+
args: { userId: v.id("User") },
|
|
447
|
+
returns: v.array(vGroupMemberDoc),
|
|
448
|
+
handler: async (ctx, { userId }) => {
|
|
449
|
+
return await ctx.db
|
|
450
|
+
.query("GroupMember")
|
|
451
|
+
.withIndex("user_id", (q) => q.eq("userId", userId))
|
|
452
|
+
.collect();
|
|
453
|
+
},
|
|
454
|
+
});
|
|
455
|
+
|
|
456
|
+
/**
|
|
457
|
+
* Look up a specific user's membership in a specific group.
|
|
458
|
+
* Returns `null` if the user is not a member of the group.
|
|
459
|
+
*/
|
|
460
|
+
export const memberGetByGroupAndUser = query({
|
|
461
|
+
args: { groupId: v.id("Group"), userId: v.id("User") },
|
|
462
|
+
returns: v.union(vGroupMemberDoc, v.null()),
|
|
463
|
+
handler: async (ctx, { groupId, userId }) => {
|
|
464
|
+
return await ctx.db
|
|
465
|
+
.query("GroupMember")
|
|
466
|
+
.withIndex("group_id_user_id", (q) =>
|
|
467
|
+
q.eq("groupId", groupId).eq("userId", userId),
|
|
468
|
+
)
|
|
469
|
+
.unique();
|
|
470
|
+
},
|
|
471
|
+
});
|
|
472
|
+
|
|
473
|
+
/** Remove a member from a group by deleting the member record. */
|
|
474
|
+
export const memberRemove = mutation({
|
|
475
|
+
args: { memberId: v.id("GroupMember") },
|
|
476
|
+
returns: v.null(),
|
|
477
|
+
handler: async (ctx, { memberId }) => {
|
|
478
|
+
await ctx.db.delete("GroupMember", memberId);
|
|
479
|
+
return null;
|
|
480
|
+
},
|
|
481
|
+
});
|
|
482
|
+
|
|
483
|
+
/**
|
|
484
|
+
* Update a member record's fields (roleIds, status, extend).
|
|
485
|
+
*/
|
|
486
|
+
export const memberUpdate = mutation({
|
|
487
|
+
args: { memberId: v.id("GroupMember"), data: v.any() },
|
|
488
|
+
returns: v.null(),
|
|
489
|
+
handler: async (ctx, { memberId, data }) => {
|
|
490
|
+
await ctx.db.patch("GroupMember", memberId, data);
|
|
491
|
+
return null;
|
|
492
|
+
},
|
|
493
|
+
});
|
|
494
|
+
|
|
495
|
+
// ============================================================================
|
|
496
|
+
// Invites
|
|
497
|
+
// ============================================================================
|
|
498
|
+
|
|
499
|
+
/**
|
|
500
|
+
* Create a new platform-level invitation. Optionally set `groupId` to tie
|
|
501
|
+
* the invite to a specific group. The invitation is sent to an email address
|
|
502
|
+
* and includes a hashed token for secure acceptance.
|
|
503
|
+
*
|
|
504
|
+
* Throws `ConvexError` with code `DUPLICATE_INVITE` when a pending invite
|
|
505
|
+
* already exists for the same email and scope:
|
|
506
|
+
* - group invite: same `email` + same `groupId`
|
|
507
|
+
* - platform invite: same `email` with no `groupId`
|
|
508
|
+
*
|
|
509
|
+
* @returns The ID of the new invite record.
|
|
510
|
+
*/
|
|
511
|
+
export const inviteCreate = mutation({
|
|
512
|
+
args: {
|
|
513
|
+
groupId: v.optional(v.id("Group")),
|
|
514
|
+
invitedByUserId: v.optional(v.id("User")),
|
|
515
|
+
email: v.optional(v.string()),
|
|
516
|
+
tokenHash: v.string(),
|
|
517
|
+
roleIds: v.optional(v.array(v.string())),
|
|
518
|
+
status: vInviteStatus,
|
|
519
|
+
expiresTime: v.optional(v.number()),
|
|
520
|
+
extend: v.optional(v.any()),
|
|
521
|
+
},
|
|
522
|
+
returns: v.id("GroupInvite"),
|
|
523
|
+
handler: async (ctx, args) => {
|
|
524
|
+
const now = Date.now();
|
|
525
|
+
|
|
526
|
+
// Only check for duplicates when an email is provided.
|
|
527
|
+
// CLI-generated invites (no email) are always allowed.
|
|
528
|
+
if (args.email !== undefined) {
|
|
529
|
+
if (args.groupId !== undefined) {
|
|
530
|
+
const existingGroupInvites = await ctx.db
|
|
531
|
+
.query("GroupInvite")
|
|
532
|
+
.withIndex("group_id_status", (q) =>
|
|
533
|
+
q.eq("groupId", args.groupId).eq("status", "pending"),
|
|
534
|
+
)
|
|
535
|
+
.filter((q) => q.eq(q.field("email"), args.email))
|
|
536
|
+
.collect();
|
|
537
|
+
|
|
538
|
+
for (const existingGroupInvite of existingGroupInvites) {
|
|
539
|
+
const isExpired =
|
|
540
|
+
existingGroupInvite.expiresTime !== undefined &&
|
|
541
|
+
existingGroupInvite.expiresTime <= now;
|
|
542
|
+
if (isExpired) {
|
|
543
|
+
await ctx.db.patch("GroupInvite", existingGroupInvite._id, {
|
|
544
|
+
status: "expired",
|
|
545
|
+
});
|
|
546
|
+
continue;
|
|
547
|
+
}
|
|
548
|
+
throw new ConvexError({
|
|
549
|
+
code: "DUPLICATE_INVITE",
|
|
550
|
+
message:
|
|
551
|
+
"A pending invite already exists for this email in this group",
|
|
552
|
+
email: args.email,
|
|
553
|
+
groupId: args.groupId,
|
|
554
|
+
existingInviteId: existingGroupInvite._id,
|
|
555
|
+
});
|
|
556
|
+
}
|
|
557
|
+
} else {
|
|
558
|
+
const existingPlatformInvites = await ctx.db
|
|
559
|
+
.query("GroupInvite")
|
|
560
|
+
.withIndex("email_status", (q) =>
|
|
561
|
+
q.eq("email", args.email).eq("status", "pending"),
|
|
562
|
+
)
|
|
563
|
+
.filter((q) => q.eq(q.field("groupId"), undefined))
|
|
564
|
+
.collect();
|
|
565
|
+
|
|
566
|
+
for (const existingPlatformInvite of existingPlatformInvites) {
|
|
567
|
+
const isExpired =
|
|
568
|
+
existingPlatformInvite.expiresTime !== undefined &&
|
|
569
|
+
existingPlatformInvite.expiresTime <= now;
|
|
570
|
+
if (isExpired) {
|
|
571
|
+
await ctx.db.patch("GroupInvite", existingPlatformInvite._id, {
|
|
572
|
+
status: "expired",
|
|
573
|
+
});
|
|
574
|
+
continue;
|
|
575
|
+
}
|
|
576
|
+
throw new ConvexError({
|
|
577
|
+
code: "DUPLICATE_INVITE",
|
|
578
|
+
message: "A pending platform invite already exists for this email",
|
|
579
|
+
email: args.email,
|
|
580
|
+
existingInviteId: existingPlatformInvite._id,
|
|
581
|
+
});
|
|
582
|
+
}
|
|
583
|
+
}
|
|
584
|
+
}
|
|
585
|
+
return await ctx.db.insert("GroupInvite", args);
|
|
586
|
+
},
|
|
587
|
+
});
|
|
588
|
+
|
|
589
|
+
/** Retrieve an invite by its document ID. Returns `null` if not found. */
|
|
590
|
+
export const inviteGet = query({
|
|
591
|
+
args: { inviteId: v.id("GroupInvite") },
|
|
592
|
+
returns: v.union(vGroupInviteDoc, v.null()),
|
|
593
|
+
handler: async (ctx, { inviteId }) => {
|
|
594
|
+
return await ctx.db.get("GroupInvite", inviteId);
|
|
595
|
+
},
|
|
596
|
+
});
|
|
597
|
+
|
|
598
|
+
/** Retrieve an invite by hashed token. Returns `null` if not found. */
|
|
599
|
+
export const inviteGetByTokenHash = query({
|
|
600
|
+
args: { tokenHash: v.string() },
|
|
601
|
+
returns: v.union(vGroupInviteDoc, v.null()),
|
|
602
|
+
handler: async (ctx, { tokenHash }) => {
|
|
603
|
+
return await ctx.db
|
|
604
|
+
.query("GroupInvite")
|
|
605
|
+
.withIndex("token_hash", (q) => q.eq("tokenHash", tokenHash))
|
|
606
|
+
.first();
|
|
607
|
+
},
|
|
608
|
+
});
|
|
609
|
+
|
|
610
|
+
/**
|
|
611
|
+
* List invites with optional filtering, sorting, and pagination.
|
|
612
|
+
*
|
|
613
|
+
* Returns `{ items, nextCursor }`. Supports filtering by `groupId`,
|
|
614
|
+
* `status`, `email`, `invitedByUserId`, `roleId`, `acceptedByUserId`, and `tokenHash`.
|
|
615
|
+
*/
|
|
616
|
+
export const inviteList = query({
|
|
617
|
+
args: {
|
|
618
|
+
where: v.optional(
|
|
619
|
+
v.object({
|
|
620
|
+
tokenHash: v.optional(v.string()),
|
|
621
|
+
groupId: v.optional(v.id("Group")),
|
|
622
|
+
status: v.optional(vInviteStatus),
|
|
623
|
+
email: v.optional(v.string()),
|
|
624
|
+
invitedByUserId: v.optional(v.id("User")),
|
|
625
|
+
roleId: v.optional(v.string()),
|
|
626
|
+
acceptedByUserId: v.optional(v.id("User")),
|
|
627
|
+
}),
|
|
628
|
+
),
|
|
629
|
+
limit: v.optional(v.number()),
|
|
630
|
+
cursor: v.optional(v.union(v.string(), v.null())),
|
|
631
|
+
orderBy: v.optional(
|
|
632
|
+
v.union(
|
|
633
|
+
v.literal("_creationTime"),
|
|
634
|
+
v.literal("status"),
|
|
635
|
+
v.literal("email"),
|
|
636
|
+
v.literal("expiresTime"),
|
|
637
|
+
v.literal("acceptedTime"),
|
|
638
|
+
),
|
|
639
|
+
),
|
|
640
|
+
order: v.optional(v.union(v.literal("asc"), v.literal("desc"))),
|
|
641
|
+
},
|
|
642
|
+
returns: vPaginated(vGroupInviteDoc),
|
|
643
|
+
handler: async (ctx, args) => {
|
|
644
|
+
const where = args.where ?? {};
|
|
645
|
+
const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);
|
|
646
|
+
const order = args.order ?? "desc";
|
|
647
|
+
|
|
648
|
+
// Pick best index
|
|
649
|
+
let q;
|
|
650
|
+
if (where.tokenHash !== undefined) {
|
|
651
|
+
q = ctx.db
|
|
652
|
+
.query("GroupInvite")
|
|
653
|
+
.withIndex("token_hash", (idx) =>
|
|
654
|
+
idx.eq("tokenHash", where.tokenHash!),
|
|
655
|
+
);
|
|
656
|
+
} else if (where.groupId !== undefined && where.status !== undefined) {
|
|
657
|
+
q = ctx.db
|
|
658
|
+
.query("GroupInvite")
|
|
659
|
+
.withIndex("group_id_status", (idx) =>
|
|
660
|
+
idx.eq("groupId", where.groupId!).eq("status", where.status!),
|
|
661
|
+
);
|
|
662
|
+
} else if (where.email !== undefined && where.status !== undefined) {
|
|
663
|
+
q = ctx.db
|
|
664
|
+
.query("GroupInvite")
|
|
665
|
+
.withIndex("email_status", (idx) =>
|
|
666
|
+
idx.eq("email", where.email!).eq("status", where.status!),
|
|
667
|
+
);
|
|
668
|
+
} else if (
|
|
669
|
+
where.invitedByUserId !== undefined &&
|
|
670
|
+
where.status !== undefined
|
|
671
|
+
) {
|
|
672
|
+
q = ctx.db
|
|
673
|
+
.query("GroupInvite")
|
|
674
|
+
.withIndex("invited_by_user_id_status", (idx) =>
|
|
675
|
+
idx
|
|
676
|
+
.eq("invitedByUserId", where.invitedByUserId!)
|
|
677
|
+
.eq("status", where.status!),
|
|
678
|
+
);
|
|
679
|
+
} else if (where.groupId !== undefined) {
|
|
680
|
+
q = ctx.db
|
|
681
|
+
.query("GroupInvite")
|
|
682
|
+
.withIndex("group_id", (idx) => idx.eq("groupId", where.groupId!));
|
|
683
|
+
} else if (where.status !== undefined) {
|
|
684
|
+
q = ctx.db
|
|
685
|
+
.query("GroupInvite")
|
|
686
|
+
.withIndex("status", (idx) => idx.eq("status", where.status!));
|
|
687
|
+
} else {
|
|
688
|
+
q = ctx.db.query("GroupInvite");
|
|
689
|
+
}
|
|
690
|
+
|
|
691
|
+
// Apply remaining filters
|
|
692
|
+
if (where.groupId !== undefined) {
|
|
693
|
+
q = q.filter((f) => f.eq(f.field("groupId"), where.groupId!));
|
|
694
|
+
}
|
|
695
|
+
if (where.status !== undefined) {
|
|
696
|
+
q = q.filter((f) => f.eq(f.field("status"), where.status!));
|
|
697
|
+
}
|
|
698
|
+
if (where.email !== undefined) {
|
|
699
|
+
q = q.filter((f) => f.eq(f.field("email"), where.email!));
|
|
700
|
+
}
|
|
701
|
+
if (where.invitedByUserId !== undefined) {
|
|
702
|
+
q = q.filter((f) =>
|
|
703
|
+
f.eq(f.field("invitedByUserId"), where.invitedByUserId!),
|
|
704
|
+
);
|
|
705
|
+
}
|
|
706
|
+
if (where.acceptedByUserId !== undefined) {
|
|
707
|
+
q = q.filter((f) =>
|
|
708
|
+
f.eq(f.field("acceptedByUserId"), where.acceptedByUserId!),
|
|
709
|
+
);
|
|
710
|
+
}
|
|
711
|
+
if (where.tokenHash !== undefined) {
|
|
712
|
+
q = q.filter((f) => f.eq(f.field("tokenHash"), where.tokenHash!));
|
|
713
|
+
}
|
|
714
|
+
|
|
715
|
+
q = q.order(order);
|
|
716
|
+
|
|
717
|
+
let all = await q.collect();
|
|
718
|
+
if (where.roleId !== undefined) {
|
|
719
|
+
all = all.filter((doc) => (doc.roleIds ?? []).includes(where.roleId!));
|
|
720
|
+
}
|
|
721
|
+
let startIdx = 0;
|
|
722
|
+
if (args.cursor) {
|
|
723
|
+
const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);
|
|
724
|
+
if (cursorIdx !== -1) {
|
|
725
|
+
startIdx = cursorIdx + 1;
|
|
726
|
+
}
|
|
727
|
+
}
|
|
728
|
+
const page = all.slice(startIdx, startIdx + limit + 1);
|
|
729
|
+
const hasMore = page.length > limit;
|
|
730
|
+
const items = hasMore ? page.slice(0, limit) : page;
|
|
731
|
+
const nextCursor = hasMore ? items[items.length - 1]._id : null;
|
|
732
|
+
return { items, nextCursor };
|
|
733
|
+
},
|
|
734
|
+
});
|
|
735
|
+
|
|
736
|
+
/**
|
|
737
|
+
* Accept a pending invitation.
|
|
738
|
+
*
|
|
739
|
+
* Marks the invite as "accepted" and records the acceptance timestamp.
|
|
740
|
+
* Throws a structured `ConvexError` when the invite doesn't exist or is not
|
|
741
|
+
* currently pending.
|
|
742
|
+
*
|
|
743
|
+
* The caller is responsible for creating the corresponding member record.
|
|
744
|
+
*/
|
|
745
|
+
export const inviteAccept = mutation({
|
|
746
|
+
args: {
|
|
747
|
+
inviteId: v.id("GroupInvite"),
|
|
748
|
+
acceptedByUserId: v.optional(v.id("User")),
|
|
749
|
+
},
|
|
750
|
+
returns: v.null(),
|
|
751
|
+
handler: async (ctx, { inviteId, acceptedByUserId }) => {
|
|
752
|
+
const invite = await ctx.db.get("GroupInvite", inviteId);
|
|
753
|
+
if (invite === null) {
|
|
754
|
+
throw new ConvexError({
|
|
755
|
+
code: "INVITE_NOT_FOUND",
|
|
756
|
+
message: "Invite not found",
|
|
757
|
+
inviteId,
|
|
758
|
+
});
|
|
759
|
+
}
|
|
760
|
+
if (invite.status !== "pending") {
|
|
761
|
+
throw new ConvexError({
|
|
762
|
+
code: "INVITE_NOT_PENDING",
|
|
763
|
+
message: `Cannot accept invite with status "${invite.status}"`,
|
|
764
|
+
inviteId,
|
|
765
|
+
currentStatus: invite.status,
|
|
766
|
+
});
|
|
767
|
+
}
|
|
768
|
+
if (invite.expiresTime !== undefined && invite.expiresTime <= Date.now()) {
|
|
769
|
+
await ctx.db.patch("GroupInvite", inviteId, {
|
|
770
|
+
status: "expired",
|
|
771
|
+
});
|
|
772
|
+
throw new ConvexError({
|
|
773
|
+
code: "INVITE_EXPIRED",
|
|
774
|
+
message: "Invite has expired",
|
|
775
|
+
inviteId,
|
|
776
|
+
});
|
|
777
|
+
}
|
|
778
|
+
await ctx.db.patch("GroupInvite", inviteId, {
|
|
779
|
+
status: "accepted",
|
|
780
|
+
acceptedTime: Date.now(),
|
|
781
|
+
...(acceptedByUserId ? { acceptedByUserId } : {}),
|
|
782
|
+
});
|
|
783
|
+
return null;
|
|
784
|
+
},
|
|
785
|
+
});
|
|
786
|
+
|
|
787
|
+
/**
|
|
788
|
+
* Accept an invitation by raw token hash and atomically join group membership.
|
|
789
|
+
*
|
|
790
|
+
* Returns idempotent success when the invite was already accepted by the same
|
|
791
|
+
* user. If the invite targets a group, this mutation also ensures membership.
|
|
792
|
+
*/
|
|
793
|
+
export const inviteAcceptByToken = mutation({
|
|
794
|
+
args: {
|
|
795
|
+
tokenHash: v.string(),
|
|
796
|
+
acceptedByUserId: v.id("User"),
|
|
797
|
+
},
|
|
798
|
+
returns: vInviteAcceptByTokenResult,
|
|
799
|
+
handler: async (ctx, { tokenHash, acceptedByUserId }) => {
|
|
800
|
+
const invite = await ctx.db
|
|
801
|
+
.query("GroupInvite")
|
|
802
|
+
.withIndex("token_hash", (q) => q.eq("tokenHash", tokenHash))
|
|
803
|
+
.first();
|
|
804
|
+
|
|
805
|
+
if (invite === null) {
|
|
806
|
+
throw new ConvexError({
|
|
807
|
+
code: "INVITE_NOT_FOUND",
|
|
808
|
+
message: "Invite not found",
|
|
809
|
+
});
|
|
810
|
+
}
|
|
811
|
+
|
|
812
|
+
const now = Date.now();
|
|
813
|
+
if (invite.status === "pending") {
|
|
814
|
+
if (invite.expiresTime !== undefined && invite.expiresTime <= now) {
|
|
815
|
+
await ctx.db.patch("GroupInvite", invite._id, { status: "expired" });
|
|
816
|
+
throw new ConvexError({
|
|
817
|
+
code: "INVITE_EXPIRED",
|
|
818
|
+
message: "Invite has expired",
|
|
819
|
+
inviteId: invite._id,
|
|
820
|
+
});
|
|
821
|
+
}
|
|
822
|
+
} else if (invite.status === "accepted") {
|
|
823
|
+
if (invite.acceptedByUserId !== acceptedByUserId) {
|
|
824
|
+
throw new ConvexError({
|
|
825
|
+
code: "INVITE_ALREADY_ACCEPTED",
|
|
826
|
+
message: "Invite already accepted by another user",
|
|
827
|
+
inviteId: invite._id,
|
|
828
|
+
});
|
|
829
|
+
}
|
|
830
|
+
} else {
|
|
831
|
+
throw new ConvexError({
|
|
832
|
+
code: "INVITE_NOT_PENDING",
|
|
833
|
+
message: `Cannot accept invite with status "${invite.status}"`,
|
|
834
|
+
inviteId: invite._id,
|
|
835
|
+
currentStatus: invite.status,
|
|
836
|
+
});
|
|
837
|
+
}
|
|
838
|
+
|
|
839
|
+
if (invite.email !== undefined) {
|
|
840
|
+
const user = await ctx.db.get("User", acceptedByUserId);
|
|
841
|
+
const normalizedInviteEmail = invite.email.trim().toLowerCase();
|
|
842
|
+
const normalizedUserEmail = user?.email?.trim().toLowerCase();
|
|
843
|
+
|
|
844
|
+
if (
|
|
845
|
+
normalizedUserEmail === undefined ||
|
|
846
|
+
normalizedUserEmail !== normalizedInviteEmail
|
|
847
|
+
) {
|
|
848
|
+
throw new ConvexError({
|
|
849
|
+
code: "INVITE_EMAIL_MISMATCH",
|
|
850
|
+
message: "Invite email does not match accepting user's email",
|
|
851
|
+
inviteId: invite._id,
|
|
852
|
+
});
|
|
853
|
+
}
|
|
854
|
+
}
|
|
855
|
+
|
|
856
|
+
let membershipStatus: "joined" | "already_joined" | "not_applicable" =
|
|
857
|
+
"not_applicable";
|
|
858
|
+
let memberId: Id<"GroupMember"> | undefined;
|
|
859
|
+
|
|
860
|
+
if (invite.groupId !== undefined) {
|
|
861
|
+
const existingMembership = await ctx.db
|
|
862
|
+
.query("GroupMember")
|
|
863
|
+
.withIndex("group_id_user_id", (q) =>
|
|
864
|
+
q.eq("groupId", invite.groupId!).eq("userId", acceptedByUserId),
|
|
865
|
+
)
|
|
866
|
+
.unique();
|
|
867
|
+
|
|
868
|
+
if (existingMembership !== null) {
|
|
869
|
+
membershipStatus = "already_joined";
|
|
870
|
+
memberId = existingMembership._id;
|
|
871
|
+
} else {
|
|
872
|
+
memberId = await ctx.db.insert("GroupMember", {
|
|
873
|
+
groupId: invite.groupId,
|
|
874
|
+
userId: acceptedByUserId,
|
|
875
|
+
roleIds: invite.roleIds,
|
|
876
|
+
status: "active",
|
|
877
|
+
});
|
|
878
|
+
membershipStatus = "joined";
|
|
879
|
+
}
|
|
880
|
+
}
|
|
881
|
+
|
|
882
|
+
if (invite.status === "pending") {
|
|
883
|
+
await ctx.db.patch("GroupInvite", invite._id, {
|
|
884
|
+
status: "accepted",
|
|
885
|
+
acceptedByUserId,
|
|
886
|
+
acceptedTime: now,
|
|
887
|
+
});
|
|
888
|
+
}
|
|
889
|
+
|
|
890
|
+
const inviteStatus: "accepted" | "already_accepted" =
|
|
891
|
+
invite.status === "accepted" ? "already_accepted" : "accepted";
|
|
892
|
+
|
|
893
|
+
return {
|
|
894
|
+
inviteId: invite._id,
|
|
895
|
+
groupId: invite.groupId ?? null,
|
|
896
|
+
memberId,
|
|
897
|
+
inviteStatus,
|
|
898
|
+
membershipStatus,
|
|
899
|
+
};
|
|
900
|
+
},
|
|
901
|
+
});
|
|
902
|
+
|
|
903
|
+
/**
|
|
904
|
+
* Revoke a pending invitation.
|
|
905
|
+
*
|
|
906
|
+
* Marks the invite as "revoked". Throws a structured `ConvexError` when the
|
|
907
|
+
* invite doesn't exist or is not currently pending.
|
|
908
|
+
*/
|
|
909
|
+
export const inviteRevoke = mutation({
|
|
910
|
+
args: { inviteId: v.id("GroupInvite") },
|
|
911
|
+
returns: v.null(),
|
|
912
|
+
handler: async (ctx, { inviteId }) => {
|
|
913
|
+
const invite = await ctx.db.get("GroupInvite", inviteId);
|
|
914
|
+
if (invite === null) {
|
|
915
|
+
throw new ConvexError({
|
|
916
|
+
code: "INVITE_NOT_FOUND",
|
|
917
|
+
message: "Invite not found",
|
|
918
|
+
inviteId,
|
|
919
|
+
});
|
|
920
|
+
}
|
|
921
|
+
if (invite.status !== "pending") {
|
|
922
|
+
throw new ConvexError({
|
|
923
|
+
code: "INVITE_NOT_PENDING",
|
|
924
|
+
message: `Cannot revoke invite with status "${invite.status}"`,
|
|
925
|
+
inviteId,
|
|
926
|
+
currentStatus: invite.status,
|
|
927
|
+
});
|
|
928
|
+
}
|
|
929
|
+
await ctx.db.patch("GroupInvite", inviteId, { status: "revoked" });
|
|
930
|
+
return null;
|
|
931
|
+
},
|
|
932
|
+
});
|